From ce3ae5764595985631c8827be95ffb1e142a66e5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 17 May 2019 09:04:33 +0200 Subject: [PATCH 001/332] remove outdated directory --- web/CHANGES | 818 ---------- web/README | 530 ------- web/index.html | 206 --- web/network_password_cracker_comparison.html | 917 ----------- web/webfiles/css/commonPrint.css | 267 ---- web/webfiles/css/index.css | 2 - web/webfiles/css/index_002.css | 1 - web/webfiles/css/index_003.css | 1 - web/webfiles/css/index_004.css | 20 - web/webfiles/css/main.css | 1461 ------------------ web/webfiles/css/shared.css | 320 ---- web/webfiles/img/Cross.png | Bin 953 -> 0 bytes web/webfiles/img/Tick.png | Bin 871 -> 0 bytes web/webfiles/img/Unknown.png | Bin 1359 -> 0 bytes web/webfiles/img/gnu-fdl.png | Bin 1748 -> 0 bytes web/webfiles/img/hydra_pass.jpg | Bin 29906 -> 0 bytes web/webfiles/img/hydra_start.jpg | Bin 44345 -> 0 bytes web/webfiles/img/hydra_target.jpg | Bin 24547 -> 0 bytes web/webfiles/img/xhydra.png | Bin 217839 -> 0 bytes web/xhydra.png | Bin 217839 -> 0 bytes 20 files changed, 4543 deletions(-) delete mode 100644 web/CHANGES delete mode 100644 web/README delete mode 100644 web/index.html delete mode 100644 web/network_password_cracker_comparison.html delete mode 100644 web/webfiles/css/commonPrint.css delete mode 100644 web/webfiles/css/index.css delete mode 100644 web/webfiles/css/index_002.css delete mode 100644 web/webfiles/css/index_003.css delete mode 100644 web/webfiles/css/index_004.css delete mode 100644 web/webfiles/css/main.css delete mode 100644 web/webfiles/css/shared.css delete mode 100644 web/webfiles/img/Cross.png delete mode 100644 web/webfiles/img/Tick.png delete mode 100644 web/webfiles/img/Unknown.png delete mode 100644 web/webfiles/img/gnu-fdl.png delete mode 100644 web/webfiles/img/hydra_pass.jpg delete mode 100644 web/webfiles/img/hydra_start.jpg delete mode 100644 web/webfiles/img/hydra_target.jpg delete mode 100644 web/webfiles/img/xhydra.png delete mode 100644 web/xhydra.png diff --git a/web/CHANGES b/web/CHANGES deleted file mode 100644 index 32d5458..0000000 --- a/web/CHANGES +++ /dev/null @@ -1,818 +0,0 @@ -Changelog for hydra -------------------- - -Release 8.9.1 -* Clarification for rdp error message -* CIDR notation (hydra -l test -p test 192.168.0.0/24 ftp) was not detected, fixed - - -Release 8.8 -* New web page: https://github.com/vanhauser-thc/thc-hydra -* added PROBLEMS file with known issues -* rdp: disabled the module as it does not support the current protocol. If you want to add it contact me -* ldap: fixed a dumb strlen on a potential null pointer -* http-get/http-post: - - now supports H=/h= parameters same as http-form (thanks to mathewmarcus@github for the patch) - - 403/404 errors are now always registered as failed attempts -* mysql module: a non-default port was not working, fixed -* added -w timeout support to ssh module -* fixed various memory leaks in http-form module -* corrected hydra return code to be 0 on success -* added patch from debian maintainers which fixes spellings -* fixed weird crash on x64 systems -* many warning fixes by crondaemon - - -Release 8.6 -* added radmin2 module by catatonic prime - great work! -* smb module now checks if SMBv1 is supported by the server and if signing is required -* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch) -* Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting) -* Added new command line option: - -c TIME: seconds between login attempts (over all threads, so -t 1 is recommended) -* Options put after -R (for loading a restore file) are now honored (and were disallowed before) -* merged several patches by Diadlo@github to make the code easier readable. thanks for that! -* merged a patch by Diadlo@github that moves the help output to the invididual module - - -Release 8.5 -* New command line option: - -b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch -* ./configure now honors the CC enviroment variable if present -* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!) -* Changed the format of the restore file to detect cross platform copies -* Fixed a bug in the NCP module -* Favor strrchr() over rindex() -* Added refactoring patch by diadlo -* Updated man page with missing command line options - - -Release 8.4 -! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix -* Proxy support re-implemented: - - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries - - HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP] -* New protocol: adam6500 - this one is work in progress, please test and report -* New protocol: rpcap - thanks to Petar Kaleychev -* New command line options: - -y : disables -x 1aA interpretation, thanks to crondaemon for the patch - -I : ignore an existing hydra.restore file (don't wait for 10 seconds) -* hydra-svn: works now with the current libsvn version -* hydra-ssh: initial check for password auth support now uses login supplied -* Fixed dpl4hydra to be able to update from the web again -* Fixed crash when -U was used without any service (thanks to thecarterb for reporting) -* Updated default password lists -* The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed -* Added special error message for clueless users :) - - -Release 8.3 -* Support for upcoming OpenSSL 1.1 added. needs testing. -* Fixed hydra redo bug (issue #113) -* Updated xhydra for new hydra features and options -* Some more command line error checking -* Ensured unneeded sockets are closed - -Release 8.2 -* Added RTSP module, thanks to jjavi89 for supplying! -* Added patch for ssh that fixes hydra stopping to connect, thanks to ShantonRU for the patch -* Added new -O option to hydra to support SSL servers that do not suport TLS -* Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames -* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot! -* Added support in hydra-http for http-post (content length 0) -* Fixed important bug in http-*://server/url command line processing -* Added SSL SNI support -* Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging -* Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced) -* Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! -* Fixed for SSL connection to support TLSv1.2 etc. -* Support for different RSA keylengths, thanks to fann95 for the patch -* Fixed a bug where the cisco-enable module was not working with the password-only logon mode -* Fixed an out of memory bug in http-form -* Fixed imap PLAIN method -* Fixed -x option to bail if it would generate too many passwords (more than 4 billion) -* Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting -* Added --fhs switch to configure (for Linux distribution usage) -* ... your patch? - - -Release 8.1 -* David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best! -* Added patch from Ander Juaristi which adds h/H header options for http-form-*, great work, thanks! -* Fixed the -M option, works now with many many targets :-) -* -M option now supports ports, add a colon in between: "host:port", or, if IPv6, "[ipv6ipaddress]:port" -* Found login:password combinations are now printed with the name specified (hostname or IP), not always IP -* Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting) -* Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks! -* Added xhydra gtk patches by Petar Kaleychev to support -h, -U, -f, -F, -q and -e r options, thanks! -* Added patch for teamspeak to better identify server errors and auth failures (thanks to Petar Kaleychev) -* Fixed a crash in the cisco module (thanks to Anatoly Mamaev for reporting) -* Small fix for HTTP form module for redirect pages where a S= string match would not work (thanks to mkosmach for reporting) -* Updated configure to detect subversion packages on current Cygwin -* Fixed RDP module to support the port option (thanks to and.enshin(at)gmail.com) - - -Release 8.0 -! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra -* Added module for redis (submitted by Alejandro Ramos, thanks!) -* Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach) -* Added initial interactive password authentication test for ssh (thanks to Joshua Houghton) -* Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev) -* Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24 -* with -M , you can now specify a port for each entry (use "target:port" per line) -* Verified that hydra compiles cleanly on QNX / Blackberry 10 :-) -* Bugfixes for -x option: - - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting) - - fixed crash when used together with -e option -* Fixed a bug that hydra would not compile without libssh (introduced in v7.6) -* Various bugfixes if many targets where attacked in parallel -* Cygwin's Postgresql is working again, hence configure detection re-enabled -* Added gcc compilation security options (if detected to be supported by configure script) -* Enhancements to the secure compilation options -* Checked code with cppcheck and fixed some minor issues. -* Checked code with Coverity. Fixed a lot of small and medium issues. - - -Release 7.6 -* Added a wizard script for hydra based on a script by Shivang Desai -* Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!) -* HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon) -* SMTP Enum: HELO is now always sent, better 500 error detection -* hydra main: - - fixed a bug in the IPv6 address parsing when a port was supplied - - added info message for pop3, imap and smtp protocol usage -* hydra GTK: missed some services, added -* dpl4hydra.sh: - - added Siemens S7-300 common passwords to default password list - - more broad searching in the list -* Performed code indention on all C files :-) -* Makefile patch to ensure .../etc directory is there (thanks to vonnyfly) - - -Release 7.5 -* Moved the license from GPLv3 to AGPLv3 (see LICENSE file) -* Added module for Asterisk Call Manager -* Added support for Android where some functions are not available -* hydra main: - - reduced the screen output if run without -h, full screen with -h - - fix for IPv6 and port parsing with service://[ipv6address]:port/OPTIONS - - fixed -o output (thanks to www417) - - warning if HYDRA_PROXY is defined but the module does not use it - - fixed an issue with large input files and long entries -* hydra library: - - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems - - removed support for old OPENSSL libraries -* HTTP Form module: - - login and password values are now encoded if special characters are present - - ^USER^ and ^PASS^ are now also supported in H= header values - - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\ -* Mysql module: protocol 10 is now supported -* SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be - defined as an option "TLS" if required. This increases performance. -* Cisco module: fixed a small bug (thanks to Vitaly McLain) -* Postgres module: libraries on Cygwin are buggy at the moment, module is therefore - disabled on Cygwin - - -Release 7.4.3 FIX RELEASES for bugs introduced in 7.4 -* Quickfix for people who do not have libssh installed (won't compile otherwise) -* Quickfix for http-get/http-head and irc module which would not run due a new feature. -* Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting) - - -Release 7.4 -* New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) -* Added support for win8 and win2012 server to the RDP module -* Better target distribution if -M is used -* Added colored output (needs libcurses) -* Better library detection for current Cygwin and OS X -* Fixed the -W option -* Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested -* Fixed HTTP Form module false positive when no answer was received from the server -* Fixed SMB module return code for invalid hours logon and LM auth disabled -* Fixed http-{get|post-form} from xhydra -* Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz) -* Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-) -* Added debug mode option to usage (thanks to Anold Black) - - -Release 7.3 -* Hydra main: - - Added -F switch to quit all targets if one pair was found (for -M) - - Fixed a bug where hydra would terminate after reporting a successful - login when an account would accept any password - - Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!) - - Enhanced the module help -* configure script: - - Added fix Oracle library inclusion, thanks to Brandon Archer! - - Added --nostrip option to prevent binary stripping (requested by Fedora - maintainer) -* Added a Makefile patch by the Debian maintainers to support their - SecurityHardeningBuildFlags for the wheezy build as requested -* dpl4hydra: added install directory support -* All code: message cleanups -* SNMP module - - originally already supported write and v2 although this was not in the - module help output. Added :-) - - added SNMPv3 MD5/SHA1 authentication support, though beta still -* HTTP module: - - fixed HTTP NTLM auth session - - implemented errata fix for HTTP digest md5-sess algorithm - - set default path to / -* HTTP Form module: - - set default path to / - - support HTTP/1.0 redirects - - fix failed condition check when pcre is not used -* IMAP module: fixed auth detection -* POP3 module: Updated auth and capability detection -* Oracle module: fixed bad handling -* Oracle listener module: fixed hash size handling -* Telnet/Cisco/Cisco-enable modules: support "press ENTER" prompts -* FTP module: - - Fixed a bug where 530 messages were incorrectly handled - - Clarification for the usage of ftps -* Mysql module: added patch from Redhat/Fedora that fixes compile problems -* Added IDN and PCRE support for Cygwin - - -Release 7.2 -* Speed-up http modules auth mechanism detection -* Fixed -C colonfile mode when empty login/passwords were used (thanks to - will(at)configitnow(dot)com for reporting) -* The -f switch was not working for postgres, afp, socks5, firebird and ncp, - thanks to Richard Whitcroft for reporting! -* Fixed NTLM auth in http-proxy/http-proxy-url module -* Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at -* Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com -* Fix http form module: optional headers and 3xx status redirect, thx to Gash -* Fix in configure script for --prefix option, thanks to dazzlepod -* Update of the dpl4hydra script by Roland Kessler, thanks! -* Small fix for hydra man page, thanks to brad(at)comstyle(dot)com - - -Release 7.1 -* Added HTTP Proxy URL enumeration module -* Added SOCKS4/SOCKS5 proxy support with authentication -* Added IPv6 support for SOCKS5 module -* Added -e r option to try the reversed login as password -* Rewrote -x functionality as the code caused too much trouble (thanks to - murder.net7(at)gmail.com for reporting one of the issues) -* Fixed a bug with multiple hosts (-M) and http modules against targets that - are virtual servers. Well spotted by Tyler Krpata! -* Fixed SVN IPv6 support and updated deprecated calls -* Fixed RDP failed child connection returned value and false positive issues - reported by Wangchaohui, thanks! -* Fixed restore file functionality, was not working together with -o option -* Fix in http-form module for bug introduced in 7.0 -* Fixed xhydra specific parameter value for http-proxy module -* minor enhancements - - -Release 7.0 -* New main engine for hydra: better performance, flexibility and stability -* New option -u - loop around users, not passwords -* Option -e now also works with -x and -C -* Added RDP module, domain can be passed as argument -* Added other_domain option to smb module to test trusted domains -* Small enhancement for http and http-proxy module for standard ignoring servers -* Lots of bugfixes, especially with many tasks, multiple targets and restore file -* Fixes for a few http-form issues -* Fix smb module NTLM hash use -* Fixed Firebird module deprecated API call -* Fixed for dpl4hydra to work on old sed implementations (OS/X ...) -* Fixed makefile to install dpl4hydra (thx @sitecrea) -* Fixed local buffer overflow in debug output function (required -d to be used) -* Fixed xhydra running warnings and correct quit action event - - -Release 6.5 -* Improved HTTP form module: getting cookie, fail or success condition, follow - multiple redirections, support cookie gathering URL, multiple user defined - headers -* Added interface support for IPv6, needed for connecting to link local fe80:: - addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome -* Added -W waittime between connects option -* The -x bruteforce mode now allows for generated password amounts > 2 billion -* Fix if -L was used together with -x -* Fixes for http- modules when the http-...://target/options format was used -* Fixed a bug in the restore file write function that could lead to a crash -* Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T" -* Fix: if a proxy was used, unresolveable targets were disabled. now its fine -* Fix for service://host/ usage if a colon was used after the URI without a - port defined - - -Release 6.4 -* Update SIP module to extract and use external IP addr return from server error to bypass NAT -* Update SIP module to use SASL lib -* Update email modules to check clear mode when TLS mode failed -* Update Oracle Listener module to work with Oracle DB 9.2 -* Update LDAP module to support Windows 2008 active directory simple auth -* Fix to the connection adaptation engine which would loose planned attempts -* Fix make script for CentOS, reported by ya0wei -* Print error when a service limits connections and few pairs have to be tested -* Improved Mysql module to only init/close when needed -* Added patch from the FreeBSD maintainers -* Module usage help does not need a target to be specified anymore -* Configure script now honors /etc/ld.so.conf.d/ directory -* Add more SMB dialects - - -Release 6.3 -* Added patch by Petar Kaleychev which adds nice icons to cygwin hydra files -* Added patch by Gauillaume Rousse which fixes a warning display -* New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration) -* New SMTP user enum module (using VRFY, EXPN or RCPT command) -* Memory leak fix for -x bruteforcing option reported by Alex Lau -* Fix for svn module, for some versions it needs one more lib, thanks to the - Debian team for reporting! -* Fix ssh module, on connection refused a credential could be lost -* Fix http-form module, a redirect was not always followed -* QA on all modules for memory leaks -* Better gtk detection (to not even try xhydra compilation when its useless) -* First blant attempt for configuring to x64 systems (Linux and *BSD) -* Updated network password cracker comparison on the web page (for hydra and new ncrack) -* Indented all source code - - -Release 6.2 -* Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) ) -* Forgot to rename ssh2 to ssh in xhydra, fixed -* Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module -* Fix SASL PLAIN auth method issue -* Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap -* Added man pages from Debian maintainers -* Checked Teamspeak module, works on TS2 protocol -* Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah ! -* New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support -* Add SCRAM-SHA1 auth to IMAP module -* Add module usage help (-U) -* Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep") -* Rename smtpauth module to smtp -* Add SASL + TLS support for NNTP -* Bugfix SASL DIGEST-MD5, response could be wrong sometime, mainly on 64bits systems -* Bugfix rlogin module, some auth failure could not be detected accurately -* Bugfix rsh module, some auth failure could not be detected accurately -* New module: IRC is not dead ! use to find general server password and /oper credential -* Add SSL support for VMware Authentication Daemon module -* Bugfix CVS module, should work now, why does nobody report this ?? -* Bugfix Telnet module, when line mode is not available -* Add support for new syntax ://[:][/] -* Add TLS support for SIP -* STILL OPEN: Fixed a problem in hydra where a login+pw test was lost when an arm/child was quitting - - -Release 6.1 -* More license updates for the files for the Debian guys -* Fix for the configure script to correctly detect postgresql -* Add checks for libssh v0.4 and support for ssh v1 -* Merge all latest crypto code in sasl files -* Fix SVN compilation issue on openSUSE (tested with v11.3) - - -Release 6.0 -* Added GPL exception clause to license to allow linking to OpenSSL - Debian people need this -* IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet -* Changes to code and configure script to ensure clean compile on Solaris 11, - OSX, FreeBSD 8.1, Cygwin and Linux -* Bugfix for SIP module, thanks to yori(at)counterhackchallenges(dot)com -* Compile fixes for systems without OpenSSL or old OpenSSL installations -* Eliminated compile time warnings -* xhydra updates to support the new features (david@) -* Added CRAM-MD5, DIGEST-MD5 auth mechanism to the smtp-auth module (david@) -* Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules (david@) -* Added APOP auth to POP3 module (david@) -* Added NTLM and DIGEST-MD5 to http-auth module and DIGEST-MD5 to http-proxy module (david@) -* Fixed VNC module for None and VLC auth (david@) -* Fixes for LDAP module (david@) -* Bugfix Telnet module linemode option negotiation using win7 (david@) -* Bugfix SSH module when max auth connection is reached (david@) - - -Release 5.9 -* Update for the subversion module for newer SVN versions (thanks to David Maciejak @ GMAIL dot com) -* Another patch by David to add the PLAIN auth mechanism to the smtp-auth module -* mysql module now has two implementations and uses a library when found (again - thanks to David Maciejak @ GMAIL dot com - what would hydra be without him) -* camiloculpian @ gmail dot com submitted a logo for hydra - looks cool, thanks! -* better FTP 530 error code detection -* bugfix for the SVN module for non-standard ports (again david@) - - -Release 5.8 -* Added Apple Filing Protocol (thank to "never tired" David Maciejak @ GMAIL dot com) -* Fixed a big bug in the SSL option (-S) - - -Release 5.7 -* Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com) -* Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz -* Removed unnecessary compiler warnings -* Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be -* Fixed small local defined overflow in the teamspeak module. Does it still work anyway?? - - -Release 5.6 PRIVATE VERSION -########### -* Moved to GPLv3 License (lots of people wanted that) -* Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for - the 0.2 basis) -* Added firebird support (by David Maciejak @ GMAIL dot com) -* Added SIP MD5 auth patch (by Jean-Baptiste Aviat 100 -! Soon to come: v5.0 - some cool new features to arrive on your pentest - machine! - - -Release 4.6 -########### -* Snakebyte delivered a module for Teamspeak -* Snakebyte updated the rexec module for the Hydra Palm version -* Snakebyte updated xhydra to support the new Telnet success response option -* Clarified the Licence -* Updated the ldap module to support v3, note that "ldap" is now specified as - "ldap2" or "ldap3". Added wrong version detection. - - -Release 4.5 -########### -* The configure script now detects Cygwin automatically :-) -* The telnet module now handles the OPT special input. Specify the string - which is displayed after successfully a login. Use this if you have false - positives. -* Made smtp-auth module more flexible in EHLO/HELO handling -* Fixed some glitches in the SAP/R3 module (correct sysnr, better port - handling) thanks to ngregoire@exaprobe.com ! -* Fixed some glitches in the http/https module -* Fixed a big bug in snakebyte's snmp module -* Warning msg is now displayed if the deprecated icq module is used -* Added warning message to the ssh2 module during compilation as many people - use the newest libssh version which is broken. - - -Release 4.4 -########### -* Fixed another floating point exception *sigh* -* Fixed -C colon mode -* Added EHLO support for the smtp-auth module, required for some smtpd - - -Release 4.3 -########### -* Fixed a divide by zero bug in the status report function -* Added functionality for skipping accounts (cvs is so nice to report this) -* Snakebyte sent in a patch for cvs for skipping nonexisting accounts -* sent in a patch to fix proxy support for the HTTP module - without proxy authentication - - -Release 4.2 -########### -* Snakebyte sent in modules for SNMP and CVS - great work! -* Snakebyte also expanded the gtk gui to support the two new modules -* Justin sent in a module for smtp-auth ... thanks! -* master_up@post.cz sent in some few patches to fix small glitches -* Incorporated a check from the openbsd port - - -Release 4.1 -########### -* Snakebyte wrote a very nice GTK GUI for hydra! enjoy! -* due a bug, sometimes hydra would kill process -1 ... baaaad boy! -* found passwords are now also printed to stdout if -o option is used -* reported that hydra wouldn't complain on ssh2 option if - compiled without support, fixed -* made an official port for FreeBSD and sent me a - diff to exchange the MD4 of libdes to openssl -* noticed that hydra will crash on big wordlists as - the result of the mallocs there were not checked, fixed -* Snakebyte expanded his PalmOS Version of hydra to nntp and fixed vnc -* Increased the wait time for children from 5 to 15 seconds, as e.g. - snakebyte reported detection problems -* Fixed some display glitches - - -Release v4.0 -############ -# -# This is a summary of changes of the D1 to D5 beta releases and shows -# what makes v4.0 different from 3.1. -# Have fun. Lots of it. -# -# By the way: I need someone to program a nice GTK frontend for hydra, -# would YOU like to do that and receive the fame? Send an email to vh@thc.org ! -# -* For the first time there is not only a UNIX/source release but additionally: - ! Windows release (cygwin compile with dll's) - ! PalmPilot release - ! ARM processor release (for all your Zaurus, iPaq etc. running Linux) -* There are new service attack modules: - ! ms-sql - ! sap r/3 (requires a library) - ! ssh v2 (requires a library) -* Enhancements/Fixes to service attack modules: - ! vnc module didnt work correctly, fixed - ! mysql module supports newer versions now - ! http module received a minor fix and has better virtual host support now - ! http-proxy supports now an optional URL - ! socks5 checks now for false positives and daemons without authentication -* The core code (hydra.c) was rewritten from scratch - ! rewrote the internal distribution functions from scratch. code is now - safer, less error prone, easier to read. - ! multiple target support rewritten which now includes intelligent load - balancing based on success, error and load rate - ! intelligently detect maximum connect numbers for services (per server if - multiple targets are used) - ! intelligent restore file writing - ! Faster (up to 15%) - ! Full Cygwin and Cygwin IPv6 support -* added new tool: pw-inspector - it can be used to just try passwords which - matches the target's password policy -# -# This should be more than enough! :-) -# - -... the rest below is history ... - -########################################################################### -# -# New Hydra v4.0 code branch -# -Release D5 -* added patches by kan@dcit.cz which enhance the proxy module and provide - a small fix for the http module -* small beautifcations to make the compiler happy -! This is the final beta version before public release - - please test everything! - -Release D4 -* Tick made an update to his configure-arm -* snakebyte@gmx.de added imap, vnc and cisco module support to PalmPilot -* fixed VNC module -* enhanced mysql module to work also with 4.0.x (and all future protocol 10 - mysql protocol types) -* enhanced socks5 module to identify daemons which do not require - authentication, and false positive check (otherwise dante would report all - tries as successful) -* fixed a bug in configure for D3 which resulted in compile problems on - several platforms requiring libcrypto - -Release D3 -* added sapr3 attack module (requires libsdk.a and saprfc.h) -* added ssh2 attack module (requires libssh) -* snakebyte@gmx.de added telnet module support for PalmPilot -* fixed the mssql module, should work now -* fixed -e option bug -* fixed -C option bug (didnt work at all!!) -* fixed double detection (with -e option) plus added simple dictionary - double detection -* target port is now displayed on start - -Release D2 -* added better virtual host support to the www/http/https/ssl module - (based on a patch from alla@scanit.be) -* added ARM support (does not work for libdes yet, ssl works), done by - Tick -* added Palm support (well, in reality it is more a rewrite which can use - the hydra-modules), done by snakebyte -* added ms-sql attack module (code based on perl script form HD Moore - , thanks for contributing) - -Release D1 (3 March 2003) -* rewrote the internal distribution functions from scratch. code is now - safer, less error prone, easier to read. -* multiple target support rewritten which now includes intelligent load - balancing based on success, error and load rate -* intelligently detect maximum connect numbers for services (per server if - multiple targets are used) -* intelligent restore file writing -* Faster (up to 15%) -* Full Cygwin and Cygwin IPv6 support -* added new tool: pw-inspector - it can be used to just try passwords which - matches the target's password policy - -########################################################################### - -v3.0 (FEBRUARY 2004) PUBLIC RELEASE -* added a restore function to enable you to continue aborted/crashed - sessions. Just type "hydra -R" to continue a session. - NOTE: this does not work with the -M option! This feature is then disabled! -* added a module for http proxy authentication cracking ("http-proxy") :-) -* added HTTP and SSL/CONNECT proxy support. SSL/CONNECT proxy support works - for *all* TCP protocols, you just need to find a proxy which allows you to - CONNECT on port 23 ... - The environment variable HYDRA_PROXY_HTTP defines the web proxy. The - following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" - Same for HYDRA_PROXY_CONNECT. - If you require authentication for the proxy, use the HYDRA_PROXY_AUTH - environment variable: - HYDRA_PROXY_AUTH="login:password" -* fixed parallel host scanning engine (thanks to m0j0.j0j0 for reporting) -* A status, speed and time to completion report is now printed every minute. -* finally updated the README - -v2.9 (FEBRUARY 2004) PRIVATE RELEASE -... - -v2.8 (JANUARY 2004) PRIVATE RELEASE -... - -v2.7 (JANUARY 2004) PUBLIC RELEASE -* small fix for the parallel host code (thanks to m0j0@foofus.net) - -v2.6 (DECEMBER 2003) PUBLIC RELEASE -* fixed a compiling problem for picky compilers. - -v2.5 (NOVEMBER 2003) PUBLIC RELEASE -* added a big patch from m0j0@foofus.net which adds: - - AAA authentication to the cisco-enable module - - Running the attacks on hosts in parallel - - new smbnt module, which uses lanman hashes for authentication, needs libdes - ! great work and thanks ! -* changed code to compile easily on FreeBSD -* changed configure to compile easily on MacOS X - Panther (cool OS btw ...) - -v2.4 (AUGUST 2003) PUBLIC RELEASE -* public release -=== 2.3 stuff=== -* added mysql module (thanks to mcbethh@u-n-f.com) -* small fix in vnc (thanks to the Nessus team) -* added credits for vnc-module (FX/Phenolite) -* new ./configure script for better Solaris and *BSD support (copied from amap) -* updated to new email/www addresses => www.thc.org - -v2.2 (OCTOBER 2002) PUBLIC RELEASE -* fixed a bug in the -P passwordfile handling ... uhhh ... thanks to all - the many people who reported that bug! -* added check if a password in -P passwordfile was already done via the - -e n|s switch - -v2.1 (APRIL 2002) PUBLIC RELEASE -* added ldap cracking mode (thanks to myself, eh ;-) -* added -e option to try null passwords ("-e n") and passwords equal to the - login ("-e s"). When specifying -e, -p/-P is optional (and vice versa) -* when a login is found, hydra will now go on with the next login - -v2.0 (APRIL 2002) PRIVATE RELEASE -! with v1.1.14 of Nessus, Hydra is a Nessus plugin! -* incorporated code to make hydra a nessus plugin (thanks to deraison@cvs.nessus.org !) -* added smb/samba/CIFS cracking mode (thanks to deraison@cvs.nessus.org !) -* added cisco-enable cracking mode (thanks to J.Marx@secunet.de !) -* minor enhancements and fixes - -v1.7 (MARCH 2002) PRIVATE RELEASE -* configure change to better detect OpenSSL -* ported to Solaris - -v1.6 (FEBRUARY 2002) PUBLIC RELEASE -* added socks5 support (thanks to bigbud@weed.tc !) - -v1.5 (DECEMBER 2001) PRIVATE RELEASE -* added -S option for SSL support (for all TCP based protocols) -* added -f option to stop attacking once a valid login/pw has been discovered -* made modules more hydra-mod compliant -* configure stuff thrown out - was not really used and too complicated, - wrote my own, lets hope it works everywhere ;-) - -v1.4 (DECEMBER 2001) PUBLIC RELEASE -* added REXEC cracking module -* added NNTP cracking module -* added VNC cracking module (plus the 3DES library, which is needed) - some - of the code ripped from FX/Phenolite :-) thanks a lot -* added PCNFS cracking module -* added ICQ cracking module (thanks to ocsic !!) -* for the pcnfs cracking module, I had to add the hydra_connect_udp function -* added several compactibility stuff to work with all the M$ crap - -v1.3 (September 2001) PUBLIC RELEASE -* uh W2K telnetd sends null bytes in negotiation mode. workaround implemented. -* Rewrote the finish functions which would sometimes hang. Shutdowns are faster - now as well. -* Fixed the line count (it was always one to much) -* Put more information in the outpufile (-o) -* Removed some configure crap. - -v1.2 (August 2001) PRIVATE RELEASE -* Fixed a BIG bug which resulted in accounts being checked serveral times. ugh -* Fixed the bug which showed the wrong password for a telnet hack. Works for - me. please test. -* Added http basic authentication cracking. Works for me. please test. -* Fixed the ftp cracker module for occasions where a long welcome message was - displayed for ftp. -* Removed some compiler warnings. - -v1.1 (May 2001) PUBLIC RELEASE -* Added wait+reconnect functionality to hydra-mod -* Additional wait+reconnect for cisco module -* Added small waittimes to all attack modules to prevent too fast reconnects -* Added cisco Username/Password support to the telnet module -* Fixed a deadlock in the modules, plus an additional one in the telnet module - -v1.0 (April 2001) PUBLIC RELEASE -* Verified that all service modules really work, no fix necessary ;-) - ... so let's make it public -* Changed the LICENCE - -v0.6 (April 2001) PRIVATE RELEASE -* Added hydra-cisco.c for the cisco 3 times "Password:" type -* Added hydra-imap.c for the imap service -* Fixed a bug in hydra-mod.c: empty logins resulted in an empty - hydra_get_next_password() :-(, additionally the blocking/recv works better - now. (no, not better - perfect ;-) -* Fixed a bug in hydra-telnet.c: too many false alarms for success due some - mis-thinking on my side and I also implemented a more flexible checking -* Fixed hydra-ftp.c to allow more weird reactions -* Fixed all ;-) memory leaks - -v0.5 (December 2000) PUBLIC RELEASE -* NOTE WE HAVE GOT A NEW WWW ADDRESS -> www.thehackerschoice.com -* added telnet protocol -* exchanged snprintf with sprintf(%.250s) to let it compile on more platforms - but still have buffer overflow protection. -* fixed a bug in Makefile.in (introduced by Plasmo ,-) - -v0.4 (August 2000) PUBLIC RELEASE -* Plasmoid added a ./configure script. thanks! - -v0.3 (August 2000) -* first release diff --git a/web/README b/web/README deleted file mode 100644 index 3847215..0000000 --- a/web/README +++ /dev/null @@ -1,530 +0,0 @@ - - H Y D R A - - (c) 2001-2019 by van Hauser / THC - https://github.com/vanhauser-thc/thc-hydra - many modules were written by David (dot) Maciejak @ gmail (dot) com - BFG code by Jan Dlabal - - Licensed under AGPLv3 (see LICENSE file) - - Please do not use in military or secret service organizations, - or for illegal purposes. - - - -INTRODUCTION ------------- -Number one of the biggest security holes are passwords, as every password -security study shows. -This tool is a proof of concept code, to give researchers and security -consultants the possibility to show how easy it would be to gain unauthorized -access from remote to a system. - -THIS TOOL IS FOR LEGAL PURPOSES ONLY! - -There are already several login hacker tools available, however, none does -either support more than one protocol to attack or support parallized -connects. - -It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. - -Currently this tool supports the following protocols: - Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, - HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, - HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, - Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, - Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, - SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, - VNC and XMPP. - -However the module engine for new services is very easy so it won't take a -long time until even more services are supported. -Your help in writing, enhancing or fixing modules is highly appreciated!! :-) - - - -WHERE TO GET ------------- -You can always find the newest release/production version of hydra at its -project page at https://github.com/vanhauser-thc/thc-hydra/releases -If you are interested in the current development state, the public development -repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra - or - git clone https://github.com/vanhauser-thc/thc-hydra -Use the development version at your own risk. It contains new features and -new bugs. Things might not work! - - - -HOW TO COMPILE --------------- -To configure, compile and install hydra, just type: - -``` -./configure -make -make install -``` - -If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need -to add "-DWITH_SSH1=On" option in the cmake command line. -IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! - -If you use Ubuntu/Debian, this will install supplementary libraries needed -for a few optional modules (note that some might not be available on your distribution): - -``` -apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ - libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird-dev -``` - -This enables all optional modules and features with the exception of Oracle, -SAP R/3, NCP and the apple filing protocol - which you will need to download and -install from the vendor's web sites. - -For all other Linux derivates and BSD based systems, use the system -software installer and look for similarly named libraries like in the -command above. In all other cases, you have to download all source libraries -and compile them manually. - - - -SUPPORTED PLATFORMS -------------------- -- All UNIX platforms (Linux, *BSD, Solaris, etc.) -- MacOS (basically a BSD clone) -- Windows with Cygwin (both IPv4 and IPv6) -- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - - - -HOW TO USE ----------- -If you just enter `hydra`, you will see a short summary of the important -options available. -Type `./hydra -h` to see all available command line options. - -Note that NO login/password file is included. Generate them yourself. -A default password list is however present, use "dpl4hydra.sh" to generate -a list. - -For Linux users, a GTK GUI is available, try `./xhydra` - -For the command line usage, the syntax is as follows: - For attacking one target or a network, you can use the new "://" style: - hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS - The old mode can be used for these too, and additionally if you want to - specify your targets from a text file, you *must* use this one: - -``` -hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] -``` - -Via the command line options you specify which logins to try, which passwords, -if SSL should be used, how many parallel tasks to use for attacking, etc. - -PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, -http-get or many others are available -TARGET is the target you want to attack -MODULE-OPTIONS are optional values which are special per PROTOCOL module - -FIRST - select your target - you have three options on how to specify the target you want to attack: - 1. a single target on the command line: just put the IP or DNS address in - 2. a network range on the command line: CIDR specification like "192.168.0.0/24" - 3. a list of hosts in a text file: one line per entry (see below) - -SECOND - select your protocol - Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. - Use a port scanner to see which protocols are enabled on the target. - -THIRD - check if the module has optional parameters - hydra -U PROTOCOL - e.g. hydra -U smtp - -FOURTH - the destination port - this is optional! if no port is supplied the default common port for the - PROTOCOL is used. - If you specify SSL to use ("-S" option), the SSL common port is used by default. - - -If you use "://" notation, you must use "[" "]" brackets if you want to supply -IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: - hydra [some command line options] ftp://[192.168.0.0/24]/ - hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM - -Note that everything hydra does is IPv4 only! -If you want to attack IPv6 addresses, you must add the "-6" command line option. -All attacks are then IPv6 only! - -If you want to supply your targets via a text file, you can not use the :// -notation but use the old style and just supply the protocol (and module options): - hydra [some command line options] -M targets.txt ftp -You can supply also the port for each target entry by adding ":" after a -target entry in the file, e.g.: - -``` -foo.bar.com -target.com:21 -unusual.port.com:2121 -default.used.here.com -127.0.0.1 -127.0.0.1:2121 -``` - -Note that if you want to attach IPv6 targets, you must supply the -6 option -and *must* put IPv6 addresses in brackets in the file(!) like this: - -``` -foo.bar.com -target.com:21 -[fe80::1%eth0] -[2001::1] -[2002::2]:8080 -[2a01:24a:133:0:00:123:ff:1a] -``` - -LOGINS AND PASSWORDS --------------------- -You have many options on how to attack with logins and passwords -With -l for login and -p for password you tell hydra that this is the only -login and/or password to try. -With -L for logins and -P for passwords you supply text files with entries. -e.g.: - -``` -hydra -l admin -p password ftp://localhost/ -hydra -L default_logins.txt -p test ftp://localhost/ -hydra -l admin -P common_passwords.txt ftp://localhost/ -hydra -L logins.txt -P passwords.txt ftp://localhost/ -``` - -Additionally, you can try passwords based on the login via the "-e" option. -The "-e" option has three parameters: - -``` -s - try the login as password -n - try an empty password -r - reverse the login and try it as password -``` - -If you want to, e.g. try "try login as password and "empty password", you -specify "-e sn" on the command line. - -But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is separated by a colon, -e.g.: - -``` -admin:password -test:test -foo:bar -``` - -This is a common default account style listing, that is also generated by the -dpl4hydra.sh default account file generator supplied with hydra. -You use such a text file with the -C option - note that in this mode you -can not use -l/-L/-p/-P options (-e nsr however you can). -Example: - -``` -hydra -C default_accounts.txt ftp://localhost/ -``` - -And finally, there is a bruteforce mode with the -x option (which you can not -use with -p/-P/-C): - -``` --x minimum_length:maximum_length:charset -``` - -the charset definition is `a` for lowercase letters, `A` for uppercase letters, -`1` for numbers and for anything else you supply it is their real representation. -Examples: - -``` --x 1:3:a generate passwords from length 1 to 3 with all lowercase letters --x 2:5:/ generate passwords from length 2 to 5 containing only slashes --x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -``` - -Example: - -``` -hydra -l ftp -x 3:3:a ftp://localhost/ -``` - -SPECIAL OPTIONS FOR MODULES ---------------------------- -Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -command line option, you can pass one option to a module. -Many modules use this, a few require it! - -To see the special option of a module, type: - - hydra -U - -e.g. - - ./hydra -U http-post-form - -The special options can be passed via the -m parameter, as 3rd command line -option or in the service://target/option format. - -Examples (they are all equal): - -``` -./hydra -l test -p test -m PLAIN 127.0.0.1 imap -./hydra -l test -p test 127.0.0.1 imap PLAIN -./hydra -l test -p test imap://127.0.0.1/PLAIN -``` - -RESTORING AN ABORTED/CRASHED SESSION ------------------------------------- -When hydra is aborted with Control-C, killed or crashes, it leaves a -"hydra.restore" file behind which contains all necessary information to -restore the session. This session file is written every 5 minutes. -NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little endian to big endian, or from Solaris to AIX) - -HOW TO SCAN/CRACK OVER A PROXY ------------------------------- -The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works -just for the http services!). -The following syntax is valid: - -``` -HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" -HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" -HYDRA_PROXY_HTTP="proxylist.txt" -``` - -The last example is a text file containing up to 64 proxies (in the same -format definition as the other examples). - -For all other services, use the HYDRA_PROXY variable to scan/crack. -It uses the same syntax. eg: - -``` -HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port -``` - -for example: - -``` -HYDRA_PROXY=connect://proxy.anonymizer.com:8000 -HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 -HYDRA_PROXY=socksproxylist.txt -``` - -ADDITIONAL HINTS ----------------- -* sort your password files by likelihood and use the -u option to find - passwords much faster! -* uniq your dictionary files! this can save you a lot of time :-) - cat words.txt | sort | uniq > dictionary.txt -* if you know that the target is using a password policy (allowing users - only to choose a password with a minimum length of 6, containing a least one - letter and one number, etc. use the tool pw-inspector which comes along - with the hydra package to reduce the password list: - cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt - - -RESULTS OUTPUT --------------- - -The results are output to stdio along with the other information. Via the -o -command line option, the results can also be written to a file. Using -b, -the format of the output can be specified. Currently, these are supported: - -* `text` - plain text format -* `jsonv1` - JSON data using version 1.x of the schema (defined below). -* `json` - JSON data using the latest version of the schema, currently there - is only version 1. - -If using JSON output, the results file may not be valid JSON if there are -serious errors in booting Hydra. - - -JSON Schema ------------ -Here is an example of the JSON output. Notes on some of the fields: - -* `errormessages` - an array of zero or more strings that are normally printed - to stderr at the end of the Hydra's run. The text is very free form. -* `success` - indication if Hydra ran correctly without error (**NOT** if - passwords were detected). This parameter is either the JSON value `true` - or `false` depending on completion. -* `quantityfound` - How many username+password combinations discovered. -* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, - 2.03, etc. Hydra will make second tuple of the version to always be two - digits to make it easier for downstream processors (as opposed to v1.1 vs - v1.10). The minor-level versions are additive, so 1.02 will contain more - fields than version 1.00 and will be backward compatible. Version 2.x will - break something from version 1.x output. - -Version 1.00 example: -``` -{ - "errormessages": [ - "[ERROR] Error Message of Something", - "[ERROR] Another Message", - "These are very free form" - ], - "generator": { - "built": "2019-03-01 14:44:22", - "commandline": "hydra -b jsonv1 -o results.json ... ...", - "jsonoutputversion": "1.00", - "server": "127.0.0.1", - "service": "http-post-form", - "software": "Hydra", - "version": "v8.5" - }, - "quantityfound": 2, - "results": [ - { - "host": "127.0.0.1", - "login": "bill@example.com", - "password": "bill", - "port": 9999, - "service": "http-post-form" - }, - { - "host": "127.0.0.1", - "login": "joe@example.com", - "password": "joe", - "port": 9999, - "service": "http-post-form" - } - ], - "success": false -} -``` - - -SPEED ------ -through the parallelizing feature, this password cracker tool can be very -fast, however it depends on the protocol. The fastest are generally POP3 -and FTP. -Experiment with the task option (-t) to speed things up! The higher - the -faster ;-) (but too high - and it disables the service) - - - -STATISTICS ----------- -Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing -295 entries (294 tries invalid logins, 1 valid). Every test was run three -times (only for "1 task" just once), and the average noted down. - -``` - P A R A L L E L T A S K S -SERVICE 1 4 8 16 32 50 64 100 128 -------- -------------------------------------------------------------------- -telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* -ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 -pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 -imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 -``` - -(*) -Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with -128 tasks, running four times resulted in timings between 28 and 97 seconds! -The reason for this is unknown... - -guesses per task (rounded up): - - 295 74 38 19 10 6 5 3 3 - -guesses possible per connect (depends on the server software and config): - - telnet 4 - ftp 6 - pop3 1 - imap 3 - - - -BUGS & FEATURES ---------------- -Hydra: -Email me or David if you find bugs or if you have written a new module. -vh@thc.org (and put "antispam" in the subject line) - - -You should use PGP to encrypt emails to vh@thc.org : - -``` ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v3.3.3 (vh@thc.org) - -mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT -KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ -FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c -vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k -Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p -lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI -zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI -DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf -lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN -DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 -n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB -tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC -F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ -xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH -Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 -qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz -dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp -QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga -V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 -slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl -Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM -0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP -JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs -IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL -CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS -AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ -HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR -2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C -nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc -XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 -Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL -ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V -l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F -n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl -7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb -/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii -tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 -Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR -gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt -x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 -0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS -+C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw -G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA -oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr -rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC -v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 -02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv -s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ -Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK -d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP -gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y -ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP -8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd -X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD -aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN -cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC -Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR -zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni -1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT -zB3yrr+vYBT0uDWmxwPjiJs= -=ytEf ------END PGP PUBLIC KEY BLOCK----- -``` diff --git a/web/index.html b/web/index.html deleted file mode 100644 index 6786d7f..0000000 --- a/web/index.html +++ /dev/null @@ -1,206 +0,0 @@ - - -THC-HYDRA - fast and flexible network login hacker - -
-
-
-
-
-
-
-

-
-
-
-
 THC-Hydra

-

- A very fast network logon cracker which support many different services.
- See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa

-

- Current Version: 8.6
- Last update 2017-07-21
-

-

-

-
-
- [0x00] News and Changelog
-
-
-        Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) )
-        Development code is available at a public github repository: https://github.com/vanhauser-thc/thc-hydra
-        There is a new section below for online tutorials.
-        Read below for Linux compilation notes.
-        
-
-        CHANGELOG for 8.6
-        ===================
-        ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
-        
-        ! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix
-        * added radmin2 module by catatonic prime - great work!
-        * smb module now checks if SMBv1 is supported by the server and if signing is required
-        * http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)
-        * Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting)
-        * Added new command line option:
-          -c TIME: seconds between login attempts (over all threads, so -t 1 is recommended)
-        * Options put after -R (for loading a restore file) are now honored (and were disallowed before)
-        * merged several patches by Diadlo@github to make the code easier readable. thanks for that!
-        * merged a patch by Diadlo@github that moves the help output to the invididual module
-
-	You can also take a look at the full CHANGES file
-
-
- [0x01] Introduction
-
-	Welcome to the mini website of the THC Hydra project.
-
-	Number one of the biggest security holes are passwords, as every password security study shows.
-	Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
-	are easy to add, beside that, it is flexible and very fast.
-
-        Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1, OpenBSD, OSX,
-        QNX/Blackberry, and is made available under GPLv3 with a special OpenSSL license expansion.
-
-	Currently this tool supports:
-	  Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST,
-	  HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-POST, HTTPS-HEAD,
-	  HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle,
-	  PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, S7-300, SAP/R3, SIP, SMB, SMTP,
-	  SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
-
-        For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.
-
-	This tool is a proof of concept code, to give researchers and security consultants the 
-	possiblity to show how easy it would be to gain unauthorized access from remote to a system.
-
-        The program was written van Hauser and is additiionally supported by David Maciejak.
-
-
- [0x02] Screenshots
-
-	
-	(1) Target selection
-
-	
-	(2) Login/Password setup
-
-	
-	(3) Hydra start and output
-
-
- [0x03] Documentation 
- 
-	Hydra comes with a rather long README file that describes the
-	details about the usage and special options.
-	
-	But sometimes detailed online help can vastly improve your efficency.
-	The following links on the global internet are a recommended read.
-	
-          General usage and options: http://www.aldeid.com/wiki/Thc-hydra
-                                     http://resources.infosecinstitute.com/online-dictionary-attack-with-hydra/
-
-          HTTP basic auth: https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29
-                           http://www.sillychicken.co.nz/Security/how-to-brute-force-your-router-in-windows.html
-
-          HTTP form based auth: http://www.art0.org/security/performing-a-dictionary-attack-on-an-http-login-form-using-hydra
-                                http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html
-                                http://www.sillychicken.co.nz/Security/how-to-brute-force-http-forms-in-windows.html
-                                https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29
-
-          Multiple protocols: http://wiki.bywire.org/Hydra
-                              http://www.attackvector.org/brute-force-with-thc-hydra/
-                              http://www.madirish.net/content/hydra-brute-force-utility
-          
-          Telnet: http://www.theprohack.com/2009/04/basics-of-cracking-ftp-and-telnet.html
-                  http://www.adeptus-mechanicus.com/codex/bflog/bflog.html
-	
-        For those people testing with DVWA, this is what you want:
-          hydra -l admin -p password   http-get-form "/dvwa/login.php:username=^USER^&password=^PASS^&submit=Login:Login failed"
-
-	If you find other good ones, just email them in ( vh(at)thc(dot)org ).
-
-
- [0x04] Disclaimer
-
-	1. Please do not use in military or secret service organizations or for illegal purposes.
-	2. The Affero General Public License Version 3 (AGPLv3) applies to this code.
-	3. A special license expansion for OpenSSL is included which is required for the Debian people
-
-
- [0x05] The Art of Downloading: Source and Binaries
- 
-	1. PRODUCTION/RELEASE VERSION:
-	   The source code of state-of-the-art Hydra: hydra-8.6.tar.gz
-	   (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, iPhone, Blackberry 10, etc.)
-
-        2. DEVELOPMENT VERSION:
-           You can download and compile the current development version of hydra always in its public GITHUB repository:
-           https://github.com/vanhauser-thc/thc-hydra by either
-             svn co https://github.com/vanhauser-thc/thc-hydra
-           or
-             git clone https://github.com/vanhauser-thc/thc-hydra.git
-           Note that this is the development state! New features - and new bugs. Things might not work!
-
-	3. The source code of an old, deprecated version of Hydra ONLY in case v7.x gives you problems on unusual and old platforms:
-	   hydra-5.9.1-src.tar.gz
-
-	4. The Win32/Cywin binary release: --- not anymore ---
-	   Install cygwin from http://www.cygwin.com
-	   and compile it yourself. If you do not have cygwin installed - how
-	   do you think you will do proper securiy testing? duh ...
-
-        5. ARM and Palm binaries here are old and not longer maintained:
-	     ARM:  hydra-5.0-arm.tar.gz
-             Palm: hydra-4.6-palm.zip
-
-
- [0x06] Compilation Help
-
-        Hydra compiles fine on all platforms that have gcc - Linux, all BSD, Mac OS/X, Cygwin on Windows, Solaris, etc.
-        It should even compile on historical SunOS, Ultrix etc. platforms :-)
-        
-        There are many optional modules for network protocols like SSH, SVN etc. that require libraries.
-        If they are not found, these optional libraries will not be supported in your binary.
-        
-        If you are on Linux, the following commands install all necessary libraries:
- 
-        Ubuntu/Debian:  apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev
-        Redhat/Fedora:  yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
-        OpenSuSE:       zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel
-        
-        This enables all optional modules and features with the exception of Oracle, SAP R/3 and the
-        Apple filing protocol - which you will need to download and install from the vendor's web sites.
-        For Oracle this is (install the basic and SDK packages): http://www.oracle.com/technetwork/database/features/instant-client/index.html
-
-        For all other Linux derivates and BSD based systems, use the system software installer and look for
-        similar named libraries like in the command above.
-        In all other cases you have to download all source libraries and compile them manually; 
-        the configure script output tells you what is missing and where to get it from.
-        
-
- [0x07] Development & Contributions
-
-	Your contributions are more than welcomed!
-	
-	If you find bugs, coded enhancements or wrote a new attack module for a service,
-	please send them to vh (at) thc (dot) org
-
-	Interesting attack modules would be:
-	OSPF, BGP, PIM, PPTP, ...
-	(or anything else you might be able to do (and is not there yet))
-	
-	Please note that you can also download and commit via github: https://github.com/vanhauser-thc/thc-hydra
-
- 
- Comments and suggestions are welcome.
-
- Yours sincerly,
-
- van Hauser
- The Hackers Choice
- http://www.thc.org/thc-hydra
-
-
- diff --git a/web/network_password_cracker_comparison.html b/web/network_password_cracker_comparison.html deleted file mode 100644 index ac3aa69..0000000 --- a/web/network_password_cracker_comparison.html +++ /dev/null @@ -1,917 +0,0 @@ - - - - - - - - - - - - State of network password cracker art - Comparison Of Features and Services - hydra - - - - - - - -
-
-
- -

Comparison of Features and Services Coverage

- - - -
-
-

Contents

- -
-

Introduction

-

Hydra is born more than 10 years ago, this page is used as a recap of the functionalities it provides, but also -the differences in feature sets, services coverage and code between the most -popular network authentication cracker tools available. Each feature is compared against -Hydra as of the current version. This table is updated as new -features are added to the project. If you find any inaccuracies - on this page please do not hesitate to contact us. -

Below, Yes means it is supported, No means it is not supported, Unknown means the support is partial -

-

- -

Code Comparison

-

This table just lists latest available versions and platforms compatibility.

- - - - - - - - - - -
Code - Hydra - Medusa - Ncrack -
Version - 8.6 - 2.2 - 0.4 alpha -
Last Update - July 2017 - November 2015 - April 2011 -
Supported Platforms - Linux, *BSD, Solaris, Mac OS X, any Unix, Windows (Cygwin) - Linux, *BSD, Solaris and Mac OS X - Linux, *BSD, Mac OS X, Windows -

- -

Features Table

-

This table lists the feature sets of each tools. -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Feature - Hydra - Medusa - Ncrack -
License - AGPLv3 - GPLv2 - GPLv2 + Nmap terms -
IPv6 Support -Yes -No -Yes -
Graphic User Interface -Yes -Yes -No -
Internationalized support (RFC 4013) -Yes -No -No -
HTTP proxy support -Yes -Yes -No -
SOCKS proxy support -Yes -No -No -
# of supported protocols - 51 - 22 - 7 -

- -

Services Coverage

-

This table lists the services coverage of each tools. For each services, many authentication methods are possible. If you require other ways or find issues in Hydra, please -contact us as the service depends on RFC implementations, some adjustements may be needed. -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Service - Details - Hydra - Medusa - Ncrack -
ADAM-6500 - -Yes -No -No -
AFP - -Yes -Yes -No -
Asterisk - -Yes -No -No -
Cisco Password - -Yes -No -No -
Cisco Enable - -Yes -No -No -
CVS - -Yes -Yes -No -
Firebird - -Yes -No -No -
FTP -Yes -Yes -Yes -
SSL supportAUTH TLS & FTP over SSL -AUTH TLS & FTP over SSL -No -
HTTP -Method(s)GET, HEAD, POST -GET -GET -
Basic AuthYes -Yes -Yes -
DIGEST-MD5 AuthYes -Yes -No -
NTLM AuthYes -Yes -No -
SSL supportHTTPS -HTTPS -HTTPS -
HTTP Form -Method(s)GET, POST -GET, POST -No -
SSL supportHTTPS -HTTPS -No -
HTTP Proxy -Basic AuthYes -No -No -
DIGEST-MD5 AuthYes -No -No -
NTLM AuthYes -No -No -
SSL supportHTTPS -No -No -
HTTP PROXY URL Enumeration - -Yes -No -No -
ICQ -v5 -Yes 1 -No -No -
IMAP -LOGIN supportYes -Yes -No -
AUTH LOGIN supportYes -No -No -
AUTH PLAIN supportYes -Yes -No -
AUTH CRAM-MD5 supportYes -No -No -
AUTH CRAM-SHA1 supportYes -No -No -
AUTH CRAM-SHA256 supportYes -No -No -
AUTH DIGEST-MD5 supportYes -No -No -
AUTH NTLM supportYes -Yes -No -
AUTH SCRAM-SHA1 supportYes -No -No -
SSL supportIMAPS & STARTTLS -IMAPS & STARTTLS -No -
IRC -General server password -Yes -No -No -
OPER mode password -Yes -No -No -
LDAP -v2, Simple supportYes -No -No -
v3, Simple supportYes -No -No -
v3, AUTH CRAM-MD5 supportYes -No -No -
v3, AUTH DIGEST-MD5 supportYes -No -No -
MS-SQL - -Yes -Yes -No -
MySQL -v3.x -Yes -Yes -No -
v4.x -Yes -Yes -No -
v5.x -Yes -Yes -No -
NCP - -Yes -Yes -No -
NNTP -USER support -Yes -Yes -No -
AUTH LOGIN support -Yes -No -No -
AUTH PLAIN support -Yes -No -No -
AUTH CRAM-MD5 support -Yes -No -No -
AUTH DIGEST-MD5 support -Yes -No -No -
AUTH NTLM support -Yes -No -No -
SSL support -STARTTLS & NNTP over SSL -No -No -
Oracle -DatabaseYes -Yes 2 -No -
TNS ListenerYes -No -No -
SID EnumerationYes -No -No -
PC-NFS -Yes -No -No -
pcAnywhere -Native Authentication -Yes 1 -Yes -No -
OS Based Authentication (MS) -No -Yes -No -
POP3 -USER supportYes -Yes -Yes -
APOP supportYes -No -No -
AUTH LOGIN supportYes -Yes -No -
AUTH PLAIN supportYes -Yes -No -
AUTH CRAM-MD5 supportYes -No -No -
AUTH CRAM-SHA1 supportYes -No -No -
AUTH CRAM-SHA256 supportYes -No -No -
AUTH DIGEST-MD5 supportYes -No -No -
AUTH NTLM supportYes -Yes -No -
SSL SupportPOP3S & STARTTLS -POP3S & STARTTLS -POP3S -
PostgreSQL - -Yes -Yes -No -
Asterisk - -Yes -No -No -
RDP -Windows Workstation -Yes -Yes 2 -Yes -
Windows Server -Yes -Yes 2 -Partial -
Domain Auth -Yes -Yes 2 -No -
REDIS - -Yes -No -No -
REXEC - -Yes -Yes -No -
RLOGIN - -Yes -Yes -No -
RPCAP - -Yes -No -No -
RSH - -Yes -Yes -No -
RTSP - -Yes -No -No -
SAP R/3 - -Yes 1 -No -No -
Siemens S7-300 - -Yes -No -No -
SIP -Yes 1 -No -No -
SSL supportSIP over SSL -No -No -
SMB -NetBIOS ModeYes -Yes -No -
W2K Native ModeYes -Yes -Yes -
Hash modeYes -Yes -No -
Clear Text AuthYes -Yes -No -
LMv1 AuthYes -Yes -Yes -
LMv2 AuthYes -Yes -Yes -
NTLMv1 AuthYes -Yes -Yes -
NTLMv2 AuthYes -Yes -Yes -
SMTP -AUTH LOGIN supportYes -Yes -No -
AUTH PLAIN supportYes -Yes -No -
AUTH CRAM-MD5 supportYes -No -No -
AUTH DIGEST-MD5 supportYes -No -No -
AUTH NTLM supportYes -Yes -No -
SSL supportSMTPS & STARTTLS -SMTPS & STARTTLS -No -
SMTP User Enum -VRFY cmdYes -Yes -No -
EXPN cmdYes -Yes -No -
RCPT TO cmdYes -Yes -No -
SNMP -v1 -Yes -Yes -No -
v2c -Yes -Yes -No -
v3 -Partial (MD5/SHA1 auth only)(MD5/SHA1 auth only) -No -No -
SOCKS -v5, Password Auth -Yes -No -No -
SSH -v1Yes -No -No -
v2Yes -Yes -Yes -
SSH Keys -v1, v2 -Yes -No -No -
Subversion (SVN) - -Yes -Yes -No -
TeamSpeak -TS2 -Yes 1 -No -No -
Telnet - -Yes -Yes -Yes -
XMPP -AUTH LOGIN supportYes -No -No -
AUTH PLAIN supportYes -No -No -
AUTH CRAM-MD5 supportYes -No -No -
AUTH DIGEST-MD5 supportYes -No -No -
AUTH SCRAM-SHA1 supportYes -No -No -
VMware Auth Daemon -v1.00 / v1.10 -Yes -Yes -No -
SSL support -Yes -Yes -No -
VNC -RFB 3.x password support -Yes -Yes -No -
RFB 3.x user+password support -No -Partial(UltraVNC only) -No -
RFB 4.x password support -Yes -Yes -No -
RFB 4.x user+password support -No -Partial(UltraVNC only) -No -

- -

Speed Comparison

-

This table gives some speed data (in second) for 2 popular services supported by each cracking tool (as of September 2011). The value displayed is the min value of 3 consecutive runs. -Each tool was configured to run 1, 4 and 16 task(s)/job(s) at a time. A login and password lists corresponding to 20 attempts was used. The smaller the value the better.

- - - - - - - - - - - - - - - - -
Speed (in s) - Hydra - Medusa - Ncrack -
1 Task / FTP module - 11.93 - 12.97 - 18.01 -
4 Tasks / FTP module - 4.20 - 5.24 - 9.01 -
16 Tasks / FTP module - 2.44 - 2.71 - 12.01 -
1 Task / SSH v2 module - 32.56 - 33.84 - 45.02 -
4 Tasks / SSH v2 module - 10.95 - Broken - Missed -
16 Tasks / SSH v2 module - 5.14 - Broken - Missed -

- - -

Notes

-
  1. These Hydra modules have not been checked with latest version of softwares/protocols available. -
    2. -
  2. Medusa support is relying on a script or a wrapper. -
- -
- -
-
-
-
- -
- -
- - diff --git a/web/webfiles/css/commonPrint.css b/web/webfiles/css/commonPrint.css deleted file mode 100644 index ecf146d..0000000 --- a/web/webfiles/css/commonPrint.css +++ /dev/null @@ -1,267 +0,0 @@ -/* -** MediaWiki Print style sheet for CSS2-capable browsers. -** Copyright Gabriel Wicke, http://www.aulinx.de/ -** -** Derived from the plone (http://plone.org/) styles -** Copyright Alexander Limi -*/ - -/* Thanks to A List Apart (http://alistapart.com/) for useful extras */ -a.stub, -a.new{ color:#ba0000; text-decoration:none; } - -#toc { - /*border:1px solid #2f6fab;*/ - border:1px solid #aaaaaa; - background-color:#f9f9f9; - padding:5px; -} -.tocindent { - margin-left: 2em; -} -.tocline { - margin-bottom: 0px; -} - -/* images */ -div.floatright { - float: right; - clear: right; - margin: 0; - position:relative; - border: 0.5em solid White; - border-width: 0.5em 0 0.8em 1.4em; -} -div.floatright p { font-style: italic;} -div.floatleft { - float: left; - margin: 0.3em 0.5em 0.5em 0; - position:relative; - border: 0.5em solid White; - border-width: 0.5em 1.4em 0.8em 0; -} -div.floatleft p { font-style: italic; } -/* thumbnails */ -div.thumb { - margin-bottom: 0.5em; - border-style: solid; border-color: White; - width: auto; - overflow: hidden; -} -div.thumb div { - border:1px solid #cccccc; - padding: 3px !important; - background-color:#f9f9f9; - font-size: 94%; - text-align: center; -} -div.thumb div a img { - border:1px solid #cccccc; -} -div.thumb div div.thumbcaption { - border: none; - padding: 0.3em 0 0.1em 0; -} -div.magnify { display: none; } -div.tright { - float: right; - clear: right; - border-width: 0.5em 0 0.8em 1.4em; -} -div.tleft { - float: left; - margin-right:0.5em; - border-width: 0.5em 1.4em 0.8em 0; -} -img.thumbborder { - border: 1px solid #dddddd; -} - -/* table standards */ -table.rimage { - float:right; - width:1pt; - position:relative; - margin-left:1em; - margin-bottom:1em; - text-align:center; -} - -body { - background: White; - /*font-size: 11pt !important;*/ - color: Black; - margin: 0; - padding: 0; -} - -.noprint, -div#jump-to-nav, -div.top, -div#column-one, -#colophon, -.editsection, -.toctoggle, -.tochidden, -div#f-poweredbyico, -div#f-copyrightico, -li#viewcount, -li#about, -li#disclaimer, -li#privacy { - /* Hides all the elements irrelevant for printing */ - display: none; -} - -ul { - list-style-type: square; -} - -#content { - background: none; - border: none ! important; - padding: 0 ! important; - margin: 0 ! important; -} -#footer { - background : white; - color : black; - border-top: 1px solid black; -} - -h1, h2, h3, h4, h5, h6 { - font-weight: bold; -} - -p, .documentDescription { - margin: 1em 0 ! important; - line-height: 1.2em; -} - -.tocindent p { - margin: 0 0 0 0 ! important; -} - -pre { - border: 1pt dashed black; - white-space: pre; - font-size: 8pt; - overflow: auto; - padding: 1em 0; - background : white; - color : black; -} - -table.listing, -table.listing td { - border: 1pt solid black; - border-collapse: collapse; -} - -a { - color: Black !important; - background: none !important; - padding: 0 !important; -} - -a:link, a:visited { - color: #520; - background: transparent; - text-decoration: underline; -} - -#content a.external.text:after, #content a.external.autonumber:after { - /* Expand URLs for printing */ - content: " (" attr(href) ") "; -} - -#globalWrapper { - width: 100% !important; - min-width: 0 !important; -} - -#content { - background : white; - color : black; -} - -#column-content { - margin: 0 !important; -} - -#column-content #content { - padding: 1em; - margin: 0 !important; -} -/* MSIE/Win doesn't understand 'inherit' */ -a, a.external, a.new, a.stub { - color: black ! important; - text-decoration: none ! important; -} - -/* Continue ... */ -a, a.external, a.new, a.stub { - color: inherit ! important; - text-decoration: inherit ! important; -} - -img { border: none; } -img.tex { vertical-align: middle; } -span.texhtml { font-family: serif; } - -#siteNotice { display: none; } - -table.gallery { - border: 1px solid #cccccc; - margin: 2px; - padding: 2px; - background-color:#ffffff; -} - -table.gallery tr { - vertical-align:top; -} - -div.gallerybox { - border: 1px solid #cccccc; - margin: 2px; - background-color:#f9f9f9; - width: 150px; -} - -div.gallerybox div.thumb { - text-align: center; - border: 1px solid #cccccc; - margin: 2px; -} - -div.gallerytext { - font-size: 94%; - padding: 2px 4px; -} - -/* -** Diff rendering -*/ -table.diff { background:white; } -td.diff-otitle { background:#ffffff; } -td.diff-ntitle { background:#ffffff; } -td.diff-addedline { - background:#ccffcc; - font-size: smaller; - border: solid 2px black; -} -td.diff-deletedline { - background:#ffffaa; - font-size: smaller; - border: dotted 2px black; -} -td.diff-context { - background:#eeeeee; - font-size: smaller; -} -.diffchange { - color: silver; - font-weight: bold; - text-decoration: underline; -} diff --git a/web/webfiles/css/index.css b/web/webfiles/css/index.css deleted file mode 100644 index f010367..0000000 --- a/web/webfiles/css/index.css +++ /dev/null @@ -1,2 +0,0 @@ -/* generated user stylesheet */ -a.new, #quickbar a.new { color: #CC2200; } diff --git a/web/webfiles/css/index_002.css b/web/webfiles/css/index_002.css deleted file mode 100644 index aba5a86..0000000 --- a/web/webfiles/css/index_002.css +++ /dev/null @@ -1 +0,0 @@ -/* CSS placed here will affect the print output */ \ No newline at end of file diff --git a/web/webfiles/css/index_003.css b/web/webfiles/css/index_003.css deleted file mode 100644 index bf5c91c..0000000 --- a/web/webfiles/css/index_003.css +++ /dev/null @@ -1 +0,0 @@ -/** CSS placed here will be applied to all skins */ \ No newline at end of file diff --git a/web/webfiles/css/index_004.css b/web/webfiles/css/index_004.css deleted file mode 100644 index 3b97146..0000000 --- a/web/webfiles/css/index_004.css +++ /dev/null @@ -1,20 +0,0 @@ -/** 
 */
-#footer { text-align: center; border: none; padding: 0; }
-#p-cactions li.selected { border-color: #708090; padding: 0 0 .2em 0; font-weight: bold; }
-pre
-{
-    generic-family: "Envy Code R", "Liberation Mono", Consolas, "Lucida Console", monospace;
-
-    /* border: 1px solid #dbdbdb; */
-
-    border: 1px solid #cfcfcf;
-    background-color: #fefefe;
-    line-height: 1.1em;
-    padding: 0.55em;
-/*
-    -moz-border-radius-topright: 0.5em;
-    -webkit-border-top-right-radius: 0.5em;
-    border-radius-topright: 0.5em;
-*/
-}
-/**
*/ \ No newline at end of file diff --git a/web/webfiles/css/main.css b/web/webfiles/css/main.css deleted file mode 100644 index a864cc9..0000000 --- a/web/webfiles/css/main.css +++ /dev/null @@ -1,1461 +0,0 @@ -/* -** MediaWiki 'monobook' style sheet for CSS2-capable browsers. -** Copyright Gabriel Wicke - http://wikidev.net/ -** License: GPL (http://www.gnu.org/copyleft/gpl.html) -** -** Loosely based on http://www.positioniseverything.net/ordered-floats.html by Big John -** and the Plone 2.0 styles, see http://plone.org/ (Alexander Limi,Joe Geldart & Tom Croucher, -** Michael Zeltner and Geir Bækholt) -** All you guys rock :) -*/ - -#column-content { - width: 100%; - float: right; - margin: 0 0 .6em -12.2em; - padding: 0; -} - -#content { - margin: 2.2em 0 0 2.2em; - padding: 0 1em 1.5em 1em; - background: white; - color: black; - border: 1px solid #aaa; - border-right: none; - line-height: 1.5em; - position: relative; - z-index: 2; -} - -#column-one { - padding-top: 30px; -} - -#content { - background: white; - color: black; - border: 1px solid #aaa; - border-right: none; - line-height: 1.5em; -} - -/* Font size: -** We take advantage of keyword scaling- browsers won't go below 9px -** More at http://www.w3.org/2003/07/30-font-size -** http://style.cleverchimp.com/font_size_intervals/altintervals.html -*/ - -body { - font: x-small sans-serif; - background-color: #ffffff; - font-family: Verdana, helvetica, sans-serif; - font-size: 10px; - color: black; - margin: 0; - padding: 0; -} - -/* scale back up to a sane default */ -#globalWrapper { - font-size: 127%; - width: 100%; - margin: 0; - padding: 0; -} -.visualClear { - clear: both; -} - -/* general styles */ - -table { - font-size: 100%; - color: black; - /* we don't want the bottom borders of

s to be visible through - floated tables */ - background-color: white; -} -fieldset table { - /* but keep table layouts in forms clean... */ - background: none; -} - -a:link, a:visited, a:active { text-decoration: underline; color: #173F99 } -a:hover { color: #505050 } - -a.stub { - color: #772233; -} -a.new, #p-personal a.new { - color: #ba0000; -} -a.new:visited, #p-personal a.new:visited { - color: #a55858; -} - -img { - border: none; - vertical-align: middle; -} -p { - margin: .4em 0 .5em 0; - line-height: 1.5em; -} -p img { - margin: 0; -} - -hr { - height: 1px; - color: #aaa; - background-color: #aaa; - border: 0; - margin: .2em 0 .2em 0; -} - -h1, h2, h3, h4, h5, h6 { - color: black; - background: none; - font-weight: normal; - margin: 0; - padding-top: .5em; - padding-bottom: .17em; - border-bottom: 1px solid #aaa; -} -h1 { font-size: 188%; } -h1 .editsection { font-size: 53%; } -h2 { font-size: 150%; } -h2 .editsection { font-size: 67%; } -h3, h4, h5, h6 { - border-bottom: none; - font-weight: bold; -} -h3 { font-size: 132%; } -h3 .editsection { font-size: 76%; font-weight: normal; } -h4 { font-size: 116%; } -h4 .editsection { font-size: 86%; font-weight: normal; } -h5 { font-size: 100%; } -h5 .editsection { font-weight: normal; } -h6 { font-size: 80%; } -h6 .editsection { font-size: 125%; font-weight: normal; } - -ul { - line-height: 1.5em; - list-style-type: square; - margin: .3em 0 0 1.5em; - padding: 0; - list-style-image: url(bullet.gif); -} -ol { - line-height: 1.5em; - margin: .3em 0 0 3.2em; - padding: 0; - list-style-image: none; -} -li { - margin-bottom: .1em; -} -dt { - font-weight: bold; - margin-bottom: .1em; -} -dl { - margin-top: .2em; - margin-bottom: .5em; -} -dd { - line-height: 1.5em; - margin-left: 2em; - margin-bottom: .1em; -} - -fieldset { - border: 1px solid #2f6fab; - margin: 1em 0 1em 0; - padding: 0 1em 1em; - line-height: 1.5em; -} -fieldset.nested { - margin: 0 0 0.5em 0; - padding: 0 0.5em 0.5em; -} -legend { - padding: .5em; - font-size: 95%; -} -form { - border: none; - margin: 0; -} - -textarea { - width: 100%; - padding: .1em; -} - -input.historysubmit { - padding: 0 .3em .3em .3em !important; - font-size: 94%; - cursor: pointer; - height: 1.7em !important; - margin-left: 1.6em; -} -select { - vertical-align: top; -} -abbr, acronym, .explain { - border-bottom: 1px dotted black; - color: black; - background: none; - cursor: help; -} -q { - font-family: Times, "Times New Roman", serif; - font-style: italic; -} -/* disabled for now -blockquote { - font-family: Times, "Times New Roman", serif; - font-style: italic; -}*/ -code { - background-color: #f9f9f9; -} -pre { - padding: 1em; - border: 1px dashed #2f6fab; - color: black; - background-color: #f9f9f9; - line-height: 1.1em; -} - -/* -** the main content area -*/ - -#siteSub { - display: none; -} -#jump-to-nav { - display: none; -} - -#contentSub, #contentSub2 { - font-size: 84%; - line-height: 1.2em; - margin: 0 0 1.4em 1em; - color: #7d7d7d; - width: auto; -} -span.subpages { - display: block; -} - -/* Some space under the headers in the content area */ -#bodyContent h1, #bodyContent h2 { - margin-bottom: .6em; -} -#bodyContent h3, #bodyContent h4, #bodyContent h5 { - margin-bottom: .3em; -} -.firstHeading { - margin-bottom: .1em; - /* These two rules hack around bug 2013 (fix for more limited bug 11325). - When bug 2013 is fixed properly, they should be removed. */ - line-height: 1.2em; - padding-bottom: 0; -} - -/* user notification thing */ -.usermessage { - background-color: #ffce7b; - border: 1px solid #ffa500; - color: black; - font-weight: bold; - margin: 2em 0 1em; - padding: .5em 1em; - vertical-align: middle; -} -#siteNotice { - text-align: center; - font-size: 95%; - padding: 0 .9em; -} -#siteNotice p { - margin: 0; - padding: 0; -} -.success { - color: green; - font-size: larger; -} -.error { - color: red; - font-size: larger; -} -.errorbox, .successbox { - font-size: larger; - border: 2px solid; - padding: .5em 1em; - float: left; - margin-bottom: 2em; - color: #000; -} -.errorbox { - border-color: red; - background-color: #fff2f2; -} -.successbox { - border-color: green; - background-color: #dfd; -} -.errorbox h2, .successbox h2 { - font-size: 1em; - font-weight: bold; - display: inline; - margin: 0 .5em 0 0; - border: none; -} - -.catlinks { - border: 1px solid #aaa; - background-color: #f9f9f9; - padding: 5px; - margin-top: 1em; - clear: both; -} -/* currently unused, intended to be used by a metadata box -in the bottom-right corner of the content area */ -.documentDescription { - /* The summary text describing the document */ - font-weight: bold; - display: block; - margin: 1em 0; - line-height: 1.5em; -} -.documentByLine { - text-align: right; - font-size: 90%; - clear: both; - font-weight: normal; - color: #76797c; -} - -/* emulate center */ -.center { - width: 100%; - text-align: center; -} -*.center * { - margin-left: auto; - margin-right: auto; -} -/* small for tables and similar */ -.small, .small * { - font-size: 94%; -} -table.small { - font-size: 100%; -} - -/* -** content styles -*/ - -#toc, -.toc, -.mw-warning { - border: 1px solid #aaa; - background-color: #f9f9f9; - padding: 5px; - font-size: 95%; -} -#toc h2, -.toc h2 { - display: inline; - border: none; - padding: 0; - font-size: 100%; - font-weight: bold; -} -#toc #toctitle, -.toc #toctitle, -#toc .toctitle, -.toc .toctitle { - text-align: center; -} -#toc ul, -.toc ul { - list-style-type: none; - list-style-image: none; - margin-left: 0; - padding-left: 0; - text-align: left; -} -#toc ul ul, -.toc ul ul { - margin: 0 0 0 2em; -} -#toc .toctoggle, -.toc .toctoggle { - font-size: 94%; -} - -.mw-warning { - margin-left: 50px; - margin-right: 50px; - text-align: center; -} - -/* images */ -div.floatright, table.floatright { - clear: right; - float: right; - position: relative; - margin: 0 0 .5em .5em; - border: 0; -/* - border: .5em solid white; - border-width: .5em 0 .8em 1.4em; -*/ -} -div.floatright p { font-style: italic; } -div.floatleft, table.floatleft { - float: left; - clear: left; - position: relative; - margin: 0 .5em .5em 0; - border: 0; -/* - margin: .3em .5em .5em 0; - border: .5em solid white; - border-width: .5em 1.4em .8em 0; -*/ -} -div.floatleft p { font-style: italic; } -/* thumbnails */ -div.thumb { - margin-bottom: .5em; - border-style: solid; - border-color: white; - width: auto; -} -div.thumbinner { - border: 1px solid #ccc; - padding: 3px !important; - background-color: #f9f9f9; - font-size: 94%; - text-align: center; - overflow: hidden; -} -html .thumbimage { - border: 1px solid #ccc; -} -html .thumbcaption { - border: none; - text-align: left; - line-height: 1.4em; - padding: 3px !important; - font-size: 94%; -} -div.magnify { - float: right; - border: none !important; - background: none !important; -} -div.magnify a, div.magnify img { - display: block; - border: none !important; - background: none !important; -} -div.tright { - clear: right; - float: right; - border-width: .5em 0 .8em 1.4em; -} -div.tleft { - float: left; - clear: left; - margin-right: .5em; - border-width: .5em 1.4em .8em 0; -} -img.thumbborder { - border: 1px solid #dddddd; -} -.hiddenStructure { - display: none; -} - -/* -** classes for special content elements like town boxes -** intended to be referenced directly from the wiki src -*/ - -/* -** User styles -*/ -/* table standards */ -table.rimage { - float: right; - position: relative; - margin-left: 1em; - margin-bottom: 1em; - text-align: center; -} -.toccolours { - border: 1px solid #aaa; - background-color: #f9f9f9; - padding: 5px; - font-size: 95%; -} - -/* -** edit views etc -*/ -.special li { - line-height: 1.4em; - margin: 0; - padding: 0; -} - -/* -** keep the whitespace in front of the ^=, hides rule from konqueror -** this is css3, the validator doesn't like it when validating as css2 -*/ -#bodyContent a.external, -#bodyContent a[href ^="gopher://"] { - background: url(external.png) center right no-repeat; - padding-right: 13px; -} -#bodyContent a[href ^="https://"], -.link-https { - background: url(lock_icon.gif) center right no-repeat; - padding-right: 16px; -} -#bodyContent a[href ^="mailto:"], -.link-mailto { - background: url(mail_icon.gif) center right no-repeat; - padding-right: 18px; -} -#bodyContent a[href ^="news://"] { - background: url(news_icon.png) center right no-repeat; - padding-right: 18px; -} -#bodyContent a[href ^="ftp://"], -.link-ftp { - background: url(file_icon.gif) center right no-repeat; - padding-right: 18px; -} -#bodyContent a[href ^="irc://"], -#bodyContent a.extiw[href ^="irc://"], -.link-irc { - background: url(discussionitem_icon.gif) center right no-repeat; - padding-right: 18px; -} -#bodyContent a.external[href $=".ogg"], #bodyContent a.external[href $=".OGG"], -#bodyContent a.external[href $=".mid"], #bodyContent a.external[href $=".MID"], -#bodyContent a.external[href $=".midi"], #bodyContent a.external[href $=".MIDI"], -#bodyContent a.external[href $=".mp3"], #bodyContent a.external[href $=".MP3"], -#bodyContent a.external[href $=".wav"], #bodyContent a.external[href $=".WAV"], -#bodyContent a.external[href $=".wma"], #bodyContent a.external[href $=".WMA"], -.link-audio { - background: url("audio.png") center right no-repeat; - padding-right: 13px; -} -#bodyContent a.external[href $=".ogm"], #bodyContent a.external[href $=".OGM"], -#bodyContent a.external[href $=".avi"], #bodyContent a.external[href $=".AVI"], -#bodyContent a.external[href $=".mpeg"], #bodyContent a.external[href $=".MPEG"], -#bodyContent a.external[href $=".mpg"], #bodyContent a.external[href $=".MPG"], -.link-video { - background: url("video.png") center right no-repeat; - padding-right: 13px; -} -#bodyContent a.external[href $=".pdf"], #bodyContent a.external[href $=".PDF"], -#bodyContent a.external[href *=".pdf#"], #bodyContent a.external[href *=".PDF#"], -#bodyContent a.external[href *=".pdf?"], #bodyContent a.external[href *=".PDF?"], -.link-document { - background: url("document.png") center right no-repeat; - padding-right: 12px; -} - -/* disable interwiki styling */ -#bodyContent a.extiw, -#bodyContent a.extiw:active { - color: #36b; - background: none; - padding: 0; -} -#bodyContent a.external { - color: #36b; -} -/* this can be used in the content area to switch off -special external link styling */ -#bodyContent .plainlinks a { - background: none !important; - padding: 0 !important; -} - -/* -** the personal toolbar -*/ - -#p-personal { - width: 100%; - white-space: nowrap; - padding: 0; - margin: 0; - position: absolute; - top: 9.2em; - z-index: 0; - border: none; - background: none; - overflow: visible; - line-height: 1.2em; -} - -#p-personal h5 { - display: none; -} -#p-personal .portlet, -#p-personal .pBody { - padding: 0; - margin: 0; - border: none; - z-index: 0; - overflow: visible; - background: none; -} -/* this is the ul contained in the portlet */ -#p-personal ul { - border: none; - line-height: 1.4em; - color: #2f6fab; - padding: 0 2em 0 3em; - margin: 0; - text-align: right; - text-transform: lowercase; - list-style: none; - z-index: 0; - background: none; - cursor: default; -} -#p-personal li { - z-index: 0; - border: none; - padding: 0; - display: inline; - color: #2f6fab; - margin-left: 1em; - line-height: 1.2em; - background: none; -} -#p-personal li.active { - font-weight: bold; -} -#p-personal li a { - text-decoration: none; - color: #005896; - padding-bottom: 0.2em; - background: none; -} -#p-personal li a:hover { - background-color: white; - padding-bottom: 0.2em; - text-decoration: none; -} - - -/* the icon in front of the user name, single quotes -in bg url to hide it from iemac */ -li#pt-userpage, -li#pt-anonuserpage, -li#pt-login { - background: url(user.gif) top left no-repeat; - padding-left: 20px; - text-transform: none; -} -#p-personal ul { - text-transform: lowercase; -} -#p-personal li.active { - font-weight: bold; -} -/* -** the page-related actions- page/talk, edit etc -*/ - -/* -** the page-related actions- page/talk, edit etc -*/ -#p-cactions { - position: absolute; - top: 10.5em; - left: 12.2em; - margin: 0; - white-space: nowrap; - width: 76%; - line-height: 1.1em; - overflow: visible; - background: none; - border-collapse: collapse; - padding-left: 1em; - list-style: none; - font-size: 95%; -} -#p-cactions .hiddenStructure { - display: none; -} -#p-cactions ul { - list-style: none; -} -#p-cactions li { - display: inline; - border: 1px solid #aaa; - border-bottom: none; - padding: 0 0 .1em 0; - margin: 0 .3em 0 0; - overflow: visible; - background: white; -} -#p-cactions li.selected { - border-color: #fabd23; - padding: 0 0 .2em 0; - font-weight: bold; -} -#p-cactions li a { - background-color: #fbfbfb; - color: #002bb8; - border: none; - padding: 0 .8em .3em; - text-decoration: none; - text-transform: lowercase; - position: relative; - z-index: 0; - margin: 0; -} -#p-cactions li.selected a { - z-index: 3; - background-color: #fff; - padding: 0 1em .2em!important; -} -#p-cactions .new a { - color: #ba0000; -} -#p-cactions li a:hover { - z-index: 3; - text-decoration: none; - background-color: #fff; -} -#p-cactions h5 { - display: none; -} -#p-cactions li.istalk { - margin-right: 0; -} -#p-cactions li.istalk a { - padding-right: .5em; -} -#p-cactions #ca-addsection a { - padding-left: .4em; - padding-right: .4em; -} -/* offsets to distinguish the tab groups */ -li#ca-talk { - margin-right: 1.6em; -} -li#ca-watch, li#ca-unwatch, li#ca-varlang-0, li#ca-print { - margin-left: 1.6em; -} - - -#p-cactions .pBody { - font-size: 1em; - background-color: transparent; - color: inherit; - border-collapse: inherit; - border: 0; - padding: 0; -} -#p-cactions .hiddenStructure { - display: none; -} -#p-cactions li a { - text-transform: lowercase; -} - -#p-lang { - position: relative; - z-index: 3; -} - -/* TODO: #t-iscite is only used by the Cite extension, come up with some - * system which allows extensions to add to this file on the fly - */ -#t-ispermalink, #t-iscite { - color: #999; -} -/* -** footer -*/ -#footer { - background-color: white; - border-top: 1px solid #fabd23; - border-bottom: 1px solid #fabd23; - margin: .6em 0 1em 0; - padding: .4em 0 1.2em 0; - text-align: center; - font-size: 90%; - margin-left: 20px; -} -#footer li { - display: inline; - margin: 0 1.3em; -} -#f-poweredbyico, #f-copyrightico { - margin: 0 8px; - position: relative; - top: -2px; /* Bump it up just a tad */ -} -#f-poweredbyico { - float: right; - height: 1%; -} -#f-copyrightico { - float: left; - height: 1%; -} - -/* js pref toc */ -#preftoc { - margin: 0; - padding: 0; - width: 100%; - clear: both; -} -#preftoc li { - background-color: #f0f0f0; - color: #000; -} -#preftoc li { - margin: 1px -2px 1px 2px; - float: left; - padding: 2px 0 3px 0; - border: 1px solid #fff; - border-right-color: #716f64; - border-bottom: 0; - position: relative; - white-space: nowrap; - list-style-type: none; - list-style-image: none; - z-index: 3; -} -#preftoc li.selected { - font-weight: bold; - background-color: #f9f9f9; - border: 1px solid #aaa; - border-bottom: none; - cursor: default; - top: 1px; - padding-top: 2px; - margin-right: -3px; -} -#preftoc > li.selected { - top: 2px; -} -#preftoc a, -#preftoc a:active { - display: block; - color: #000; - padding: 0 .7em; - position: relative; - text-decoration: none; -} -#preftoc li.selected a { - cursor: default; - text-decoration: none; -} -#prefcontrol { - padding-top: 2em; - clear: both; -} -#preferences { - margin: 0; - border: 1px solid #aaa; - clear: both; - padding: 1.5em; - background-color: #F9F9F9; -} -.prefsection { - border: none; - padding: 0; - margin: 0; -} -.prefsection fieldset { - border: 1px solid #aaa; - float: left; - margin-right: 2em; -} -.prefsection legend { - font-weight: bold; -} -.prefsection table, .prefsection legend { - background-color: #F9F9F9; -} -.mainLegend { - display: none; -} -div.prefsectiontip { - font-size: x-small; - padding: .2em 2em; - color: #666; -} -.btnSavePrefs { - font-weight: bold; - padding-left: .3em; - padding-right: .3em; -} - -.preferences-login { - clear: both; - margin-bottom: 1.5em; -} - -.prefcache { - font-size: 90%; - margin-top: 2em; -} - -div#userloginForm form, -div#userlogin form#userlogin2 { - margin: 0 3em 1em 0; - border: 1px solid #aaa; - clear: both; - padding: 1.5em 2em; - background-color: #f9f9f9; - float: left; -} -.rtl div#userloginForm form, -.rtl div#userlogin form#userlogin2 { - float: right; -} - -div#userloginForm table, -div#userlogin form#userlogin2 table { - background-color: #f9f9f9; -} - -div#userloginForm h2, -div#userlogin form#userlogin2 h2 { - padding-top: 0; -} - -div#userlogin .captcha, -div#userloginForm .captcha { - border: 1px solid #bbb; - padding: 1.5em 2em; - background-color: white; -} - -#loginend, #signupend { - clear: both; -} - -#userloginprompt, #languagelinks { - font-size: 85%; -} - -#login-sectiontip { - font-size: 85%; - line-height: 1.2; - padding-top: 2em; -} - -#userlogin .loginText, #userlogin .loginPassword { - width: 12em; -} - -#userloginlink a, #wpLoginattempt, #wpCreateaccount { - font-weight: bold; -} - -/* -** IE/Mac fixes, hope to find a validating way to move this -** to a separate stylesheet. This would work but doesn't validate: -** @import("IEMacFixes.css"); -*/ -/* tabs: border on the a, not the div */ -* > html #p-cactions li { border: none; } -* > html #p-cactions li a { - border: 1px solid #aaa; - border-bottom: none; -} -* > html #p-cactions li.selected a { border-color: #fabd23; } -/* footer icons need a fixed width */ -* > html #f-poweredbyico, -* > html #f-copyrightico { width: 88px; } -* > html #bodyContent, -* > html #bodyContent pre { - overflow-x: auto; - width: 100%; - padding-bottom: 25px; -} - -/* more IE fixes */ -/* float/negative margin brokenness */ -* html #footer {margin-top: 0;} -* html #column-content { - display: inline; - margin-bottom: 0; -} -* html div.editsection { font-size: smaller; } -#pagehistory li.selected { position: relative; } - -/* Mac IE 5.0 fix; floated content turns invisible */ -* > html #column-content { - float: none; -} -* > html #column-one { - position: absolute; - left: 0; - top: 0; -} -* > html #footer { - margin-left: 13.2em; -} -.redirectText { - font-size: 150%; - margin: 5px; -} - -.printfooter { - display: none; -} - -.not-patrolled { - background-color: #ffa; -} -div.patrollink { - clear: both; - font-size: 75%; - text-align: right; -} -span.newpage, span.minor, span.bot { - font-weight: bold; -} -span.unpatrolled { - font-weight: bold; - color: red; -} - -.sharedUploadNotice { - font-style: italic; -} - -span.updatedmarker { - color: black; - background-color: #0f0; -} - -table.gallery { - border: 1px solid #ccc; - margin: 2px; - padding: 2px; - background-color: white; -} - -table.gallery tr { - vertical-align: top; -} - -table.gallery td { - vertical-align: top; - background-color: #f9f9f9; - border: solid 2px white; -} -/* Keep this temporarily so that cached pages will display right */ -table.gallery td.galleryheader { - text-align: center; - font-weight: bold; -} -table.gallery caption { - font-weight: bold; -} - -div.gallerybox { - margin: 2px; -} - -div.gallerybox div.thumb { - text-align: center; - border: 1px solid #ccc; - margin: 2px; -} - -div.gallerytext { - overflow: hidden; - font-size: 94%; - padding: 2px 4px; -} - -span.comment { - font-style: italic; -} - -span.changedby { - font-size: 95%; -} - -.previewnote { - text-indent: 3em; - color: #c00; - border-bottom: 1px solid #aaa; - padding-bottom: 1em; - margin-bottom: 1em; -} - -.previewnote p { - margin: 0; - padding: 0; -} - -.editExternally { - border: 1px solid gray; - background-color: #ffffff; - padding: 3px; - margin-top: 0.5em; - float: left; - font-size: small; - text-align: center; -} -.editExternallyHelp { - font-style: italic; - color: gray; -} - -.toggle { - margin-left: 2em; - text-indent: -2em; -} - -/* Classes for EXIF data display */ -table.mw_metadata { - font-size: 0.8em; - margin-left: 0.5em; - margin-bottom: 0.5em; - width: 300px; -} - -table.mw_metadata caption { - font-weight: bold; -} - -table.mw_metadata th { - font-weight: normal; -} - -table.mw_metadata td { - padding: 0.1em; -} - -table.mw_metadata { - border: none; - border-collapse: collapse; -} - -table.mw_metadata td, table.mw_metadata th { - text-align: center; - border: 1px solid #aaaaaa; - padding-left: 0.1em; - padding-right: 0.1em; -} - -table.mw_metadata th { - background-color: #f9f9f9; -} - -table.mw_metadata td { - background-color: #fcfcfc; -} - -table.collapsed tr.collapsable { - display: none; -} - - -/* filetoc */ -ul#filetoc { - text-align: center; - border: 1px solid #aaaaaa; - background-color: #f9f9f9; - padding: 5px; - font-size: 95%; - margin-bottom: 0.5em; - margin-left: 0; - margin-right: 0; -} - -#filetoc li { - display: inline; - list-style-type: none; - padding-right: 2em; -} - -input#wpSummary { - width: 80%; -} - -/* @bug 1714 */ -input#wpSave, input#wpDiff { - margin-right: 0.33em; -} - -#wpSave { - font-weight: bold; -} - -/* Classes for article validation */ - -table.revisionform_default { - border: 1px solid #000000; -} - -table.revisionform_focus { - border: 1px solid #000000; - background-color:#00BBFF; -} - -tr.revision_tr_default { - background-color:#EEEEEE; -} - -tr.revision_tr_first { - background-color:#DDDDDD; -} - -p.revision_saved { - color: green; - font-weight:bold; -} - -#mw_trackbacks { - border: solid 1px #bbbbff; - background-color: #eeeeff; - padding: 0.2em; -} - - -/* Allmessages table */ - -#allmessagestable th { - background-color: #b2b2ff; -} - -#allmessagestable tr.orig { - background-color: #ffe2e2; -} - -#allmessagestable tr.new { - background-color: #e2ffe2; -} - -#allmessagestable tr.def { - background-color: #f0f0ff; -} - - -/* noarticletext */ -div.noarticletext { - border: 1px solid #ccc; - background: #fff; - padding: .2em 1em; - color: #000; -} - -div#searchTargetContainer { - left: 10px; - top: 10px; - width: 90%; - background: white; -} - -div#searchTarget { - padding: 3px; - margin: 5px; - background: #F0F0F0; - border: solid 1px blue; -} - -div#searchTarget ul li { - list-style: none; -} - -div#searchTarget ul li:before { - color: orange; - content: "\00BB \0020"; -} - -div#searchTargetHide { - float:right; - border:solid 1px black; - background:#DCDCDC; - padding:2px; -} - -#powersearch p { - margin-top:0px; -} - -div.multipageimagenavbox { - border: solid 1px silver; - padding: 4px; - margin: 1em; - background: #f0f0f0; -} - -div.multipageimagenavbox div.thumb { - border: none; - margin-left: 2em; - margin-right: 2em; -} - -div.multipageimagenavbox hr { - margin: 6px; -} - -table.multipageimage td { - text-align: center; -} - -/** Special:Version */ - -table#sv-ext, table#sv-hooks, table#sv-software { - margin: 1em; - padding:0em; -} - -#sv-ext td, #sv-hooks td, #sv-software td, -#sv-ext th, #sv-hooks th, #sv-software th { - border: 1px solid #A0A0A0; - padding: 0 0.15em 0 0.15em; -} -#sv-ext th, #sv-hooks th, #sv-software th { - background-color: #F0F0F0; - color: black; - padding: 0 0.15em 0 0.15em; -} -tr.sv-space{ - height: 0.8em; - border:none; -} -tr.sv-space td { display: none; } - -/* - Table pager (e.g. Special:Imagelist) - - remove underlines from the navigation link - - collapse borders - - set the borders to outsets (similar to Special:Allmessages) - - remove line wrapping for all td and th, set background color - - restore line wrapping for the last two table cells (description and size) -*/ -.TablePager { min-width: 80%; } -.TablePager_nav a { text-decoration: none; } -.TablePager { border-collapse: collapse; } -.TablePager, .TablePager td, .TablePager th { - border: 1px solid #aaaaaa; - padding: 0 0.15em 0 0.15em; -} -.TablePager th { background-color: #eeeeff } -.TablePager td { background-color: #ffffff } -.TablePager tr:hover td { background-color: #eeeeff } - -.imagelist td, .imagelist th { white-space: nowrap } -.imagelist .TablePager_col_links { background-color: #eeeeff } -.imagelist .TablePager_col_img_description { white-space: normal } -.imagelist th.TablePager_sort { background-color: #ccccff } - -.templatesUsed { margin-top: 1.5em; } - -.mw-summary-preview { - margin: 0.1em 0; -} - -/* Friendlier slave lag warnings */ -div.mw-lag-warn-normal, -div.mw-lag-warn-high { - padding: 3px; - text-align: center; - margin: 3px auto; -} -div.mw-lag-warn-normal { - border: 1px solid #FFCC66; - background-color: #FFFFCC; -} -div.mw-lag-warn-high { - font-weight: bold; - border: 2px solid #FF0033; - background-color: #FFCCCC; -} - -.MediaTransformError { - background-color: #ccc; - padding: 0.1em; -} -.MediaTransformError td { - text-align: center; - vertical-align: middle; - font-size: 90%; -} - -/** Special:Search stuff */ -div#mw-search-interwiki-caption { - text-align: center; - font-weight: bold; - font-size: 95%; -} - -.mw-search-interwiki-project { - font-size: 97%; - text-align: left; - padding-left: 0.2em; - padding-right: 0.15em; - padding-bottom: 0.2em; - padding-top: 0.15em; - background: #cae8ff; -} - -/* God-damned hack for the crappy layout */ -.os-suggest { - font-size: 127%; -} - - -.top { vertical-align: middle; text-align: center; padding: 0px; font-family: Verdana, helvitica, sans-serif; font-size: 12px; } - -.sidebar { - position: absolute; - padding-left: 3px; - top: 11.5em; -} - -.inspbox { - margin-left: 5px; - margin-top: 5px; - margin-bottom: 5px; - width: 145px; -} - -#footer { text-align: center; border: none; padding: 0; } -#p-cactions li.selected { border-color: #708090; padding: 0 0 .2em 0; font-weight: bold; } -pre -{ - generic-family: "Envy Code R", "Liberation Mono", Consolas, "Lucida Console", monospace; - - /* border: 1px solid #dbdbdb; */ - - border: 1px solid #cfcfcf; - background-color: #fefefe; - line-height: 1.1em; - padding: 0.55em; - -} diff --git a/web/webfiles/css/shared.css b/web/webfiles/css/shared.css deleted file mode 100644 index 7404a15..0000000 --- a/web/webfiles/css/shared.css +++ /dev/null @@ -1,320 +0,0 @@ -/** - * CSS in this file is used by *all* skins (that have any CSS at all). Be - * careful what you put in here, since what looks good in one skin may not in - * another, but don't ignore the poor non-Monobook users either. - */ -.mw-plusminus-null { color: #aaa; } - -.texvc { direction: ltr; unicode-bidi: embed; } -img.tex { vertical-align: middle; } -span.texhtml { font-family: serif; } - -/* add a bit of margin space between the preview and the toolbar */ -/* this replaces the ugly


we used to insert into the page source */ -#wikiPreview.ontop { margin-bottom: 1em; } - -/* Stop floats from intruding into edit area in previews */ -#toolbar, #wpTextbox1 { clear: both; } - -div#mw-js-message { - margin: 1em 5%; - padding: 0.5em 2.5%; - border: solid 1px #ddd; - background-color: #fcfcfc; -} - -/* Edit section links */ -.editsection { - float: right; - margin-left: 5px; -} - -/** - * File histories - */ -table.filehistory { - border:1px solid #ccc; - border-collapse:collapse; -} - -table.filehistory th, -table.filehistory td { - padding: 0 0.2em 0 0.2em; - vertical-align:top; - border:1px solid #ccc; -} -table.filehistory th { - text-align: left; -} -table.filehistory td.mw-imagepage-filesize, -table.filehistory th.mw-imagepage-filesize { - white-space:nowrap; -} - -table.filehistory td.filehistory-selected { - font-weight: bold; -} - -/* - * rev_deleted stuff - */ -li span.deleted, span.history-deleted { - text-decoration: line-through; - color: #888; - font-style: italic; -} - -/** - * Forms - */ -body.ltr td.mw-label { text-align: right; } -body.ltr td.mw-input { text-align: left; } -body.ltr td.mw-submit { text-align: left; } -body.rtl td.mw-label { text-align: left; } -body.rtl td.mw-input { text-align: right; } -body.rtl td.mw-submit { text-align: right; } - -td.mw-label { vertical-align: top; } -td.mw-submit { white-space: nowrap; } - -/** - * Image captions - */ -body.rtl .thumbcaption { text-align:right; } -body.rtl .magnify { float:left; } - -body.ltr .thumbcaption { text-align:left; } -body.ltr .magnify { float:right; } - -/** - * Hidden categories - */ -.mw-hidden-cats-hidden { display: none; } -.catlinks-allhidden { display: none; } - -/* Convenience links to edit block, delete and protect reasons */ -p.mw-ipb-conveniencelinks, p.mw-protect-editreasons, -p.mw-filedelete-editreasons, p.mw-delete-editreasons { - font-size: 90%; - float: right; -} - -/* Search results */ -div.searchresult { - font-size: 95%; - width:38em; -} -.mw-search-results li { - padding-bottom: 1em; - list-style:none; -} -.mw-search-result-data { - color: green; - font-size: 97%; -} - -td#mw-search-menu { - padding-left:6em; - font-size:85%; -} - -div#mw-search-interwiki { - float: right; - width: 18em; - border-style: solid; - border-color: #AAAAAA; - border-width: 1px; - margin-top: 2ex; -} - -div#mw-search-interwiki li { - font-size: 95%; -} - -.mw-search-interwiki-more { - float: right; - font-size: 90%; -} - -span.searchalttitle { - font-size: 95%; -} - -div.searchdidyoumean { - font-size: 127%; - margin-bottom: 1ex; - margin-top: 1ex; - /* Note that this color won't affect the link, as desired. */ - color: #c00; -} - -div.searchdidyoumean em { - font-weight: bold; -} - -.searchmatch { - font-weight: bold; -} - -div.searchresults { - border:1px solid darkblue; - padding-top: 10px; - padding-bottom: 10px; - padding-left: 20px; - padding-right: 20px; -} - -/* - * UserRights stuff - */ -.mw-userrights-disabled { - color: #888; -} - -table.mw-userrights-groups * td,table.mw-userrights-groups * th { - padding-right: 1.5em; -} - -/* - * OpenSearch ajax suggestions - */ -.os-suggest { - overflow: auto; - overflow-x: hidden; - position: absolute; - top: 0px; - left: 0px; - width: 0px; - background-color: white; - background-color: Window; - border-style: solid; - border-color: #AAAAAA; - border-width: 1px; - z-index:99; - visibility:hidden; - font-size:95%; -} - -table.os-suggest-results { - font-size: 95%; - cursor: pointer; - border: 0; - border-collapse: collapse; - width: 100%; -} - -td.os-suggest-result, td.os-suggest-result-hl { - white-space: nowrap; - background-color: white; - background-color: Window; - color: black; - color: WindowText; - padding: 2px; -} -td.os-suggest-result-hl, -td.os-suggest-result-hl-webkit { - background-color: #4C59A6; - color: white; -} -td.os-suggest-result-hl { - /* System colors are misimplemented in Safari 3.0 and earlier, - making highlighted text illegible... */ - background-color: Highlight; - color: HighlightText; -} - -.os-suggest-toggle { - position: relative; - left: 1ex; - font-size: 65%; -} -.os-suggest-toggle-def { - position: absolute; - top: 0px; - left: 0px; - font-size: 65%; - visibility: hidden; -} - -/* Page history styling */ -/* the auto-generated edit comments */ -.autocomment { color: gray; } -#pagehistory .history-user { - margin-left: 0.4em; - margin-right: 0.2em; -} -#pagehistory span.minor { font-weight: bold; } -#pagehistory li { border: 1px solid white; } -#pagehistory li.selected { - background-color: #f9f9f9; - border: 1px dashed #aaa; -} - -/* - * Special:ListGroupRights styling - * Special:Statistics styling -*/ - -table.mw-listgrouprights-table, -table.mw-statistics-table { - border: 1px solid #ccc; - border-collapse: collapse; -} - -table.mw-listgrouprights-table tr { - vertical-align: top; -} - -table.mw-listgrouprights-table td, table.mw-listgrouprights-table th, -table.mw-statistics-table td, table.mw-statistics-table th { - padding: 0.5em 0.2em 0.5em 0.2em; - border: 1px solid #ccc; -} - -td.mw-statistics-numbers { - text-align: right; -} - -/* Special:SpecialPages styling */ -h4.mw-specialpagesgroup { - background-color: #dcdcdc; - padding: 2px; - margin: .3em 0em 0em 0em; -} -.mw-specialpagerestricted { - font-weight: bold; -} - -#shared-image-dup, #shared-image-conflict { - font-style: italic; -} - -/* Special:EmailUser styling */ -table.mw-emailuser-table { - width: 98%; -} -td#mw-emailuser-sender, td#mw-emailuser-recipient { - font-weight: bold; -} - -/* - * Recreating deleted page warning - * Reupload file warning - * Page protection warning - * incl. log entries for these warnings - */ -div.mw-warning-with-logexcerpt { - padding: 3px; - margin-bottom: 3px; - border: 2px solid #2F6FAB; -} -div.mw-warning-with-logexcerpt ul li { - font-size: 90%; -} - -/* (show/hide) revision deletion links */ -span.mw-revdelundel-link, -strong.mw-revdelundel-link { - font-family: monospace; - font-size: smaller -} \ No newline at end of file diff --git a/web/webfiles/img/Cross.png b/web/webfiles/img/Cross.png deleted file mode 100644 index b96b6d27a90130d671fd8c237a5085c421e70db1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 953 zcmeAS@N?(olHy`uVBq!ia0vp^Vn8g!!3-obe&3S^QY`6?zK#qG8~eHcB(ehe3dtTp zz6=aiY77hwEes65fIcEW#v{iwNFt||HQ?g1qW9vDn7e)>%z8e-7+%&L`DBe zN;UvVZSCI-3?Bpq|LN#_Vqkb7EBi!B>J0dR|upFMka|Ni}R=gw{4zP&d+z1rD%?xaZz z7cQJXfBugjKi7!A{WTvEbxddW?YD278HB?^g2EaiAhqkfIczlvOfV1%r`+p{1^Yk*=Y6 yh=GxniG`JcskVWEm4SixVoaH;91_n=8KbLh*2~7aTf`P^W diff --git a/web/webfiles/img/Tick.png b/web/webfiles/img/Tick.png deleted file mode 100644 index d5f75bac554e3875f7ca4ce4c18e63eb3b01e505..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 871 zcmV-t1DO1YP)eSad^gZEa<4bO1wgWnpw>WFU8GbZ8()Nlj2!fese{00O^B zL_t(I%caxHPZLoT$MNqBZD-m^G1QbwMQe%;F^DURJ2&o4e55g{@d0b1|A2`xDmG30 z3tSLfXo3`0#x-t?O)x~nS1}9@wGS*MbYz$*b6t?Aq>}hJySuobobx;P!hh6@*%xAX zWLP|ycp&)S%FpG+k;_L!YC0v7x050}niT-jzhE=-GvZ?AB7Il;C^n09YMtm$b*?9` z)Alb|I+Nz;)uSv}3lwSv0^R`OjxegB{#}Q&?`B2%UYg!Zy%ekhpI1I}ICPlER)pe{ zBDqWs`A@OeA6|>}-EHjs#(S2EON8Yxk*x^jsWQ1tj#xA%wSan27sDgN;{Mou@hf)W z)&&xm6TC6sU@RGQs-5(<_fnoJGk#~BSTrWJEJZKs;{1*CM9)R3Ez}s;9AN0o5UHCf z5?8jd%5sISU>Aw@1f|K+4y*-C4kbl*s+(2cDnW0M`l~u0pMB)SwG+&Jo1#GhvE74(C{}Pt4OF?njgbGldzRe|pa9;wlHi2Z#sbR41#uV!wUZ+0m?cIRB9N={VCbr`fW$ zi1oxcq#dFylY z3^z75gl*f{wvFRBtgo*#IWbB6R2<`xL1r*RwN&M6`xn5K#2I4mzOv$C>6{%xMRS*Pz{ADW^e%Q7C1hqkshyk0MXK!8XjLPtjj zilPt<27ivcwzej0+h%if6UT9AG#Xfzh2uB~A!s(6NRre7`u%>qUN4HGplMobhNfu> x*L87Smu9nx>$<-U-{bKh%kqz|{eHg$@EvRDDSDtx55KmK}&J+V?8*X6yHGikZo z&c|OLZ1y}x$74lpGJWptNd<#_&pi`j+jpliO&!zJ@qoi6)qJwEn6+CD@WYWyec*-D z0@${RZ5ix7aDl}$^O-zmXa*1=-8ulX=S~iAq@;=-$HUMSrlGUOaK{(L@i*%g#5u&#GBD|4MSHLhC){wrlDh* z20q(h_0maw;ES~_*p`W98Ca%4UE^H}Lw+HpnAcnJL?BU^@29e^1*J4}UG>Q@Qs1(6 z`D7+Pod>|RrhCLn>aZ;X+cYpuo%*Kxj2)GO=XqlR6wn4pAp}yBC{06Y5j*9>s$0eyG!6E&rsBUx}$36LASDZLiTJOxC8o)ACDmjo& znc$U0V^|Xj^Xj4kva>9Fwu!DZq$UwkU>l0UU=GD+t2%*_2fl?YA4GJB0uD5W8VKxu--Q->4q_hbF$eI0*XYS>tNVAGCX z*1yMQrVwI#R)+cV7aNvjOdmIt^H*+ht@%DTTH4WdjZyvqjL6HPFffQSWewh@FAsFI zcXWU7AoL+HDZ?`Tv)+u@*&}w$nG*EPpB6I1qw_@mh(Q2UH~d9;%`NxnnJdY&r8Tv; ztB!4Gtv+@cX!Sg=?U7(1L^d!G7^G+94Cxn`yU@tY37c6@6`(S51di);wl*hP8>_lo z8!xxk96t@-ZQu@Y8@TCtUgB{TE5HVPKvr7)fXuYn2~ugjpWfTk>hvCf{SCq*=OFh! Rj6eVY002ovPDHLkV1hz8a+v@C diff --git a/web/webfiles/img/gnu-fdl.png b/web/webfiles/img/gnu-fdl.png deleted file mode 100644 index 1371aba886e5fbefc5b9ea6749a893ba440729e1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1748 zcmV;_1}piAP)P%~FqR%=x^SzB0bS2jTBo}itqpN_4dkD{cZuA-2wqn59uk))=hu%wcur=+i?n5L+u zu%?=)sivr^r>d-}x2&MJt)aQDqPnl6yRf9Pw6VOhrMmCa#=pnO#>mRY(a6Ec%gEHs#Ldsk)y>A%&d1Nu z&ezY#(9+M?(8*eI;=;i0>=IH9@>Fem~?CJ07=`~Ls@o3YLe00009 za7bBm000XU000XU0RWnu7ytkO2XskIMF-Rb3jrA~R_QA)0000TbVXQnLvL+uWo~o; zLvm$dbY)~9cWHEJAXI2&AV*0}Q14_VZU6uSo=HSORCwC8mWNLiK@`TFY(P)2m%Fo} zSWdwp$eq1_VvEEs7HkL>>|(Fj3&e(sAoi|EP7i`DDhZ;XfPm<6i{$%PoY_9-fr*4k zZr<#>%x~Ym`R2{E+R{R;)fQV5ZR2hHXETCh4?Bz9?qX-^EDrpBLMP(aE*Kyropth0 z?wDasvi<{a>3$tN->JVYe~}LU7-%|I^Yig$Hl>d*FjSjs7ViE99()O?&RP=_85xt5 zSp{4UQNfeQeyDRvc2i)SBca}4$1{j$>}mocPk4|wQUP})pEdBX0ZoESiOCBb@(dM= zjEgp}9C;x!n2>r6e23iknPcU#o(Nvx3{*thY`brM`2M@*ZQ5As8DEY}8Qh+fNYkY$ z{f9RlaaSH32QiLP)TI-5u(kAHsRWK9yP&PvRp|{KNg2vW+rPjU$TS|Dk2CE1KOBm4 zgw4#LUPeBKLRl37tpDoDa$L$~vPEdW(Cq~#rV(#+VKZWM1U~QY?Zcg+4cIwF>P* zCGaoUIq)c;N&^3uz{=tP5By{c-AE%(Zcse7^>vA^AWGg4{6Z|bs-$8%2VM<0shNyQ z4(vG_nd{oiXBC>y5@DcJ)#sw$g}Q8aNi!;gWtg#)R9K-J|(mNuTW1Sit8vr(2~@ zu$bF#CsO(rhy}qk$7}mM7E8~oTl$pEP%C~Uu&0wu%p4d~#`so6Po{q?|uLGclTG_Rb8vQy4t(fTKCKM>i`TnDOo815C{MOAr^4I3J?b%z`?=8!6LxJ z!y_UhAfe!(q97xq5Mp7YO+Kr>yv*Wu%|jd*w{Qj^YLw}QRWqPyO867@&w`L$yvMY z3jyW2sFYAw?v(7bzNd_+&8)Yp1U^Sm%G_{N_9oX&Yy$5HqU%DBm-|nhOt}Wh+sv>h zdcyvU#Y`3Fwkaj2X@HN|SIEbd@f%9CXQC0}6*?KVfE975e#`p|lrOncL_dLD-@7uQ;!_3Jwx!}~rMb9^P;pU)w!e8&nncH_@H(vy^ zYNct|1X?w9<9zN~ocTEC*nV-M)*B%5bG@i`NZfeYT-9{E=5T89#<;A|HzhlxQD#A^ zYi4-iq`Fx)JRUOQ#ODy3cCp`*?sgYv%soh+SwQw?TB85d%j8AJ_+dO{T!a`sLgDW` zup1ltXh=@A9Cra0zmF7Zm2>EE|G43#ci8W_{`kxvF&=X9)5goRnk8_9TP_G7P%*~W z8GJH1G+jrRqt-(_jzBI^Vg1l>vI}16TU{4@V{^{g_pW5u>!bM}&j~HfmkIYenKstm5$iIDsv026wvnvixl-;|x?t4*T{ZksrGJa9 zd!zqeFAVPd0+*Y6N!~0CwASpGndm=sqt+&q=&a+=6Y`GWZ-B?^Qp`UT2%;Q-^P6Fw zXN06~A<7w>_)WQ|(+^c7cS5DBsg*2Qq-vv~r-}D#pwxX!LIgeg>T!0>_<&DKQDzYk zfSw_g+#6pyx@TSb+?vA+JpU3eJ$uX#lFWl7UC9F9ES_ZcA$+}mS$tD&$x>|U@1ssO_yiR7kj(jW`zfCZ$(IHqIxRQYB7wB}O+)IjNPLtEJ zSfqNgw`1VRZg1(oc45E02zlD*8Pp9xN;x176#0=l!fcxyCBD<>FQEhe;du^NM#r~{6V$c zp1lqKgP_xbxrR`9{O~)qR!Hu=ozJiMZk;DAy$c$cY&m#{mB16UZi-x1&^D>#Z$I@l zL+{=N?oN$M<t{ffq9 ztdu?v)D?2r9ia@Sjlc36vqd@wz)#)6PvxXV3yYuR)Zs4jNXMKE3ab)12 z6TMUT79)XOtMRgi_&bJ!S-d+*%JVo++j7Cr;1`lysg#M@;6Qnq%Qv&=nckp3@h*Il zeIyvqvVF5oi03Y^X-f=D3d{&>&jyJ)*g_`csLbA()S%Rr9jh#yGC2$pIJk}weJhPd zOE*)}6*qciym$e!XB!-MfqP>h+SE^M|2y!8#CB&FCB|xZqYE-sGGPFKFc1q30|l8* ze^eo4s)WJ9#Kyq|gD5CrS=mI`IWVYIIH@4>Cjx{82n#h(RXq^?rIBE3R?y7crG|JF zju^2q5Kj9YPh<|Jsv#5`Yt$eI!Z;OMR4>FcV}*DG<5d3=k-gBFvDpC+AzqV#b5(`J zI-c|iX{UP+zRZ(M7V~P8kwm#!#>&bgsSzecDTVQm4GDrem4?M{Bea^&*$ftR@MIzYHPG&%Fk}Nq^m9AV5mmyzMU}YE31^R7w(g?AazS0<)|}PX|o9S zMjiM>DPU<9|-r8r|k`@q#F)#_noZz$QT=!4BC#pXHtY zb7~Jm@Qkni%t;+*_@}x>YI%BrF>d1vl5`n+-E=}r%cZVcE?237QlCLwB~2} zS1MbTTkio=#Y-s~Uv6zP?g2?5)bW(j)XU+pW*Tl79ZuGJrmnu^9v{B+;u>aL>xgkN z9BK_f6D)r;H4l;bTNl_Rl=(zgedzWkX++_#TjaV5#PKI_jg)L181irHyY&nBx?YGC=( zhWyvWqAt%OWm2<6PmGf{0c~oty2Q-PBhRailWNT|T50Y9c@I@_59k0VaDF#p?KJV~ zy$n7@-oYP#oc3p^Lfua)tnQDAp)O&RxR7i=Bex)=Vk+2@uhhAW-+5CYrRa%}_~nB7 z)K}5>r^fJYjO-IPSruihP5rDcjf18<+w6d8LDPk*wj`&v>_y>koVVN2q%0qspAv`s zJwQHa+)ftoeV-vqbo1xJ{XukEohyeI7Ruxcrkgs$9h;3NrYVd{IxW!}?!^TuTh_;R zn!Gcgp17x*#G6O6(6Wy2(_Fi}sMqtf+I{oHRYSjOb?5a?1HQfl-t2MHTfuL|Zu145 zSz1aL2H$FS=YF)`lGzX~O6y3nhUHN2cHFlq3BxNkPvr+(VTuAl!842$8JzC8ZVKVL zk5>~X^u{7>H=K(s(ixbHl)N8}(!g`Z{{*$JXZ#I`o%|l~NL*wxc-t50o|FSFpRTqDtL#9oE7vIdkmXCAMySUM9SCP%F5EV6s zA5~F5RpYzlcf5Ta{_a`tF=z7yBO~>eTKG{WUfSz{VrDj*NCiF9x&K#4%ENGa;7Lp+ zy!WH8-@u;;eIQyHY;vy3va|XJ0cJbvoLI>p<0<1pM1Qy%0V&736`I<;V*TZTCvJ5( zb^>uB8;_y{2N5eF3jIqj5F5$G+p1tt%)yh4f z;!5d`<<4m5$M}lDZLV!Ak0m!>nc++n9i8d$k#&PZh}c=Ku7En$8LL3=J!R#-YP4qg zJ3`gUXQ<7RP|}o3wpmiSgX>fJ!ry#lKMZ^ryZNbLFm}&e)j2u-!m&T}Q=e~N{y(Vl zAJhf&WsxxXTqcaG_63J=j3kvV*#r$ZX;xiU@$bB7gUU05(+D5oV(z(!#+UD&A2+OT zC-B;>xE-fhNeff@sIA6RMaXh*H&VOSzt9@5mml`tS9_!r&s2EIv=;cz#e$;F(!99* zz{uhrutc;VS0|FZ;bpxcOKbKq^TkvPr9ui5ufFLEk}>R#&lBzYOye`mvLi9$lTvRJ z@oq)Gk689ITvqb&bfoXK?Bd+`DyTNmX}XgQ4lkHm>5-#f+F(Xe?1{aB&E$x_}h9V3OJPu*Xne^DB206XyqZ=Vi^6fHu?W z{RF;Nx$Jiu#p?F4@tuZB2a+Cgl{Vx6udv zo`qiA-k&O`dRyhviAze# zOA;H5tJaX7#h0&T=Nd}m#UP7o)lwZCJxS8&ZxCI+xUWshNcA>3t;#`*_Rv%aN7GA= zKW1CgUuwvZCO%HaOq+y({1a2or?9uB1DoZ()ttuG-vXox^6cEJIbyM%4*s=es$`E! zpU?^OseuL^=MsO*70>VK5*irtpt;B-D1VLj^u(6B8{n$!E_M5`MCz91~ua>VjWBAW(u)-zsRq2xC zX#Oq$ZazC5Lyz5j14)_`k~Cx+3iZ3Bp|F6MAT|*vzaQyBJ*2z#v8}I&l+UWq_X*Q= zhCbdvo&8?|t&_+vZ_amaIU%V_LiWQ@P>?fkI2br6AS`4@{E!tU7DVg>7;H)o(fGuV zU{w=m*ZLU@DzUt}SrDs;zlxfvOV4MVe05lHw}vlYf8Hp=2}9Y~*Ebi3iMj`vZ>9~KuP*3* zRqd-c$iiz{to1l&NhS|dN30bmmsHY2f7X7eM_3@dYe9oW=#O~n%}hJ;#zI9g?2DMQ z4P>-VPMNkV3z$Vcm?NQ~J3$X$hUcxKt6aixW070J6nP& zt3HefTxicxWucsDAvv2J(wJjcBDa{RFZa5te91v8xl!+^e732=uu)HI!LF%7?roLF zf{ngr_1h{&+s0MRA_uKD+rMJXzCFB3Mq=WbH{sIAlv&af{(yd)u zu;R?finCn|?l1UH!H(q@Ri3q{dKV@;jmLcxc59&-OKs?!H6CPkPYwkZ{|BPMCokku z^wf@wH@QrwxgBd4qO9$+UF$qko$#65Z# z?NZ)RPG-fxVpoxldZv*rlnXb%{@DaCJnpWDQBf0Z-VkLRO8N_r5Atp3weFejsL%e? zEPFCyTUR4ow?`zfGE*+(9I=(SOuokIQq@K*?>K8wA-co53#?!MIyxp@*)H?(^9_DW zs~aWq07!%5%jZj?CB;*&DYLDQK~AZlTW>+xk;na7p9JOG3uCSXqvN|tE?GXx!=jf} z5U^c3`kX~Cs^q^6lszz4LYRL%_5ZKH)=-E9D#j~tnshxT`FDz2+%6i&5&f@PH_2Tz zMn+o=16JujV-I9ivN;_GO-3KN4+(F!sxE&7XnkoACplA~Y=1oCIKnQq9F6C3SKym; zP4S%dE?B&P@Ce;DlSZ#IU8{7(Lq_5 zCW0x&tYj5Vc(_z+Q2{4y?<{^WBV+1!Wv?PRlIc8tJCGKXbD`-X07li_Ht_9YSK~Lw zCkF)1_^%U#_+or0FdAalPA)KFV48mOdIC8iXTmyK@YC^=J_ zsI~5>N`LmOJb0tw(^d4H`eE>T-xW@;4>ovHwl~o_-2q{ya90hjsf{|^+0(#ChH#M~ z!K|#)A-m18%WVVpDF=h2{SLJqXAr5xxcmkq4{?!0scZ^g+KI;A67Q}`y(`SpmCSQah_B#m?+jkj`1|fS_C~VzD9mV(j@9>ZJ>mPYyw6@ z4B1uCu>H1}_b7HYMyI1E-LQR5eyE(ADVO`qrCj54lbsqAfrXEu8SSj6+971NpZg}B z5J1K?bk6@JQOLdFhk+kOHJ%JMyJK=@vaX0ZR*osZ1Oc%KN zj0OEsF;&yb@Y#v=6bq4k!+JmGUxU7@_)<1Xk!bOJgTAtMsFq>`#-}WpD=~Ix#`9Ev z(~{U|ThPUhIMMt!k>J=T=Y$84dm|sDzKP0?2e3vdg6!*SGGf@5)$HudSLyj1YE}{v zmv~H#n)Q^avDT*n@u`#6{pqtoyGv5l+hnR!twH2&T6Sj=jXPnU#Po>Tk3ZOko(z}Z z9=0+-`9zTLwrBIUBw3p8J1BT=%S7j7!ViY-=$d8hVwrKaF{IftWtLaOXo}S80m36dNBN#>)|TIS%YSc_9viN8zh(iZR+QvF9sDy{k{%;H zswWRb-pk|WMZ<7%&Qe`qnJ&ZI1@8qSXdKUvGI?h0?}aN>s91+$4n|W^7>gG2S<*UK z_k|slsH`kT;|VVK(YzkDWm=YmpGm5yWvuSiTry$!RGaL+EZ2HSW9WfZ-G-=b7*z2; z8BzKKMcJGj3CUb{%?9fvHQzc7i(?iW)^fi#Jh2F^e2zG)tO_+VllxiVV!lKP<<79C z$)`&g4mLV#IKn0mdbY0=AII4nq~s`E_wiek6IO1des1ws-xY!uQzh7E*;hDSX*b9v z|6@RcUM{I3b>pF(iGI$#lL{(p4r%hXP$N_yy9&cm5wzLm2c)$7Bk4&=cc`*{p!ZkO zR4Av2O&YTqEekTW+)zmd?dxHuKT@ngd0&fNJr4a5L{OU1YCNZVws5dvX>}y55QSaMw z>?k=&zsZWBnjJ0c!D%~r-2w|W)j-N=d)1->!GxQ`*z2`z;qqUE?<5fy_ORrZbN7VjM0j6LB<{+3;(R^K!|S2|iFSE`K9?B-t+COG@?fc_NB_=K`5w9Sj?^ z^zckQ)(yV0c`o+?$yj$|L?{lQcicD=_yQ^L8PF!GX}X{x8S>Rr z_J=Acb+G4CaMQ!SExEhE0R-Yq3RhO1J&XOw(2 zDU&|scs5@XO*14DahnN!JLKu@WWz344{L7I>C)nN_En#Tj7)a6VXrFTWF2U@>T$^p zpy4?eN1gN)@-my$6VzOxEI#jO$|R)pM0}ekJ_*kmUEuM)2nl&p6Tx~0tHwlk_OlfV zXK$?bJ)kT5=jNv!^6k0fzXzyn;2(?+cqeENe)Dqt7r@`-{~%cKy4V#icl(l+Eln(^ ze!UEPe4)g`Zz}`%#yPv7Ue|XUL^JGVErT*#@#$dS7m9zma`-P66~BuT|7`TIfK$nz zc1@cWO*U7yEi~rmP*9tx+A!2lJXLT7hGKKF(HpKca&y2Qh88HOCcB05&3lB*SO{X) zcSjRgCao3jU_Sm}t%`_6iClJ_|43_&Z{{8li+E@r;)IvYaObJPs(akfP>`9=k{w>c z@%W{9$4Y%ihdeDDnP2E5a1YDuv8p~Ej!e9~;7Wmo5jC+`N+v_nd9Vtn6#K`kVk~Ow z>nRU?p;NwvP)scnNgZcglYY(rmY_;I-K$|C9P+^(9>r=b;r?H`QMW!Ej#RxpOS=7e ztmf>;&o8P|(E}&kn!U*Eiu%@14Oz(HGxnXn3oOZp_UyD82%&TSi%g|nWVS{Dzbw97 zQYDIIA}Q#C?2!_oOPFgO9pnNWg`}NTZ3`FciVe4lTY5>}?W4aa=upQh9Uh+Gro;3r zDiZORl6%qRt`tna#Lsl1ve&?KGxy|b+qQ7|$pPeKEY+Yxg&odPGadLoZ(JPB=~a>} z>Zf--g>>+X`|ei^r7Go1BMax0H*?}PDT*^Rjbb3MII}myRRk`0mWZMz{a8?riW1DF zU=zpjNwtiSvrcDltjRFD6dq5V#rt9g3oXH3YWZZ?D&VBTS4#B;qn)nvL6v>@a@YI1 z76z%*KbkzFJ9>twz@I5(9X{vP9tBfqLN;xJ+dQJiQ!GEa{&J zIX!^slg~JsJrh?P2TeLC=3dk`y%cZcSEAC*w6i32s1Q9dW0;03Tnyz=ees;Ca%uru zaYv)-s8NND5^q!yW=+YPyJHf7wRJF=*mn29srz_m(%c7{i$>IUj4VVyMMivBcR`~3C7(Z7>R$cK|RPv|MVCFk?hLqYf;}H zzyGGc5}Na}>acIBL+jjR_kD#Y>*v^7rEc*9(r8WZnmF8qkIQ0pntFlMeyp z$nK|%I*#R*u`(*fF-i3s?DM&DuT+7Bi+k;{;o|-<5pQ>usMi(_g2hA= zea%`s%fS^hAw;N&)WP=v{Iy*gxvcV37d8Z(RW$mhDtuWX5;;yVkLpoQeq6pD$>M1E z>Z-8@xn#aMP~z5}J}z$>Cqv;KUtw7U5i`w1zGBdE-M@B%1hvVo!zi3|ybXoy!lN{r zgPLU1S30f_ric(MszOaaMy7G+dG*=P0_Pq;f22x?6poP>YNL?onE%4Q!BkDq=3`~1 z&H?*G^VCHhyKb2fRT=}Qocm1@7dID)_>Rn-It}4QOcY~wZnJOD*A>hD!k3FGUot0p zxEwg4GA6Kw1nP@3s#dQb&Dz;a7g7ud3ZK3&-spS8l@e|PILDDSF6G_wRVWt9|kD6O%l?qqp zu;?r^5VIy8#X0K*k^#%Q$I1pR@W&vp0`G#ym!4OyKTU2b7F^PsWuPXUFA^&UnK&CLQGEhz(7zeM#OV0EexLMeV5d%cJw6YEK;xE?NC*L89n*q6zt z5!$|bmyfGk?9i@VHcCXI2)i ztEpOlejq4;`!|){SU#K-TS}tvG$qj@D}Q~J->RH>Z1`y6f+cb1I#u@6d#v!Xb9>h7 zgUh~vb0vt4CjAV28sAX%*dFnjEtKzr^G`@Rn!fJUI4z)z5 z7*2&07<;14Dd%&+CbTjlVNZ|XM&SGMlJ04GHF0^)d1aEq7{Aq_IuTX8GM%R^$X6|l zd#Y?X*N8LxW<5%{WR+Q z)kpaR&#Wuu33Vv3*ykyeXZo@WDKec=pWK=lNikyflaq43PaD`EZ4j;I^J74k!A*wS z7A*GST;}VCZ)7dVZmvsBK{KR{UMXr{h&2wswpt`L&5>lCymxKa8WKKM;SKbZaPUB-#tPm-*`|wia#N= zx_|*$fgQ5CKHaJBY@EEj_H8b%tKHyAERvV%JeYa>8jH&}7H%&fsyfIIGROjj{5@3O+Y=W8E?wrMkOP&$fz8)+v6Hp1|?ITx0k0x z&A`NMNo|{8=iQ%aTweG-w!k8p=_9MnJpkOlu*dHaU0Q2NN35?A57R@j7#^{($2B=) z3pPYh7$50vlspdlIB$T9*NH(Y+Jj2RiHI~HDn}U5b4v|d6&l8DFCc1XvVp9Rj-j{w zJYcb}AFqiF1QG2oBBNwn?>?$g@r+Vk4JIsdPI5r5rex2>ES)zZiG<|!G1c6pvk7(I z)kysBby?yc44R%**-Px~8tI(-Lhh;=Aa~W!P_WQ2zr48(xvR#cVEZhpYSQy1K5quY z*}o2QJ+1Qbmp8YCDH7gmihQT|9Ca%XgT$#Ivga=+!aO~vIuByzqG4H~>?LM;cUa|+ zvhj5)p|ME}+PE3RD~Slqihwa1ozwdm0Hg`14pKuTrQ)(+SgzCcUSO|^#7$jO|Fb6A498S;6aIQ5rpvG#}bwmuWDhB?c}#)Q>9 z`D#?s{0L*?kOoTb6Oj(?qrp<~uuWQ$gYvT=*w_~wpL4T;slYx{f0&$h00emPi;g36jO{#|Q=B<5?B;bTMD ze<}f~%)$D9D$TY>E9}usR=m3B!ZAl`Jm+^ zD5J|{`r?2i<~X`GRPWXsD0NdYcwoA(pNp7Un4$!H*k5%aYm7}xKnu^oHN?n;9k=2p zonr$>HNu2SxM1d>>H4MQa}Ch=6$nDdOE!X?q5Mzovfohb(a=tX%B7bg4X@}DKModI zQ`z3{hCNfn6i8w`4;1m;=u;r$E{uu>haWMl+jbNBSnf`0~LDQMKgjH1)8Ns)gA z2ml0hF@TzrdBQJ`vNwAMBLv>!2%3$AqfnrW?}_UG){TsblqEo(FavSy=KHny$Qq1Q5oKsr#+?RdMzRORVW{E73)}~X++UBGhSPWaXN~~gvOV%rJy|Lh2jw< ziH7p6zaulQnW)vf?W#T ztgaO>dzeLGg&k)T;Gw4%zs#Ln^?#^hZsZ~)coYFfXk&#ouX+dgES*V zb{dQom#u3UE*A9>D!>pcff5R(#xZynCB&9Pwg+2=eGrXrXqKIY1?WFZKe_~u0V7k0 zy@Cjv;G%xb#u3nu0fgm{!`ySyv_zI>v7Rtfmr&-X$Ik`ZBTc1V(Y@@>b%7t5ZecFFKm##m_2hh&@9CB(RG(5vM~L zPPs0yN77=EZ1@2HD6oLrCi}3oG@USMgT)qddqwe8Lte^&`eU(YHCjl~C)&-JozRqk z(#`ViRHhb-F&15yu@r;)Ul6s+>z{S>A&e*DZzBJ|2|*+hA$R;gX*8V`b(%<|cM@U! z9>6~>I*S+nfDJ)KRD2Z$>0)co5n}HNZO4%GkC?OAC z8t(hp*aT;P1#8cIIT#57C5jFluUe!KG{a3K>8OHpoqAu|-IbqnT}BegXg-dBg=U7y zfDyqW5nnFNa|d}*s=)Y{CC2U3n6vpcP%Xf~m5LD&@4YHTgLVbUw;aDLf63HyL7{4G z3G;z23uG@Fh=;1|mv&U6WK=&9|F??yO`ktvicZgc87+MRZT(nfVUka{Mo{JOCm{vc31=XFe;oI(^5AU+b0 zIl>9*T@afeAS>2Ovtm)umi?ia@YEQ!*69x_mLv}aU{ zimAV34WZ~;5Vzz)jNkh#>LHj2n1-?Mcc+M8)5MNUr;T=1K{KUANuuwd%0=bv=GBxT z50V6|bFnmedKf){e!sNpf(@Xt6nbH0x9R>QVfSUU zsc=tUZAohUV=%-GTi-zEbu7VF=Dj8r90P~ju7>2Rt-C!Uw8>x(Gl%~YS zj%{S!(?YO9%9_>1@H_pfe6F*+tP7@ zzC6J#7&6iUtEpyE zRp=6=0;hW&hdXY?>N`Oj6cEx(gLJRf=hR5LG@ zt)Qz89a%bj8EAIPOE+cK7zMJUltdIEOls6c-EhWF~-oda+Lls6THDvGI6fSh%bC(OhR4T#t%YlvG~;v_m;TnhM8bQ&&5PBBMP*n z`#rSa4!YNLh%2Dojh|McF8H_Ba{rr2A99M8j3#!v;Y)@0^*PR3Kiwe)h8vI&#%@}@ zda?VfOQ$GIATc;X^F{tKRN%*BOF^H(tCcXZRYeW3hN&NrUjr5VIN33&x1sYfW>w#Q ze-Br^#`{KE({QMd@jyAmFybf*UEzpD<34rolotXL3wzipjcQBs`I>Tu6MpCFVR$ zaAjL+7=el+VuLe_;@5NCOvg?HFP_T#4Al_(kQ)=x#?p?{rg%|ynj`tsLJpV-76a$1npCvJAMp*k+ zLdHn4l*8v5_>^1-&ond(MK)rF3Rc2KCD7;&Ukav0{WlR18VeJlfToj!-#Bj^TF_@i z#A4!lsj7sq)1DH7fweg4qLgZ$XS-rm!J%x;xu-flX@9v7P4 z8Y0H9tT1NB;m;C8C=rN92n1D-%wZ1bGF3}J)bOU@q#h*0A-aZIC=LlA))l)5J6%!| ziWxuFvN2&^IkP`veAJ;Njv65fJK_3*eo3ALj``fl)GJg;wS{p`Tx%r>Gzue5S7syg36%SkWWE5+dUAyhP5=?2CPf%&>W{NoQC=BT!@E&&ywcqeUtLT< zmsQ8%f)Ke_h2U};*6_~4$RvEk&nYl2SV8b0!cT|A6kKt=QqAM$w!wkmB>R`h{quKt z??U(T0J_ucGn0`TSCv4&?*W_55{qRyP*Z1^a+ozLh>|EwM*Z-P^&xZ;A$=-)_FL2b z0Q>*|9AIpnv~$#}2c{d1PKT&F=@N^A9momdhiVLBhYJA1B4vs}!Bd!Va%#$K$ROfS z^JC-Ef29^Phq4v%fEAy<2|>rb_?sN!bzNj3Xp&Pt?@iw>{~{lDFy^#Jr;eQ zk<+^xcMo_P{Dxwm+LfYAM3BD%=mB*IyNq0mZ_Ltd=-2iiLz^NM&{Vla1kKS#FJM6^ zNE{7f9Kr@+0OzPe>t2mexg^wTMV?x}I2z6mSMXrvM-^exZFuB#f_zNf=(!P zLqyK#W4iVk;Z0Ha55?pRZGq81fq>F(Q8QC;vyL*J*f+ zBuv_xbQ3E>oPq)Ei)|M6==wEZC#}WB(4l?q1QB6V#HmOrYo2a7* zUQcBTkJ2arUO`E84+P@`Z3&`nCEf!hUIL&L0a27j2>DFGc`$4waRZ2P%Y&>`1m$|4+rkK&Lsh4wp;6gFs5!r?RePCA z_yYS8T4)2)HD&1;NlK zWY>Vwjd6QPFqBWl#G)CAi_neJc&GPaEZ&vWi6FderG~Zz$pDu2D5+H+xxunlrdCm^ zWvk>$`2mz*=uAM!K>U?c(t7t`uPy0j5XG=6P6H6iPh>1a%kgV;vE0T@Jo0w}ln7j# zr+zSs!!p)^Y!vS`j-Ps^TneUGeTM<#Boa{$ z>fNG!{YES0V0KMUze3*K=4lo4LQ(4iXk28Lrh=B1bzgB!Ak(O>wCz4=^pU2_Y?B>@CKKgX^`v_E+7-khG? z10cydo}zJ6l0bw`t-a=RY;C12vA^)}gp^t~u zezh9df5f{`1$Zzx%uuh-pFrV#5$+{oQx77!sHr&64lK znF^omW4yDVms3kB`T^+fc;~hB_qzYw$Q?XkvXk;&x~`b%3;g=AFBHwo$v2%nKkxgz z#)DDIzXu>a{1)m#49It{zyFOQ5EBC;hKUHPsOqnu*iD75lywZN|3;UyZ#G@zZ^af(s*a?3_Y`0#TZR`6e43_xCa3;SeM~+ZCmHfqs zzcBo`&7eGi`HMldcosT(M_2lbab#>4x*K>;-beV0VQuT{B_}1~9C>zy|J>K~1igKH zycat`BdY}VJ^72S#+#+*zRVAT=>$x;Y*kpJsVqUfozSmArLxRtT#gJUXNE}UV@50(?6f&I`m1nRl5kxEL05!1h zSxEBHIoymY9vf(wOzR{q3HQa-bDJyWl0`Tc^#ZeD_Y~WoE!7meHV?Yjka)c3rzGKP zh{^V?1QAX@30fWUetBiZA7!QYWyoQ(o}#aUXMgGH|33E5sKn+hTz`Vz-D3UdN<}oI zz0g5Sg3ruqhL8=jjx6nXPYZMi29sI@_Y(q*oE&CI64o@iO7pPKG$ixEItZ<2Llu#J z8+7Fi&`M1tEC>-$+4$Hw`qj%eFZHpmgS9WwvW6$vg>&1_--C**DNHG__K1&Ir|~15 z=v3?dO`%NpOXTx}@@hF#0>tB#!t$QRLLeXI*SrKE{4Xnai_QLFpU`kaC zsUYQT&DCxV*1Zykm$vdtR8UON9V(H<-&;TL6P?bqD|a0-s@Bvhf8%fuD7g}jqHc&) zN_afea}*Mo$F-!f8`EV_UZweT^&X&n=1U-JMV3u%R1mm|3NPkRT{cDP)1s+YzV_xW zXYYpk|qh_1qt?;voFVviF9TdCYXVGC{ z(ql){SNX)#BNB_L@z_;wj>MAm283fDj^aF(DF3>|`08;E{#4{vxhV|a zWq_!JvX1y6&y+~mQIq%T0IsHuZ{jiJ{+#k;xu zcaTHUy;uxyJik#^Bvdqy5)n6SB&fLFwC6-L3utVls&Y@yG6``cbq9$&DEm=S)w2_; z;LOxO)RKx&Yy~y9DltB*UJX3}*thU>U8NX;4nmb<^i0Bmu=U~L`7{XMZUJu>U5Rg4 zje7#&PzZQT&}#0~pWPcYW_o<7xXG)QOn*Owh-_r2XOv}M@u3jr-jlSZEZGCQ>?=ko~ z3|!sVELJ9(t^pF~QeF1{*uVUxAiR_p@8;Vk%0*b*3%PIl)s3-;LM!wV=^~nNW1;m{ zx<_q!im>nN^O3d;C$dN^uhO`MVtH8nAwN>2f}w!U64|%ox2M+RLHeBeScXG-&sX{E zJD1GlnCU059RYXx*(~NayO=jza@%aL-GP(vbCv9=e8l-rJ{h)mPk{NLr3@;F5F9v8 zteNqi)bAvB(@?z6U;a2-*H;~z%RyBdW%#Ojjw+-uq@PolxyZ(~xt9Au4%5m>~<2lQ4iFNEU_+0x}F)f*=S;kbxlyhy=+wBOroE5{V*75G4oU zf8*}I`~J7JTl?PIeO0fzZgt;2b#LEJ=bY~I-P6)gL1Mq2AWeBAeLY|yTLzENd(e{5 zy-hJ|qL=+t^aJS|U$Z$2fa*eEa1o=6y~}X4JV5nOhcHQSqLf9EYu&Ng6uXGQ~~kP0w%4B1GTm$u?aUmj|COegTjb8uCPR zr;u0{XdCsbq4i~QaRO0?pMzGh2QsbBBi2ZkBXU-Wv>qZ`0e(4nb z9}*Z7DEjnvV#zu&m!#Tc8WicJp|;ZkI+BEe3>7`g&S9pK;2n-UHO@9+&}&LFvv^__ zI7~dNAAJ?X~r+|C0=jXxb>2&B}?T!&Cj)g|t?Owwt;4X|O*9)NZ*M#KnbG zFVT;x0B%#})l8h)s5k;z;g;etE<>!4+AwKh3?VJIqCA}* zm_T7VuD^1KQEdlB0oc$H5w|C3o z`nK#lA%D-F-^`+AB?C-=Uvp(nSuND`guMv^3j80x&3S) zS)kZg?D>&_x>#N(cz9Z?lX({*|98z6qpV`nFNRzQct|o_B8F`7b?< z>-WPo)4->9{KwfiTYn!X7v0J*Qb&Ef?!Ir}T|+K1*|C>P&FjVeLB-m{mA4L&QXSNtJ}p^+}$_5GaZ| zf2H}WgHMTq{u|*M99#JC^RKqkEwONcLa03F6t9;$neGhdJu|6;1l-dfeKGg+f0KoC zy#5j^(1H8=$MCPt?m z1R9NoPe99xkncAYB_ltuq_um|1SRy@^88?oYtvYj_*ZX0G;uD;D3_htUlWwg@qCtH zK|j8AtC5A1^pxC3Zs^8!XO-b(9CQ%IY`lSIta)s_U?c6G4W6b@jSPA4;AoHkDeIv; z&4z1x;z&N8a)U8K?k6JvUPGWMQkD1PB@XPk`8)4g@)Q$Ifh02znp~>>CkW-w?YK<= z_<%9ADYzHC&h~Kc&r|P|-l;*lb!>&f+|Ng#^3`jYr-z(hB`-BKI5^(mA}Z@XS||yn zueh6?f(4-5WPyg_3-aG`s0(Pt;xH0qxTx!mB4w?GFr;0j<*&8e^PtVHbRImSjO zng^X#_D)b6_(F&te_UMw{u`jXzJGu6uUs~XJT6&24s(rW1sgBNSNqsI;&|n2FCZR# z8^k#f)_yCncObKJE3>r8?TxoA%5Cun_1Y*QzE3vyl;|ww46{ZypSA*Y5veu)slP!V zr;(GZ!1~5)YtbB)Y_`d_C-{Lhb=r+`_oDu$+$91!D5D*=iZQrdYpUxAdBd8@0{@>T zfK93ZvE}@~aE+@AZ&$|%Q{)≤X&{{|NXIFfeo>D#k)1Ru3paUbeTR9XMj&Hn==0;jl%GPH zUU<29;lk_cTY;-y;uJSbRo=K_xsK7V6}fw>3Yj`bR_aMG!uUqipusF3Q&nLP2bT19 z*H6i+1j%#Q8Chj*+UtT8q;Ob&y7r4sj)>`*QfPP3RS;V5E}ue{W0NSHxg?Dx)zBo?8Gokou8K(pEHsFNxJP!t|2b2(#a?$WYnucR?$g$`9 zL9UI)hZ~`etBg`$;@P+W5!q*j<=x<>2#)pdS!TUxZNclh@&TK8>k(kS87j#KUWm(| zcf?czal$($*ouqJSqX9QT6Qq*S^sMfEI zaDmZXLA}ufUqq=>+4GR*679Jn1NrOc8!66z2=)lfmTF?)06kc|u!5q6u2|{?Z=PJN{j=xah6&Bog`L`VS1ua`?m4wmpSs#9LK4SUY6v=S46JK!Ha3;w6lyNB7mJVfVKdy(ez{%Ituukuo&gbq}F z?(%9!B#FDAO%M|JRQw~Rhg>xu*?ssrIdo{&sM!!DrXb;oNFZrW^08Z)4%)T)DZq2^ z7IWg*itv0pkxpew8M*Q2hq)Tl!%!Mk<6;>UI({28bKCJ2A~Au5Ko1gVM#AWFv)WJQ zg)wc0-5aU583165=@-ZoV@)M~={_Cz%ep(bJ>A@i3V9+@ zH5hjFkXCzPa;bQ*KF(_3pR0HmfCUg*ViBHxQQCnG-WY-G)jfcYEd5Ih)H#5i9DaR# zZu!VI_NL4uDu;f$omhc&sT$)*VGWV$NAU^LG%}Q>8oL2|ar-qwOsN2#ExK3S=%x`t zHl9{wo`CRXOCkgPeD^#D@(ov*BkLpv##~b+6uxzU;k> ziQ;m81I*zzoBr`A{(CgBYlOD&fQsSY0Fjvq54}+<_LaW@?$ZLyZWG~{qUfeVno45% z8!IC^_EG{Z^Jgm5D;D*yYlHJb-kipgw!bV+8~wUy&?j%Udtdaqv+e#v?w(ifu8s%L zle8a{^dSgc!DlmV`EkgKj~^|S#@g3@szuvQzkjptzbClL203oXFpzo`{I9^_(|C!R_d)VT1Dd{hEf)q)IayT}>Ea2htcT=KWBzM=n z+U2EAS1nrIu#QLyPS?@q4)IEw3W^XyOer45Z}B0mBX+FztOld1w^;MFav5Qt!&A}J5o26_^?41nkT1v{LbHI*)wAbg0A+q9 zh+xrzpqSi{Cp8P+n4(_Wa%2NL65ri8cgK|Ty-;M!S61@_&wMKm7TtL+PPUwY@r0CG zu1O<=Y^G?<3oD+P6y(Qi-DTXe?<4Ms+SvND4rh3F?RnP4V(JXzX9YX={a(?TmgO>6K(kmwXf<_>w)eIBXR@NWksrTVNPGu zz=@<~Tskom7P%A<^tH&8?gBqAOO@7pcbuZ#@Mc=$Rm{IjNZ88DP%xFdeK?3(|Gd-D zWDOT|Bm;hMi!}hlzXSVuN~RyF$nH^6@mX`f%@=k`xlQ_(P@%m6_dAadwgscl%xY`C)G6I zj<5M{s1IkbngB|;G(DXPylmch?xI76J^2MRI3}V3;ZFPfx2AgMaa9`ws zyze}z8VD~b7l#II#dEf#Wfp?_&9}~Z`$il;jKUI^EIu<8Bx!*hS*e8HMAPLwJtsK9 z&OlSo^GnbRC&PF<;N(K&*Q2&LViN_}_&9Y*v$rHG`zav_As9pN(#;R(Q8+Bwkh8WA z+vXd!As6{Zo~8wMl_iSu7GZ z3Y2Z+$P&aj!EM+)E9%WuZL3g_T?UWXgs=H|XEsb4W_#Oy1U;I<$8#BiJY_OA2|aFdE8#GzQgV4s?@%LVe2ZYhDe*em z7=`6PwZCr$tHuzR-q(|`esMJ7n7)`*ywkpaw=S^{vOCU9;_)`ctksTwlex?0IaH{} zFN-v#Te2*ttLrG_GXv%$DTrB}^)0zkk!&^WBjwol-KWaU9#3*6!R?tHA{8~lt?!_V z0#p~V&KSx5i030whW8WH#&@Ii%(8a_EFXC1{|Fn4Q3)0JAes4y>--tCpI_AnK@%bo zy2f$$GB!Nag+U;rnnRst&0vD-g*^+5zSWL(lSxP($j_p*&vjXw%8bda4-WV&KgTdx zn>-fzvUO!xikMyf#MpN$Q?CN1FivqA^vqnp(RQ`}u>aT{F>lrC?`4Bb9yMiuRHAr0 zoy;(JS!7{8!Cgq^+lL^9ks!QO7=idQ>rTK>5B3H@?x|YnX8!>H&EUw!sWF|OIoqN= z3dovSBBn%DdlKLwIG|p zdOfD+ZNzHY43t$Bw&Cib+!IWBLRZn*+;!Smi=y!9P~IhFn!S9`$-AhKjh-6^D;#Iv iABUc5b^N~}tgP$Ov1(0T8Eo1NxjVSZZQOEqrY7M diff --git a/web/webfiles/img/hydra_start.jpg b/web/webfiles/img/hydra_start.jpg deleted file mode 100644 index e6187355212dcc069e45d13abb2f70596ca5b37d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 44345 zcmeFY1yo$iwkX=T2WVUp+$GRBfdp-=ap*wf?hZi$!M#avhv4qecu0a<1C2BuLI@Hh z2@nV*A$+psoW0+;cbt3Qf9H>P$M|c)?3z-uR>_(*SJkTPrR%o(Qjk*Krf0fyo1T%8nO%^JnU$Z7k&#=1 zhhIooR8*9SOG;J}BqJyy3i@RPgMfg5n24B`goGBv!pH*pZ(rB_0CIc`4@`b63|0Up zIR+Lv#`Pe8;pQeWv3}j|KQ1gBOl({Xyc;16#;@xif?o*?Oswk_05R50E;1~#8@l>j z^VSdl7tgWi77eF0LV6g37gG#fysZmmuVhuPzRr(~3Cq}hVCws3^FF%}^yS$`i0}zS zn=VM@Q(yKaCl~w$+t&?9a2mz1dCK=s75CNRx9;9#n`2@hJkBb6^8LfJRO^5V)U3~9 zZ_q?zfrISQm?4WpzaQiBW4kT=$q)BvtBtgvLk_K!EwChdBlCyLs@7}sJv8qeyA51z(ez2QOWc7%B;+bofT}Pw2JC zt$>ffkLW}W#}?>+jNFwYdX4yoBHE1klvDpJ=zhq`vEdsxr+p3g$}_k5K57O(SoM># z95+L9nuP3$dUa$v!eFwUP)Z|2lOK3wR@31u|EMgvXSu#WeC_aqzgc;w@n1U$<7B$} zM@vs*aHg4R9gaPE6t$x2EIwRkvZakg6@UC`+4X*J(TM+jXx)9OaC!7d!r%o9w$72k z+=0Cv1<>gSyg$TP(=8+)vKwhR`(}>82%-7RgfnKU*S6(@t&!S}ovrxF4#Uc0+@Q;S z3fK8%dWyv*T03ISwQrB3?$`*6lDpA=m(IkkL|o+cWc09iBW)g!4i5%(Wx0ynG#d94 zpD!NyBQ~=>{@^z+?2p_J9qj`@_QsgZi?jFD5NV zbe5Qoy$wv}xCPTf5+zhu?9O1w&6D?m8#`fmL$4D(-L2b(q zj5}Qmo5-gHNcX%|(?Kp+Rrx(CWvc}h7xPO&>ZYO$-E;}k3V!5{BIpLy3Ys>b0Y-RR+MPSc;q-MjCkO&wKK zvP9;7wJC<;>GRUyoqKoE@;0PZBxKFIWZzvPFU(z0Q?RaQw~D97&AN(bZ_2HoJj!zS z#;O``@$nje=l9gY=+F?x1>SbkFvJP(+p5Nqw*?Xf3N1v+6O#|dSa-do{bZ$75$1$Y$-+_KOf@Rm8yxJMGC7+4$Mk=1P%BS}!C0CRDMJpTA1 zyz$7c>(-B=U*>;Z#h25lKA+pqG$+5<*PZ22z2wY{cPcEzH96}j3lfhgcNG&}r>ApI zNYaW^#NBHg9(}lFD<&oo)BYl^VR%x$-csx&TfW+s&-M*{pIgFF^{d~k-k?A4-Ti~~ zY|Fg`y~Q(y7(ux1(oxu-8h`u!^GQUXm^ld*{Y~^w;?Hh4>&=2exc|xjTk6m8F6+U8 zP9yxA=r6<{^+sM9hD&2>f9wUHBs$mqn3)x@uXz(cL+}f(7Do#nig^S!GHQrHkEJnw z!GrEging-)%ocIjlRP&I&1|6tL7m^Uf7dr==|eLJVD!yRE=LGpZUYJcsLREfCm|M! zO^r>M=Q>Iw8o zV1)%f06=F$P;BPNYu8NY=$^3Ww#8e|F?Tl%$78xL@^pWntFcpTl}si6JmLKbebOfq z&T~8O0l8y00`q11$@3(RYk;(Uca@Mf!Mgw~4}~(k0k|JC2;-Of*y!Nc7LPrSXq-w(BI%gi=9)F(3LiLOiU-_=(#eGCy;z?|bv@lO)! zep+U7;F$Em1*btQVsRzKF^X1j+mamVXT-`}uY%tt5 z5~mxo$VK&r#Dam_NF3>BZ%8?G$_@G7Q!WzjVu4X4q8V>*!i1yvG`CFk+$D332AS_2 zUgEm7a#QP=rrH@j;}Z;MQ`J>2a&#dn(3FULeO~IQ40l_4#J1D=&A!$6O2oMCXHFeD z6oPhnP~jr>d`>KP`a>?#;S19KUn)djY65}L0m*(xKh@3GH%Aek$D=yKKfwjyHm?46 zM~u8=&y1*lg5928#D(iL{7S~pb zrR|SL;Af1Iy$G}ZmpFMFrV8u1Q+k8CN!dN4Nt6`u<7>d@&`a&$^887JN^MhYVJ=a zoHTs0FzO&lDn!z||_fp{1y|KgnCALxPX4@hg+7p*Q zOG&5Kf*tcE)5-a*zk6k$_Wd{#tlS9fS#-!8a7PG(wp1R{^H1vu-m|#Kr%ho-jMco3 zZN6^7dp1Vb)JU#OB8RdDjWJ1gb z>OaAIv0M4?z?Hu0oA?JLc(5w|gZRaS|A=gmUt~T=_5)ESrrM2x-sgBjx;RbK1l6+G zC;m4XVrgQo`YX=|@>{}0xCu>C-^oTCBn>CmB$v^oo|tQl1>WU&-<$P+D#`cK^d9AT z<>!x_+$;|vtE5j0={Rh{83#$q%h6ddGbg|Q4}KOlo({=Y|B!JfRwCKc;v5uxxFc>Q zLI$@r0Ob0#B<$ksY$Y0235-8BGc zI66oR0~7?PHcE5~se7^TbULc1kDgRYRa@14=47fNDGYTW`{JeT9C{0LmjxD1 z-VDIM>q+iKkL$D^H#WtP?mxu*YJknVlve#MbKzS$u_iU7J67GI$_pZS7DBIRpV|h; z78X`++07mF0Biq6oVzEC)RUY=6EM_p%R!ic;L#mmN7-7%<5-zkR%_yEo?bkPbc74F z3bEU?j%%}=Mk9k~=ZRQi9qo%qTUKG^t6`SCcZKsm?}!fT(Ko~y)dY$x3a-nM2{Mn3 zN)OV#6^UwUP(^1;(25dJC=#>l3eBo9Dlv0Fy`5i6W=D!l8N4Tx*|rwP-NtsgowHwX zNZ5>9s+45BzVZmH0Dhs5ojL5yGcQ^!UFQ819&K+}A$6P}9MP+QG);?GfSgShS%XKX=qJ}hONHp+F0&QL7uohW_a zE#XxRoKXtpNlq60fw*bRCVqwfZ7i+M2FGo)qxa?JyU0OQdf(LVjd**LRajzbrpl|$O3=0D zjt@_plTWw0ing$;3&=mVQpwU?R#wdbv(CWmdteLw#gOs*&48hryK;l0*ZQA5_M zp)Ag%6VU<6ly)0lulJo~3~IGlYx-RlM{*{C<8LOSI53Jpq|)=apB>R~S|KO(HDlyZ zet2Av`(0+VHEdw3l(dmkif8C8)0d^#(uBwQ7hXcNNwz?p4x`jXygaj7F1R9ILD*B1 z<0?9YNO(8WbTkvXvKWNa*lk=-GwE4hHTw%er%pe?w%e{pvZ&0 zS%)iDUF2I;s{BZ6XE(?ZchCC)?(r!rC2yf3S3o1L55Uz#y3igOaUhK zoM|Czil|?n^PY%Wzme9f+a+G^ubMA;GRaGfUvV-a?8&$3CZ?%P;qPD7$PaE$B=dLS zIiBn06vNo_p0<6pq8;~OO%*HVY;^XFx0D^T3d?7+I9AZl?MAIf#f{>K=8+awrj0+U z?s*X)GSy^Dm)+%!hd)4Gd4*pvGTboJw}+;EwWCf8`Rcly$NBU0cRxg0aaTA_ zR}8kW>4=>rNO>U6#-rR+k^mHHlbsO$sr#(v=jyFVHhgfI5i|igN+H2qca>%&^!lY! zwyk%+NV7ynL{l^?c%h!r0asNMIKrJR5>-;)+Et=we-CO-IVPnxs->wmWf|jHZ%!6I zjvV!p%j6!7jBKyER3r+EenED^mpa^JaZ=-x$%~!iV7i^Q#J_3XR#_G3%`3t;Iem{c z{F&LP#P`nMd)_k!q6%QmjH`^gBWUG@b zsIq}b?nPoN3}UwqTocyO@Njz1aMlGrFbIDa6N+Ki#JG*G>GnEZj$3k2SbR;yvCRN1 zDWkwWG=j$kZ12E-Lv9cERnewp@W!tsA)k{}O7Tq4x5TL=OQ7(2y8!jx--AgN-i)moHLgVvsoRYq5kjD{#~xj}!uxz&Zd1vujW2+d~85v(vsLThRE7k}bBWg}35`bCn5s z=h<`ernCLLCmrX1++(0_&f&vy^SXLedKD(TM8n8(yxwYgju~vnD^`97$1HoMo|5bp zW`Pj7;;kCV@y>EuR6W+jt!fs9rWpAst1Au&g^yL_mO+0m){TymP`CpGTdCBvkx{yi zgIBD~FQ|0&nTfuNiN4b3{WN&>!}Lmpwh=LZ4gPz05z$4jdP*Ettr}jgNJ(IlgZqa!6LTF;ex$_J|8ScRgsa z&xoWKy;Kelx3&k17HJKwYoV+cRdvyi_2TKbx-(|gdyh%lshQ8Iyr+zU8&hq>cP40O z^C3PwX6&!+C#~qHhnM)D$+27W_B5F23++nfiff2Kk}T(x-=qgBFIT8hH-4r4W5~tl z&=wq#;)iH1xENw>SvxD@}qZ z2)TNpL$qwmR4ecv*=U$`$1Q0kPW)@YpEKeKCV+`d#%+Q!Y_;I_sr5$x5n$%2fVpRV zJlGRnDtQg){$uL={7wlbsOPt#JG1&+^Gd`jMT&uNHc~F)cF;i0gRe$^c+n?J7yQ5b zG0B&tKd66q-i#KpKZ*VbQSJ_0190MkBr6dQVre$70TF+gPyBohcy0Z=V;Q;#efwL_ z#R&Y6ea?wS)Vt`-BLviT(}=&9{GwpLp&OQlUf}zI`+NUjp?|S{y4Xi?gy>3@9n{Fo!0P>27fIg5!fgeEZCDrvj(vpu^mt^xKe#}}0d z?ZvC;ZwWyq6*9?@RS}W+23JhYKRKpwR|;Ddq~)pYv{B!g-d(mO(%p0VS;zcs`wLrZ zz0?#rQpQ}N=i=w|#s1b(J_+YaNKJ7d+2yPEPMU8RGI4NI15`8W?1rzhV@KW*RR=TtOSx?0;jZH@B*`d^;B)?!v^s_G$3{42`65_j(} zX?E{2IZS_t{rK;~9>N3~o?Eif%GT@N9fyPWA5fl`)x-~vw>@Qyec+EEQT#cG=+vmw#eUDrDoB)&Ji200n;yr^rIDeAi{2_ z`u`q`Rzcik^jB^P;$wAVJ{2*Je=~1(r2Ky?(i`3%>nRf4BOJ1M7jv_Y$4m~u0$^fb zWBqdt76XV$&WuIIA`FsC{%zszW+UEfryHQ=U%J2xfVto_|=Xa1uIOdtk1vn7`BANDbS*6YYUw>v6Qq;3PW|z~kjChBmU(!#d)cVJQCGG=Ey%yc1=v9ox1144VOD zr(>;Nl_-@Xw(h+_ECO;aN|WnQ$V}sh^*Z7&SK71L7RWQO9}c?CwUW1J6(yxUvKDt* zj$7u^0gv4iW)QuRq*dK0Whdp{NYv(UlqSK*8wvY9{xX+6oBfR>)eqY>t(Cm>MlvQH zA+C0l{oiPq)d-Yk{N&Ycq9Vr_&#rd5KwTDlv8AAPI&Pp8ag&RNCFwX$jucU%9ODvh z#+lp$=;)9pj)BEtxM?1{w7g~p&12>$WnEj-lH{nj98dQ;H1Rxmc9Muuji=>RIsBvP zXOCeT$_wTF)HaD!d5)KDrF?u=uq9r3bRT&%kL; zE{ejAN2AgNvxA&YN`u*PrT7*4V!W_cLqPql2mBkt&ARMOg|Kj+u-kEb(s7~(9O3~t z3AVNgwqD($VA!JGpv~T(ZNC^Cz8LBl=9Cx~==*Of^WC=l1YgT)+Qou}RHX^}ta`qy zKz!Ft=}~nW?V3;rqA&6fSjtLedU*9F)zrKXK+CP5w&uV@3XWO(09X!ewU2b2jQ8BN z#{E>DZY%W5kGH%?QKq@mq~`tMr867Xpk`>H){*M!ojSK?Q1Ovk2AhRHMDFVr`EIMV zr%642PrN$Z8>hsN7A}X^yI)GKc0Al=c(ngx>wlmM&vf3)%3a#0B*$`MG!~J;x^Zte zD6w??E+mG2F%_pecZO=5f^}#=DGNQ>_XoRc*1Jhm)RTPazB;}ul0gmaE4v#7b3O$~ z4B+AF>gqA&^2B#L*;}z2A=gXvd z%%3=)Wp8D&FlJ>=7wYMDWN@2BSjg6Jf17*}NQ!>Z7xRvrTR_ zwI;2P*Q34SAGt1-!d~Vk7smGtYSE3AjG+hwOEGq$1rtrE^R)8WBy59LVi$;uaTdB4 zelVl>ifAq3ch2MLpK&=4)qLv5$&twDsPE=5z?=-PfgyufWO@CE%5o=y5&%-0c0gE- zX6gQMqP1baQMPYUO`_6dYsfsRPS?(f#L9)}!=>U29%nO4qXvoOyO^{qA|3!te#EiW zg5i%({>*bF)p&gMZWnZp*+8t(TgIN zfbQfZw|&G&h?Ojbf1J;c;R@OnD<{`n4>AIOQRcZRX4!U8_Aq~iEuYnd6&EptgP#>< zPkl!7qhn07juvX9)F4;6)%4!#cyT|TAa!8?Il>i0KL#?$J#QGi*7gaLDN0R zG-NiH$1O^lah#l-L|A(i2|KT@HuPPrKycGJJ8xFKS`Wn{UgsF)&ie)zQ@Y=KTbocF zL#@`vp9j%Im6h!+qa~infOJrCT&h1ilp56wzkXxAc}%0TCmaQ}`RC?sk{_4`j4(gx zJbo&7<+a5a{%vbm3hQhHZgLGc{^Xp#LQ4Cdbn%YxC{u&Xf2!+^ckqms`sMK_uZEfb z(AaMZ+#45PdA&{|f4Bb|>pw7^01y9mu*LY)!7SJ&W%8gA?k!c|cl=aEq@hnpz*d9= zU;0KG{Y&M40;0&KXmTWu4^0IAj>Rx|O43CnLI4 zeQOgN!Be3~Ojun83G}W2wj41u=xfwc05Zf{{TbLo-UzMmmy={d*MWQV4XTx5!gUan z`w(vK&^#vmpDqQ9?9#YCtBsjb$moW?3t>IiDF}A#ud#ao! zXva&vE?6CHLIJSnrcJEj+XSZCl(5y(H-nvd5C^%Wq^wl$?#QYrr#(_ zte!c?^A#=YM20@tD@+Kj8>R=X3?Y7S5-E?Xo5PtCVhK z3Q6HIO=3jZ+6vC#UL>huHlcv}?9Znkg)sTLm~}|b`nX$mL`du~&pt$rbLv3N+BfOF zE2_K05|NrLfXr9BgwpNO<-IJJ57k5ptFqy3X@Z6=8x3)D8Dg6A*yheo_?wOzMWyc5 zn4*#Ker%F{?g@1I59KRp zYl1Wv^6hEB{V;I*K}n41YtTae`ogD*J(zl~S&ggSF=js`r_^ltheNL<6-z?)_^kem2U6FK^7Ccu%a+Kzx^pJw_ zQ^U1FdedTFu{k_Tz)a{Ib;bRF^o3uTxLM3Ywg?>~;Et$L(D zedAAb=6q(66@4wAD#cu=@7R?AC(9|zDPKE%w3l71*GoUUoCL+#*HZVU^>NSDazjM; zmtN8jj?B*a*b0@?_^RhQX9_bRkw-DvoZPj1gypK`5~pUswlmJQNvWe?oivx4y0#CM zQBv)q6?mlr;CgN=buB<*sErT(V0GX^2{UY|H*iE$beaR~0-i52fg9KR=5*%1f-UBs zW;-pQ<=XZd;aVvkPVV2Vocn~PSv@s^UT5}oB5w<89C^f!&0~Z0y4movr=>KcYYsnl zo(8?;0gaKmV%=3NnKYsf`~n?~5UCAr&oW)#=|Nr$NKcmT`Xo5TBxS2Obz9rDi=z8K zS#DCh@sXWJw^jA0S1Lgv3t-kHHUFR@+dAj29_(+$FxLY}TRAXW=s~(e{WX9>Nu zKk-qBeGaOJ2y)rPzD&l(}_C$ z>u9d=b+5A@aDryjKdj&=>w(?^j=}2Lavs4VRAKr#*ehAUvlLod2waP(1-0LuJ&T*l;HiKX zc7v^yYStUY$7C^+X(WoKMoDV-W!_Y!Lr2oD0ZV9XA`n%Z8-<6;yi+jy>qx?DK+c5p zUmf~#%XarphH^2?W(#P`V`!iKZu}Z>VC`}V)=Twy0%M^S_z+fT<@nfvDORUUG{06)=l7c z{u^hbA~x#J@%rf+Q@j~=oChCXE>PrTTUHc#5Sv6FXEJg6q@wk9kjfq#2N7XB5-v(L z$?BRN3h!t1(i?tQnP!OFQ@@y^`S{9)jlvTAk8sVg{r2j<@R^Y?Z< zwbgESAtp!nw08o1adlsz)VI4?NlLF8j5s^zc#allEuSb((S<_B$bsZ8A3Z-k;?pURB_EUAf1**Rprg%l!lc z%{XL=?ka36t2K&~@d8A9Nl&F5~LbBv#_b-k}|^c-HaKQ$ygb+zabV7f~$vrZ;+$=LzAv{Q8yB-8&48tGOf|{WTCcL z)sF??G0ZSNF@v662sfVn)ahjNMLpeb$BMWFGQsU=Z>Dv@f!YqsL9!$aWU0mJ<+58m zA=4yGb~J3p6@hP3qhMVXxXA)qnFuN>w;A-PI=$gj38+XodWg@tLjgiTiAM#J)6HmXH=Ct^c3bo4r#5$s&j8iz^;b?m z`TljV+6M?n*V<>v8B&SQe72$hB5T!^`P2uI)HLM+#%)fAQQ70)O~A{r{S=cDJNNW< zcq+oQdy?K~?%-o%V^G=J zcHNoR?PIZ1;|eDZlJ+*D0Hq1g@*_K_%?f*UgRrgawPozQg8tMAY$)I6WxME?%tsMnd%3|}+kNC{ zOdXNYLKjz+<7-^N!*yxzLTjeK8=L8EZQI3RS36VLPHEh}oS|N;gL`@!=Sxrwa)xx6 z@@U6!F|gN87rn&`2x9`cP;9d}_=C}JoQUnZ4-=yJUczk=rIbOE}H(p6Zv(Tg-&MT8vmt{KNvNRKS zT<=m9C54zNU3(gYVe7h48h-+)2s?0#-4ulb9MD688NZk405yBZCnT!%wRafT$u5-z zh>ym0T5y6w{W5*;Y!dA)b~Ai#`3}dm6p80VxzOH)VBOW7a)*1 z9{50_Km}fGP5dHA_nTE6NqAO4nninx1a|Q>(5uyt@fMqBpvuOy^>Xc>O)!I!G`G$+vQv5|A1f4{TuK^5!IsQd zwfe_&;cfFd$kc?3r73hKI?xdsm?xo;?KHO#rH)i{dZJuwSbk=)V2yU16vx4d0N;yS zxE~O7uu9DUQp5TLjkw>Es+QlHpQ5p>!So4;QoNaCGX3+^wQrneHpuC&fPjF!V!%cz zg#?QYBxV8RnU(<+`M%}8|%aeGpYb!{V#E{7Od$m99IMKLu zze;KY>(|Ogd@Ae@_W~rObbbaI4zekv( zRAJL88Ic)X9M?bw7`IIgty3D?Y+kfpTVH+4hg9YQz(gLQ*ZJ%_UR4io0)RN4r>`?_ zyTPFyuhTgv?BBG9$4m-Y3rat#-Z_=aG;_c~_*2out@dF)lg)_kW>Yyyg&04*B}^|k+Dqj5gvq-a`Ms<2zYWFo zYGV1Z)a{WYrHqFe_cLBVqXjqUtRygm9w!1@MwE%f+LCJbRyy=cIKQ!favX2*eq#)u zsqUT6^&h+j@Wvt4%eEJLd~Lg_9}KiV6R)#P<0;QC4}FK?c%w8?v8+y2&i`CSU3-iF z5`GPMbPf3SIwMV6#5m=MBbm@NRFc|(f3R5tD%a%VJvjJNL_2frtNS&e?XMYzwFZ-Y z+;Ov%)NK6&lTx#K(O0wu4&0b#)W>3lF}+`UPNFjj*rd!JTSsPpqAFA4^j()aCHs&s z+RM^g>NxgX(d45u(L3*6bh8zMW^Ew5yb6_mH%QbNvNt=_!wyaFzZfkHT25!Dn%(W$ z1ro27jpc$oxed%iyu>P+jHhkuB1*M3{pp8QCsi^1PxTM8(>IrMDkmwqa@VoxwMy-? z`*OTV*UQ(*g>VJbE%MuYZ6w?xuI#7c%a?0jOH1+3lIfxfdY$9wUD zx4)dkCn(oeSN1G?KWr`fif;jaF|!e!wPxi2bIx%t_kYrO)q7S^Wy0eBq~Yr97Snqk zO4`tZzXjY}&El$K`VgW;7zdwP#x@33y8Gk48F+bAj%C?v+vNczg>A4&R3X}pUhlcX z*=~IL*tX+@f~fLvJ)L7!y#uLJ{2|ofK(xvStkD716qcVILmtI141-kKR@L=7oZD3S zIm6Oi!}DCeXda(MfC4ismlx(3n&Ak0$YZ+KP|hnucrkwo2|cgX%T)@_P&$VRgYO-o zD;$uUVVT|d^=1pUPE~yLMB5+Ap>30&?QNf;;S0sp~O4&;@PI~%2#OpJz z)_n*gw9dYBuIE}2|My2v;*4)>2jv}Eq zK91mfdQ3rOaxvsQ^2nQk(=Xk~i8nDNNvf1nVb=X_sSphJ3dL`~V%p{2p^@p@+|h$1 z0^6OWe*WGM%A#<}E(b=c?~U5`?yq|L_|i*rf*hRMThD5A9M>($LZnU|*7R)8oaPjM~jtR^(Y_=D9Gybxx1hjj`nKpfuO7mxe zORSeF3!ZKNeehXoweh!=>$UCt{0uWKQ}E(#i$T%D7Hz226J_QT4XFB?^FhfkPmTMq zAn8xRIGIgcFlq%VBCVhRxhmYOXQG5*P64N2fAO5@o$}8sY#Ojb>;7?N7&_b%!reYh zqVaYTzkNzTW79Yt*a;L0S2BrCd4x&GpJQc0Mnj81Za~b<>?kl?a&!z?@u2nD!UiRN zFe#ZFBJQ2!BQE7ir)s9g`AlA3%l(R+xUa(4``gou-8N3IL&t3C;wd)FxdV!S`H+`?GN-(Jr(w_d@4BlQnd9Wdo?_$oi4iL^)3!ZgZM_F5EkscI&AS`%=bpkz7NMR$ooX ztmp?V%H?XxdmreCb`8wmMlmjJVaeJ^^$n9>1CrCd>p2X{`UOp`o#?dm&x8Si%lh*j6w0oT-~Cj4|f%741rNaSVZPqX*D)-59zhbICz#J|p@^*vY0 zpHZ0Oj1MvoaKcub=9?`N#@%1T`Alb9uQaUU!XB|i}pBEZjcnHX?zM;tWDMFx*|>+BQ<+y zg7X_oX%1SBa1^PPlUsd`QD`S`D8VpL<2Kj2$(Dta=SJ>#?<8TSHLh zCyCiRj`SWHDkYpN>bp+vry)Y|(cANr%!nUL%HgcX|O{0Tt8h+&=Tth{RgTtkufgLPtHHwR@Vu5&w2cjvIb zNTu@|F51VKnJcId@N*Zf_U4UgRSKXgF`vfNg$oFrTwMQEaRL~fHC)l0i*!tLp@4nq zpFlcRSM@H!3B1wcaJ&o$gW;4I5J0aeLkBJaoU4coaMhpDxc-}ca95VseU}6T)!TSM$i@b*OIJwymKCqVt z2|qYFCY3RkQ;YI>m9*M2%j*`@7YU<(O!C<~@eCQ(`^Twy&)jR`Je8NfdOHiQqMCi9 z2J<4n>6;k!+FUVtnhRyyS(F{@ORl`KiL3q2C((*%YZSOjEvjTAC|9}7puUZs)EOZu zPeBE=d`vTm>hBz4SHCs!_`~}CZoE&P+GNwnw6D0E-6}LIYC<8p8i^-v@IY!E6Q<4o zbQ9{AGO2dz9`7ABLAuTR*2Z?0U9=n1$KGnEO?k#{B0Fcls@#K$8CuvG=xnymh22&J zO>b1f$&uU@FfLocZ4^VLmyMM2%}~-h#$`j!bNC$-XT5xBNahIwe-G~5)ZZs51l<;F8*}* z+gl2SN3Dk8=G8lcrm_ZKqf8{N3XO$Tvre zFbwSF&YYb))k-$OOl76`gxv7fwDXiJVVh>)PfewFiT=SbJ^Wp!gTTM8MD}Z|IQi6J zI9U}`yjhk?^$lshIoxvA*I0WL?fQ{UG9|X1i>HuJ2%}UmV#}0`+diaPLDbLnYk#+< zL4Li?1UCjs)%V+6pjz~DL_+RRyuv$YXRinUOA#Tcp96oJdMQ3WJHPYScRZozzM)Nj z^V(70ORr-8wlKoA&U7gAS5ISgfA1P#^|#$Dg0CvyN&g(b1cv2xg+`54Ll{MSNjCjr z&+ySQY!=J(KSvkO!7p3*^3N3@*r;e_R9yhLd6Rx5%H0Rw2P)` zS>x&1K7>CQ1k_B?=ALxHTgIkd44ysDDY>57AD6x+pjPE z?cy6m2_d@l9k^#q6%9_NGRFpD755!=w3>^)(Ji423a>SYY4q}}X1Ud{KH zcvD12x6$uqD;1^XaRR7la9@Vv*HsIqeo;)&tC+bQJQW~RXML-Dcf%il?27*DlMhu) zKUoox#pO2M=xe|@kL^-@C)IFA9#cM_PF`F$(X#Y}pA;MyG&L7=4S*1`AY2!!yPGv| zKd_ritOKjKMXGzIzjqClcioc5f%Y`T-)z_zW*K7nL72FV?Javiax|d=)=+Qb5(i-z ziIr-G^q8HFd<&oY>_v`@hG%>Ex(1TIY*wV6qxvl2OU$ZJ^cp3UCQ%9Ht8B$j3pMd+rWzv?yTWIGZ6pI8Z6I}qHC@8e6aAnkxy8!)8H>UPj&CY z|6-tIIul0?{fnt??30oworQH}(fZ&c?ad1^Dn)}BI$uWnd|PH%O8dpJ3eVR*?(O?u zhZrm0T$HAN-=Oq<{`lQf{ZGNV;~}3C{(lvK%(v>!B)*%oN53}M;d!68Zu~h4)GB~Y zB(x?}-RR3awPYNfkV}kvM_2%R9cbT5COj8Kd^mnGVGh_C*rgLOIGD}oF&L;JMD{?g z0YoLDcFf2RKwJS}rX6uDafpBLyM^Ee>%O2_PW~E#M`YhVT`IL#_nDYk^w4ovSNN0a zM(N5V1}avwlkUfd=Ptyyx)gGx38am^Kx+Bzz>CTzSPhEa>X>_cjvsZPkV_W_pQ-{| zqXJ!SB8^Nw6tJN3p`^HPKP7?d!W$l6+o=}Yi6ZC}&+PqCwa`hAy(s1Ul|ZFens{eQ zC39{te+6!dhy9?yBnhbk6LciKqB@;&SZbu@U5Wn5Hm^*=869Zh&8W$CoO}hqNxMXI z5u_1tDvELQ?6aN5mza&nYEy!F!WSRs2$PuGV|98tSz)|83@lvG7OU08u)OljG1MUik2`z*=@Xms*QDg z2NT_feM3}jILg(I_mHp}twsCvVyl$J-bQfd2 zsM*0dCC8Z`BlcoW+;X{F$BYvwNAf!Ap_Jgu0A=|!*djUHMZNntAlgKa2nT>zoTazv z&8h-mD$h5p=$ES;}1^A6zSL*kg9#$zYB)Sft?HrdvpUF)zKxyP|LBKlRJjQ z08Vv)r2ziQ#KFJyACaHs@+cdXRD*+eIh_7$YD>=*y((U+%*0wz|6fZhSi3{2WS|% z#nu^S>I#FcP_o$d;$FOXacikSsZhWC<(zY$Gv~fD&)m85+;`sn?fiE4E4$y#WOlQg?|xQ+VFhla z$!dJv;O#gA^7Tg+;JL5{Ay$cR+Yp5`DeppQRUV*D_~nYSP}m~koHHi-^K$*_%o9jUGU6>*aQARfR5cpb_8 z?%$#<_JO*|C-H+8Egw?pYsYE#wL%B|4X0Wne0CJ4itIOqGP zC`X&GNth$UPaexu0Na%3pAH#NnYl4M%dGJA1apEYa)mJm%6`O|a;~nNQHcBEDahdp z`{iOOV~oR5deSC0Ls?0{QSirZ5F%2i|1V1Kc|p>(3-Hro`ePN|t^X$ZR{ya?($+T=e6JpSrdKyCqR%#K|JgC$4$QzgnE7(0-f8!5nrZN6_U&;krFlJE0bRK=J zjwVbv?#ZCt995de2g?npopFqxJ*J;zEt4kHKA}x zvt;tuMpoIsRw}OW0$Y$2kY()zB5I0u%hQekAh`*zUej?r0Y=U|rz(SdFHJ9W0NmMRIj1Z^c zG>y`fhubf-6o>dl4x>5XYDiH5n}OK;k4PF6uq@NHz5BNI(AFkA>S8nob)rA)ET_{N72g! z@Gf@ftHD{eLn|3k{^L(-2O4sd;)gd@GwBS0Rl7tidNaS-b>Jqmn9YAqF3-%+=1~4v z9Zk4U)e2zSM^9IEG;39s)d|y*&)xqzKO`@+EvAaq>69Ubh7n1*_LEh2jm{Tbm-*)XarRa9?1lgDi(Y(yU#@%Vm(o(m z8Hy^%;bUdy%kEdkHwu{Z#Xo!ZvJk0I!${B%>Nu+gm@X$J8Y^xSNfBMcVhX{ry>+F_ zOJC)28FC2*zm%%s=q0`@(dYVFE}_DLmIlZwtVTe%nvV0SdLKKO^-uI^B5wwmII6SW z&PoG-f@f1TON=_@H_>7Atiw1~ztWx__psy=n`_bK)Hi7WZi#{BvcJ?z5v`d-XEUD6 z`-mqdt0I@6h!b^^mdR>-eRdd&7yyCc66@8l012`tMk)j*B9rMv6MAG-h|fo{AaHgU-F_e9Mfz#W1)m?1Q_Px~X2%2Kq%-mqT7 zs4DOo@%wxZPF9Iwi!({#Xuh zPmJ}m`Qgok%dJu5O|`H)9N*7iY2vO4JPdX?b3SSc*@wS`mFS8bYkUEolR_#m(6kHGj|fUmc-J#Hk1*jy>Ro(tn+{OqlmwXZ>;Q*hW~SiVt|2CZgOFsc4F z5v{wppjbGFGNA1?WbqOKGJ6niO!s0Wd$7nig6%G$$*ekngOCl%pb6P2BWJ){T+%ZL zD-RH!5OGN7rw4LPqwT!kjeXC5d4};w@4U+xkr{(B_0GD|yR8WWJpWpwwD$~fvn%(R zUYAXEys99giGI1Tcrpcx56mp4le4MU$nDp1qO<&Jy3HZ1d4g{S)XQdFjQ4mZV6md?Hgt2VL&95(qCEm9ZDFZ+*4rL z3tJbDV4z`Ey?a*;(jRqD<{6Z^J5Ni8vcN+(Hpq~-jWCo03nPh&H*Qy6fpiKNx_!x3 zpvkf-;);&GZ6ge?Y2*sr4SLlX^lJVhn!y$Z6Iu^*X0jP}s=PxP^km`Yo@>2t1D2N2 zBI6*->~Vgm)l+-9}Hn80MslHgA)e$aC_p*ifV}ah7;LHSUPT zMzzP=N5=r@BAsPohzJ<7a|&x65gD$_jmrS?l?d=#kwRFlaX_*AstD0(Ovzj22-c(AkLOg-Jtu|@W1w0BGL>d0+*!-WBF8YX@-TFiM*tFZ$>SsRin2hFNd>9~ zO$o$e^LgZyE1WJu*m(4SCjRXkH=HY|u;XE@jS{q|g+ig19uis1`kCm{@A{JejvN4y zr4NELI8%9UXMbTh7Y8AYQtSZ*ka$hPP}q61HxUo;)fc-N$dT$Duh8*qMXC<01hQt2 zbob_#)C7RcHr=ogBzCHa-$9ykCwD}`3}vC`5XB(dmXhA2))}VTL}$?qxsTrU%!hn2 z-oH9Cfh{}0J5f)0CS1g~F33%F2$}L2Pa*U$u`A+bp!^KO1|__3IAe_Qq-ea28&BvZ zTt*R|Q+cdKV~vA$a(6a_zbpKMu8q}0EQ>ZP#^ZwjYQFGn6fvcG#YE#x`n<0vXtrtH z)+djoF#v(Hviglmrila7_-sO>XuISBW2f7+$U~3mAJkDPNKvu32E`7l0t!utl8v5H z;q>Lb3Urb&-)4xdO|s%I6jL*uNZfc2SW7UBDe4dwATEl zI^0yc85@YVS{MNW>9>Rc-GaCb8v}R*juX%nr@4=@;K7(*LZp6K=AjC%3#BCa!)*|Hl{I6 z2a|0tHBOEd&o^vZ>vP0h&Q(yiLF#ZakicSGip0Py{oYP2rcVByV`#Fr90Dm)NvEQm z&=xNs(w@YX(F8yUV#v&r&vIl^1mv59B?l_F)(`7OMvj{sRX9l-uA=8MBK9M04` z@<1QMX*+3!a$QtOo){WNW8=JIUstrrIMQ#!a3TJXc4iS%Q#bn?AZj$8V>9S5ys@72 zfFeuvp2AyPULWaWAUsVzheJ~~5>LUfMmduM|>w|JbH%jbkLE4T(v>Vm z%D^=w5Z?Gq(~6fTyUFx7K*wl2HnlZR?l?9Q#D5A6)YUY^8~4J@el67lHgrR}=o4(d z&>S4Y8ZaeoMafz{zDE9YYqI7M_w}Bw=j=*fGkBdd;pZGtwvkG(D28?;ZzE%fQ_fS^ z6BGriABcakv1m3KE6WqC0A+NbuMx@a?f|6N0r+2>zuut{%w>3WyEDF2$JactX>_ZG z0!FVu`E+qCrDm{%phuJ&JfYyJf5a+_;~_(P1i_G{s!pYmerSS&63~Z_sEr0>}<#S$?wV}vbsc7bZ0fSXnNDcC(yfL-u~=!sOtvY znd7L@Rg{cXGou+ic5l^V4mUw)T1rBu;oN%WNKPD;;hJ8WA#o0A7Rdth^n^(BmX^oQ z$J#mx7{h|jHRVcZeW0qc^t8PhC-xgKJsZLUWWu-)D_lAAFOb1_3Y38eN~&yU?iuJM z_vjK3Gu*-gKqO++j$~Fx^GY}?3|KY@uQ3E`7=8P*EUmKU?k>+C)v<4KRo*mmJnglw#g;7uu5fn5GWw@1iuyE&%r zjf*kVhOM9JpSUV3^+D?K>bylhw*Xj=F^{4EO=^`wsWfL+6$?M|g&JvG>6(1R``~#30JpGHO&nN6rH@z2Tj&DJQ)PTf#g}^U-r9E%DwhpET+@5V@s5@7*Ws z2d_Fa$U7{q5HymY$k0By(K#uCy#o}g9URyHp0dM*+!*z*qMF?aDFj3*7YM{Nh4!V1X zmQmS|jUBLugdY*n7jP!P7ea+9Z@!R7+7RTqSeLmyh8}!o1~rJYu%+Z z%#1>pgNZUTtl%QhG@Yho3PH^m5lf`Kr@6F$scXd6nW8Y#DO8M@Snkp_%VxFahmYqM>5g_dC+VDgt?oqrB`F)?OZ1k7~JH%$Fa+f5!MYK+fGs~{l)2(t-% zWSufJ`G(=4hH;&4XxuB|G-dRsR$UmQ5%$qosB`wyjyT2kWZqSkD#D&fY;Si)tit#{ zgFx*hRMejafYffnV&Kfs5wRJVF5UjPPY4I4@x9(QzT6P0pNONhMKJ%OPhf^7ak_fr zX~)8i8z47t!>yZ0mqGelvh6$^m8I%R7fj`>m-;)ASCPysO2q0S?Y#mf>r;_#WBl5i>AjqD3g_9MqS_&hf zci`Hu{LJu~%{}gZJkky>GcmX1oJetH3@u? z{XnNmEY9*5cDPl&gH65_c?vHLwd#s7A+js-v z3>-V}5O^=P=m%AMdQHm&K4S`({3bMJI1b7dj&mN;?rc7TUcfuRByIF+O6&5PGZEAU zP!b)k2k@f=?w@0+ikaytDQZ)@!Td7cPC)0T^RM03B~J`dRn`|QZ zy|i;qBPN4bJ&2{HVV?qHrp$ng5i8$FuPY#oo-no6Q8Cc%d?_8lLcN61l@f*d1nzZHBp^Kr{jBw9vrNoGbUZ0)kmxR&$*yv*=%OK?J&8fz2U|k2YI0v z1S%{ZgPy8S{S8>14H0c9kulVH1Wz+IG?b z4d5-iCz4Iv`O`+19F zRqfSS&TNv(MjHpUL;>Ii7;c48Z&+T%KFF6-6+J}11Kez{e%Xzj;F}6wv`WZoiHH;9 zre}GS$04+s2sAZWNr5R)oCjRh3LNe|r2^2(Fno!vEGV`I;^DPajIutxx;~p-IhZDY zwynS%=yqpIGK-*d+Uc~mn0nhI36pXrq=Nt#%K7z{`xIDio2{@w?Hv!&-32{+$cW;h~zx;JvJZ5+*j%MiL5 z+Can8p)|wLhM?lX4@1je?u_5yr#Yc^)n_jQWbyJD@O@Hy=iQmRC(7&p7o;tqX7dPpk&k?y9V$1 z4Op8EITz|8#|)QMdUk~?S}*^!=tkBj@4{;` zkx+d2L$2_4)bnSXp)Y%BpW|hD@siKfKM| zm$HB4y+MKy#MQc2fK;(N1cfc^H0_^ifAjtp2Vrh;_xrc6xQ}bf>H^>YsrK(RVX%}z zKeSi;+YS3QEQnmk|7-+y+5L^m(ASrEQ{z=N{MVXcg~f~js+vS;?P(o6K#Y8acDjv< zFH1vDf`*;YupbJ853f9BGK^}t+bgwq-t#3xS}-&$Spu>;{ZTF5zS#HDQA%fez6Esv zG{gj{f&LK(X;r_CBlwv@usk4emc|ip1?*D%(hm)Bw>=kV3x2iKRKdGQ^E%y5z%UV{ z7YG_xZoyz;9SF@x@<~h5XNsd`ybu+1UwXz0!d&>b^!*F` z9z&9dPw%kZ%|8VTmVWS_8Dv4ppUgO43#D$5l%r8B&t5fCRW7H&F-d_2-s|HspkSW5 zkDo{#&K30L*FaW$gw&A`cjnx-`-ob|Lt08ez&WU7`Z~VMzih$1=f?JmuOT4q`Efd!RM@(ON zMas7y{go0ZRHE_{`;n`=u^^g9yws6Ww}i#{?RVDLoTCNNqp8d4|CUoAD)W<@H0=j>k7Un4gr@-5?_*zo$c|8CCmzFA zLNA=ModE?0uy(H+oUcAw;Nvpp-ZQ9A^H9W5q}y&V98sP^et>QO)c|*i7rF)iM+xie zF6O3RUt+?o1FZm4z5W|1ck62aZuZI3q-NSB9J@nNkUFTlWBb_~+N0tNw=5d{O%B12 zPQCaBjwVgnhugh{uA&z%ws@xXvt16N_l~NC1kw+Sk>NtiXa_cv$;k1{MMgN$;x&66Z3CnyE^mt|{m_Sm9wlj?Mt(Em6N@cxg^FzV zioE3}Y9RZ_Pp%>XFa%a-O-N>n50seunIz=loGp~;tnbqjah2=)t5q*1W_2ZLc%94e zRkuS+#*vY^)?X9(s;BBcswotoqghxcGmwm*CNw8@x<3Ws$j1N`W}X}rPsOa*7aS`` zR*%>oJvK?Mq;GZDD<6XOi%(#)@D~cEr?|q_!+s_IjWdYLfe&nfZvsv>k#x(9Y9y&f z!gO=*r!c}d0Q52X$R-M+(PW>!+v=CZ1l)Wf*Ab5>gvnsB_{2Efc2BzhsdH8q0DyXc z#E%w#==*p+I0LYF;NE`y!r5kDo00V^ZZ_8?zf)vp7gmE0KMIFE>UM3_8}0TGwOtRRWM4+a2`jqMUm zGZGGu7sNk}JqdpQkIZtM4xj{_A~~iKJju~IBzFAIOy6_4YKdoOpuPY0{Q7sozsku? z06rp|v4;lNjaqwl{mc44qt~#)F|Eo;BCeHI`mWl)H2!PuG}rGxH27a-{_mw<{6vBd z+>{2_8-pR@`FMsI%R!9O6DlW@DwOVg#8@1tTV^&!#SAEe?f!%KX9Q99BFsQyCt83~ zGLmSB$TEPK(*YPRsGM|XOMgtzRWe9bKZw=t5S(4T*&eas0vRPS8-t z1?d7pXmC8e3g9G!+drB+;?HOvMo9G`0>?OTlVZ)2f6D*Kg8g ztFU4uGy8Ax_1SU0J{Db{CmFkMK3`QWp1jn$^dB?ldxAUN#H22BuL*ATsYS2d&<=Wb z`-Glh>)M5}gezi-2Tl8BeZ@Cv{}hID2pJS}oLP!%#+(6hPjCLys}%{&vzxZGXk2*EyXHuMB`2xUrz$f&}ypG#M^%4uW!t2%#i#AiOnh67(2eF`LAB3uzzQ#o9iRa|vbzRwZ4 zri|rKzQh^v(*-aQ`_ZT?YTZv)@NCp-oB}dB7>|k3jK1IkuGV{S} z;Io|3kNwv%*cf5$pk`Q?W0RF1#@H{D(Wfg6P|IbcLTl*Dx`PWnIzo9TwHPRTe696e zLA7Zr)ab!-$WZjP+6K#jm0yz|qtSYoxbEmayF}5>Mw`_B*f{e2`&`S~hLz~0U+LSF zV%xL#Sl(=W?juagEqG6I{`^q;!1D3s?`qROT=f&2`s-=+mqfQ_U&hIy+64JQMN;Byr9}LUXWdQg{#LtUrb^CwOPQE?G!-bL# z;WsE)59qn%CdVSnY8xaz+^_)<5@Ey`!@~bc3j{S9-Z)2CqPL zQd>W)3Dwpa{J5J3K$m0a8QY~-sm z5K6D=Lf5^m3gR7H`g)ns(z5c`g)zYY)>fkjQjgG?M^*k>>JZDubQQl&bxLiiH_|>L zNNhuB)V9YcQeX0xOQESr43ls9Bo}{ngJjK)(v1lizMR-Tej2TU6R1OCg0U<)^->BC zIT?jC^?%{e=hkk3&wy?QoG&32hE_{yzclVXf624VtEK4p#jIk;TDHlua#nap=h@Hq z$;Wr0n|JB<&n|PB0YDw;x9D1?ShazK(uuhPT2e2u0$0TaOA6CS(XlWqd?GNYMQ;_9 zaEIIs*09)je-|ft4~fE7#h|Abetj8;oQyphJ(SfgHwV$`atwTn0l%zXks39i+vxEt zbM;D6SN#om34*}Sc9>)SYXU={6|0gQAs0)eo#> zSfb{}hx`lhAu8dK5*dxGel0cv`!3=MwKcHX#eN`2Kjh1ERQLyiSNAV@+9wf|Hn+hB zjvDQ0%d@BFNuybIJyj;A_F7TkdB}s$8#C8b%8F(WxMXb=LJ!eEE(x;i6hSgP=x=h*zCdgD#+C65xA zGW17^zz~eQ&|{l#k^9IGuqiaA6ss&w`T8ebbh+cI0Q-fBU`n5aGjya?%6PyKz1Weg zcBVD5p_jiHUbOu@xWieD?ri$)zd_x{+;I?3ty_5agN)a7xk12FUMiy~?x9m7wm-_+ zY2xlY*^VZ^0h#66scbhSbE^3zetD*zF=sb1lnjZ{$BMzbqjyg@q`Zz2f3d|=F$$TK zs{iMNA+kkXw<=j#;BM=Y6So1i<{J$ysEdfy*2y|h-Bb?9_GXQ%FeoiTL|%v*(dHm= zNlNV9TOrzah1#+o`7d#5q`mh)$ka)+TU7c^rt^w^mq^Q@5ctOu=f9Ig*sa{-92l+! zcb$D-DpSjvDUujS`ht{c)&3<1JxsEeciuj~(bN+MZj$ufd(FbJ4B#~_B>1N*KwI@? z@B7A77HqwzA6C(%0t-htp4@G^^oI32>_*T3bjDdBsX_9O9>sRuH8ll-NiVMDdpR(6 zCtLe?FCNDm1rD=OMbMlLtZ1J|426eACzXj7`w^qeyj)G!&I*bL(>@g_{^R!J@XvIo zvtLpd1&+b=;2+?&*OxWwc=QO?mUI)+sqQjGjClU3Ls%KdD3&Evv_U>L$CshTn0TKk z%jv;+OXj&HeIT{on)laI2#z{%{T#Jq@bO}ngx}KU6@@|XerCCsc-t29SS%M4p55Du z{fB+5Nv4-#`@OdHlZ-C+9j(kJM$lW{1Wgs2jfO;4)^jD-rp1YHcIJ@szEsYRx6LMa z5dyf_)#ro7)FVWW+f(tGx}UvEj?lw25toPOTw}t8SiHNcSON6vCO+LuizF2#Z!?xj zklX0cr=XqQTIKiC4T=Z7)Q5hlTr-Q%lN>crBpebIxh zkfTBeKPvhB>G5E;`M2q$yhF}s%@87Eby-@b4)z;?%3AyE(yie1!8%y-iUn7ER8S}$ zz|*PC$GMA43_~L!O+?Pz+x5o&rs}lXlXE}3m zFN^nx$$9x+8HRukcIflmUXKC=+R6NVn}ACIDn3w5`{1B*OAQE~R6!2i{*m?cY&LSs zyBnN(^KpH__qN9C-HX~FlwC6%r;3y|(29j8UA1HG~U2@LKX;ZDr0k zCXc96z&BedSG~aMTFWAHVI@2CI;NS`RE@ZjM?}_ltf5X2sXkp|Rs@Kpsi9HhIWNPa ze`cZZFizt&ro{qY#YrqJqGoR*=Dj9Vw+bhWl%m|!iI-h3-S%8KQM&W+3d_X^a;N2^ zJDxuTzHp9f#KTQf>+?nGC2vxp8p z>&=UUZsAmVH?HNay7&?qr|_EEiS{`2<_B}|ES8&3a4iC}olrOV)t(i@ zSA32^>X3OTD&fxgvlY7HE9L(4Wz_umWS2!M^c`ePDYo+hO_U?;@+Cd&VKP#n`Rj1$ z-jLE-!#Y~`QvBj_TB0^YBo(AF724*`JDpTivX$0N-DLHEi)yh48#QZ`vlGcHdEaTn z{OXZjq)dQdxDOn_bg{SSA>ZSUnu?i_UOWq>hC4N*eqQRELz}{FoA?s{npy1~C1PpT zWB&sqv{MqUn_! z8_q8CA`r>Z%?>QHcb)MQPGyP^@8+=#{j@?^rKhS1@%iNWp4N`TW|o}rKK8L}t3;5b zqE(TKjgK$jN{lL>&y5)ut)r&=~HpC*7i%Y4_d5Z@Ew`p z>ns3e?Tg+wM7<3M%bJ~x$;OY;5JNfd^kR}vK@4~tnG6VbIiBp2sdv9m^f&{ zL|C$YdbilLTWJ>g(gg*83%AWK7kPQVgm|cfratrQxW+Vc$KL1>o5qNDqbhOy7ns7|bdmZ|HDm}%&K1qo6iSGb!$ zwR(718vtlZkij|E(9#SXHUe3qP3^7(=}FBquy&iUhK1UWDJ>%iT)H*sGcZxgPqy>{ zdW3wVR6eqb5$PnPBii{5G_g_Sv{!^w@l^vd&h|da@8_>U($0_EGVXfW;3c{FYWf~f zTzP7tjLrB3_)1`B+t3JFsHRPVzS@=_b!zgmSi@Q?CsO@jth@7oSMGUCZxKzerhTT8 zQXjjs+`AsitT!56x>rgcXueiu?+M@$WkU+gSzpeaICA*Fp(``uMf>t?b?47A{;_Lr zAt~^8tN;a7gi6MpbGKk{8YXMpvlPPK=ft^8u{Gb-tYjb_uV27$JApB|2Q)SBKgWLd zf5C>Z91x|%ITH7b-6KT>`CKN9_qlVKpRSM!?mPGA%4;l%Gu_+DZneS&L$Ylhl=uN{ za}Q}dC&lOMZwSDdmF6<-kj#e=p;uwK3mmp-Q%0E$-XvpY-iIb)X4;OJ>+YclSX=YE^&zkEJJn_hJF)ui$Fno1jGDFrey zia{@ilrQ3IO+>v_6|IML*ES()Bp1RLaX&T^n_KWDH9g#fD`RENBh1QeMxp1WZt}$S z_&%dK!BzM{VeS5$JZn$mP|8jBiDZ>$9^hVm4u&x5&N1*)5ug6vP&V02v$aBR*x7=e zl{`5J1Y0yIwn3Rn|I6a6h`UE$#N09RR*0($t zG+p_q1Uzm-H=!&(8$8Y8Qo`KO;o|Cjz3PJ`3vXvJ@SC?W%Pt>ZFMo(x`R*((o7#tD zIpP?(T+xWT^?6aAcNCMHU#lQ1Y-Hp$^D2VO=VD?PPF*6VS9vZ>4JP?(NpKn0CE}I| zBU_|cHVcwYGG;Ufb{}!4#A5iidSbL+@)8TbYZhMPB|S3CORKa-J)5PZf?`T`pHLW` zb(Z7L0eb34Q#1MC>;`Vv9W1a3if54{D+{!N+NlP?_qbc6JsIw>pCMNh{YPJiu42*p zKYcAKDub`5Fz!15q0JiufC(;IDg3V&##v05*%()BvedMX&t>#{92Wo1jM0_kU=uZ7 zo!D-D6_#MZMla`nlmJb%^=u(AGwV`u6dRy@N&TKIj9KfJZnisd~O***GF1((V zk05k7RYjD>NQO4>3&dnGSnKzN@*f&<+-~kg*&A5!Xf=v|oHO&BkmJl%l5}L_HI88u zgbyW>0uA&qMkOG;vLn+gJDO3Z*OIyi6C1o3+ zM%J$dSR1LT+wKaDYNu+kG9`$oXFpVT$H7Hzi6_PdQi64rumbD~Qgje(rB8Huq)kJu$RHqQ&M!1!uxU@wV7Yh?&J=?mwIc3tmimf=u-#~)mnZR+{+ z-cpsq@e{f?if?YxIsoLN2Shiz&ga39=Rf$>$cr~8n0o~l)r^-k)#H{6LNSGzGhP;z zJH35`npk}r&J>x`Ad&1){k)L_yP>{kC%}6x5x-abcP~K$KN;uro#ahQ^ z5ow8;qOG-#%cJ;_B^EOdcBNsndlxua#wS{)0!a}msCjttPzH6#^hqk2$-~qHn_9_k(iRz&3{LTMjA13SvDDS@SVwC#L>XtJ4dg^H%c2jioxfKVxd{7*-9)oL9 z>r~|cv?b|ks1p+MINzswU%JYJEZ7&xxfyqDho`6oZz7uRntmmO0pgCtl(CcM=p}SB zYnZ&BoY)7;3b`1dEH#lP7J=FnO2Kixq}PJKH2)ki$nTN$RU~wSXqO_Y-XM>YPF&Ee zp#2f!K_3M#v`D7pV+T(6R|0@t-0Y+JBk^vzSa1OSRr*gy=Ylz1Y!)pYv#(v|TNh)+ zMYeO>pamvn32Z2uB_Z-fdEOjNnWD$t9Z%Avh@E&oX>qRcG4Mdfd2Ira^AN@mw zo)0$#SJb$a95vv;g(U(<;S#3%2maVb;Ol2PjLp6Tt=7Ua8sFE+4KMYml%XnWe%o~z zXlbfK(H3;8Ol8kBO05W$#ZTC>TBy?e=KO~xE>oxdq&^TOxSdal<$nERCIj%4B=3ys zPgRiB4DoGs(G3eM1-AM|{(Tt>akE%@6_lR)goLn@)d^ zCmfqODEXxmbZ@uvCq8uPHw@r2(!bdR?z5ni=`jc_J=?P>i86mBK48-G385P*aZ&St zHyNIt5vsb7UeYyd)?ruL8g-DDXF=f~xL;;xYvTB@Czi;Q&Hs2!RkDN)FGLlN71X`E zpZmwQ3Vo&A9ODzyp+|4~D4VioC8>Ow0kOSp+uy z1~8H1Mq(tuN}FYUFDehp=VO|NwhEhw4?VXG}ezC;p=ck+#8mZezP5d(Lug1TX~p{ikyH2gyJfnlE~q57Ou_j<;%dt7Xi zd(sv%7s*;}ch=_p0oHy4PAbpR+I!#ou0i;0_(YV8>+hq-mpkUZzCsm$J953 zV!GkFoI+{0 zC)DjgWm+aj#=WT$AXnp`JJcUKSBza6R59L^jL$)CJA^Co@M>W&ma$b`ugrf()x_3zK=)(N9PIWz#*)SlKzHKXXKs~N_9bhD z8mppQ3c0YHK?3zO;Yk54F;E5=P1GuloXgs8{p&W-$E)m?W`Q`@&rAPE5i zCiLD#2wmwQBy>0~* z@7{UupZD*ZIWuR^oVEAtnX~uWYkhmI^|?03mcE1)EB(dm0WL}^7P|+Gx-De0h7*B4 zuJJy@L&su3SDabuWRxtEFn(ioGLKl_63aA-H1^^kN%C7u?g_F9=HzII@`U73xN;>b zIQyYiX-3)iHMs4(zK{0Jk@H>%&AQnJi_q5!w6l^k6dV2DYGwIJ&(!c>Cqqzgm!_j@ zsReGgT%_(u@xj#Y&5j?px=|{34egTnZtLkA-zO@;ng%@P(Ix0XTYKf+X8AcSPM@#-`QM(ZAeiGw5 z8+Vh@*8Ij_aj&pLvqTpVqXA+Gy}`Xwm^Wz1()K6usJtvh$=0Y-scTeJOnI}qAc6jh zp+jTeDrn+qFf#h#dU80dMvhAbFKsf#f#z__-U=Gq;jcw8sJ?1Q#DS+c1gs|*PW z$$O<8W{{?E1KI8bDWk^4x($x)UaF^1v3yM&fR8)_T-8{ZkLrGvnlDR z^{q1vIZeV8FryE}K2I$&k15#5^qR+(cTi1R0r&(hrY+@&RUxvyk#^yV-&kuGbCw^P z$HIU_#%1K_D{_QIxtjNLQ+Z@&EoN%cp#{rnPIpF-*Kek>h1RpIBPwoeTcBkx@l67k zwcNyp)1}JgGd|@Pzhq3LU%(+@4&)4-^?E6rDLuh67j1>z-o8A$p$orXjYC4 z^Mj9!tI0>x)tXIngsDMZs-g@$)qM8bs~w*A8C9TS7o-PVzn%Vd9uNz88@0mKK2dX! zo>$so46Lj$l>%enw#r^xq$1Jw-j-fTexAiTb9)vWX zp3iGhU&^rQdI8I{ptNBQQr`y4n>cErLg)YmMb^rklXYp=p*URAr*|6}?V6PxcV(6J z$!k-ElY+b+tc%0yaXxF0vNOx;##O09&$_$o8z!Qo?>70dYQsO@Xw7~r=O581(gEJq z@>$~+R2Q%MvT)PyUOGF*f1t@M(nYl81)oCW}o{5 zBBA7ut;gI{DWJS`b7ddg^k|0BshPjw8O#8UotUKp3s zO|Dk~@py`94_v7(k%(+Df1X@X54vl%OjL8sZsr3Fpd4p7XYx5qld&pL^_w$yDkriq zKTJQowjhYNZ5kab04HiNaa$(`wFqb_qRUlRa}M}39zQwE3AT5nmdo~cuG$tFvH zmQa`fRIIH}f`FNuM((UbfH6NBlsvAX|ALt$_ta;Xj7&2%=a~uzY^FK$RZ;LBwK;kQ z*a!DPc2BKavZ|h&)|cxkIGs)2Zf1&oQMnC5^_rl|E)iKO8XHzBLK5%jx^;T_clp_z z9~6fo>8&qArfe(1vOnu>z^Li#9QP%y#yX-r&dEukl34K%)sCE)?X$l#S1H0;*}u_s zNt=*|lnE>NQrX)a<&jEfHWReLNru<_&r~n#E3>aQG+`WbUcp zO1bb%kD&7MVqYP4F2#|9JwfE!DKoY)g>V<)fHy@!UW!@*fHXGF>le5JOG4i0On?JJ zIzmoEMa}BCHYrMR#-Y^(v1s4CRpyq2sD{Q4<O!O0%&Q-Ziwi$&D!VnTjVHI0 zLfz$G5^_yYQ?Vl-^J#Tro30LBXRN&xY^MR|P`2Zf#L!}^q4tC$x{Klo!6^mhtrO^u z{M(gG8K41i3o>pBiAxWRH2LnL(M1&7WQlW`3i=WNPP35$CV^08q~$qIF^Yg#LC~1t zJp6=>Nd$U-B=AXU8x-{CQ!I~JrQ|s{>C`#Y?B?0lIgtr0r11V@?ik+6PhIy?y$n*T z&CV`y$kyYr7R@BHv^JYlN{MKRE~F1jysVw~m;unLrHapLj0E~*6 z>Cq_i5|0?8q^#H==C&Q?%)OLdPy>PZRGbqWjmKbxPlSZ0oV_Vwr;B$hNS&5{+59qP z-1oK4e1Ht2LadJ8q^tq;W#YoPz%6BZc*A+nG_@EMrMc{r@!(+mGTQuW_rV3b=y5U7 zpVn9W@a?8*=blac1i&knCd?^oXL{#(yBxfjh*DnZ@?ijJstyMF{Z?a%uQx& z-8w_d^+HUg?z?`w^}UZb$3yGNC52i`d$|Ekxyn1A+4CJ#8W3La>|}I(>;f{cnad0j zRTH=JN^~9cjj?Q&&J(f5#;Fi^UiaX)iXV6zee3Jr_j=3Px`(E&;D!C>-ABSdBz`;b zN0z5f*zAeX@v?C>w|@c{f1CI^wmm-qNx$7nVd;gRfNt6}VYc6V*|Og{Q1joUOm*?- z(wCk+7%sT6`o41qjIXubI-q5bO+#^(sO}HiSd_;Do$wWxqdkSVqx@HK@8)&9xBrnJ zL9;wMnWrV9;Zr&GVY1{w5JcK@_1_|U|L!XYf=_L4eftUEq9ug!o1T55qQ|0>_^$DP zkNi(JO{i$g{LI#g+>4n&)ogDU|0KS6hJ1&A&!?!)yh?FKaE+JdJ?}1$&k9MlG+kws zFK$#ZUlCJd+_W?l`%XYDI!hJD`hAXUAO_gFW*S2LuqAR!&_NH3ZeRc5HqRwRo=|Db z#0|bVO^qCPt5eXQ0DJOEoG$g=&Ya?+2x0Xj{0BvX!&*zH9$L#N1eiWM-uqDj2WPw5v~2tQHy9WM0~kT3s&vZGQGHfb8M{Hk(0 zc(e#J>3n{Ne3iK^7nm2NV+V$C2wt(e6Ems&&Ig}jMP)^TScR!dueAE%mi4+GZzVXP`}hPPGU;l~NyntB-%N!xJ5sz9v=XA4z--u>!97 z)UNsF)b%5#IIi!YU3qp#*;Z@QIi=js9#rwn5e!8{*%zKIwpd0=NgF`wLue2!XAh5%yLEDK^>8 zc?fjfl&wHnSZ|G9nWO(oPEKnLz3F>9^=oMJOlCYQ^&@vraXcsEEhYe?ONZO#YdE)Q zel9;|L3RiNMA_5ezZ|?6TK?VwGJ~l0BLn55W)C-op9=3BKKZ>CmfD(~9ms=5{K`pM z55v-T{JbA2I4{rkJ(JO8f4|1g%Ib{*+_!$Z= zP#=Zw#~llUkNdMe)ZlONe4(&<>-O=6=|d_5g}fE+#0-=6ehKIr|5t+^YnP9C6xVnx z%>7Ci-z(za@2z`&iPZUd-Gu-Yc!39`v3~AZ(xLaxUu7;&~iNKm|-|-dM~} zKt{}JAzK2CnIh*`E`^&Rjg4R`X7$nk@d^K0R{j-OoolBrdBGZlGR2TB>Jk^Z*_w15RTieU|SOpat%#j=rp6jdM3~2Uxe1E_1tG{9=$| z26tB7J#=!S#FsWp5jU5__=GWE?eFi z}Iy6cjF~uGUZ^IfbH|PT! zJnuN2W(>g$5m8}Y41y5gP$b$exY&BWVEkY`ejwd~mn#|15XV&h0L(E&y5?*5MJU#k zMxh902uP?fS6Z^#wWt?}5hi{kj!ZuBjnomcFU)8rpGIXxn`G`UR4a|`quxy_-xvrY zN7%u0@0&}Tt3On4kbc_fik?VV=z?>W?4fYxj~*;0D7x328(OD<5&a+D4`QFRzaBo$ zmB&FjEdg6`H$1d3;+KwYkk-EgZ!-7LVFr%m}i`x&2lz0@)4i( zvk5lX3L#uvRhU#V3|c!~=(1ZgA(w3%>yh7m^ybdcIe5cMl-KDNRrKX8tUZ2+ZgYoZ z#9oK3gRwKEb-+&94=MSx;PJRzbjL^^pMC&{1;4p>ir04I!5isLr3(vj)V6lEqW61` zsWcd-H7b@Kc7=Dd)etiI?EER-{=pX|xls|CGebNE<8ZqQf}OBJafl#Cr6^)e*z5Z3 z?+HBmuEQkJWb{J}z|G@BL?FHo^0nviY(k-z1ae#S!h2iz_)27Gr~K-Jj#gwUYm(d( z(dE?WZe>TG)Jrc%EZc1_`7Crb*pe9q_2#1*Qm|623^}*X6pQEz!2!+$rhOsBa$s|D zg7)`-D=($IvMS;wpN}Is2Kg9f>masEp$EfBH&*{2eRvm)5Hr$Ri8p-U3ikrkg2#u{N`FrM E2O-$IzyJUM diff --git a/web/webfiles/img/hydra_target.jpg b/web/webfiles/img/hydra_target.jpg deleted file mode 100644 index 72c4bb3703d705f1ef949c51fd369448aa54d698..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24547 zcmeFZ1za4tGaCdiiNkVY<;7)LN4TK0D++Bi%U?B+sLI?zS z6Oz5p-bda&=iPhmeee5y)itZCR{eX`s;bph)78~|y>Pt_0Ljb9$pC;r004+M0N2X^ zDF6l<8af&(20A)ACME_J4iPR6HZ~3!0UGx*q9?{!(hEhW z2kH+WFyAtNyxbu7ZoSy(??4usW%4@gJTI5YeQx=FI|iGmmba~Dt-lO;j5F4}9QxJa zIa_Msp#J|UX}{cW+J382r>nCOV|Ay&y@;&U^F7I>T&9y2X-uCo_j~mwD|RiRv@Y3{ zr!!N*MpZ4^AK)A_nb?M;CsXgncR0MNyzv4dzuKPnezVHsII$P)WoG0Vj%qqB&CD;F zvL^3H-{uHa{pK(9$p^>EkwY3yp<(3Fv<1t_xrF#DB7fs(Kj&b2#`MjY;R9>SD56kx zFkG7E55Z)8v6v?B`L<{pSgUBlJUYiao56(+nh-6?j8Xhg1hf(p$1TTPCWehQje&u< zGDoJURr_AHDT?xpMKQ9Zd`w;<%wd9MGvyYw4Nukj%4cZq>8~81i-sr zxZ|*G{<7W5zzPVkI5jge=VLzSDr!nGt7|3FrYJ&lMTkLa{VHW$|6vn645W&sbt@Gh zxA>iy>(Y|~&_yOa{-O_Bd;Q#)TtUu)gC%!MskH-c0zw8bM*S|8$5`k;@|xD;!2sac ziQxy|5uJIqD#v^XTI;}gL|2*AES?SDoP~n%jEDC{K0*|L)kj#wex#d+Gj@cQ2jdSB zuJz&QzY_8T|C`exVUr)~E7dI*DD3^g6M7SqTbCJq{w~!i1qA@WvnY#F3O=#=4bFPN zI^xHH^GyELBUpI#^I^xobIva;)=^hE|5Aw458_o^GncSxhud2CgHvW|p`g0>R}BrQ ztMAl4IM@e&U6Gk@JE90ghylvohr4`uSW~ilBNJoqqy1|xv!@j#;(utBr?jj@g|=r( zlnmXR+=X0tH_Ow9fd@)_x_r zr2Kf|=1jnR!<=?n*d{B9dG>OUO8lXkks_jd{$#5^fq$YqK7Z5-Jh3{g>$;#J;}m_V z{?T`~UC`kzyT!OJ$%9IsboJS#pQo}O*RVXjl?67-3K4S2&TbPB|C3pS$`Q$d>0pTj zuwMcFpHjc);WYe)*zv)_`j${vuv6C-=iQI-InTD%X24$HIdAqfYZ^Ivj3fP{`()Ki zz2=B3s!>l`!Gqaw;bhKc{;mqWso{s${CnvCdoS?eD%CeqXUgf@$Y(#X0L$iKMK*8d zuv&RDholU{ecPDFc46`QiFQdjdSk@~${8*P(=m4(P+MO{Hm2&fr$Rc^v0MH=iQ{j7 z7+gel{MiIC1F?YsKolSf5&#wTx0whr1ECOr35kfIyr>WwPH`@79zIoC5FKJ#!az(` zKvbl@n%cgo&n=`|Q+F*a-Rmg!LU2Quxi08Dui!9R^iWsb2 z7YA=wYjaFHNwXR_cNfQ0)Jn3R^5zEVdlBY~}#^ z$b-TAMpj1P7B9Hde3}CDcY5I{d-^j2EsDcZt``={4Q0BMCjz&s?dEvjlY7Mp_vczD zx8VJk9TEQ?sl5}s0YQ5yz=e&nqjH5&?G6Q9PK)GJPXzB`hWkCc`-NS z|7w^u^%ZFK;j?3}?f0Ye*>wWO&d;Cp#ybC=XflWIe|-KsB0h6>>3HCL`39KvkUa0P z!`YDki;QHSkx$j^nNN+JwG)+iTg$Gxj_&y=D2L@dz9>l-R(7Whn@uZDBy(E!er1(2 zS^my4=e1My{$rZ?XHL@}Y$4_^cB&)P4mcq1bttJ_)N&~7FcVPEfxBg=la3`5Mj}0fGOA#C>KOZ=b&(OWR zcYFSG%4I;Rx%prS4ykDm8YyR2I1Z=juDQ=|32Gd5o?mP;1g6M5F7_v+$gSeD(YB@kWnTX)){|$2Levy=Bxp`OS`FD;v;osCA5!lI zj6S6;sOWEXtI2V&Az%CtBNnuYQOEkHLr-1}3%8FK*kkiBQzlz3-_hD>H}x7Vlj7D7 zMoG0f;FVoYtxn#=iMMZ*qYH4^q@Ex9re{699e1uYQol!akKSkKV`5X)JC#Vk!FwiI z^R1d+u5`F=(~{3pDAkY|HN4b!krA%avant@Am>_r#MxpjN7<6>&Xjbg{WJdiH3ImK z#+)}SHt|c6%mEL^dph&p7=e}KFW+h&S*e&DTgElM&dRL#hd%n*_tO`RWp&>g2NsIn z6(BCI2zESu%4Q*3_lduk40U%F*uH74EIaQ+Atho@M{jL8f(M!gAV_2X%s{&?v}4_uJ^sKgb0@0?g`!`z(kQr|O9 zS!I7zJ4jrE-bL$=%+qWwYsYDL%r!ud`t0-?;8>pX`1^}X|7f0-Uw}k#VIM_a3whbw z<;%*2G{uBL?3bE`3r|k%TVH;tbF4trB_=78`G?P{dvntWBUyF^{I^E#WSDTiH1qBL z7Iuui{dbaYh{5;;Y;6ihH_9$N{pIeg-vfkFCA{r4?8Tg_*?_b;m4j0A6w-szif68mC@cl|1|W%vv#e+pl0EjIe2yD!VZqis9(D&)fiJ-oG>^1D@%4Fq#((oZnye56IyOP~4UU~I2= zw6MdPbT-;Y>x?D`&6`Tod>;D_t6eA<+sN-XR?rJ+>96Sh$w>Qtno`5hjulCl>3wP) z7RB*64^zkuFN>cd7Cf*OKjU6~-z@e1rbaTL3HI2k+=N_+GA|@IV$s3r9d8AWV?%X} zHIao?+-?(Wl9)2j`exX;e+{6zhjoXIYnWGcxPy|rj~dGx*D_%;zUuuj5qHaTxjD@D zLOmJZZr2aC=+!w=hnQ$Se>c-SFN_Tyb*ru6nY2hx=zqz~e97#W{i7Mb^TJeyeANa| zKm2Igfg{n!wEtNGou69YW~+WrCp?JPC{>;CKN8tE2zZyLcBF)zWM}221Fx+TjepV; zaPA0Ow0_(9zEv$rCHp*UVBkRLnXmjZPhxyxZ1q!r3#*-fmbnpa;A+@sQYFK~!sFPQEu zW2a}XEF#ldWmp#`E2}I^yCJPvy={Y6o|?6?F=&F7B(3++p}@i;f*!tV_F&9EwMjY% z)k%vmKJueTVr^JWVuAwqiwszTG#WAgbbKgSJDArBrfC16Xv5yQ|DQkDs<~q`M|C6p z?;t}y=2Lvm8f1K=`pKT^gVc-i`z?5<1#f0VmLmSUSaj0wgd58AQXyEuL`mUmdaPbPs4OUAuI?aPc-?u?G4tHvQ+;PYv?l_Q;P|>lF(GaU(s0jUklm#Y0=*@!yl}JoV-T)Eus+oBd zG)_*@x-~#J#odFtBvsYTiKH|<3lBe|(pfZZ{<;}KyN6`wNFq4lq$%yi;z^^RY+9j` z6+vrls=i(Dv73mdn}?e$2qrpmFG8b9S^?{Jr{N9{UhF$zpqbPH#$*VVL^#L2d zb9c9Or>^2^Sor9IuHphVCIYqCfe3(RJl-S}2r!Q+8-sIq4+6~Kh#HDO{fi>87(0Xa zmrxn-W+&b6KEY_-%H(5iHYBJ!fq}09rNQiI#xaFkrL6J2ojFe6S4yF z*ufWU^oR2Jhhj=Za2@g-%H-#g4dk0^Smy1tQ%m$euuL^q8I|a3r#duO$xqdIr`qXj z)lSv0%C{_OmDp)_{6lE&x5Y0kM7nO}-HsLfiM7oEqW3EFET|JLU*WTmA@gJVB{!e7z?=4ZNd9Jl_ z4Y=bDb*ihsNd4>RHtewwZg19!|MQ5Wrrq{7-a4C?I+hNpT6?PBa?0ClYb^yP)jiJx z$u&Z{LiHJ>&QogmG)2@rc{nktM>f9R*}9jSCq1TdrtI&QQm(WnHbVhitVU~eVxd@I z*mW-9ctQOvMxGcybi2{g?!EN)NoV3>ThF0KhKs(k;ANhB+pZVsM^Z%QqR$BN9GLw` z&@|fJJBRLbNaYMdUuvrl4qhhELLNYSu1L?>aLU}@g`_we);Gotr;(_&yLS%>aOmpE zyc@=5T4^`4qDW_BD{_Aq_Wv-%q6dl=sX{hFn?&t~z3V?C6j1!BT>FgGm-r>t8mde1 z(=LPcnnR^Rr$^Gcm49KV-JaHU()trBDla&6hkO{w_mhho|*Y%gUqy}L5Gz+|?aL@WF?Fq-p4}wc^%d4+ zR#A#n3(<2DSt4Q%G~7m4d=`5pm-}93FQLqKw$kN=amM;z_Sfp;Znvz3> z``fcI}rMz=ry;vtLM5GCQho&Ji-jCEmssitFIXJ5k3Fwa zaKHNeiq<6MNa`bvAC?_-FGJ&z4HvCmHFUvLIl~K+B*-?VsR-GIoGBWw}RT(Pk$FfvuzU^b>qqS=Bg zvM0sXU+0!MJ}5ge+JN>>qkNc*-iy78oPQ^pa1m)Dbs92ky-rt)>dG2qh_$YR)JEJH z#$;Y3B9DmNa7lzo+4<+RekN`pxDF_R3Ds3U@RE+iWJ_8>y2Ss1mx}lvTIcU1&y90WD&-)?|1wPGn(MBvQH< zur&MWtg6Q*`Z@oD|5t)?qZwuR-5FviLl{5bRHK5ta4aQq?~AgtWtMHu_YZRYbY)82May3kuK_fA zf_5(aI|E-9G-52|*4{}Xd0yF7J8OVq#!>jiy>tt@A_%jy4foae(<`q5#4O(`-7ksY zTu_fB2P1hSj}t{R_U)Y4Al}_C-|0B^@6g@e$6umy;z6-hrm04qeHKHnurn|@24l0! z)>V=~N3t*3w9Z8XMM;d{X1Jzn`GQ?NvNrcU$XSw78AV!#Xd^yn=BjHx97vJE22^$z zw#4}sMkxv^d|8hPm2D>Ep0H=`B#?0P@?pHuU3Kt@MFp<<<@DxLrs(bqE7?hypNC&X z9s$GyRuLo5c?}pYkPMHa{S3WDWW~=ukQ6E=#Am zGvXM=VY~h!X%xw(s=+D_)Dx0D$78RC_R!%C6{o=+&C~YAvv}H8YrBaN^m%Z9$}-FN zs1$Bk-bhP$z3jlD+V)b;y2K^mV&NK)aK&-U>sAuJ7y2jURos&9Zt1+>D9py}&?quFCc zOZ9ccTE@`%b4}|;_xv7%sH@snFMnN|7i}q~T_}A4eNSA+?&dukx(!v^wqlU~B9FXE zwo20pK#Mks3|W&pW=gy_=J>$L=3Uh_V4g!`Rb;mg_X!K1$B1?Oyx++$GhLmb3t8z; z$Hv5xj!WQaQrV=rKk#V*R+NPUh)1#?`2Cwm-UC0P)G!ItTPqSX{xiSoveJ{h zFr-pwc!4S{`n;7^Umtk`+d6jRrP53LQO!KunfC7fX1f{?O)tl-EL10ToJXVNGLiL6 z;gvK~E<@s1*8o3?%N&zM%b5-Ho;!55O;1~-&fLhMnDuQ2X9PJ`Vtu3hDE{v5MKGW0 zQoBMz0PH29EINpDUQIW04I4R|L;OFKlTu>E*a zJ%S{Py>KsTRH%lJP{&H#f9+S9NB%h6!%wSE^q8Z+^J8+yMsiP|5kz~cc8v+b+b#2Q zzNswzHZl^f);>U!P~jqgob<&DRbgI9oKsuxD2{jU={tYobyG zv?M%$m5d^QSC2&Kz}lE!D_}*S--&LjL(v#RZgvY>JgIFpg?=x$ zA`byGbRKG3O?B&F`R`_9w+A2wR;=K&3`wtCblH!E{h?N9DMD?!4s~7V$KioPbhs?F zYzyOD-!_@lugHx|=;l1aUVmrZoByt*p99HE#^)WgM-e30A>SSV8pvc`MN9HZQ9NNU zfUlP9l}LaT$IooY406?NgKpDi*iP}5(Zb!-$i_ka{b?SfDK;$ngg9&GnN?$lI=Sn0 zB3;J!gP(swefS3J_&M>;1J?g0cGxQH$J~5DB&#Ppa@7Z(Q*OGq&H2j+$IO0?=Kdeq z1l{!e8*2C(y~m$6Abl^0cTtVFv#OqQ95`p0HLt6`bIVKKxMHjXvTTh3t6y~NEqxm5bc3bZL6 zB#qQkd0O+9YBoYTVRQHdgM|cv+Fq20*7t4~k&MkHn1M9;w*ETRqL5GFzDyCb8qZ8n zvBLzpO$Fx5N%;cdXII<52GfskpU2Mgr1$U@Q_#DAk_^jC2tkJ9B_#+;}xuCc2 z2Xv8@Ob6%4XJjVBP;0HoInU2epkIgF(`a+QD0;wg8yRhLt^uD$g+5&I4~)@fvul^f znK`+UZ;v-VF5DRx7(=34oYlNk^S2TZOwKWo8OGl&lTY+OHdI(yD=Fu-CAf(EHIwc9 zbsq%$HrQWwF((?}GbS%lG92$d7A3{G1_X|(Itui9mP&atOz}zu@p!4H!qp?^#s;&s zPM29dD}wO{VX20z#h03pc^z71<@>(i&1Q}Ey`zGqXl|IqlP)b9pY`FCfVPy+) zhs*TGf?xkwJa%DceunB2VsuP7@nj7`e#henY9#^dGGX?GSfwD zb~VUp6IGZV$w30#BPsVasb$jj!xaU1HeQw~)VzRqFJsJn z>Cv$Z;B*>7ZYDp#6 zUAijOmx17vJlS8%xN7JdiyO(o30#IUT4WXXJ{@49BzXZOt{Sh3rl52 zM$=vb<8i{htSz+>=LV7^2Rpnu;{X<`(cP|-W{?hjQ`rq_AFu>oO16w%13v5qD5>k! z28+QMnuT#$Xi8>nn1RVb%(jMWoduVCa&mQ{fC)+xw!8TaW*<;v@NL<2A4!<^EMb$} zp3tp74epC*{y)gnYoHlF#!94o%k=mY*)X`)EjQvqg^t1FF_G@%dV@KOa^!I~tC;+W z(*LzyuJ`VjVcAjhUS${I^Vf`sClD-%ClJU;C}@A#mJ0-cX}At0)XYA+B^ESvO@e|D zPaRY@em!IW-lIu+qa}Vua~S)57zK+@QG6>%UYvbkT5SZv&QH&=2<@g|TREt4!5(CLFSs4NJ zeRD(Eq%=awmou_ZKq@|;#c-pv?8((KP6%xH#NeMon9sc~=%@-wK3a&~NtY<(jHttT zTof$0bP87P>|ir2p3ESKD@=JAX}|yU4m2w^x=Pb~vxT{AiBEUCa+a#CM&9l;PFtw5 zMb?>BJ_TG|zU{BJ1A|W@Jr{*NXV0j>ief3TeG7~(s6&`faw6Ls!bM^Yl0KJXDYw=%~GUfWxC zr{;T{k%SkOM{Jmok2+$*zpBB-8{2{sLFW$6!_x~)E9CE^4=lQioG9JG>xLBc{wnt= z&1WsSZ>qCdfi-uqrVd}`c6rFol>s7|?H!Ht z6YlJPCbSPESg}A}`CIyU(!Ypg8XnyMtHeMvWz6p+5`cj(2~c;nOd<(Mv=u@S?zTr^ z7$KKLVpd3KffkYOfqh6g8mn5fqQo3=BsidO-DA-Q-5esgm`#*}e1)EF5mCHxEP^Us zB+~U<@>LB&aB}$! zZ7dY}5yCPIF45Fu7I2jh5==BsEwl#NEn|jJI7!*iEC&>VoGm6fE+-R!0Vxc z4qB;)1^UN@oJh=Q^^?X*pp$ZEog=GA6JQAG?qIvJika*d95V@)&+Y2Q_ZDeHlS)AX zt;>tRU`+t7cs)U=i6#lC-^@s!g&82mIQr!bN|ba=2{?>~Z(9&5$s=*~OOc~xnFdDP zC*>kvKPyjlRTgp$8sM-j-?Y)Ii~_o$qoIi~&_%l7u)S?!-PSxCAR-6(LRuBudV|M= zQPA3=@Lul+ihVhsWA+53Gu-M{jDqnSwu>TB++yBJ47A9=VMGJ7+$Xm~lj0*QUXLm! zvp}b^XyoSL00vDl56z>4P~gRciT^77QGJc*x3(^(Nv-OZd3j7ON{a^rbKGEpbzjC~(hh!#ntsI}xDsJ(V)8IJR zQ&qSol|rm7fF zw;klFa~9)xR=SCf8u^fbSdYATXl{i7~IsSmx5Lhgoe&PeyLy`aLXv5 zJz-Vod*;rQhkx;zq@{gToL%EPj^mr}>$dC_wpW0JVvcLJUrQyB!_m1Cl^=!>a7*y; zVxeaMYSl|3oJpp{XGxebK@31b6vj$&QLM)e+hu4Vw8ThWCi6-<2C~?Qu5i-be0t&h zVp+6GaT&!cwYO-y5hSHtOvaJebjW1*OX35R{D}c6G~Kj3i55~#n`DU~`wg{_;#1~< zo_v%EB*$U=OOL_i#1J?zAEr0$g@P(RKYH=#3HmQJKXU*DduzoeH>$bPs@=3IgV9ie zGeq5Fb0IWiugbO5Lu3eizcGl;xNZ$dlbSc_(j^Yc=C{3BKU5CN?HAW94M{=;6oZC& zqB6E&fr<}6eqy9Vz<4P-WrI(r36sFc(Wz~iS$m?mBRn6L*yW8w3M^~pWH5u+Mm?}I z3kGBy4#2(df~3$saSo`-A2YpSJL`&C&3oFu?(aQv#qsPK;DL;d+!SV!`cE8r6E&IN zjl8aQ$N(Yqb`P}E!~S`qA_-!rIl7nIbT6j%RStWVL7wk)g2z#e9tsU9FatkQTO+^F zriTVgbLjxjHx;B^6s9FpkNq-%G*dSO(un7nHWGNMQUIWpMFO}_yCq)(#*3~nMSg4M zZOkoY8#oHwm5X@n(maZylxt;da4Iaug6mEbKo*yjQfCs zURuT$z|A@N>fjn69Rr2zw?r}r6+FVv9&-r~jS!2w_*sDNCJIV2uy|HoV;{b*hGZ8D zHq-cg6~hnH1#$sQH=kN{u#wILDftVfx4X}035cy2-Vs6hR2*>?+}xXT`&L~cu*0is+N?Ged=#^qu8aeh;I2SQvMFDJqKw(AG>4Dud;P&~l&*L-{T%@d4S zqV14?kkVw!qs~N$?|0FA(cn0AL4If^84fr7)G{F)Nn|c@H`se)PsH^kx6Ma+xdAf}NfkcQ3@ANSR#0q&WO)J_Pr1f8%6mhXfsl#)(kzn9r`C;kCq#h|13!1lmU{SX?YAW{d6 zhO!~HFHTBpk1lvhtUo%h=bBz*_R7CpfTB;=k63Fp8 zx~g>JP91i9rH1D`hnTihAfc7;_JL#WGFlfU@W25B_`D!bneAjym{B|#o*>dDV8k9* zzTEAc{YE|a8gOr-ST7JXauyp+VFRD+q)N;-Jy1gDK%&8jFJCZc?#3@6Nr94a?UsO!UQMJK76;xnbdiRe^R?_Jqgf_+kK5_1$7A&H%uv6B!$?>qb_uX^c~CfuS3KMIuw zg;JA93k;AP0XgD4G21yMe9bLm2fDFbBo&#B5p|79x@1 z$eNx19Frxt0CEc~0aZc|W9}I>-3#K1un+)fEQplV-&ZmH_@ry~ZpgDo=$@x|dk0k0 z|JSf55+q^{&cDl14%n;WD_3?J1$F?vkq%H7u`7G8=>rQ|bN%au#FqY%gsL3AOFr*F6&SjPjSEpP+i- z;z!K!ul88c&2dE9LQ|g2Ad@3KL{$q6?(em8t$)JydQyk-8}o9fEv~8S<{JDcE$99M zbA|-8e8mxi<$)=8H&1K_+8`+u7a2297@|txR>0eAP|(wk{<;ciFGuPACEwH=KNI`T z1Q^^nmg3_ky&^8y7NOh`gaiZGbKO-9=_3t+0xz5^+M*33-6&HeTqBVT&O;6XCJpc$k9ony!t0RE>Zs`5Dq<2bxJH4A@F& z7`e89JmP+TN2(Z{uKuJCK(oJ_fLk5}K{oCJL!(6UnZqn!*b$`chavF-kX&h`Faf$4 z8W^PHJPh6TcpvV(hLKp2ikK82vbM1sz#m`FT;-QdG}Q<7Y8 z08rmptK{9kPWXY#1ap<;l$Lgnc?2d&wItDWP518MHBbS_15q7OWndC)Dur*Vd}{We zR{lEzPHl0cg@6eIpcZMc#2I2a@aDaI#LjB~094z0r+(^=VaGhjm*E%gpAeBdO-$$MJ9VxBhiH^; z5g;x!kOU&}=i>nAqV#9Z-%nkL>#RLm6TJqk1t8?wVL;*q5&Oae{7z8)5HI_zU430c z6nIKh7{k^$%$E0c?FRn+hpZoZ7+rjN`NRLjf4v60yartU(2x>=M)>rb6A-}P{F}?K zKg#(b{_C2H%5VH@fC}Rc2qFG==<&Gd=YGoL@mDwKrMIhyod*a|jfyBD=Xi)3A=^gm z;?p1Nb%DtE;a~k=p5U4UT#N_&G5_zyZ;C|hY8d}1{_9%6xbN|&Un&MXzqkh6|EbgR zrx!Q1`-6_ZEBg~Z4?FaMU^5yJgiAtP^)FlhK``)3 zL+B@1n);nAm;jl)dP)iNPjau;i#Y9^^Y1%?XX#bslX+fOL6m~7JMlLJ|4@VFcgL(2 z5cXpu{|_~8K5g-rFIWJy!4R!IJQI*NG`21O%^{Fi>K+I}e`K_A`Ih#V zV?=#J&F*_EfU)a-#MhtAwcgRg?56N-{(*1VoUhIUU)4qb^svpF(#0^T*PhQKpcl6u z1cd)=-ojoQjGHq5LKFjT9y%aiokm7Dl;1uE0t5qSxFpmL&AL8=+=4h03nn4r4S#s( z076aEv#m^J^_sPPnwB78UPyZlaGm@Tnq02uscd1JVTn71lFvj(!h+Y&VOdJLG#N-j zHcyNKDRo1>)s~hAGbSjNUYMhuB(TPis3rig2D>PPq)3b`-&)m}Cnn{`3{6_R;6qJ( z3grXrmYifkaNMyAZn?d9c2a#{K|USpo#Q+N2MJCWJZ>)AnZ7N86h#&aR*T zg#Zl>p9Q(YSs~yxdVE=sS7EO4yg;D^KIO*0cNshOVy!P}K`uWO8 zmrhnfIcH<->NX>hDT8;VS6rN5u!@lOH@~GY&Q1s?Z;0djt_HA3Fv94F`!HW(V?jEX zW8pCE4(ie7Dt#6GKUk$Iu|$?{R)ls@T~A9;$Wpfwy)ZHCl=5Jf-Lza(%&QaC67}^1 z{1sunIDr}~w`}8JPqh>(h@d_!(1|!~K#X(B7uR~yD1yR#wxx~2^~ikY!VR+b{7Z3n z=-uwPruuI*aq}oXUQqUa0V%PiF$0Av1^E@m0Y!C!Bx90Lx{=iPii&qtRNKhREeY@> zgrSnwubI&N)l2pw&&8qQN$`FS$b5`9)^I3_wK)xum9cQ37M=n>8FMvHFDI|#I+U&3 zFv=n#86JAU>0Q`Wz|mSh#`m>Ci?`AmvBFVy=vV&#=l=UzqdG8MYsPsxsp0<7s2l2X zFMnC3T~TdYQV($ut3XojJAWWXJOT6eLis0kv#*&7ovS%a7@^WoE-Q8yxV)s4tsG6b z{u{(CqFMfpP@)Oj`-Hevs4cH?+gWEFh$LQd~tNdBb_oI zr|wB>>D^iRrV2y_3wPrOMel-fo4Af%FjZF3U*xd>Acc&&5{FzyNHne1Vmc+nT9&Uo z-if0S!QNwtp|R$}_(xt3ofKA9r+@S<2LwmvnxS|0d18bwW_&YF(b7t~98U#+)Cj8~ zXQZ`3pk*Fv)~V>qMw9lV{QoYM%VV%!Y!(nH*7zZZiR2ovn>Ipq*Cqrt+GiW*u%YyE zm&k=g(W(z9F6%N|TrYMz)2hXT20{r_6i}sN+$L!xp$Z?wyKEjFlD{f3Wd#Yot}eiJ zaWc363KM|YmTLG}5hN-65X(R6@L%3s+LTIup>d7$* z1B*#D@X%n{aP!1jqLPn;Zjoxl7DRRnVUc9ma@mR1Aza0gn4k(%DV(@h`=Qyo_n{w2 z0Svoj(qGW_cn}iGKNAoGrB;Yg!W1d) zNg>|bu%+K=I`FFs^sWUiwV~UuQ~e=Yu^+8sPCBEp{pXBy1&;=6fa*77s&gx(UmrIaMv_7Q=Bp&9QiMMz%| zw{b*v>FZ|~S9eZ5MUs*0rsFc*;?lKDsNa1gyk=Fw9GfvXv?pLxEiDjBW<)m1nFb+d zz@U1bZ%Bz#9Fu)cn7qD_n4Mk848(v!OoL8oRZOScluTC z)e%&^f(a7tq51*HGo8`=YTaCO`=NC(+{LyDhhLjqc;OtGG!AAaAUrK2iz|m4$u2!j zmRa=V8;%)ZVoQ;tgfP@1INGwF3^d3YS%ml>2RHX5(MFnflj?IFWboVXIe`#K21&?4 zo=V2ZXfg+)5EjA-aS~7T`lC|i5(Q9)C)l@^zM-_!d6LmLuyzX2UId8Nwob`tI4+v_ z#E!5=N&twGxY$%}5`_u+oD$QNtSUgNbg#)!6U{qP6F{`Cqe4N>Z9*qAvqf~`X)hq( zN0FesIKY&|;$(p=jpsD3=`;;6?2>(3)xa64`s#9}SoNeGLN8EFSjct@%j^!BhT$Em!uSKB}kSq=O`WcTl2bX|TH~Cc$!g zKf7csIvK4}tktJ#{Q@go$7T<~>N}EfQ!`jz9~u)3TAai{6bjdO3j(lVpfE^qx7*)G zi)n)3631|~7lx@-ME530HXzYQRwJW8D43q=`Z#4t4crnp4Gs-;RzmS22Mj%{(uNIz z0K1WlElgln*L)zS5lJ5@UJQ3`_8keHM;g{|%RABAVX(2Z0+gz9#Pb74SN2D1E&pOh*k<=()T0D5mxH@laBNuE5Z#-` zL^cel6$n!x-G}=fGhaWR;-X$FIVZ`pl%r&zWriW0KGcv%ekYXVR$3$Xq<4@j3@*vh z1&NgJAA~Gf+%tbZ^~6qvw=7FzlzBVlSpH#&=)a2r(^X>%J8R*Ewecwi8x&ZJ4ZN;0as8a z9l83J4Uj2qR!(QUX?=fNM<`ffNrp%sySKH|+)-JxK9ZA`90sbi?umYMpR#xwhcLep z-yDP@yflad&03iXeyq#^(Mt{OnzKa5lQe6jP(eFS$hEnn?aATbtivZ^JaD`1Pu zAgz)ZwPf0b;pMZjQL98Rl?s<~RS2?m3}%dQLN$?DxM6`to)vr5ABi$7F?hIq%#%`w zbEBBCw5LhvM*YpM#F&T*RzWY(?(m2peX#Cg3$e4#v<^0{PLiNg+<5h#QM*Y*@Nn}FldjYIpA7;u7+-z+bs=nXe-J>oagFS; zOs1bCGr$-iMCLU5o~BIKpkB?6M&H_(dRi*ooS9)8Wm>u^`GM+1D&RJQJRzq6pHsp_ z>_=B;He)3oa(G}ORvHTDz)~t^h@J-yCdZz*eRH&4dQz2})j~!1Y*2=H*R2E&$xCBa zmwijbk`GVx+FrNQm)qNr?l!s4mkgoqP(3zmG)HzXTj6FZeY_fU?T{*o+5G*9f51S8 zVU=LEgs3im`+Q@s2W>T1ISgx`WkvDC4<+c-$6j?`UL2JKPKDu+O7Vf`Nw5>ngLiby zkSCZ9ZB^w2xoqZc?7)vpzj-<>M9?5VxBN4v1f#cNw3(l7L1MlP^DV^k1>U_z?C6V_ z<_p)saB7>nI^KLtww*<*^Oc{SSE~L^5{sp^vU0!W+kQBy+-D7@9RgB#b861es|C~d zKRjLSmTx+A5Jl!4m>E?TQk6O8ja%boq*@ zo-L_`G{%?xA?j}jHi~1@m!H*JHFTj@qY8clptuJ7;Suf4WFl~2rdx*G&xRU@Ve!cr z`MiXqLjllh?CiwVrobJ}x{YernO``N%|&ofEW zblFN7y|NPEfobcI!t|@h?+`CnMdid}nZoJ&Cic}|eiP4$To1Q~l0{y*JhAHf< zPcin{Z)<$dGuF@?a~bt96eVZv=ZXaBqPZ>l2`zfit$Sy(AlM{?HfZL(FQk;5@2IPq z3N7A=(ZCc2g_gS5jW$ic_n?@Grn0MqcQ8+s=_~J39l_L5bhC#7WRDQ<1qEb(XIgG) zb$#XXC`0z>QJ>4n2LIJwm1w?PxQt#5`L@&l#=8Dsf6xRvUP7~3<%BLat6(D>oy^H% zm)>Ut?@L>o4ZTQ+4nfN2Vk7B5>hCd3Z(%~B2Bd1%tA-|g zo+^&0H~)HzHR-ghJC-e+0qHz=UZ7TCsr`=q){Cm7)Bl-hCD5=NH6A}ej3eY7&3n%$*?)>K8zKBG7}TI)&>&Vk2ycsZ=gcZ+*xa zcLTQ;W~~q3;xp)*i@Z%5&JNoyr8hrTodxR?wI&2_0>rh}wmz;rQzNkDLQyM1d{hIz z2i0v%k^tLEWF|4vR7MN)$A%L|lA=lu%{XvX_cxJ`{Fem7+UnuG^}*&i=!il2kku=t zZvxOvtJddjD@RzgHpHrdFED5(1epNb9v)IG_K1ciQ36Z4R^16i zk2&9qq^X!}KO3lwqf}_+=VNlN!?{Oc){gP0N#jV+R+2~uvz3voYVz!mZUI?Tu;xwA zdlrd1n2}zkKA_rCNOVDH6LA#jx5&82c9Q)st~3hdy~y;zV>8%5)lT)SPLwyG9?%L; z*dBL`SDv83-f_>Tn`>bJ;2GIb8$VG1OWWO^U?P zB#err-$dsT>xzd*%NEJAcsqVY>qa9vA=<+aYD4PgMaj|pbW#XGYHSLGQQ0+$me>Kp zuyL$0DMk~SecEtR3500W-O$Y{7y4EfJTgmD1+#F)3mA3pzAFCPVv2Q!#2rb%q#iIU z$0n#=Xs(O5@5@*(Dpmt z6pCq<#uPL=7!Ad>b`5%pzy!=GCQ`vJK^t-B6zNYsxJ8_%kdaqXH>2D&!0JzZ8nAft zkLG`EUxSz6U|ca|Pj6!3U) zUwG1;)}PW(j>ekb_$aLQUEsD^=7d=eDvoN4ls5%$X$ZI~ly5xEXvy^IV+szNo*ns9 zav)>F8lLU{Lb`c&>|TCzR`V)X3qH>o9pr`r8uEDV=-cAXB*1%Q^I!D~I$C*i?9qkPgMQ?l>R~C44rEna&l>94Tl3$91Kqre|?+f1vS`4l$ug#P{&=RmW5l%sR+^2`HzUer&=--75z9{~1y&3LYMA=L60)5KCovFGvcC z3FdsU=~@TJyb~K$w`~7s`Fvi6OH)q0I&i7t+ygDU>dzr9SwvpGh{T@Ar{eNgEm+2x zZBtcq>CP?}3!|13JzH9)$>^QXO>qSdmhIpYGvZWc_jUyidTFz^v}U}Sc30}kzuc6~ zi+SFw2To2VR}H4nE};M(W!oun z#%4!-PCl8r^z6YoRv`kxVqR}%iX8g2(Z8|!m`t}@&7-0-{j()>S=)k*jUHXGU){^d zrRu`imKU%wuqi3bC1PjI$z*;_jt$o)YBp}VI9EyP5S#EqcI9Ld_sokkXS8m55!p65 zr{RHuk&FMUuFg*nPaVBANk9}dvWx%PmEo3n)#$j z#%ASPvez!*;+!}kR8+!KV_(@Uqm}I%+blL3ac#Kc9Wt3wOebQohN=daL<#F%)fItU z5&}!of=;jXsx7)P$@^xjdg{H!qBG7oYL^`d5xO~B!0YS{rdXy8;_1De63QM6LfSYE zElOu*yn1iOR<;WP4oNPOXIeEbN!?ILbKJQ{I%N5E-AV@rY zd-e65rukiyD{D@p|{rv?TYNt_Tge# zbTe?%J@ci9CZ>e{oc;Kt+gC-y4ZQo;O;mE}6jJd(ro@txa?B;I<*QRIStjrPWa0bp zR?t!9>kTg=nGRfCb$Y%_jlhdGWlwphvjRJp1ZG~6f3(BB>Y?oGmhyFi_XY#A-zdVz Vtl$4rE%%((ZPF_7%a{MZ2>=&MP67Y` diff --git a/web/webfiles/img/xhydra.png b/web/webfiles/img/xhydra.png deleted file mode 100644 index e52eaf3122f0f1834a9038d18d91afcc5c737818..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 217839 zcmX_n1yozX)^%`qDDD(@cMa}NDJ5uecXugHi&Na)-HR5AI}|H!#e;_Y^u6!>D=WFl zO)@j<%$zf4@3ZHNhMGJEDhVn80KiaG0BQjMuy1c+0mz7Nms{_Jr?(5dm6WO!0ML+# z_F{_g_L<6DK}!_?@TCU;g2MrTe?JL60suTX0e}+|06;hc03dY!-l-}2_64GuvOEv~ z{rAZ4Df{+z2gO<8gBt*VhWGCY1IYSL^mY@;T~SpQX$=+?mzX$aScB!QMSvnuO2>Qc zEXS*x+_L4h??Qy9D{phoPhCMF7!U%O!;#X!m#WS$JnDI;gHIsU@SE~oy}(&dFalF3 z?3^E3@z@5Y`vnO=}rZ>x(Y^&{gR*r}UGvZoSPA%!Z<`3P<;Tegg;|7k@LB@VPEN4S_zYixGaKSMiSs+R~ z!Nlnq0uqG(SQCJR{{0DOS2h+%1JnO2b6%X^@wcE9wJHY2A+(GP`f*wqFW4OP7<1sV zI|^aTRCy>j>?f4OH`KYkd!4xF7}Zye``53x=58F%6o4vIC3jcQ5TIx^*Jx4K1Es|c zhJaTIgS~p5zbgm3>TDziwkyuE#lu#Dd#0vphp$rcXyx7-Fitr-If32ohr^->8l#R9 zH4V$=4(4s+ov0|w1@}Tz+#06mEEArTmJb=~jw7 zN=bL(F^bGkjlY&|G!|T1NHOq->W9X+09-v}&ss zWzAoLk*VYtlElM6`rehm9*K@Aow{&#M_*7r6xlp3n9(rHWL0#OY8l*^`@&;SHO{9p^`@lJQUmd@9I4>FM0i!c6MYHXd){kYjf#|$ zGc3|ll6IFy2{$SW{EFAH_?CY~P8j4~1Q5LJnHvz$Yp{X_#5P&;Uii+$ z*-QRe1)!PF=Z;n27e(_#iA_M^vzIIpQ&&pF;Xd@i_H7bJOqPDHBAx&4-F2cJ^udyR z|HUw0CfOeIojS~P(_&Bxpgs^uv=isAAp%wHVP!wof=yXYW#H=#NXg%F zIGXrBQ)l8bC3INt3lUCZUpplueM!YI((W=DV9odq6EB2JZc(fO;mH(n+EhLu``6(Y z?J||lgRH8*@Trm-7FzYzh<|)I{Y05F;ZZb+G)Pdz_hRcEyjs3$-5gAIVNqeea{Yn- z=Pw-I{^xd}-O4Ixw=-l!6@&<+jsbtp;6tHrlhMY^YE)dEjW@ zhE)^aFHW0kU5Xkn85hKsvda)bAZg_EqNx-L3x`q4|Lm8-Aq_=7JF64ZYcLRI=q)rG zLXrFzH7-}2`U2i!9RY)}pb?o1%=@2ozcOKW*Ym3|w3t$MCB+j{>`(v#oBs2e91(8L zI}wChMC?;t&|V}%e6#0Qp3%Vv%&G?`JD@b29JP`Zb|wS^eGu%330=zqgG;M$MS}a$+5FyxZ?Vl`Z#z9f?-n_{p&> zI6hJ0wNM=Fwgn9YU`pK9cLYIB zm~sdUf+_MN4X%OJx`nW+aCU$uCGukV%DcB`1>z61Vk1qg{8{#R(-H{@1*X4c+&)}*WOd|o8Y z0y1{Adn8mlt6jkNk_7U{(2+>88a7pqHFHqAGY7zR^|w{q`ARJyVz)n(c)NYgi!m+yNt^j3 zWl&v@vvx2{gV8bcp(?JcWbyHn9BaGAEhnbnO}|we#~;tZ7-#+M{MI(%U(Pvu5eULP zDSlW3j~QRl&uC>Za3#k!Y^fdOj!yVF7| z6?hJq9JV80Ul3DyIHy)+K$+cd!MCmQx={2L4ofs++SosntxyM(QC4HG!%n-v#Rp{SiSH6ptWJc-uuKReZ@M0xx;SA5m z2}|n(xcUt*0a;b&5V`;Dwj2AuH5(Bx#PhkgvZCRb7am8R`kP3>d!%!WB*k^HK3v(S zlO(_1xESUg!phNezs;LmhJXv6yj~(4m(8c8CQQ+XZ5d37v--hau9>E;pK~PRU`P)< zw;k--qUUd}%y2M2qkcZ_N;trQ4|^E*dZ^a$PQq*ROc#)DIGRzn?s@6Cv1=v1N`9m{KEE$BOzll>}2g&k!Iow`U7n)W4 zuM5#0U#ujuFT00Kg9Y<{RP0iJ3vZQEpdWb+0Yaepun}51C}B$^(>IK%O3>@&moMu6 zp|R|pM~Yj}--qI(qY|%IcurmCtsJ$Vx|YsQPiga}V^2GNhNlxz!o&1B@uA6t$)K;= zM3L0NtW`opKC<3jAZ@?bP{oMW%BT-z)}?73q?baE>z@+W!KR^_FH_ZSvYNCNye=Pn z*p3n>0hw?ayGJj>jQ%sHIq3BouI}+B&k1hk3*AAv<;)!XO{uj0=}{>u!6ekqq!@X5 z3t@Q^r8n_Zusydes6wanlrn()FlevH=w)?U^!Rz}VMO3IKIr-5=Z(ntr-o6AA_F3> zx`0VL!|{-yc|1}9)vbmAqz$o+Xs){&WS>sIOxV+{y854Sry+-u@@TBzF>lJG*v%80 zY7j&T$uJ;coZpccD!)Zumq+na-HW3346cZyP{Oe%)K&g3?_%A&16>@PrU#_zR_SfL zljU$I^$6KrJ)z7uXf^A{CVi}&lQGDkA%lKT+>T7lMnv`Z*{{7e`G<}nJI z1ZDNTMaY`==iDybF0YFetqPjAwf6G`3{BJvp_i;NEZ}pwb@(CvBW6Q3 z9$wU`sJW*!a$pPC{4ZEgA~TEaW;v*Wm!%wgk@ zX&UA0^~Yn*f30+VJ6xR|DrMdK%70Xbo1|#4EWO;)9KZ~diC>Jz-_Jnyakgs>(W7R- zg*v%;%Pr@~Ppx@ZUM`*D{6yB&{#3H7-b0{z3l*z6A{Pdb$!7&VxwBhl^B&CJ97_y( zD0=u4gTwHja1JBWgiu7!1fMAZR~jEy(!|Qg9*S!T=f-X70h3@p9Ml839NTqXJl9|^ z3WnToLH}eneXd#UvAa)PlIRVY%+96a-Ephjb^wW+Q9Dbbc~dZd3m;+qs$8H&O!uwz z0GQkA?$2F#^(}WphbW*tJQmpWIu%M%E#gL@%Wi4zu?p*?6H^du?NkT4_noekh%S!e_0LA*q1^v2pIcUQ zh^WiA_i(E22$3#G0qXTJqrT>=@GcoNw)TxP4$YP)i)x`1XjC8sN%mf~IQe54d{<;( z!k@T8ct@-DUxe`E@i6FnEXON;(92+6+LKg<4)RyE!bYazrd7QcCEL#eN^v!%vEsLw z)FD{4awXrQ4>f91^SD<;YRQ>Y7^wFRhXeTI$BUDTqtwbcg_P&Nsjc<;aoZgGvVkvJ z622m?C+a7_C72@wCbXt>ClJBNUnF}02aKbcA-0ZMH3tL=#asFdBP1|>zaDYnLm+$( z{m64kjly4)aQG}m8-0)fUK<{xx5Z_N?D!MQ!}=fom#tzFf?k+_LpHXyw%j9?CpM0f zu1wbBR0YHyFR}Dc>;`+E0W5Z`Cwq!D5G5S-b7EM5sl@@^5qYq*CiPzDh6x<2^rpOz7QMw?iJPgkhwPHFsFzScpgHA4&K!urmV zRYdV@QzXoRLF2$BB&Ag`fSg9VUR*hE^h&tZ2+*Jl zm<4T4Sl!Zmy?waa036#%J-U5Knk;w?)cU-5qEq4-Ze&9Z9(pR$Rv4mXm%67JB#BO_ zmH16X*B=(Pkywl??)*21^oKD$;4}zp=6ggWy2UqsOr?PSW>g=XkHpJEZUs(34Mnry zAw0}KD@w*b6ywU0!j=&cY^qC|bu|cv+4&U%Bv-}XTE#SKR^konU}&Q=7?b2VET$`a zbH&P^m*!KR%yAJW=yaAzcuM)G)aYKi?zk-U>&S!9Q%hd$0uY~Dq)oK4RnrdC8V<4D zD|8OtD3iabfH$x$EvoxJ03Iq`0@l?R`I>NWtl9zvQL@TtBp=n%x6ilg%~U!@ZtC5r zqYj-^uz-Rv5*rRLE*>8ip+QQo>KaFSQzxd ze#>tYHyDnoqd$LiLt2el*omqj{hWcAF=u**HHlGP+e)H-bqazu>H@z%RL1@{_CK`k z{)y!{xLxj})@Dqz&-i6Yl?o)8*R*6W*Fm*$Xijx-dzY&CF-mM7sO>=wZwg#CZ~LPw z0W|hT`osW6^9ZP-n!~h4DuMs|0mH6sC0L?i@Gl~^B|?lAgXqx0Esj|VA7$2>A+5+kz zP^f%N&)Oj&Ri#;9=N?eE%2%Eim!?fT&euOGC)AmIrI%Eft95wCAi1!z5s@aj%S7h{ ziQ3kPrIOm5fys~rMzh2WWz=KyeuQU}^L_8h|3Up%hod7hr2a{Pt?p=BLHntKIh)hu zt)x(+*4A4q6+lhGo-UI&c@4snEibjV;W!i_4OvH?gdD>Z;3bN>?n&!dOyJCSMkeWt zRJ~t+7_87t@Ikh1Y)rS_RyrS_yM(-i&-NgkWVk+XaIKaSvNw7x(08SJg+TOwTR>2( zj2;Dif7i4q{p`}F5GOA$FLQw17`20t20JqzLQswTu)FTS_b=j=D&9l^L~?#t*Rb|5 zIu*|f_~o=*l(llE+sOj%x zvHn^5cqK1B{I#MfUkgUQ!1L~7UC?w(nY7{}*(~@OVV%E%9n;n5$Xc2hfroza;GJXd z{sj-<4G$DTn`DAUMK-~45H1pA5mbZSkZe<0~oV9pgh(I~8?mlikVfMY=O&?OY3~B1CXNo^A zSqOXB$?$ufzVsYyy+#W3?j!XJtFMnUf($!ZaSqicH+g_ z&%(AGr3Qm$<=B)^+Iy*%78I`RQ8 zm4i9y)@WbDB=xi3YZzvq`I>7eRqS1j_WfB4^0-9u-hTDF@3I?9f>($2edR z$#O)Ao22xCdd836nLN}x)CrA{Q{S!EbW|(@OMnp}3bXT}?GXnR?&ZMz){mgRKP~9! z7%(Rn{>stT>!T06uUM>BBi+QX{=6WBEXy zJnjLAaWp$SDx}japdisYpLvvDM*MwQsEjFJMI5_io~|KwB&1F9aNU7<`gfw2TS04f z$CeEdF8}4iWWVTEQJ6no2W)mYZgd{EI8EikQmCAgO{s&g?XW?)kUS-`YC8 zx`7>Q*0m%D3l43GZ{iYtahi3OtTV&8?tmDX~VF)poQZX=As&2LJ8U zGHwIr?JtGY**jisuc?38*7Lde#>sTN$f8x@QD4je1|-X4M&TU$%A$ePR0 z{&bJA=U29}V)(|Oo>roqKE7&|2WjSb4!H261U=2A=gw0Ho@nRoSxG#Xyn@^M9Nq}? z@2PgnwUCXan(TEy-zRHF$Il~i#AiMCo66#lV|5AlBU6^Um@u$FUe5!rxX)~a|1}=r zkU-Qwx_GxF_6>Rd-I`zbGFDe_%X!RO2^lYW+?SV_Sa8|(c7_N?j{7)^u)<+y%m#m; zJj#3jTKSZL$%s>Io6Jz@ShSUk#prhi7d?XYK5GEFHPXL!Esh}KSMz6!i%if8Cof=k zl}OWj9EL3}Wy1e%e9KT7)IDoKzq3M)L=R*lRP@zg3Onj7E@g))2eDNfS=)uiVAV|4 zI|vlueEqri{XX{wv^fmD`2Yoh4LD$s;e&@&4Vc;4cD74nZ5mnT4rP!IiM2YO!1 zK&$TR`nXi{akORG_&NX77abG*dY2ON!n;lQf1$*9&Kv5tHM;Re0N$SP*#T0cC!Fy+B1={uEv zj)%4K6wTRC&a^uL*wyM!AMB-BGOBCnOW9G%Df&LgMN7jk&PBUp{b<))X+@JXS`L_Y z3WRn|1m8g`?|jUK9EJE_(yq>y}EjS68wR1@j`Tq ze*MD3QK1ZjFNMvCf6Vk&a=ZWal+Z>A=J1y&?&^xtsu(J*QFni&6>7%rAm4(aG+k|Ru}Q|s-0f%{2TsySoFTmc%owK zfoyQ%bN>ziE}kX`(t%;qPETFJK*g z&rC&V4EQjZQ@OlQ%{;Tg@7HpKYrV-s@U*N1)Fok;ho=p2qBd(;h$YU8 zLwo{#u9g)9_7vLqX1=Q8#59Vl%W+DX5Q@P_l}HCw0Jo7+B2hIeU$jA8OIbS1vK>a7 zd%|iiX>B--5zV>djwDw;tCpjfYuHue_v ze`=WNtpDcXI#Qs=<@k+yqxF+<7%%uvhcvl`7K*Jo4z{c+&|Q3dm7rYsil|#P3WWE( z-=V_`Csr<79~O!0L`U`fLxpVmF|lP&7jx%Kk^iVXi0U%&r&8q_ES#5^ZJyN*Z+GS{ zBSEZn4YF*qBE3Nu1cm+Kr&r-`DQp6+?U0ZUy9Lx}fykDWF$gJo1`%OV3Yp=%t|xyU zMZ2rAkvzdG%N!nRA;@#zLvp2xt1w!8kYHV(bK01K@B5%V{#UV}*Roz{W;mPks45wB z>2)AvqN;F=h2yO%2x`c<&voZc)hHTfcj5f=%>}PILp)u>{tv-Zf$9P>mzk|oHhg4p zcHt_)1XXjWCq9YP@%w!E<=JTD09v2UD70G)!qwU3>C&7H`<2hZ2)J zyi8}S{~3GlCb;uUec`p!Uf*Q&zbK;f==`{+;2rKqS4MrFrk<+O>SaUoIBH}Wu?@JRuu(Hth#q&yIEKOGj!umu~(@SXsyvZoek(={6O^76976 z@d*SsQBI3PZUw5Jt@`fMjh_hEdv28{IC>wN(w8@X0l#W*c_A{?8uUvB5_VWH6v7ke zK8_HDtK9OV)FO4RHEN>bz2{Rxp=tfOW2VvaOOiABrNF2myNIL*J^q}tO6HyH;JRn`{~ab;zGdTC?B{`cx6p2*W`x1~sz*S+@Y1{P#6iGwyw2293pDY$pL z`*_yjWcqi=6P0%GLC!fP*t+meEoEH13nF!(dh(_)VJfMq(Ebm#wObOCv)vv;MaHbitw5zTN;tvtjy?ARD11^*^{2B9t8}7q*4B_N+s6f-a;Zd zxIHDJ2`~aX+?-l_ccAVhc}fsc1#ia8_&q*9N~Q#X&6w1Y%y53pd#aP?XX@P3%Uyl) z!JT<}4NN%jxqY4T_rkmWMZ$FVWFu6>fZ`&AmH+`*|C{WsS2WJ^yvN?@Orh)+(j}M8 zsOhd!1Loz;3ffIKW{~*(Bz!9N@?@cNFlSbK{h_KkFFnQM>Qs6(haWyB~ zU_^p3uS6>)Sz&T~5$D;_;Q(HbV-4p(T84X4mWcu__rkvJ`garcVNrjjfjX6a{4NL7;#G)o> zqoc^}-OX&%=45CplG`}nmZda%EaR|3#jkaaXVH7{PSmeoq93D6@#7l6Jx!&nImp(G zaa7FBDS?2F@QG!0!SA%C>NFr!1@D-jHSu&jC`$YNPfQE)qBZ$UaBzd=Bdm=ZuSX$B z6!vfrmr)YG4ke(ELF3Q8o`b>%Q@J-YSsr%TRSd3Rmc%`I!d%sDB)Z@9T8{4uIu{fY zf7UG+;6UcxO>>{DPM88!HScqmA^DwrhA=RSDWT!%^gH3ar6#VYK+Fw05FM*#!7q)# z=%_YFbG2nbBa9L%$s(Nhf{Q?zXX_#^CFi(8q0_4kJExHNb=$|i!k#pAr!ALH{$bwl zhSY-Jn1JXV!71yF8g%$b2H(!vHR^re7oSn#=iP9-2>S?{#xBYyL~4+v-1XQDCwhGU zHuBeL+I?oyBH(7E(Gft6!5)MVA64HbUlY(uF;>vEq|7a58>^klE`4Sk!ap->sy;}Bj3Qdgd^DN|>Nh2B8f z;GJ=rkqc08@a1^vIa63PxD+o*e_D>Xjr}eu#`~aRO+#HeDOa*oI>%UZWt8a7KRH>| zb``<#f~_PTid$n;+x53|3Ibl|$aRhV2lI_PGX!1CO5PDD6KFV(uE}4*Q6?wp%7}Tc z=PYS_k(-yML`5K?h}^+Ze$zSHnh-rb6_imvJ!#5>>6Po6!_#1dlxZGYG+Q%PG8IYI z&{XX(_R^;ICv2!vCZf_Z8-|l?V&lq2;YnK<^YiizX#HX!$cooG`(vI zJU3K(y^ZPs*M4L>2lZVG^5&DT1aS~;A(~pt6Uaw$EdqEy&x& zc;6wLJO;cDu(Fh{KU-(_&=`E39@4P_^w&|<@3~0a-Pv3k^(75*HV0AoOf#smPw4h7 zs8Sd~%>!G2$qLqraOL}LPEhwX;*{tijojZrUR0~X(&-GaNU(n13-gz^d_1ll;Vn6g zC3+KB`JBI@A;0&*CzK=JSzVN$hSN4Se*HZ&k$t9nZS-Rkl&nA(w)5IpZVu9nkS(^T zJBCPik=LEAD|J;+bB~+y2DkAQ@Lwc2?j{!`B#18)!<(Tu^P8=aI9z~+)UIUNkbF9S zhKv1z=QBw$n3O7kt;*ZZ2*5PC$h?_BN%XH6TixnR$%E{x@5#V@`Bko4tHrprLIH^x zo>@gt?f;C|h4d!Mvrh6Kvw6N4enh&EnH319VeHaN*C2&;$XH3*kuoQuHL1qM&keKv zMMX>NNow93jN|gReK%nr8h8J^_f7ra>ol|var!1rw@<)tzxTV#+yru1aHKnupM@If*zDruqgafuQz7e$$zkpAvJ+-yyF1wu)$3t4vyipp6-uchc)iV{|^ zgtKUI3LEUBF4mW|ane*y_vWK0B!$qguI$u;N#b!M@H$m~eIDr@<9b4lw^3M)kL_@; z;pp`^)q}fSYU{nD4D6d0f3~k}|AVSmYt*rMPwTbg9@DhxCY+;c!^`xMPo6zOPuf(& zu(B&Sx7D@oy^#lu-*iIAf~mN(b_ z@MpTw`zP+3RQCf$$=HG8Ow5JRoe2NM$$$qLcdps-Z6;k*48I`bm(XyCA!jnNx-J{V zms`#y68$ga9(8r@@lt#TRM|h`@Ey!dz|k}&Q;ptYk5+q&Y6ESepR+0wjj8mAKW9|!<8!=xa2U{?& z($G{)aP+;rS-S6W(&_qfI>2#h3;OC+xl1~qxSBYRxs@m_PL*Rn0Q`osi27U2AIKJ5 z_QA=Z>UYts1djREjWt=L-lBYfH%@Nnc%3r-*_IAo*sO&V{=>*9Rm&K`H-CLIuCa}T>l6Pdl4n|7y@*n-f z{%i9!!M_i?3RXOIb?<)JuVOsXeDu8dv#|xiecu-zHu1v5qhP&kxWViIJtl3~^&8Qv zwVp;jn6nv^6FURKief2xo3q?tf3#FTYkq>^V%%TQeAI;jD9DV9JI3?r7Zui?F#ef$ zpwTJ9^CHryl{-HP3xV-vCYb6xyLmZCBR#V&IHeA8B1d$y$q*qIa%XZq+T`@;ZaL)( zWlt+;+iC?AE*DAfe20KPf6$L=Q7(^6wVf)$r)LI#Z2CY&M5>{?@io6Vsu)*+-g2El zl6~2EMzK!xI2F2n|CVjP3{zG_&RK+d^*-V^)`sb!80{C>;-Xa`fXhw>C3Fd#@VLX0 zo!y^cktbI^$;tgFQ=zY%77*^>Viv776c5M!6ZPJxgtp8g+naGVWl;1{sV;yOMRS}w z+n#oxpJo=y;2xP<0P7^-h)^f!`TkcfI-Y&KfT=7Z5~6X_?E3Bf-@nFdYinjWCjZUm zh8pB42M;A~gy=ougRE+L(fkeCFuvM2_T5u#UdKaWp4ZOF>qnpZ!c# z39G1sd1t2)BW^SkgI3eU5nO&(T@>4T8yp4m4A^5j2Ueav%p4q5(sW)9YT?$G420+5 zL@oe!#Dr2=Y%!5{yXDF1NOzSuFHka}zO)3}j`=FuItr>kc81u`+0v5{N+Lc#cN`yN zyF!or0-jFQ;I?;=C~|cJs@$G`?H3a$6EUSJbS(XrZ}woUwgTj$+y(fZz9Y&{)t=~% zgZD5`*W04LwrB4mDREbAFH5P|k4QB^mKPx^(Xb}tRT4@Wl#+`Po8>e6_S2|zB7r+5 zKSi0*2Q`oq22(og#@G*icf_mT*i8dZ7+a$NrKHYjd;3iYRnybc!|k-${UG9tz`*5f=c!%>>swV_4>+lkJYK296b#JZfoa+De|5c4?cSfr8<>qTPydV7<9VEA zYv0^+nf7_ilIl2=bfW~LoKvd}ExO2I&g5kIY0XOKC;T3Fc}#=Xw-av=A2Ie!Jn;lo z#^vKGwleQ&V({)tV5?Jp5d7lr=&TtOw9* zeSOo!e&Tn7&MT}m7RQax0zoJ6)lB%oD0PY-pLs>6 zu)2gFW5%fvWXe#WW39qBpLApb-n;7F*^e?f{`s|ovtjVSp5_*OtMXmM>2J@p-R}RD zMj{gWw%mE@M0Rf#^`7K&FtUCEduTOSE zd6vraCFS38|Amm)?Q+YpiL`<=j__kV+5vKn>J=cIWla#iRS}UfdGhk9ovFe^FZuYY#G*pe zE!?-@@XORM;ZeBez$ zx0bd15n^P15Hi7?pWVqTmmk2k0zvn%r;-*lS*j1uutQUOz@(4P!nX!^ck@y?U#Z<- zu;@MMz@8)d8-5%s*>$*<1QT7jTJF6=4k}AX&BHTNlD}!nK>1&3WVkf-oH0_u>5?{` z1Vi*tIcni7%{mH}MLl3DPEh1-k}d4Ew2bgqkss|>yHgU7+j)`P3%|fMo3z)9i*t_b zBiZ87wx;FkpDD@&Mgpea_=)bgy~P=b%i(2>Qmd8EV8^9Urj_N#17+Vc=BE<+potFR zmMMr*n`tQFC`7zj@h1>*TJgh&GS{*6C#JM#oEk28Z?&vQ3nUZ)MFq(M?tW(*!c@-0 zAJpHh>38|GFe91LkdWg)YkkCX5`V>}OO_JpH|BA8MlE@X;UHbAlh`>bO6=Y}sjAzr zh7QC3pK@?31_h7)a*Q^yK45pL0E2YNi`aa^VSX0=nXO*z;=o>KQC=x9tmQO^FSF$n zab#B(>u{n}{9f`*aFINlXVqfBUHCeDYT##)1*Sj5HI1jO$k(DM zfQndcErQjEv*;htc{-XO$wa~>mZQO?1owxZMnul& z8~kqadjX~S^E`5r4u&Ti%m_P}m?w?VqpVvkiJ?f>*BUkszP+~OH$j#bXWS`$p+od` zHm>E?sN4LK@q-O8`)(c)l`uKjzk-ySD%-lnKSm2Z)sHbk%oBYP8Ko>FQiU*KSMyq) zh}oWj5*;_%vXlhZp%`xxeuPu&FOns4YJm=>;BLL;uN+~7)G^6%nR6Z_S0?;&tqQv3 zPj5%#E+BQ#*I!;7ec#ms|Aaos;r#Zv~GqWc0yqD_WWp_*_74@!gDH+Y!#N!i zcC@-lO!05TIHDBX7o{)mGLlQpmcV1W%7HR?B$4f z{atCXTR!SrNBNW?0}k!LbGS@|UHT?>b;4{(un_NEf}6%H;0J%s1!Ew_w^6gOl2_F* z%|kyU5xWBIZ~=_}6)t~71WxYYEigGomQC}rOtLA2L zDHx-ChG0fjWfgIXKGIdan;Bob?VNS*)5_|f)@H@pKB7AY;uT2t&Z&2Bn}F&Bi*Z$p zapUn{U?OkUnVx-`J*$OMk%{Z#!_#F_G*HkU2Cx@(y1x0xSzrg2!gc zpFRY;_M^C2HMm~G$Cw(}F);FCtm5ZA-sL@vSxOAwvy^wn2N^Q)BI+~bKJqE2xEG5K z%`R!1-rgNfi{AV?44`LD9WOr-KTcLFb0%}%z*iz>Q338S&eZ;JBXh>DU9y%=d1u6{ z5M2i=ZH}CxzDYTtD{O`=4a>BP%znt&@oao`EXJ_~X(o`?kjWoUi}7C0 zfwIeT4mr80n>J}A^a7MtIj58;p*0T4ig-PCB)d|9QEDLp3Q1+YY#K)h;yaF58Gw_uHl?I!iWqB*5S6X3#f4+M{1^V zjxjN!Lsy_Dm-c7g7aa-rUZXD1&X}oHs?FspD$eHqxZ!#`W+iJ0 zSOy{2eCns(Ik;3skzicGE#tamj1w7Qj6Y7DdzaYyTxSlB}AE{$6X$>#SZGFd=n@OjAX=V z34>VE;wsger!&G?L4YQQONPoceBtY5fn>;;w$80m0o;HE&(e8a>9zhe6q9sqg7 zu@z=3${*%h*6*y-(Y=9$Om~m_0*zY`HUihUBvdb^QLFn;eoyA+%8;`LVu|yRyj?nj z=iOCFp0VsI0b@k)egP&&({0}KyLbvSrT=hSz%D&>@RC;Ep$U- zIc5laX{Z(^Q%-@--?BZdT|tzO8*r&6-f=ngam;v%K9d&T_2QU|6g8@EaWY&d{Un+2 z6bUe*TSqw}4d$H08fL2Vx!eCYQ(IX- zEg11pp$+#H{}H3)#a-==-n=ol62PGk-QHL0lz|UBXN0}C5hXt@PHuO0OjYOq`& zf3W$QE8{1V03Kn@VT*V7Z078!$`QgF;p!+#wb|`F`o;HlZ1PGL?*Xw-s}LW*a9>f{ zB<8{NCyCG^dP-#%)j|gR=(rZi7`-9qNPcQ5*&frQOwmAJ|i>w3eKMQzCSB{J)Gn0@TkML4Ry$2+I347;&U;@qOH6Wy|CA0T6u&@n&V|IiBR zLq3NA(bEBcgAD3TUVpWMTdQIs=8S?TKemci)NZucr2}|^IigI*N+(H=U+<>4ox!aR zA3wvA^MRIq=1sN`IPJdI_zp4xn5&gkD>_fy+`p?AU^`S}1=7IO#3z4ZE&9=JYx1by z1mLEZPKdYntF6)%CQ;H*5DE^Fx|}G&_nR#56VAymXruJ8XTdXU{OCi8*{A2N{9AXo{ftn?__@_it-2c29y133(T!wk-Xkb$S%sTmMO;5r@@I&3$JiuBO;ZY2eX z#2cd%=8oIf?{Pfcim2`Q3gR_^{!fkmqVv66z;@XhnLhrw3b?v4c;8F^Vl%(=y9bud zk3fplYb6-hCqN-JFLt+x&c;|2JnBWtU69~;!VqfL|7wOPopvn4Gp!<2nd5kFUs!n(uMNHz;_1#e19d%W&H^dE z<$qhywLkdd#8OU`dR;@vPz3f{Q9gI}(NpW@0O}k4pc5O8s7`Ir%=_UJhId3h>93;e zPM-)|YAnk!b5s*Yf{0z`#NaPb4UV&kXWx~;hbj0XmIFhpU^DA6c0)M~3<@$DPX#N% zAc|J!ZMlBh)-zaylcGGVNToyGU+dAeP;5aRDz%ep7cm;6SBf5v<48J%8k579ucaZ(5 zXJ(#4*4+O;yh7ELQ-wNgIiVN zxq=shXPohz?LUD#BN<-!&QeS#r2>&h-O3_~2~V>@=ztpG_VOi4y6~!}=zuJ>0|RMr zDK`TlYAFX|wAYni0<0~ewUiKK%IZWCJrR0`RjTe~{Q+T(gR!@xYffU-@0EyCFO{^l21G8d=iA@FQl% zJM3TN+?08$lm{zJQ8~4}6kYy2?D&F7m?(a`EiwKMok+L|Z$eF<6{ImcyJX7{kIB~D zJioCaXT>!G5?BjY@NgMVPukQ>(SHwHhB)hypBfDwUp>{7l4kFmbYr8$)`!+Me8Mx} zDMO1|rX$gau33?1+m3J=4Qg>?yrV{^env9mxP1FK|)X^d9k8L}=`1~K-`?C9`cWWj# zC|kzbx>)%4nB~Fj?KZAaad(H}?$mZN$(=B^;of`*8Hf7Wc5QPa+-}{=^Fd;1vo(%A zzM87XjdwBw;q9jgW%KGSvsyFlvlZcCRgGK8`KSAZkZkh9XL>;6yyEZ5R~oDW-4^nZ zToeDrK?(GFg2c>tvCd0Em_+#M&G97NA6Gt4rvyFDaK;GyqN3Co5+-h^##1pOsPnZW z>`xn0Nvo<>lf|cmH1kQ)E)RNDIBV>%Q@ANn5)|K{!|xD|WoOOM(Jm~*=`e3GzkZ?T zoZYRR83@uCJ%glyVR3A~SMIzHRYm@X@y^Sxi_KnLIiaUoBKHSGR*x>@zg&}f{vL<` z%to3Kr&f=q*3ahFWqWzuuBZ1^omThlZm+weQ}_hE?j1`Bf-se=@D?mK6ln0;`C=E` zt|0P5nf9Zr{PI_7u>}n6YKD-wXTPAdM@mNTk1?(_ibxGu%`pF#`a)Q@NQr_WVOXj5 z-==5`X-4(Gu!OZh&5vjW3Xr}x84H=;ZVMAvJlE?SeB*itTEyg>TneX<1y>CaIhhGH z@Z)czCO9Q*FunrcC+5}bfO^2|FvxS_7I>Yz``>L9X9oFaz|h>)LfqNkd1v{zKH0YS z@5IKt_cx(IIgM%MJ=M*WnKJV!ax69MBL#P*CD|Qah^^O7+%s0RFVFSs2^9su_+*f zp$k|J>A6fJIhQuUtWq7wOwNZra|b(+zyxJ74vUvks&vzCvM4dleaa*;jwuFLTh#t~ z8Br)7X&e$zTty87-suB9+gM6M)~3y@c1!b?Y9ScE`0FJU^It`13`R}(ZV=3+)uzvt z-&-!w%4Yz7YjD+~$F54nx=bDnD!>Q1io@>cq#JqnG2-%Qx@QZM89O>|IxeSbxw;42 z@U@9%!+pKGdxXeuaxZNuZ3~9ja~2X~{UT#)RDecznPUAtql3kSpATr% zAsky7z^*K)e~QTGUUQZhFUCxKE3lyOo&Y?e0AE>~6PU;81MX_A_SkmSVP#rPSUDk-)h05M0#XD> z(B%+8gtmZ$ve$($Z7QQ*Qh_(TC)Wo{Fkmx^fX4<}X54+_r*B6XkGlHy$ye18rDK=1 zF3v+m1ar?5`RmRpfZ_I_C%w#swD{6NB2P0mO3o+vgvmBgNg~8D<)r*0@Hu()c}Yysg&b^~C||5URzSd`tWa)VglEY*(WQMV-p z&^0}KcJ~z|DPa3iLI!Goj3kdL)qNJhM__p)B$Tuzlf$F8oN;O1X8eKGjPlMk%faLl zHZ@lPUn3TRdB8J}Sx*Xfhs}s1pW+SE{!!2z3ET6!m{)#}Bo0Iy1X=2D0?DOv(1!b^ zQ(*Uqh_QUny&+>Ck9zw2z`~X*5e*09{2t;SHQdcTDiPXDJj4c>Ujc9>*6#3J?wTUn zK~+%8LCG5QC1gf+4g;2pwdWebHMsO?D|721T!zJyj#iwasrJ$SoB#yWai&Z*a=qVa zOdYOJHEvBQQp=C*YRN%o%kaFIBxJ>U>8eOtY?V=nh@qH+>gBe08|0JOSk385pm?I3 zOxpqE&xOlh|KnN(;qEME2sb*ss@&|Vo|#mdI7JB6e->Ua$n?4q5Y*TRuWpUn4gn)b z0pOZ6ahc3v`{r^-rBj`4_gg;gJ_|_Ukb-9yRrNLUc+8O^aS;L^TCbj9zsSC&m;Y--&-S&70e#?BqjTVOw{6Ys$1{WYF6m1^qoB(HUVEcvL0`Shn zcc{FCi56$RyaT%#B8nJ#y;rdz)irnl$teE%43k^Ub~J zhCIJKHJNGwsZLF|bDTZ!cIO}}BY{(bjG@q5hEnM7-h9%P%gUAuZoq}!J>qfVEEUdl zku$DTDJkaKVjnt>;eC~?}^V3Ob1jNI+HM~+T?VIH{;{7E_&e_G3qQ;s;E5Zx8Gux7GW?4~_=w40?IswQ- zvbg!`jQJsf{kWr}8l9K%oOs7Kbe&%LSjP8?wHXONRVW-HVRc{f^m;W{`Kc*Obw)Q; z$i;)8G88xge6wx0CU7<2$ekJXve9S`^j`7leidv;$RG_M^n;Bq!DG5+WEBS<;? zJ}ug<_M6FVng5*!F!-=NksV4y0kr<`8jNh`*n>YpA+V zH5f$hJ!(Utt{fcmOY@NiNY=o3aVSY)j%1^S7DCL^|g4i3|AB9QCq-(2GPreyZ0;1oPTd9oE^OZ zTg;DihJ%Em#?w)DW-UBYgUY}nF57X_$2_Lo31Y3G^sBbKF3SXxES%8FAK7A+b~Nev zy7d^X$HJ6Wr@B-ueia&@5|29%KU4DxU57*P%8ubEc2tZbcAAn;P)P`&QuBQ>DQ*!~1Y`xV+q5?OSWtz8!>EFZI2)k-GSyE`Pm zeo{^3J5n$3Pt5OrZzX5X_BtTaft6}y5{^QtB@+?*wQ5t`QMgl8M-EB z(*?N7JJi}DxDa?Flt5>C+z@tX87jW`lQ+ky2s2JgG(JrLpH=y zwuKSJgTx0L=8KC28E|m=4A8F-JQgE*$VAcia4h~~_epay{(rI}AC>PNaC>JZop^*j z0N{N)7?nI=x86dH(Quk8x#$Fw*JlB62e0GZMWOZoCc}o%?R`%M&<^)#4VFQ13Bc||qrTqQOrVK3L z!;pFO>EO968*ag{_Bm6}8J#1FL5K3)9USob0FN0<7Xds1t6ttjfnHxg{b8dRY?aCs z8cm47R?H4}-LBAy0sPjRD2I>m^~-?J)|^*(M&F5vL?u<)bmV zwURQf4^oksBn__(z^quQRpjMY{@+*d!xbp{VB+VQx7Tq~XAJlseD|}2z^3HTd^8HX z7R9aARfXlYNA?fMnQ8_CoRj^BvYbA}fY0Q3xeTVySdh{#4*|K}c|+x@go9I9&w zbxRn=_#%!;VWQygssdd`beujnyR}^soSOERpk~)*c2+xId?TFSP?h{iQoV@@U{k_( z7AzGtQ6sHaWXGPq4>`m;8&`V6dhr6`_QVlfG^V<|a`>V0>zE_~&mWj~dszRax8-8j zzT7R!WwD9dZFa1lTH0){EG+ZN3&C#=oOPGwPGHvYrnUB5sGoOQBGr~L3*%~9+>A2W z=%Tw&DjwYrq^VXvZ}fb^`3Jm(ykEYqKi{~u-X^NX?;nUh)yK82DZz`PN$b(I+I-b~ zGaaD>BSSsZR|Mjh<5a0qGtu7O5@aKgcV!XUGF(>iXZqJKdig!rLcxgwmkk~Z_C#@3 zn5(Ugl}z9s29S1QKb}f`EJLfVw1z^{u>Ac$d9PELGG_L<87oYK zlZa;pb$4>vv!54#KRE+`070Dvgr@H)AJV!FrRX=}ran$^gXcrUrcxDxrey*ans_yi zAx8kyS%$7(Vq$`#qpQi#|z)^7SFf<8A7#ixnk;)%gVJTVw z2SM4)?mXG>&DU;0L(2PrMH=vOiR^Oywyj{)hKz?_Q#UvX_qPf=+U(ot`Krq+$n{(2 z@qhPpKVSL(0XOcpn;pNv@U%Oz++5wZTHH6+hJuJ;gF8--mmPrymxil-Z+~w?MY()m z$gt$ki>vApFHEoLh{z~Z?0d((pe{(N#NH8w7W8V}eJ)zTNIE-xV$S=B0T3@7>Zkx?MpK_My8pvy zxeOg(=6Ne)pf1^!JzBT|4M~H|4ea&fw%8s@2?m2h93lLRy|3*;Jr{~bCei2(RJi=r znb^5(YdSDZk)bl>nEk!(FnI$H9w0mD{8az;&H&f+F8N!o)5n1-j96;Z!Xrw zYiIa-9#m_hfH9gTiY#!xCa8Bea{S(gt$WR!qGG=N@yM|4^29F<=6yON$FU;bc)ES(pokGD|w8@A=#}SZQ;^#&7Z1=Rz8PvVpU-+Y^c+ga)aL zRAqnbD;f`}2DFtqF>I&y^r6?1b0&$ZK7xx3p-GECS3#IaY zFQxK|?=KrJGlxmCj8Xq{$N6|cuMgwdS~b5Zmd`vP97q*?*wWeAK&wEJnFpFkTSq$N4fKM z3la5jKI6Vx2+8AIg@6oR?_#cusFAu{=1MaYTu*XeQdo%=<$AKuerBXjQ{%CJN6D67yK~yCQDoiHRXW8C-5q;g$bby27@_fh%Q?*0e zbG6~c*YQz~Cu^ZtHzFE#I21!xKqL}1LP=PQrqQ|2*57$chx?-6q0xK7KBY*gea>B2 zwUz8wvW?|ns5^pP+ny>lR?&6U$e)Qa{-1FsZeY`v--Uq30)BpTR6h?=sdAdmpEUKo zEKr^qP4L-Z`wNHeB0gQGh&37X8e-pwyRNwTFT=3?d5rD;efC0v-T%&iN9ox^FC~Eu zwj5&NlG%mjl9@Hu0S9s2W{yo{OxKwc0sXHGytp`H``lS_^I0GHx)Vq=!hcZA&clqY zYyE>Or{30YM1F_>wEDqQlJmj zM7ra{BIi6S%czilC};Qip|012{6?!2KU-@dXuK8bzS6KBS3!$6ez;?c`jV|u`K;2d zIrLvA`DJRmdJ6>>gUyKlejtv$!9eNwr~}~ZI?jFb?S&-Ap{d;M)Vw<>QoKGfxY~VzW6#;p~K#GFRfFuF&db?SSMpVb+Ni35JU!ZIWshWk?n<2$-pr{jJ_{RdX z;}>)T7|CBrtOM^8V31Z+3On3&-)HeOY&sVk8$?=wtc+@=nVJseX2l(AMffmSfUs06s1| z9Rvk(CjW4;v6zaQ1Io2pzqMQ%JKpF*APl5#wsnLRCx25WmsUz6E0KW{D@yH855$%K z-BwZjpjW4{TxhqW@ujnF@bLbn%RjNbO#OvIfced@OanZc`0v%A!sl^$DvmN+sf%eh zJ!=Q$e8v=Lnk{Xau0(8>u}={Js9N&)^Yq{7a&^BSGqyo}Z5_LYEhpc8&ASTxuVKwtJ8_XV8j*;`o^ zY0-mXXJGfhp;6_9BAF|XNX$g~+z`2EIxb!SVrl>htMyB19wWQ&`6|KA^vT7pk)e3| z|LQ7g8w897ku2Xh(Z~v6VR3M9N%u=v))odFKHbrOw_^-PBpOHc?Hb{^w6FOysNO+E zYEaOHp*LfV3rBTZOdHSrk>=~N=O-|OmFrEEeY7w?zFJ}80z-sz)CGA?rV|P$#44#W zVUKZf$nG8<27Y7p$1a!b*qmU8vT^)9w<_(DL;rbJ@5F|4h23ozEj{#hbJMSE1R zpC{OeoV*J_YoTHhs!6#KW}cxs{)Z|I1%}xBE98IGK?Z*HpHPPHiQ&`I3l({+LVOc zKGJ#pV8Ly7?2rL*zKeVUQUiJ>E|p$4$#t-_k96(p^h&~(U?BwDZ)HR+KRIi3#0%6U zAXRzRwE&h5Y8AoozK(k2iGl5^HVy|Ji&X~hecz6W4SyQk6idYXui`T2{s3ii8-b;>|@;l<3EQXVHDN6}hgd!`x zY#|bG6tU^S#paRxn`>7rLF)a=Q3)*?xsx9%Wch*aF~uA3HHg2Q$Jq9@v!8oy;$bu; z`zo@eXz)~MI$-HSD{E{l8j>!L zpcSUTuIVuuucvz+!xkKcd;1yeTSHMpshIV;8E}80)$*h=?(ann`$H#K4DF)i=Fgc3 zx%k>**V`#|dcb$IC5DzJIN@!_AkZw4bMuXaW=5E)OZ9k&*jjmC8o0EYiA&(L0N zjpK{%yt4O_0w1!`{K}j(#cXRfA62d`#`AlUYP%n9bZ+ZO-e zx4ROLIn#Z#mpFVD7aH(fx|byCMKafk*L$mw^n(>q z<}yhs*GiWX&Icn=Lcc*7ab0_T1atd7OvBVHw>uXW_Yp2ab>-uLStCFfNQ8kioMK=T z_)%LhY+@HJP~TK*$%*_qa}B|YWwz8Kq;f5kcO{irw^k=JCp|pGsl8`9crq-u#dH}~ zV(y>b(s#c{z7?ARL*@g7E$VoC`7Set-+oJRC(|}qObT>jKx|?&y_jJC>qkvYfp1+6 zKEFU%22Hzr0&i}|pLu9?R(o_L0eWxEbH1M&;qwGd8YOPIB%9A!lYjc2@lWC{57{8| zL{0=NWA8>KuLa!1cVXUP(;op~E-m`rzYR$e`~1`9Z{`f5BS(W1^McK4M8?}oSfzpY z&nl)CSsp^wdHK3+Vezno&ETFcp&&%V8R&J4+Wdx%DlS3?p)L_a_K(8}QC+JwykCnw zNQJA=mX~xqJh^tF79eo>t2>R#{T!@@-lv$&ze42eIucX$vV9Fgq7J5D$^|G)O*~0JuBe3FnFzt8dtILzh>DS2r z8Xj}{ZHu0&r5gP=b1(^+jrVKq&YrFgSaEgvV_Wrq38(p5XJtFc$_TzkO)b~qLoUyA z-SI;GjI$N+z+66XrEc}gdIJG`9VK)tWzJ3m&Sk|-`@l1oF`{gkD*IsL{JmraN^ajJ zIRWoccn!HfqNGYfLzlnN!{(6IR-%=o(3J-l-PlXVS&QVw*iC+gHKiL*EeR~y`-g5N zlD3?mn+?S2@y)S{%}6EYK#FD*E|RFFujTX8fmIWxmjI|-n-@|h3{y~^N!Raw{2N!J znDHO)eeA8m8c|>7`8YTYG64+*Y-&5x9v_!X>N+pi#`49P#xws-Qwh9*$8Gu$`Oo%t zNoTb;mNp*sv4e#U)9`KET>f#{8e0ZDBBl}ly&dhmeD-+=OsK^|8-ucE5mrKt`%}i{ znF9*UG*Jo})sSgC z>9dd=PpG+Hgd#t6IKL3H7in#wdb=Tv&b}i|hC;|@q{SSiX}_VfHU8{VV!c|4%Z;PY zJ)~(7nkx-JwM(tQe+$Cg#$?+sgM7G+Zv@(8Tn^?B->;E-gz@msUAT~%nuH`-U6H}a zlFQ^)Tg>i`qQD&ZfpUyrmrwsU0{QfKK2;2OO7@+3hIVk?ka=@=b^R z)pPt`#m7|nmMre|gwpLVW;Yf=uf?jDA)2!Kui|!ui0}k33Izu4IrbP$LgoJ00lm|Nc@SfM*$K9bDtvD{`<(6?Z+)v_)9e}E({+) z>!4xiEc`4bnSCzOkr_I4DYPbucIc70;(2gLv%JtE&#$U^`ac<9x)Q-qhca29)2gqD zY(dN!HMUQwd>aEbjuMSxe2q$L42$ARp_W3bBq9!1kfEI{WV6CQJ8^+57+Y0y-8_EV z7FX)w=qX23mHMwbNdDdj8hEDVr}IH_5ZQgqO^o( z`RSK9W#*4$>tW3J3i)4K9@hfo@+fd%RrSNript7h>a@3k?>|IrsdEc z75-^>zjfY-XkYz8qB6kdqLpZFQ^|fB)CaT1@uox@kmtBd`yjQ4%FespH2r>JEUH2& zr^Ia@9HKb2PMgXMcV~;6KWB`c)vP`5E9TRC=^2TG#GU9bufI!=&ErA}H28RIjlhnf zP!nqr$pe8x93U__wusw8BvH z!BBc6+S`*SPpH7>|3GH~6o^n0F~&WBUyGzL&aH6uPaq?Vm4r6b+xx~r6!H5ile@5T zn+^peN`;0F>pOvm2PVLWH=vChQ^)L>6y}N3gBN8pQ&jFyG}zX{f3SsbhJ>`3p(uam z?$7?2nqB=<)LoINODW#(gu;wdgHlux8lL8w)u_OgHA18_QKI<)jk-G+f?QD3jXr*O zVi)bs+0-h;qs;Gyh%ER#>a{=Owj{x|^?t_+gpVq^5=sheJPR^GA^&NL#P4aESm^;=lP2O{G%d|<~s zY}dz9tdh42Qo1^_j^()wnTh?ED=g8I+}25&n%dzAL92)Q^nGT)6Gn*i?zWDdYjWI{ zet}^~M4L8Lc;GQx#A|%naiMow+BnpGThZ;8v{5I#7p40>k4d0MnSMfX5l2!PyuVT+ z2tRTOsf3Hgzy*_o7hn7B9<1maaaf(GFQ&>II3}SI*&vM0ha~uC#TuPN1Ur_TjajP= zZJ(R2mc2N(f`A~rB!dH7m$ShS{$W~g6JiwCfoq=*w9y9{^qM&wgHJ4Q zRdgf$%(<6Z#}`yp2XGHI$=MTwmhd!wkN~k&h!-+!X{FXh@{3}<)0q)%_R-;{R8o-G z#2vxNHGF~4%g_dJlB;0rg~$?w5UBWVsbc>CeC%*wMVzL}MGR1wYdtm4B1I%9HdJ!G z)oJF_D?T(mo|~r|pG&QGN8RbDQ2k2nY%=Q-oUV8AvGmkoBCs_35dv}Ug}t`0fwn9o zzo-c1``zZ0zY8198qdPUH4t~W`{G5lyi3!}+InQ;O(wMtM%YpvS03?1ywU2^ zdSH%mF*EuzDTbJb8gs>n|6628Umr5-b5b;#7^3nuhks_~LcGcFzw~_>DQftl;57<# z<75Dn3_|S6)0S8zrYb&)T9MpRhOE;0qfpH$A)YWVoW0+*@+UB6`}iU6llJSbar)iV33RWOsZ;ojAR`+~07}li9vTspH#G;?-k0 zqqeQ7uuuqv#L`I@QqNXR_|KHO$`!DC{Y|GqaAy6nmpadV!|*JK-@0|{(cvSh5@)0D zvJ*6c%;$PIP61QLXS)lKP4Bvm10`R)xYhX(#`E1u`4)bPYc-lPj1c+A#Q=GTPfkzg zI5c1pSt%V?`d2Nf(5=AL*mR~&EKpNSY%E5kgB6@l{?X9qu_ZFRpt>XcM!|}4=Z*&% zFk8Q&9L!x!6FTa#;q#|)0Iwm@$Y$AEa`yH+2QPQey~1=av(chn14(9+4p)P) zDIX*(vyC0lW%h9bYebz?FxQhe2J~jS@UO}#G;f%EoKaZ6VR1l1+1s{&3kmlJq{Trq z_NRAhR+fKo_mzH;Ognq6e+HYJ2%!M+`&{q$iOqaXCavr-72PM=+s5%wBs~0U!iN*H zf(W7@5DNxu*)7@#=M%Zt?`d?r6s3qvL^-(6=|pcB|t-`na+#AaE!KtLx?!|MT%;cXxL=`|R9Q z7X6$*qSQ)t)RZM3;c&JHjSC@_&p8UdQ3r8H%K)rKh&z-r2ueD*cK|AU)^hw%pmc^W zuKUp&e^`wgCglC}aeZZO`?ouL5QKpap-`$hm9f9>c|SRJm$bvHtxZ@2XqD0Y%3XWB1Q=WnRAi>x9yuk~D7PC?|uGF35cHxbq z;j~_zugiwDZsiKa-+KZvbgdqrKwK#|VxDnr4rJ9=k|Kt9T|-hxm|9wTu7S8~MJCE; ztX@e*t~?$4*SDCnPjp4_!Tcfyk3ah-c{FGOp@pclMhRSpDXMXwLqGkUqf1!FC@v-ye?NJV%^vV9dH zy1LrG(jhutdjPiE59}Y%QC!Ek8^r^IfxjP5fmXmWGI)xnSP_zD3eG68B=KY(ZrfKV zq#Two$kNGDn#6Ae!6YPXB10**N=xJLZy1r5B7}i$)F%A94|jjGFwXT~M~JpV9U#)C zvZsXndD~5SX?}(f3sI)-Ui&>A?ILD7rL;s}TWa@-eVAc~p@taveL9B?-I+VCB(-CV zAFi4AHgEbVgT;#ZkBhybW7Y+d*CA7*v?BxHv0Txas z*~pCSo5*Us38^~?9bbffSp7w)fJ^o&ye)QL2Tqbii#`tz0WW9C2El(V=g7QH64f!4 zqSpGm9w|+4c26nMl?8 zAu=bS9<{F}Frrno{s!q|$mqs$QO6Pzt0l5Fpf#-o)}7%gEBpi2G1D&^q2u!B76Tg^ z9TM^k?mQd`L6aDnCM;YN53qcZYh5uqP|BBJ!*U8-*I9naJyJXhUdGzuG+o-vZtIJ1 zZTka~z2AXwtb28?*soSm=3u!CF?WP~XqW^i!r3*1r`oVjaI-;JO5Mu*?Z`frZ1&kh71dbilHf6GoNzXlq<$mZ_Zn%yyvLAu ze&qLHYA*TR+3K)cOStak>%kfFLMBX(QEl~Eh*=f4#HGE<1HUXkzdAcu{V0Le%*ImJ znDa5*ypU;Az`Ys?GIxo`C1%mcwD)oP`kMXu=9~%1M2SVPi)!4eYYouf5vpHv7r@rs zaB=WJaMd&AmG{)xALo@mj9`2CAe)&Oj&oKIyozGU9hf#Twk8#7^um;oVX>K?<-HpI z!~!o`ybTW3&&px_mj#K+5`&|xW&`ZtjS`svqg- z^uL@HRvq9{8^|){^2xGv$>u@%{=-F$jj2U(I%6Hp**FAvNmX@U6Pic@C;4?;_Io?I zxtpTsR0{7mgdW??gUWa&l5A*TdzM3kNT#3kEDZ8&P0faKk@N6op@c8ckEd(n{g3*f zAgz+wKDX*^LBRJlN_ZIpF%bynP~l9k?+Rj_G$K8r87PugO)c=gFyc~yF(wq{ZpYK? zY2k5dG(|s()ivPF?&M1@?7^eFRmTVJAP`6aQCkkx=6xuEH@1aU1dfCPj{|gEp1ZE| zr%&$p~q0&62=|N3%lyy6^4_PXr$hPm79pz~Jh zux7a+%4cu8J$5R5fKJh487LIg7VvT5@E@Xs&B#)L5T+6Y2 z&-L7kI=VbGLsU)WTBaOFq)U+W$B^q5Uux8U2IF8Tlb{NEVNLd(b zNQRDwsocM|B2Ft)rEJ!YXD9q-6iKXYq{?`D12~+JrsUV}S!NMYHJTVD;jGq?ci=WH zRuL0(WMeB!DsGk(r4=8Bvz#bB9WSwTRUy|U-EHS0ha1aJDMaCsYFgN=(B6qLytk|> z#A7OHd7t@bzgAS_rdX?A6&vwS2T{$Wk~uWg^5S|Z?=!1Yv*z%kjxYCRfl?JNI?^d) zV^LVs1wGs2VP!;R2M0ycC>8~cdxtjUMpWaRKYbv5+L*~e#OgQnINGcrm+>$3s3ih) zJ{Jf>+tjMqsMwIn^21=(wa>O&%^u!Tjbnw&gAfM+TtTQAo4@_6s3}-<)oReF6C0tJ z1GpA|Bx2tyPEZpJpR(Z$tbuR)X1G|XK6hGMYmNchQ&zFBl-x1e)H*l&Pt35IQY5N> zP9%VNB3|QS=6=}z(Ry`s5AGWe9%j_2!fNP}g$VlZz$})idyL_D!2~91(zO!jozGXv`VuE^I3kaE+?m~!?vC4On+fB=2Gz_0#u37X7J`!} zA{z98ycz?e34TAZr$W_0^d)Yrl)ou82;=#D#dh!lX4ZXyLXuzJ;sf6IeL=a&(V(~5 zpL|Wt9<%EU@*FvDH=@XbDK(pcSW^(1J47}tNyJ263h}LH^^&U|s{#h?#{eG-un|rU zj>>`p(x{nxmw}Kc9gp6jn5WMjP&~RflvH>knT>;2;FW;~>v7McTdZ2)PMFq`AXymZ z*_gV8AAR&-h_GQ*!B#&B?hMD~$T1$b+pcbs{dBEus+4QFy6KMbXgZ9vH)3RcVU3Db z;ZFLPr#!WpHD+ez6P5~z3idoO*z-Xp=5kSN$#ZVIqRjWg$N7uQo&RU4$d@D0A+>WR z!V_Ot)u<5f(hh)}+yPwcI zAWtd5U{^IFuP(Z)MDzVSw%lpWXPf}b((Wqoc$Hn~8{!KNr2D>3;|e}~NW%&FJ4sPuzw3)It5M&D<$b2T5$jAz zZrw}ptm8|2A{Eq6+^68Az$$CvISsZb#U4HTVLQ&g<6?-fyVyc(h$U_MiKYxx)&+SZ zse;AMV-`dae3z^V!E5;C?d{X{74(K36A6>Qp6xkx6OpeLELKT_7g0s&)p3+4bdY=8 zP6HhQ^K!*%Ff;%evf=t*_qP*Smbh()2c#7hb4S>Z?wB=_YiB#D!r`yUNtHuM5{Uh3 z2E@oJ(JXMzO15hawlVq*WMxZ2*l&X|z>St-FhY~|BJ0s&4vE7kO8R7xG}&SGB}jQT zad4o9Lu;zD)4IPeh^|&Z$IADUVGXO>r?7D;I~SssB#?+X&W%&dqERR*un+Z#RRxMy z=N1pMj9Gq-S`H1@bpC2~;)S8l5TR)B5I7AC^WA^qWTD2S=0#mh5t6oaSqKgPBt3}I zW3u7HpuO&eo`t`G{MR&=&we}W{cRLPv5l)+!^|FdG8Pbb0F|a7;o1bbb&tAe1Tux;jtFw-7ma4d8-x0rjq|0lVS&9Z2tA=iMHE$lY?j zzTSN+D+lfm2sn<-()FCDx#?gd;rPD|vF7BKkr|4i@-y$@&V)us7bdwNeWy2aF~7T< zJU_@p!W78cCeBk-f1>|h9`Wbt&HhCzb9QrK@u6adx4VBg0_bzu<1w~mw;ub_De-3H zdDi9k^zoSI@ZJsD9yDR_*zJ47n)i~u^_Em3+kNGC{CWlg#bMg>KA#k;{NMM9H9t;9 z1Z!W9JOJwGRu7u>zd#xO@gEBYMW8dSR>D8S_EU0%x>{>Sz31fz+4zs*!MX7FN9#Uk zk2Aw}m*p|EN(d2avI@$$xI8*S*Ye*%@hpqD+CON?3=e@+seqL`A4p&V zok@w{F=oiug!}5ZgAZkn^NpaN5a=nPy@}CTa^W!8b$k5F?^MWqouRq80xG8|PQRKW zU79cxl~HNcnm9G@#$psk+z5&v?NB_f352g^Gng6XIhyBQ>o$05a8ZWOxLzuNCv<{7 ziyNTKrpCQIc|E3VNGv(3!+)UigW8F6=}t^rA}pM$DY;ZrMwz^SR3$LZ-}4Gj{BKhFVybP;SU>{j578EVYzay5(JQnndKIINu&*B0~J+l&j#F$?3Bo)TmG*6i% zWh-3@C&y~9WEvhe=ykHNdcxY;O0tV~F);~G87auw0oN=!B5OzZ@dhZgG#UEAVkprU zGR0c$cnliyBogX+MNL*JVh-YA-_ZTl2fI94%up<*PJfu#6hm|D$vlX8W@wc}$rt12>Qi<%Vc?f!TuYk9+-A3EYqOiLz2o1j#-J-IK0^gwc>W4P z)H4&7i=v|cD~n6>Hx5e~Mda!X z_%_SF{Bd08?=s?+h<|A>0pt`*O z_IY_>;C6IcHZy+coFfBNvLYOQOWW^Qt@Az2a_dctw!=nrb#-O3nkVP>xZKFSn-Tm1 zG*0u__#FCp0>!a!fcOsYW$h9MfLB@H*KxX&46d7S5X;;}2xUBgWZ(IK>hJU1r|UU* z17(yc{AJzLzDZ|M!ydP<5*>ZyF&=pwx;9xEhCy9|W~EL_pnJLlB#Rp*4^S?EZSL>G zO?OP;1v}LE%H2-)dxA)LL|yY6Vjd>qg`<9r@bPk5cPAi?Y7&uwA^QQIJ>~8CgyeYW z5g<|Cmk1F?0wrcTXgZrkjlpFJ@E?1bw6!uWS8C#OMIYKo8L7PJrc97El26wsY{H4> z7qdh|C#1ju+gw{4U(EY5t^#(rK{P$;I_=cMFjrKB(UwKe?tR;{Z$fm_fJ5bVMm1HH zmxz>>B;dRvQONS37X4&ehYr{3w!x-reQNNPLQelS_5N89j@Stz8)E- zjysA99^FAFNH(=Bm`k*(iHIX9LA)a)LJ#99=FpTi(c@P(Z32tEMx`d4)6$Fpa$)uC zWUz;Uhgc()^p=&hq}3abAv9I5#{a@c+eWsuvESQUP~3&#+*VM#cOo$HFr)s%qudcheMQC{}ENdM& zXDn7JSI)qN9I387Bp5I(A z>RjXXUtC!JS|VZU%hSdBC`Hfj#(hV*03XWl;vx`*e+K1G4kc0iloLG4*bi`h(|aP~ z=3+~zBseOiYDS;T2*twAC9-&Hj!IywnR<1ej zjmvhic|{(N)>i@&hHu>tm*j0PuKLhx3mmM>n8VPTdhc{aO3vjnP5onk#0n^4s8FXq z&rEDhSG-M`Fc~xzvZGaCBISz=job0|%C3^2Wj)?iWq=Rag4c`(3o#ct^oPQQz1$rU z0w%#8#99DZMM&9_zcodRDUwE^SZHW@kT`D8DckV0g}}y7@G*RY)WCCfhVD!8N;y58 zUInsLXbh_{W?5PKOM`?p?AFJ>>$EmBJ4EjGDYw{d1q-stsL^LEC!v8z&g{had89

S$AnaQqXMdB zHxKv@amlxP&W|B#sNCW{?dA|A4~lZpY`z?sZdQ?TCdQe!YN3 zM+;-JgTRRSTcJZuc>4JX*pCzZd`<;z^nTii_d7Sy1-VQ<=z-lMKp#^U++m4`irR`! ze;_bZG?SFB$#Fod4hss20h+0Nrx z1P>#`(I=MXj;q#MU1SPmumF~))sAAG&MB?lw@A? zN>a?3e(JX!GuLijA^YC_KL9F0)xN!#Q3y2Jwa#eDRG5bU3_?njH4QQ&V~KV`WF#$> zOduSWNCmh;gZ6NAiaSh&SjvQYr8_Y$C<6w(^9n2rJ!{so8- zEhGXL6%`pN?nG-rq(X#98Bn1T$*em@{tH0K&~D6Tm|oHY+_(5SioQ=OlQOMrWjAa) zheiu4J1hueCqW}=fJPI9ici1wja+c_fehyhhMR8j6;^Z>KMYy2rPpY}t5^;>dgT#- zz#zp{ENv?xEGO2ZqoZA;qoZGnAL>n;z>)K2A%#b%G4t}c&y%#XD-xn{f7^*IhHR(7 zU_6MaoWi9p>rt1jVorMpXU?Bb7>yxChJqh3To~i=l`C1bc^eC7&g5tJ-p7MWS1~j+ zY_V`2fixmSB?ReMJrPByHSJAJROf0bmBtWQHAbxoe9fe`1{_OaRYKw@qZyTUJg&O* z?VNS&u`F7)5|7ASghXZpqBT(%@ZJ*-@~Jtg)uGGzJG>BVbe~SHNm{@ zyea5>3AXnd8EqB8{MpFS0M*wowAT882OgO7g)e;Jtj~PrGq>*T0PHrfJnSFPQkTiaUovK7n9 za9lvv*NCbGbEw&WAGD+CUA!Fi^qK_SY~?=2tuLKep$aMN{7guRbX-KrMWj99cqyE0 z8Yh)Tq&;LRg>cQh57)s-r%;YWg&|?F1fdZQ4NE>ch|oo!u;inH5Q;?u9twR^?uC&- z{gemP5|9J^eLVQUeHzg9_4O=Ru;8wzo_gxj)22=HKli!MZMg8l3-bVHocRWBzwOVj z+w~hA9lgGxvFXCW{=Q?h*06Pu>wo+Q4xKZHcN}{Pqopylh%Hhh8~6oEL`Gc4&TzG3 zHa;apBIECoB8W=hW=ueJO*JeMo&V5O{uteQEg>RAY7Z&Fkq)5_NJ&Gb6OKezj1Yvh z!-BYlElo>VY7bOIAsV0<#lZCdRbjqAWjF<|RJKXf%)0i?1kqZY5w zf)WC)qOuP_P{wWS+_^(++_Wj_b<8_tU#7NoptWO}6?PV$I3m839Wm}4cON^5@z0IF z4#SWj3JD?~*KtU>F0J*AoO9^@TyW$eNV2@~pd;xW?&h;M{+6wML#*rRVf)tY6jf+O zMM9&6B;^Q#AmHRf4#!1OaD-Lw6*$tv4@YUKZ=$ufj=texq!NUL%$hWrkH6(2_M0`6 zvHU3Y*)-{tOW?ai7{|Vj`bMt);J+|`>I_E43Ji~qA*E}jgDpibss0WBK`9FcjATMP zHEBX6WTjK;yU z;1M7C29rcX9W)CbUjid}fk1!eGoQKT&_fTcTeN7=@ChfJ#Qpc*yEg&Yd;H^$6Hh#m zpZw%UTzB2K4w%$2;k{uPzAve;XHSLGj)0mfbjc@?mXQ)YIE3!)Pj;5>o}HqygDacr zNzIu?)w~&`>uYfQke-zrh!(E`ztWY|YzuYc@T5Gslo|rHtT>*0!Z;Z+b6w4Ff_uw^nFeTfyo8g0Mv7`%nrHV|nyg9!B$K zo;R9@d@&Yk5g-^G9Mlg#{P3y3sXaYC{KtR%$M1k=PdokWw%c#}^XrBn{LB|W%NMTt zJO>|o;I|*T?~!9lenC^p3)XGrBj5aQrge33b>WXZ(!`|blF^L3~~s&iQ`d&9|`f5K6OQD}S(v@Flp!K50FV8!NLBcpz+OnA)y9U^~tDnBXLF#I1 zIBfoWB2`M9ps`&ir8SvMidmB^1s3Ygvsf+`M&xOaA!LDIY zfw2}|Fbkeu4t^j6f{hzDt-bi-e>wISzxe5@y&ZtP$3N_tIddlW-FF`sTyVjAuf6t~ zs|N-KT9TIik^7^LSzy|Ret?#yZ6$<4I|9~i1m7` zw`|3KU{Qh_aI-nw`f9RWEqD!eq-tw$YqB_=XL#FECV|~p#H)nYts?_0i}%e~|6WDP z?z`G@p@pTuSu+t`Hk46zztvW*ReB!EO`)q4x}n}yciObCOTI|}hDTvrH)4A)m8`m5 zyLPc_*RBg^&z^mu*80TP^BR8Ps?T%K!3T5q9e4kswzhsj$uBGcv=|%}15YpGec$*# zw|wqXbToD1hdxqA2qcl!L5thd+L084VT4xXQaM8HAW4A?5keA%B|Mo)W~WM92DS~f z(s2-xnahUwxMV7hb^J36qIbfD~RCNf1}CI<}`#XerS;&l4+O;E#_!LUkr*Gy!bV5hon_rTuuY z=x|3keEDDB$)R(m5CkECQl{Gxw|(t1B;dL(Yj$>{{Lt)_%BU@(Vl_Mc@*@CYAFmTL zdiyJFhyn4@+06d4rywwF45=Ke{r~q*#9pGE@RCj6pz^g=L=tdZr1Wr*L_!gk3TP+I zSgA-|Cc_B}=5xrLHl%P+L55-}WYvz9Py$lGk^Aq_Ii5?j>jFH+Jm^lenY(S%RUteGA9k<_lAh0(9 z*n7P8$LBux89w*9FR*s)TISB3d)&SE-ur`rfdLa9T}N=@A*jO^K(S;v+&Crx3(R64 z9YZXCF;QBxc{9$!Ii!wUh*O=#2_uv;bKKGHe*9ptXK$r5B!%QsTNU3l}cD{^_Tm{^07>t6%r)`OMQ#128;1xb(Es z&)jt99k)#eG~0HG<##{HN4tK;&;IRSNy(h0bSZ>z62O?2hI{Tf9?!3T9;INPNfW8g zR-+>iN2Dl)Bc#*SK!_tf{RBnELn9{iGzz!l1Pg?i>gqP*#~RQm}4k zAJTPEiE&b_UKqVf6Tphz3lNb)+o-?$Q$%YW2Tq-euca|8QWml)Ut);&8YKb}B~{WU zml`~bCxp@^l=RR-;)xWl0$*x$SU?97FI7#H64bg5b0@apIUV@Qj4NCr2nZ0$#lgYR zf*^`G{-FIheBM6P*Hz=nYO+q95tRx{2qb9-(ym8Cb&hX-;sfkAWj;Ze!V#eX;#=Q_ zP#H{x(qD9!S;ukKp$kyTB&XVuX6+gVGc%g&IAovc z{OPgh(2i5KzQ$lW5^SO8!20dzmIi1rehs?13UR=6ShNyR&}bFH)DGwyMC|MnVHoIv zp`jZx+1!K0!q~P?UwJuSzWSQI3Bcate}0^Q{`q|Fb6+qQRLY~aY}xX_=;){dq^?TC z@rS{|`#>RYTErIGszqSF7Xq<<3%c95m5EduJ*@-h@P#-XZQ%PzKOzKD+Ci%jFPo<0 z>|<~+$+%1N`0CHArz)ERmw zRRm^pR^{zp3lf=JEnMMg$P*fli7s*PJ%ylNdw)~sh|-!7EUI-ZitfxnQ#TD z0MNzjPokobB^$PL)WZ3Meq=;|Y{ee?EGVJz6!<~Jh8??zT*u;M5_!K@iM%B0e<-T~ z5basJp{=u-NsTRpp*6#`YItTn?^ysz2r>RM+C#J8<+K$9(#-K~cSVEI>{l8{8BnS8 zkVt%~4ewro>t;+rfF=+=VdSImNDFg+8ZLrs_7dqJgo7f&lY(?j21$yXTZa}3ge1_R zY1s?GjENKY*qblpplJ)p`w|F^GNp)}9W@$hbd_vg6(~&r1V;Ja-sjqm^x~U5G?143 z2yHvG2b7a??#W zam5v%UhvBse*MlZn>K$e4*oRP!)b@X%&AcH?L5)UJFO@=I1ajh2%cVQmczWsFn=aY zYC{VLStwc^bCJwG1(Hmz8le@s7$oBJLI`AJDtv|I8duIFwV|7t_M>U*npkdVMTyNV z(xA@chHkv!DWl|OG;7L2AaSB@9Beg880D`>i*h9-F&yW?Vf32Kuw}dHhQv35>xijS zr#?An&YX|la?34Gc64;GW5Zsx1s`31Rb zhR0|58 z9(MNjv!kz{e6c_jDbk)pbvA44;|Wm;92_DvI|lmc9T*^&uCrPKWv5+X*Fq2#i5TVC zb!+(k?YAPO#EmEiKW&ANRHauynft9O!e6Krn|pe3UDx6vV!ca|py?$Ngr*clZ0+eo zXFU>u{|YDMS1SGu6vmv4@FUX++r!hQPM=81NfQQkxMdj~F$GZT@qGhfXW-HXPp}EF zj?HpKWeSue1F={W7#w5FgExnhP(L*i*QP?!3O*@mlW1kfJj$r}2_a(10FZ)6X{509 z)7Y>|YaBA@%g4kwOV4!2%ohNj?ZUe*RSEO`F8?Yc`?AWmbfDe7(!+huZZ~w1eZ}?)YsrN)R3;pQB|GA&1OjFveed9F1+gvhgY+Xg=NlkYK>FOqd#gtmc17}Ypy0&C4-NEF@T6%r>EQb_vxhX{hu&=i%0 zlp_+nozNhp!@%GWgQEq=lq>Rb8|l?D0AZLX8VCXlV0|ezVMbRcDVe1tN+=|bj?-tA zup3Yoq^p&QLrGUnC-<1P$%zu8>^E!=r43b7CJ9rlwXeq|EV1@}EX5m-L_}=LW0MPI zu{%=RgvB!FoVd#(BBLu|`Ttd^I;8LnE5h>jl@7665;awIXjRc_uNeP0I5gDOQB;bI zlK5ysE6^7uz8LZB-(q}Tk_;G$=$jsVipQ3&=KCLiH^(fT&CuAGd7nZcg+?h&rYgf_ zXB@$0%hy7>+*%RI+KLRARsxO#D>p$+7Co^AN+CLkAl3+2u@N0c&{PA{C&0Qb0DAkj zo&S2~nP-gNcH8Zr+}i=zd;HDE3CA7J{SQ9CkAC_?aoM{sbDwzfna#t)1LaQp)K0|t zCqX6+fif*WJHJ#ivYVbnI}$ebz^uv0852=qXl|U)ZqzoghK|{QN>Za7fp!Fu75va; z4_W)?y;na0rEwHEk;V%nQh_#REJ29pD`aH;u492bTG)**u5UDDfsP90FB#7`6@*fN z_CQ9kX$ve~3Hh<|ZkLP<%x3NTzP{zQTNmCk;nsf7^O!MX*616~KIiPOeD#`#&OGx> z_qN+^ONiWOoN*er-+t%ocD;v&jVV*97!7{l10TBj`s=@QC4dY9{O4BlpFjCE?M+p@ z|KzjChaRDb5-DFHpr*ct=8i_zF56%>|4^ex^DvT!tvx6N`IJMxDuc*Yp)+YS=k%=F zO3cqw3a70B-PS}FL6zl%ds5>#4vx?`!br0TA(BeW2={2pV{{X)g%p&E0ZTS);F$du zCL%kI9rd6Uz8+@hu5SMId*7t5Z-}Z)7RM%`A{PA-!Z`fJ;8pEdLP6p(Wbk_kgcOXF zO88-5>3&g#gt4t~F`_iRBYB1kMX0Vx0FERMhOan$H;<1@yIb#34_<>SX{l{639B;k zMCl?@q!Bj2Il_SJbev{eilPw0KnyGuQ`&?_Xb_HJam2FDS_?~yHwuV4mU0$?P=*L? zJ9W|k=*pb~Y!YtMD`7;Hl zcS}9gRYO$fN(l$MGBqJlE6#Np7bY9YCuaE;^TmLY_#ge%vsHm33 zD|i9Kg{;t~10aP_hpTAemsgsmwYiy?dTB0b%5*h^bfLZL+Y?>N%6iNJXLf)Ea&4w=~2L^hiv9|ibY;9CX|vDSpr z;{~VUMW^C%nEA|wQsBAx`8@yfwV%>EIE?4IR&CL-qEr#Nbc#z(Il{CVDqd4mf-QtL zLK{*-7^0tEgDw@3!a++ro;+YCG}IUkqD&g5cYu^gl=eLDO|$3D`RpT)KlZ;WK(@C7 z@PFv|)F&?ID_^~aH^1}Z%u^3P`ta5*TjnG#p(zheJOq8{zQ{;#nxRbuW-0 zL$qT+JIDx~b1c_c8xxFp;j4JosFLj>_<gK_`D?_ zkuR8Pcz6^>MqxM)g)%mvP{{M-lTT_P#Nw@6w({>E|KuO0PM)&$%FlfI=kIyXd!Ktf zum2B!_jE`QSnpi-zvS^86o z8S|#&rai(^faf_JckGEoQN)@xYuNhN$}9_Dw1ny(C2Xn1v74+xtyif2+0l(v6|id} zW^>r-urgy8&r7j>%XW4R_EFnj2U?(23FVCP;IoVP#_xW|)}CJK(>lrJ+@ z%9XjcEh1C33yT9NmzYY*L|;E1GHb08lNm!P&}`}*pkzg;5=q}gHsWP~fMq}AGVm{7 z82^CybIPQsNm*5GEll7?BD5kBAn@^05q{tks(`_Kfq{J9j4y0OuWXw>n@N*Pr^#kA zRCz9ulsLl0Rp3YurA=ZGM3w<0oMdcb@H4TRQbji;0awa#9f3%PcGj;5!Xl9u;ozci ziIh(%%qROo%FS8af-OL70$|uV0x2A%aIFYcWfR4`yTFf_-PJ~2eH{bcyTH}uWFck% z>4=JXj}>Cn<&WA{@ET=wF)|stcl7X^`xo({H=alknM5a&3aJJ8F`qXaGN0>jdyrj& zqu{#it}a0o*%^fkt_MRS@cahU!E?&{UD|^~=OP|lV(5XLO|WwpYDb??fzM$7z~_!W z;>a%?eBePmz4)2E3Bcat<&V=(J(aI~^%{Qjs~Z=-k+^pD8q-*$V_N@?L@2}mH#cQPUpxl9#HFIB^wv~+*ztA)KP8!Rg%C+a)mi>~ zyT6K^`D>Y2&1#|0jzcNyP|AA7IyTa{c^_{qAT{bEOQz)*Ii^i3lmQ}YZGdJ3ei_IE zCTsURNO|b$9JFFvh>-yX4v)glUC`YRqXn}+YE5@+VSiEyx#%7O&u%Z{NtS zkx{O>_#&jJLE+#Dm_Bm~u4fW}zz=xC8{WX%-u5;|^J6Ssx|9!o;Dc=4vW@f4KaVgB z*|cdBN-27Fb`zoK?dc^bl~5`o>g&gAt~Fy>?CX+VcQDwSKF?!uex>^PcAgo)Vit+q$ zGGKKIVk9|ABws77to*Ma(%JySZ1CCAJ7_j~uVUtJ-LqfS64)lL8pb7*iOIKYzt+_N!^|jQbQ^-((aBWf`6Xi!oxJcgP1aQ$!Z zLe$okixE|U$E>7&L^k=d)YK#)OBP;)ay_12x0N7L2Fnm9hgzc~G}Tsd_CfRc>0OT- zb0o%hvH;UH^RUi<4s7j(l#6rFY-0l)MNpkZA2AmmcpjnvF=q<8cM!rzcXxM-1NT2* z`_qe`>Db!=*n8~pc>ksE<-dOPL+-fiF3vjR%tdc`+glC+p_Q_wc}oMl`6TFQGU7H$ z8rxGTY&B!%p4y8O`M8~_jHrdO!B)fuBT*uEYQERw3jG*NSnhRN$=JBH9Cruw9_FNp zXbj^jsN}UP96Xb1L_5i2%?#O8NWH{bjZTNh`Yb(X&CuDhq4b=Fy9x88bdl>rF^y7a_y z@!ioeiiHwic-Q&VI4vMNX3UsEwmM63v;b(HdFB}|x#SY+>+7kluA#G|gAMD~vuxQC zzVn^yIp&yS>`VHjycA#l(lvbMs;kVVHaun!-AW^*rCP=)bR8K$CfaleV&h&W6Btlz~;SO9K{ zy4qTlitJ})WR(m45CbFKyyKdmv-sH+CeryK1j7*VQ3M_)$>>6+j#%Q_q~)^CXIp!FUkkCA9081n-zIr%7lbmt@Z#Q;1D z{nt8imP|U5N~5EQy6S31iv=QO+VnyzyDe!D9_Rof-vCV$1E?rrIk>K1{0tUb;>IEPn3U_V|21 z{i!SX@>jmJHv!mtz`Ni5ZvOkf|C|5%(GPjwdoJ1Mh8ur#<*j$zen@g>ONp324SnX3 zP?JR#e3X_}0A7P5z%}k%2_VWaX)Tb+0$D^%2-U*(Mj2-GR#Hf~dITC_lD5CNv!ISh6jwNfXwj5Tyt?lt&B|z*mUK26ZjVLN0bJ zvb*4s0ZqknpFx>=SYHdx^`?s3H2~Xtpl`^0Z;RPYTQ+m~r!HSVbM~y_3CAAyzKbuu zc;hdA@r#E6E;|20ZoKJtulf48?Y7%EpkPZRmDWF0^L z)^FI^H^|lRelxQ>yXb7JB{g*->@;RiPd)V%g+hUJI!#SYHIpYz<}vXoOO`C-*kh07 zoO90M@=ssEehc=SxJP!f}iUi&BD6L?&=p`kG8WPK}na`h%rW;h8#J zfsl$^I?LKETlwA}|IAJI-p|g#L2^}T6WonxMy zZNRH0$Qhuiu+qP#C!nQ3BH1}O!V8!n!frnn>RLCPgpT}^v^9c}fs%xte?dUF%g+UjYmtD~c#ij?b- zO*y#Ivw=J^NB}L9nYfAHPT~ToW4%rxiBL$Zpko{)HI8wmukIS?q^G`yq}Czq{%(etFMB+;GR^kWSlIkM}%{ z>nj$_m_o{PDaDfL5+bdPGo{izxqKr!P__e92{S0$S!?B(ajSOCe(N~~J0rBA2U_cD zCUwHD5%jt(Frfvu?SlS60Nv8k;`jFUre5#hAD4rBkAI@$eV1Ow;%A@Xx#ynaJKy=v z!E4s6xnkM!71#6+^dFvVJDCg|yC0lT$jmyWZErh{NdRO8XsL2;7SC*530@jf zDM+Uvn>ApSOcpX3`!5YC&$PLOV+2E#wn%PWhGSRy03|bi@$$oD@scS)#rI;*kKMhS z5T8rT`Sm2aDvhekqN~!jO&5Stc4l18B1GI49A`m0ZU|ZaZw%(D$w6C_>9$l?nct0- zl3qxEU!RxH=g%D)8hKYP=hc7tvsZ8a+BdJ;^`X2GJ3>iDfbe zHjj}>%U@B}iBO`fHBkscCU&&(<`WJzo)dNr$rxcTpr$I#SO0h)4?eTP%x$aFFU7S~ zVqSI^-H`%O2n?QNED!6qfKqs#$G-b6VB7X>ruwR`;<8IGrlF?F=+_7sEA^vA#LsTL zlNWw}uVHGa=+zg9QVFhw(E<#NK<@xzXD_0sA9@C0*AVoL*!NXHlmh%xiIIGfo%sSQ zxAw4T?N%OLzJUjpy~zDb*YeD|ZLHkBi{9Z8f*>U2y3|%>sL7el&{G0V%H<&&iAf|5e`Pp(+xp5EVx3J8c4)Y?>wOHd7iHG3Tq4 z0XvsUP$*H8%kt&R-pm2L_&b$2;E1k|i&^Zt+I!4Y~gu$Ki(`$rDdJ2Ecp%<&x|E zc=OF~9T^)=Yo+R=C@M$srg{_j=S%^@iVY}s>JmvCPge#qN18zIxsY-Yj)Qh88bCtq zVMtjSY;E%^QZP0K`I42_Ezd`jJfo5>^$$IC#VA4S1}L!a%a08Grf<|d)Dg-25v!Jm z5C%9Iw-sU(aZDdlmG}o``OU78cO4mljXMm}KqX{x;W{n~HF)M3XKuXZmRt4*IRC;6 zxaoJl|GUrj_c#5n@wUI*_T!)Z;^*hZKfCnO_wl12{Q#}CZ0%@C_x1GWm6;DoAq2WM zL(@?Q^OgU&n8%-A%TNF9+T`_qd*g4p@XZ$j@bh2(f=e&Cl+gFlyS1xDg?|G=z<#q} z`b0b(;s`-X2vP!Eq46xITAGjAZt4nYYD9x}k7I-eWodXK5%Z7GR@yj3<63uv@emU^ zZX^`9^5bh4+1gZD)`=3<2olZUSc$_I&f(WrT*g=-Ff=z23+zB`RhH-0Z{eiReV5jz zTEfY#^hXinKa{drRf3nPyw?CZP(bY*gq|LF@M+M{-rmmXXP&`NfAZf31K8TYGmGzG zMn@Y#sE7#YAKL*a&U@3xdH%ttlfP44lcS}vm2@_X<3N6_h!m2Mv0=u>#uytL+r!QA zayOtrIOg-x?G3aZcOY**?Rd8L4zO}ZAH9Pkge9L$Dvj%eI3k4<5}`v{>T8(X(#X8d zW)7M=ovCegwASa4!lmH*s7Mj%cuZgtGo>}2n<4AuNPE=?QVjb$DTG7Rcx`08>V(=@ znHU1({b35xfOY3{@EpOWoxMD=bR7>aS;N|GJroKBa@jP;>^qZ-PC9})6WWNB!gD2C zcJ}d>Ykt6n)!Pucw7Ep11-|;JcXR2fM=_Ys0}?3=1yyTJHl5Z|3anzzW4EiAN&A-PkiFz-dDf+pZf5_kG$ilr=C3NCqMmh#V!-~ zYJ_0=B*bwCpeMGPz@>%ptgt~$>#|&>wzEId9%M|rPe?bBw$!4s%B=+a?O_{9I{v~W z5)HMG3t%u0em)UkO|-Jr>zH09_=Jk;BLN!;NK5qOW@xQL?;M1|F(V^v0Zm#+L=@T~ z#>>g4YU`XAi_HQmH1VLi26;d|dfF)Z#qF@8M-WEFWe!ny%PqI;=en*w_f6;B@cZBX z?j7-Ke(_6JbJZ1B{!OR))1UtGwtMfs>o9=XvuCq<^=f|fqaVaUS~-qWP)dpV`UX8X zIEdC-Gh7mV_b%eSef@OoGaZ`i5W9xZz-@Qlo+JSK?lTY9aR`zaYd0~i#&N4fdlPzM zvyp$bR4`-9YQR*H+40Sc*Y1<1A~$nu$Lg-fdH_02()&QGD2zRrL*%G zL>kKgQ}%{eb}p^0KD?RhTV@CnUqMTKEuQD0#!AGq3N19kaZzEwfBgDZT;J!7haJd+ z`9b=34OC3TDiz^gVOfR-sHY2ska#g(h*aMi{R72m`80)%sv21fMPp{g_x*db`kB$=R2-lHp?;mAL?;sB@TSs)~ zqqNslGo!PWh0`W**qo_!HrCKolSQ}=INNb)Vo1Ke>g! zJoPLR!6)8#0hgY641>c%XyM^nKLLfp5t6hk`Tb)rB*||%AsHuDU_go}Xsd%4)|>C= zP6TC{0j`84YY>GzV*lC3*sQS@ao}w9;#Dxc%c!u1N^jk~b>g?b{jG(->zV-U?Ew5Q z9uGe7P~-V;KJSS3*7h?uZrpU)=;-M9%v}nTf##}VT00y(*R-Icz*gHbQ85EE?-wc8 zNLZ#lgyW%QMRlU}%UpInzTN&Zbwo@(!cw`k)-W&xMc;}Isq#2LypA1!3e9(+Z6cy} zb5oIa);Lmt-eH3iz=)ERGknH>R!IjS797zP=s{IhhttBO(o&cNV@t1L5fqB!-tE+B zQ#VI}|Jlu3w*3rX)|}a_S@r5hL!bQQC%N|8YpJctJvclvcI@GYA9mOiPdvHkyKMk9Ttcs0gI==6cKHtHy6djv@WT%` zpNZ%4)_q^k{;S>Ktt}2a-B;`3cR*#`~c!V|E zcCmCzH!p11!nVE<28Ifhg23twKoA(IV^?Te>T8+a)xy4$TbVntgGnv*wA9s*%@|N& z6a|ElvI(Fh>(x?~YAE{}?A8Go3;QV*$1I&QKspAX8Fy?XWicen{{ty;l))ch4TrMX z3_JStpjz|eX1RagA-%O~@nuYk_v#@Iro?m133edA>&lY`!LGO@#4hnC-^R~Sm zfd9W8mtFQ=zW@Cn0&v=Cr+xIoi!QiuWO($jT|LVyL#-f_HexkxjnLj?zHY8Z)K*#k zY`puKszql!BX^tf(5{oT-gG>tN@m}?Rrz|iIeTRyP$?6dGzvuWceSmAL|qO-g%171 z3to%YF|Uj(L8-?<91OUzVs5J<6LMNIKK5ScKdixI`NA)lrzRx z2BA$BYI3ko4kou5TF}PrW>$&NFK&2oQYw}DX*!cWWuN);AAIha#XtOOPVw4nuSIK( zmr7*;y?Vvkp8<1EIN=2DzyJPmk6o}}0e`vW)*b))p${B?+bxBIw`|<@P309EZu!;|zYRM|=|eMY2b0 zZT#XRD+m;6O(X;p+l={6Id&UVdf!N%AK&>X>2!vfbEojfHJc1TPgG91v zG&p`lsI{5L+oPqWg&EVPC-;;JLV9<0)-q_@MD0Ix_kr6E7pGb5(dL$AT+0W2L|*YKrP?n!{#K z;?UWXDfkQN85-rqodZ0(ej7_RY-Rn90SYRj%5!iX$zZ<7lPlM=Xypdu@>i2(a!V7_ zI~&<=N*A-Iwlkrr#%S;RK7Kex#;vs`MeKH66;Tvg10gCD9c7Y4mRUtH4#XspQQU?U zic$prXr7v?ERoP=uAhJxBO>A8T54l9o#u|`7vm3(LQQ73DoDSyW{QAZ&J_AYP~7A2S-{_^+*C%=q7xjaGDh24=Rw#70vEhEX{eiWva$ zXQeB1E>Wg9CfEp3PDDcEFh?eBxx^R}=2jF0};pLuTm zHZop{P(_5QX#F9KHiXbv-w%jXXx5)L>Yg#NG}e_A+UWlarIQXIk(HkoA~8q;V=t~E zWpjy`E-H=mw7o;aDB!n`E;pHL5+36M$$qaZW}J@QA8TvMyXwG@G5;AJHa`n7^Z&6T zJiQX`Sp=JR8VYu8mCf58nX5SN*kfBdIy!Fq z+-JY=!=hiRk5uScIW(xrp%0h?Cmw`2_5e6+t_e;xDPlD|B7tx`sLerJ1GLm3GMVvW z7vpAU>;Yjf#-r?af1LfDh@Ewkq(D~=zHBVj#^j`T2z>v4XP7kZ+$;X={yi1KMxvtK zFEn&Ez`P0QhN?spKv!DPYQ`r)F)Bb;js$g?l9q^$C{Q7IDa8C4h@%!lQyoIaeFT|a z{Oq&d!G|1Ny7YbTecLy_{`K@Lo$A9+JenEKo4_zSI?7#l-PQDRkNwM^{+xV0JUX=T zqKn?L-}GrScGw$Um(K_8xZ^GpgrkVkNCl8gT3X$Vc0)0Xv=LPjDlw5UhC7N-DGr$& z@Rc(M_~a>h-gS71d7Tj@1;uit1RE1lL%IJ- z$?vo2>}#7dYfW{vX#-guL7M7oNx4Q9G>n}z$YvSQN~aNWvw;`nPWl8aR~6|2jQ52~YiSiBa-MoiaBRYG}gnynTS&kMjW{S7EVV`XaPqWS1F~9a$hC`jkV~u1|urrc(!6vuU(}*uGL?W zEW``FGLS}*QOoP=Gjh7INDC$#AFmwv&vsO*0GWziq*E}n112_^E=rsPXm)Gu>X%Z! zlD72jzmsMCf-r)*8aQk|ESO=ww*CWQ5b7WO;Dn+|^nk6})jD#ivdPXltq=6!rZ2*#>^TsFm{%f_ENW zVD1FTyom)aK6E|rJ@!TBP3Z$I2{9d3Khttkm8X-ya^CQa_3t}aIuS+_kcsL!VP!JUt>VZ(OnCb#mHQ;y)C z7dKh03Gp&Zxq?DkiLa4@R3S9?L9u9(V|z@RXe$4sk3KT_*`tpwviVq9k+WxTkUh^D zUW=Sr(9=`SFr-p6)z;ujfs6&0>8cl^O(6)`NBKT z;>RDoh>x6mGzZM>B9-ze`VoOLj3oz$hN=uh`2sgR{sNwpCJ6Hck;M^Vb^aA7LW9uJ zGD$ikZJa@4_>GK&m5(+*a4Kw!BWq(WEu~c3Wgn03%89!=4T&!AU#aj=SL{1G^C&#^O(mc6I@{yBW7EZ|GM|A|Mjv#Ep*BK@@9mfbm zp{Y)LJiBoR|8@IAi27>2bpFZsVZ>vbcN%KfE5=~G+j2LrnJI?GdN*INUI~KQx>~wA zI{`T1gcFiiSiE=%gJb=;o|i12fqaGNkNih$(PiyjM@SlSSu=4T*GLqW0aAf=i90_c zkpQy1c|jN{MoUG;iY1!sYIyTe`*Y1Z&fvPs&gJ5h4yLU>$56gNAqY`IQd?EcZy#99 z`t9AguA~qS+gnrE_vH{NpGYW#R90eIlFg*3%Vnv}rK!$l$fjLf$0D8*`XLr5C=;5r z5+)fCjdARBV||@b0 z7FfR(`uoiHu4_6wQXsM!C?(TTR-{ zGFnRUt7keGC_)q}M#F&6i9O(@QUA05R7I7q?Ht}X*;zL`Ey~>jYnU5ik^$e*#yO72 z1pi1Hs zTTNt>Cv#62Ukt5n+kCg6nfNPMlhx*0}*5SfV*Ebx)16$s51mD%;U7*Oq>zC|KFr9>)wUJ8I!rWwgLYuLeCIdY2LVhhG`91 zMgl?3lf2NUIb*)$z{!v=Ii%c(NV$k8jq63M?yl#?Cp*|VlqMxLoz1n(p4iDl&n+{0 z?XiN~Zc2gW%O}v0xgAupfr>KV&$f9(A&9JIeMm$YIYiBM95a6^hqkq#B84Xe=~Rka z7q8~gXI3$BQY%-VdmP(Ghq!(Hi$)<+=vTkLwDrfZ_h?lF6%l(8WWG&m(iRXWAHPd$jUkJy*rKlD5|J^BK@gTp+w{6*e&?7=t!g0Mg; zm5!VBgrN^O)Ocy`d~OAwyWviHhes)t0+bMVLXb*(#JEfrIUrzyO=ehl^Gqa zWL=4HtX4%78UU%Pq;%>;LDG|&=hkhbdnj+g1Fy6fRqnk8w5lBenUtaaYOQ9?ocYBl ziu#rT5wgpuC5ZQInJ{P-s`fz^8xfPdnn zp{ap^z5$Lq=GgZydgiIO-1?_KFSP7@i6fz<0j5oW$?eeIfNrTnL=n1V?0CthP1Tu7 zm(|vk+GE1`()jpywA=M=?dl3iToG5oHUZK30*n^WVUS1-#FQKJ(1@~{wAw?LLW~E| z>D^pfUQ(U^gIgQAg6>!O-l*_Pu>54A2%2k6HN2r4MvC@S_4tl&oJ@>M(loR-!O?Yy zwcF8Kc9@N!P&AUPN&i)vO{1m?sys1u%Jj$P&6*wD@S9(A?Qx&n50&N*lCm%rTlSA7gCm#^S$?|3`cf9Ja&1wOiB`HH7DZ`pdV zHJE~0n~2tA4FwRZEE#E-+5tg?7|3(#e1}pba2!eK!1T6=1(P!PD0JGv^$of`la@TW zDaBWA^YA>#xtig8ku&Bl;NlaH=7|;S2!g=i{B1y&mIfy6ydOK07L^sKHUdOS7@(i& z0+=flMVe4J=D)crnr5`~iNg;e?YfMHro!$o7WuE+A0`X~Ef658#>Pe(8yWyjDwX2I6Hnmw+iwTpw%hJzN6%Kgnlzdc zZYq`hiIK74*Zel9%H}BfMWQGmD*5#H58(>q)tIn*_K<)jRdf71Y27w4V8KY4B*4)c z?HB_d2Z@pzO~l}cCgZtWcGeM`dC(kgdh~hjdVVb%x_2?VvjsoQllAJXte8US5YH9t z8XD$PKm7~610|YkJ-Qm|sj2eFWvi%4d$_K|S0QV=ck$HvEeIi~&8C^q(!lJlR_0G? zXIe)q6Pjx9q=z3y_)%cl9X5$~;o+rgQGxk7;r;J138*NZgw@DUj$!_oq*UH@*KNmd z-PV2V8E2ebyKLDDS8v|D+5Bq7M!{GC=1xoYM8jH+(2aG_Py@Y#A_xL%Yid6-Z_Yk< zKJf5^;obz`pX@mQ{PVf#rkfb(8=$ed>5dncyl`5<_+8(^-HULA$AMg>TeI4i4;JEce+(J)6#N)@VRW@ zcIX#x0f@rzyUBAh8Ix4L*n`kYu3fuU|I5Ez{N+L&td~H{6 z@9&bNq_NI)E2`2q>bgcSNo(`_$?a6hEp%0+X&30)7VAW#nT z+Fj;$MJ(G9k#YpS(#)AWiT!6xX2FapJh5yot}82?Ar%6LP^)s_kC&dkhRV_eBdhus zS}S0s9DEU>wL&RH{mf3jf7S`?-`YSv2oONZk=(v`6;Cc*!|{jA0w7^whz4h;;x=C?sdM;qNeI~g4f2m+rwpIpk>NA6ErDnc#GG}vTH zrpE>U_?%29%t;c0`1g@5B!no-I2%DHNf3n$k0=`IYk2=zM>BO&8*8@rGOw$RFbauu zfRx7eTWiRAX>MA+jQ*g=SKoam6Wi)&sjHiTcH$)#B@lr ztA8*6xc&B9zI6VD7cNPsGhbc1cFi0>v#DE93eXE@8;p>S%>EY%m^l&IJBR|kdGn@| z)~#O`?!Rz9@!Si~|3e0=docii=W)|bH}SsrzVBW2jSWNneSN153=SrtL{6E2IAlJ0 z&NSF>225%;W+qxfZH<}lSLY0}8ogVlE%p#icl&xAKmTv7f=!~4u>0bq!j(qbzkdMw zhY_|SE6=ud#fni@ct=$z{)w`rur?fS%X=~3$AMRAJJ*b#AB)7u*8$rg_Dp?zSJ@w@;efepC zlukP-ovx1`yR&;o691YfHdE8y3Jui>G4nUS`Q32OoAq>y-`2yOw-8zv=35h6r5A<_{jCCRw(p2Gq%o}dr{ zj?2`x7OGQCyz!_5DJe~0XZV5E1X>X&Nno)6fdv8j8Uh3XP!JI%0fB&g6fokK81n-P zVUZ|bLX8zU>bQfr<6Y-*l^HF1qM^hArAZ2m*fn`#&)< zn#a-5N2_Tdr2PS|X$vSM`to$2eR- z^0=4$hwwdn}h21yu&?9Enh)@-+;xvSV^i^+K)tqc$(Er(N!rchNdYM%(Z{p+uz1b zzx&-SpZV-(kEpM&e;~Q_clN_GD$N8*g_STC2%NIXhEV^UIX4Kzl<% zV#uVkho64>nOEI<>tFun(>w0C6K2)c*8VnWXisQG)>J`*6*du3Mb}6tD#&9_mMw)e zS(FiRkpf3YNLfHTAyOJZm#L04e&jKsL9nnZq7*8$=P;?Y86S@`4n2rz6WbXs6)7Mn z0b%4(BEq*6K3_|GB?z>{*WfFS3RoTf5mlRy1o>M+V{cs`rv(2yt4I zD@6z*;|*W(p4@nN+`ml127&0NWu+D4L4=6x zT_yxtM`#@qsnD`UG*J|ybc9lxFx2?PBGuJt&N^@ww|)AZ{NeJ8nbpzGr9b!;2mZ&m z`N+@j;Fk}-0FH~UkPz4Uuh<+C<1t~zxzg+l>1?J>Yn}bo4Zq^@%P;30Z-3js;Naj1 zu5=!-_zErhhG5ZhWU*w~9vT@*qZDXg{`n;@xcA@vQ0?9X;D7nZWOFQ9w1^W=Jn_t1 zZoB1<;o+e_O>qk2QhOZ%+1;AMx>z|3}?ldrtG` z%@zPVdv^SKczD=c_FNTAX-Cy&ja?~~eh$iFLmcabrdU1ZAss;^1d#%zvV?vuQIsRn zo)O?Na(oCo)1A>;0u+%JwADAFLrr6@p7)$_B&8DgktR@36vCkRBk&`EuQ1;$MW9S4 zU`%R44PjVhzZny_#hO5`iFaI zpV-dZjys5A6cFl=`!{Se*1Ot(I>%Z5?%_5PRyk8iO-e;%OUn8WXu?9lSW(+gFxm~* zvpbY07#!xR@BWmfYqye3rwt9*9)JAfA18hP``>>}*765G_yOMk{ts^1xpU{U$#&2` zL~s8fQkt2#R7Pr7+A2RDQO0b5vi_E+NC6G!GP=5usN{|0WAS~_IoOexi&B9CH``$MI zTyxDeX5KCx5vu5fbUOVr&vQ(JZD?!~5!BT~ZFM3U@Tto`{u~%f@VyDZ z|H5&>o6e_L7$cjjIqjKe7XNw43rh~MkxWu;klf6lf}S-2J-rKRtI^r4;qcd1qdnK4 z<+Tys5EVc)p~ZMk`Rh>93Ly=ZZ*TpPw=Ku}6H zGS8J%r&8q7Y0{o+pAXtEnVINl0g3@SjEp)~rJ2z`X$wHdiA(GsKe-hqv>2^`I1zGW zxoV3Al#-1?*h*g+F%Z{9%$W)Y&o(zYh$xEm$msCdi=KS)YYh!`zX163l~({z^vjjv z!0;GhP~szRdo#5&rzVryp`oGEzW$$It2y!HlV0_V-gNHyEL*->A9%pNzg@Lr<$(yH zH4^4d1}_C&jrKiPoQH7C*h56gSoHSZG(m((`c#S_Oyh^OL_v-y$f84Oq+EnVD@C9} za-K;H8)|Audufz#C#~#SE_6A%DYX^sTVn??* z&t!yCfe+aumd08`D?v>mz>SOxr4)i_c+@D^S%7Im6>M*W*^|-x&9oBHWiYDh-o>|W zdDtXcnX)kCjW^!-i`Qy3fA_oBqqWX9)Hh5>7O3aaT`ZuK(FG7Hvg0W+UQBcx8$j5- z#Ii)RvK)Mq+zX*zl0`d&N&7$xO{6vHlt)v>WyzKvQkD`gg(L`zXdSVwZ-iaLqs(k; zAylF5G@6832#u1;j?r|5Gh|$FSm~4mk7Terr66E1U!=3Sj!&I;9JTe;;EM9NLbw%j zKH}x0f1(y@yMdl-ib2qU?|Z9Pt!k}&R;VJK$z&)Ni~rKp)byX}blPMZV|jRXEwX12 z;YkBP?JNs@KKsIR0DSq&Uw+MZx4j_1S2^a*o5%0}a1*DVa%%5gci+`iNJ66!bT%0@ zXLS|K=z#iaqo7t>gHER{ntyz2UuoA?!dS%p9x}>Gpx^G_S3=Oo(E=Gy<=dSiSV6y2I$~BwEAtxbnATX&#Oe&WREEY}hAJVcaviev zad{mvR4k#D%W%P`r&wUy=m_fuMp&_HfGxu#j1@u%eek4FIIO(Mv=~nh+#M?MO8J8L zd*>-H!~3<@Kx%=K8YZ`x&v3M0=w5z^Xvl%tc-Z5eFJLc^>?}U5rxcz~Ymm-g$hJ_L2{Sv1yJb-iF`6h1o#Frs5 z^1z23arl<|?z#6BPx{|J_7T2$-M4t>+u!x|8~^az3nXZ*wa{Hn$i_NUdxHU}hI$+= z4DEvS&^VwXYBN4Fsscs>NV~=vEp$^j!his^0u?E=f-v$4D3Q?t+Xf_rP?Z*>gv8OB zK)cjdHS+$mj^;nU_Zz}gnliXl?IyHilf_E>sg9`2d8QgiBb2d@MG1s8hbj1DWKu2< ztz6G-4?jm|XFHdka1fDF)Ojg>vtoluYO^U*(J2ot!iu%G+x><}46)KBP5qccNr8w2 zK~#dV!nn7stE-F~Ttl6aAl3>o8Fbo%)tixkQkpxSUJO3QRBC7hK(Ab}y8X4>(`L<@ zby^SwrzFDv6I$tNYUZ{L8#!cR!NG*U}51*zx)=<%BkQmFFpDk#3@>j<#)POS)q zgA@v_B{DM7zDg@5cQ*6vnr)^AFai%0!%>vhEZe#r-}jk4p@m{#fT2Qbgtd`26FQwp zmMe@Ebz)JTD3byzLgEk!s|@Ie1WMz09wHx@(WiFIf04VbIbOQ?Bvfa|fB-$u0KH3y zVzJ1U^_yQJ;!rFae8vtIJof`o!J@;B`KhFJE3eW5$f3yY9X#i4NLx1v9!}>O`okHhSr~oIz;kvS!i6 zvYJ#vnDzL;v^xqtrl9HZzSD_tm)7G0f1*`U25F6xx{c{bF;LGBV0ai&@(n^=+Q6>` z#3*k|aj%w=>THJ2>KunoXk~hR9iMsl84jM*!OiEMisQOSk;0WJ+Z(XvEtpY2q*a0m z(8@Y`>CkKhQAC8IFJEHit^r=??&skxn_1I0%xKk{Uoy$Z!7RUUU} zW$+VXpBd=JdRX-$j1~mIj;)*YKwr=OQ>IKgroXQ*SuXz27{jB3(5(3KB^Pu1AMT+4 z@#h4>=b=X)UbUyw`1mJ2#(#eGIzIf756%DCPk(++sZbCS&{bKO+J&mE zhDj|J`=%`)S|($giRl3jtlG-F>VWyRk{YjyF`Xd@Qz%Cx0yDYQTA=Y!+Ociekd!Xc zR}6S&b1k4qJ1KA-3l3ETD$AJ%?aOs-_p@VQ(Di+x{^{Fz~q(&!pP{v zOUv-q(n!PRqhYl68OVox_0JD5mM?I{TTh{*p^mXak!>Sm+`MKBIMP;*E?Nd<*(Dv> zfJ1qVWmSZPuc;m_*@v33o(dI=j+O&R+Ji&pnZ&B654HM5gmlsS&O}b_LT%iMD)~?- zA$^JRKxEvc&g|*ye$Do?B}~S_ zLalLBWaO8%Kq`e4j%8(3rUEux3dgkEwfR~RSeHoqk;w?94Q?nBATT4aDXsPV*PV;( z=tU5y623o-bUfB>?tyfM_L^#<$RtjVkSL{)(vB)9dlkfz3`$2xZNEp@ZiZ6^GiyO8 z6m@BjgQrd4?nO%=lQMSVmL;WMwuq=m3Z(#yE{9IJrg{g8r4k#rZ+_Y9u>XDs^Yk-M zTzK+{r`-406OW#d&*x1BxOlZ72w`Fu)YT%2yYT&hb(=PJ-1ES_?#aiW6z)v`{=vuo z2Ohw4i=XAFqmR1y@yDL{+PZb?%Bf#NEn?PWbbAxD*TIBVsHrwBJI6618nN5??q)nM zD}ZAIkWkje))--+A`_5P#wAT#baE_38&jpmIoFBud{PTQdM5DaM-lmgbxSkU6Cou! z2rWp>p*dH@g4Ra%ZExj(wkBpZ)H0#2j>b%i&p-M!A`H3un1j&LL&zqSa80bJFv<~V zw4?D5yJ2MvOIv9TGDJo`O;tX}O|Iei$rHHrfZ25C3oP#*;K6M>cy`MUmi6^pUT$Ph zN>)^2jwz;PG+q)pNqqheu-_{{CdSJL+n?1{Lv1x;U>IgkLDbg5>P_f%TWw3wfouk< zGl;4xbWOGWI)!#!o9tmMp4*#^(bKxEh;2RSC=$g&L2cZ)@nI@h$rOrg85v@ME;6yU zm9KsAQ@rQwcNp*{s0|x8tOP`3V?F)-gUM;U^{p52pI^O>uYLV%v%mPctN(j=WOxRk zm5_p&6HLW1yQ`x6Qz?dGKF{gtLC$VmM@vdE9JMi|txu59CInbvC@hXD(j`>IfXk^tKj4 zG@f=qXcP)p3lxe%F;C7-@wNLO=kcdku;0R|y#3hy87hv^=%xAD^0nj#2O*a+bWT|w z$(calll}r$Oc=xCceG=dQB<}PhjIE~XiaBr1G`2> z*fpA`v#y1LKSqc^_$8LTxRq(G4b)a=h$@@{r5LYMP{}}$*2GK+EBd9B(I$u~$x0GQ zlZ-pAq^+(hF+S6k66@n+!}qjVl*NFO{XO;9h1BPsf10C@JX+jy-`yvkfByMjdf@&C zFYD{y)d*;otQQ0kbTy-Uc7cWo6DGd>d*8YK7r;Gx6M%o<(bUo`o?HB^-tU0@*DQW& z@pPr4csMP@v@Z0dc64J6%S;DP2psvq(}br5**0jKbKc$xwymwo3tFg!W6w>MW;BoXn{+rf^Va z6CJrUS=U1dfhTiFC&gpiH}cIVU*L*k4q{$IGg{UnrDsv^yac#tOg$)9P)WPcHR`!K zg^)Qk5lV!pFu>C#TB;n5pOWF&sU3`ze6|i3_}b%(d0@+S!=w<_;tK~vI9@v-Za=;* zKuY`fTn90w1wA}s@Bp1nP@hG-@FKczz>H3UF&G|0i#}7$dJfuk3=Oot25PGe4j}6x zs;kipXQR8C5lh#hM+>rS`d|;g#M+%ZVc&?6V1$d0JC;AZ=Plg+ou329EnBwg=H`a$ zcI_JY*xTR!4sN*NmmGTdVf^~nH}c^Rf8g_1UUB8SO2yKoc$?GnrohB@X$B(SPRhjYc&qZEG=u@It@TW5Ys3#D95*xp zz>$O+O2H_#8Np2}Ht^lQJPg?spE>U&B5i27!-3E5m#;JP+qgTULM!l8PC3l&tP!q6 z4~!u)DRdAkehH*yfGD6eHfppq;%vO56){qP^;^+VU?F1~#(bm}MAg=JJ`59$4xLKd zL_<+17GIMkd+wXw$jyKF)3B6r2`_}x(aQ1r&!)8|L%|PetV;2w+0%J+%MPx6`dJQa zZ{wU96RCAF4EaTC;G~UmqcW{@6+>C=nJHng0m=f1rNE%;rSaED&_34Np(^9yIu09q z`rlBUo*l1u{?a8E5zZ9EbRrQq8cI0od0kO=A&>$m} z5@b>ibtxAq9THzPr7dP9`YS4i3L0pftX8G>Fw5QZ@yKJ3=yT6Kmz!?7>5BJU@}8T2 z^Q+(dF<;0}1Yp%B=xPPW(^YAwFlExDlhG{MI|BFz9amm?C0Ad4HGRFibW=<7(DTne zR~vU~5kiQ4XP~>9p`i|DO@PKaL?(-t+ThssATRs3&Y)w9OFb4KO97ub@?hRLYa#uG zBJ28g@J#o1mhbFkRo@`X`}-N~E0#4p9f|NLql;$?h zpEHfO&Y4bEU5-dc1d&3@G@e^cCY3`9kI|rqA1r#FnT>V)%f7QH$P{&MmWa@}Zb^5~ z?J>J+mf;JACX_g6Dx;Y#w1?w(q`fSmZom%)7%L9Zk*nr`4cl10s}G71oh^+F7seRP zmk_Rpj$6Z)KA3bo{u+G1Yl97hP@!w95Y4r)v)?3d*=qD5^Wgbauwz#lU!e^TA%AHHd~t_h4_kI7o0HI>i#}_*`;79vmIPtQ=RbNGPu%?o z1FJWfVUm`YeCR_Tx$isQ`POZ94fQN~;z^D^_L%Sg;0Hf`U&&CYg6}mc+liE>@ zwHDN9MVpi!-<{GL;Y4gH*6@uT$8g}tCeCYK$Fxj8j*}wNS)}lYLX8j}j#DBXhCI3v ze(`vgo-q$xZAJA}Pn|$} zeU9M*RC$)3svxB`T9$ZW*8u-|)15Fh!uiJ@$^lb52!axxo8ifA-E8dX1J|>;V`RE& zN+hEXvz5!T=+Bz%=%yMI*h9l`h*9!^(5SwV@~8qc*3(17Fj62^i7-i(u|PI@AZ4(e z#%fPUVG`fh=(zb0f8xxu<V!mfOt=ZfT&pqm45UnoSf5qnEEjq;@!IS{FxlweiCj zR&mL#k8twzPR^V*iN>ldN@p&Qpj)|1Yw&AVFQZm8O zI8qY?KD|Q)lnMw#pInv8^BcDjT*KNn~83&L$o)dXG}04Ki4tpXwmLk z;T6IEZvvuOL7X6hkr8G#H?V)lWQ0>iYjuu}x@L}_u>c4eEsZi%$g^d5fM#SQ#r!)9(c=Xj*_$fcXi3{VNQG&9~kwa3O&hss>yxSK1aH65|0ItGC( z$ap!rM|bkEd!ONti&v7ZuHw?e7VwEf=hKrfaP5;zd1(D+hWyYn>||Mw9r5~TDU8q9 z&{I31Z_EgJh``K?7tS`1*|94LB5{)^l}ZV}l#bYm~S-;gY9V)K`Q3_;alm(**?FmDV)5iWq2~A5)GiMyO zfM=GkCrVkN1EpSylT9j7!5fb{kU}Xm(o@E_WfMgU%O`#S&`7fp$eK7Nmvg1o)vskL<4BA0h)? zrnq&spKFOY-H$W5u8#R_bqsupgR4kmV)vfR6U|Q$GEv%fA5(yxR4d(At6H2oXiPuBxhP1JHHE;YVD2?|t|F_J|{n z5RX6pxCUO+;J-Hk0GeA{#EMlb^@92Pe(%8tAAEmYA!!gyXoDFO(GArwV*+|oJ0hJi z!A3=PJ}8nbAIDaDVPrJaUrtJDcTIe2St*o84-6u7$T3r=GO4~56&b)xoM;FHj;x`n zx|+7?Ru1l(4g$tXd4~K^1`7o?4h{0NB`f*k($%0#bk^5#&a5e%GixgQwl~!karlHzQmH09;i8n8>BVxtdlLTG4aHc# zWn!3uH0^t#H4z#qBn|-&Zd}2q?s=3KHg03~gciPV(s8_D=6nW=1Ef8V>rXv`McZfb zUr#OLzKxp==*V-*HiYB40K1K1{$}H(iZ}go_kW~}b6!USY~G1>9E6UHUjKrb6-j`_ zTxGLjdRN!`makpcGDcP@(`zv1X*6HN*AbgrrgqXiYd&LiLV8VGNoq z0?hNQ??D!dMPx36h>S8^BuzIX5(@Bm(-DX8&EMY1Kt69RR;j4ADwrWb#LP(@95sI$ z#ZpKnoduzBv>=ip`Qivad0`d#?q2k8fs;=@fCHvZ~8ys#aTLTurG|g2B=8>tt{gT~lKL6Ct`-goF1%c@ARvdi3^Q z^EfLFjyA$vvAlF`T`fa{L;s_F?#3H$9K+$J;-vCRxd->JMe)7JLBPFgB)TTU|vl(hLX)-B?YU!ec zv}%|zueE`WToq9)CMC+9K`D(bZZQn;!ve0*3>AyqyKD_DO?6CfZA8VLgK?s$;w4|Z zj>L5wLKRX9Beo2Vux!^LFYMUKGu?f3kCmtqFtwqEPaSa(XU?9&^?!Vn8&~Z>duhAO zD)C!;s3 z@&9ZB@Wn5FiL0)W_VH)v z8!kasBO+;~g`EnY1Vcx1lq8a`MD2N{=8SxKgrG3Y3Ef_g=pHcL7EEFwq>J8fmPrn` z^_ciw@Yy*q_$J`g4}bW>wZHhqFD4HT4u~mJX4X%gH0c*hmM@vy-QAn)AtxSp+zo&F z%b&lM&1Nqz6beu%GPJFSjs1Oe)pnw_z}FFz8k)G`s*m&TXWs=Qc~L4AHSp0jYt|%4 zKHb^~bEg>a;`B}fJ_{|#u2|&Xjy;Mu&7RFz5SfssA+JVoltap`LP{4YjFx@gA3_NM zks|9k+`n-P*F3xkT*m<3>T)mjs)*OSUxl97hE_gWq!3yra?r(4F}rgjC+xouf4KJv zM73*^ZP!+SQ7pcWqe3n`^)MQ%t5Mn^IaojyeZ)u}J$;gC?+e@ZCZbd-#`L{%g}9>+ z-PLYb0K=n*{vq@u&za<6tWf@Z>T46hEIp8z0O>;yJ*@ujyYBiQ?|BbCbpO|rZ?YNY zESSb2GbU3k23G$drY&1clY#bAiZrD#z;h%Av^8;1TQeoCDTX0^V+Hz)A>D;MJ4Qy? zGCV?m!6yV<6iQ2c6;V(TZ1)1Qx7t8_$Yd5#aSuC8&{>;MHKSru@Ue? zF4%8Bj+ii&ksv@j!sG{)+3s%Dw$vJpM?MJAdWbJS{xrF?%WvOu9@A=S7>zu#UJlRA zkrIxj=#{y+-?&G7kKLi@yf9xTA^`z5qoEl1zZ~eg`ld8t^GK}PR;raudz3(Ir zoY2bq?|hW!x9>2>X(fQbBGRoIpLB_IWHxdw|F$l`%e4WM9Kr_Bw1;k~h3$O?pMWqU zBBf#f8Rk-N>p|&={=U9bCQO*{$B%yWqvrujKkg>~!JPKjUs()V0)`kJ+C zZ(qH3%_WB%cIf2o+qSWF%T`dD;hq7OY~0FWljb3%gH(b-P~cxqJc-|a=wG<&E7!-4 zIp)o~9!%?kDeX{I1^aYCuF3@e_#~Ak0~|GZUkZNFj%yV8QXdG1>U4v>mWm(@38Ffx zGEL@rp3C;J(17P+yo0EOd^29BLYUThB#d9SZKC6#kdcEV&D)MYj6dA{5L%}J$A}HN zAw;%K?iZQ8-z?sF;^9O(Am`QMI5~t0$$2izc5dPKtJlyr8qnQ6$cHXGiP;lc85k=d z9K#a$%jy>m*vpkKb)&3gl}OX6qTr*7MHn7M=S#*c%SoAg!HV02LnBZO#&^I5MiG7q zrgXxxbtc))7soHMYzjJ?P>z895$GSb{cS1kzU!{`(@#I0JMOsS@7nK9IO%xqzxM%N zcy5W8{Jpwr&OUs9Qfa~1s4h!b+p67>4rteOWo$6pKDiya!3iEzhlnP%~$G7dg)%)FF;=$rl6G z74qauB}PgC`AAbz5mk;uYjuXKbZN-C997-U1+%8nP?a&FLlFcjG8AP2zEZf3M1%o@ zV}%O3X;R|9%AQcUw#&3_;W!C_BnX0p_y6}C|LEWk{|_nw&YCrg2Oqqj(@#6&%sF#r zj|3(E>;zL$yg zfT|oKRIgBER`$RoluGEKAqWj8_SzFqq@;!6u|~YSPQF#zjnVd5x5PagHu3uxR`KtL zAH?M9T5y|atm>l5tHTj8ktD4Q%!#>&b;B$9LtOpnBHC+meEhHl1gZ*0X3@LRc%*#g z+2nZnP?0Ef2}>bzgh1&MpL_UrK6=XoG^R3q>9k|{=BaPM5p{%Nh(Mx*4G~%)rAI?e z2MxI{RFGm)T{VAs^C`UVpoLVa3f+UG?hTD1n@VAlyw?aIFmC*3*#|8RmI|7Pr5h8J zNTBCWh33ZibI}6>1Lq!m@WEey$GH~?<9l8{-u9Na@}r;p_>PAjen_lbxw7<$PkwSs zCY`wfdj|gYUY=RCk-R@_#wcharSNr$?|$gL)Sh~{X|<p%9}14%cOIRSCP6;5dNTIETBGxMI$P`cuMb>Ab1H=- z%cwt!z{hnZeT6YTde>c?HL;V&o?b=AUN-c0nf`V0gi1!WALTLbLjMmxUOd~b}9l#lXV?3sWgpMDdxA-bIRmSPMa~A{aRX>)zZkmt*uON zs3YUK_Wk%20-rE6e@keEYr7DIC}Mlxpy^!2>a58w@ptSM6$R1Q*ciRNz5mql@c*d< zps~J*HEY%|fByVWEM30z)>W%kS0|0ht`@|;(-Ex=uy7i3zgcDjjZCmoo@12Xo>_su z<1xhY4aV#vl|s5{v&T6OqNxso$OO}uMUTqzEYmN-zySCW)#(&JIO9}Wa;*fuZ(3x| zE1LwFOj;mCK<{WjpS<@`W;Zu-P**crX34l!XdR;X|JZx$ILnHw`}Pim-0g^ZJ z{5X92L(fe2wNq7l@3q%nD>SqCgG@d2APS;XE*hU_H?8IVwVS!>*aN7Gr|`TwyEjVj zX>gVQrcm_K&kA#_c)|mUT=wXLT>i-OOl)rAS7#o}m-j!6NXPMoPf3^4TG8(tF9ejdG97B5>z zPre_aLtDK`@_vCy!-jL&g&&1EQ(&)Y#(ZewhjVZ$;!@NGGP|a zIynjjLMDwYs@B$aRae9%Q3g6i5En6n0OWH}$U(6Hg@OrwCPF}1@?Mwh%oT~Eg3Uil zEN#R3kD`zvH7y*y=VU1643{8VgiH3_^U^g$zHckPH%iu(Wv*-J&w=lo3ccVX z3I(IjVfRrn^ie(iyDb;>wsxa5ICm;y#L&t=HPylFNibog+3U;KL7%Dqy;zKM&pqpe zf5zGOzRePfFKCyyeGOi~{KNmnwaCe4iIdgcrt%BZ?DG0&wKg!oG1hY@}d;)fxjeH~Iu zl#pg(%eFjAWW-#dNN+A@+d$SSm1-Mc{pPBH()r{#b}So|QiNgn9~~3_pJ@SjUYzdU zE`~M_`^K8JYraz~6f3>a>EmJ4P;^5L>^%)y>QRxM?C{LIt6sDgmac(9jtOI@vazon zZHZgTLa5ZI(e*VI=zq6?Ta>z4kS~B0YjLFJ`|mo014m6E7Z$9%WMr)|cb})3kr*>` z>jM^QesHnc$quck_$+OE_lIC=PEO zjTUw002J11%ZhuH5(0tqrh5;Kqo)sI(hg%t6ZlKiVDZly z6|fb)QYLswff(6@?(8)rz>-F|R){Dv{t)|2g(sJS3dGKi4zB&_PyPnf)TV31KsNKb zr_E7E996sEl?C+n_Gk)4v1-{`7H`?a$cB*!;(*50lKwEy`9~hXO>363VB;o>1jJ4I zqvREPFIdl3<#(el=bY%zF z)Zar}UoYFT{p`qO>B#2DhmiFH{3w88!1jTD0;Nz=nfBVCsY6AeU5?*>AO868iyS(8 z3Z55ZSbZbY#|-EF#~nd)O&Tp?Br#)VDW?Wk=b67P$FwGwxixis`u^uQVD40onl+wW z;G?A=7N`yz7C**rq2^7yWwFBnY-Ksr)S zojOgdTe}|LFTg+^R%}4*IR(AfROo6k>$1Mq5XV9vmaHprMa=Gs)P+}GdDXIuF1m5p(hVkeC~%E;Wp}lRzm&5ar4GeH6nyN(c7-JH|r< zZAK+ao(W|hoLTRot)4YLb;%Szec(CnUa*AOts{xM9$&rj0kXwBA3o+libaD$ZQR*I zluXjvP*2e>a{nu`mNqr$!}+x@a`ozk4n z<`zrG8dC|2Cc13u>?bM-j;bol^S4_h$V!VblgVItW$z>a|E}x&^UvqT8*k(%*Ig$+ z_nFU}-O=6o9ibx)QV7?9nd8tShe2Zv9554+PM{-QaRcklpkG*w*wM+PiBtLE$3DYR zbN6QWc_)(dLx@>gUmoYk6kdPHsQ@7`#|53Ae@&|8z-!r{WM+4Iu3f4JiG&LjD8KamlHE&inK2Jh*Hr z$Ih9=Z%#Uymh=dMD8jL3FRpNH|JBS&I|!6khIqNS=-EY-a`cJUl|(=7l|c2G2|%*f1#*VPz* z0HG`+-F{9gf|?pQU@APf0*LU7eyTQI(>;*QGyz=r@lWu}U;k>*QyqQOG0c1Hk?#Y? zfH;CMBHFl}ho4)V-b%IDJLLqQ9G$!Kw_}%C7@q6#2-!GyRq+@Xenz$nwSyP81 zVpuvw(sOZzWLQlS0p!Ahv2V4gh9eC@FVYIBONpa_OC4oK?o^~1l1y^?lxb)wO-iVh z9p8({g?T!%J#^Lk$-$o>K<2oSwl6KsMAGKGrglh%Zp9OTTzMJyH*`9l6Z6DExN+NzZ+ z_tc=-+AeeyBBoD-mL{_&f&kjOVC6PL0=6$?(!`0I&pGStr+#qNmH%+?2PgzZSzfEn z4NRLb5|l~c8`C54WD>27Wpcu;BN1;Tj6w>2H-#XFA7;@yw1MBTq~Ve%q9yqX$IRht zs884Nn@6AL4^PeKuCHFe*p_-c;n3Pp%dZ|?z-b5VMPuB-#bM3XE`;YXZfFCmcl7Y; znynxr-h0Sg9PL`-r%@mbtqy!z9t&MQa==V3IdpFvj83{x2CkCAHNmgykf92O zElE*_6u5QyGInDnaQCb;@P??~sErGBU1a~)!TW%>}?2k)7<2f$fg?>JL-|alSVl@{Wun$+f>nIwM zL-C`?SjHl8ZO|7&8uz&pYA+-*(kMp}X>gQ832mJAgu{^ZDEbQ>jIDRM=iC$c@O@A4 z(v~)>n8<5wT}2f{zbgss&9(qa=!jNENJMKG)eOrr;7LP16s{fVQVQjb5=4 z0U}$-HO|>{&b)=ME<9#;q9OAhGwPocCysa4t=nk+vNyx+kI&~T?>UY!O|=jS9Brzf zq7!k@$WgrbkxvjrAcdeV7Q=ORO>(LsPScjk7V`v=-2>WuwvP15?#~sOWr>msp(6y6 z2*E%Q;95Z@Ws@qYC6Y8F>S`HL4-g==j~`~~$n{fH5pl;uVGeO^A!lFt%xrAt7pI;~ zJXR#*hc<~dFIy@ICAek|632=0%+_wEHYpxo*uj%8F5$qvrgG@CaYp1uDjWoz`8vRd-FbZZ@f?z3u-o&6P2r$P}GhG^lSl)~@Jl%_yLDv=8InKM`3e%GCI zW3Km)f=eeeQq z_`~o2p>y!VAO6r@^B$RZ=H@M1070_3hRLIb5Je&B*8@KOd>ZCCoHGMq&eh#GtE&^XG9IG_DvUk^hYtddmqjK4Wp zg^*AT4dkE6KoC;r#<=3x{rL8w`y)g>LdLBgwUuBk%aW_t5cW#WR|rXae-D3MwGJG? z1+%A+4|LhNR#e?(qlYakYgQXAeGPbGfL|?K#@g;4zPRsPYT`|XFt1G@r%d9LRU80S zexDULuu^6qP}16=B1m`+UAYcEcF*lRylNv?oNyS|9Dgiz$rggBBzWRjltbcZVVuU4 zENd!B%d{3s;#hdy5fZ62D$Ef?eKaQH#AS?zc#L11a41Jk7*)1qE!`I(lpQTADZLrv zqPGtF+26O1YuXGNnra{&w`6ID!D1l_0u5tFB1W{BM~D<_R;@mK*7TWsztOXubIyCd zW)>TeDbl}kJ-0r-fP|yU$&Ik`y@epelO8p(7%9)A7)4}?A(>+7{~?)TQ1!h}rdR}f z52T$gK|s>0Lt6JWv@wK9cxk%|jMJe|3Kx@*mAb@^{fr{52%?A}R0N?zpwi@{q)8l9 zv1Icz$bn5ONz8MZ)HnoJNJ@jSqMS#YL)|FQYkZ|RXZln|r)#<9zQ@3G`P6X-Q5%n! z+edNN<+06ewD%5Fbp1=JxVmybMagWcB&nVC(YXMMJ|bsDdz6NJ5rQJZkpz(<= zr0B_HS+}8$<7Q8wh~}>67lR-0xf2e?bv$%r?z}=Eg)sUAwvR6mNPEx;JGN^2`v&Dy z!UTDtB}$00y|K1NPC*p1wyo2kNkX7Yt-?X*;NRQ+VmJOH=9@4K|Dh>>cMyPo;99a| z2?rf~&>r)ic=UlCJ9b!562b5mm_8nA5-?{1jJ2NJN`WH{0`T-gs)wzSKo_LANj@*x_Lr0=S4G148Om!x0kguNQ7bV>QUGfI6RMdvyZ#G=a zacJw`#;Ld5#=7<{u0P{wPMW+Yu2V}GTFq`zrHfEig=t~by#i_YW=4@!fp(BmQVeoH zFF{yjRaX}eZQRO&ZCz~c??Y>cKq$-A@XE1R+e}@Td4rGrYMiHxz+%yEd`0d&5gbNRfxt!>-$fOpC%r*PkW_YHccGtM}JE3Wv#a}y>^ zaMrJ1ZwL)LyZGtdkMV&c4`Nu;IKnWp2U#UqjH>t-ZOpUoJpP<4~82Lhf6=nV>9qV{ebLkb*@vw5IZBDRFypM4>`w3+Q4{dBeG) zG1^KA^7%ZvFH`0+NJr)g;j3T#5?5XQWBg+Af_K07ym^m3{Ky|Vx;h7a?#XmYj2%7p zf%eWF9|79F_{Goj(T{$d>#zUyKjkcJ-@a1?hOZ=u$Ej~>pfQ~w?j-S~XXSIn?z>!e zLzZB1fy9%BEST~jN@C@E12iV7u1}^Y6kf*l1jT~l$wjNJnYHF84?M}CGsZBYK8+v2 z(#`E`&Sg1mzgf&*xtV7cuVK!t37jxz3fW?@j2=QMNL&9wJ-EU)$RvZ>IAzkYuE+=L z(m5ss#UNm7dnX84DY44TF!2UvK)Z502MZGI%6WPR0r(eQ@ucY$wzLczx^DH_MLV|d zD3PQEt-}y|OoYZ7b8G{_2UWmJ6CpUcUaz1wQ8HCD=kECkT4CJ%?{GQtg z6ESNnAq;t^wFSluL)c1|l5&_7$gB^YI}yD(PzvcQj-E1x$KHQ7$4s1qE9(%Bt{i}> zWLqh1<*&;dFcKyJE3M4;8iFXx&CAz97;(nb@!-TE3W%bRC=4rycUiBxER~K%;3~)k z{ao|XLM9Gv;v;is5s5Ueb@RfWg%!?#u7dq_6~bYQ8?6Ynq96)HzE32IZ0udd$v54} zx}81TcHXI+K4TwTua-auAeHIoRcrb0jxt&9+e;$~BLlMe9rR>3bNlk;oO|cP9R7!U zx$5zkS=Zak-Xn(bo*Co$#GX_5@$pA7BN9pU$97NSzjq>3ocAp^ZdH@fGI`tqOi0VVS^m({K z5_96Hu!z=CnWG}A^xcJ!Nb$xsio%%qXjjrX(96y9=A%*`mz;Jug}`VGIF|FczI%XI zwsxRJG`LuE>^>_y!5M)g1USVIFXN+i2>tz4LQj!F1oA$PfFPHLOun4yOr17O16*~r z(cbygXFjcN`O8gz?C9zgfcWW8ui59v*IvCpAoAIqSh;e=Nux%LF3A%9(}F)hG4Mrc z{Fj;pwT(5@rDAw8VLU@#m-AK<1*+mj2yGot&7_D_0#C$9$7-mFHIq^qMN+ zSe8c7P(&&;0bd1#QPKQg6;Ucg=?K?#>FF=<+54X+3IiUz;4G##)RQUXNw}U-mXpeW zxJp}s(QeKlQK_CGMC&};d)jz#-8!ycw499{156p#$fZZ_#c|^&GNGZ7+E@Zd3JPH! zR|kx5O!L8e9%Z2DqaD{KSd`_1wf@H@19VyB#y&eT=YA2Dpjj_qyJ0oc5QKmP3*&O7`N z#tj<-p*DSZUMtGl~`uk`09>DPlbI>Ox*!zKKtt{VpaAA3{$)XT0OJB<8^5o3_!B%NoLn49+&q9Rh$4J@G?F!vew)^nZZe7u?V>WfsQEjXG}}Lyu#@4gAci7@uFADKl+QG z{d~}S_}u5d@bd0Z%YXKD&9&Fc8-Dk@Jr^&wMsl?&8XD5X9D(O1D@HoIT?d9cq4l6e zZkKWeGSjxrBgzF!$k@h4?#z2j(whXjh(JeC6xBYu2804P*BTVR7j2%sRN4^Q%H>#vd0p!5mPWP& zR+Grp+_r2LOCt+k!s|kixXO6TZJVF)87CX6R*;0Nve<>R?SKdZgKzR=_w(!r-t+9<(Q ze@I$u3lUew$6`(jDP#Cyo_IW6RryzclzO+xh7cvnsMV1Vid=E$-xxNsne&g_gIuv_ zWwOoh_<`cK6>DwMU&6$cO>%eR-YEq#QX~h8_*#Q+<$tR`ph5saNRTTM^i>i7tyOs4 zFRr`(+_T@!t+(IuZ#@%VUa%lmS6BDN^5+(h(NtfHi;L&R|89WNueVMHA0(!AVhMqP z@;QFbS$yt>zp!lkR;COe$?5y=!@<+1BSfA|v5opff@|)5hDpPknKHVC^RN07v6=** zKJ`%QlPU5+h=Zc4DQd@gEecTO09c){l(wW81Fa)Kg($y(?(BxnZe#XQC=in_ zAKq^^^FDA6-#+|U#x{<^*REmX3kZckMA8IUX$)}?nusEbK9uf4hykSIn++xmt5s?c zQqYs@<+hb;ARc4($l;_s&yEf%LJ=Vyk8G|TU*#>N723_KKu8LHhV}h@Jh6E@AKPm- z3AYhXNKCSAWH?xg_LI;H~LqMU*huh4GOARS6Mp1>FcH5(j zuS@aM;|`@R7N-zJNHi`kp*B+oo!L$FSbleD$c$0UOxA? zXE|{6aOS=L46ZxzbdH|5Cw1`_eBlvlBWzNFlRY<1eQF3fKhKF%$MF8SGm$}Hy~(Qz zo3~>WG)NCzS01BerCXme%8^x56XjZ@j5=7NQBbz=t#(3;qQIbIN|x7RO`@4d`G(QW>q|+$Mp9av2?Mky?bYy; zhv%_r{TAMH_*{n7))J@?M}t(FhM45RjXT)T(QkM@x-=nPO1M>(-9s5e#w|u9{D>$D zAy+`>3)NX41OZxw6uWv1zsFufh8Urre|PW)*t&JA?Cb3tQhs-yOLI*M*Nai&jtT}R zT-C{~R;ApiN-x1S=1OZz2wCl%jvom|Hw|HriLLzZv1jn4L*DnPOT@_gz0@QV-2U7O z?s@VREYH;b}*3#PkUi3xVy-MO28khGeUSsO;COtyhBoh1T}VAgBiP z7uM?6{AXGKiX|I1+g6XLCJ2;U2yYq*c+J|>?<4^KitG5}j|Jd2zxp-jzUSS4dhXfh z?lz^e0@p#$nPxn@XO4j}LviYAjanZXBF9wl+qw`huAz9~G;X7Zow*FsGQ(4;8ft24 z`12zV@%uY&g_>FeVTKV*XhF=FfXHN_y$d>fAfHD@inP?6I%_JAeeiUCe&PvC8#0;D zNfIeV5M;^wU1Wnk!$g;c-R>Y!I;0qOvvSJ{zVP$kGy5Z#a@seq;??yl!0|29RidOI zB?QlJ+sux>JaNxq-{Fl&;eZfCj=ZCme>55E7Nia9SAFy~e1*=7Iq_1~$>2*+enSlv%wcU5;Yd&hKA+k)!@}57}bC zBkwznpPzgRbB4~ub<;%3Fn*;ntrD~>SD8_yNX6@k$Lffpkgpyzi&-N_g0GA?cX){k- zw_)v|r~S@%zGITzgAUx0PN&R|7kv5_Eahvz`3th#H>FI}RMIG$l~pCH4=E85>7ZPp zSGbL)(h5`&6)B{U2pQS8?oy1hW!?Zt!z)qBm=mc&HA%pVu1J*j2~+_gH9~u6sc>bS z`uGSt@>xkhq?Ok#{hzA7Z`ooR@H~&5nQne`*WHX6J%V%gpNZ0?6yHb<2a)7=iy6>DZ|l*WSO%A`n85&YD1^BMs#dzsiW12to)U%om`i;?{S_K?nBzr<{>peLW16 zCKmvah!JxgJZX~r(mgjwk47sqVWD({AS@?!XhW9N(yBdIDIl8Mw?t0XXdM8O&mVgX z_q_NLI|uskM2td|1sSq(YX@Jr;U2zx{_(uDdIR@8{sPAyychp-`e9`KB9Tx?9ip^j z*HkG+YXru*P&wutj6_w7P*>`IB{U(LP((yRp=4x)t+Yf6Np~j8OKUrAK_{!&MpdZ7 z-zx}8qGD3oNh7t}cECFc!2eIzLl6Cp_rL$Vv4@x$#4}+<# z=pprxN}&?5N|h!M-ihw&fkGaEW@1AlAKPa(cfa>E{&f1W?A3#+Z+sOv~7K{uSD7Nv7dmrZbFI~g$ZhwTWJ34vv*;hIL+dpSR+h&Aoq%4I39Lb{_ zw?Y`u6i+a-WvH3Mm8B4(EV0TV2nzJ)+VEAbOmfkBfLFI~=Yb8I`O3j_2}7TbferL! zw=t0Kq!0`cYFimeX|rij`A`ySxh7nX48VSDqy`R8!>=soat9ZDE> zce%=~%H&H@%)%-GHl&84v>+xOetFV?%pTSR1)Kd#tcSo`#{Mf)3)Nq?0>PDtraH=M zHFkjxnsg{bs2VY)6=8z9=pX1OU(9|5;Mil29rVn5?X@S*KKuN&&CNspQVQ2}4lwVY z$GH6FzmSS~WujpuLxeKmyHwRv3#BT@F(f=HZG&nSwbsh;I&=xjx7$EPMA|PWb*0r& zB7!O%86-(nGovM86bx>Ipx6fA?SMZSUgDBll+f@S!NJi7d~h z&WrKrrp+wb(giX1HMg&-Nl}%gX@t_G^9H2|L*KZ4?gFFeAb==B`9Abj5P+|K^Xt?9 z6VAtDk2#SguP(~<^>kO3suncWCXkM6D`(H_BZ=YgyEYsO2ZcA-#=(v!M^$63gGivd zTtt)g^PIBxzSN`=Tye*JbY}*Lq70jMcJuLH-p0rwwJhDRm7m`92uB^fC)a)C6!Jx* z3MsW9k`+Y36yu`uWhX$e)xNT*K-qSJ(%iolQnTV;T1%8rc%H+`EuC!d=mh7r(Ab-= z1N3Wu!HTN=x1a(4wH$yW4?T>14nC;<(Z4GN0b|}^=X(j2}TTsiNlQRS-J*N zC51mrMD|=*yplbKj^dXe{VeUF&qLeS(&(m;j>pg;%`8~6f=~YN`-Gu1(yj`aI2t{w z8L}DhePk@bq2tGL+SG|0Ii{82wPrrLuUH_ZvN*bk&j6k$XxrJx=FT2;q^L@w)ALHyu(`dPKR)>a-#lj|QY8?sBwNhz(zfm32!__z zF|syEB#hcsNq0bL(?gR|5JpA%2X>N7*5OGHt@2#@bbbfpqY zS7(W0mtME9_N4;HljMsbSHHA~(G zd!Jx!S1-7(d5!<9#aT5HteeuXwaP7Qw~Q+RDnh$1%o-0bE(6dTHf%ijgcDA<=fMXb zJgxetUwLIA0Gl>#x^TpZ5$|nlYg4F5vc8QU{q}aIjTy`P4>^jg&LNaZj$~<&PDsPz z7P6u*p*4Xn5O->;w2?$v_{UcTV$=+3Whku(q5?4|Wm)`KX=s}?=pruhvV5$$*Dj&X zR_0oCW&ZxnR7!(60N^?iFt9J*tm_I`8*fxKb!tS5f@{Sp={Gn>XMpYsdpv^tWG7vI?NR9(Uigdh@LeNhkj2M}!;X8-#%g673 zf`Pyy9n}rde>e%y2o<4gQxK0E>uC8pL8x?s1rZEwg0aJ4Q=0&x=RGp-RDh||r?6_p z>hiB#c;STzAqFN-oYd4IWp|{Mrr-s=0SK^XZ~v)xo?LJFe4 zGj6SSL-E>%D|S)q zY|4Zn1wjy@`ZESC+_glEl#$8qDnsmg_Ut{x`~~y>t-=56U;jGa|Ni&+(wDyS^`BgO z^~vS)QM!1kGzU%?MZFi1RXs>YA(d-j|Dc<`KqIAxBN8OyHN=D|h#alZ(pZW~?HDM& zO0UE0wF(O4qVc1Ev-aPQ%^y6UZ~o;kEZ(@uNbW`vTERu<9mnTSJO~wOqR{sEwSz+7 z3d7hh`Jf1~Ys*~^(j6(|Yoa90UePfS+9nkUTvyUrDDc3d)ev*|XL*7QN={4mTvFmV z&VO_){jW*@_TGD6UVeE#vuBTUf*=TATrj^fv(r=udryI(%`m0aLZBGI9$gVC5ki1; z(Jw9Ml!FgpzZtU$f+AWwq!LML>eAfy^y9qmic9fxIYc6jZmK~{98NNoU_wJ3@0&H9 zv!_p?wV{ce?^93#QV9~mcweI+PzBNnmuHqN=fhY1o}L|DP?ti)Vrb!k_F28Yoo}wV znQQNTlJ1^(afE?#Lpw?(0U;fu zo+pi(phhF5Ll_18VaZCqe83(g9f#h?K%GYHrzDOeOTJiDm44MCFO6(TNyd-(?V_c8 zeC{-+G}qH#2yG|AR0Ptp?4wB7{x7c)i!qgjB;yBsb>8zNT$jJS_c)|*$QA>X&e7Gk zoyK%4u8bifg)8iae}gq+Bty+>@T5yB(M(^i4UOQCQA0U<`UHNzXa#x@YyBTR4}`6b zl!2XVQ^=h?C@IUdyVuPdLeP^(A=FPY^yI0Nx2;;Sy0!Y}e)-E^0`SA1{IKVz z*ZlOHCm(<6wn#;qp1j!b=u>?APk-h&U-&$Z)b{W*-U)*OsT~iM(jn3T3Li(r?D!tm zG)kaUNErFJRppWpk{~J&slcv1Rj&3GKvb*}ZPDd9ZmlCCdw zI@yxF|DLIFDaEaw1`&1d)jcb<_oH7UOT{qOVb?|gUcH!uCh z7s_OgL=xxxV{nHx^7TbaNGw^27J`xK1TpC_ES+RRLmeY)Qq;#hT2gV+g)TfNj_0P0 zop>yPv;yB6*Cuz>9D>s7HZ3Qlz|(?D&pMS!qvL$_xA)WA-^tuPr|^~2j^e;6qv*~Q z3?~Q=v};v(BSMTCsM<|VURnyJ=M+`2TB#*aDqu=tVvaJ2Z!+fc#HvlSZSO=R5`zS$ z{wdI37#cCT|B~y!Dgk);<@ua+^68_VeRkpEb?erZ*Mc6_2zyL1(!S$|7>B4(p;HNT z!mCX9D9~{i)@){2HsA|qegJ_c9Z!<1sbOR1PQH2LulU*RHyff*a|7|Q!KpuS})wl#im4 z>}@IF%JNcQ(a}fTg%c-^p~v^jqlRc<$X?|{fbzjDEYZhtAm(~ymUqUFcy9Z4-ZN_| zqiPala$$LPSZYmVbpssbAgm(WVAj3axJlP#VS5KRtys^|6Gn6Pv~lzmL&7LP3W?)r zieaAa+%}q0BXLEnYOHMcCwfVV(2W0>L%z;!B%__li~y7hiJ~H|TT>R9Dz%@2sE8&)3a?BxD)Gr8RV3ynUsF(5 zPgIt)FLrGc30nfD;z@ot?`e9wy7|#ZPe!Q-jcat@5hx|una}g=hV39-A{kOe_1{g- zRu+P%E*qL^RB3$QM|Sp=>0PN*>iyHFPW#K|&6{fgXz$f@^%)s2M~dakm-m0`+n4jL zZ(jCqIU_Tf96<70mwoFtU`VO>iS0Xu51n}=`?NL_SCH^r9D5&gQAmF=q$^+G`EC8= zLq(t>Tmk8LjA4lw!)p_auWw{zZ4*P%^~BsHN;`mSCA=-~$Y2CG7%dV7Z13I9ku%3} z_az@-M|VH7#*Dy~&^eH|($x|zLxeWkB+7Q~Rr##kUGH6%l_kp@8bMj3L<>=_{zcjE z0X#==_wy^ttsY}$@K&jCuQx8NOUmK^#N%;NsT6tJ9(pGM_y?}x!-jL_xo4#xy8poi z8#ZicECY6}!(i%I1DlR%DUV?(38a%%>Ru5@2azkH7cAwH4}XC<)25KkWm&s@2iM>7 zJMMjS9-DXWfFTVuO&`a}drjly=~LLVWh5i(8gQI6N<%>@<25ZTb6RQJbB-*GUSR$9 zZoc`4yC?)9B9*j|ltxRhN*T@u!9>E2lo{g~sg=>OmI@+CU0ssX58W5(Bv4U^2DS}k z@uLVY<}s$OhA`CS-mF9#wKFYoO7@sqqfo>hho`r0=hz9OtscI#dIUyJRa*SOhzLhG z!bt8W9Z5~nqdOn4c*8c7)(mf~WmQ)%QyUu@QIo(;#%W0l0$-7jLLxszXwzx~h0x}C zq*iDl4H;1=YT|KjU$&lAz5RS_&QvDU*V3O4i3B)OR0wLq!4GqEWw+6s9)T-UgZv08 z@V^y0viH91=Z-)~XiN^L!{0(NRJ7Km_{=`Dx%i=HAt5ax&A54iQ_%>1OKe_4PBI$# z5xOyLA?Pv<@C_0Md*4S5g)JTEOcsP{>FwygL~DJX5F)7lmD5f+m0$n%`t37k&bl?0 zh+S697a$RbbdpC`FJ;b(2^>6qI{9L*Y~fn!-wI(8BS#6O@bIGn6tyN83XsZ-grdQZ z3Z&wV<~`Y9DYPJr0zA(qb~>VDVxhId5A(!aE2wXE1C#(?6-nAjkCLLLDECjbA%Y3} zZ|pLoFEpO(u%WY)YaaX?2hN?w0h7m4@KssfS1C=>jWci4cGmaw8BK;V>rlT=$3~!~ zCRNlV15G51&R3K#qIw6+=Yhk*g$sAgo;mC2Lk>CkuZ2R<%ST~-Hdcf0`=YtIiI$cY z=ie3l&ph*Nap#@4>#^g;zOrfKrfDVxSHhh&k#BtZJkHy18VM06=B1I+BZ!J96`+WS zbYudyj!+tMVZ?wRk@F)q_4cu`x4;vd){u>Sn&WZy89AJNh7D(YQ$3E8CQ=EMbZ~`> zvZ83lB0%GZ1LXYzP3bg4YSV;aL@`v>O51+^w$zWx$*@Ty)NX@ql_7PN^mT>ksBKHn zj5{L)N^4w4u)QzGGt1UN+$~QVY5f+>e{_jBT-Dzy$p@>@CKV8m#i^^QW#`VF?<4?k z_xj$qzRM-w`UY+7ZQOR#t(lI_j`EC>7%>z*b39^VE4sDG%#>A|n>kLoiqKjZ{r5H7 zsfncsP<-|mKj!(xOIWdP1$hVb$Pvsv;#fYo&rD93G=bqYjYyfY@DzkmgwPJkafoRw zsm=DZg<+aTDkAO(uDbaFHgD@NNl0ma+Ht68n2SMButwUZY>09l6FBf7JHRK-J&gk< z&mS>I{s7=K1gMdOIKxre!QMySnB!5`A63>-xy&f3iP$2=$&ED3M77&kV`nAaYU!MNeDbRAl2c6N50Ro~RO zH}FFBuibOsy#RD~cX?4@#|>SFgnP7#~3g9?5kW+x4TxKMN@*8|>o^p{ z0+A*5DXmdbp&}FTgQ!Svp}j2s97O>_Y6@X5#es|wAF}Fw25^$}`CZ7sK8I}=xj+~e zQHjvBw`>w9aEOSI$^kbrme0!cmbFF2gkvUK;!cw9-SG$XKp!7G`c#r}hoY|xj$vlh z2%?aimaVhsl_*VyR{3r0nzET6NajN;b?XplAJyH5Fr#R?b@WIvWy-|FpKko~GavcL zhsN}D_tMqVEnTH46bjVWH!x(#klerPti1Ei+x1yzowMeSJ8qkVKntw|yVj^MAc%Z|s6Y@ENr@r}Cxm3kq=u0QM<7u27a|t6_we-Q zc7C^b87;8{M~xrF5o3olwziq9h~df5Cfl-1 z4%Sq}xn56+au9A-l>{iQj9RHSek4(qw!iC0o>{qpj-I~qsIDGl;`4S;fYR8Ju1HAR z`DHKWku+01?<4?k_v#zyOTPcS^T+(<)>~J0baq(kDS}}w=)ESx_>t&g4JPZdH`9zC zg^=^n^^Ot8QJ|s#w(TSnhJ5LF*BaQpxrv4YXL97M$y_jJDo2eSPra<8AYzpa&(5qX zt%wNFen3HoWg{Hnnvpn9B&kUx`0Fccx#!tej7+d2%dUH_Fidw7+yssd6k3_U6k3u} zXvJ^H!>~3(yN=dqDTukS zw7Z9CLz);`pT_q?T-Pk&qHo;c2Kw{t=;&tY$_=dAu#MF#H?eBv1_~X0P_S%PX#!PX zVcH(0=m{fMM9R1-CR~WeNDOag#;gfUoic{GGbXV2tjP>%sG&Ay^a!FTo7eQnO|>koMJjCX=w-&JDX%5cDUFcYa#bZ- z3JN~tLxnE(Q0o;5DWH|{r*Nf%mJo#ngosd9Mp-&Blu0v@N}9QQgf)WFxCpe;WiqJ> zLK~npnPMMtH-#f(NNq%}9Gd_UnJq4)(G}1_nh{c^NyTHlv|%m3o%aNLPM^dP(5OE;MU zMwR5njiv(vTsKDCOB-$@M*PUQIOZt$IfAf=)**2ZjvhCR6DAHPQ-o*R+IVdJR&HCh zfpK*;95Hq{bA~n3l&U4^qzF{OR>rPTUbIQQDWI(jp_WzXOlj;-50a$*I~%QPGQgTS zA&kG90Hq_NP#D6ai`Nq{ zu&tw;TrN+L_o;12Gkg3PZh86@(@%CyhUf}K%yICvG5zt-HijCp8|9e8I6@eY5dp=Z z$ngj5#qTfrI6~B*bY$&(H7G^iFM?9E)WnE64!JPIQHl_ZAP@?q!t*>lN76HprK79B z@@<{8CgME$>Poh4>tyrR?X+)dr(X`AKj=gYx~{| zx51AJ^k&-(G0<`X$~@fN>DQNYc7<>pY7$NK6*}mP6z>`{f-%jFZ0;Q}B2prxA`tQq z5`(mcR2;hA=rF0)+Lb2gxGrM)SoF)w0rboB=b!tfFMRQ5KfdPbr+0mXhQ``NS9iA& zt5KSK(I?Z{O%N1;0LR+x3Jb%Ro>vO!$PDnQpZ%8hY%d8JqcQ1`PNngZF15)diFk~L zgvXHjI?{<4$(TodB97}>yWyBiGU?(72Uj|VaOr^KNE~T|SE49F3yq2(LV?OrC}t4C zK{_!U$HmiWgyWRQ6Qs3gHU2@;$N@)+AKY;-K_TzJYMgh3tk@doq0RAf~_b$QfNm6RMycG*Zg5yO*^ za+1`5mTA?P=G3h#HdUF)UjAhq|@nl5`edIop8bleDfQohn9$Yiz6jwhhborrsD{vkAv~8 zh>0VhrQWn?OFejW*=K7GKxoH1=WBkP)Rg-fUexk#Zz zgrg)!N2f_SfB0g@9mFJBv28v*_VxxUJzXnnw-c=+lni!|ywh>0^eG?avwk7mQxFBTX;f zjIJvS?Hk^L<+J05S$eZ=G}W~tl!X+nliX|Hi7uOkpdpp0C+qhSL`Bk`;Mj4axqjiY zav!@=9lnk6z(EEo!XyACfdKJFzf(b-@FVnyW*FKCJ9~sibNd~)-3hc@bkRjzd+oL5 zU)^KYtSeWqTze*{afBgJt^l4xzEGefb*r@5@Y>Er83P>6D{I#=Z~Z!o$t0)&ll*B7 zg@_^bX2!>mWSr*O8tURP>XJzs zYEvXUhvvE(8d7m;V=v5Du;G=|(PZ5_io~kv5K|)udHzAIU^URvHJo@5`%$+@h zQ}&udwh$mJ`PCPinwZCf>$kC_tphx_WV&DowKCX!^)CcEQV3s}c9|ALI>gTyeSZxk z5^-kFoSB-xV8MS(@CUg3vTp&fWZ|L@=d<}liSu;m`%mQa=N*fP>PRK(jnuNPs-{bD zyNGOita{2vTkR@AM1-RRS~$2~f>#c8OoSMMYMZ}MtwZRNoSALPt4 z&%EQFd+#~f_rq9;!l%ACu0_F5rfXz!DKLv?j11S`bFX%TzK$)eD#pS z8Il@;9~t6{ud5+Zjg~ozD$DW>o4E1Om$>8kC3J1w3fnu;-C5`!u!Ozp#bZ{2dVVRS zTu9gB3~wYgriDbp!OtO)f$V+MuP!cOQI~U;p8L^4mL5z5USE0huBtU%ir1N?BKRP_)w|;|V5Bo-A5N zwdRHoAO5S_+S-S%yY9M20MEQ0Vfh7>_i^?)=hU<`HGgR1=FQ((zjkeM{l;|!LBt@| zj)I`Om$vR+{=9fCcU*rrU;6q-_~-{u!bOnJ7x92d2jw|n$B||{4T-j7MJ)wdI~2oS zy8EHIZZtxbByV0DY0GDy(nu+AiBS`4q^Gb0l;Gg8!}!aJRpf%G0{siUd)WBRoDEgW zL&RffDa-xA-R4-L`WBcmDwHxl7CUQhWzYjKRer=N{aA%N;ub zBUk4~kjq1Tieea1n$VXzLgAR?vvfP8%QNdYP#jv1tgk^uMmvHiBIU-p@BPQn=p`ul z0UC!*U0p11?_@=LH!IruSk>9XKqd#-9Q5@DeGejxz*WZf8X?h2q8-g0&%eMxp~#m`ImlG6$`EhS3WpFs za`?@{74}Njjp+S?Zd0DEa2T|oiX$eH{Nv7z4zXCW)v!2 zCULhk!Jd<#br@pIP_*Yk6jlyQX_=o&R0T78V|^c2Yi5od%C`?ch*PHQMOHcZVPF@F zgOq0JNU7+~ck$HXh1@)EKKDKIGHl%mJ$;Cdf%0fvH5*h2i7N%T0_BH9g(4J+sO~KO zmhE)E45@L$b<2!#!fQwYk+C1AN^eDIv_0$!L4@z;87TJRiUu=xD-BepG)Up$s(^-A z%#g8U6>nBTOgb!S@8*BzJ;joFufmG;h&5ZPgP7Gl6L_viJQgF9%`Qo#l5+awsbboU zY0GcA>E?3)^2Gv6mM&q*(uz&#*S_{OuDId~UzOBks)Rx9zjXsYwqNDzLm&FkuU~lK zg@aeDSfS&|#JIrs(<)Mc(D@ym;=7-{lDq!&S1!KnBOI{*9HgreMPbt&Gs|BhHcD$U zQ##N!9>rjQp3Dv!(j!cV+M0hApo|zE}H|noyt>d> zy{1!XnayQ2DiU<`Lu(721ASzpqDh>rbaGj#P(kEJEZ(*aJP#E{NbR9?2!6;VN9@gn z+FH7b1yTtk;4)|IF!q};f|%pd9|aVA#r8~rWgT6t=^9{lPahk4`smN(DHcO=VTjhy z;(3g%t)a$|G`I;+KE~`3U^cx=a#*SWgQ#o~?I7s) zi_n`b_jHvX^qqV5*&Dxd@mKlbmH!zCz#envvUt&}OrJ9KmHDr{Y&zR9j}ty|28T=? zPtqL%QHYQVr(}H$yLH_xnfp{<=ChBiny6#YBXqgnuC3gzD`K?NjVGJ$W+2x|NRdEj z{3s+2yl3VZ&Y3ZeXSeL&cS~1u^RjguKWQ|Fj2X$$M9k>+D_vzuq$??iO~CD}l1-|$ zwGS7AOrxqToke-R31TsiMXNXP{EAJuo@UN-&U#z@fY%ln8iDY`GAPj2zH{N{ zF8X}-^Iy2=odjTa*A+kb9$)*POL+B_1srhTA)or|0}p?ytE+2f>C@Hm1dJNOhy!M^ zV@N$T)fgtd3U?{9s{DPW^u0z5<$ZH!asJFXwA3__2{ho_1JN*Bwe|@00JlB; zG{3t0VHPY{0bAOQzIQG+sLKNg*Yg-QbQrl@?zaP(OvkXMCgIg2Y1`J8k0;_^lTsvx zv<%A+^bb53^W0hyaZKCei>aGEN)MURYKC1bvC!2H0Sd=4V^xW`!!K@mkjbNlbHJ>< zNy=JO2{{njm}5vmQ_6@2x#c-}hg=l$tCtq@i}}kKSi1$bb->y!r5CP1%Va7kh7M`j zvT5_?-?z37kIk90*T6mZ-1EIcF3+or7V_$%g`9TUY2u!H?%C~*xZ;W{UjKgX=HI^i z-S6_7-~5IfZn)v&rN2AshC`)*GJ-JV!11k|Gi@CGzNRKV#8^Q)5n&io^aB(D4&X@5 z_!^IC^{seQJn||c>xc9deKz+Eur*s?V{euXJ$8-HmMC(#E!)9wrVOYNUMaL0c0`^6N+Lq`R-1j~;g>#$QPi+LoA|{^qXLn;3`! z%9`Kh_+~3wZ4)ysEB{_7O?~Kczdv6n!a$}J81&59v(t+fE&7iM{s4;?y~^JE?050} z1uvPYO<>4DbNK8zN8^YZq>R~sY4%RpH)A*Lv62n5*hO+r3&$emdQjzEBHWf$N28FM zL<2FIpfk7GxG~!M(^Cv_5gasn1P6^7&a(Dy9@(&!E1!Lt(RH;PIc@}Vhqd4d#XzWR za#|YUvzj7hUyn-ct+*2F!L1F;8;YbsTWeg0|D87Mc>V22FkZk*Qa3eSdKaQa4viQ$vnNi zlkYzHEZIyRJc)2)gWFarFoU~c1fF8Q(PR10+}WHoc^b_%jY#c~@h#krBt+wsJ>wNR z^qIeU9SiP$8alcVK~!cB+u$$8Pnbx|b3eXi+t#I1r%o?E`sm*l2_d4b?QPI*UdFhI zRK!!mz3Rh?tb@7|8O)N1o%^tvgV?ImFgZ^zsd5^8A=F zV`L_iIm>aJ9furxP{*blH?Q5eaSIzaZlSiemWwaGm~VXJ8vwjs@P9j3=`jJm^PS7N z^wP_C@WK0U18)1$SH3*->Z`9DHFVgR|J}M}+kRR_S_Of)_vXLx)T1wP$T>%I(P!Vs z?9oHW=JOP74_he*fkIiSVRM7b!8VZZB<0kAmn7-9xH3Yi3_CM@ENt7(s_sr!b@b6z z2vjanUNYZiyvL0tLew(Hr83{v1&lHof@L^9KWi5`YIDdhp{yh>uAGI-5gx z_0f^(Ctt{usHq1XmPf0E(nwd*lN%rx1$b_ZKm};wP?w1F#eGa39-&Fc8i+Xw6J(Wf z4pd4J=sYS42_m0jYjd9cC_=z z`i*q^K3Y1o4P;oiqm609M-mVq5O|);ww`W&^5DZ9Hg`I6#}6Z~!V;!K67A;!zA9HX|ojO&lTD3~A zT(RtmatFGhmXCk(3??+zp+w4R_9=^0>Ni}*yA4!TDx16hd-WenpQqLu&x=!^8b)_! zYZcMZ$OLD7b3dmv*E6}Po*uuzt2?^6aq%ktB-ZernUgqt)Clq_Am=M%G^S0zJ`#4y z%Q5{UZ9Px47K2H&RNN=Ejz}e9ytHmB55KY&ClRljxDmUwaNpwgE=h%yTcGx3*hwkD z+n+D^esD!YYy@(xjVG_`Wtd zsL*&$XcluMh)F?5S1*20M7y?lr!wjyG>opVB^8U)k;}8Nql5R|{RpeOdqKFcemi>g zMr1aJ0-a1Gg)3thc6WE*32@_$H*?%^$MEpOj{q<*Ffb@k|NnJedTB)<<)SZqiOVm) zY$vdDU|{q908Py;y1T0b5W2UcU;OodZ|C91UgU$HJ&(_xdIT*EH4NnQ$dXUEHm+re z$d2xroIbDmsaGM3+PCt=rY+pJW)lnBJCLqRjq5P7F3#k-1}2XhY2=d;Z0pZ**;6m$ z;1W4b6~t%x0B^YipsKkQCeXW1S!&sgsw#t2HP^u6_0XS1?=ux*Npu*1)aDS3BqEl8 zkwek_8$oMYT84aQ^r+Df&7VJi0l?=zcM(De4nFW8o_+o~^Wrz|Aehj~j{Y8+>za_- zCz1|Qo5qSOB<ZaJ zOHmkzIWALN`PZ9K{r#MK=v-=J4mqoNptQz~AmzsR>*`hP?9Ui9`{L0HP_tzpLB4qTD3~gm@(sp<;#}?jzDT!4%w6U9=bOfKcqe# zLmRm=9KD;U{g3e8s<=z0SXY*8XXK!hUOfq~o4lV#N~g+S!jN~P2&9f^@DjXh+(=HC zG>WIUbnx>9EBNE0ReW~8SP#^)Ko# z{N(3{KJvE*R(ExER>r)&7|ygY9B}+0eE*|ovd_3yIx{(>j1%H8sv*u#k9`-H9GYY6 zK!%P&k*psuDqYX;bR&}*n{nK@F}*2hN{P{1wy#M|Oh!tY9l%}WP;s}ke&4i=Wf-q9l*Vf=UG3%3V`rRc! z6e$^9Q%hYW;Lu}lJ-r8A~FLhk!SL-*f{ngmf@)-}~P8xa5*c=6NapYKnhh>JIqCj4gDEjS-y@(x3rTj6se6TICRW#zOesHCe$}GrlE!UWF3fD zc>@Q<0s8&zM3Lmq)th*=eJA-KvcQXc>*vFu!c&*YlDLkAogEW0r4eFM(t*|{#QJUM zCtgL&oB$(R%8Ggjlf*Kr1=eo`Kca0%8;N*g7O()|r$4=xLk>PfJoD@`!t-J}2m(z< zk5JpYS-5QzdyF1SUe*ER=9#Z0X*?4Uas^l!@awYSws)sw5l}A*72#M6X}u_e^;ZQ zP!pq2^zcd}tipiYMqWcB{)t8Dt|UAoD{Y9$F*ive$XbU;Sxy4V#hlr$!tQ?o=zkZjBIUX{n~Z!Bme+k`N|jh;SaCo)Dur1 z{_~&z>My{NU0t2#mT1s*DOwKOi%(r}1|K|fU(#`pj{YpkL>+0Tflx>s9Z}RUG~K}H zTB~R#je=C96$Kp<`uQ?6sI6>(Lf|OZazw2?szJtxbV$sTBxMRn@$q+`#M6Jglb|Og zhywQ9`+$$^x8MG+{`_Y@c}wFQci(+C7hQDG0r%W>*E1V7ZPI{Dji{&f@F@sSaQy5x zYFx$d=eH0l$L7WkLJE}7Oq(#8WUR&tcG#>}3;UWCW9#Y}(U9WR?Hy+Er(&>eCv4q` zUbEFI38F@i9wRqz-gJ==q8$AH)2>S{xupF4^Uptj_ORijPH-Ik!1it1OqB2FX5fV- zT-BH3_9y3a#<2%-{t0$pck%!o_?4z+61UTfr=oNLbMJ?Z`cZ;9Vu@Be*e`ke1)s7`616d`;4ACb*k*? z>A895&YkZOK)7xT_s(C)*?aAWBvx*b8sQ)l5LBs;s}x^9cu&UG*3n-qfV9HU+CvD5 z)VfT^Dr+rBY5L2mBrq zB;=U!tsK-koaeW;asS#aAmE6xBbYm^kx)te$V{^6YU7Bi$qu0%D}(M3g%LMDyO?a? z8!@Zu#IQ;s@a-i8rHv#ja^XQ(B8}=~A}J<~8Rz_`Cjjza@g)20x4-z|53lC3%Pu|o zp+_EAykyCeBcsTs{sQ#4ksSZ2^SJxki}~bn2b&Q&6=P(>IGWSLNhDI#$Kxauangwd zo{Uk@ih&@cFYw9vMe>1f#d7Q$vkR`&`>XJ*m1UMjxUNfE?+(tm?E9Sa{cm&Soqr+L zkYMNmbIY%N)24Nw{Of&py(O!-x;o<%@`peC>CBB=Haj4MoAMa3|5&mJ4jkXf9>cRt zXelsfR4)UeQOHt2G4vVMRL?=PX5fjWB{-Q%tYmJXwV*a0W1rSmBR%Q4(4T>Ay|830 zckYEY3!s1y;(u%NXG zT*|VF(q1j021La8hC0(;(&Fup2vyAn>rw?Or3s+wHQuIBmxg4byd}k^9q__(bZ4)T z1r`PlW!#AJkE~n2o@=i7@!?lp^TTRrSjA%QuWD=3rdib9$&*jN!b=<00 zGsa{_Kus-&9lkfi>T8h^;J6mODIM|38chuj;?*$zu48t8uLZDc;IAn5iCsQ=Va<3z zTLn>LoTe?u#;NQvZ7j{DP#ijT1RvjP3dc_v#r^9xbNMri*q+Hzn{aR}fm(}_Re9B8 z3X^b1saW6M!=nq=7*|xaE000H>3uAA{cK8pBT|-)v(Va9{}zsrj_jW{W5%lg^z-&# zf&jeq(u?}Q0}tMO`Q_gkJ?N89In?aCFJJh~*?i`tLy3xtq8~7%ww3;Dz;i3t(caz7 z&i*U~zrfgG!>ILQ3~z2?SaUt~skF@?tqiJ7#GLXZxM6}jLZP%{p$1#2NS7E9^OmmQ zv6~+zSi70qUB?`@O*Q40xU;>3<{`~*DN*Y0&(PRdcXT#8@D;6$Iz{uW5m29GN>hfT zr}dMI1Th?rnw;bL9We@inxv!1XA8XV_@f!sGKw&=D2Fz|s6-xftYg-x6UOkHmzN^^ z0KKIHmaVbYrA8Ao2!e^vJ^R#pfNQR~`oAIp=iR!tl~YPgF0#S33qI23># zJE10y8b6--4?fKkvnKNKxzj0x5rOgvwW+361fhtKXtIS4LS3Y#c04+=E_bECtc(S* z79p;*8YdGwuZ|#QCraLG*;IxkOLORUVM=R>TQWfrRkPOdI5Z?7o2iVP3}oPi zr7&$QOdJhLp=%S!;X_f|cLM0EfBw@a0CDVbC-Aq2A7tFv(QMqb*;BwK zIMtP5H9R~RDmF$*wTVVDg&k)9BCT_vWX|{zytH^Vw>|$nm!ESM&#hU<(hXa<{3FLx zpG?!2$=d9~Of)1t$uC~rNN;};5=K;}G!;-ftOb_rXJwBm6k(fnXN(H4W;#!)gX zDe4Kq_=Xz3dC*+uw{`H#1xuMddzma}z+pe7Gnh(t&T#-%Yh2;d<^<>GFT4>1oWh0>qe(~hK2D4>NT;WTp3v#)adQ_qvl7ub8! zWIph&gSqhJ<2Yu{EXIr&LRWte#bQt~jCdW`)o=T5jvF_@Fl&^Cb=#q*3t1FA z@bL5Wh5<#TQQAQ&V;rM|l@HPaAv_Aj9NAnqj&yd(=4};ZeeZ<@EJxJT40ig`|D>j& zeq(4_G}W6VVOPj{2@xQ#`X~6{%PfN0c8kC`UVgSH-IXjH?^aqh+-I^ zclMT#lBrXttv>wlBmeDcZs))MeE>Z7%=7H*?%ZeFjyBsBRJ6{S$ljAj8PAhQSV13Q zQN_>}NV?2a*A`VQ>2eA2)|a@}R#I3?OSveKaUs+JMSlRt@vO{+Nrpwq5mKqLT(2SX zmCkWdP7ccZQ3v!( z0N1giN4p>(uglrlC6h0$ar0@(N+MrE#stc6ue_Qn)q+F!n}QZ_z*x=5x>}TI!gZT*W6k)o zkpoA?adeS`XY9$B-}`Pn(TqkC35BCfzdF#qU3VG>k4Q_BuHX|>r@)%6uzIuUYnuJD zy{miY-Z$TN>o)$2uhULBo!{K>>qqz9f1i_wve-g+OvcP4y-OV|Bs1inv|JvD$T`92N$<28D3eI0)aC~z4Pr= z{?!}+v&W38pkScTNf;F>37H+!-F4|yw;`&Lqsr?t((aL?C=`8)QN%G5T6zDB3H0Y9 z9@?;lm0i6!NIYrA4ILry;x5wcrKmNI~vFU(Ry2i|J6av=&^(j91xhr{P!wwR0 zhitKr{!EVTJsm9DwwbM+JJ{Z}leJs7bMFf;^3!|n=I8f5!165{iL`oSMr+l4sDXTK zuSrN-MTd;3Z(zAf5o&!qt1Qzd4Fze>)bGO=#c;B_|HA} z-OXV~9>Hz5-1@hn!-q|DU00R@8p}44Q9choy@)UhEz{V_Gvn9;%CK{#kQBorL6k?9 z$B0BFKpCjW_|vP1#*}MBdz5}_KH;xlNBrGfLTC-C1R|9z=PgsGPP_K#qmM2L*lUr^ z!J@UWcs-)A&IUQyuztPPS|{u&-(7mlQ%*T+HYK*+#vLqQvWClUxsAA+v)h6XUbPWFpTY0yF|x)$GMQxfuwga-&OLC(S!dGL*2dVeW6!?!$JgA42rq7HYb&Qa z$DDgCpFHgl@_uA0Q6b6rUG!u(lk!VlSC| zcR4VYrkG0o+3J0_D+giMe^c6c0SGLLtDz7;Di-7LF~d1_Y%2r#kiV|mOrKxC5m1}( zcx>S+?wY@fR3c^&Et?SOx0uXVB*pCx*4mbcikNheQdaD}wW@OaRMgd`|0~Yee@P4A z{`>DY#FbSmUrfYfC&XegQ<{g0wf8^Gdp`eto?o$%bVBjvb53S>(-7`>>P7zdfk(LR zzK8kwUH7wc%NFKLp1?H8s5M-uuG z(}%?wQX9i_KDbEpY+X?Mm zJicT-9eo344%xBpVj7eVO@=O%Rf)vRq=VVGRn>XvAX3&vDkdG%zOS+o{>PJmH_j!r z(ncqsxxV~&jZF>Sym|9tM;>|P5klIPtQB(W4)mrrD`)Cx>B`x&XU+H$Kxe)$_~g>7 zJ^^sePp;^^-~%80Ga$(1Ve58&_4us_HETpR0a<4q=L z>&o1-5LPwr?|d-TT!0evE5NiMEX14i>J5)jg&+iV=>$`Tw}6I$fehn^*E4!}9ZD;d za4fk^lW-lL*wW6c?VSkeS}3~Y{AUlhl5T;r6Bzjbdh_N+Wb#IUsT2-3v>El!{(&-# z+cIn@`yPDIzXkqJ*BT%ByY9GC9Ch@&)TT|FZtLyqOIjRX#A{Q0@*5ZM)$d$L7%B?I zES@J2PK45e{z511{cGqL*hn$VTU11r1HIDLPD@JOY7d}1%BN+e*pe>!pr8KSc01~7 z-5a&o&A9z*rw4XT2!t?_--f8GP*M@;5KTyg#8(lXD>-0HGlz~E$-*7oWI{!@P~^J% zo;MRKQkYf+5*-C^V+69~+~QQB0j2|x^kNk>fY5M-3Vs=5*>j)0^g9W_E>}ZC1Kr)- z54myglb#c^1%amP(fOSD;Y+yw;iu^JJ2-0gbS^vZe7^mG_j2V0@8@Tq{R|hM^BxYF zF#{=~5EPB`xES2q*%i`KC2I)jP*8nz4s4+(*N$+CxSl{pF7KK(n?v4veED|wcK6Ua zeB|!|-t+GF4tl)%?!Wi%_v+4j&#k2e9&4&2){w-}l6@zp@!S|vct|OUIWDerQPM?v zNgCsVd?8DyLL@F)YX*w#B;6XMlQ0&?!XaDeAW#J}j3q!T!LSiS%gq(h z15!vFT$DDF*n3WB#Ssc21$#{#MSUWH621klWw{#r^{cB5iOW`ILYV1}GI^`o=}l?e z?kv(b$u--%26u(EhLsyFkH#kQ8#n#vzB})F?C9f<`_84Y#*QB|Ry{WF(Grv? zv~U@<=R|&ZmOoBT+%j>VPR)KPj2aCd3!IN*&IcMIbWhaItJF!Hn5glv72I4 z1R-!liT@qhX^d)!zQTRcy3zsHdY9y`RA>oF5M}A@-%2Dxi@rt{fvb-EdN+T5ZPG{; z2S93pR05$uO3$9_sx0W_`%o8?96h0xI@jZ_=a;f%QyWRoG3&%CYD($8WdxwSmQ__- zPibPVN6fX4S9(j4vI&4j2*LvnJn))#5`bN<-rio4=@hwv>@QR4kTqFDubp zixw`Unq0;Y_l)+x3o!>A$9^v*Qn=^|)Jwzw0J#A9`4v`Ppv#UA`1JJ?6Y zftIF*^7C(R-@*UI>#|F~$zzW_xpnmDv0q80)8-WE&%(|gZhHJB{7_-ywnE|903F z4SK?)i7b9~(Y%j+_2%Fk=6+9 z5a@_VMAXJT?pn2prQ6yOp5-%0U4C691DVnRt))XO>l5oM7=L)*H_o1e%271=B6Rf` zo{b}EX&I6NnD@}b|FU)doy)%sz_6ji_I7a>Z`izvvUou{$$sxYhF|~ra?XC&!RSJa zp|wMqJA5R24{v66a~+-|S>4mm-_~#Et~Hxj(B4fDDv~lJU)V<1z$Usg+sFp}C;<}J zCS`{EVeX^t$0Mu=ncYjmjL_=pP%0o$MS2Fd6H-KKugvQ(rb87c)7@9tmE@wjWmFpT z)WQk~+1Dt9V+4(~B^?5Rf_xa!Gmz(xkH2cW4+dlw*7M=*j`~xzo=TDi^~rbz`OuMJ z{ulhR3ZPOty8N5pe&9nNx!|1yVAm_3%~4lZM_*sxtt~@Z_8U2JWTk1hqm$dN`XeWP z`f_f5?s3vF2iK8AmOxT6Rx6GCm9(zQOwB41iPj(^X-EHz=XIbJFF(JSAAkRMy!T62 zaOA~T@VVdrmbfQ*-$%}XxK}RuuKV@>UJ7vh@yEZV_t(B-M_77{L}Q9V0JFy@@m!Fu z!1W@e7vaVN97iKv7e^=@VHn81%91PYBnW&`u?8cwqBX@ZLm}ux32iJ=waJcS5wx~8 zm!H3{x1ayZ*K^N3`zIBIi*yNo>+EIqn$0}Dd@adj!hS9`o|ndS?D!8_RqR69g~hIo zn2ib7Rh9bN&H+k&XlqubB5P13EQ~E)JAS1##680U0D>T(SS4mz0UF8eV@UwO$_o|lCmZXc4;0;G@vCXMDJ zUw#i4p0E!;xbt43&_yW72RDl%rCM3F)Z)6#K;WT5EtqXkQiu7VVUU92sk&>R4!M=PU<+MPKA3k!|v?gKL&qnjF= z#c8LV_DS?0L3!fw6o(ylWcaUK+u#1q_qg=3Z*ta|XH96|**-rE!n!h3`$}Kys;1sr{RcTed zBY)+I6{iD)0egtmK1Uj^jJE6BWdhpg*0HF z)B-0{K&{?F=JENg{M}t#ckwmsd)gOy^yTF+b3$bdEAXeDeDcY^dg!5tIQWpm{_cCa z=%R}T#S7uO$aDfB1+zyxL|WiD3gP;A@et{TI5CBABOJ%Ww;Bj}KTAH!l8n{i${0#% zv<}G@x{a5*c8#KzRHjh#GzDK(g&oEJ_3M+L{?yH-xlYlOf$ki)KKUx1&_ay+fcvQF=JFhYprL`-ecnn&ppd0fBW+pYqxFvQg@*b_MRy? za4vf4SdM%DiG2S9Cvm~ybLq--a@+jps7t$a^=IuYx0#O7Dnbi~f}g<;vj}P2105tX zDs?$cGgOGsPSt=Ld1wJCFTwhbogDbJOZn7wzo1YE$%TS7tJm`VKiV?=-1#to9bM(SK4t3U^)q zX*AW2C6%b5HId@1>ErmH17|V2xq;s;TEnLvdYao;ZKe=LAPV$nx6skEn!emNqA0?X zMrcP^E9J;~vYWLbDhf~Yq@`ObjSRK~t&!q(Bx!#LhmVmzT2RmWN^eb~BeMp^(or z@6pG{ed^Pnt9$mDr~dAHx%S#?O)pt`9ta%IA#{?o)H@7Gn_Ss(0z9{f<96e@8HD5G z$Rg4aWQrlVLSR{?f_N-#d<#UxKz=77k+Fp(0wM8a49Agt@u#=&*Wcb*x|te{_kTI~ zf8YZj;F@c$xpL&l;pVVb5%l)+$o!RTZtubIq~&m_K?FZdwTr4Rc(>C zVHdh98lY6!TmB6T4yC{nzyQ5=?YbZC`g33W(pQ)`aZLL_Z{M5=lP2ER)Z7dpmMmG! z)jzy);(ZHWI(y^xZNnJIX?il~Nh3+^Go7!TeI)()A~8pD#ruxqrw`rBvuidGYBS+1 zg+l8PDI|f))6u_y_WqT$^{k~Qvz1J-lcLI_bYN>giKAut(2t}dAw8a3y_y5Rd?{_6 zoxJdqYgqil@3H3UEBMuyKh4z1lUeZ60xtN)Z*ZhbAu13kza&b`Ba7G3*V)H0`%mSt zY2(QhO<&ch|0~*ZIc{FE9__jYnk|LwU0oaPNLnfvQZrCQxmJ%pmxrA_2+&eWUU=b! zi*CI8&S2}trC*vech5~ixB}3Lq@mW{efORJzpv>D6DHvMKJi3+;x#}1Q5#5wM(B79 z=1%3@51+lMSZN6xO7cW)Rmi6Em5g$+NOmpL&7}+83qakdmsx` zN%W+2`t}YOqLvaU(2f+x-geuqGvDm{`N35`I3$sXHG?r1DhNqK+98=Jc}7JzB0xA< zq|75xmV6b_lT&o{X06PnCJ0TxGE?Xz)CHsNr8N!?(ouv$anZGZ=Em>*+Ax|0%7i@L z_kTG7_~Re{2*5u3>~le>ZBAPkes6{cUs*{!=2pS`s(knuq)xx4uV0-sTCAJ_zkm*c zvf#%*cG=evD0CF={?SV4sI;#yohrw&l`B`i=Etx8@ej*^W6hd1ryg|hf$xsTGT5DXOHyiNq%d2o}Q+)BH zL&+2Z+sCzDVN&w9wcAlbx@+LCpo5N5H1`%Pbr5tELT4}dJ{m-Gb8~p&2`2^s zPd)W=F;d~)we>Zd0dd5kM`Zt1YkK|q^-P*LX{PJAFAHlDPCN!vM)Sc7PU5>CJdU_i zOUh|NsR(7#m#RRk%LNfYpaW0}*NIV^8p4p8F{Bc$C>og7+`{Mfox(Q{n$4a=n|Wx% zX1?&)e6D+CHSGgA60%69xQ))f4fGY;iGpH9^0p)%gd|hwW+2yQ$NZ`nv3`R9UtR6% z*GULoyFYhr3kU>SM7RhNagXaCdWpsBw^Ngh4T9|dVG57s1_`ARE;Odn<_xx`M@B?U znU~*R_Kx6P?>hR_cM^a%d42DD-veOg^jW;J@Z}%vx##}ri4!M2XQ`xG2!U$v;-x>{ z&*#qn90yd*ZK6VyN8nydOR8(sS zBC^>Gb+xt6?7i2%u{ZNx{6Zli?XFagq!9C{OL-s_N(m$}0__k*X;hR#Yh_5xO0lV< zz|OwD@@6W888XFA{3vf=S&SOHB1FnK7ysf`?zs9-h=D8u*T@E-j{|P}zup2k=9pu+ z_uhN|(Ad;$J}lpdo*o`wypA9r8fZ`mYx`Q3fQrdoKN zpAl4zVkHx0B49^H#~TI?fWO{*->s*da>|Q!sT#J#)a0&L7Hc+l2qFo+z0f~^pAA4o zjBl=?C2dAZht<~;<~6k`kB)qSSGRZa!uD>S+q#oi+j>~u)5p@zZu)&i+D(#hTpU;7 zhydTu(4E^xd;cbO^sQ!RW(|d6Cl~+uCN^%`!3`H(#N2U{7%1k6B8b9}Y|&@j&=!9C zsSh)xbp$`Y`(Acrx^WyqI^pu*%PVQy)WQ1>-;=2$8YqUooi;b!>0A_X_sWe#O7Oa} z?xOOMH}@Awlvw{70^f(7J>}22ySw+k2OfOjA%F>!CbD$V(yspA-myq{@ZksN{HxaU zr#^FGL-Wuf_hqx$dK+P2(r8Y5_c46^yrWT}CKYQzJBIk?Y9sGs)EG;7P=po{5aB6< z92yC6bIiw_Bn>q~sZWh29UsGx+6E3C-NM%o-kVDg+LO*~p7Za1nomFcJR1ixq~n@G zzJreb)pY%T?7elI9o7BE{XS=AuC06ALxKcLaCf)T(n19))ZGOsv{a~jDW#>f6l;qV zw-8(+5aO?IVNhDTD(SR^gEk z2Itjatkyd`lpWjuVuwGgP6otIg7EOMK#bXOJm#+1%%5k^rzYvyf=&MA^^U z)|-_+MNpeg@ZG=M&COR|4+B{=4q5~P_!#iue|zx1?EasKLq2~h00$p*;6LIMV{1Qa z)^28V|A4`XM5qyqE|yZFR7j`-i%vFp5=TlLX>cS$YowH9i$y2}R=h{Q@h*TKo>dwJ zy0S&cSENNMXlI6Zq7p7RR;xb!o$-ETGBN%B^;0;W9l>P(cH+aQSBT$x{bp|wa}6FP)bt{VBVIk z+`M!dcdyvM3!4X6w7rLcVxFXQkWPpa0iILh#wQ-*&WGmk&XW${km@wM~aw2qFH@ zjoh#Pfl-OO@h>-xdhVHLCt9Zn!MIWEf5L%WanUJ+VVO*_g_KNLPP=2UELNIXI@*dj zxpwR!37ycI|H!C0V8$p4q)1TXHPBHrg_edXB)kmc>+AUbaR+eIJC4GYg41t)kS{zu zmrc1MxRPR!rK^7(Jwxjl%5PyH*J*;F2ym2fgb2Za1*;sFD*!-Q^%ViO#jvm8*nkSC zn<`Lu%(@dAM?2)pd4740idTIb`9e_pGT4RXR8h~H^`d4p>^VI$S+Xby$xstDb`D?uQ!uKoyQU@M%&<{7PU;lw^+qO2v zBcNPCY`OO-E`RVTez50m9Cz%YoP6w29I)3OjBRVCxu(`Sdl}7gl%anGIwUB0oVEX< z?0fwresIIzx$##wF}Qqv)r<;~$s|V|ee}?pRjY4WxoTx%%;>S3SFTvG(~|J!n{U4S zsH2X0Y0jKEw|(+spIQiP2SyMoC0>DeofbwU`4=h5TgSq`88? zph_i?X^Wv-xsF4^_4xKp_wdWBu7SP*>+==r@#7}WUcY|rZ~5O?bwKg`7hY8UlE)J#{+ukAr;sYZAS2utzHed}9Sap|QM z+vHRtNwHiakx0CA)tc2e=W{uQC#6m&A(^CR`Xr`I8^@(@KaQ!R+c@)z>sY^izzAY$ zjt(2(+I z%Ov>D?T^vc-ol4Zm_>KChdGN@vAM6niTmuvgdY+JCdA5SLm5>|57=_d{Kloo|0Ny?1pVLIT=zl z6Y;|mgQaf9WE_5S!hw8X->Lj|!7?tqV-EX|XySqyQ`x_x6-}O={2)>|)^JFpr9x;I zDU@MoX`7shYFeM#NkeUCEu899SXS9)i^_<>zTZ?b!Ho|sh?~7k);-pE%&70pk3hd7RA1~_3 zr=E;|zj^cK2QRwdJ&!*>f9`$z?Yqx;Teo&a%IX>=M0r~e%b$Ibd+vRhdmea%2VR)R zyp0>^EfjGx9;rlvhGZQHH%-z_kaQgslBQHWCmpaKGmo6X=3;?$i`E*?bp$~W(6x1I zkZ=>%3=9rjal-M(FIc>I@lLHBOQq5;dwP04o=hg)VzD?I_y{lp*MW{!CXY{Z-~@+q z80{(t6^1x6MPuu91Om@X;s}WpW{*iBEGtP_>0(JT>GH$79_B|^Tm$R3VhuFZ{xc7d z=f3T%Q=WL@iJt#~>Ypo5{#=4L*K*0*kL8Bh3%G0cJUZH%dD{WIQ}P3n35Orw{R~~* zgS_YX{TSO^PpDLE%A&OaL;5Nt<<;Z4wFpt9EuCOYeGQYE>Y3PBM^h?+@FahJViC{I zT~6!RHul(U96$Km9R76w^IUw=EcO`RLcUa>>}Nsb>B?^7lfSu{OpU{5PdkLoeL22- z-F>7}39h>EBdM;o8m6H;4e;(%2mQ`kG&V=@TFOBrnW;KEAh)Jo@OcU;i&xAzx&V8N2^x?V5G7 z03kdN_MF65KXy8&&DxV}Ax~Ypo!V5B2}Y5vxu~?biD_p`pN4B{Bd2fB;EEK~%GQ`g&_C&rt|UK0{l(*|=y0 z^B#JJd+)rT>umJrQ9FG!PrbAp z)n~eb<#IVOFgS498Q=nnoiM_N>Jl@wAa z?cBF!Ge3HE5gUdIY|iJb)UJB%Q*`IU!}tJ`j)NY^A-49K1H5wDRSw5tj3_I*)43f= zWdN?f?oW5!an~KOL|r~#q`j^2RV`)s{hidB+nZYtwxC^h0qS2c?a`R($*l11)K+89`He zG&RW<1cG9iCsYBhqp9;!jI2%a*V!+!d2JFY?yo#TH@?3Tw*~X9l`7Dn;w}j8W>u65eX9`)rWEnmZ&lPOR7Wu+` z&r^uHCql&C6k&r7ksWx!$5l|H6s|JGUCA%eH!xrfvr0aIxZvII{q_9$^B$-U{{L^T z<4!u6wX0Xr+ui?1tyKmPjA-H5w;#=w7oJKkS3*lcb7nM-@P^ILtDW=SaAT@Up)qQ+ z3ycVmgG<`2CFwPww4gSjIc8i3$4?r`<7>P4?vwLbKUCn5u^rSVprka8l4z-|BVULV zu64Q=RY84c(!bT!e>KQZR5}-0$B#Sie7PQdxgsC^`QI7H7ja$3IzAGA|C>nww2)K@ z92kYk#u{j>CFN_<+G2D=h0>a`QWQ!hbg^K}q-+wjdGn^rKk&heyB92&ziR~WpIHC6 z>(2Q1yY0Dm|BtW!{sLeGz=}I8a+heNzM4aq((Wv^Uh@j&3C=6cC-g){F;l^@^1`kx1wZFT8NCrArsB z1@d)u4Gawp@V@uGk3an351$c2d|GQQ2L=WziabFG`2yPqeX_*>tu$qfrAiel%2K&H8P;uyGrw?^Q=B2xApUEd^RCq>_Z8k9H(U*-RqYOs?3Alw0`i ziHGpj$LI3r`OCqJtb+w_N)gy{rj=CCH)Lf|9b?$yh!_y4g%zw(Dn5Ah4yWF;^PYV_ zumE86=&?+iFn*tP>(~Fv_xlYDDVgBJkG+FmUh-Z}yzF`&UAl&YcN@!RPdkJsUS7wH ziS7LK{iiXZqlJ7aq{f3kKRKWN!7PW&nnp)ml3dw3Vp`f$1gcFq8EO*shIS?$>NBIM zO^+a7?q#slM-XP|%lWL@)P?U#n$ij0x!XkEHgz0dYOdvrzrCG@7O&^PNuyY}zLQ7h zt|Xf;^8JsU!_m_w@WPr-{xN$lyX`)j4;?*|fqWUET!aomICzfa+W9N#EtQOPrk(w3 z5t@VF>dq5tD2Et0OojR>r66DSp>Gfda{$_L9P#_#|L$`aU;GiSz4n^_PxkF258TfQ zr<{8GoQEH73l-oxI8(>)jSEgBU-Svkq-2_eo3<@<9aqo8b@kuixVy@mA;QLJt#E8! z8lZ55q%kvsRHB~#d?(}T1lON^1b402z&9U%fk)SF;_@T+=eS9u5Uz&MxN#yplvV$W zD)*?0H{<-uD4?Rk`P!p-Gv2V*>o{no`OeJ`vZ-%?w3m#N=>Xr5Ne}~U^@d+Ku|?BXDDYz%s@v+2OaGl;t$td`<6LB-M7+V|KqE_AOHUBv(My? zJML-)c>B5MTyn=XZ7^A-*dzVdW6YSr`BqV31Am>-EOxwn36& zRRa=EPk^rssZO_?(3*>t+;n4zJ*;<3jZ5mVA8O`62&)vI6mu^h^=u@ANnW@)Pp z36ulM1u1Yv$WsfSV8Gp%gLj)izU&)iOJTIHeW|Gc|3Co0tx59o`pta!%3qUxei6d7 zXtkSgL(h>XELpx}HUHyl^5iM*>eXv07K`X|8A@gDp0}KHW=^9R`gRXkB}rV0xG%=&BOO&_S$W192~GM!GAG7e6{l=QY;G;PH&D-sw(F&9W^&i ze?dp>U2Rp)gfXv)Kcq5W8HsJAP{_Zdx3?!k8gStGC-I#xokwHFW9HNmJoM~RK78y< z(#Zrjf9X8iMe-;VeQFbur&ev@u4fj5(wsAE8p3foZll&~!Phxfb*(o*E+N>^)z7wUoL)Oe?WDil&uP=fanP6!e)Ga2 zzVh%395k|x&m261{YErX3<5M^MOQfv_7!%3aqLu;{5b9ssGZ{i1TnQy3rON{$1^YU z@PgIUCOtdr7Y2Zcr9nnQMQ=3v$0$QZSet@TO}49~2qKAOJ82R^7zJP*B6@~mW>H;T z-4iFCbmG>9FE4z{oS*Wodhp+IhcV_k^^}vi@upk8oy!$IP{`%qzVCiBPpYe{J5xBE zHFM^yzfYbtNz~TV#IArlL7wdJ0a3&M*6!$Xxx|tsOAjs-`kp-M$V2aYboLYR_w2s= z?&t6HQ#mw5I27{Y1|LB;${)g4gZSY9x%?mxFH4e1CJC&{l{L&n2~Axh!Mg2zy#K1} z=zi!0@I&hZgAhr1K)_&qPDaY(4QkL6it-}{+&7{Ns6Sv2zVr2W(~?S%E0#HV|LLsQ(9La6FD2!< zmg(S72z{FBQY_li&DU;tfWGcQ#*Odb%$d`T02LacvBBSTR8nr5x>Sqtnb$HFpAjO2 zFhEI2d-b%}k24C43CY@xy=)yA0HG*_0bf4nP=5cJxAWdJ59Pz}IGR&Vn8joL1LTzA z_UBe`$73(@zT@{})}+xUP)ksbImkUJxozoMw&aSHJFe_~6xv|6%08^_GLC;#<`+sE z!`ia%Q_dG*Q^gsxxvlN(|8MTm4_^GC`1gOj{sunw(T`j@dd#@Hip9dQk)>|U_z|3W z)IJ1(vZD=+BNIfv3emLIoMU>YW2e`{SJ{~ZpB4Bu>Y_%S#Hc^25C@0)bQ=yHgGHZO zPx95n_vPkuj|B(bcH4t||Ctw2Xwr^jEqrywq|K@o$|y_z$PU$_U35%g~a6lxMn1R9Y2MgAyXP z7*@WI?#;%pvTD_;JAU}XANIbL&QJHP9susW&&-A2{hs$Bgb1jj!X0?ff%iT4?6ax9 z-aehxISxJekj(Twc0a4HukQ=nws%b%?CWPJn>8(W5gQ1bV_zsbMvTQxfC>U?YwOEx zt!=jlVUW^VPpH0zxpU{l5jP%*Q7Y@*blJR zxRI266??`<5~~9RpHKht2G-s8n01*l!?FwB^X?=6`j;DDbkiQ&d%FMU6M*Y}_xsy` zuM5~$ham(Z+qd-4l`k?mQ)^m+7MUCh46j`K^yjwVH6%#LS`;CL@&Ho8#(^>e#ggq! zR_mAVylN0uH$6T_;uft1s%`71ii=eNHJ6GoR6upKAqcGTibYTd+6WOg_-D^!kCCnP4i#_(9K72IrcCPK`!_vAOGAct9=r!7Kg3J8-0}QU zzVyd?$QJ`}BwsxH2oed0LcVOSm%vu?#tWgLc8pP@jBU4_7;+Q6)lh}B)@EpFY-Dp^ zKN|)HcyVKaQ)e_#2ug$q4&Hq<$L=)|jYBCY^Q#4`IPZoBSUqmQTb@u0J<*^Te{I{57E(%4oos_LFyEBh}zx_zWEF_H#do8 z%N8&F;Kd)}x@&*`f4Vm>zv2?Excu8(ckS=_#jk%k{!iEc`JeOWzA)i;*Zw}Elyc%| zBoULQjA!zQRzl?)S!S^2Op?F`X(g1QzzL@!bYXZF;@!53 z6JrqUxhpKEBcjSmfmTM-BPA0Q3z|#*@(=^rES{G@MfAa8s=pN`*Ul28=#&-0jEsb3 zCK??B4Ze>q7R}xYE5Opo{#Zr#LxT!^gVD*Gu~NcIiuSfvZ&T-Hb|nD+AFLbya>FbB z>^HyuwGa4U+~ltK)|J_(pMB<9;B^gY)~sFks(*L>`R8-fO-7%+t)rcq+FDkxT4gf! zQO$@#i0<_u z**LE_@wnrc{`D_6K5@xqm+9b`tf~I14_YD29DCz7 zXlq1E$C{h$sAv`4V^zsF2eS*^^WEo=iShMz{);p+-t!41sFXtt7n+N`+OyWVpt< zc0zRMQj8 zzg6;)#PK1&I{4_kW8cwkdEy1o{i1Ud{2 zSW5`<#UgBp6J;@e{Dhk?`rrrpKl8~?{hw^aQ%^mWd+)uMyYIWl`Qm53F!Ic^P9OK; zf|s89)W<)$!_J8sOhVv!v`^|FlW+|Y#4+QRe6gQCEy$!=@SKE^UAAthaeH0r3JA^y zcljE@e`j5QVUJeqnB(f$APTLBq!$9M2}1bbjA`uK-o|I|dxGQtd^bNl{!mVyItCR6 zMow4@>n$MBG91=b(-EsdhjtVo(L!1yHy_&G>OcJGM?VS>2Y-O`&V9Qc(b4glI1dd1j{WF)Og&;h z^oA`2dCjBC8%R2e&hC)ASI^{&?>dj9Bhb<^a}|UL>e4Chcyb=U`qfRazSBG+A;joW zqc;o``i}&51^*pZDxI#R0e%Rj659sz2q}z6ime7CuCzuYg`^bb87OQgTN<#zUa_iw z$W#{6pvqsDmRJ?4zY?f`o-Cpi3|BuDX0AvgfyfsOrPK3lq7gS^ZTr!zU;gr!R{?zF zqaQz4D1%HuNDe=Gf0`Ro_<@ncmeQeE3^;Ap6pr3^3JAFCiI@4nPyfc>o_x`O4}Hb) z`%UB0cN|Sw3vd-$86AFvaZmJQg8Fp3(Mxy@JyoGhzzLM%W5*szrmhhLJg{Is|D3yk z)|$~Y*N&s3ZW`kn_hmxMG+tWY%ZGmXPX@dD*>BJB96fUi#XzBjV-)|jrq*+LYI85Q zE?#4(m=UN?RQ1;!5L^2Z`64(HJv0cLwT%o_{iDO`F8$?|+i-J+S~kgrs8>H?)ROgeYyy+01n+ zE6t4sJ-ad1!O#gk(3*rJ_{E*ia{q#rG}YChqH6u$U6ICs1^!Vk$L}pp=HsNkdP-r8 ziAq5L19`9pUwwUj&)jgs4SzcG%roCoXQ$j1K6buNJmI98(PPG5{=hx=-3mNBZQ9ho zJ@wSn6Mp+!qqp8+orFm*y zlIvcW#Fg*Am7?go8|xbOf9~nI-7{zI zx9j2Tuttm;QTdNBgiui~2Ug0zq62ItC5fAXLL#J#bW8wL8dmi58wWID+o}K33utGs zW^M2YUHt|~7y%KYVnv$jM>{U8*@P(O!Er0E6^7=kQlvuDr#l}4LRYE6;@ z_8d>C9GH2r7AO_q3Ps9ux%^$nvB$)b)`Td4a!5@o$*0dcgzsN;B8_!vloij>LZF4U z&PI_*Hj{KSC>^{y)hq&N2}Lm|F?GZ!E{lHu&E)J3))O_oy7l-37BaXN>_z00Jp*Qs!NdVV{ zRh`he9X*t@KKGh(;Nx%WGZh_(#>U3}bI*JGrvHmQc;`Rw;FBN!)Oq!Fb@xB{VuSwa=q*}Y>a znmX=u<;nqR$K^Z69>~=v9?WeES99^*PtxZX$s`g++r+AwT6KNX>9l6k!c4P_<6p!U zAS9J^xa+xP+&brF>e3!4Wh|Yw;>{rahqYd+FQc(km3jscxnf+k z#`AroQLU4J zdf~~8Zb*|YnOUqv5~`3)!r`w=*Rgy{KO`f0TUCXvFsHU&--QSj+A+)l(KCo%-w7Sf z=yVdP9dg+r*xqZC3+V3de&WU(Z=C&~+MU?OKg2OlLJ zd=(;qGp3DWY-2qixN|lq-S7~%op%zG8#83f{wu0YRmIVlIQY%%ARNkH`OOQjMN%jm&u^n~@{hacX1%PqIO z<<8Ds3BYTtv(G)J>yd{Z4tjffT^l|U0|Nv4=38&s$B|M`nmCd16DIuh;YS|1=Ak){ zZ5rtB{{`?V&}>_}k(C>|*nQjxE;#xC_L(%A$6s8{S%>XKf3}Q}3aK5G09Px5AmAH+ zx`Qo`JP!les4x@fo_pT2GxyxT|C?7`!8gBg`L2huvp}TP@J}hwo^lLkT}O?sh!iT& zggAH=+L9CqE$Jy1=^Dx#0U%XPH`A}Isv@wIv@LxpZF^Q4+uw~{)=E_FP;i8?Xq~n& zFuidbjA?_qI)o0F>!yrzp%w@knhOBO@xU|ljOIbYGb(-|eEw}maOfW67%UcWq-A1gf$L~Gb0z-t z(i(hEA(Ufy{@O^i+BpZJYY^R+LwgS3KrUqV#2=%!YR{aNTY!d_BJ_L;GF zZox}0{>S#+kACponr~eG&Dv2TMsL0M-g_gmsQ^TxCdKIer*YQ1Pv)!>_Ge0K6QJ<} ziRaXlb{j|~YLLnRkVB*J4_eb$GnSOwfG4+b@%|}JojQu&zqFi>J@^c#Oc}#5quY@5 z(A76cCfQ6wrVXu)QB9~r99wNyq;spLP*EN%c2*LLSG50grGCmm-p<4A-o zFJF5<19_jCglqi|T(tHP+OfdfH|o)$hqX6^GS@szk+T%U-8UmLRS_|Y?oQD!L#_n5 zeDqn+x7>2eY3H1C4!7Ta`&;VlbasW0ov#y4I+1_gdDr6Rrk3NgLxbaAF+I|n-o8G) zX6@QTfKNJ7e$I8hgMz@F74 zFW}cdzZtb+L;PtRIeOGX&p-F<(dV3VF2DWNuXjC^S6LmcEg$Lb?imR{LoJMK<&)dK~wZrZ(+y!oGXcIWWlL)$5GBwrktJ%Hg8pX7b5X52ECU)}%L#lO#_{ zZeF~GyO(c{$rr-{hP2h$x-O)$ph*b~WD%RTn#8LnjY=iZ0&*KR!}_h!wHB`a=?~w1 z```cZZ&POysU)BH>g9>MZ@>NT-Cf(S>Fe){13w9msfX{)M=p6kmwx#IPM9^7jO(F; z6iKI*hV%$(lg+qJ0#s;_{Z<-R+BUw{3eQQAPBamOE(yoysBtaq)!NKs8@jk<#aem` z0plA})H)>wiUWiw5;BP+y~sz^+&O6_Y%Aj=E1slxfD2e8zSZ3q!l;(^Ww#LOGD0}< zbI@8EprO@{h>-UJ!{8{YkP$T*PMtD_`P+K<{k-KIG`gK}4YibYU;(zn`T8Lemyo3A z&^3_bOMkeRbz6JLBoamtS_`{Z93sJLU4^|dJbkf4vMnkdBb%`6NG@0@Pys?2+)3OC zC>9Z|jnG(c{#z-MT9XbVDPTp<&>(7K7xWAO=n3P-$^L@`RjmFNq z-hTcg^In|y36PFJ!^mb+^;t>LO6S=p@cqh`EBiE07|Y2=9)MOMD%6xhzv3rtN&Q~J zV{=z8AHM1uaxW}G24U2!zB@ZKbS9vdEnB+lfxO15uc`Y;-$1`j0BUHPHh~YFav+Z5 zTJ3K0sC1+t8*O`GRLit51h=_cd$?=m2IIFb%uE`gDzm{?v=J-Gfv~e_oh`ufjTIDe zlq6JrzlaW?&g~`v04SEAwFyyE2OBm+-w?yhsrQ=(Cmlq`aWnbk$w%;sgLdcbyN%XJ!DW>O?v$GVyc!cfPp z{-)Z|q(qIuM8twcHVu+hv@>ZaX(G~TH#|K{3slsklAOBVKFpjtiP}sC?Lu39hA*9a zBo`jHpY7UM;EOQToFfI@g#urnJ)c|N zphvdi7mMf(TcQqt9y@ll^QS-j=~M6j&mwiVxpu#Nug?==Oq+4tKM8dfIH>N#1 z%1^)2G(Zy?;+u3B%x@!K9zfz)GMtPj_}XG*OhRor`&PA22tio|WSj)YO&G!at$qCJ zg+-h=c`T!AQ}{vjxsjH-sABqau^jTv8y;Zcx^1L9*Wx+MYlhJ!TgqU>eArn6psGKY zXe0GYMd4B?WBrYeTvZH%NEGtukuA{B0D+HCkkaPM1xkei{n;!mUvECMAkH}B^vf15 zeEIRW;@P=t1n?T`z*z@z?H{k%IC=6!RfkR+w#6TiBN-lrBpp^O63=^D;B8uzAEX=cp|A;XGYs*nh&Slr!*ADW6)DCc#l zt_f{|qXvW{jbKwbG(sX#@*zb<93|2LkiuXEq8BRpuxT5*x!zdTMn{>OL?1U34w=q7 z_L{`k58Z>tM4Ce2$9AbL=^CcC)gu*Ly!RAB4QmJbS-7pAhc|5HuI1~w`T6B|nG^?& zZRXU8V>xVGJ7XF$=0_KOLg~;ou!erOo4Q03sdOElmx3U)Aaer}R2I`Hg^W7_T33AB zwFci;NU1qv-vc;xzrEQ&21rD?4_}0 z6g7!P+bJ<(16r6)S7fg%;;~M37r?Zsib0OSVwctUe}V&=9y={ z}$W<;(ow`&Z)^io`%W&!xGkj@o3JzA#tS?lzUYMuT)Lok+x@a)E{w+XrG# zc`fwt1L)Np)r1XVgy>K}!Zo~fWs`zPctuokmvz+A-r+?zZ-H^6VaO%`HMMZ!{v>Da z&LQmGvlBjTyoDJ;(*E&^7q=pcS z$fn}rrnN#yVG;y9azQ^^2iFm(g1OI1g4DPgLdt-PmOiy^lBYYj@z)nu8=Qc$9T+8I zxmb;WO+D5_LB}&)9jK~=$^OlTE~Mk4@&y2$Oee%uSAFlVpa1-4`SFi``lj~UcfR*s zKK7B1?U6_(9#a}G9wfKcalpGz=0~4;2jg2B8OZhHx*1w)#*;}k5~>gffmSkZv%hXB zUu}5)A_Of15?-1y4ZG1-+|EF*lgSM!?l|{&Zg^=GpMKz3PMJD}_wKbDNw-9Ib~QP# znZ|SnuA8=1xCedGB3M^6~qg<_~8cMvapp2+K&};7Wn(N`Cv#=ehl<#blBR3^K)5_^&(a zS4IMkj)Z%J0UIh}v#av{K=f5On5c`@pH@|3A7RFB}JU8_z`-pTmzob_N5vJW?2xyA;A8{)Hy+H3bpkhh`!ul_nd8 zoO;uPY|j-DQrecGif5@i2LY5em;v~b})s(Q{KP^yp%qkqS-!g8(T%J;F9?Y?% zdypqLZe`{6AvPBBw5QX|8rj03V_MjEWGn6I1bz@wRtn)HNP4x@IQ6958l;=BYII@T z*{HN$H7*V%U1Hnd3d%tqMR%F;5_$4%o+GL8lq@X5c9HsJs zarVQiTnS|=Hb)4GWyM#nxrLQ?KW17=pxfKp#gRuGarn!NUhWg6G1_=`dpo zUpjt2KDpm+6ns;?ML#C$E*RBYX>|>-EoNdz$*8ql4i$c=2sP9vJtj5RbIiCAoIHIL zr%oEp$V`S6eSO@xbR9Rnyq1@H`e?05Gpa5_ohQhba}1OR$d~&mm5l+4bkjJ}H3xKL za3myw^4U7HnsS(bg;%?kVM0m;3et|?x`nIx=aNozqRNt0%ZPXl`7&aCpY7O~gF9}c z_h(`AwwUS{U5isH$6=|iuI}`no}TS*W`B*FFkbZb_OWs8nzf};d3==mi9IIrkpR`v;N5f=1nXs;S7KLw>AZ0`aeFHpwlSo#Kj$Cbmqm&*s$p(^MJ-Ol# z8876d$zz$?P{S|gE#vVG+c;+Y2x`3)gQWoqK|dkXHJY3f`36qtg*3zkT%i?=cNi=qb0f=mY6~bZyG(u}!1fJs%YDK72{rJ()(r7@X3Q|gw)(XE=Cc9}XYSl(S>tr$|wr$z+jf>uY(boC%=f5S-&s`&c z*SYrCd#~+UIxJrFvH-z`Idi%1#Ra_ku%mIXn@UNFeu*&f(ZWLtO<*R?C>`QRjT5>! z35UNwHJ2yudj|SV`%*|Ddi#3M`s+=9UAF6Pzy9^&i}PBFW#68#k`WWevftE+jHyep zN7Hyht>`P{*;?>f)thC}wq9;p_#A_Q;%&Q);iCua&YmreJhOQ#lmkR6Wh6`0s|5L- zwjJ$^QDdlSjx-g5h&%;J+z*3 zP{JW;s&yHdcE8XTL9WsETGtO2xpmQcLNCBk4xuneO<`$Ys1SF{097u()1E26PZ2!m!f(vzsel zDiUt%i#6LPO`4QD{P2T|*Is+=TlW0i)d6^&Yw@DRJ-KYIM=5Ui}9Ko_^W1pAd{6H-7myzxjtFqSgNKL8KNbPhr8)kzBe>}JeMrd!o-}f#P3bff8)`UsR12p~9mD(fp30QQ z2JTqCmfydyoQ}F0?pd{g&TP&A`J(x}P*tR9@ybIms!jxeMOnKNx_S*ycumE-hc#dg@Jtr}G?}_~Iq(ez1L}lI@8K5955~frvO5?*gE|j9mvr2(Y zRwW_UvRDD-&?n`!Qj=(8d}E4JCXVEt`%GYZLmdmZ^>f>j^~~=Ypd19$cpf#LhbIMv zAWN>$PuA~4DWAbY4>^Cp>e1_pvzrA`iD(QUG)dv|%lXTgvvxB`4{gU4=AIhbnb(&` z_vNj8ETA+MQk#N}TcK|dkfN=vc>qC|@B59>?Ho0F%@?NhgwgarO&@p<>?=t$5PK*Clf09!h=z$4%l% z7bzTslnmszFjVS7NNGDMBDV3Z7-NXxV7yorP{&S%v8A<@aum@X5E5U7%xG@{Df!+* zFYx#iOYnVdM3AD9gx1CkD7Nw5c?TdiBveQ`(DZlr5iVP0*aAYZeS6R4^XJdMw|23>Ln-@ zqph9woXm$l^O-NK`@jb-+I6E}=lZ~f7mXM*X7t(7X_RPf=CE12p|pe2AxdjP4dpN- z9|ZIjOY{{=1X^?E)KT1i-f^5iVyjtR@I>Y#bGTN#<`CFIFT^DHAlk2 z6$UZvM4AAqGFuHRVm|<+5-@cF&d3(tbI4wdZ%9{L0@!(~j+2Sl*WLaaQLs#V7W=ER zVc1F_Yg2_A5hQbfYOQdzLvu|BEt%0YW~Pu#j-$mJ#nBTd@tvb)@vD;$a;F2Hj@iXy$aE#&>d9n5H|U1p+S5t4Bo=5OoaFAGER0xK2LA4 zNQ0X~;!rGS=^9u`*U&}^ewLwP7ej@umhW#8O(R-mrFT`->eo>N-XPK&&c;y$iMcU z%9#JJ9Rb@0%-;pdex@S|tillvB|o6t-HXVTKtN3wmQQwHvEb6 zhjAkjEwxPAb3EtoHkOhKk!tv1SNW20)n%+yl@)l20)A+}w9OZ6_dr=e6)kL#au6CC zYDVFR6k3P4LXz}q$z(=QpP4{yW+H9%93R+wB4)vSnA5%EdJxL`_|7*Sp^H-i2>uPd)bdY<@r@~dcH#kyZK~z%w>`$oJ-yT?lkp|x{T{l8*3p;iv{Nr>X7H#AgGHNt zg|%xoVME59ol3~3qO55va4n)&4b8Jpxcud@`TYDJ&r;`lxNgMNf8+PXB(wSz-)g)E zG)>7g35dn3!dT+l02^fxnx9)P!InPT$TLYngzt^UFu80F-Q9~W`+%gF&o7<*=BVB&9vR8vwG#qeYM$Rnjqw_x7^K|?)4-RDSYMIOxYaljuy5{t8k>GR4Q`C z4R^uH^;YX&kVquNGtWGoIr`{h+1$B)*NuJyYkP0Em(Ar&mgTzaeaPO7ZLULw5re-1 zQj*Fs^Yc)mkvO3yM4}bs^T7_out*5!^_6MEsuitKN!LUG*EJupLIJUG4TQ?<2{1t} z2xC(+YSJ*O2|c=%&mA;_hE$RusBpEb;~%!Ov|~5fXyaJ!ymIW9jH{#A#0AHi$4F2i z3Acv2REwcQ3M0!aH3&i^63iM1^IZ&i#ph#FvmDE+QBZNU|7vthy zfA_oJdqfDKrca+f1e)HS-j{yy)1N;1u}^*aH6P)jhaT>odg|#NhaYytde?FF0}tJQ zkU;I>mxCrt-xGCX+xg7L&t+6=+VJ_6scNMo7|L&F+rV0s6bS89(M|0$(z433_dnxg zr>m@Rl~R^|=ODFX6ze1eB2QThlEUGehtJ?+2kpVxx6Nku+HKT$uAwI)QM!y0f$dHh z`kvW$VccOdiE3z0zED@3Er~{9kt!x=B~UoAb+gt2rCn-LlKY-p#_#TW9wh@ivX@mU z#2dT`(Y}skh3#ia3Qc1sO|nYoK<=;$L7{>GJPF%+pj@o{U8t*6E(N|Slh0-=j2*2R zKWRc<2odZ`0RD&8@}&l!H)+zOm!ln6nzxD{-El98h@KLmy=?2%n576@*Wqu^z0Au` zz64$UQSr~a-}An&0X+8Dqq}bK>s(*^>X!kSK7F@mqCvPA-OAZV>_x(H<2h_x^=d2? zQzJ!SI+~8c5dob;d7jv^4IvZ5+K^hj{=@neMP16XDuYhkO3>ZCh}E5hhTM!Ul^|4= zu0dNfw6!p6pQ)TSaTM87+2EOkLO3RvXrW?x;;0K=d5;1WTD(AHDO?R*&{Z+ip50mm zNFiyh8;j$3XrV1l&Ak7px>5)NX*vo?nWnX79AldHprdXY38$5oWG(x&w=li6(bBI} z)ySe^p{i6!MhKqV(9IuST82niE&sUXYs7(MDWG9{-aZ3%VsUH1UfDuCMrm$p0AT9W zsbbl(W&66W$Ki(`xe4GmzxesE$1`Tk7ywQ^_0(oBkvyQkzrTF%y?1YY@~J1r1!178 zyE)W&(9y*47oWj#`%R)0C|sc}OGJZm(fAA&wy|wsIi;XzN9QK!D_bj6Y?c2L%xfLD z+~Y9=kE0xXNSN2fS!p_~zm$E91 zXhFhpd9t$$zZ_albXA0mBj)QlgQ}vemWYIB_JCs(01F7!E7v1Bd%+Wi`e^~6I4*i@ zJB)1Rll$$4Qod=OMwF`R_PwnpvHu;lL8F6vcvm3$J0mk&ZLDLAjvSin$C37GE7i47 zR(MAtaIIO3@fR{iN{UeX2rWo?b+puurM-SSuG@egnpv@`YR~E_u^=e~*&yKObC=@# z678s0c&-ZtjXg!&a$qWIb_o8lJ%gwSCV`qUV}=8;a^*@5Fm3nUfBDs~d}Y`nz1#Gu z0BqW{iLqnHUh~*vkNr&wo?o(LQFQxOb99YNBOmhL8y!XaNCV$0A<26LT+gb3kP+T>NqnBK{JTfdhTCFTnioA0BRF$ zAuU)?Vn}xe=i*3>a2&3^?*)E#`_o9F@LUJ9z(M|NR)pC3JsNfk<78D(n@W;!BuX2U zLX=`FT{WoC0!k$_N*l;W=4-b4SCs_7;v4*dEMjZ7899L(J!&+c`uHaw{qRRW{FXmU zchLaf;QI2Hzs$^;GkXs^;_&iQPdu3b7<_IK*FF3gm%Q_IgcNq8MDsC;bTo4ot>J|y zUqTM$P@t3Plt^bXH`CLjue(;2^7Q5&e62vZRaR*`1pZemP$Da^NaaUpLtk^GY5zN7_)BPwUbq};Q;4!( z0US1DpuL`br;XvjQ7vSB-_oc;8}Ko5!eIU^LS>7JDUYa9EQ=*fb;RQ~Xl!lU^9n_% zH0^a`sZX|`l{MyxX7IMH5$Osa5Y}BL*C2EJtlwIShD5_h{5%N8Hzym{3^H{dGw@<8oG{5@Q z&pvvaz=~xn*=PT~uUxWd@dce*IwyxgSoL%@G}dz18HaM(X-BZ< z)G;*Fr6?niQqz=_bfh~N^ou;RaT9YkY~_g29qiH8K;94VwL;<$>M}jKt>nu6wAM`| z<<=60=6S}?Dl)Q(@gvG43va4^v-5f3fC!MKHynBH8=uTMFM z_ucaZ14YGE$L!5OzJwBrP`gNr5sCc+c1!}|y=Rk31VTx)2u!A^ZCl^*aHZxaw>`tX z&o3kC$zl6c*?aI>sgKaQ$_ct+&n1OMso~6knpA?6=f-N05%Cfo$*^f0B&Y&T5E6P4 zv8kdVVdl2P{C}iG2YGZ~A7X27eAD;ZYp(-0cW&l)zx~~=1mJ&dU48Y{ocFGGa_h~v z?B__iI8;iLD~j81yN~ysa0m?v7hizX0YXTW(jhK{zB1e_#5r@NE9co>8-RXRuQl_Ut-CY?FdH>J1Ae#seQHJ zFXBuiE=ddsN*V?LSi9h8B!oF^URZ3cY@?oZ2eh{Gwi#1Vl#OddXe?|M!c=IHrn{5~ zCD2l{qa&)hj3}VkYqNU#(LowXpElKW(2#CNh01{NB7oXXRNo>YD{?V98qptJu~Jo9Bk@r9BwdFMgJpj7{1Vfw))Ji1jxUUDveb%(zLFW$sLFUn+3ON9 zv>rsL(R~B4AkuAr`^P$fPrh)KgCIP5)-nFLaTEB(FMh`7KmXapKmKt?b1I$Q^3wc; zfTLrIn$W`OXy&AMpU8(VJehqbbP)PJML#ej6%>w;)TKw#kRHKEr5RDz%F6C_+`W1W zkF43u8M}{TY^H`{Xml5}3@HT#I(wJXR6Byk^hi^QDrMN0HW3vv0`a9V>W6Qv4IUW= znePjb!lSRSm3%&DgMWyKj(DMs{IyaPghNZp+bp<_UHj>IA0$A5pCJDyoiG9fKvp%U0tEYu@jd)g7D z@YS-s+U(n?%alx~NhdvY7$RP!br&VS6w8D{L#d4J9UT5o1Iu`@iLf5X8;fZ}*VVPP zwc>#XADH*8Z+(kPFTHfv2;hHl-FovaoPYj#`LW~2ZH_**>z-T0qw^QzNC$yME-OWS zO_F=(FJbQE3m{vHlFVT2xCzezTzTb{yKd;~T&JCO3IKcWv(L){X=oOX;QVusqa~9e z^h30;CO@!4@Yiw0tx&kQEbi%N!%*G?X!-Agvm#!y0#715$M^!o=tq5l zDd=eAz&*!v+QgBF&_yc4(^pzp$s5MOdwr+^hw*Nt? zfQ;Knb9$`F4@`A!$gDWv>x?@tK)3IABaW*T1-uU%a%O)dPcgjv^^Nq!uWl>CJ6q zQ~y#*LCyjKEAw(~6C17Hc<>(|$38l505PQ*ChX%YP#pR!VvLd6ZI zAHj>=+xhdtHDo;7VY11dmX%;g)ksH(>HrRbaIBt$1NeAJLAFrjTYr6=TOVIaCXv92 z`~m(0pE9&*uBnLopGlHTr*@bN?ChH*It;+~4L+x50EUKZLs89I8YD-$m>^6Zj zkKTuTF|gH8_zFyMb&K2}oHfExJiDofVmUAYN$Y>(L}K{pKsspGsm$w9!>&iP)kA9w zI`SQFt!G4gBgIftpMXpzMWGZ>RvKRmq}4zd@f=hV3#^DLT>)KrzY>8`QJ^u56Qu*v zZY?bh6OcG2C{$9Ho#y}+Z65L1l@6_?t)_cu4aM>xQaTn_Q5m)#C}=()70_rz4eB5zUD7&kI|&^S5Q|afHixyN_k>jz$JbKB1EMewJ+m ztEfx1P+!wV!l^}tWiz4H;!OpAT~(1wprnfQWH-h4OzWthUFBDyT@b!??b8Hdh$|)E zJ9ZYIe`p@*gy5nXQ|K<1ETbSq2^n9Vs#pk`BwGk0mLna6Htv+^RFbt@`uM>ub9i}u zHw~GT9gS(5@VxmX=auHg0zc!CNF@#3_FufX(i&ANS^+Exo4Vr9eT)#0fC`P*M6rnO z?2a%3x~8U9ELpPn;-{Z}`oG4bWtS4*zp)1T`yUI#@LZq+t=Z7m&+#W7!l>p(l+x6v zQrtIx8Na#VE?BcMQU?+5|G)>&n>Y7`rB_^W1&=-U*sdG-2G&c97N1!z7T>0|f&3o# z?h|?E$%hzo9oy<8nq5a~eUWW#RfsDG0pELO5q-s?Y1i+x{r!51e*MbRNeV zXk}6Qs!E%k7zI7N^QkM002C>wmX7Ahcp?cxp@c>ViHxX;J9+;i;&zFOr-c^KJG7ph z-;ETm6}{3i;8kF{>{>zEkvy}xm+w5bkdmX3+NnTfg{jJfQjFYQ#0dk#)z%p4-%t~3 zO{l6I8kHTZEM5&c0|MN-ZOaG3Fx>L|?;fS8xs75W&z^hkx$T)}pFPv}{pMKDIg^Hc zcjx0@zJTw3;tZyYX+wt!Uj?8{5~GwN?bb80VG5aKqfMTS_^@%7Gju!S=PaN) z8IchjFv5K9zyI7amURzu=%`lGu18rIdT=q!k}vfkw9#2Gx72_w-;hgSC8Sy49c<67 zr4$ybTDnyZjdo1nAkhSNPekZ=L9OR<^tg7u`q)c!q*KgjZK4?ZR=u=JzF3Hu@+t&4 zDnv;Kp+gj!nq-0{8@6-BpC4x3wgJ+fG1ZbPL`lzRq*U!OZGSIbB?;0o#kTVEwf&51 zCCO)8R3?R|!IJ`Mjk1IV^G01ir44g2^nHqjoKfrSAA;rUhXsFA5<4)m4aT;^)^1p^ z3Wl-(qOq~z?n^Jd^mh+D@Id*$;-`LBVo<4+|h+WX$5F4rL)QI)n zbR{3qo&%n=ZBhvhHL(9QnA}cg^hl1`Ya*Z9cPdjGYsiNoJ;f4R2a2p1$g-rnm!CYp z2nU$a-pm1`+t{nQf%=ru|5s&=BMjwKRSV7thB@;|GdOb3vE+&&Wk0YpY?r_-BbA^b(@I<2B$SkB6?Hq5 zF{Tlr!7jK89RN}jBFK2PB|Epb3n<0W`z z=|--&aSr*SPdZ_=5+vr{8BKvVSNTVutC-lMAz$N>txJ*dE!Z>+5&uF?pj$L%;vav1kma3SG}UByY0X9!E?r|>-|Xjh=FFLo09^h3@9w&JZ(!a3 zz};-!(tFynm8;^0`}7kJ;;4Og!`C_%Cyg4G!cyn7ig@!DaD^i6IQ(P9x=0Yu1~By| z+mjIwU&b}J%`z&IwWFHh$bAs|?Z*Cx?#a*3ID+3CwLjzPGYpgh0-z<8Vc(IBynD|{ zeD|pR`RiFn@RQ>YWY(xwHudMZb@^IuS+<#H*LSf#J4nCpqqN484pNF(emDOAD98$p z<49T?Cz6mELggcHtecuN)JO~Jiz$P)+SaIHC$SKcTzQcG>?T`@8KuG4 zl2Y);g=<)_aXSdt%#`@sZnA6|4eGKL&Ky3o&fa#q4{*$=zviESrjPc}(fenH-;Sd3d(4#ps zj@G(K<_?BoOo!A$;AnxXJX~eKaY)PX(Z;4$3Qb4t1Tx7XnYWV9 z%zlBz-2=F;gDYHw@W}c7Z0lV{Z*CJoY*HgFwj-izvxPR2w)r;y59$R|QTe_iSv=rQg*YkzXeDZ6Ba8u7h_RK9k?x|2R)R{2Y4y764sW zTPKz+UpDKMQ%)(aTD5A|4Sbzz)~s2gv$GQfPiC`2=G^LN>(NJC{)CigcZ#(Mm>>)geKvo$#~6_ zv|vmPoHThPIbZX$=a;dvcYv9r+GtKX6ho6>75zc-<$eMckZ{sS$3<#MXr+{mdmr)I#3EvYm!>yX``+wbOnnN<@HEGUv7|~?3=y#@~X%~Le$kY{C@G`Mej)@ zQr|3>OQv%;VU%G5EL~^x0zl8$YmffF-gNWl&OiTr7A;!zUvswZ>Hz#3>$~4IRs8g6 z(@$|->%10*+^Oh73=Ve5opM<2j?3u{LPsh z8pM9&Mi$Yda6PC^z&=wLci?pXdcm>0fA5LZC_ym{aWqDXRj62|G&-D>)~HYsgdrtA zq*M+NLQ$V~m{?!OeyzZJ#6k> z%+{f`l!IPe;ed2e(gM4{wBLn95r9<$jAY=okQ7ypt$i!dDzFHD8Jn+2Ef7i&N`p49 zO}K0r$nk}TUNST?X`BaR8knUm)aOEKi&eS?uU4hlHnT=U-beHp0AMneV%qMz)d0Az z>_*BIafN3og(}uvKnq;QK?$GjgXve@j9-!@t>?*(+NHO_GFi0;lhR2FI>2AXxCkPgL6PrX|)+-yM{@l_~ylD zpnW6g6KO9=A#Dp(*qNa{z$3t%l=PGX?q0pw98^+Ru^o&!kdklYqR^3fP^e;RxtWt& zTi}t+oP5+wesuZ)q(qXO?;~7`ND{(SIF{QUYPCaZUg=IKtHLL2(25TGw3MV$nh}{M ziYg%Q`*at}Z0arHx*qLy2{NurO1LN;kj-x;U)+u>)6`{}sqva|Ws->0r*s)9TpJjy zbh7jaRf(>FRR|fxI`Jy9Keqo;N`a%n6Ow$W_}s%Uku45_o3w|y6I<6J1)i^H9|};? z^1xp$0~5mNy4Xl2dj?VYoDCdm`LZQTuWoK_S>4yu*Az+BiOFNw^OVE*M5c%9 z&OVIa&Rxxg|9par_MOD1W=^yN2^Ep4aPYos>SLDEf|1QXMS&y{=W z9o$5qEO=FkIJiq`#yYWvKcKX-dIJ$WU`N$IbJeaks(F$Gp45Enh#9=|&ZpS7qk+kd z4U_^!r~_QB@e&>{ukYhKe|?Zmy#;E$1R=h8{qW6&l#0q<#PyHR2O3SJyv;5O}Ujp=yMt*KCQilRall z>lM|iV!IN6T`O9@yY_c{?JHm1?}tDBapeyuj^v?d7eap)d>;^^p}tnn*mKYPlTSah z>!!WIHKJqWTmcD%;ecQGp|jX~@<@iVMLXZqNU39klwlQ*ML=sHiR76rJ*?k0012nk zDy*(J-bf3;_R1s0JkxSD+V9Csf)BjySU!LF9w;F12PUXkK$aF*(Gp>2v7#bJOcggD zgWo2urRi!&GKyB-a0JStWHI$Az;>fG>*}|l#4==}$f=xCfuU!j(P zVke(DU<$KFH*(42FY^4R?R@>veb|3=69Jk)30zXBFkm3q&OoV$q)3r)Gav+hP@o(Z z49i3q5T&qsBSI=8^s{4WYz@goRgkSDG!>r=qu?kA@lj>Tq^3r`c);#_W%hh-IQ7+-fG)g#@TcCL}9J!dLTLoX$*7BiLEVF%Z02TNk9Yn$; z`0*G@RKJGJ$*r_UzFekIE*W*so*_Fr0u6pgd;2{?h!TM3Rg@TY=k|zZs%z`&#NwBi zw(POj?qbQJrTV|^Y~3{i_&3&--?|EbTW-7cF5kDzkfu8H*byef?$0Aav#E=v@{>L3 z5Q5sgA`xnoH1qY>46#BO#JUhrF2lBXD=>c4xakWQFM4;WR50Q&?ah4o$`5kMdrrX9 zf^5+TD}*d6!mu>gj-{o3qG_>fRpGQ#oqWkRbvzD(ktk{RT}VT^owl0E^!cz)TRk_O zaX1HzY~zD>J;hI+U51p9aLq`_%)A|h(v(zzp;8~&VlSmIPpq9QlzC@5wD1ZU>+cIu zVGu-0d%F5diI^H1fiblRQPPe&q@br*;N0EEGpV7TYZk1cIg=q@_W8*_p5<3}&!-p! zWLyyuERmQd*qaOg!xMq%S1ASAT#lZ>K~zwLMQgxU=!Ex5_06gdOf&)jK{lT=oPGqX z-wc5vnl?8yxyx28|7rAnVfAaR>5N}4nMz)@-+>3n|Hk0ID*^a7*JYP}1Aw(_){G$v zDN`mygCxl2;t!;QGa!U0U;M!j?YePqY+VfEWDR5*Yx(Mz-ouE-dT=1+IHX*cS}#Fu zGC@ruK|)F#p+I{kNGapU<^Wr>Ip%HL7E9G&4?(RWcehv3{H-=SuU7Pn19w#yAqe>S zi3jt}J;xJ-K`f2y6UG5e3uD8IuF^8sSV>-D+LHieY`!8aSjwWB9UZqwRjgoR!?QMB z5#RU8cr~=vj9^?tJCj=)*r&aY5w#xug&gy@Y-f2_j_tWJS_YKDL3*-l>FilV_rMzZ za+~STb(&F!*2Yd5ZDdq!>t9GksG-)AtQ#8OtFz}BUcIC$L9^0rIJg01ioWG(i=863 zcf9|h1mQ^N9)iJqoG!e)bV;JWudfc!NXd79^I1N0`hjTe8)G8-{SFpfh^DoE0uAYr zKww4^NF%jONaV0rLEgWK0A@b@Xc@-*dyVP*WD*TDr8+2tkn|*%96p1qPoBl^=B?zS zJD(xvD-u#vfR)mi>PTrLtPru)u-2L|x_?!jBWbH(U6oA692rY_(K-_IF{V&LX(SGk z&^lO}IsA|x@QGQw@l0ngcfY)v&tLNp_bph3kRd`kR&g^ld4$nF{nzF`uiZ~Gb9*cC z+uPSq?_icdD0pr;^bHsv4Lhc)_E%Iw3>zjm3JQLaY%z~?UFaS}Y>V~$#bsaonhS90 zH!cAnj|PBX*xQed*HW%Qa}B zo9dyt2BEY8?&J%xcgEQ9(X?j6O5{_q0UieETA-DDDhmyyv{yW4Hm(zs#7A({8!T>k1SAk z9-E8_inNnoE&1LF`*QZ4qv^{PD-LkBQdg12y#*&3N%hM7QfMmI5wo>yRcGmTN=Kdo zrt=_`G;MgT4XRox3rY-Ws2N3T{UoF|NkX7P%3+?SaxY_Q3lw#Z&cQreizPPXa3CUow)3o(v!XBw1!m9K|Gka;=aPb`I&nqta=hNg00VEP-5&hfFY%%784j zCJ-7|d$iV$r#9IZUsvSRXT~^@Yu^q4KVF@S|Eik;0opZzH_}BA5mrJXR6r;ka=y>$ zQ%AGMyX*PTJx_D~-{$bslMiHabB4f|D6KH>LdAQ?+;sD+6cA`@m{f(fk2El}HIgz7 zf~Y-SVPlAhZfH9I2BfLtgwqj%(Y3WqYpCU8e|wzKc|p?i5K7s9q7cfAbrc|#fPcZo zr^*N@a+j#+WSfK~Une~Q}8Qa0uZJR2eYav7~m;LFIB}*QhK7BgNmMzm)lD>VevgI=ReD_Qxxcdy+zXW9e?vgMdrAnc(Q{}iovFdD25 zE)^HO9qmplRep3(MwkGJ(m|D2nn9x1rkZK49}AJXo&Z-0Tv<;|qLx4f1Yw@~vAV_)2;0_!YrIqPIAdL-yuF&C>FzRvzKjibX=drP;h)6gU)1^o@*2*J` zf{$Ac2_5hPL)j99n0|->rYV#KauPEQlm~3w3Y`_-cF&VEwKgzvR6Ae&_J=t5uo(>Y zWRVg=Wdf5TH19(zlIc3?YDS=yZ-t>`RSQSGrV^xhBMLS`Ae1$T5{A<+ZAZaHFjVYA zNsViNQ%us(&{6kx6)T59YXK&QhLRuo7LLM(YwzAW*Ma!~g5_NNbC* zhzxh4rx7Z8h6czMau%5D8g%daZRVS66Oc-qq&QHq-%6Ayn+}!06_R{8PcD~3BvR;A z>mXME&<*vCV(W&^F_R}xW%cTnm7-q_&swCE*%MDZan9X$-~C@3{C6b)|K>X8xZ^H< z?wM!y$mjEjL;~I1VAWcU5Q;G?5vWiVumAJ)U)y!ZUiV~581$D3{xc7lF0S~&#|iR9 zJV#g%y&~;-)VK*+(=fHAj>B~;F#!l@^jsi#J@(U2<9l-kZfvBz{AG_fOJsO_vcdL3aX zeM&$=NPhaH_iat6! zgtKZb<0p+|zXNw?+CGyRKemH06GqV9(M&1fFnh%&GM->+b1luu48YG}B8A65xsReh6c_Q4wL#Gjs84wO_>@`v z^7-X_@&3828!YmO*mwd z4dlu_CNK&~h&0T55ySrM?{%ym*PIai_NBG_`K2`o&oz#Nii&5vvY!Pdpyb;zdu7~V zzKpYBh(YRy0ThZpg;3F4pXTsA#&Y@5&Qf29MYNaBYfp-^0U@Lr5>%<$C*=8`X$x%}`M3Arl_&Z+Ph!G9^ zMJUYN-BFSFj?r0{S{l815rT5@b&1`Z8~EV~2Xg42?lI5Cao%{<@@koiG6(GyNAAPE z9WC@)+0f`viUeY!sw=J!hoQ8o3i`Z)(gebS=VctAD)Vvd+%^QIQ97WtVLX{+GbrD{ z0fbvMt_Wkv;+PYUKud>QehUM+F0|v|MglZ(yw;XuZbX3uAx#OFo0e|kyN|tS=Co+T zy^56aA_E~LlmkRyT>JtwI#3AdLZ}Euh(h9o=6$u**Ra=q<2iJ%vFtZx6eAnz2o)4{ zNU2c5FGu3<3LIhK8G=y4tkF&EJF10eHh1%z`KxJ4Bsg*M2*x(nl9CAm8Bh*}*wVe2 zmimd*B%4k1IpU7}CsINIp;hnG2ufj*!J#!|OT7jyucK-^()N)kd;`MMk}ki*yY?85 z5Ds5?U><{|GT%OCe`AoOeG6#}aHQ3nVE70?8_AJMVxWez0^%`%tY`sf0U0Uj9xCzO z`{(lDiz}&1Byog5OAoCB1cE>aB!O|xjz=c1|FblF`~U+(L-Y*}nl^s*m_=*zIUN{` zWz@9yHoiyDDC8Pz$LBSUwLXIBO z!oee3d46*@|5(0>ViRG+u%wXG9zfpjK&j5vzMv^S~TK$MP^WC zmLzugWBd4A;ZP3q^yjydEo~=M0m35swTzr96^;^yKQBVG2td0yLNHVgdHb|cq&>-( z?w?C3DD$mjXOfg2zU}D5!QOUTcEl;X8g4;X+usU}=Q@N69$d7ZKRmLKwcGn?NF|ZD zCV8-(A~15hffj^9B4ZZK4)^6Xg1=+Y{n=uXfuSsgLf%aKq^__*qKzvxVtJ>f@B!&0 z)YViV8(Q1%sOWzPA?VKz5tIYt>bGhml#K~nT|FN7~5aJcVA3#c31Qz^)SdF?PLGA}LYAptTXOkqS>{XsH>8(1BGztRM-aNrJh5VN4A(FBj0AT~9d- zaD_aKzsJVy7;krF;DY9Q6+?kQYQ-UA zTRC7<6N|ft_}j7#T(@u?AKrHo$4}^>;0N^Qw^8s1>8P1NI@wI9d}76bs6^jMqNr@( zHM4Bvf5Qznh3`E4E_ zx$}7>3;6zV`^OjzX^#{~M}$@ZGC(NTs{NVd*H9oWW5n!Al%)_hrad|bi~Q`~=XrA3 zX8cf5pN^CpLyJ3btdgcScm%7(9g9~*hzFb0#;y`V3>#0lu1nDm=pE=Mo6nny-LVdw z!-BsC*F|sI2HU$Uw>_PKni_=bqE#>~nT|9AgHSOzIAn~tI=8{Lp7?2YjOdspgb2U% zl`r#y?_d3jkG>ncx$g+Isk8SZCt-e3=R(2Z7UJhwaiFR32T5N zhgEeKU3Af|8@H2n^fAXUI51 zZEjk;+GqhNjR-@NV8jQeLDFkkvGR?Av#P4Ast_fhe(jqnO zQ4wPfup05k=qJJUp|upsgU0q26*oH+K0+Eh*hr5)oe(V8(!)0%UBEyPSSjV|YB|nK z%#j`dKBkIPJ_<>`q-d;h`O=vOaP22f;k?6kr@gTj0TfGRf|$QwZ5<;`(kG*5Z>xSJ zLP*oekX8grfmUTeQwn`T6nnPS@vWowg_f*`6=bnDp?&A{%>`(w$## zDpa8eBMhq4v9V3;42U91Ma@GCZ6)PWEa%xc@DhE4+XyV%Kr4&XkGT03_dxYCm3A)+ zs{vp~Cq+Nt;1O;7_Oye!bLAF(`uqy&Jj2F7Nwk#aGGnlxV+47u|Am8Nv;u@QNu734 zgt!tKlOB&Q-pGZ&xr_T3Za^VOI!;BmAqwZBviBowN7di~S*gP-L4U_?gp~C453+Gf zCqvn+O$@3`ij?^xT8*L|w+V|BWYtW5lb`j@1BgBt!iJ_<;}Q65{1` zao_9ELl0%;@)h&Oj2pYt;1A%dU~4j!n6rHOvOoN<1pi$Lz`wEbr2;_^#zWdz#xkPl zI1-Wuaqc*z-+$5jzjgif*YCPy``BydRPwnYB-W4J zR++j={xhzm?cBN2i4`arGEfM)Z`CHsjxf!x>Q=tk@k^W5b!1l?tMNp^*+HnNEnZ?w zV-4@vV*-wFNeM|pI7r9X!|Dj6r%X3UA`wy=k9ld2R!3O+oBeyGQ7EhRUkMVzLK}re zMk_nhHB>5%BA_POL~XJKt!0%Mi{9xd!6>YmZa{Bg69dIAq=iLD?GU=!YQjrGB?+wn zP_5_k^yckce9t`k@+D)eGRzTCR09~$%0ZL?5uk;K4x!1Dy!YVA{N*Djalw(hAsxv3 zCP-_Pxh`u%EQI+oR}-2arz;7W9V(y+Fk(L*NvD>^Ob6|C6LH0V&XlA=;oYia9UGtTJA zZKSjBWh0sF2vZOUKnem2){I4bsDMDtYpG#2zp5&T7W|MyMz(O(G5he_=a+Nq(oPx@ z9!iA9vKU1`V5xjj^61&|eu%96L>v*~Nr(P?nJe#oflu8uo4#B~ZPKff;w294uRYMm z2LH-uQ0>5U5klaHA)VW|(>2gH?0pRzYe}eLIcyO%ohf&J#lTS6q78|IGQj zYXtBnS2~%*bq#gIba$&xStSsTgH9!2D34Ownf>Ua2kg3Q!`C5)9KtitJVQgO{|_{MI6T|6ofo(EScN=gTg38J4>Y1V zHZu0MM@Rbic9tzebSUU`%3MBsF5{XTn9^L&q=p(s*QcoW5+oeMUoWbFa$v^}p&Di# zToDJdcmOHly1%;Uij`k?@}9NUcp^nx{a8zsM7|i@FHeaxZ<^jb@)Ji54L) z3MULfB+!I7cI=UH1-CEnQ3wKr=h-fa-0{UL9e^OR5_G^1ICAP3K6U6c_8Zqo zITQ@!{n&WL=nRNgpe!O!2Mw`Kzt#bslfacpJU30kO_OkH@SHS`;~|9uNNSU9WD8yN zmbMax1sv^=_caMA_~9}8@XWM+e*XLt9$d49kIbCRi4)r?1wCx)FVI#uo>a2YCW5vb zgtEA|D*I?c21|YP=QmRJ3rOJ@bh{X?XeUL*flur>i?8D3$D<#Muot!yQAG2uJ;t$l zsK{3ydXBoJs$@x~rQae`9KN18EV<}uK9!N4FC@IM!i#GFzCl|3|Yag|qherh> z8p%>e7SaC-7^&ich8~6h5JFH6dFXF*G0@d(lINZw*s>i!C%lBHudn-JcTZ3Lkw+eR&G#~T%-DysgSq7Zmw)TZ z|Cuw`*%gM~+&b*A!#akBhCbTU(_=ou9W79ou27$(Kn&%f-6ce9^{dA+qik@CT?E3fd|)aW@*n5+w%on;W9FlqBbE&cn(4fLM>5| znUC#AL>+Wd-C&I+Uxy#8l`nH1Z<}74IPo9Iuwo;Q2^cJ=QK54JXCTk%QFTTH0I`}$A&(M1M z@|y`&fRv66f->f@$AV3EugWU0-Ye$JvVyq~LKqz-gweFMotUG>cCay9;*WEeanz(y zw5MHsWkw(ZZJ%MKT_3qL)+Z%vx97P0uIIS%*`*9*%Vb=~>I+1;7;S&1d5+S~*oDnV zD_tcS0|

s6<=9k!B<_l+DuB(_?1+k=d4gT_JYZFLCG8>H@yJ29eDV-v~($CXR-2 zBS1JdvD64H@uVOa%988qF|V^^O(gmwLKVJn#>uCAVezu1{%f5>U;N^ix%%qw^#ELP z`IS62XZHWh87y{%@;A5sbi<8xmtS_tpVzHhdlrD4G9ER3EcgKk*R-m-dSStG2$gPW zZV~(Lv)_jvnf>r}0PlO>dry7*iO23)w{|1%de;Td-hA_44*?iAZVVeXZ2GUie+M2o zi|3wuftJ>mkM{QT{s!P9S65WgynJ{SWhdualk^fS>FVR` z+vb>xUOH9&;^GzE1gqL&!wr^FBq0c>OL@F+pQ)U``#46_*Wd|(4h`2k(1LvEQ}7kV za+$6|iIqKBmh=p=dMHP>P(or zsVa(rQQ%NY(O5HrmWD}a-$zJkEeWix@i4iAN`)25fbIRO$(H(%jzERNwA-Zt(+TOK z@IgyzJ&zZ+^>fjk&yWoRke;PJDvR8iBGSs0=b*LblXRPybqc z;hT<&lGdS5TPbGe6;*yz{fiyw88N;?Q0W*{?`ZxI2wVr=e*06jB|Lt9$}EHF z0Hm-$R4HTesFWkYQQW?ulOH|2fT2>6TIr!xXc&{So77lZbhSv)j=?|bsCWXsd?T#bFuVl>&{zjY><@cR zGCQPjTDBKl*>zd+%^Nj{5%pHM4u_?OnZh z*^=en8#Wk&jp@ZCfawr=AP@`zLJOfK1cJc<0vJp;VBCUn#g-*Ywj^7<>-Jtw-`$zt zA2YjW&y`F`$nT5E9Y6Pxb#?DK+s=I2yHF~5#{ZqbAnvDeokLyo>OF`E)z(~wT{ z`r9AjuAPSvY1am+X^3t;z1M7aXRRU7WL%eLEt$)^&RWTemIkK0GG1VCZ8Gc=ScNr5 z8wWKhC21j%E;u-hl}ZejJPwWJ*grZ+Z@x$ZL0es#d37n~H`URWNs)G4Tq#U)ff4Uf zHX)F)7O6=BOptJ$By*bAfN+pfSRo`)OU8-)1UO`9ZCFHIx&_ZGFqZFTvM_{nt;T^C zku|c`VGkz+(8b#Q5l-bq4_;V=>snj;5b5q%;U1+)ItdO=O!Cs7JiztmpThH3&86%s z3s_VTND_`Q5Zc){!I$oTlHWXem~`4D;}{UER2nHv#qTI-5*MwJ%24&N-6R=yU_zrT z6?Op3c*haOufPui#wI5ipO~;pNKQ?He*A|n1aKOVBncOW$6@1>HcQYEloT{{wZcWG zAyzCx2RZNm0Qd6qLgUW3xiOsz;O^b(tHU^U>+~~j2BA`mwbi`B`QIH(u(?2f|gW*j!c@4`ZP&tj=QV^ z3plF*gRu8l}DJh$i}Zj%%rFeInh4@E9Z|e~R%!A5-Na`+hD7DR716rYDc^ zsfTxS>AViEzvyH-vq?$;G^AQ7RC4&rxDlGlSVR)NF*4_LP)T%+w0Np5SJ!j~suWF= zD7nf(+5WuNnmQ-R*S78D#>WrwtCw6%b0&coXk00%OC&iwHpRCe-OG<3Kg2}7Oug&i zSPcc&R`Sw1EjV^$DbP4dSLvmp<+KGj8*09cs&H4xr}Dog;gDdPPffqZk{XoZ(;3Bmn<=%S}3af=aMlgP^ev&O8Yz6DS#&3dxml zum^S>uGvH-pyqZ$$%BzG0G&)EM8)&|qVLK2^&8l>?J-(f>mL~#&7BEw{ioi-U%%nG zR7zz#2Q?Lh(y=N}hrlah=xOr^M^0u!k(MdmaM#1!v+tPEV!+b>bTF+Vt|GdPyejBY zz^U`w_{`;}GQY9jwCMFTr@-iNV%6F-2RR)Y=1i}EtcsoxAaMwkCO{CVfP(KcP$<%$ zt1wpdXw4*<*O+BRa~%msqLiW(7^XmTW;Sh&i%`n6ZA1Hdp*2#Nd2!t8MmU08ag@QS zy@t4@Ly6%kz0zpbOOmc&_s9hAy!|nbIK8E8BEH_4UM)#MCmgRW8(%M~W`1xlqdzVAofCG*Iu z*vN_6*1wSEc@p;XsLeCOz1LlME zsq_q>M<)^cyU}|O142t7#G-`@Uv%*Bp`Xk|r{BM3K!E?l_0f-gboe*--18!V)RZfN zsRDXlt9{6A#@p6}XlsFD#kAX+o6sAUA{Nhqxot3(heAmNM#}CZz(@a5uh+mpKc}5` z#&?e%?R~aV0UOR(&EI|WHHIc<T}MdEt$m&e9NB?E1uXUM@XlW#{mgir7XEi_-Jbxtc64h2VW~32c}9D-gf6!4vgjPW*rJB z5jCxhXMA`AoGMk)tMIDRmh!5#3r$;E7;e5WU2L=?s^UJeFRa*)0uTX7kz!uUdNRpI zG`&74+ne9m61ZYj{EPA zJ^uJVDWyIDByk*A*ab`G8i5~W1Or5&gg!Qin98Gf9)Q5efHpTbeXOs)|0^?*X(j>q zUte$en>X{BPyh21C!KWCB}2nQi_ltAC0A>6$AknF7D(j&pLy8CrL?FOn_IqW(*Mz{^A5ct~g>kZ2D^*mm3haP*zd( z=-6Y^+RXkvG`?2M%BES~(!{AW5H+2 zb~q#sfesj$+(*UF5r$c16DFggYpUU7Qcx^ac*E^md9r5&QWBvPAUtYl0datVz&yiR zFsm-fne)1M&si&QEg&w?VUu2>ovI1aiQ16bde){A4RkfGB<0i@{f7`yZ`BD+LS_@i z-znG}r#yU$ncC2H@7!D3XD3&%gvZa62=mTszNcV6a znQ?7kSGdxNFbUGW@9_yhd<3KAR=q7 ziTR$g*G_^=!q^yWI}qM{(caqj*x1fM{%J^v*u#>@OcUaA4O=bec&3{@2&$O^>pA^=fwR-1)7RmZtfB#XD7L zttplSLt~I|pgseM1X9^HCa!S=lNc0PAkeM@Ne2c-0U@R)r~Eg(_O(xZ@8<9S#YF$N zzV$6^-n^NSk+Gi)4-c;g^vhm-rFg^JUq~@m!Vyl@@J1*C6UHL9GHn^ohL=wa4`6=9 z5e|o@3ViP2Cnzd)0-g4FKp@&osQ6sDdI6ui^mMYWpd19opWK4!b)>8(A{x_iqA8)t zO3YnN#l72QwL&rz4iTeRQ4us_eN~+v*V`_b+1f#PA3GD6`!}?`50Tfhar=+ErghE zLfH1#VJBCCSD~pc!z*;D-PSUM6_=HGiR!n0XN}gJ-HN+68h!(1~Faj~c!4Gnb6?z%TAErevA* zS*%b9(h14sOS%{@RrvhIz09ghaY{!EUNjb(u7$6wY|@AwQB7Ws>kj;$(SYeBIacD@ zj9$_SNj52Yynmd3x_<|c9vooYFXQ_H>4cvT-{3qfIMIpp`ko>I5JcS+S4eaa;QIlk zVu`6ziHhf2zYS?{HPgmg$0dgGu0Sj~2orDNx-gZ4$M#ywbkw|g^TbC!{E=tgdfTrC z>oVDYJ$&%sN~JYqGq8LfVs^WIcpVrTMU0O_?+6@>7*lG=(j~9kxN+mnXPC zPhY$qR|qO9eU`Gp(3wh>nqcD7LP6gNF_h@bB3r7qzyx4uH5G=>7wZUX}o`LIyMRw#x|S=K&8IbyB$JTLuglPy zOz?2uFhASdO>-*2vZgwOa`3fR1^S5^XaSDabhVsB%56aD3NnN?it3FPv1+oW3llLU zYI+JL@504#9Lj2n(cDpn^G7Lp<7VI>oN8xA28757qc|)Gw7?PY%q6qYQt;{fwv)~z zId^U+6~AII9XckN8)Isidut_lV}})nUQ^BMDh<;9T!aM-fvZBHrD^{+Ws>wx7Wv2D zZ08I2Ji+5VBNTjTiU$cOWuG63a1@R*ls%z?sIr&Qa3M?p%uR5lL`q31U!XWSWt5cz zWyFo7`8`M2G+Y{Rt%!HoL_F|EnVRWzRWnbJE|g2~=#!8y0YcZ+)ydhjXP@L6K#;PP%ZxdPvq8-uw35&^v4aQ~KW(`YrE# z=R5i07r*%Q9h1D_jeO;6H<(RENF5j>bMYTP{1{8mJDDdA4>43Oacru3|9>CpoON z6hb+iJgbp!TyYMWgz+|07L8rwfn%%9XyjmJTSGcxsDrMRo)(mJL}rSDR@GlO{E@0% za9Ftt#ffYrwF))kv3z|^+L1T{Zapx_=Qr-AvoX!zp0S*Doy|xmL$Q*t%GZV}h_=-( z3>}}O)O`Apef;Ov1I9cdoU_~G5K3A=qd;hdREl+T+qwSSm7FrGjZ($KkFzKM7fCh= zyTNY%6)9o!AQjQQ(ry!TTUH^oV?eZ_y>RF~uSKmxqO$6a zLK{FJ!~~)&v_pA}=X;na^`UgwM+$KP)h?2fVj4NmN)l_0QZ5Zihktx%C*OKxFJE}> z8C#6BA|B6dh|8W$&vL)0`fa9f#QGM?1#E%E9W{3k#rA(llT~?!PO^RXo1^ z=mBonw3|xaGu=f1=|C30i>wz`@E2vCUx~mG8b=#GztpC}7s3iKSx_Ka|&s<=6n92|34Uy$CYWp7O zAC8h7A;fc)Qop+X??1@LKluryXIN6c!5VI;qo_k zZ05FIhaiph)kxn<_`vH|;5?__@gTVL!2u)K$QV8JRx9sKS zo!y+))xuj(Tf*x07CdFt;zRmXn0z`~l1>V~_V`ggbMH1tCJo9yvb)uhSPX%}#bH%P zJ+C}@G1n}cjVmSj5CI;VBt?1!Ca`5(jpI1{=I{_d-P6mQh74CM?&PHQMjTgC@%>11 z-i%EGS~K%$t(#vRorgfo6WH?V5Xh-5C{d_bqUBQbbBs*vr{Im@IO*tJYPY@^nv@ey z6oi$BPDshe9(aQ9Z$HLAU$LHRmd~N!2UZ_P-~_^GFj*lUh+_qa;Q`EFLTAa4N*Hww zq{h_}$A$4ig**25^6f_sa$s=OT3VmLUDN_pg%Aj(Z1)3Pn*fC9{ty-5+MlZw3KS0z&LGct?;$M+*B;3R%?x?RP{5Y48BI|@H3|&@L1Ax$(Y+9^e zzkb8Uhc`Yx6M<$%0RK-{Z*L#7X3Y{m|M|}k1%7bD>8GFm=&_^6zPoz$>R0-nk01Cb zrEna_aL)k>WyHb`~se(;_{ zhYw$Y*0Q6cg@5?WTWRfR#`6OLl%=g{Tu0K9O0l%9o-^mQaruJTJa6TEE?+d8uEs2T zM#lNiCl2zf9fvtq$TP1o!^-A5?mjZaXCB&NEPq8zVnM`I>YPwLETAQu;oq-3o0D1_ z$ydA@C%&3Ce}o>dy6?r?{1Lc07Cho=ebtzyt3a@@!mj~{5sd_-<&=k`iq`stbTlla zF40U~s+opVJ9Vj6vWX^=i8KyS^eYGvaPflKT)L=}t^K3?`<8=fU~Ol;k*U>=wNN${ zVtp#X*LNJ`pYPj=PDnel2xryOfGB+*0-uvQ+j!gAD|q*r%QWX{Tl=L z3ColBY^AuOrHP9dwoz6-Kiu8JuMZ6|w=u)wmJCvBJevSH4iqX=I8K60q5-8t+uh@V zb6Qugk!iwPVw;c%nP9Rw!0^-o%BqMXleQAKU74tDUA=$Di`K-_1T%+1NVsgtY$iO9 z&)&a_Rh`YOYOTk&{Q3BpXL=GD1-D2G$7oW7Eqi4XK?gxyGQm{E=Z8Cv@|oZ4;0KQ# zW~}HTQnEUZs%aw~U(K18J&|dT=`ujlb`DHJAMfsk4elrt<{>U|B2J|Of?|#?&`1}_>qk-PGj&^TwXjnb-nOCSF@L05H z5m!9xSzLU{C1|ZV?X=Sff&j{8bgl@k>3CxRDP^)yC?uZF*JJPAy{uZb>g@jh{?BNo zkka9rYcFT*x}}s#K0=C!u4bI`G-Yia^sFnN>u46YWLVmi)P*|4f^w!pUNp6O-y+eV;!s#1TwIQ{FvEJNa-UUBy>%i zS)T~iKK*+&cDd8l2xDq?$f!P5Dxke#5iOZn1VS0X9}B8V$P9^OmO9Y_X^pRa3c&>9 z69<`FpXO7StYhcM1P8~8j1_!l)k!LZmbQ|#E4XD(AOHHmZdA%Oo2hMiO9V>$P=dDR zH19ZlCC^{okuJyHF=yBatc~(3*l)XeqgLehcT%Yvs;^!@TRi z9%Ef+BOf?-HFN9JOqCUZ1%M9a4v~~8vguBAP&r|rvZ_ZAf+>};Wfp>=$$jKXgJ?XY zOhlHuI>sNZ-XrmpfI^K%Drv8bBJefkz~@8foJ_&;CU+(MXEBEc>;7ATn2!!iIY!t^d*u&9xHTgPD z{K(wzgpg=uq>-iL;7#P18W~09@>V2EgGiVTlu{%d2ggkiD1{?Mjqz0U6+&zGqvt|tsZG6}Sf4hA}#f;}gAGl(%*mLf= z=Z-vGuf@qHujd6Xc%Hod_B-CSd-ra@p|!J-*S__I1WKbF9}!3#8~l|pN^(LPGul7| z2;rF-G!7nsuj#5w@qsf}@cdQt`1t+X`Pe;MO(p82Kzk9u3M&j`_CnXTAj`bt?A2T_ zw}bJ(!?l`tS_Vif8WUB5b`Brvvg=sjm!WomIDWcQ-SmlQfsvGP=q?z!|0o-1Ogk7m z+t*6bluaA}}p>S=mab*IpT)@)-LON*Wb8<%uXLK}CMBsS>DGVvlEnBb~|=o(8I*XY+V97cRrAIEG60%@Ee z6G9MJajJr<@S$_o&@)=#9d~TwXD>dRgqtJ?6iPUjKFV?9B&B^L-K+#s#&qzdPa4T% zeWQHlzMX76JY<1=CNT&Dt`>%!fSTs2XB%EtP1$+_7@%iGD^e0v*`qi-L}g;a2z?G6*ZVHa} z!tNtzZ3btJ4UKYSXrSS-2RG*czJB93qEk86*DuPYvNzK8A^gu}fd8! zhLsEL)8B7@R#GVB@A&q&zx}hn{oB9gp@*Jcz?S#F|NZ>*r$1qIbo}LyJ+}43VGsPH z|NJ+cd(kQ6rplHX7wV_SN2Jnf;A2towz_c@js+v-eMNgJ$#a&?D-1RRmP-p;#X{U~^h80#hPsAjKt^BPOLc>z~#!3T><&Ij>BU2d%N>S0El!%h5 zgd-R&m3ha1J;ssoe3hQ46am zgE_a>x&?IBub@8FO2SE!kO|UmBMs?Ucv_)?0#_~XU|DAa-+b&4zu4PPb2h=!<~m$l zJbVh?1leS>p*31MUlsTtBK-x@k(B%b1LJ#{sthAV5`;nZhoVJV+T)7=m!^V_lqKRF z0jkMcn5?Pj9L>E-Iu2*f@8G995Asm&6jv{wQ^k=~Vf-~gS`t$F%r#6o#=z-`!3jS9 z;BG$on&3Tx_Lc}INRn349Oz8-TDBJfNsob&Qk>TU^j@;DLh9K~t2S9TjV%dBsddU6V=-r2-3~j;EB|p3WzWZMI zf@_{HcJ1Ch6L|icYX$`PCtk0(_7%5(@22lv0T_$ml?&kh$C(b=3E2Rgz6Ls5p;CrN zcEVI1$8qWE>iTAHZ_jm4*Xy9QPPMeOmd3}&G$1ax;w--Py?>-oE>*=mBBwv17HO!s z7dEA(os}DezO;^ikdT6{1LM5zR~sq%UQ9SBHU_W&GVLq6>XO{_f{U16pP>?{SPK~g zRua=1s5-{uj{^3IxY{u@K@oBSEU#L}I|DLmRilj#f7GS0uN&w9S0tF}ZBkAcbkHuo_$)PV(kVPm^1l$q%&c+G8(u<7s!q#bj7HO9Pm9&XfLE}z|k=&Wnu4=7LKh31xhL$CFyKfMnk&O1`QRH#kX^A;V@Mm zXQ*%hsq+*9!LRo9^6hO$ncI-&J?F0EJ?(W1$tK&4Dxjs^NsH$bj$pjh z&)C!vJSwrL$UaLE9W=h-P1ETQ%k0>lCT8Rl23zyISXD^{bxDUUgE?ODy}iNIKm zO!LSHA2%tD*-yTJ8W~6B^B8xnNRBb|+kvEm*n0%M=LpPchjlCISU8VVI)w}Z!yrJ} zW|fXfXA_N6%ww+!kSG-(ghmB|;i+*7{R6Od50olcQ3BbR&90j)JaAzDIrA1Rr2FuZnV|DOSaRkP{At(e zr=9xQ=r8#a)Mt%~)wG;TISz8&a%i`n3IGZU2-7+O-)Vr zj*pK6h-5ayJ3sg;yh;E%up6qjt<10luhwOetDUeAJRJsP6;Z4buHc*74^S+XEY}#K zAI3=T$`C28;GZr#i)GDO%7LP`Y|>F>69u)kG{x;7h#A9tKnSPeCS zO#-S3h1Nk-nRYZTCE+HGC2tgvM6}n3?tsz}|gOghuC}|(h4?rpcp$Md|g6AUImafkE2@tl; zPT9*mbc)_ZohAsPP zOuGcSK=)GLXueM}87JZ_8KsJ)lrzlDTQ zWhJET?}dOwAcoo^=}E-gcNf4h@i$j?G^KL}1woTH`ARDI8kTE`w7A z-uvq(c+C$V;;#MOjQfFc#0y7Dx*E~7tj_oa()vzWDy!D^d9WfqQbMVOI@*JOq!%@n z$C?+|>`_E)P?7?69WoZYfT&9&5-z1of`ZVLgus&mPY41b(b7dZpe=3(A&`z^l^P{3 zkdzXMWH_Ir(Ay82p0vT=a2roQ{fzd>LViakl|EtczwWy0+E=Vv@ek2P(C9+hgPr?q z@E3a4>{-lPFz@Wf{7w&3rhAM`Mzhnx^`e-FMu1`v>3o&UdnLgSg@!g^&QLYSX-ap|T({74B*N<;A}J!Xk1LIk4n;r5!1!L2te|nsdkTBpHVi5u zkuo5WP~5cr7~kBo59K&GLBQhH20nDjTCTrnEnRhKDqaO8WMuKHv?hUw+U`P&*c@I& zh<7uEcTu`RYkEHI^-ECNwAO2x5V78j47D944Vg{?Ehv;HNlC#~OXskny^c>ku#1Pf zhdH&Yoz_epQ{_?erD4!M=|n3CpMj}^jOV&d;3KBM7t6hBzM>i&1$MhuK1(v1)MX#ldnJLOq6ZIhi%pP+&4bwXZmJ)!ubZZsD3@IkybNLuvKMv z-jSl6viWxa7%l(V%_otN2|}HFgW30~2P zITZX69GQrcl<@izqi)um&F}IKh-*2B6Q8Y^E-8&2=SYqAHP`-p6YIK~_{7EQ$W?q2 z4kVq?h`v>{%V+T1pG7gDU)c`?C>j|Q(5(U$diJ@?i{kKq-8l}*sGK@?h#wHD8 z!jV?yT2!$J#5MRO9P5K84pu)eNf%CC1}u z(9EB|;MQZuj$YN=+QRtg*i4|A83FuxuIE4h1=qB;wgM!ji)UPP*$rB&%WQPyl9xS$lUB?p zP!3wDnm`r_$3(?f6+{=!7_~MnNShI4lafaVhxzT{K1e01WPCkc&_&XkN%PLL*Wi#q zD1i{Zsi0%r?|ASJTfu)=>a1c_m8yP)f;6J~ryyo16w_UgLW}Zf&MqL~BqPvS_2+HU zB1}722^gH%PsyJ|%9u)CID*jCj)FqtAo4fTFM*53BO%jtH7>K$9A$x*`h?|%jwJ&w8gxLQ0_qdZ%xzjrSHm)L zDocy&@Tm*e^8WMI^35Gbx$YN_(wDE$l1|}yIf}s;GVWAJ5VK|GILE>1_xt#Bsl|~B zt*3PmgdH1%V*-t~=2cQbI^po43)b+noyYjq!DGyANKy3R8;>30bw7KQPu>3nN5_kZ zR5ofa2&>-rlor8Z@Q+pf!ZGfPI-f^(55WFoFgj{RORj6(8^f-Zvajy|4kDQ_K;xZ9 zOky1+?FsX{^=Wfdjv#O(fs_=5rXU1)0eJ~|2MP|99EI;l0@tPF`Sgv9QRo|l$D-h` zL2=pTmwkHQp+oolAs?w%yzCVtYuBu~{L~E_KH1jM0Z;COAW)#y;>C-(_0~IH4a@}p znGV38a}azN|MD+iV8NWZ&mSHg`Dvk4iVq@f)#pdqSGax6n>UZsPCM;oKmYm9e{kW2 z7jysp_dc!8`_$7;W9ybJBwSZ}mf=vhY%aIn`32@Q)=~BPF&@n98I0$^6tC0aLb+}){RWnKE~R#$fGkxdkot?(p4)GcX9Cb)fn9}jeo^3Kzj)0C0;TA+OmjyA6;Ej3Yr zlFBj_bQO##9JCIOtDdVJ5;8wV6Lou@N*6#|Lnm#M zSAjx^1PX`7q~a@&9^|W!9pc01tl?{q9^lZ#gz>SEvT8xCWVNcdu9Hffr~_c0ClT0A zfz(haqX$P3<9Yj>2z&EQ|HfcUb+yAF1Oy6^N*eXNCl6P5oiI;pYJfA>z`7M?q^4>C zh9-C~9D{z3esy{7V4LDVCA)0^J(vaf#it3LpE=R4lU7yso;f6)E7 z<(6BVx4-S}^$5MBR4Q*B9~)!IlBHd{_v{{g{p;Vz*S~(lOrV)b0RDW}+^$*l4D|E- z7ro%`@3`&uHv{v^#Y))bC$u$9CR3ElmF`umR`>7Tz4Hu!Yp%J5TW-1KX?4D{I%m^A z*vCmHpRAwQu|tKOr8j^1yB?jce@uMaKdY z8d~cY&{n?~RA9R`Sm{}DqDYICJFqlK8wj;E;t>JDIuuIBrQ+x5%k9VWC#iE2-0;{z zKEG)%?>=ieuUWH*ilzE#rK02^wdKb3S~%0gmBF@Q#uw;Qy53l$HBCt+;DbY@(qYDg7+ zcC@nNCTYADBoG7!BXD#8cI-dybO9kcThZsPhgFNKc$yO>0oo=#%HRPKg(8(>z0lJS z+YdmXstig*hei*-=RNP?bD#U%Oi-9f0RC^SOD}r{zxnmu0KD*pFTCNdJMLsEpNlYK z*>px+a>+CDzq;+#cL6M0wnFURzxQc3_rLD7ujd>8@pTr>U;NC&#}3^Y78R`*ZQ#!D zeV95oK@j+MPHVL0q_TB>xQmKft^MO4QM19hQu3`G2l(fQpG4zY&HO5DDiX9QRru&L zPvg3i7BgC|Aa#I|DbZEjzYtY5UUaNI9a;fb%Xkr0WmTGCL^Kon1pB0pwWH(eg1V~M zqCf|Vw#G%Y)Gt8!1~6$_{whMEX)ClcTI^;df7tNaZ2&g8N!8fK5k{U>NCQ#~upl{pYWtGn=O9dB$J}ZLUX+ zK$AHksisjxrzZh|8uh-~!!+kpO$Ky?mq;faJU?Jl?*unLag@6b^x0}%QU$$)Yyfrq zn*x^C7jKhT0H8*c$}m|#Pvi`j-jUUZP1hz@QE?HnSd_6H7rn#i?fa~YBQ!QPq7`~7 zH)&31!5sAY>tN{ub1Y$?4^4iwA|k@te`9>g7?&OGHU1@5*vyfl7$|){uyrO1%p?H+ z=hszNUBxed`OClPbNu>$d~5Cd{`TGXkByDC2oSoto{xV0{rvT%XE0SN*;%+WOyDq< zN?jF^)w;%UFCIii*dmnzUj@AO7mu)YU>F>iDuBR(>9hl$$H{YA`O)*w#}5=rn6ZNE zy9CmeliU?Zv>GNlZw!I4P@C-yK>I!v9Dp}$n%llSdo*VqJKzI+2KI~vLR6@;=$VT~}( zbW1*c!mY2SsS^cyJCczCsjTXtb%#v2ka8S0_Kfh&$B*#Hu`%Ng=vdPL8^FzLh1`2< z`5a03YN}8eU9|w#8cH5wERQY~!B@n={}C78WDn+dg3$EJs$Yhc|FM3=wtZ;R1yfQ= z`Rr#u`-07zH-C0;aPTaoFqQxL>tJqYO#%?kmIU_W6@pj$#$ad^b{{slCi847={U09 zkt-)F-rlD`fy}Hwvo#|H{J*^Z(t|(1+ur)77gWmS)(|zm>eADB?%AuEER_(#(7m*( zI_OEKDzq~_`0Htoe8TeEla9ltzJ9h2jG8v3lHeEwy+P932RiNWj~ARmQ^uuS@eta@ zLl8(sQaE_pCr~o#aGEhh*xs~$@Dh9-7=V`*@CnUYOg~;nGQ(O`w>l9sAF4@Y!ho$q zH#!GFKy&?kW7DGbG!r3H$qHAHD~~cXu@9t+6cU7I0DICg=b#L&PHLZp**fZ-6#GWU zd17FKn}^3aG+83)xXj5US=-sdS+iSN)|R0@;o`^y1z+K#5VC>@q~&;99Dw#wj*GOS z2qr)B$v91PH7qfdOLb+s|2D@dvpa^zEFT@x+8^SH4@6zGWqQLCpSZHK}D=K|`J zY4(qg^X1KlxNGkqWnD3kj^kL{>8DP9vS{;4A!{tPZZ-Q5db02vo2 zFo9f9ZDDJrXicZM`)D5z9~-1Toxs-$R|@KrE_KNy?dc>9sU#^!lXL_bCqV*P^_9n{ znmO7*YBM8OA{0=m()mOrj6=0r3?~}eAn>DVQimWzGdmT5CX;NUF4=-a5kz7+_63x{ zk&;4XlD_dh#?239D1pifNrjbOWFzk&grGBV&Nhtg2uY;EEJDo{u|KM2;7X3!ftigs@iB!pi?w>43gAMny=45&~rt2s{re z9%5t+{rKJp#2}>z5(JH9VCU{#?o>V$;*p4kdUQ5v)hR`U%dxIxCdV%OhbXS7gev{W=QG+N?FNpnWhl}R(VF~fp}I%YMb z>CC2RN+wA;5Ji)qzlIOdO9r&i1;s*o+7p}B6JWdiuM{sKZFg-cl# z7@XKkAS$@pgg;>eOB7fGWkq$Qy_P1KC{_ZBwlyq;=CnCYoHxIXq6!!;cBse z?maxfH?|+9J}Ef0vy}@Mb#l_IdKNZh$x4Tk4}mC|YTUX6Dw!hhjUZ(^u9LEzZG*)S z5diX!8v#VNzP1_`0;EV#4vGv+?jcZtwb;dg>XeTIO!|s9p0bo#b!pyz_io;CMwyqc zSxC|IB0q*2X@F3jK-WfPX*(C8Rj@!ufJH~Tq+P|~i6Xb|9pXp3yXhOvK>|o6YXmAx zaUTO8P6xJxEeU1E1QMLGPc~m6lP@zhG(xta9w*@vgea2$a3p~?;!N5m0!hs82O)Dp zYbt?f+(pO6(A)PKqbHM{PBk_*ojX20UIaLH>=>0w#axzD0^N{?gd0h1>$r8b;~*w- z=tKSJo&nf%3`QpiKLSgZE-AINwOz1f)8_t}9dRZBm|6cv*3zYm#eoBd^w7ZITcc8G z{w%Jz;v5#WH&QJ51X7!#Sp)`TMs@C~Bj5CDyRljzRe^02YBDzTWL>ZIeA_)FIqK+3m3H0m`IbW z1o+C541*GbQ~Q}L^wFH1O+#ibj!d9bFwH5Uwhd4P*To~UsOmU~(3nReg@dQc^o~D4 zIVjlChd?25Y=WR{t36i+R>0}Us9K$({y+_)N z8X^-XrI12WmvR}-mHGPiZhpM;7=4o^^E)Z0dh8Y$39>pPk0lw?EFnTYXHWr+lRk~P z60RSRuT&`dMbdtPx^x;}838DjkdgS0ua(7t*mu#&vPB#!l?q;|f*Kz)`uk-sd^hoo zOD}!)-FM&pM0g0rV$q9^C!0ppXV8ulF-am}E!TnGF?9DJ9O;8yN1#-S?(D@EUOZ6W z+Hn4@xBPPd%GImbvunnb=jpa)K!7vrf06{04;(m@G#g2R)Me*#=V#xx_a zvj}g2#AqHVBU!6LuvxX0kEOP00a__s=@Q`c%sd9-~jae?7*U7~T zS~+!gD{Yw+zE=32BCx?<3lWoYS7uHwl&LZ;lVDNHX-GF|{;Ev-TWTv`ETC_EH&f+7 z9GQx^=2};o3p(ajsFVdR3WL(Gsd}RzYcUHN3z*cAxDZO?O5-G< z6qwan$D21S(>o5dC2ni4uo`3%P7A{=)h40*SlYjB0mvHZI?wQ#TpN4D33t(pb zQS18a|DOBre}D@vJg@EX$G5*fN+K7}}bGr z0YW36NTXc}Ge6e>Qb5Lax$oF8KiqK`?Ko8Blk5l~2yh+2jaQ$;ik5l`fktY>ffjLZ zfG8futbEZHoM>dreF9wR(3Egk)>6l%i#vJg>Uq3m^&GBRHkYn!iYG@Vxb;9kH*Y(_ z!@c876$28kpgt){I+BEtV5@eCk%^VkP{0E1(VSgKUAo;Af>A1B(fq=pe_|iGQa`Sf zu)#mDE%mBPT?AUwx)wV?m8KTy)yEVFrIb++)}dyBHh2Q9HEro6moMqy1#9Lrr=_0# zqf`8R+fjbFe-IbV;>J1}60S8%(zx28qKZtEhVgV%?1S|D*qNaJt6v3H#J-m`=6Z9PcdS5{s(PAw3%HB?+3IMg?=rGGdH5kiyl z6&+I*I;Sc~G*UVUSCT8_nCR()z7a%QGcDOVV?8Y~*1Dk;wG>DxaF9p|2`51%@EIMS zAefkdM|Ywtfd(O5Hzi*F@@voj;uk)@{X-xAF!$egANSt#8$8czoXkz#GB_}3j%?v9 zSg{c5lZH0vxCTS8uN#gHBlaJGy+@ahBuX3q9J_hC3CVlz-O6pd`V2xj)HD|uXF;X;_(i91?b`WFc)o2R z2Po~-?$cpOWaW87h(S1-&{g!FwI4RfY>6Nt!Ic768lL?~vBI&bGEel6@#OF%eT6b9 zDOuE1$A(!=tnFxIRzsE`P?Q4S?wtyR%c9m(aYVv)9~=Yl(~1fnGS=3psR@c>Ld{rkuEL3a#5=6WuZ*7Vb(jn`*(ohqRSG zR#utO6@pAclJf$7+cV6Mcl2=Iv0(@_B;rbw(|jgEH%nqB6>+bF(B@hwQl6%%7*JnP zxIqBII6OE)P^nZn+TV}byc1dRP-m@W(fs+i(lOnWaC8(hO~QLG1QpMxXMBucWDK!w zFM6r~Kq8Ug(n~M>#EoD6@;}`0t#1b(|Mw68lCcd17#cpN~(HFZg5~hh<%jykgA~E?d$? zOFC`*&{0@gJIc|xTGKaKW=G$+rKeScmDC!gG|ykPkgHeDA?N$X7zc%pdBVp^|44=x z9YgJls&S0gh7uTY?5z`_r@{9`)Ot@!$%>{7%bV-D8cnI<)1NQ1Yh;o;j|_0rj&2sT zrg{F#*_<}372j9ne2pT&^UI`CS%c|U9>ww`Q(ozJtY|TJQ7lK{+tfZ>1t*FsReG{ahR_@vWFk< zILvELU&gCXUI;=_@O-qCs6aDO86jU8BUNmqB|DdfRJ*+cCWHlcjG?rl{7K_ENWq_A ztkBC;Y0zj!2qOt>=#%mUrHU2!p$f=ED<&!)r_FBU(-)u2#~#?toVs<)Zc3n}V-+YZ zg-#37NkLM$+}Az8*B?E~_Wn_dfn{o>!fPmwr!~fT^7_Ozl@&XGyaS@FTHuwwl(SGO~LmlgdJx8HXI=*G>x^%U* zyFCN_Gr@l*0hn3;*Ot~=w70gMRIZeb5>GZQGRx-ik_%5kBAJ!VAcbIdLx4-YMWUPb z_-L`rv57p}hR3<{P#=GH&lc(*O!D^AmhrNa7vd|4Z>dOHDO};OZD@$W$zoM1)mFI* z!R-1BZ#`of3E@z|vve}YDxqmRFODIaBSkkN<(E*1$k?h|F9I!*%5u}gi9FzXn&!Lo2XTRv222B@G(`siaZERvU4ITTCK!wBvvFK5xDq5A;Wr8 zYZMNiGAxA^%~?M2jFb7RQU>)q7n)nzYfaaC$vOp#grFt zN@o+-ty{onH|^uIm#swxA{xg_0a-_Ka5TqfHyz}j{evjs8$%okhybk|+sd!XKp!X3 zJN^2GES4Z3;b|I+0gloXZRbd6$LdN1NFgcYixh^(;EDa__dFk+%Tw_@gpZp0{_;6YR{W?f zETyH^X=j>cuZT4At6*nUbpq58n479GuBC!$g@HeXEo|dY0Lo$!B|`dUmM$f(5Y#1H zd?nb}J;*J4yD50^j76QCGq06~q^W{^ZQcG*2yHp=R;JhFC_&8DH5O+=1t1}-k=fi9!9rXkruYj!SaoBZUxQ6`H$6ucaP4sc0=R5pl*xCM>UhRS%{ zR;5FI24ROJ0a`fWl`|E-E4cpt-7Id-@P>6uDCqz+^i37{{;qDmyZs1$#Ww~xGUSxX zX{JxHF2HnJU)&xzyq3N~76PONOFDMYBGH!Vp-9*SY^tXZegEUA!IA1~u3kj)pld%Iz9BPW6z&g-r^m$eH!B1TkI6b4K6v+8P= zwp8+c@=B3*B&*sQxn}u%7PK^Qcr4F&xlC(1LwzE_WTnEtZra6o(YKYE(T1m7;brTV z@b=SJGT~K-3~NNSeQ!Ddu@c7G+(tIU#J%Z5fSss<=R$^|tyryJu^khb_B8RFL|Z<- zt$>SufUkU(HaBp|l6IE0W{h6^lgBtPUSdu|9W5ybpEv`|F@lrt!QFHo#$Z{)el=Fpr;@}G|% z=I+CTENE$DRcjr7B;X{F0wfLm8sSi_yS#YRvbA z7RQ$=0?-ax_|Ygp#F+&oP%_~3SuK2S(*b5RCdfFFuRVT{&pfn`-yR+^-JOIR!}rOE z8W=E6_6nXgtq5aQmHieB|}7dp%pX z&dB}GbO2`7|A}?}`R9uVAAC?JlWAS4l*|^nZUqZZU&;6X{;z1M&*1wWCo;;b1|(fm zJVjJ0G)XD(5fnU+O}!&5X|7|k?DNu}Jz!d^7A%IRSln92k6wHcSx4fjz>b4!r~XLW zz|=Bk^A}eA>I5GIYhxQTg{f&C2t5r4CSoH7B345v)MN03cI<$IBLf^Q>CP4S>SG63 z)!xL*R?o+0x>f=)tKsk?8k!zeM*wlR*XeEj>HlAQ&1?P^b3m+G-NxTP;>}y&WO$uH zBOQT*!?DR6pZV=x9yrv;tIk}`d(K)$5D2`$H%W;-zfdYzh}up?B-p2?yE|&DrEvU4 zrLFN#$Q*EVb+%pw>ub8|liaemj}P4a1of^wxTYJzVH;};)RHei`3v~fmA+~ql5T` zJUp_)27mLLmtK0wv1dL1>ZO18ws(0a`s}{#ZExdCUouv_sdQGCO9m{+>8oI19J>3> zrA{Yc@dB9Biby8VP6D(CI}XB8)AG;MWp@^GK;!Fo%X8j*ouYBbzx%JjtIsg3g zgF}Z7nyA!J4=d;Lyo*ldnzL3>Ec?{bq(bRm5tH?eqt>+rc$v*y+3zJC$+DJu9_kt4 z2fGe)aCiz_0onz8gmn1S#p_wwQjZrH&a#NCaKnzQO%|-f9a7m@zpC=zV~L5BGIISB zS{sSmFzU!E?>?lm2^;*i7HFZ+QkhCs=vZsrP|LJ10bVJIFDo><8Ln6|i<3GV2m)=5 z)&d(;tetPX!;BphgpmIjh;Mq4KmEK;nC(Z`NYpaeVl>05#&E0~!U?XkG8Jx9I>`%G z&7q^Aj?X=`mtDh?T(Gc>w3{Xf0&9jRkixO2AZv~>ehk&)t9Fr2RHYaf-Ri$6>EqbW ziI$KO;3N3X~4sSPUx$g~TXX_VmM}yI^DjVU-D@TkiRS`CaJNMo1?Kq%<9b-a%Au3Lf2w9GfD{ zcQ1eD72e&y{&lOXh1$P=fAur_*MG(KZQB9Zv}qF``N&7k+qZAu&WW+ngqZ*d=o^KJ z9HbMld?DhLmAJFo3=~%g7#M-AdyVmrU1ywr`e1i=_rK5VihmhP&Rl|-_50R$zx!PV z1_qiQeDJ{_D$y3q!gXCO^@|(o>n~ZqZr$dOe&iz$_Vo1Bhq{GY z3PfEBRxU(dd5|%MVx0u%Uk6W;cs_UArGSL-Pj(R$w z*wjD5M6P7PSw>POn-IKu{Zi5)C@SRdpC~#A6$`4mrcFM*RUR1<*_OLyiB-kj;zePI zZVagbVc<}@+6E5gfbFkKZDdx3w(_njYza#{gIBSZxQxA*YS#6~0^bs)gPxJl;B&h+HY|;hg^Naocyydp7yz8#V z**i1=DGTtkqXsRcWrL_lq4IYhlYI~z2azwr?xW~E-RNV3=!7sqKYt*sw4rXkIU;o#g8sL%(FBZSP<90st#V>U(Ub5^9Klt9wca#dn-)!5y{q$&nC4i1* zIB6O3{0%g1SWVlqMWjw$L++GSl!_%d+K(QZsJRMlt?lB<=UnxM@7;XU+kfA^dG2$b zJ+pB>P1XzzaAy6^^^YGlA|g9??w+F!(hc3&0twA)pLG@$-#4D|LdL*w)9U_+lWzat zYP$<f^wR?Xx_!HUphW_ofKPSRYfr@De#PSa_r*}a6C=nPqozMhA;^J;Kv8!Op?im5Z#N80 zg0mc&>!G93PMoSqq?Xh;{b{AmXrONxHt$7ODge5!J}Wvq+s}CNN!Yu0@0RGgPUO+~ zA{-q;kB!3Kqlm##LhZsetJn0u@%`^S^X;#Ey#hGzGDzfeCHQcEV_< ztKz*%ifXkV%Jar-V9oE@prgTv`v@GZkk(&a2?$U)N?Hoz3Fh|V&l9JswE$8i?@?%{!hL#E<(LdJ)0a3jLEihUA|1JXEBLfDnCh<>fACOGE8o9CohHc0)x z5yYM&=)NJ7xIN)ODurmuqLVHt#~xh}F$uK@fr^0V!fID%2DwuS{2KJd-+S_jC+GafKmS{FFE(!6$ORW%@VPBp zw!Hh-zqwlj!t*NO<0xorf#vhi9WA7q>ZxyRLCxu8eED1|4fWuApnQ~@L8McVbdJMA znq-1COvA$F%N6q7$LQ`p7Jh30;1i$vBp>|1-_LBGGYP=VdOEMIk8EqwBu{IibOUeg;EB19_ckdJTp{#d{t z(fA_16NcMmP^|((fSWbwaU$>99oX{LDt;n3`Hd7W9-ok1LjT zl65!m*1NVbQTBNAY0D}5zA?2y8qpnX4SR%J^=Po21!1)vL+$^hW59g}$MW3tL^nU( zbp+*WNJ&r$g!ZjbkX5fyadf|m%y-P&#Qs0h0Z^s_4g&PhBpmF4ql3u($56#m^=|hJ zBGM^zHj7xZ04)Q{c5uL|_nBwLU;)^D2%g+;^!7o_ojW&o#dEIgz43;x0kCGxNqXnb zCm9_b5qLf#Uqm14GZws{rEo-NXWPDG$BwO-KYza1wryMV^j&t@rKj)OwddW1LZRBr zNG71A5thzDc6H#^*O6^)hW1vb7IabRY_*SUV5qL83QkHO+gmAijG#v+!Skx06=f+g zeh?+TCz`&6`SVQhpGg2_)?dJS!(0DmelnSQm)$;LRy&!NIxg9;60hRbRD>a@E^KSp z2H{%tw*k6^d~dU7`C5^Y2_74oAgK5TJf$>=Op>>rx}1F3ptq$G1k$&(xhR_225GhG zKaK{ctE_`6>GzjGsbaTNyc&5 zJ~+WmPaNakgF}qu3y_eIl*Y?mc#+I+4YI%XqCZ7T!|D%6iOvUmf5%b)*(XI=iR z`*%LE{YhZ02t4%m0~UZMkP^|}(YAH&yjAD-4-9hb*f9<8`q#aluiyA}wr$(-@u8t1 zo0&>jI2&fSBf45iv^J5-X3<@3%ewH(w-?FCq&il7$j(Ax|=!A-8lf z#m)}=VuheoMrm^&gdY%uV=CW6D1|P2Q1PHpLKG`d@dbs#%*Oe2`S{LUf|>PH>)Fq` zg4^%Bqe}?cueH*+uHd|rIP0Y4{QG-ff}3!T5B_!oj{tsJM@BXAfNXF9)qe|LBjE@> z^x%{H_=&@4M}p^Z)v5)2?y^%TdD_U-N{QAUf@GxD7V`At^L{C7F|I0RI&?h0%ybSk zB5L327(`r#2>+NF%k!2{yMqy=}Q_|t^M3L9sx|wTF zp2ur9ETiQ4v0svCJV2Vxi&6;3q(qI0B>j1hf7`l;TX**|S@A5rGqi@*MhZDhCr+TA z`1=n!Ft0Z_3H!R?NFVG!hNyT^=yzO)*SzL6eDlU{5omktQo_0G;HNAfe^nrZEK-B4FQGL_GD0L-7ikYmS= zMF04%cf9jMU-*|VevGi^v2GbGn~&4lM53X=NC<}SJU)&dpMcRRBMww9L$M5%01*V>`)I8nzz;5* z**#}E05j`pzHYzs4$eRCy#5D&`&;8A-`S38XyDX!3(2OEc!8ScE*E#At7`0r9QxXp ze9WOPW?5Sf6nh89BZ{_kU7ojUE*0NU&cfckz_qVqX@yS_{38ifrK;vSqRK^x2kyvh zMZ~p(1O%!owmVISzh(#^Vx0v}6#S2OIL2-wZGWP z;>JcUS=vgeV!)h6I@d*Nh1MR@buCC#@XZ|u`P|0c6!Hp@wmkdL0$Btmc~G)OuK&MP z3kk=(_UIVwJXmv^7cN}L*KW9hXFls$Tz%EmTz&P`VOD7beX=R^*=xad?J&m$*MS3l z@W77fUFsX_#NGG&CSjB7nj>gxtY>m6A7W>;10t2pmZ$Q$j>h_WCUZHC9XrDN-uFH} z^O?^85C(rhsLobcFdL_<1Ghel^p(M8^o@`>Hh_>uf?FpY{KhO^U6y=PBYtBYekO%Z zx+vFpQi#AuI~t)}oJXI;9~p%`hv7iaanJEIE{>krIiEgjMhIwTop4=w<#XA$Z!brW z9s5Ys-Cetwrp7F9z2-t@w>JzSTJzZtz3Q=II3^&6mb76)zzIhOLJInFd4Bjr zHxr%*Dqwv_E7z@GO2U!Vma#U$Ra(j4`0K<+05u6mjlx`P<{l~i#ap+bAaJeiu7NgG zI|NnX8XXhM(Xozm2n_taWb?nQo}$&f7eZDOIRw5ASkRDVetnw1y=MojI~rKi(nvW_ zkueiel1#V|Xg2kZasB;I@Pq9~@Nf`GX~!{f8RQVolovO?l8_h_q>-JJ9>1r(n?DqM5eBOSD}!flg(yDE}xHn?zg}FEdWaw zFFr6fKHdxnl1VseDa@aZY-vJx0a}9VIHuC``YFX+TqcGI4g`d2yYRY^4w1BO+7>h&~=n+e9f z`4S_gVzh~$Hn)xDlxteb2s`)JC~II7=keF#5Mtd0Ta}CH!bDmdB|o8TQV}ZSQw8~{ z5dCk}=B?A97PYcQ;kZC(Z9VK&1aOQ?A%r85@VMju9|5a$%v(Ov9@5qFDgsVUQwyyI=v8aS7S`yNO4jhfcK0KIiD9PG7b4nj1ywEXDQGdHN*MDB!#anVH= z|D#f>00=jcc)X>x>2v@K?yFe~7SF%>$kC&-qYu==4w&DC)6#;H8a015{)RP_&RS3L z^fi>%E~m6$E|u06bTVncx}Jyd6^KwIOuE;l`Kh)+Ja z9bA_>q4~Ef&*Ypr?Ua3GRoki}KhtT3@rp#N>Nuj-pFmYHViB@GWaNj5LA*OL%~sd8 zxV5%Pg9PnJL=adYT3pj#ptL|(9RQ&eQc8rh9s$XiD8$<*fksGKz%C3zir;jPj~n6-D}RIC7mRj6x_VC zhkt!|AA^Om8BppNy)wN2@tYLA?Q~IxKNbTJ%2C-&W6M6+u^$fgL_hYzYhJ)NZ~9N_ zvsna^a=FY4Uho2LyY05>Yb}`#FMlSKEAXw`V0aRcI4%$VcGIS3oPFwPmEW@^j|(BR z)~W@dv9XcK$;q0Zc*ZlHv3mdh{X35wIbzPUAq(fPgQbgbl1Y>ZNG8+J(uCj9h;C^{ zB{Lv=WW_2P>cIS|B#sa$J6_XDAY6w;v4nr~ZK#7sj2y6eCp~w;g6`M8{N+nN^65_p zLY!DZ=>^w3pP%0HvzZNarUNjup3bYcyC>|2Lt7INaK%|C;RVW63^G)&Bi<~J>E_o` z0K?9$wt4`>Z0;2rEdq{=Pg#1BrX`hTOID%yZ4rDUpH;>{bDv9LMI7dP#ppgjKWzn8z+>+2}wihw4SN^#TozsKs8tE$iA z!9KWS6FjsNh9>~6laA)Rb1pu7_Nk{;KKjv*{?2!=&(;^TRxLu9>1;gsUuAIz_uO+& zmkIv%Jy$P4&hA8HQv^aIm5VNxp}UvVW4p=TyOsJaJ4hVuhe`nv1Zc-a;vl82(p$Bm zt4cJ^_Wh`dDa5hi=>1z;TF1MO9$oN_AKdIeRqzL9g8xhhU}int*VWfN?_0P3;?}?R zR3Jos2EAbwUGqD*_p^TkQkkHvl#R<_JKVI|<27>#)PrdPYhfpV_`F{8w%fOG|FI#^ zK3A+*#Fwu)g}ilJ(;{RJR6Wwe7Zb5oc~}Y81pjE}Z`yAkcvo9}JZWb+wD3Wn@|G{22-e>Dc&KYfVB*dUIu7d+VcU zrRf>ZK`LR!EKz1D{{PvfZ2P-v3#?&(FXHF`dg~sTiE@p$o!OD^T^dww&sQ9jMr3=3dpop3#H-~F=!rA)ot zP;ZQQHmsnoF3nVK%Buf`Qn)(agN_CN>H9`Jcvk-@oZaUtK1ZhtMpxa3(`Ps1;@ELP zt&MLDen7?a{_VV9$?3sgRl$4F``ZRbY~23)f`3g{!^;0^G>#T{8tRe>5<>8B-zY!X z*~?=`1~@WR1jixiN;$@D@SjHpV3R&Y!V$RA;jV)NjF-yfD#`%x zbgaS;H39zD8#P7+Yh7T2m!a>b~{&JeKr5~Z(riP^Uh<% z$`yR~rki-li(kyZ;Glgb6@Z#EcfRa7di421h~F9f0m7hvqTt`v)-DD{hV}jT-ushs zxugN98nUovDWanTEhRz)=D3A2qFO>Aq{N@qhM%cJn~wlbImo}a?33MzW}Zh!a=W`3$tf&;|H(h(hW-}l)NhFO@Rs#+!!g~P;4g>Z`HMu zygF8an`%!Wg{CiG<~cXti>G}ETz>iT^H|Z^K*=aTn*zY2u_= zEi9-{laj7Ua1h3$1_+cQ5Sq!7&(X;O2PX>b9GK#f-XVIXN>KK3q=TDrxp00LFI+j7 z^A@y_bR>Dtua3T>z;AH~e~t!%8q$u$SDJUJdxmYa; z;=)bJn)yuRVf$etm%D8r42?y<*3#U}SHJufUh;~U1Muzde1|u_;SH2aB{Wh?p+r-2 z%jsidV_V+$!N21(pZKRg`p`b~!Rz_QPkbDJxt(3N^b8JMZHN|*V8e1)w-P$qAux8_ z5(ljUl0qN~d6KCVI+>)rXg1#Bc@QYHuW?FcoMM6GRFPz^NFtXfIa$I{3fBo3&lMRS z7>0+p!FVoepc(6IN?Pf{bDw*q_~kEu)jG3lK7H2=4RB`FtlhhJ^P(5M=(^$I;rHhA zc_U=9U=EG5TlwI%m!qsKZn#-1Yic7krt%~v$@`SSRYb~q+KRm~d!X%*Dj;F?Ou=?H5X-~&={!OY7>d;5=U5DL+X&nL~jB{MbCWu6f z0PP@9I8u@nE_WOn;ElIFN^haUTh3m|CofseE7r{Cv{|jRq*6FSB7|i##B~saKuU*t zH^JhDI!>S6!evW3c-h)TJbOte^V=IKX~-7?cJ&VN%YD84=Ewj-!2HH0>J!pf&jvmS zjS@1dnGFx$jw!-~%g*IvmoyrS{7>U-ZPFCV#fm6_a~;W0!RL*?+QLJJ1|XS0gp$v3 zN}saxe=Vbg>3_ErQq>NUvU99JK_-o8%)oFCx>}%6hP+YqE0s$8_@_T%Vrr7J&pwN@ z&OD1;F2_R;KdiM@V)fd!H~#oXKmOK@H-0_%?E}C4gAU`;%bvlZgNFck{)=AN_TBG& zr{&zU&wbV8#N;D`Bg3o0n<;0tqt`8md0h|~hf0%-DkGENdsGhhQ5l{o!hxjYkaQ$z$0g}VTu0(a(^1e?Q@)xEL{TyN zewFVpqmgrH60e1@u7Xt~nyMgx`EDwiq*M<0%%^5pq^?(z*>vY>^ObSVZZ z(!LL0Q;MoxvIrq&w%zR!Pzn^4z?94F^(oGq+r(AN=kSch9W3f-LOKrnhjZMqvzyxw z^fO-ZXi2+t)n{>qV~vnhRqwzatH8Q8MkYM5yy`e<&JPre;iVYDtbTE?zf2*Qpf)Ozl;MA@&Bm;7bAUuY#JKVkSjr3BMuThnTvGtH$J?P zpZ?^h6p96|eZ{p*OiYN~yY>vUv~~RLr#|`dqrdB|-}|1w<)MeGqk%&Q4{_NuFMspV zBS)9(Ao$VP`1r^6@85rAsZIJON;z|=w^wdLkZ+rqa&SX&+V)|BL<5ANc|P5VJAE?F{%uU&N}1+Q%JSsEcF zbqNPY3OqlcFIS-_muIpPFkUQ^a2*6((filso{NDxwx5Sp?VaAc~&y+``FZO=guqJC6IrT1i*|*WJJ{zIB2D4O1V7LJHZF;ew^;fqS5dVC39o6$*7MI z&nCtHb_YNo?+R7Z8L-!|Sb;+Wh>>yh*d**c1o={pbKZh^3z#)`E`tLDdk!7if4&fM z`1ig07eD`n3x4sdTi^ZQgAXJs<%-|l-u}F?(J=xuf3Kc=CJl4jVQwd4v2ph^Ig*Sz zaYBPG714+L5F2-(iv?(JMa=C$w>9Fr3EWf?XT@Utb*m^hWDr`B=^IAfy^-?JFnVwt zF+7FV71N$fY`iTRGJ%?;!ZaW(tjj&)2bhaYVBwHHM=bcV4Zx)GP zJwR#a9`v@oFqMzg9BU(mbyjo*B$J3_5+o!Q*Oy1fKk-zT@1-w$89%uBW&j@FvAyMW zuYK*$wm!P$bRem; ztUvWS|J?Hy^!4{0IdJfx*@RA8&7w6+`PK(tN^4^_Lf8rW33Y7cq!0)dprrW`!}qps zdP>-;IWTzq$p78?!XrsJaP7}G^60S<@O`d5eHovw!Y3hIdZtRe@t2$NrQrM5oI_WAg1lET;yzL% z)t{zqZK#VfqIgwx{xm{62%)JXg)5=p!OtM-TXl=xCQzSZ@sZ36x?%M_v6Y-wa?_Jq! zhV|>#zwhCV8~=Iwzy0eCU&?;x#&6Hrym|A)bFO;sEssCC_1vDm-s6%SAq3iSp*{;O z^)NIJ#ZowCh<>)Et(6TMHheudmixq}Esq=lxZ;Xua>pHa&1~E=3Bb(yQ>=74HQx_{ zqrT^xdEW)6aQ^8l`L}nz7%3D|7&@Ck5GW{mKBd5mTIX5Eu^RnGsV?a_2rVe8psKwe zwN}j|=m-yGXgCINi#%1$$J=k)iYo*nNij<(6I?Y=)>^mw;c(sYV;nW;O-azC{q>mL>|Vc zU|@FB?KTJyfkrE3 zs(Y=>sLk^bzKi?}eKld8E8*)#{7#`TR?J zdX8CKN^NIDB$MdIEVMKsXSI@SZ9=9J6mxmBy_SrOLCLcKNAqb|yl63p4j+2^wb#C^ z@1~n>{_)JNJ(B>;tUtl};0Lbf6QBC{Y`~=Hby>s(r|?&oZ{P#3xSXUEl!JiB2S?e` zKfy$$g4Tl8M1t83SsX`EpGeS>PBP{Blqvzzb?8VZSk~G=MoKDL;rR+B42NCYwtd<2 zx%}n_jmNtRSUb0i&XmJLhX#1b`h{G3(oz;QWRN1j3j~3-+ zjgKDU@Mw|Mq#nmw#F2x4PSw9jz9Qy?&5-Ps##sKkhAj|iD0`4AAjWg(i5yH7A)hzj z_X6-L<~&^&64os+l|W`vsJbkoK5aBN(n(0CA>kkch4z)H_`QmGok|&eZIX*Z!C(`L zCCC?%Q)SfA-YDsK!HZtVzkcCgxb2SH`07`_%GSrWo*?T_8jzpk!00683joyDWjTE4 z2mzWxp+LD*qEe}l%jbD=+cq9}=pi<5-ZHU#`QnGRKfXP6w7Z*ZU1p9D&Z?=Zf?;i2 z$#G0)qpcZQ>u{T!sjF|KE|tPfxM-#EeV=@>z*HfRp3K9*5F8tXvKLpq7R@cK<$3ex z-uu08efOm&pSphH)vtav-}=_KW;XJf1Yl_yKWe$x@a(L3?(8L%^TIxA_ zb_a7BvUoZ`2L^oSI)Z$~=ko90&qSdBZUW&c>M{;rzG4IC&S|IY1q8y>y2iOp8SxVo zN(!WkG0v2>LO`a~ZQ2g5r38XRAsvSx2)KE7FTdQ^%}drUiX`smIh=w@b zuPVcDszyf|CdNx|d59;vCn4q3&@>SaDBs?zP@6&gSqc{!x+dAQ9vX$WY)1fk~mYMhd8C#biE5p-@6q0yx|QN4mk&RSRN^wR!Dp zU;B+4Z@lrf0PlL&yZFKvzA&?y&m;gd>yKSmTye$F9e3Q(4#0{9G^}364S#zL%NNgQ zSKlyeXSdRsa`Ci-=bP4f#K{-cs#gF)N>YwPLIji)>>M6v|7ecJWP;TlO|+#_2uG0= zlEGq;^S}8ULu*nM<~7yvpU*vmWvva2m;Bm2S?EYVK*j$aI{t}ij)Rs$XbL)q!0{0Q zIKrhdD;Sva_{QV=$p!GTH49kUn5JS|*+QF&)o~OzJa&Yy{B}40de!M%wR{d^g$hFI zh!PlvNrS2vf6_>#V~T|lLMrUp*L+_@Zh;DrLei8>uytU9PdvDjZAVABYTZ2EdHOQi z>r;5j1`R7=9P;(0Rs@bUFcR{Fvk4OvRb=ubwF5H1btE6YXBR)+egv`!6EwAJD(2AE zFWz2xI;@z|WQ}=Ht)!*-UlsdVw8cD_e~;T#N4$Dv6N|VTB-*sVhex4MMC|KE5001) zz*BDKqJ}@RX3ZL2{_>a8+}c7@LnCwM&ZVWf8Lc&U-E|jV{NfiG43!I~M+HZ6_8DiB z&rNak*fA!?$N#W^;yR|wlS)8KBcihvTIzA?vLs!H`gDeDGEG8CYx$uqqgYg*t56DB zf+I8~&u1!Mq!^S?Q$;w?2mOO4!7|6I(TMiew#hTkKI;{ZBX9fVFK^Xno_QvlHf@^O z)MpZane~URb?esa?c2ARt$F=&+SV-Lhu6Q7Ijwahgi9sx@uSU98PJW=$I*S!8jZ9X2GbR?g z#>EdSDXT+4Az={F#5UMSIgq$Qpz$z}!cf(e23I(w5-!^Y#(DVIC<~jjTrjVVR6h(Z}gr_d7oJHl`#KX0VJ6~r;?CK84zD%9n@!W8nYy`8Io?2x(86lvVRlBVPd?a7UTaWQsbj|PJ4OgBGLQ_!+ zWvfK2m1roGV{~n+R;>|oT~;fkK!dL|$z+1Ibb{I0BpZ9j_}54FP*H;WyN4iv)m=@z z`s78FG=}~rO`BL$rBGr!kd8!b#P1FM;jaiBAyJWUy}@U=#2&DxF@p1HJ(fn1({ zeP}laa%Ik&*Ft^D#S4^G5tQ~8E0F5MNsiH@MN5U!5+M{R1basdeB_=T6oQHYxakld zA*#Yae>tC)6Q5HgfF!DapWaQ-v9U*FRH>t`h``WkrJF=Iq)iLGu^yW0p{c=C*6mFO zHJ?nFq(cRN781??1HjOJDk8@25ZcPyG7sU(amtGaZ1L^}CjoQY)p*NcqfD zxbTuw_}V+KLHR~lrrPQ^mcBX=gt1=72E9Urp7&T3yD}A{w#@;HUaw2I+`Ri3AG`B$ zDoF_ypXaYx#3!Dy7Qd{}j-1v~H`11<>v6vKHAq_~04zPL$0j_XJ zCtdD1*w6d_>j^ruNxt;#4J>P^qu_fWTm(K6H|FLjj(Z;^toe)`Pb8C)SO5G`HXj{A zBvPO&Xqhyv|0v+;zmRR`59k1dG*{(B)ouLy5okq)EC@xYIvx2>#42Dx(5p87;~lqEJB<3Z^P9R-jNc)Wk{!JQZsU#K#oEViFvSNk|%3#!M2Ow$**w zeo1MPdMQacF4;_mlgNRt8%^t(5og=m12Y-`JQjK%=#w z;+M%yPT}jo$TL5AsK%=S(AjKObar$uJACBufiurKhfR+>JhREi){GnA%&J++wiJcy zqFu?tjwalsL&5i~G;V0pW`JWRsKn$`<9n8{`eZiZ8?hZjlS4_g49I&GUUTw7QjXxg zcRU8tr7N2vp#>GETA_z!k`4pDl_L)SUx!w})4^;tl|Rv_KnOt)wLzt6g^9p+10X8| zXU%J7_sAq)-*|x6pS6NBXEiceR!9Lp9?qYm>z+MH2M4WuwCf-&|6VEy(jm~AsdAa; zES=4|jwU|*npP=;5aLahgJ{QC&)qD6qzf`+8azimCh=0gLJ zNuu#VCJ~{4QFMKszx=WzeEy_7UK8Mi&x*y4XcO2XVW#lGwcRZf=rt;pg02*Fw4y3L z6pN5AqRSq-IjG_Z0;|p$=&DV&uMB%2%#MXNbUXnc1T#DROad^oo^taN z=!6RbX1COn5DB#QsxrT!MtbPhCZ6Iou%cLsl5!AM6ZXNUH-Nm?)R&$RzmEm8bIE9Y^`c z`*-ue;Zfdy{wmtC2}-`ku_8f4RJhvvErcNLI&2vl=l^5xy#pjWs7~#4tNE9dB3FNzZwnPu#J|QOAOJUUA9^;FKdJW&J%S>Z*t8 zuj@1{Kq@Hh0|DdMG7~VTQK_qK`h8%mBd~I1mjH5|(ADlH652Fjfh}&`)u=Nsb^0F+t#l8x%s1(npn8V~D-5mvvOtv1(n2O5HjT z3EXR#Cghb!FaNfs>^LfXz@AnNyaK7$VkqQW$Y!#XCMT)Qn}zmu!j1uS`yQCA7y%x* z|2|q<+jg9|;-oJDe*y6FSN;v3{q$#!?TT;H<24Q7O>cTr!>&^ZGhhPxdkX1@k*as9 z>Ja9(PEa?cG%5)hOyeKDs$MFtr)rnWlG87tWgM1gGtxMx?)L zz4srx&sj`><}#Sp9Hyg{pr?aOPbc~Q9$IGh(>7}cZ8Q34pV3dpjD9-$`snKKr?a=4 z&Yo`CyE7-MLM~Sz%w#Yoc{-(*(0r##oLU!v(z*a-a%QBzJj6$D`5oP$WUV4o zuBS^R+!R6byv76+T3TssYb9uDfyHy+?2};bjO4CbEEdg%jSsyTSpVLCdEW~^`{~cH zY}vAA0MN9ieei=H{OYTR;yk)uoDQQx3iaAK)Fl1|LGmb_ywWPo*Nx*)Rxvezj}JQzj?m>`|)ifCv&9vVq~|?fY4?dl(6)k@`sE34gQ! z0DqU`dISOo5#M%`DOeLt9c%rXCfpF|R6$Y|nfktty)$=+is$&~yd*JK(-(5>BuHzxIf#DrN|+B?a%v_hc(r!9pumqWhA zg9IZ4mc8SxZ~On2FJJ!E4I4I~s+@k-nau#8X~(v0*|O!5dX#M-8_?0#QpW`}h}a); zgeb}S6M0wl0KP`&pDsK<9wv%arC>t3^8r2iES>qlPrf_Q9thTeu~JVatfr;GgUW_! z5RjCggR~6&a7T}(N0o!M4OL@)xqFzGoVpkrM`?heG8IF0*tG!u$gV-CP$j~ua_!}( z@Hb~I;$_$0&41mqm8=op&o!hn$yn6DWHsh15AJ5tMrq|?iik|p4x`|3>cKBs=ax{_ zx=_~<{Qksu9kVShO{Q_IhK&6j;cF{CxWX`tli8&giVqEH?}yr1HH- zK~^iO#3HB!SQSc9jaRKYp6jk!#kbdQ=bwK10F}s+@#TF{7YvvH?%XrP?Yo9>f)1K0 zDINuJ(J@h^kfW+9<8VjT;J7}*fNV!A*-Q>{1vqILoO-+yR`N&F#*LdU-1yLjA9r_m zykTU-(HFnuB`D2qGLdFO!*^t&kmRu(E69itlu5p7WOkr9N5K=HA{Lwvm5pm;93Rx5I?e)8O=CZlu z0w)P9M$!->5aR$yN6Xt3umuD7R@G!-uLg@ zr(>hVYZotB{Ilz>`|P|geBpnZ0YKA^!DB(|1@t7d&3W;b#%!T6qd#Qk?;GTGFp#A8 zPs;vc+|m=PX{8`CmX4Mz0ggb(sCcC~O{4pI5R$y+I!mA)lK?AaY;YcNXN z^a*vVSnNS#OO2&`nTq!JiglV0rA&X0DSYP%##e|%iK@!1wj2hF#*&f+`QXGme?toG zOM!sy?~a5AiArt^(Fs-dfON%2#nm61452XMAfB;EEK~w`d>m=yzBspz1 zZQ5ja?A$pZa2mjS-}_#k``qU?1AwL-V-|a~zG-lL`f&NdH1MB`#SeiKn3{28)v*W) zRAObQ95JV@fC&=K_y#ANmfY(Mf5{6oB7V$I)3GE0{?Ihk2$Z9kTX!7b>XT+uj`2b` zGG&I@Xi_rgs2FWaM300B6+@tow8;fJmYT+ll_Fk!_Hn%Nyyg7+?Hl>{oey!_?qMfs zi+DIh&};!55!HY???AeJ<=`oeBd@|G4Fq6XpGrzp3jJuJ$!4LW4JAN3+u)27(Bl^- z@81+B##Ke`IqkGnpZeT&|JD8VuYbK605t6w@cD7v-tYr9QYI!V4&Rj=9E}NoTKbn1 z_3s!#JOf!nb}=0Qm^$z@b5ybh`U-hRV{4KLfT@mLadZ7DsW7e+Bce_`^2Y)5luQ5* z4vf;5Z((JBCzWbk7a@{*8>4|u<*2B1r{kOrV}eu0uDslHv0CE^3%Ysl#V7O4_4|pc zRWAV52+nNoqa(9qaH!uOp&w@BIOR0bD)GT8L4dTjK$wFdfaB)F8Ot59l8Jp&V5G`9=Y7;7|b zha9`UL41G^fC>@H-1a;znHYi)wF%#{r(m|h!EK?YHSKW^3fy^OlOjRv$b@LgK}##f z#xS!V&R*$$2Ur{P;M&!>+4C3Z&aGRV!wiou{k&!X(6rQ6oUr^m=?{^k`HUKr;Of0a zZOGh{%-EBMSjAd<=!t>ktIk!;KTSJ&B3Vz6 zWgSs~2Cj|g00TK}Ya3!MroA05I1OfWrYGK>9ox0Dy`u=svQgZiaM}z2nsyY~si&W| zIo&UD47G^Si4uW1l-#Lj+|Z;1Y*FHaoc+>Is5milfOGp(7uXPL)lIH5#8f zrAYNX`o?y{A8TXPm~5cTZ!1uXtp^!49T{p6F}}oaxohtzqt(RWTmRt(o+!v3mJ$g~ zJJ#3m)b%_CzJ!G^hqkt3jY1e8t4?xs!alzl9Up7Km^;Y^Jy_+R-};tj0MN9f$KL$r zH*>)S7mTKRB#OaWM#d%xjA?MxdWao$aOT}8$(ttnUQZw)@^O#l97e(hm=8lt490VP zrxd3o#fAn^np8S;YP;dLo&nR?Pf5r7V7OdmW=kugk(UN`a<|8FHamstDNv$Vxqsgv zaiS!LPILJ7PbtJSt!aMv?BR4s#}<<#k0Ydr|AF7%^^2(i=hKYq?X zb_jiI1Th9RV0+D z1VXU~EtYCAvsweCC;{mxhX_bmS7>Qk z(+($RC$6byC9Y2w`Gmk>1KhfmmK>VPL4=zQSh=~Y*W=Tiz4sxo}FpEE}?4L0A)$iNDJSNF_j{Ca>I&xtH=};=& zm#FvF`^}QbjGFX$r#|lQkr3433#n{SHMaD&6nvlq7B7W+ELQ*$@*}Yr5%!JO*fC!6 zlxuqEY+srsfTkVh<$&MvBN8Cl3}i#7RFFk;Fsqg$nK0$d`t+wh^U-HM^O>(wReAH9 z-`orUns#(pPfxG=N2H(;TMvv8$B`r1F`7EB;9D z&8|W^yE`R_Nb2{J5(3E|g*H!^1GRAqkx~@Vlh012wLM6`{TQnN;Ly{8Bm7%GR3xg| zrhjkR(Nr7oXN^1CG$9hp4!Id{KYSN(d7qKPn!Wi z(~eZ@?d_?1kA ze4XB6{(}U59xeemxK-eX-N*+C`oJP;eEZ=T&Xtl8OBJ%A@W8&|Cdj{OM|W+Yfqz7@ zo+}`(!i*m5IVU>a0MJr-GV{M*{_;&6!P}u305oli&7VKdrt5j4M5$b3V5EpiNqqcR zpvM7NThIKBF==+M)-mQ;(=arUIPhsW!bCH`T1_hl3H@*qJcu^(4g85cW<5BNP@s^> zrV|f>xW?cy?&(}D#DFNV3L8hpU8bbLAFsUBw5AUqYy`bs$f^@a z4n%9M3h4QNagG4=^mH`?fTkU}me1#3lx~EHNh*^Sb`6dZ7&8TN?@DE^M}AP>J$2p( zPYftdUtntf?!-CSB?%-1VrvP3FffiH6a}My6s2(5 zshA$?=%4;|(BnK7=cBP?L>MmD*ga88rJ|eGw4*HoNVk>XtCSY3MY4Gp1XOB{Flf~Z zBn)wNQNtZyx$D5}*)!)34UIGdfTkUp_L|qcn(ut)yFX3c^5{5~a+U4-hJ6<9h;h`n z0wh6*H^}`en$FgyDgx>vY4w!B#%~+-RKTKm7QcjXPV2PZX*td`EZ0ZM`6t{25NnKR z>;eFdQyJnv3Sl6Pm5auSgFpRi`r|w%W|dHcp~)Hp#WI+HRR5uAO*_)jh?i`A4OKH)u<V$)p{4ELKq88&Gk){X%f6?DAI&S}GRzgedmN@b1HFVBdm zdWicycFB!o|GF6fH0{W)X(gH}z{>F>sBuauJ z#Ar(I>(ulVk=V`hTSvJYE6i;xkjsWxtKJEFG(L4IK=~8M{_8?FQjh%8Q9~sZSMJk8 z$RGbv&*vR~BMzeRXZKaVJ~Hij#7{t2Bd93WetL0}Anr7BZ^ z4NYs>u@D1@Ki8~3z=8nDWZYh;#c=WxWL9@VBwb@bq-__TY}>ZE*;{R{%{C|3rp>mk z&92Sb>^5UEHg2}{&A#8CnZHlX{oLoA>s-(*+;7p}g2u%swK#lNy^oE3Tv`}^1jybMuNGP9)%49T8~;t2wd|E z+(3{JNK%-MLhsmGAXWxq{Z%=k1oB8pA5YE9k5?^NeUP2yIw%;df;a#oYNRP)-v%gL zf&N69xWuxA<}}8?n|7|Xy-nOH);+236yR-?Ah^%|whkB3C9-MFh>>SIvq%sPe34I# z(@auSt;e?e{C(K_3~QSe_(!IC|r&l zCD%qHcI)5_8pfsS%U`(pko4#%jDXfA`t;-Botv&~2WM1hHiGu=@L;$S64dP<(t-K3 zzA6pkVywvUgY{&z zQ(F<-&}h14pYo@EP~SyK8t60dFJnIK2NMv2?S5j}RcjV0FeZ7yGoXundONL8Zbx-H z^bg#AX3RiZVhDLW%(@NcAKn+j4|zYm21>aCi3}h6?H=dSyZ@`zk87gcyJS5dzpO+q z9Hg``hE!@Vt57=eiL;Hlqxfrjg6Y^!OKQ-QXo?9(25}2hq`$J;))%_ny8R@E2VdQ$ zzn$7A!ulvZ&Pe{8*nPvuNN_!LbM6cBJ7~2+2ujeUmeS0KF_mWGksim`-6u3_j`*T1 zX{S(#VLX-{(DFU)T_R1VMrXBw0I{Hem_Z{}c=N~kjM@rX4HDr{C9)DIV_uVdxZ}G4 za^P?r9(e_Pai$PM?oWsyu~8TZ@|4|(F|dF*$K0r*zgH@gWEbaNDTN`8F=mKkpgF>Y zMVdou@Q0i^+-L837&-B$p5}rm0PGRy3zD8TuYng0S8y!5}cCEU_8-YCp5p z~*`B9DNDK){8f zy>~{79-R@}UaGkiyNHkq=eKox{{)Dc?%v&LXlEs7W=*1kQ1#2^4~=x|GGDhZjd%As z#i$00rlaUk(xx#%cPrf(6qqHSC3FV@8Z=<#EJ*p-r?SA@mM+JTGfAu%E!&vEv|i{5 z>)$`iyL#7KgpgcnCakCD=d%jRXyp5#&7sma4jUkbb;*L-mZ~s~BO@v0i{%sxEX~5A zF{n}zv*nXxw5X(+GzztC5G0;g8<@|5`)zrs2Tc}76JZO?3Ls_<9xW|&3YBP_-33CJ z!46w_g;REN>cNTgMz^Azz5+QU@SQwM06*%8fp$H2kc2Q(S*Qxll-{e2z>qc}RX++& zTnwFt;7ViG>7TFjWgzpJ(tCPw{FNRrd{`6yIkgB}=tq_KZx+aeoR;3SDj~bhegZMr zzTbPjo>bMEdKRDJc2$_veEEF?(uFJjx^<$o08!5{R98ub?XpLRK|p2A{N3WrLBwxK zU^txi=;UnsbcG~`zbF0cOGoBLT1f)J7=HQ+taSNMeHHiP3>7S6bA+0CyT5S`(Wi?) z-NHpV>_x##`M$)ig5Z?!L2}%pFzp;F<qMh-zFx)bd*{PEigI-dZswzt{k`sQX%DRpF4Az(0&6x1kS+xYJYk~-%#`kR zdex2`_+QqL;>;kb>+y+-hK;d|OYf)>1JNnX2b&?s>(!#nq~&mUQE_xcb85~w&K zlTnc3I+Vm=&8nZ89#fp?>7l4+Eo9cN>pER03k+2#h!%g9V6a2$j!p8jER_4JClDAa zhO^r#Uw~Lnw8is&f$DlPyb+V%%VFF5QEf_Mk|uy?y(``u_1Jt;<(KBRprwJ})Im1? zB$&kMouj^6{rH9A!RM}5>%>AVnO3Wsx28h}r=vsB$ z^Bpol-{4Zm?~(^r6OxPk)sdeALA6FFx+;N;n2vuUyexin{btZ7Bt@Ash#XyW=R ze-nRg7TNv8fxGay^3A=QxuW+IaojPN5=u&~{^)xoS3|T0;@Chz*F@a-|6Lp|spx zivy2+cy70F(jaa20`v&A$P|(y9EXkec%oM1pAN<;K|B*DOh0WM(5xoU51YEbdFwVb zSwf&N$Y7`fBR_YwC5kdD>;PgU38~8jK}OTPW@y+{1aLx-?7YJM3-!0VNUzZEDqJRF zn#e4HNQkiG7QDzfI$i!LHANPbvD$Mh!`GXP6ai9CA^1ys(Q5*lU?-88aQf(B2> zWWQXg@;lsF_8PjCjln1^7l5w?3V`#0FOpFAnR;P=y%pn|;Hwd9y3aN^w(ejIoM?CW z0Qj~096#Ebci%BW@@4+tAeqp0om#g&pZ~6W-M%i>u4V%vrDPa(?|zx-?=7O0;|^(- zZ1EF9HYd-@0h~j*n}0jDE?srOl;33QPl|>uSj~}KCBSgB z6-}5ry}99ew!Q1q!rP2NpE4<3*SPzrXw-^0i?sJn5>dk?Q~kwgiO0=c%%ft1U<5W4p(0o>+GWqaP zP&re6sqOh&hlenhcoii3Ww6-YiUI{eM$YW?UAas!QaxgYoKMUGA6|z_VHg8ymj{Fr zcQqrMxUp+dsGT{Vx0}+fq?9+S+t%!8)Z%HvAiM1zoN_{L z%}+zd3ymc5Bxn@mS>|`8r09w3QyTKeBGmkeC4VmE9m>c{N!cHJX)Fj77&&5h1HS|$ zn35ZG_C^@nEAVUHV>7LHI)>!iul-J&Wu&`rxjEf$-g(W_^*pF z|6LZX_nr}VoKNBbih{+$XEw^a&nI>1+*hRdk_#>`!FtQS#wq7IM^wcZ#} z?)8KF@xUY5yu0h(z|K0WRk@i9{Hq}-kH64gT9^^y{TtX$rj(^luDiyzoEruigE-QL z49<@JQ0wAB_rvqHgqYHs!%+V5?eUAqKgZv0XcyLhSeVyYm{kN)MH!MXx9niOEOX&> zKCH5%WZchT%wJ|L+MzunK-N%QldQzsI8l!E?S`h#DNB})QhyTgNU}?Xh8kPWUqIU$ zwPN0>B1T%hVLr9pZt8NR;7!o7;wwQ8`nq(c(CR;27L<*DI- zk14zO^mzbTiif-5Cs5?u2}F4+0U6VAiSl>TqhTUH`e`pvBbmqHRyDW<_t4#{&h$3E z5IK}kGL-YX(%*cDVrsjd*sWNxA-*Rxi!IK1K=4xB@kBkis?&llU1zB!kB0 zgn%0Q()~0;+TGwS=p+5RI%j2!p|SJn!lwls*0sGtoQ)G;3A4Ri4WRa)e?GzfTtle} z%`43X(cmiTeIa=y`3lZA_}>3g_tq;JKEQ~Y#ae6AGYQVxy#*t)t@$V4jHS36!J^EO zk}}reVaU>M@ePIcV#IHA?Ee1NhuOx^ggvBzW{lOMkSPN@=Xn3AwFS2M|56xH2U_M2d zKiq2XLgr;Wx1nE+5xZ#W0(}`pID89gcP*ShqyUR@qRpX_nekb0R2(iJJL*1XKwJ!J zk2To41Yf@40tGJMnw@4(CQnz1s0^!=zgu!132Ebr_;<$|f`nv+?!YSj2IW|au(_1J~#QAg5LZ zJL!vgAPm=>Xq`ci$Va5|_k$g#pkGtuMOzE8ujUHR* zqW;!wPt^+*9KO_b2z>E279KTr>vToI=zO1hWwcLaG&qKZfFS?!doi`)Xem{@NSfdw z4Z z;x?MW+0@d`;vOUcU5LS9?9KZ)|5ty2RlcvoKRoG=-PY5T2XBo|W*3d;O!m27KUB*LK6tG@^c>kFjB%)7XGdfCco%46+TQ)= zj@eN(;;1%abYtj;C5*YC@q?P)2(T(kum`R;zo8yS^VWbH;K9Bfx&oC^%O5>!BM50b z+Rg`6hHoDN4n1$5{%!cfTfx-=i|Oo)Bu>3YKTItWPRns8UGHH&&E2g%&T2EZiT~WU z^_Ntv%*iLjRk9X}@8cm>=p)*)zImei6xR5&qH|b(hHW6S;i)3;F6I@1)E8a2L)Cvz zZo{+fB_hChRYhh9(QGQLzU($#33kQ?oC%;D*5si7!uMoNOZYs{|K_XR>O})Ms^s8< zfQYCIMT~Ojlq}3NRC)6|nyCb2d_ot6g?P**d}$2iL77Y0Qckvx6UP84R56h}mRZqB}F@ zSIWvTxwSyZR;U-(6#cX==DTfs-u?&aZ2g`R*qy-G{cL?U0}r|GF=FZ0Zj~T`-*Md@ zpb^b8rX7zL?_667L2fC$^!|qkDg*9mt$cKJs7&3V|l+{k!>yf>xv#%E0~lM z1S7sO%QA?7O|K;b ztAG6r3C2Ah+jr-qQ`f1Ax)T&Va!rSBJ7FKW&oQd%!PwmCNg*^U{BJCYF7v4K#l!W& zJ9os`COVFA2BAPnFEO;MF7Qk6?I8xAiwFNQ8A3NYVXC$Xg`Jc0xvhKQzn^@Kwf&Y8 z>|wNogcus62O8M@=^wC>4fl8e)oC+k5wKifh;^AyTkJg2;C71PpxHIy8lmw!2gDrh zBbcZyd=$wG{Vk1Q)(DImFw?wm{;9gV`9LsmX1qel;+k2>+uUV)-=Vnx{v%?Xo~7l# zhtL^1KRKbpZYlg~2PZ3F(Y*H<)tEd;#RBQIk1fnF*b`uKoWeXHPO3ahC=jU8JLYurf#=+>j~?ngZt!YA)i;x}eZ)HI{t=!%_MlRn6

&YZVW3!3DaM$9`2Lh+730 zM)z8Fd(cz9Bnk3$W9!Y}zq4t7;Wh08(Cz>p#oF9}?`#E70?W(eph0$oIs#!aN7=(i zwtWBBi?SyL}9jj0|WEFc|81T)X!@&ttomsIWhUzqo!lao({Svu52MS zlOrJl0ilS+GozmgQ0uiTxcJn~e!tdgp09iwjw^6xr$8_3fOO}0DiW%jmxLCc-&vDn zlIHy>SIX!T>z{ViTK%DSm(ZFR=1=4-lq&7}$nu5$e1!kae;5z=Ye5TYrDQ==LUr1! z;)u#KFb4M3sxXs-r}NeRMVJC1IlM2{de^ScRke7hP^8Z~;YEp5xy*cHOqeEjOv~Tj zIP1qq-_qT-vRK*G8?l6E^%aNvbI0YjHPR_bfUXp8`ftaL2A=N2JRd*Mzdr3}t4GfX z2|)kbiUrb@q$zMKJ|*kYRFf6yvpp4qVjynYRC8{I_GKk)} z`t{BRDUm&!6qto6!oy}TpT$d~z>Xqr2s;|`95 z&ppt#d9_l4;({_DP<8nez=!s6rskw#_!!g%!2=uo?R=HldJ@y;PvKkdoXsVePSZpb_w3M(P%>&2E6 z$i4lZ%;Cy;Z-z(6QD&isz?3GFtNB~4J3;tmbQl**Q;nzAPTs3O`89O7+M8R$J%-;I zkmF9TnT7Tp`eQ6jC@r4h)^`7i|`n=Yih1crxs=)~F zLNb|I;1C}L9d=dJ4mXKZN{jwz+z$1J=kMU}JLz`yAeXVE%-5GxEA~#R=|GoME=%{D zX}p{Oif@t-rd^r=OK{eZV(|s$TBYCp+t#SfLXPkY$)363X-NP%xPzpDBOwZrA#Z<+ z+;2jj`IILAEhOK@?qjTkf|Y%b=a&rb2YNi?ZQ(dakwFccveeV7$ZUSp^y&+5eOtpUs|Mwv|Y^yo-EbD{b(&a z8MbYHZc(#QQt*L3G&FA%77K!E5dk^$S!lIbYh7e=7LaCt&rdrXznku?{e#ovv^#gFI&Dkl_Kw1wvX^hOVzHtD*OjL2TywC?yrz7HxM+i4j#lO_u#N1=pljI5Y>ss#S^ zg|bL+vX#4dO|#PQj2s0Ay1d zY3!7K_{VU9#A10Zz7>dTT`geE7S$FOw(Os9Y`8qG* zq>CPDnBXHrW$aLQxZ(|_z4*6eeRTM9@k7ZDn+!lx;~?1zM94frOAJwB7Mj9;wwVrT zI&`fTWbfDW^Cn|^eXe`@I}K9#?6r$ib{%S!H)J<05;v4h^vC| z6O*D)VOUOU__8j&W^cmlO(is#a6nNIQEOTKhz&zLrU(KpwhtO2ki(&?9CL)DzFE6! zu%0Gv!^6&C#W1F`2YT37S&v3$TSCqU3$c0m%Cc=sOS78qC~f5A##VQpl*8vu^j933 z|1DLH)6RAC$x^i*D!u7ojt654%ScW#-p!GgP-Lh*j102Wsh(wRxMy+NLn*03Hy-0x zpYX!&!xhhfCm?NRz|5XiITTgd-S?p_qtM%|MZvoF`axmsB=@o)@ZS?dL1syxX7}o{ zgl?qYmD|~RMu!@z;c9s~_x0c=1jaW6ma#tj)D00J7t+RAqYa5v&u0%u0n5XH^doA3 z5IT?|Dn)C{4XtOT0nMfT*=BiWKzJ{3bH+$SNZIuS(IB?VC}Z^yW{?ogaz1SBOBbz! zFExh0ab~v7gwDi*hmI_u)$kg0=)gXF z3U&%{^aLa>=oRGQ2q^3qyC3u*T`gDjD=cQYY6R3?(?vc_d5w>Kthl|^V1IuE(jtg2 zGZBAg_+Z95V*ilQ^)1d^dKG?M3aVs#(aWIkJ42Ib4(l}xUHPxVhO!9$@m%@&4wfq% z&n6~PJp4Xa;(MS*AIKMe)35a%&K#^~qcB4^9dw+dn!P1AP9t(u@S{V42oP*r*exf_ z4fi-Uoy+`wRpc3a=nL7R22sx{*$^oy2L+9efL;WRg4r#Ztig*Mcav=Y^7zyuK1}QulsT$gkdxkp&=2vh^7-!&}D0nE5;Q(Cj7SI z-J7QpHH$Ln;~3I^tK0D~HWN1MPIhg&#d4n~!tRfnPty9nQ_Cs^tqlIj0$_!NWCrNd zh9hug^gh1ur$p*L;DdDWvIxZ~<$()T@U#$sbAyuZ_e5mC>r3OeV_z!wnHOJ4r|FJ8 zt}UdA_jLa^z{jhy<9|eNfm0ebzbmHqiz=fx1+e)~?RlHmUj(EAnvtIF0|Ft(A${p8 z4C$IRN$I$C4l;k0iUl<8S#Q$(6iFKZzhV_yak!ybVlTb+ZexSFCH~JHxl3I4m2A_urMpsYQ3a6 zchNrKutDFx_;IpcV$_pjY!4$z?n-2yoUaY{Y_uopPDDa%@!2@RQU@Bbt+Rn0Cx!&>A_|NeBnklsE4iSWnk@D>zm=c!r>7eQ?BI=PVztEvu9Z=!2G%$0wIA*JRmE-0u#ga9HD*2oBx_ zl4MFr>1;0b9dQZpnQ5X$3m{^;$>x{;~tCk~5xqC;D=6sj|P zWlUp8iyBmo zzo)nPUc&M(LlYM?s?9wXctHu`c=rQ4IV!Yed? z9~?H(59o1KH}gP1S5dawwQ?M_d!U##b%~%mfqe#PxAUB+R!JHusRU0{g;bgxkYR)) zmCy7SA(u+EvvEVeu}xCo7-4WpM7^Ap9`BDjo`LmyNV7zil`45au>~n0k%R7JaCKtp3+c z|26OKZcD+`(Z>ktS}n;-2q`S6OL|zq6a%3uWK~?TOsa0lxVcTz)s=JQeuK|7xl=v{ z$d|jB5c~I3B1&A}XgSlBa+mCp9()k;)Au+D5yz2X>5FQR?Ps%?+uPfjwYA@;D~$*P zD&9UmGX3m1F+lxtjY?z`6!*BexCWmGhx@ZNIP|-R$+qu6V2GT1R+J%r|Bep3KkeR4 zNG7qk2plar2zK>kgb9HDLoHbEynLP_=yl)dohJX|_3%HcDJz(2YT@LRpiwo|_Hf>L zA+VTwiJaq0IdNQ8B|L5QzBRAIQJ2lv(EY)}P)=u1j6&d{`wcI1e7t0SDi@Zwmb>LL z+%c(y_dEo8^iychufQK-C8$3KsPahyDj}8~Q@``dPfEYK-2i;RZE>J1%+Nf=NLqm| zPBprYNt;k)Wr228`vVR%G$N%OExh$)$Zd=H(RirazUwVc!-VzN+*THq733->M5b7| zuDm%`abu5Wr7__u>JF#NkOpy*h_4HwP5(Kq`)SY<6cm>S2~-IDVDQLXwV}|)PjFAj zoJM9(vW?{dG=A&m7`0qK<91rbuq`G1+J7NKcvqeel#v7ca9|;La4qMC2B2$yvb917 zHuvvICA!p0mFUwd4KD=s-fi1MVLQ;*F% zD+WauG{5(QM8Lo0|{z{v$y)`s|W?Ooxj@e{CsmQ zrr(F=Jsk;@m6E~ccKYBwrbSm5+VLW+vEEs*mn%5dTR;%hfkFZnqnCr{{>wZ z)A)NF>-KnonrN^aW2o)hPg}Qj6zo#QuffG(ouyW}pd%xVcXp>z#oz55a@%Es$8ZId z5%|m;6hRze^|q;CaulmsiuA6hXGavwy5Z2+W?B_>3^VUrTykF{?qk#LA#iWWopK}6}0pm$adm7 z?_+{rS6|9hnMVc(txuI$s!-9+55|4HgxQU|Otll#qc)_Qj>k8mYP66qi(HTBF|)xrWZyuiS z=$KVrT=uB}U|6F-`88RPUAzr>!_wL=1hr8}UuhtI$v}RK`6DiqL8{Ng7X}G%qVfL; zZORUUaVao*DR7>q8aAe*%@ktqH+Np=r{B$ZjKKglBf||FFZnIaJIY?qtFPf#HxG4p z=WXvqvu(ajI{Lk|jrcs>J=}KNnFC+Xn#;4oZoQuoGnU}?3B?O=u3=1pT}|cjxM*TK zkHT94BTs)PJtUixgiH^?2L8Y5KVEw3L|B)q7+@EgMh1t6huiPp$hezz-TUrI1eLyO zq?(R-?MvhddZ0Luj6!QrDJW>x<5woq%w=S0*z%MRB7rq1i7v5V<_ZWU_9{DfK)=VC zE#Igsmrb~hQHzwK@8^w1q z38-x7;Tu~5ogetN)|&jlznZ1Xo%*fGO2dvWyUm;F4o$tUT`o0lj;$K|<`d0=k%bCP zZEHgL<=}veLp4TD_-p!rGm!Hr8J~_j*^{5+Xb|V8fiY)!Y3ghGbfLA~ zDJd%#0Y9R+M;`1~w1e=H5Z`L}T{KY+^3NMmv0yVPqul=OnYVhiYO;b}-4cfq|Jzk#2W+}^BOP)HTVz=Yjs{6-% z5S~!{VinoUBYu~TMx5FZ`VsDmM~yVZb+{C0Yev>aMN3Qkr@>o{EsK( zoO(z^7=ey8uZ`ceKX74zWGrfx(%LDbw60w$u`JE>w0O|i{Q*<@qcLeht^$qtD3ABg zxu*;uJ|87IWj%rL`RBDUD~U>wS|oGg*5Fs^HJ*|+=h~hETth2c6trH0%DwsAsW$ht1(!L!20!8kC^GL z)?_k=&HZQQmEJ8{2YBu*oPY`(z+Gl85-v)DI6Bc+5~4BzAtn9Fwxv9zT>8mv=u<&J za8X>rloG_eEINLi=({J#arw5=tML%@exF+Rd?ebvKbbwR_U^MaskilfKVbTl>pG>g z{%ws!|E}7q=it5b;;Gest%Z*^I*mD}6?5!h_MR6{0WsbasaIG53L}Bhl!b7S9IM~J z&SV+_prq~hy2RSC9n|w!_t9PZAK!LiEs{yecyjgb3!1;^jFlMBpY9+gb-8W$D=S|h zTF~-y zay)4LW+1Jy9&bEMu2(gpCRGd~NP7V)R$;D-9d>aP4knhsbUP8XC2#Q)G^~5nR!Vl6 z-(Rw@d{@MUTPowE84~i_CgvYS_Phm_bH!R36*h@oRBPoRSaAt;N(Ezf(B%mU)c4C4 z6yU1hj#yA2n*>?In==p&@Rc1}#9+Ubifu zmj@57ol3&Y$RYRSzo*n9$?OTX?d-n&^fC{+{~m|cxdwh$$iQvzyefN>r7Lz!0@~1p zRe^qN`Cz{%aD_`?d=)DB61jjw|!29^N`kK!az+F+S5-*GSm)w>FDm%=$s>!nR z=uBTuemSW5*s5WpI$$vZ3QLfn#=+xu06*s0cnqE;lbOe~+wBAO{pMT|Os&?}p!rFx zCMBmRnX-VdAe@wx94`*o?)d}@7@lrgf&%1fLR|XvYr7<>ZTbXwIw5mJg%OPOxB8F) zH=y`+XAdT$nm&upMC=;3BSeu8)MAI zYdek^pTM!f1vL)1dP4BMVzA^Uz}L8Gwv3_F$C-Rbh;?Br%H( zAu^`Qc4b6{bc@yd&q+hna3%@yNj!w#gyGhSy(Lu(nrm>Hy=DCUKk|qi-~ZU9k+qr% z_IlyvOxO88RZ%@xw_gqCGy8(L@}9HR+Sj4rbTAcn!fD`}1;PbWiX#z0A`YYrM%Cg(LU_>53 zcn#K;bVDvH97BmQ3GD-{xXuxWZUdnCE-4r`hHOhnN&Gfs!3H`01_gDhsKgS?5p_EZ z5I!V1Uf3R_^>5gwLr(M9z6d*+1)!7y$$lQz%)yb5N+c9E%MtQfuB#X5Su=)nOt!C6)}1!#Vc5u#@A2abkAV2vaLtM3kt==;%Rt3Irl z4^oZ?Vv~mi{-vxk1a-`hiUd^_7dz*MsPz`Y8g=*qm3+6SlBJEy0kXHdUEkP$06eLd z&#vgN^OTeB$IufrWYj5{0DXul0n!E-CH;jFye&VJOnq7XXpG%GS(uX&2Yzaw9};rZ zDfA$kl&-meO+}uuSM8L_WKq>vmEEUHthn!0#fuIV@y*f1MS8MVx7}m1MiT4T6ohkI z^(nQl6Y9q+whH84rh4WdgSfPn!BT`+#ng&^>uSuQah?xKhaiRDAM9d+Foc^%8@FcyFR>nKxS;jO2U44ev8XXbNrL zU^-%+a6|8fZD>ur{?>xLF}b|wz#RwAo@YdH*&3QN#;)J|YwvkYr^_sbJ%85#kJZf3 z4lYpxn$DNFssw1ZdJW<4f3N27y$|Ns>#q{9r~*?8Hx)jX>Vw~c{C*-t!L?duG*t;) zf>d+3A$V0M8jn?8i98Ayzl@sy=|x}nCKC`sjCj5ief<~zQQ8Luw^!SF{?zJqbAU`e zMaGwvD@s?VuhWwSMOAxzOTX7^gCvF`g=_km5~&llc&JC7wZm=ekBdQ;5J1sq{q$b& zVy}TtIFamqd-x(B?5=dNJUYs+ip`K(nbD_uy6y)$!>3M1;Xf>fL1(JxyVeah8%z#o zII64&E>fAkU;4Qf8dA3Pn6F=YF75SKPXS%wc2$wA23=|f=O zE;88BezVMol?rhm>u7B5@~K`L-?=xsn3Kxzn2!vRXoS}DM)~|tw>_M-quqW!t4K1K zADMks9?~aZY>_171Cc$JRlZGqI#)JXrH0;qU&L^3Q#87W{nHIV&n6md~tON zM@>ylgUPPs+hM*>;OTPv|Gi^cSh8E4z~!?3KJdjcV|GbYJG!t;O0`(G0&$>dW^0n< zW+3%P*3%6F5{?&-A8g|XqAu(qzs{Jl0-9FjvVJ2Uv{Z2S&aWO5Cz2Qly zU;A`++O58#H_tCm7goaI>3QFHO=iAGyJ!<(tT5V|eY9t#IErD=77>!PCp3bW=Eb{~ z&f_uPnEOHXlr5P24MbG#iXoz7PomNg0les>B{_0CBaf)Pn-Jxn6UNAW(0ZZJ`nn7D z>VdS$i8#NN+YTbrMXz$T4BQu?dsmz7;w#*r!3wmLliE%PclpfA540%^+zKI2-Thrcevg zD9hdCxEKJNZ+UnBv$kzM7G=FBJ z8D*Bruf@=5+*NLo6$*XF6tUrsyXgzb^TYXX{&z2SF)sx25xHwIMb8f-T0t{<2Lo zk$W+^fQ5K*4aEb?4<*To1>D{g#CZxx!2V24*x<^`)tom>Z`()ecx`o$8GsRo8mr$E z1LPQZx2BKOEBgHUgmkX=ZQc2z>+rmD3pRo8!)&9r{eaN-vJcJ&oND8Xy1f_VBS$5npC>IE76^uUM04C%}JF7gn!)OGIOiB@(p2L!8}FS+Wp(a)2yFtl;LtbiCMbre|_L6?^hzlS(z6`)pH~wpc7Hh%E|z;qhC}NKO$ol*O+U4 zlIUOCm6=s2IBS7fC{Vfs$V6eZj}yLnZC8C~vLe$=N}|anH}qNjC|A9Gvj1bi%C?W!%Tk_{Qgl#|6CK~|Dp@Ae2Gb6g#m z_CQr-&?Hx<9`%%#Rz6R$=8t$J?`;JTLIDJ82J?v)t@>{yCqNKL#IRX+lqLxf+# zO{@neldUA1^aB+IO_m^vbrl(>=C(wkVvCmEcSS#LTDLC4J^@9q2C;M+EfrmJdA0TQ z)?DdmX}e*2cle#=)JFFW&;#C0SOQZ1$P=ydwVjIAit_}mkp`&2U}W&S9**lj=ZLXK!eUVJiG7P=_j5y@npu+qx5wh+X}Tl zp!}OtETsbB^edN9gxTb5Ms(zsK-0x1xf&~05%ThMb7or#a`N=CWHiB}(dkl}B^3H* z>vb&I(B;uTQm6_k{ALbx$_4`AWh~jB{e6&p=&F$MMkp}RFzw0#Z7JP)QnZd94;WLgl`uR_fx#9X!QE&ZiuqwjzA z!iFLvBe4Lqw6v&Ic60xz+MXkjm91gzr}_(d1&nefjL67EzPao7+YYN>>l$65a53z% zJ3Md8cCa8t^-W(2V-h64WT-wFK_iBsD9aM|5+3$6dY0{VI8A0;thT#o#kNzV+#Vuo zvykHE6#h#ltX(qQTbRJ*C2;-Lv~Q`> zY+!|{^oGH-yCw7k*CmB3Y$)+lbp8P>U*p@ zBZ8QeKN_;wfNZ3A&SffSrT}APUX*Vqj};(2{3j3Pr@b=cDpnXlb?n2hM>eC|#;w=m zmgvp9T8}F&wl^k+_p!-!ufyC)7=g*|t60ZTupRr=9ypaw6zWG0k>#z#K|BybLDl+N zR4UPqDmH!l9c66$r@m7kj2*bwy2>25>iEwB1cYnJCAGNvaJ?cSk3Sl!O3c(OyUZoK zp0p2&4USON1WRSUClui7ZPlhrk;d9kLNah9DE(%QPYM`=N+N8~xNuUdAf-?xEH^tS zH_GQO5?RV%xTD+qP}nPQ|uuJ30IP{&TVK(spavbFR6@9HaNA*K&P;>G)nF)9Tcv ztzAu)k3dwW03l={k6!HJR9Mz=p8U}3{bi_`IQTfGJf}paa2cGW2k<-`qV(emX;#Eo zIQ#VKhh$q29QFoyLG06jm;A=ZmI%?En{JDSncUXr*Q(OiWIX?dsil=ImnmDqcR(^a z7v$A9-S7k*WcUTrR@@QC%O7TaK6{V#AkB~#Lo$6G93T4JFfFaEX#n%)TI-#jZg{`+?%5S+eU}WjA5cJ* z;|~0(vwQ74W&{qd-sHxBu<84A**MMl*9CCsu4<>6BrG-!Zo{;5Cnhs~F`0Z$3ES^4 zBn~HdkaJLHK>j_pdsF}GwlkS4Xlj|Fz#%$>dupSy#Zt~Ax}FGSjs?~?$1+{2XfoP; zkZQCp@OA0MgCxCGwl84EY0a#|GoW6#?16zB2c6`_8mM7BI19$N&fOQ=a+!~+t}=DK zU(n8^#?cwwqlL~8uoUNxOO`m<(x$^3t&SQ>Ud&du#p0zho-15hLAqbcr9@)@qGb4^ zda#}A&mY`f_;NpzyWP)1b=+7`n-~$z1MU{bx6Kv=7hO3&+)?6q&xN&T0#gBKE|l)Fz)LE zg(&xrR3kNykNO=TWVoZPxAkE=*6XtH*$y-j_c~?Vc*DwS^nly}?;E;QNEPGI(YFYl z-+MF3V(BU~T;lP0DNQm6gX#xz*Ko%7`{8XuwZ}mX@MFUQ1k*v%GBOU!>ZbM^wl*Kb zxqLt1U)Zd+>ROd58o(nD7>FJlFVE=JOY>2;J-dir;4>{Ie=1;#! zEm(5gKe@NtS!s%6HtDg*;JOxW-r073hkkZpJ*0}p zlZA&5zs_*mpN1${^R0ZJpIqWq-nPKX>Q&(scOj~PF^`1V_w!TETmpF{BuIiS7KCA@ z#Z%cmXUXLF&I{&rS&>e@uhZ*?0B9H%DH_ye(LAAkZ3;i%gsWZH5FwkDEWnJM{@hLA zDz+iv3Ru&q_wEH{&$|ygx1YLS`=)$+PXKEFTBF(cUB|os$1g7WwLP0uo%^6Og`^8O&vjP;A(ep$ysx`^ zo?6VQq6;y9JdYQ0`&)ZIaJPT@5wc!lZ9N_=qtYy^G*ma~4(lUL<q>NP#Lm~rezyXq7x5aD&E8(lPqwc!o-KFyvb@PTUMXXuH5&Z8wb(s^ z21w9fR&3^o6z~t*5qcz|%;uq(4gQFlliLcx@Q@?zt~=z|2vLouRYM_5n(3Q7AS|_N zm?HG-5S`D1ePJJKsq_Q%#NFLnmZmc~FM*yn-5>Bks=QAW4udbgc~dC62#u~i4_93e z**C{c3o;9UKUi6EMV}H-p%rrE2wnX#Oanqe{x?n(#If3reZ3Xu72+~{e`KrKX|vUv z<$jzV%0m7>R8m-@YWKVC+aeh+bl-k(WKW0n=yPRtGoFIAo(V#g+Q7uogWCcu?fz#n zEGC`G*J=yip3L54cw1eu)!$KD z(g$w23g&^Fy@Ph`#?pBOz!WFEUp8Iu8*`s7>ur55GPyE3zv3B)MYRhE2HMF4bn%dmV0=95&Fi>+{b~8jPR#m@xCi>mlj#6<6Owk2hJZ zTC<;OZcmT`&448O64X+fmRer-tgNREX*)q|JoT_y7!R>!*nWd20_m+X%Ej;9Pc9TP zIcgni9cThnjlnoi)|+F#o^Na)`x*36=2O#;bZSqs#5{O?z;&TY%l*93rsFJhM`n98 z7(-{Qx^;VfbJw@1dr#W-Pzb*(MI`dr7SL!IMedUa0(2%|uH?x1FRAG6Ayt5?f-RP| zu2f$J)R6ce-q0yh|L*7fJb9f4;{T^swOlVWo@qNzzt6t$)&zzL9>}q%=A?@08fwQ> zW5n>_R%W`gaLN*GG>EV0aJQLP2j*qD>jRJ1 z$1$Xy5lD!bR(UV7^qbMf#<~;09+7jR^|jf(^SZv03v(MprZq9+^Sp38@{MwJ**J6j zykUD1Oy@HP{`1oNd?l=&k^Y70bg(WN%v{Sb10tLM>~t<3U{kU^)d+; z=f*5YBNY0h{hB(N-BU3Y$IDQ=5z}u{Di#Cmz#vRzROg@u5W!t>bM~ae%8~%V*k@YF z(RT$Nw^GmD3EXu8%p093WfD}gDR8UbHMjn{wI|2XogCIK7-ZAuyKU1lDNZf)y`8~5 zULk^~Nobb#QilvO%Us%bP+we?Kw0zU{YY*{Lm@&endZhiD-`8GiJ*iQoY1>k zmRKsx+$zXrB#NNpmZ-Y>@OAdVbN4ED;xObm&Q9|LSgc{cXsT^7ZkCM>3&ja`gU#snk(14ki8m{ zwKhBa#uv1hIs79dv*h7+ICBE7u57_t*M_Az4fpxjHt%z#K;M@XsuKvlc0!G#KTzw5 zIgdr^t~=f@Ga(R=v8sO4E{6boaEptX`IBM#vwkU1!jhV)^`m7cGc@wxHDTKiVO<#m zWh4eo`&W{pY`ekHL~`Mc&r9cjO2mw3wKc$eb|_;B!QrI3_g}929=P{kbh@>A_sQc9 zF_PAoXb|ZA(r>4fX$0QQOQ7M__uxJAShQqk+oM}4RM3fjo3~}mG ziH!E=!7_y_emP~RhshTQ?&R6nlYYG#3uY}vp2rw+Uw<$Lm>qww90(D$VeuARva5V_ z#p4OnX4eCd?@M=Q`)ixdwsSv>!y3rdo4V7HNj!98TisxJOL>P~VT>j{Z5uy8>j{d2 z{Tp*5hJh6K$71Se%tWx|3VScJS7YYI$A__!YN8DOoKqfO1- zTv%xITquD@h!9`c55PvbI=>Hy##WjgZ*~5NkOSb_O+V*EtzRn|f ziTu?!8&Fu2!Tq(k8T;e2NcW}2>HSR-$64`g7;R4Y-K;>?`#!StAHxysJT(wVyusq0 zdO-qUv&(Zd5dRTC`(6~T5&`b+S+}YXhr*WY=g+jpY{-Zt%{>w8J_tB<%o!;Otkf-N z&fh-Mn^-lVUHRwsy1vhz1?U4HG?M3O)_6;sA(Nsl;9=uE74F&TFYhWZzy5s}3m1^6 zd>**h{u1xcFF>C2=WyfO5L)T{0%z#;CdhykUNZ|dB3V`cxgfCRANZmw{!@!zL(PnV z&E0UxF33biLV;<1kS&+TzP=88Y@b%}$N*heMZ~s)c0a;Qyd8=eelSdwS>EnF?>9ZT4xb7<1 z%~=@Sdw-_YSu=B%xeMePl}isvqj_GPEVj6&#C%cKijHY)YBt?YOohkNfY30@7u$Sq z*!k8QGC_-BX1IOu0GA?2dE*9jr0^LB`6zJVu%JiRI3>*UPatUh1ot5jpckoSQPhU5 zf9IV3S*Tvk;C!rZb_!Wd1WI6)NK0+v<=i7`?rcYGr(@w`igT2@9(rW>Uq^x5S3@FR zml1##jIKC24ZFQw=6x%avz$MHT0KQwtp*j7IT^X~FS+Q^{^c_AOJ4f^E6Wzguc;UN znQUxawx89u3uv}Q@+bzUCRg<6_$A*rRo^#R{I@YN9~iqOW!WPDC*8+UkymngeOuJt zD`0y&r&vgc7#r16J_;4)RD?{Z1irSKT5|f-iEnaZnPMR zyR^oHeCZxr`>S|UXfh{_OKJ9IRB%TlIC#nijM}-KE19Qj_|`FjoUNhdGjkNdQQ~0X zkHp>We#rT@c>9*;h?q1T0f}j$OeQb$Iq>Am235Ve5+|z?#R>kZOk;yGU0LK^2*|I1?dDAD$G*}nZe;jz8I=(!!X z1?@VMw%rfJ|I~97;)PgV+VJi_bh|T6wlM00X{UBLhG{CyCeY=-S6_^%hd7SyY?D_K4wZ9uq9h>p>nM7Kd|DUt|+7-7coGiUeX&`(}Oq7YYa^1F(8rUI-o^VDWy_z z9VMOwf!%l%l%j&*;z{XjnhAlJp@dKZjUEqmu=ue{DH#&yH4-=8_neQ+X8oUp@0xVz zKI!1(e(0_Hu?4*gG&XFJVNd;_PfA6L^kCvg!SywIofLlImxMAiMIxU9CXnhj0dqn|H6 zl`OaUbjy{RH~5MeFCw_zN3_`m(Kt&&Gh5;obb~OIXvAh`mOde6peTX^66U%(OGLcY zU5QMfSL)jcz;`qljf-I`WIN7i7~XCu`V4A7pZ5d9mf9Eqd5+^N>A@y!bEATmm6D12|Q^yJw=5tNi;& z&3ydExK4nS7)Fwd0tpCa!?F+1Y&N)tUhvi@K_MfkZ>H~3OKJBShMC4Qu?ks6S!{(r zyE;}r6eXD6I9sj>covvv*~JOt#0sbOavKHQXUp$Mb|=aigNW1@hiZ_4!Oq2_mSd%F zzjJF(*fw16CLCuDKvVewTcY%dDhPslN^d~vsW6F$uo%>_jhndn+gYQalPy>bKDOn3 zzIRn@-k*f3dMp#Mudwi{VLzA!5w+u(-8bipgN;Y&xZXl;es%@?O!;2ay&f)hENq%a z`*S|JPBvejYJCopoamRq#>__tFM0n!jkh$TtgT+~v>~aqc4V1^EcHQxX2dKR^rU&;iu?mcW*{=S*`dQlLQiO=OMV`yvf>^~BH>BI5O6z3R~^R6y&?%Y>;q z9%o`bFWom?-?h5mjNc!PKmWa2mz#*kb-pW9@7H9#*FW&#Q}KKEZAl{xF=SLK=`eZi z`WAfMDA?_?_Vl6N;J#o_>Kv8~Xxp7gWZ6BzAC4dODv^dOERlvrkj?z4ZZ+v7F4G@| zhz!hTf`lniE75)>Ra#+EHnCiJ z0e^+ViHCeJFabXX21=5ViNH(T?a`Qi{p*dEz$NUL`n~+_%hje#o=lg4K1@_HTt$3n zM|~ck(~Aq^=PHgJ%|@Fq*V>NrGp^pR>e?Urw~fy2C)(}17*}St1w*qLulL5ojh(L) z5P*reh|YGa>kT?FF|lz0+sT=Tj5g@{7h^k!0PhWis38es4u_!zI1tq@SU+}dex+cG zVVZyS42L)P7QPf88pW%SqYuNh_g>@+BgM|>4$d=hQfAxQ?-Q=&WvL^b< z1NM7;$aE?G5V#aZF42|-{S$PbZW|O=>$O2|OIL=j7oel9K&2PBLSn<|y$#M4|78vc zlFX@w{UNmC=a!hp7TX;SuOq5&lUqQX#Ilml4gUAulh=%|UAJx3yX!nHmU@4Twr+Zj z8`b|2Kx`RSfyXKh{RQ;*xIg)%-s;FJr@btfDrMSO^e+Ul;HCNybA|hDUVp`2e?HPO zPFkKqWcr3iUTd7Oy((mA1ZEf4toI+S=OE1qKF+4YT}Tdxr2*_vgvmYp>%+ ze@p0Me&_2AHs>WDfBUhpcvyi#mqIls%ckH#wE!a*qMce8DP1t-!PMFDdmtUK=>pxa zz}FprNAVlc)Wf(F9}f8O=KPhqt9PPlxVEicqWt60?PnWeRP;ZKZuhG6`>bOCaH|US>yR&*Sk0(Ae>AxGB*|4S#l9_5(|NfV{_p zJGu)hySodS>GZY!Qk9GcEX`pwy*cqjy+}1a;Sh%dEZDiZWPC_Q+W}Z#D{_?veMx^h z>9Cc=(*^Ejd5*HCgvr;1p-jb-fhQx&Y#afb)X@rXlnQE~y`(R6B>s36pNwih3i%TL zbP>~=1sJg)CjT}VreWD|%9ut(yzz@saP~psz0iyHlwE8f1bZ-(ca-v(x8QR}B* zIGC>Ln#C~6ut!*Ci{gK>rZ0^df16BYNMnZJ?{vDZWLL^?arNAVVAtASSp0@`yKc-K zT&f}<0w`~4t#*2>)lt_LB8NHoRe`eC zARj&$m^{rbulkIHT3roViIBpqafJ-34ZQg+mA`;W{o5c=67?n#kF)I-z7X1X{395U z!O~TQni+d+~i4&|Lw{ww8Ju3nm`Xnh&kzFtMw*EvVXNJrLz(iTFsTv$5{@Dw8F z2yP1v!-ZTB59nRgt!qg1ly&JaXf6-B+PA2$%?MK&7WdOEa8T3_$bG)V^RPq~CvUO1 zN$QxPPM3c8;^*w6`kj-7q`_^#nt2Hj4<7KzY$*jf5wh8>8Dd=2%;Ka|-qZ5dF%3bi zgvNQ>;R6hD0EHD+1C+q-X{4dDaPpnTznVK3O|i&J9J)s1rm>JY2^WMIhIZei^B$!A zI|(ZsLx4VO2H5BZQ6s}?g>9K4sd}ODivWuK>2cxo?E1Sgck8~EPwVIY_)%~ z>1@_ISfGafMHPfmFz#&O0$8C=t@@1WoEu!w1957&qd`v>O3GXJh<%naYW4%X=))Qq z;)*zT=W)L=@x*S_QJUpivXPWExJ6E>2c)}#vd|L(oWdr;S@NUx(G5Mj|s`hRH2TvAjW$KZ4_CNDU zBILwmAgVm1A)RI=Wrpz2YWz&an=I=vA)uxZ%=m0~Yy|Ulo z(9)_tJoo7=vm8MtL=C9)1UOV#@iFd$aPi2uLGafw<;P!Rml)MmPR8luc*YM>s-y}Q zHV5Sj{(2C=DHJZjT){bzJV$hi#s7>@*dm|WOuJ|kMTl*(@6gP+I=4+>n(HVt3Q&vZ zI>vC>%*oxqb)R_O99!FRa5L_G+;r;x_me-?YIiPQueK*{Z*T90r}EwvAoU~MH zrjyIaQ74xzSA;GKTfjN^OwK6&!xZW%=FgYQ>nuzZiNr`X{g-w(0!T^t`AP_b_UQ0T z=d;BdrO_;~_1xG9k>$E#=K5mzuim+>aqYf{_1UTQTB>{lt#ck^+*CO2-^s#{>zCLY?beZnHo(Lj;@O+IqPLg?#QN&YV)<0edj~-zgZwZ)tsz z$G-O~!<6Sl-RlCo7vKG_s_IQue0;wy0kw#~diR(+)!ag=$7OdePE$nKlecxChBL6A z>lo%{lzr4sL?2YUR!loCN6J%ELsMh4`xec=8>@UaII|gJbIVB-2w+jK_HDk>=xVM< zrTTi2sD2FrmYT#24pj*~@go-zFr;D3!1~t|(Ca6UQX6}%GkH`+0SYmOW;Ke9G=n8Z z9a<)>at2Oy!y=2{6siEX!SA%H2491Oy9!1;5i=T>U)n?Ad4lmsM+x$4@U$x}BCQv>_oOKB3vQ&bFe=LGvSAa5hR_2QL)5ZNLut6%w-k(DXU>JR^TlLYbP?9sW@<`)-> zz_fpUK!%2Xmv?ri?(Ov#K2!hC$4gq>S$f0e`(0q!^BnH`@$!SU&nU|N@dt3*cyuL3)i zF&>D(Ad?Ts%3l&34bgUriC##AKFwYky-e5sm$fDR6J-N{Fac!cgt_ozrl9K@_hr#$ z<40p5{dh_008Q^B+yp)7iL$pGVV)J0ZI88m5?@FEzMEC2IM8CMByfXsNrVe<$Xw%2GT91zkvQRZmbpl}VoiufVogz+j5Q0I$a`T6!oQ;rXB>PY}B?W+Au_e)m2-QK|Ymg^1= zDZEzy&*yUME!~axj(%fJ&dWZ==Idmp4Ts}OPd6#tU<-N7AjFqnk(ffS5NjYRjM-oG zb&l@o`;;TdWGss^?q8cN!%ldwHC^vggJ z(AciW$AgKWEn5QoRtHS*vKMwW;NoDl+}f1o)ubV0g?bl@LDKI>%D?CVL;xaRC0q>M zq$LWf`Zd3lsW-a)$n*U2WdGT4pnE^5`*R)%&>NbL#^8$maI89kOLK`zW1EC8g^kS{ z|2@09@qP1l-FgT-;r%&Z$LPHs2Ifbn)iG+dUen;KL!a_rQ0aqq%&Xo-(8mX|!WVA6 zah2)Ta`CzsG88Y5I0iXA3;M<*Kit}DHX`k)+i3==tJx_(@AEZGJPqX1{}NqotL$$s zS-8L7$QV*&9F#h3$Prvl-c79Fx7_xxKz|~nO6hMf7Dp^tV#FGak@bBLRh>cvoR%X}FK(WYkr1_(KN@<-%F!2iI35LrTUadDE;^h zW;E<96IQ1Up1?!W!mC9fh*(mX2B7$0y8$2v3vQw6LZIGMv9Ut!k*0N9wr0gPCs0(m{D3`$l-`u7E!Gf2mG@qtj}sDGw(}4%-=6 z1vpfDl{vacfO0COs{&o!h{~wLjLwM3YDG||gT75?-0ms^h$!Cj8F5Guz8NY!S)Q^PK1O=Yg*qE)=b5)w&ciDE>K(+l={L^j& z+oxFL)$j=jjz@q^UrLnaO<$^11-&gI(|)dSMzBsZFMPe~bh*kXsQSZ8S`gi)A2QqbOb$P-$Af6OCzth#g`@4x8;R^OK-+g`QulklS0^(`&wOTZ_f_DR(>Zs07CqqzfEHW{MSuhI={6FQ`kO!f`388ThZvk$L!@5-iN0$9Az^W~4EqHD9P}Cd^U`eVb0D(OYSqo$Entd$ ze2FqU2h(ARZ*oJ=$w9FIlQUrNIC~VSH*6qfN~KcRQBmDL9xNk8p!u8!Kiykdm{`j5 zMJc1{%!!S^-ly90tQ-P~d#@>(C}VuNuNcoWXeQRr0Y)Vktu67)e{NJXtKl|x@^cc| zic^uvpq_CE4ba|xHDBO)v`bpwZ|rn!PiJ$zr1Cs?V+gw?OElb86(bqG)K&dbQ}d*VDQoJO8e6^eVYtT#~t} zW9IbCF42usT7H@ZfB!?zkHew3O9(~e*Nk})mJ1h?B@smk2ink1ZIC}G8v-!gG)o36 zlna+D6)fuj$(|l+@cO`zFhhk%A%6Z`WxIOeEImENmc+}&p!Q8C08b5b#_BNgV7|qrm*F#RgN9=p>;%#tM zt=wvNHM!<^$vWYN%$*UNJsCZ@+h>vT@`)wA2#3S%wB{;MS`Tl5AB}epRXD_Ba+7(Z zI*ZASnal|r2@59HD}H>+li|ze>ztENR-QPC(+=B9plx3mq z{dDjFG<)sm!^ygyPkOl-slGbQG1XcWFI193HRxeEtWroftha!Nh-`x9tQ$ znU@8=pvGVY6|zpN4oEQ}tSStkB^U$VS;Zzz79xbv$}k) z)>(uN=JeS*{F9Cbc@N|ZDf26!ki?P^upJ!eD=3i`0-Kuncl@^7H%4YD^+~dQP9<+% zyGn>@%mT^bCP$v#)cWeyi(1|#FMBj(fKeL?cE#L~5{Q5E{+CysCmEz;ca1X$tpnBfFOU|$(!Ck)b`yr8jX{iw-z#?-~(Vder9 zBJ%#{%#2VvX}HXPm{`GkDtn9Wh!t08y+48 z0|EX7=6l)nq$@5i{@e}ao7ex>FJN@Vy7($Dp3-=lSu)*C%G}Dq*UPW0q=IR=t17_g`%Gdx$F-C$*ho+bhhYu%O$7VCC7^iT!pM z@D_^I`t|r6yY%F6W}NEyVa>PSev)Ij-Q}KItJY%?!?(*f&F~Ebfd{Ir6{LhNB+u)T zqKiWH(3nrJS_;(ktNObhKBVOgLde~FyhtIW<*-5QAXi>riqEI^iudLg_Ib9Fu=+O7 zB^B7NfmMT(O=wDW&}H4FqqvzA8Ny4a!Rrkb?GPbSvIrO3o>Dqw3%})ZIcHtry;G_l z_qZnqo^Ed_#$-Hi z)Z?{QTon%XZ4U$_Z!aM%ptMt$Gm7u2ReNOJtr2bIRlO~NFw)GKQ)rcwtGmkQ`2KI3 zhXbfI+n(~}XHNj){oQshit8`7Z!ToT1cQZ`UTk#$lF06pxx0Y8o?DZSttVYV155dw z3taMoyj=6k>3p{m$ofYUaa=<_J@&a6fj5#iyu3z*^BWJIwz?iBqIBOf>*`#Jikc!x zF^Q6j^0xPetZl4UR!!o_h$x^E5NmRNTwGj=YBM~lNEUl}d1BbKFRB5ln26H@`ozQC zrla9MG9nD&K!uS-;agBf!Zf1BP6$scihhuj4c33=O#HRFWycwf?Gg(Yc6vE^Yt~nn zGV!i!{TOO$CmgZ~oCW2-KGnx5fDm$Yu%JxYQf&)=^5GPolPw`qBvO2(9~0Sg12@`D zUoY%bqw7>@6=EV@TDW*U_sf0sN0OpSDWU(CAlyu{a@w_ z|6j3-_U`wt>!*<&XCN&v3;QXSl{&XOgKeGe5(Qyq-0~)pPbg=8%VQpiLm9B;?1$5Z#<3 z#ZOO_8sbwDPZx%S#P`Hx)o=VtM<})EM;7?K&LhEb26M!m#>gNJJU2!F7|40VbdiRD zH}pWSu{K>m{^8@>IlZ}2{gBGB;(j|Qy#(ym}a8VnlT%LiozuLo$% ztj$1pO+{8<)fZZ>WVh_Lo}_PBwp*5C=2%~yeb$G_X@_*$_*(Y--PBMPfRc*SKX5_I zqPgO_& zJ^x|{LBv^CkNMeDp5M7$Uf6W()!2G}VgEc_94z1L{A2622M6$wPaNSNj;DIR-cEA4 zT-0!M;xj=FEAzUb7`QW*baf%x1;l)&*QMjgP}12HI+?_WouZ1we7n-WQLKaDC(r)H zH8}klk+cZVo&aHBgwM1qkhOT7)`bs#9;Sd~1{vJ91Yq=eD1iK1dezOf=1z_{hBb21_Va6wm*&XH36@@ zb^?y+Zs1V5e`2m>sf92-$e&(8s{mTen`d?&dg|); zLGK2#v86t$JgGQHgoFH=fcCo)rk*;vP`Ux^-xO+&>wio$pUZ$O`_x3@_%XOFpKhWX z^65z!GijjOYf>{X(AAQ3XdtDP#eeVfs&q6z$Hu9xH|AAq{Z%?4!P3@~g3&g!)TgsR z^UDx{`d=U4P*$tZmMwiTtbY(^|CF1-IlvP10uduG)r1-sdVDZ>F0QYyo0*!P%o{Os zkR?k(b8VoZk<6|~Cx_)VJTRN)HDhP2>w7wSXseQtknp`Puk_xnG|upZdR~7&{XDLV zWB+97EnflvxERZ|y1CHnD7X0*VgxM3h)`z1JrhLa6ZS?&^G3X$X{+&ABO0z_juYdS z8wJid`_Nk#1S!JE&{uXOiW!gz+w~DlC+3jAqr9a`z)Ajuq~S^la({%G@s_s3R%)@uuFU4lNvXCXHx!7)mKWyNpNE?* zmw5qBs*}#h{0pGA)r~s+1Bmx|cdbFC1Qg+PyzYg8`3biac&?7PEG@Xwl(cI+B~_@i znWP5^0sZ_4u|i=(hVG*?c=N!s7eN7Dg(OIy+L&Kz5W(Q!0D1E1J}CN*(?MnL&(}?_ z>-t&g*4wQR0$++0sVVW`KN0<3s2KeANKqA{+#PGNxVMBH>K$Epw{KsHY&Gh-;Foj2 zX?(WdfSqwltSeeJ(9mojK3d<+t0X}9h`>)?!DoFztJa9NHdg{^O41BUkLZ7{kTlBn z=d%z_n$s~S+iP9|gjRzx zz}lWN`+hcGXEInKS9E=|*Ftgb4-+tSx%KF=By10ovE-wos)f9O$L@rz%UM717R>2P zOAkOhkM0({32xc_Or7<3E}#RnKEu*phla26zq zbE1Kb$Yu01)J>cSzy-T;XRupjAl{xIJaHNb@x~HUSS1inuW?H2sk5puf}4HAgkTlG zV(Ep2-=|^5I3nJDK)-*wb>VgS(2+uDr1Z_tg*oxTZTp6+YfRB!aqkLa@aMxJ+zAKx z_an}^X~BZNd1bgZ8bi)6X4vdh7E1BfHdw!H292Yz*=}`wIs4sgdlB!n?^C)8IN<_e zc%pcCc!paJGm?}5uK^F)iL15bV=OgG&u$?UQaaPJB@dj&>b*Q)Y-Q-wD(l+TGQu5T z!`PtlJG&6lWMhiq1Q{I>6%VifwrhJCSF8HW7yD*}cSGC#=G)#u_*Y(rGdJH-=`0-b zf-8|nnnE=ER(4m&!Z0H#NRRFCxf%mYKf7|H+r2+^`GR%fev;dYbP8ONWK3Mo&WJhu zZ)&hbp)9EyI`+!Dt{YsV38DjdRYFsh3vMJn$VTQ5UTkAwgM3Q-+Q#>5%SHx}g{6fM zSB9$@@hTrwK2%N)luB}d5lDbe(wRsW)C9I|7X$Ea$3@Kn;Pa8Ijk2Un?DqAvlFn+K zLG6AgA|@jnu0YP>^T$OSd;)}GX2~0`3(xvBTV=+mgXpE*O^I2han8`W%vllg*YG8J;+vy=p7M`?e>IBUp_DyzJ8p3M~E= zC|^9tTC>#zo-gMf39Z6f)pDsv@p-MzXJMqi-VAjgIzCl}iga1Pk!mr;@Hc75j$gvQ z)VS&nKmHue#g8%f(!pJvWbtDFC!*j}NZdJ$bdO5G!tZLHGTiL-HNwQLU^}?*Q|+>% z1ffo~jcLrgJ@&Vv#OvO#=MB^KFa=QkKkxOrg`Qakm07dP|b}9hrn~fJy4&O_79QIlfs`?GArtBApj`v;eUH z5-yTQ73B1bpSea;fUDRKIb6UO$^)Wlq^BmNZ#xjzC~S0;9xZPx?ae~1mFp=dMu0S% zK#iOln@j(!VSbOkNw^jaq^!$INd}Q?qcj=ji+9RXZltsIUgnV)DK;@|^z7zlkRHCF zA>a_q@%E$JO-j~8jWH_gl@mhU^>OhS_Kdxi9{us6G#?s|&SkEtH|5 zcL=prMTWj)sm<;mLB<&QSSDX+W@B?)y=41E%SHAv324}%TUiRwXu^)h_$7c8H33cB zJGbGIQ_=OhZLZ$+x}TT(Hi0&^wv6*8meyH3Wgh&}wR^SI@p(F$2_4i2N3Yrn5&kZ5 zwQPJA@q&?zB;@jg5eXmNKRh{kgZLhH6N|+~QR{Wdo;G|5$*YEa#)YL2Vwxa^K0O!e z_{e5)Romv=`Xs?xs5a#3AoG)y7*Q8L__rW?GTOT1f_+QOAF5|)e|odfxof6GwfP%A z_h>kRj9^mtywONq)3cP!(1-G`zE}71>CDVX4c&_Km&&}kU)khJ6Id;=tyNgc;MH$_ z=b$)$sE`Gx6k)hC?4W60DEM>Sp0C>2sgoB4Ev16{`+Fc2_z=kdN7FSh*0nb49osgV zHg0SijcuoCoHVu?+qN60v7N?^t;V*o?>gr@_ZRGUt-WU6nRzga4eZU8P;&jutV6R0 zH`_N)(nDCh_2$Tlu&@ZQLE1PtI9NfwTMcS-+61Vf>V}3w@ea_-@>o3{CacdKgMXzB zyKf3+)R{zba}w9`VsLlATH}o5+5a}tMP)ODUd4nJ3qnTyapfrh9Vqhs*RPR#xGcLr zu0tHk{n1>oAu3c!=&>j8V(hpdlQ*u2LaJ4kr(=!}#VVuN=mLa=)ipE(IbOEJCc7`1 zyDbTYd^>cyeLMNz7pd04K+B^xYx1=R$d-x-gIf_9e z;ZQ5n^sm&I$gnPwD&@TZ%wq2zqmM`T?~9o2^~gxKBzJsRn9ASj}fp?jRs zWUolddSGPWErRse`LtjK%JF`_uux3zm}*|MU8w4{sWe6lBx9U=Tf#TsWF^Vl{U^5?I^cI z9r;Ln6v;bE>*Eskw&|(!&6^jYcMSiC`tK{eD|e+oOwq%w_n(cN!x$bM{dbPsG0UUF zlhosuyJO2ko(XNkk7boVL^uck*qiJ6k^$a&y>Rqx{zWvu5>2HNmLKlxs>#Ie_6=rG zoKCen=PP{CnL!Vp*=<_9S`>|8t7Cr&)5TIN+bP;(dG*hNuKZp?K3AKA{7|ODOd$&c zIlekEC;Zsq@Zp_ypo`A!|HeM*qG_1e?mc*&u%D9MT4ie+l3X7iVw!OiNEO5VH_RHi zOodjb7bYk7v$awhz1T^WsS@I(Dc_90Nf8;>Ko~GV2eqXuDnrom<*nkEzFg{feob_Z z*fk34bx87`l5#W<)D{tzom=eZ~Kh`njt6HPi5-b+<244Ddw5;o5L7Y^lfr>N*DqVP!{_5jE;McR4CcTAXI~ zRz^}OmwSqA)b>uM%G}Vtu;CyTomqY?cbC2t!^b|nM}RKp<;aZB&jqkD>R`0HadLb} ztmu_dIDQXRl@&l9o-3CpG0s{jocLY^r_QZC-8>#RO`$DQnd=DV)^H@t{p?sHMhNcn zd^Z$toIKcKxY9Sb3NZGJYIGJvgXW7#7 z(FOxMv|*oEUwX2#h;4rSHqyeH>r@m7HCeu8!8F+>2ZKiw|XN z+fon?K6;uO8#6UBBDekcF}Z%`_RHWSEWUQ}>>k!hT%e5_|1UGX$&c*|SS5 z5G2(dzp8??_ybf%duX)>al=;8V-bUtB`nbX6n%j4ST4K9ENT&!LX_JJlUau6oOVyz zpM>}I^Y82M{{AL1fUXh_o$rtq;1HG+Y!_tvEvJCJ+0@3WS3$E%x@|Z%AuG$Kyu6$v z<+J|J{fW%sk9Y>iJ<(hnho9ZSFvxC*dfqxLp0`?K2o+WtS9xMa5ucRuX$G>g%4{jB zNXoj%Pd>U%)k&kFlPR^(U%2UFbR^3?64ROMocj0Tt`*NAW|>YV1% zx((ONjYq`{<~kuUl9R)}jin-|GGB|*64rV)VrFZQ43afRgucU`TVhj*AvK z27Rsp6&pv}>G$uQxH7U~v#hStd2kKNlsICx--Zl+krd!I)hqL@ZWSl%SQrrbLBK!y z&@nO9(DHGeBxA)0-COm{c2o@B#Fpmp6B}K*EMB-~acw@X$J!|P0t&T`lSYY1+^fXg zSFt zPi&x#V9hCF!9}-Urp2qWdgUJ2bkEu3)-ba&Eu-qiCjdpEQqT^M8A-028UK;qcu&%d zISWB$&#Lqx8CVH<&~^MXqdPSvS$mk&FU#}&>0n)A5=i&=*=SP9J zHc~!wQ#8D7h;QfOD_*s#GQTH9pICcY8UYIC_~dDZb+rgBPI*Pei~6U&)%hULQ<&2U zKBL_5vJPT38Q-t@diO)udmz;kIgdq_dz2qavMf$usQYX|)8jFP1`#S?b!)RxbEAk) z6&44_Qk#qJd^hpUnn!7g*pxF$-o{2CAv_941xpCBBW1c7P@@s)OvClHAt+NtR6*;W zDXff6u5`lZ*VbMtrc)~{t;KMU-%IPIQU)d^B{6&69>z9YEya+mmjA3~LLD}#P#G}; zi5mm!Yd+-HBiFw&=i`n{Lhu#eJdX~=AAP6_W~%C}wW6PyuK98TcmY_nHglacgql9y ze0Nfpm!J6cflku<zzu{t-R|618xWv99#xm1f{x$RSi(T9%17X_-s-a=9eShX)#}+B>mgG9_xkuX z5Vzd^yRUpk`}HV2fF`rdmMU7jJ>MNbb<1ARnOh@$pZXA&8?2T}slI1f%r-yQu%5$V zy`ZRBV=&>esDEQu=<}PHv;+LWC`IBjz>-Lv4`1c@OnR(6Mdk{qvJ_xKD3?>!TT<715G9a6ccb-ROm+Bq&AM7yS%nDZ2?a(B zQ?Qre!HQXij)a5UH|ip%CMHO&KM@M%X2xb$>mOZ+UWkH2S zG=92%eumi_Qgrybp=v22GNkuEbgGDQX|tloV2+zMT+_Sy?a z*3w?s_y*S#yFZcZCMw}^1fAz7YPxfTMJ>l3BH?~J2vqk{-8uc{)^VB|eHpf8Bxkjr zNcGMn9rdsawjwKSv-22`=*Y11(^4c)atwr)fa}c3txw6hu3g4HFLq?5TEx74XXCb? zw(K!4=(C=;sFH^A=k&pHp(y9uPSJ>&q-~ zQp?Hv8d|Lg$(X+pj1C^Nb87y~&50{0ppwR7oxw}Rxnm+oaJ0&^BH!HdpWge}+S*!l zI&sA7>+_QQna}m`01kl%-gfKWyi?A)Sav#axQXVfJ3N&L?P`6V(3=tUxJ&+{1SRpr z+_Zo(FB5O4UuaXRv1w{ToltAluEBOoShla>?pT}>>e{x7Us8UbT|X810N&@4h!wd1 z{dAz`u-(*t-d4fnLoD>Pe3l#Wa$q6!vfOUaevz|zTdCLRNmA>3*5>k1qunm4ol;y4 zpuSKgav24}gUJ20Y|*g^wD1zaRTIyo%hM6l>u^^sM&TbazAZuI3h@BtvM)xoSc3>-L` z$%o#NU7Sl)t(RLbj(t&<;7NZwJE`eB?!L|-qRa6+CjfQ5?lC!?^Bh$3y)~#_Fns0M}trW1ZlO0pP!lO|BRpY3UW z!{=fB<)ONspMUAow<2F7P*ZEvd_h1=Ow84g;LiTQNF2~5!if3ENX`nXP(L%D8IT8U36C2An-_SrdO)y&L$aE9;^kz~lAQ`?PG4RK>5rg8;7 zW$*OS2hn{$G8f$UpjqYXbRS;o)AW#W;5S6l{kUx4lk0Q9x4FGyUE^bWw_1TC?J!;7 z)TODSavimK;Ps)Koa{sP>h}$M(>NUDve&@C^R=}=i^-?I1!O~*j^Kn;gVzKnAwu7p zi#2&&PCp^c=%P%bFP1V0z@POUj}z~+-m7(%d*2Ai-KXoU=p|!86LEMFV_yNQQCH0M zpp?dt+p+pGnk{%)6(&~-bmi$YqqKP`;2(}f)ac}x@cwEVD{!2Uv7#eF9d~ySRe=|i z$vCH8BDDIMfhMl}<&5ijlf=!o3iWCVAbmh%uz-NvOmN|~M)|jbrp6sQmjZH7IZSF>#6HtZy7|~<=XAHN*rwlPlc4X*;kfh>Z)Z6D z$o!06Eu`79&Ho1e>l8eA5Z-pgue|x1<#1}V9VYhUi7j|0aJ@P@;cvp@077&#GI-KD z=f$$ztMn`;G3!NCD%|te{&>0cc9q(xT=4_4U<0u+4q^@R=#Q@o=p*y_@e! z9MtuF#GD!j4-YKpvx(n7*_*~v_`&e;^?&%yKXKT{fVaI_aX2*uI52)Cmh2&eV zAh(}yeh^LK;O2hNyLesm&cCdhLXaY(Bo>h3^W}lCSPKEU8i?4vD2I|IXP@tR5jW2_+fb zkn^jMe-K~|YI)a{VeKP6Ew{%CtozKLV8rkXx13q`rAvin@bli}_&ls@HaIzIKUahh z`$JJj@|p)YY?<|%T1ow8uZ#rN%k0M<>-k;4HREcktG^{0Pa@w~SV^6?;~_>)VYsY& ztQ;~4O0{egZ2K zA?BHgKmBop?&#|ax>M+^Gf=uv2%wq8{wj~z_40AM;Y09Hn;Q=(&#B>vgitV-*}l!; zR;1wPD65l}jt(WLH1~ZO&8H((@75d`FLsZi6uX_$d>l_B&tjHpIj+pt2ZHj);K2#l zo?o-YHQr&yd;3zmZ|z9bj@jwex7!ev$Niqy|0)_Q*$dC7HqE6+4%Fo|pZvkv%34AB z*|Px~o;0>BUi~?PjvgDkASuC!**%iaiHukeGcQt60F~z(=NALd?aP%6PuuoN?2dWp z!KXG-Vx^FOFq<}b{^2jX&A zNboX0<_^H{b}igqld5yh$#^qvWYvMSt`tdlB0bIRq}^ekKsu0_y2?Q;Z?9F+3S(x> zNh)j><9e-IVPd5am4?kjReWIotLF-PhnaHfD4$)xoT9|s;wD!-H60)NmD!SNgLdaK zKkgeOG`|5FFn_E5un%M>F!BTV9s@8Xog6v6L=j6{D3h_DL|r^UdgZjGWNrUy4v#a~ z*DxK((oi9ElJ)E2&295(&}p)@XXono^f2ixtdg3_YkbVpvln6@N6u$B+A6p)iCK|LOAmrN5}c@uuIr|T2OEwvgM>} zSTM2oWiQ!?))enarO?;O%p;8b3+gQ9spYrai__;REZp2G4^ZS3-e(>OE%!KwQxQ@1 zkxT5jPKWJyfukwG=flEvqQjsKkLM2W^CH!b!NHIHg$@PvzkURjN-xMD6&+V5QaKzl zP;6lde|K`)`^Tfk#O+=WXdTFQhK1f8eQf0?R=)+iQP7iHIY&q54;&y#|2dh!wx>7O ziZO0z%x4q#2vLC^W#4$#+;o|Q!8^Zy9Y|Ds&W&0=K;quHS}O?Q<80;Wd$knxh`04W zObSlKq?yFoxeYeS@@!GkjduhI-lR`4kaY!&b@=`Ly*&@vG<*xM!g^mEGSu&s<~~N>E(;pO-z4wP?t((&XGV6IQyy;Nnt%&i z{^bIDTH5@!rkjy{pl+b}brJkn zs7dx2Y3Y`aZ=RA%pqHfSlDjO`G|0J+;&^`50CmU9oxU6JN|?~VPkyZD;-U|H=rTUK z1Vgd%{eO=9|B!do684+^OsK!s|8+3#vB92fH=oi_$M;fO=!n0;sIU$7xR!1~oSB@= zK??0{u>R4`iA|w3g^h%8O$q$Q`{ShlC6KB%Z4Dp{=a`#3Y24Btl0a&7N*4nJi5O`{m0Qudb&F`?kcR zf0~mHzt`*3?xHSVDk84x7kv#oqX3l7 zAuEgA+dQuh_QpNlTMzbEn+{J*6Or5TE+S#=iEVIK0A#vjn7F_ zv$(3EW8gTm{_xs;kLIP79(c{?{*@o=x!mE|H94H%}od+cJLaH*mvo>_}EFwLjs>Gr+nw$ zf^Nh=A>&;+>~lBIs{{ZEfDKJ|7MtHj!SS&bOxer|>*nNyF6RkNK!4tslH0zq^D2KI zZI4xuhW%1QRlczql+qfvT}N;AXU2GI8p&v@Z`#*Wcp5%xrWI8+?Q^(Z>@>lfkx?`v z<`yF67)1>U`M4MJ3ZN0}`c9Nr(xv$r=Z7Hw#RK#6HJ;2(Z)@9JuTpP^mdn49!hGWi z$;mjDb{jk_q_IfwlFaaIpW+QwC46_F+t9Kl@~R@gsUt`NE9xQQrH3#`lnu83do7zg zd}!XWncyoYo7HojcGvzbug;6XRKrnz!MpKUxEzn;qoW&K;x-x~p>8h5*i30Ep2w{q z&G#ckzrRU|imywt0`bxgYY4+P58ZEPUHkiAVaoI~UCqC}7fQvdac3_bqFI0S_AU#J zT?!xH5qdic2+$5Cp80h?F>kdpegwGST0CTqE;ahT4IS+aML+!>nrpMxv}BEkwo&s% z-Q6YMgQ1yq{$>tYl4rAy7S=?n#t(CaZDT*-tzc)jF?x{mazNm8FzITafOeg++8BSs z#1Fpl%~hm~4^wrej3^M@jq{-?BMopH64$|-BzN0!Ril$BDuA|Um!ORI7pJ??R&PwE zb&~{OHsAt6df#C!csXxPwPY)~d1ag0Slrw+)JrpTcnBNC0Cn8XeCd*~@Oe)PC4C>G zHo1%iqSkIIbhx!tA-j#8O=vsq-L?eJ|L^^(U;S&6sZg#5_=KrTdS?KE!OwL0EWcOD zhc1~Aq1L#+1kH!o@MUEYpUrcwq3<tN<_ou0k=Oot<upEUgi6(jT81j2jVUn$+k9Q8z<3CNSRb5_ zMRCKK8*hznf17CIux>pby~sxE-q-m(fc_qY ze#zJBr;qJVBTjpWB*q>PF<@lvG(^Eb`}v8oCx@4#?QzPXRcxFXA2~5M^=7w3UU%~1 z?9Ay|#>=QrIxxDBro848=L5*|Q*_^=fbdoQ-2mdRaCWtAk|>k#H~>S$9rM1A^>bKV zKSu_~x`}-TFf?vp*}>D8;cX09ck_LJqJz+*rqs$9mkaw2Tj7K zpQ*wqt&J&Fow1w#NxfU4s z5QSzy<^h8e&+5*59k=@beX@*Q&+}iNu3{UVdwPGNdEXa*tRa4uAyWl9QJc-_B5TsG z3jU3&#>@!@j2-Y~L~z0cvIDqhpz-twx^b~jb5?uZ>;oY4BfabEs<^OzB>G<2hyazQ z-*x`F7Y}~ozP^HQZ*Sw7T;Op=T~4qaAjXUFz@YgoEKe$9AVb?~dh#t(Fg^*unmC^_ zU6t!i7^f4wb$~4aoG7xI)lwT9qKg^PI@uUB6*R?#RkMwnWXx;W{z!P>k26DLTmPKZ z^LJK|&=t}gKu>#5S;lX;LskZD>6-_DzcA>vTxOb_Kqd6){YIn|sX+xp$%de6q>~<= zE*?eQ+tsS#2O^qTG%I9t{F?7f0DI{@oza5;I%6p?iKe%&*12mZ;dABglZ9;Db1&gk zQBe=~Tfo*qUBer@kVuaZHvAFTm?=!)tVj@j#=)Y3OP4}!r;8r>wYnqzgH&tc*}tPd z@2kH^Og?|Dhk-A;5m`jk<(?9-hw0C&Eeo5OxsHtvy4fF9-yCb9GMC_;(Tj^@O|B-= zoIF=u#-~N%eRk>elVVy5L@6@4`bcl!XWHtu_x{jwgu8yqf)2ligBWagadd_uOxv#} zM=WDBqcwVL9X6ROVPOh2iaXGxM4NARM99w)sbo%DS5ImCiqWynU9N@+%l70q|A+Zn z*{$iHZvY98470lXo_CV_<~Ajgsms0F;|7&6PL0l=5u!NCe-jTL8ZuxP{EXjyTg-H_ zB`#HpLW4}cUee4woKKe_=3y#kEMbB!Bg`Lw{6pD)@x*j8|Av37Ddo+c#d6f_Gaxjs zi;l+XtJ6B|P#aws62ce$8bi(97V|g$?shzP#7LWEw5hJH_g1OHh9qEvnYLTRObrIH zYS9SbZd^f+m|;?iLHFQ{rR1JZKEk1KmHq`veSyDiC-z%y)-~@-B#XtVK6hV)TF-`s zaFlkx_Rn3l{n`;MbXg5?Ue2YtB&=;jacvUSCF>}68kP0nl~6HvI+)tYof5dnIeiEx zs_u@jsOd!XpPBjV7*Kh7$Cv5KjTJ*FL{t)0m{;&)ZMyJV?zHsGg$M&tFnNfK!tCeK z)M~LLnFgxR7^wT+dqVh#9^oGacq!8h4Nx!Xi!Q^GC_-@#Q~rP&VY_coY8&K@94*u% zWa$2Wdb=-S{?vOCutq*=U1IJ-f&zj`$$S2wL)yZW^bSwJTCZ zG-|BD$2Jn*wEK)>2Gg@6u?OukD_I)Kc0>bEY!Cvc@sTB6vUF(Ap9l5P zTG*c7m6dq{&FNFvOlOLg>i5QCG}=lFw(femcHpDROHG^^*Fz_%)O2GoYwMKp;RE-$ zM%LHld{ycHaxjY@+Eq%WBYrGU&%|;6z*4D(h#tEoo+MkxT=Mh43XCJ(1vtUE-wlJgBiL4g$sFo6sE|O`X!55FM|LyrNAvRWz2h zREjTD>YLIhVG3VEMrbGgCev3O`Qdn)(JVAwpf_F=j0w{eP;Z-bMEz&u%gE2FB5y(d zaH@C=i2-_g@?_zpzFL6zM-Xm2h=m?*LEPHBSoyX9ph7$M5Dowb54e3M+%NNmNC+-r zq{1PQp}Y;Kwx+B6NC2G%NIXtUE))z0%f>f4G=xyo&h~Us2YzP*aX;pXb-~*lpC5__ zKtLv&pcFdVf}2t~Mi%j;y+U=Rb9V z?@cXR2`y9c=c7%nYT3EcSE<&D);$KdPhgJY6RSDv8pdP-wi0` zQVUAjf`FcldPY+{e=wN=Y4w)UAehT?=j5n=c23s78tq*Rl7$~%Bcb;i^6%giz6N6N zfHF#7tqOXyF?C{Dt-_*vr$JzE-t^|?MGp3VpH`GK17(VBfWpHGyT2xr>B?>eg;Wo& zv`(Cyr3Q~t#wY8AYL}{!?%w;7Y!yRIEbTUDZQ)W&Zq0rw6yyACL+8&&N&;o4*0UF!o)8sd%Dm5js>lB>>WVwJnK(P|=MeX>Cmp zz`@qS*P!+%bK!behKc95?mQQ5>{kfpuCU3ekzBT@UUz=dej^rJ?MN4wMY@vQfqv=3 zu3VO#R%P1pI<$n%@ky^vKEXdF>PgLv+&oy^$OyzXx(&U2Krx~*m2T=)0`8IzfXLj8 z%Ab~jK~4_v*7zg9X9xXH>i24gLPy;e2eBsmnsCR4BCsHlr&I+kY)6SGtEcoymqe4 zI&REZ)6ha*Pk>a`4BqDIewrXUC;0xqAlOq15#fDiidl-ic5mqQqgIp?ubAT5_5JhPU6*IwPNM;>l6oSi ze{M)u680_&?j230f3N+%7g5WXSbO>VgZuRbm>e@aJ{iZ|X7;%e?r13j0ye^DXq!m= zi?*>KZNQ(OjpCFTm1!^nKDEE}!MW+*p&}v?;GrNJxB ztcG$Ce~c#?kb@}cgO{kobj+?7(FE=8?v^Rh>=OF@FE|Xkbx~liXjGBjmm!-_Qi4_5 z(#OwJ3@ur;X9!8fl*lT&hQMO{fHc=(yl$BE?w`_RWx2zN6Hz%Zp@UqGFj(0@u1C$e z$qoJDEc6}!)>+JgY2ZOA#V{%8A}?GmS>0&Kh&~t}7B*r-Da?WD$I4nnHXgZwj%1#- zznL9p(@d^;Na4WFNL2s+m1kK+jjDb3U6WV6-oI6d7vD7^B7ey+v5F{-K)s%PIy-%P6tXjluqN3p znu&NpM=EhH_CX?tHR8v;Wc-i-X-qM>B-XG`Cb#0Ee>nWvn?==WgTlFaZ1s`nGz$iV zi*3dovds8l%duhGpdC)r>Vm4FF1LHD{tIBNp=iTG4*B!r)(Xc=*g zR^w(cK(m+RqYnMxen7`;>1PYi9}$jHR&JW-2J$$wb@$+?Tt%$Pu7%sl&DYyK_?ycS z9&s!S8G_}5G2M&HC!zQaot_`w-fsE=EjWA-%f0=D#Z>t+t;`JZ111H5q9|Q(G$m;) z*XB)yp&!>9$EN3sJk)2l+4a2n=0FHJ=IJBMZx^PAXBP>?>|dZ1t-BEBF{>vmsp}{ z?qc~f2z8}nl~+~|nbL@3r@+g4p#SKSPII7ww&xP*JKE>N|40x+?gIr4XA)*?RKh@o z9U?yCxCBjaK8O^71PAK6kJXKN-!L|Gv;Y4aKP=O}%i{r$;S1MO_#j34_^FJ9Wwssg@pcL>sUngZtK9lJ)$n9 zMoiy5$_1l@)r-)sFD+uOczH_S-S?MdAI-923mhI(m=s?+-vz+GzoR>j1xlC9vbngl zSUK?bt?jT_F5r_+Qnfbd+R?P<| zO5P1Zt=?lSsQcFwTdB{z7eEezpkm@;YW}(% zA8JS%9dhw>*4gb*R9|v@tH$bK$RGa)I?_M3N90ABqnb2V#VE)asmXY&4x&G=u{lzl z0oA%$gp#L{b=DEe6RsBS@6y|wdjjrPzcjPaKym&zR02NN4zw+_QgGTfxc$FkCzyLL zN!1v-bSCy=C?`Xuoo z+8YIKET5wX+IzZc8S%Wo6v0vo=P4)dX!+9x5k7fRSpI@t=mx}$a!@}W@q((F3OxCM z>QcOKWf${?68@ACG#_q|G^>75IZ)d+EOq`B(n~wXZUM$3iGhvQi;!`-xn4f}qcg=O#6;g`f^3Kc1laSvK4|C$20* zW@bz$GL5nepxNnle~k&NbvaqEKimQFK1&Z`nVp>q--Y(p$7$I#?>x=d`0g2;0&<2v zps*1GoK$KItmrJBjuAv?qK?Vd&*3=n}^Cfjd z$V#rCVuDYwGdfU1?^?@bFqQ1ZniqzdI91=5He4LpkNhObf!kGzif~#XVUfyhlELZ| zN1(s$s^{nAXca^#D6GNib61mWpW12!^JVg~)5=Pe#m(AB-MnHSC|~=vi-!}YC~@f@ zaQW?_YTwW)!;zJ1TUwSnfB&xs|GW`hh({VvxX3M-yfO6477tTVG4|n~?(ddyM z$bA8KuNWb_qvXw2lb6M=eCx-92|jiW9gUyeOZ9PGA}S+Pw5uTjy;0IPMKXzNk*^>8 z$Nufbm6722PL+ygk^GO{Wg>f#ZbZ_^OZ=0lXiQBk*~k^ zmmpvDJlF_7J>=hqMzmwkF+*q!(Ccc#_td_Rd zJe&b|$2h06hG9Gjx&67EEOktOtxeLIvnDn=HY{XGuQ0o;rY^nJ)2Bl;2x)S3HGtIC za+6+~BY5!JGIsR#6^+AJqt1_IjLZhnVc*G*d+xUJBhC`RrewS$Td8O12bxPpD=K1A?mYylI z-uNUXbyMrvGbV>c8T&x_`!2uiaIAPSLv63Z@WJd`l3dlz=KMlPCUJ7iH+YARKlerH0cfLTGMSqSEydSzcUE5N_a0R1}fAMq_0p765C z7uDJOzK>wPD;p-g@@*3-$ND@6@^k>+pajR|uhIV7RpC%#{vH|8 zCP59AqE}K;MoyFxaioy@InN->x7UEAVTNsq9MT3yS;is%he&c@M&6pYjbOo0OMcz0 z`yQu4Ljx)|MI&$n0gDh0FgHBtcT5~mOS_v-8qbwbVAdU@C;Aj<6v2H4nce2MT4JtA ze}zMoS3JS;P80kb6qaS_DWEmtrZ}Hon%#SG0frJrQVM4^T5*qBV>mr<;W06=BNgms zDy^s(vt8T$U-taF4p2Jn3zH(|V}G_|N&QG^vQyJVyG6^(Xj6*$+{v8`BG|DnEriUV zCdVR-`)M*kk;aSriQRuQ^j&W-LY;mL2?>$&w0){;Q^5~xp&)RE#inWDW30S?6=gYF zGd?o9-0FJ9oBO@*1Lo~cE>G}vFkF0MGK>b|sP;Pw!D;aqhN)X1W($K;e4+#R44=3wLYyVb5+a^;jPy4#~JZ%9S z6^rlR7An)1mN@+@Z37*kSK8vMef1G(nmF%6{JEb&CV2y(FA$tR^Dzk}4{1bP2*$JE zgP*tyf@W41xxVl0%WuNm?S3?DJw5UBynK&+Bi8phQwOa*ta`N`M^sF4C{5MqH=hsn z{x)hQO%wJ&=oPb2VRxbQt;tmz6-@;#tq4If*Z`_$hRpi~+=7~JlnD}o9Ydk|?M0tX z9}CE}md6l3FTGG=Rxg|*cxN!V6?wvYGF=UgA&<-RT#{F?-=l*n0DHDP4w!DNEiaF0 zRuU59kKW__TGN`^xSrauHZifmFd~SE~C0ZvtwG0ztk zTOuh)!zXWp7~bnc-CXZuGNHHGpa(Z#4GF>(aGPH5CMv#99Tfij`Ln6I+HRq((VF!1 zY!=za_FkT5R79Rs{{6S-_v;&S^L+Fqtu&e>{IDf_d?R7HWFyU4)P$O<;Ei{=Ybttt zZ+^_^cTE$7;NW0B%y6>-Q$qJw5pPlnb#<4fse_j_dZ26w^pg1Bz*4V+siV_Z{W6Ow z2V4qxypY(g7M$su6RD}`B}7&bmo$m_>RTUq2c zetBrVKtkCZ{Q3F{3D~im6L46~m009@+^5_!F|}=pp0}J#qPeVbZFplX>UrQa{rVtu zbIXS6wOc1e?cTX@@o;zNLBcc)Qu5%DmgmWtZrqKg`G5~kPKn=ikCL>MhB`Y{ixZNM zFE?;x(49UIamS4BI8>P=>PvOW;eS%yngS4X{T6(UjVS={)r+SWK$KJKe5CSF;QH@O zqvdh2NTiiOG;KM);?E8p<$v4h1)2X@+?0CAi2kjsOA!xB0&E9p6KhKTmal@U zyPmD=TDD;yDF4w8{}W-GTbKQ42j!(X0P0k&kdcuwFby@=`ZnYl^;6~4pKM57%=fca z$_9DlcUc(QQWYf-R#MeO`!L`aU}G21i;rKj4}JPAXkwyFypN?Y#J?&lEpT1Q(4N%w zaa#zy$K>ZB^UTfEe##06hMLgK#@*H&rKW5A-cHWV$5M)uR7%2%7M%rL`^BSwiXPK3 zM<9(bejYe^Fb>PXS7i{#E>WS;Wk&Ap=~2*XxO2uZY{cN?Fu#5?hz-3S#c1ZdSbAc7 zh;aJvQMB^&^F?e|o8&(!r2Xmg-5F9DlP!<>?QM==<;<9X^CJVZjLubOxd6tVl@{W| z4t|k@19B|fYE#}Xw8lcB@FAs=@S=o2GZ2jWyy7|aA&fN{4yDKvKDH#LLs3tAs)|BB zUaqb=r3D3n%7ujg%(IR<_EL2Dl2qDRHYElgpA`Kv9{$qTL}>xyzM8653EsALe6Fv0 z`WmkHrq&Bx68t&BWZyF8$N?)EWML1Cp+iC%TJp5iSgx^9O#*4w;P4sJKwDF~?1Kj# zPK{AY;_&Ikg^-R`f|WK_goKU`{^Q}O_x|HO`pL@5Y7|7VG9`4Lpb|^*guyG-XYUVsD39*FAWnNIABC0~XJal~;a##WwVlkxJPy?&0B4L)>~9Wy}nkJcBz)cwc*&2=VD@l@%6+) zk>@?C{i4%;>(MlJXL@)YQQ*HkuLx4$J;Hu}JqRtUuHq>vZ9lk@=BDIc@edRw95qrC zcob05j#Ac*Is3hNsOAq@j09HOXUgsY_%}UD=!(K_@Vs8+#KY3dO9uL`H3hi04<7{H z{s_Uxx2S4glJziC90sk~{GJj?#-$vDQPKk~Yi}*?ugfjt>!gsOA@(o8+0j9X(bn1| z_)zreuP>DsX$YO7^&g`!qxXX9Tv82}{lITro%bu&JBX2^hi69)OrQS$;HaNpPA1k| zZ*f504?~$T9p@!PT}R6MYYtRVrZYIcWKq=tGnD#_O8S9xqcAm#<(Lf{meCyg!ZSZa z;7C=SKqd%>By%AgnDguK$@wS8RoJfl<&Cffj#N26#EJW1`Qqmkf~TNL^8FxvNjA_P zF%s!QuC}qO33mP&mJgEZ}Tb zw$aH^k|3IFxc~!*dAxOpeiX&=G!`*N{kA!jr~hsx?`wx6L;DTzePN9|lrY;vFB1WO$NZIcusliv{c!?uspN6XeJ3vS! zHpp_u`PiHKybh%b1VUJ>Kd^*TLj^XWfCj99zjB)Ui`;eJ|4N zEf~&Emw%a$Bz&ZGaCV%5hh~;kH_^lnT7+vADWmz}>`z|2qH)#44hBvcXgnA%`N2yHe9$qThB|4#n`H19xr4(ASPSk+#OVno zDRpvMm?{eq3{=5Bl;suZuFk?1iq91=N&rW10PD(P3Q$!@oj>mB3pv%G|9>cQblnXw zuHCQLdq)=+D(Jf$VRb{LaoLkj34!@RaAe+pBmntv1>J9^mio>@p9i6PPvxg&9j?4G z`0Kzp66jpCdZ@UwMOvs>xQ>vGjM6NUjx&6BV;Yz^SC*Mhgc)TBjs{VBY8&#HI}H{j znE`UbU}>AO0$~Jqd1+dFeE*owhs1x>;aGQVp@T#^3@(DAcZQgJe2$2OK-}9cJ03s@ zwjSC4U-NO%)74DY|MN@kZ~k0PTf(taCMgqIb#+a39>-kEhwkUmgdjLLIJa1M8mK*% zxGaV;nh;hJ0wq$iKp4TA7((dRXRwhlJt`rr3Edfb8HI9A!&R!YWj>?PDt?m@H70tr z7<&m=aexFBlDEbl-#-{5+_?F^0BCG_!#)wB_QFQh?F`pBzJ<)dAmNJV0K2Y#j~~r? zm@czEi2iSC+2RmCbVZ%jR~X9=-2>D+o@;;&bF36xKgJiERcFz=epaw-DjM#AhzBjS zcZO}QM=DB*<_#=AD!~-vb={bj?8ms%lbAftK1Rk0T7zdzM47^t2TGVR(B{F$%o_E8K>=khJ~L6k@Y-}irWS7FfIxtB7FsHR~i6i z$Sl$=qz`E<_0g3(;IqVnES98Ffc#O`valv;^c6pZqQo*{c&9E|g(45`kc9249C##` zXK!TQzAOD#sVUD%&e+7V(6bFh&q#OIqx{2Zi#t;b@&8I=5c64zsrLKXFnG`FGe0=6 z0@zR`*jQ1zdVY5H5jQd*|M2{fDp@*SH%`jc4mE`48tIyrj;^4gf!%rJW2zp9+xc3` z!}Ho=Qzfgt_p`;Yjpas;&tp-LfmW;a+l6Pro1y#5sNX67UJg@v=;V8A#ooog&#Cu+ ztBJVrez*Jm!W;f}-*0@6-?95y^S?L1-5oDt*U$a%n!9fMeO>pz5)WorpSNB6aTV+H zo#_XU{%$=!mkAX1KMoX_Ce$UL+xd3#zUm{uD-RF+biKF7#W(IJKi}M{3+MfAKW}+b z|N9`YC4PKf+&?Wp-$%mY_iF7Aw5;Y&e#`5>JN?kn{YU?^JL{ZnIPho1O9lo8$r9Iy z66gHf+|;}h2Ir#G#FEq$h4Rdj3D=WFl zO)@j<%$zf4@3ZHNhMGJEDhVn80KiaG0BQjMuy1c+0mz7Nms{_Jr?(5dm6WO!0ML+# z_F{_g_L<6DK}!_?@TCU;g2MrTe?JL60suTX0e}+|06;hc03dY!-l-}2_64GuvOEv~ z{rAZ4Df{+z2gO<8gBt*VhWGCY1IYSL^mY@;T~SpQX$=+?mzX$aScB!QMSvnuO2>Qc zEXS*x+_L4h??Qy9D{phoPhCMF7!U%O!;#X!m#WS$JnDI;gHIsU@SE~oy}(&dFalF3 z?3^E3@z@5Y`vnO=}rZ>x(Y^&{gR*r}UGvZoSPA%!Z<`3P<;Tegg;|7k@LB@VPEN4S_zYixGaKSMiSs+R~ z!Nlnq0uqG(SQCJR{{0DOS2h+%1JnO2b6%X^@wcE9wJHY2A+(GP`f*wqFW4OP7<1sV zI|^aTRCy>j>?f4OH`KYkd!4xF7}Zye``53x=58F%6o4vIC3jcQ5TIx^*Jx4K1Es|c zhJaTIgS~p5zbgm3>TDziwkyuE#lu#Dd#0vphp$rcXyx7-Fitr-If32ohr^->8l#R9 zH4V$=4(4s+ov0|w1@}Tz+#06mEEArTmJb=~jw7 zN=bL(F^bGkjlY&|G!|T1NHOq->W9X+09-v}&ss zWzAoLk*VYtlElM6`rehm9*K@Aow{&#M_*7r6xlp3n9(rHWL0#OY8l*^`@&;SHO{9p^`@lJQUmd@9I4>FM0i!c6MYHXd){kYjf#|$ zGc3|ll6IFy2{$SW{EFAH_?CY~P8j4~1Q5LJnHvz$Yp{X_#5P&;Uii+$ z*-QRe1)!PF=Z;n27e(_#iA_M^vzIIpQ&&pF;Xd@i_H7bJOqPDHBAx&4-F2cJ^udyR z|HUw0CfOeIojS~P(_&Bxpgs^uv=isAAp%wHVP!wof=yXYW#H=#NXg%F zIGXrBQ)l8bC3INt3lUCZUpplueM!YI((W=DV9odq6EB2JZc(fO;mH(n+EhLu``6(Y z?J||lgRH8*@Trm-7FzYzh<|)I{Y05F;ZZb+G)Pdz_hRcEyjs3$-5gAIVNqeea{Yn- z=Pw-I{^xd}-O4Ixw=-l!6@&<+jsbtp;6tHrlhMY^YE)dEjW@ zhE)^aFHW0kU5Xkn85hKsvda)bAZg_EqNx-L3x`q4|Lm8-Aq_=7JF64ZYcLRI=q)rG zLXrFzH7-}2`U2i!9RY)}pb?o1%=@2ozcOKW*Ym3|w3t$MCB+j{>`(v#oBs2e91(8L zI}wChMC?;t&|V}%e6#0Qp3%Vv%&G?`JD@b29JP`Zb|wS^eGu%330=zqgG;M$MS}a$+5FyxZ?Vl`Z#z9f?-n_{p&> zI6hJ0wNM=Fwgn9YU`pK9cLYIB zm~sdUf+_MN4X%OJx`nW+aCU$uCGukV%DcB`1>z61Vk1qg{8{#R(-H{@1*X4c+&)}*WOd|o8Y z0y1{Adn8mlt6jkNk_7U{(2+>88a7pqHFHqAGY7zR^|w{q`ARJyVz)n(c)NYgi!m+yNt^j3 zWl&v@vvx2{gV8bcp(?JcWbyHn9BaGAEhnbnO}|we#~;tZ7-#+M{MI(%U(Pvu5eULP zDSlW3j~QRl&uC>Za3#k!Y^fdOj!yVF7| z6?hJq9JV80Ul3DyIHy)+K$+cd!MCmQx={2L4ofs++SosntxyM(QC4HG!%n-v#Rp{SiSH6ptWJc-uuKReZ@M0xx;SA5m z2}|n(xcUt*0a;b&5V`;Dwj2AuH5(Bx#PhkgvZCRb7am8R`kP3>d!%!WB*k^HK3v(S zlO(_1xESUg!phNezs;LmhJXv6yj~(4m(8c8CQQ+XZ5d37v--hau9>E;pK~PRU`P)< zw;k--qUUd}%y2M2qkcZ_N;trQ4|^E*dZ^a$PQq*ROc#)DIGRzn?s@6Cv1=v1N`9m{KEE$BOzll>}2g&k!Iow`U7n)W4 zuM5#0U#ujuFT00Kg9Y<{RP0iJ3vZQEpdWb+0Yaepun}51C}B$^(>IK%O3>@&moMu6 zp|R|pM~Yj}--qI(qY|%IcurmCtsJ$Vx|YsQPiga}V^2GNhNlxz!o&1B@uA6t$)K;= zM3L0NtW`opKC<3jAZ@?bP{oMW%BT-z)}?73q?baE>z@+W!KR^_FH_ZSvYNCNye=Pn z*p3n>0hw?ayGJj>jQ%sHIq3BouI}+B&k1hk3*AAv<;)!XO{uj0=}{>u!6ekqq!@X5 z3t@Q^r8n_Zusydes6wanlrn()FlevH=w)?U^!Rz}VMO3IKIr-5=Z(ntr-o6AA_F3> zx`0VL!|{-yc|1}9)vbmAqz$o+Xs){&WS>sIOxV+{y854Sry+-u@@TBzF>lJG*v%80 zY7j&T$uJ;coZpccD!)Zumq+na-HW3346cZyP{Oe%)K&g3?_%A&16>@PrU#_zR_SfL zljU$I^$6KrJ)z7uXf^A{CVi}&lQGDkA%lKT+>T7lMnv`Z*{{7e`G<}nJI z1ZDNTMaY`==iDybF0YFetqPjAwf6G`3{BJvp_i;NEZ}pwb@(CvBW6Q3 z9$wU`sJW*!a$pPC{4ZEgA~TEaW;v*Wm!%wgk@ zX&UA0^~Yn*f30+VJ6xR|DrMdK%70Xbo1|#4EWO;)9KZ~diC>Jz-_Jnyakgs>(W7R- zg*v%;%Pr@~Ppx@ZUM`*D{6yB&{#3H7-b0{z3l*z6A{Pdb$!7&VxwBhl^B&CJ97_y( zD0=u4gTwHja1JBWgiu7!1fMAZR~jEy(!|Qg9*S!T=f-X70h3@p9Ml839NTqXJl9|^ z3WnToLH}eneXd#UvAa)PlIRVY%+96a-Ephjb^wW+Q9Dbbc~dZd3m;+qs$8H&O!uwz z0GQkA?$2F#^(}WphbW*tJQmpWIu%M%E#gL@%Wi4zu?p*?6H^du?NkT4_noekh%S!e_0LA*q1^v2pIcUQ zh^WiA_i(E22$3#G0qXTJqrT>=@GcoNw)TxP4$YP)i)x`1XjC8sN%mf~IQe54d{<;( z!k@T8ct@-DUxe`E@i6FnEXON;(92+6+LKg<4)RyE!bYazrd7QcCEL#eN^v!%vEsLw z)FD{4awXrQ4>f91^SD<;YRQ>Y7^wFRhXeTI$BUDTqtwbcg_P&Nsjc<;aoZgGvVkvJ z622m?C+a7_C72@wCbXt>ClJBNUnF}02aKbcA-0ZMH3tL=#asFdBP1|>zaDYnLm+$( z{m64kjly4)aQG}m8-0)fUK<{xx5Z_N?D!MQ!}=fom#tzFf?k+_LpHXyw%j9?CpM0f zu1wbBR0YHyFR}Dc>;`+E0W5Z`Cwq!D5G5S-b7EM5sl@@^5qYq*CiPzDh6x<2^rpOz7QMw?iJPgkhwPHFsFzScpgHA4&K!urmV zRYdV@QzXoRLF2$BB&Ag`fSg9VUR*hE^h&tZ2+*Jl zm<4T4Sl!Zmy?waa036#%J-U5Knk;w?)cU-5qEq4-Ze&9Z9(pR$Rv4mXm%67JB#BO_ zmH16X*B=(Pkywl??)*21^oKD$;4}zp=6ggWy2UqsOr?PSW>g=XkHpJEZUs(34Mnry zAw0}KD@w*b6ywU0!j=&cY^qC|bu|cv+4&U%Bv-}XTE#SKR^konU}&Q=7?b2VET$`a zbH&P^m*!KR%yAJW=yaAzcuM)G)aYKi?zk-U>&S!9Q%hd$0uY~Dq)oK4RnrdC8V<4D zD|8OtD3iabfH$x$EvoxJ03Iq`0@l?R`I>NWtl9zvQL@TtBp=n%x6ilg%~U!@ZtC5r zqYj-^uz-Rv5*rRLE*>8ip+QQo>KaFSQzxd ze#>tYHyDnoqd$LiLt2el*omqj{hWcAF=u**HHlGP+e)H-bqazu>H@z%RL1@{_CK`k z{)y!{xLxj})@Dqz&-i6Yl?o)8*R*6W*Fm*$Xijx-dzY&CF-mM7sO>=wZwg#CZ~LPw z0W|hT`osW6^9ZP-n!~h4DuMs|0mH6sC0L?i@Gl~^B|?lAgXqx0Esj|VA7$2>A+5+kz zP^f%N&)Oj&Ri#;9=N?eE%2%Eim!?fT&euOGC)AmIrI%Eft95wCAi1!z5s@aj%S7h{ ziQ3kPrIOm5fys~rMzh2WWz=KyeuQU}^L_8h|3Up%hod7hr2a{Pt?p=BLHntKIh)hu zt)x(+*4A4q6+lhGo-UI&c@4snEibjV;W!i_4OvH?gdD>Z;3bN>?n&!dOyJCSMkeWt zRJ~t+7_87t@Ikh1Y)rS_RyrS_yM(-i&-NgkWVk+XaIKaSvNw7x(08SJg+TOwTR>2( zj2;Dif7i4q{p`}F5GOA$FLQw17`20t20JqzLQswTu)FTS_b=j=D&9l^L~?#t*Rb|5 zIu*|f_~o=*l(llE+sOj%x zvHn^5cqK1B{I#MfUkgUQ!1L~7UC?w(nY7{}*(~@OVV%E%9n;n5$Xc2hfroza;GJXd z{sj-<4G$DTn`DAUMK-~45H1pA5mbZSkZe<0~oV9pgh(I~8?mlikVfMY=O&?OY3~B1CXNo^A zSqOXB$?$ufzVsYyy+#W3?j!XJtFMnUf($!ZaSqicH+g_ z&%(AGr3Qm$<=B)^+Iy*%78I`RQ8 zm4i9y)@WbDB=xi3YZzvq`I>7eRqS1j_WfB4^0-9u-hTDF@3I?9f>($2edR z$#O)Ao22xCdd836nLN}x)CrA{Q{S!EbW|(@OMnp}3bXT}?GXnR?&ZMz){mgRKP~9! z7%(Rn{>stT>!T06uUM>BBi+QX{=6WBEXy zJnjLAaWp$SDx}japdisYpLvvDM*MwQsEjFJMI5_io~|KwB&1F9aNU7<`gfw2TS04f z$CeEdF8}4iWWVTEQJ6no2W)mYZgd{EI8EikQmCAgO{s&g?XW?)kUS-`YC8 zx`7>Q*0m%D3l43GZ{iYtahi3OtTV&8?tmDX~VF)poQZX=As&2LJ8U zGHwIr?JtGY**jisuc?38*7Lde#>sTN$f8x@QD4je1|-X4M&TU$%A$ePR0 z{&bJA=U29}V)(|Oo>roqKE7&|2WjSb4!H261U=2A=gw0Ho@nRoSxG#Xyn@^M9Nq}? z@2PgnwUCXan(TEy-zRHF$Il~i#AiMCo66#lV|5AlBU6^Um@u$FUe5!rxX)~a|1}=r zkU-Qwx_GxF_6>Rd-I`zbGFDe_%X!RO2^lYW+?SV_Sa8|(c7_N?j{7)^u)<+y%m#m; zJj#3jTKSZL$%s>Io6Jz@ShSUk#prhi7d?XYK5GEFHPXL!Esh}KSMz6!i%if8Cof=k zl}OWj9EL3}Wy1e%e9KT7)IDoKzq3M)L=R*lRP@zg3Onj7E@g))2eDNfS=)uiVAV|4 zI|vlueEqri{XX{wv^fmD`2Yoh4LD$s;e&@&4Vc;4cD74nZ5mnT4rP!IiM2YO!1 zK&$TR`nXi{akORG_&NX77abG*dY2ON!n;lQf1$*9&Kv5tHM;Re0N$SP*#T0cC!Fy+B1={uEv zj)%4K6wTRC&a^uL*wyM!AMB-BGOBCnOW9G%Df&LgMN7jk&PBUp{b<))X+@JXS`L_Y z3WRn|1m8g`?|jUK9EJE_(yq>y}EjS68wR1@j`Tq ze*MD3QK1ZjFNMvCf6Vk&a=ZWal+Z>A=J1y&?&^xtsu(J*QFni&6>7%rAm4(aG+k|Ru}Q|s-0f%{2TsySoFTmc%owK zfoyQ%bN>ziE}kX`(t%;qPETFJK*g z&rC&V4EQjZQ@OlQ%{;Tg@7HpKYrV-s@U*N1)Fok;ho=p2qBd(;h$YU8 zLwo{#u9g)9_7vLqX1=Q8#59Vl%W+DX5Q@P_l}HCw0Jo7+B2hIeU$jA8OIbS1vK>a7 zd%|iiX>B--5zV>djwDw;tCpjfYuHue_v ze`=WNtpDcXI#Qs=<@k+yqxF+<7%%uvhcvl`7K*Jo4z{c+&|Q3dm7rYsil|#P3WWE( z-=V_`Csr<79~O!0L`U`fLxpVmF|lP&7jx%Kk^iVXi0U%&r&8q_ES#5^ZJyN*Z+GS{ zBSEZn4YF*qBE3Nu1cm+Kr&r-`DQp6+?U0ZUy9Lx}fykDWF$gJo1`%OV3Yp=%t|xyU zMZ2rAkvzdG%N!nRA;@#zLvp2xt1w!8kYHV(bK01K@B5%V{#UV}*Roz{W;mPks45wB z>2)AvqN;F=h2yO%2x`c<&voZc)hHTfcj5f=%>}PILp)u>{tv-Zf$9P>mzk|oHhg4p zcHt_)1XXjWCq9YP@%w!E<=JTD09v2UD70G)!qwU3>C&7H`<2hZ2)J zyi8}S{~3GlCb;uUec`p!Uf*Q&zbK;f==`{+;2rKqS4MrFrk<+O>SaUoIBH}Wu?@JRuu(Hth#q&yIEKOGj!umu~(@SXsyvZoek(={6O^76976 z@d*SsQBI3PZUw5Jt@`fMjh_hEdv28{IC>wN(w8@X0l#W*c_A{?8uUvB5_VWH6v7ke zK8_HDtK9OV)FO4RHEN>bz2{Rxp=tfOW2VvaOOiABrNF2myNIL*J^q}tO6HyH;JRn`{~ab;zGdTC?B{`cx6p2*W`x1~sz*S+@Y1{P#6iGwyw2293pDY$pL z`*_yjWcqi=6P0%GLC!fP*t+meEoEH13nF!(dh(_)VJfMq(Ebm#wObOCv)vv;MaHbitw5zTN;tvtjy?ARD11^*^{2B9t8}7q*4B_N+s6f-a;Zd zxIHDJ2`~aX+?-l_ccAVhc}fsc1#ia8_&q*9N~Q#X&6w1Y%y53pd#aP?XX@P3%Uyl) z!JT<}4NN%jxqY4T_rkmWMZ$FVWFu6>fZ`&AmH+`*|C{WsS2WJ^yvN?@Orh)+(j}M8 zsOhd!1Loz;3ffIKW{~*(Bz!9N@?@cNFlSbK{h_KkFFnQM>Qs6(haWyB~ zU_^p3uS6>)Sz&T~5$D;_;Q(HbV-4p(T84X4mWcu__rkvJ`garcVNrjjfjX6a{4NL7;#G)o> zqoc^}-OX&%=45CplG`}nmZda%EaR|3#jkaaXVH7{PSmeoq93D6@#7l6Jx!&nImp(G zaa7FBDS?2F@QG!0!SA%C>NFr!1@D-jHSu&jC`$YNPfQE)qBZ$UaBzd=Bdm=ZuSX$B z6!vfrmr)YG4ke(ELF3Q8o`b>%Q@J-YSsr%TRSd3Rmc%`I!d%sDB)Z@9T8{4uIu{fY zf7UG+;6UcxO>>{DPM88!HScqmA^DwrhA=RSDWT!%^gH3ar6#VYK+Fw05FM*#!7q)# z=%_YFbG2nbBa9L%$s(Nhf{Q?zXX_#^CFi(8q0_4kJExHNb=$|i!k#pAr!ALH{$bwl zhSY-Jn1JXV!71yF8g%$b2H(!vHR^re7oSn#=iP9-2>S?{#xBYyL~4+v-1XQDCwhGU zHuBeL+I?oyBH(7E(Gft6!5)MVA64HbUlY(uF;>vEq|7a58>^klE`4Sk!ap->sy;}Bj3Qdgd^DN|>Nh2B8f z;GJ=rkqc08@a1^vIa63PxD+o*e_D>Xjr}eu#`~aRO+#HeDOa*oI>%UZWt8a7KRH>| zb``<#f~_PTid$n;+x53|3Ibl|$aRhV2lI_PGX!1CO5PDD6KFV(uE}4*Q6?wp%7}Tc z=PYS_k(-yML`5K?h}^+Ze$zSHnh-rb6_imvJ!#5>>6Po6!_#1dlxZGYG+Q%PG8IYI z&{XX(_R^;ICv2!vCZf_Z8-|l?V&lq2;YnK<^YiizX#HX!$cooG`(vI zJU3K(y^ZPs*M4L>2lZVG^5&DT1aS~;A(~pt6Uaw$EdqEy&x& zc;6wLJO;cDu(Fh{KU-(_&=`E39@4P_^w&|<@3~0a-Pv3k^(75*HV0AoOf#smPw4h7 zs8Sd~%>!G2$qLqraOL}LPEhwX;*{tijojZrUR0~X(&-GaNU(n13-gz^d_1ll;Vn6g zC3+KB`JBI@A;0&*CzK=JSzVN$hSN4Se*HZ&k$t9nZS-Rkl&nA(w)5IpZVu9nkS(^T zJBCPik=LEAD|J;+bB~+y2DkAQ@Lwc2?j{!`B#18)!<(Tu^P8=aI9z~+)UIUNkbF9S zhKv1z=QBw$n3O7kt;*ZZ2*5PC$h?_BN%XH6TixnR$%E{x@5#V@`Bko4tHrprLIH^x zo>@gt?f;C|h4d!Mvrh6Kvw6N4enh&EnH319VeHaN*C2&;$XH3*kuoQuHL1qM&keKv zMMX>NNow93jN|gReK%nr8h8J^_f7ra>ol|var!1rw@<)tzxTV#+yru1aHKnupM@If*zDruqgafuQz7e$$zkpAvJ+-yyF1wu)$3t4vyipp6-uchc)iV{|^ zgtKUI3LEUBF4mW|ane*y_vWK0B!$qguI$u;N#b!M@H$m~eIDr@<9b4lw^3M)kL_@; z;pp`^)q}fSYU{nD4D6d0f3~k}|AVSmYt*rMPwTbg9@DhxCY+;c!^`xMPo6zOPuf(& zu(B&Sx7D@oy^#lu-*iIAf~mN(b_ z@MpTw`zP+3RQCf$$=HG8Ow5JRoe2NM$$$qLcdps-Z6;k*48I`bm(XyCA!jnNx-J{V zms`#y68$ga9(8r@@lt#TRM|h`@Ey!dz|k}&Q;ptYk5+q&Y6ESepR+0wjj8mAKW9|!<8!=xa2U{?& z($G{)aP+;rS-S6W(&_qfI>2#h3;OC+xl1~qxSBYRxs@m_PL*Rn0Q`osi27U2AIKJ5 z_QA=Z>UYts1djREjWt=L-lBYfH%@Nnc%3r-*_IAo*sO&V{=>*9Rm&K`H-CLIuCa}T>l6Pdl4n|7y@*n-f z{%i9!!M_i?3RXOIb?<)JuVOsXeDu8dv#|xiecu-zHu1v5qhP&kxWViIJtl3~^&8Qv zwVp;jn6nv^6FURKief2xo3q?tf3#FTYkq>^V%%TQeAI;jD9DV9JI3?r7Zui?F#ef$ zpwTJ9^CHryl{-HP3xV-vCYb6xyLmZCBR#V&IHeA8B1d$y$q*qIa%XZq+T`@;ZaL)( zWlt+;+iC?AE*DAfe20KPf6$L=Q7(^6wVf)$r)LI#Z2CY&M5>{?@io6Vsu)*+-g2El zl6~2EMzK!xI2F2n|CVjP3{zG_&RK+d^*-V^)`sb!80{C>;-Xa`fXhw>C3Fd#@VLX0 zo!y^cktbI^$;tgFQ=zY%77*^>Viv776c5M!6ZPJxgtp8g+naGVWl;1{sV;yOMRS}w z+n#oxpJo=y;2xP<0P7^-h)^f!`TkcfI-Y&KfT=7Z5~6X_?E3Bf-@nFdYinjWCjZUm zh8pB42M;A~gy=ougRE+L(fkeCFuvM2_T5u#UdKaWp4ZOF>qnpZ!c# z39G1sd1t2)BW^SkgI3eU5nO&(T@>4T8yp4m4A^5j2Ueav%p4q5(sW)9YT?$G420+5 zL@oe!#Dr2=Y%!5{yXDF1NOzSuFHka}zO)3}j`=FuItr>kc81u`+0v5{N+Lc#cN`yN zyF!or0-jFQ;I?;=C~|cJs@$G`?H3a$6EUSJbS(XrZ}woUwgTj$+y(fZz9Y&{)t=~% zgZD5`*W04LwrB4mDREbAFH5P|k4QB^mKPx^(Xb}tRT4@Wl#+`Po8>e6_S2|zB7r+5 zKSi0*2Q`oq22(og#@G*icf_mT*i8dZ7+a$NrKHYjd;3iYRnybc!|k-${UG9tz`*5f=c!%>>swV_4>+lkJYK296b#JZfoa+De|5c4?cSfr8<>qTPydV7<9VEA zYv0^+nf7_ilIl2=bfW~LoKvd}ExO2I&g5kIY0XOKC;T3Fc}#=Xw-av=A2Ie!Jn;lo z#^vKGwleQ&V({)tV5?Jp5d7lr=&TtOw9* zeSOo!e&Tn7&MT}m7RQax0zoJ6)lB%oD0PY-pLs>6 zu)2gFW5%fvWXe#WW39qBpLApb-n;7F*^e?f{`s|ovtjVSp5_*OtMXmM>2J@p-R}RD zMj{gWw%mE@M0Rf#^`7K&FtUCEduTOSE zd6vraCFS38|Amm)?Q+YpiL`<=j__kV+5vKn>J=cIWla#iRS}UfdGhk9ovFe^FZuYY#G*pe zE!?-@@XORM;ZeBez$ zx0bd15n^P15Hi7?pWVqTmmk2k0zvn%r;-*lS*j1uutQUOz@(4P!nX!^ck@y?U#Z<- zu;@MMz@8)d8-5%s*>$*<1QT7jTJF6=4k}AX&BHTNlD}!nK>1&3WVkf-oH0_u>5?{` z1Vi*tIcni7%{mH}MLl3DPEh1-k}d4Ew2bgqkss|>yHgU7+j)`P3%|fMo3z)9i*t_b zBiZ87wx;FkpDD@&Mgpea_=)bgy~P=b%i(2>Qmd8EV8^9Urj_N#17+Vc=BE<+potFR zmMMr*n`tQFC`7zj@h1>*TJgh&GS{*6C#JM#oEk28Z?&vQ3nUZ)MFq(M?tW(*!c@-0 zAJpHh>38|GFe91LkdWg)YkkCX5`V>}OO_JpH|BA8MlE@X;UHbAlh`>bO6=Y}sjAzr zh7QC3pK@?31_h7)a*Q^yK45pL0E2YNi`aa^VSX0=nXO*z;=o>KQC=x9tmQO^FSF$n zab#B(>u{n}{9f`*aFINlXVqfBUHCeDYT##)1*Sj5HI1jO$k(DM zfQndcErQjEv*;htc{-XO$wa~>mZQO?1owxZMnul& z8~kqadjX~S^E`5r4u&Ti%m_P}m?w?VqpVvkiJ?f>*BUkszP+~OH$j#bXWS`$p+od` zHm>E?sN4LK@q-O8`)(c)l`uKjzk-ySD%-lnKSm2Z)sHbk%oBYP8Ko>FQiU*KSMyq) zh}oWj5*;_%vXlhZp%`xxeuPu&FOns4YJm=>;BLL;uN+~7)G^6%nR6Z_S0?;&tqQv3 zPj5%#E+BQ#*I!;7ec#ms|Aaos;r#Zv~GqWc0yqD_WWp_*_74@!gDH+Y!#N!i zcC@-lO!05TIHDBX7o{)mGLlQpmcV1W%7HR?B$4f z{atCXTR!SrNBNW?0}k!LbGS@|UHT?>b;4{(un_NEf}6%H;0J%s1!Ew_w^6gOl2_F* z%|kyU5xWBIZ~=_}6)t~71WxYYEigGomQC}rOtLA2L zDHx-ChG0fjWfgIXKGIdan;Bob?VNS*)5_|f)@H@pKB7AY;uT2t&Z&2Bn}F&Bi*Z$p zapUn{U?OkUnVx-`J*$OMk%{Z#!_#F_G*HkU2Cx@(y1x0xSzrg2!gc zpFRY;_M^C2HMm~G$Cw(}F);FCtm5ZA-sL@vSxOAwvy^wn2N^Q)BI+~bKJqE2xEG5K z%`R!1-rgNfi{AV?44`LD9WOr-KTcLFb0%}%z*iz>Q338S&eZ;JBXh>DU9y%=d1u6{ z5M2i=ZH}CxzDYTtD{O`=4a>BP%znt&@oao`EXJ_~X(o`?kjWoUi}7C0 zfwIeT4mr80n>J}A^a7MtIj58;p*0T4ig-PCB)d|9QEDLp3Q1+YY#K)h;yaF58Gw_uHl?I!iWqB*5S6X3#f4+M{1^V zjxjN!Lsy_Dm-c7g7aa-rUZXD1&X}oHs?FspD$eHqxZ!#`W+iJ0 zSOy{2eCns(Ik;3skzicGE#tamj1w7Qj6Y7DdzaYyTxSlB}AE{$6X$>#SZGFd=n@OjAX=V z34>VE;wsger!&G?L4YQQONPoceBtY5fn>;;w$80m0o;HE&(e8a>9zhe6q9sqg7 zu@z=3${*%h*6*y-(Y=9$Om~m_0*zY`HUihUBvdb^QLFn;eoyA+%8;`LVu|yRyj?nj z=iOCFp0VsI0b@k)egP&&({0}KyLbvSrT=hSz%D&>@RC;Ep$U- zIc5laX{Z(^Q%-@--?BZdT|tzO8*r&6-f=ngam;v%K9d&T_2QU|6g8@EaWY&d{Un+2 z6bUe*TSqw}4d$H08fL2Vx!eCYQ(IX- zEg11pp$+#H{}H3)#a-==-n=ol62PGk-QHL0lz|UBXN0}C5hXt@PHuO0OjYOq`& zf3W$QE8{1V03Kn@VT*V7Z078!$`QgF;p!+#wb|`F`o;HlZ1PGL?*Xw-s}LW*a9>f{ zB<8{NCyCG^dP-#%)j|gR=(rZi7`-9qNPcQ5*&frQOwmAJ|i>w3eKMQzCSB{J)Gn0@TkML4Ry$2+I347;&U;@qOH6Wy|CA0T6u&@n&V|IiBR zLq3NA(bEBcgAD3TUVpWMTdQIs=8S?TKemci)NZucr2}|^IigI*N+(H=U+<>4ox!aR zA3wvA^MRIq=1sN`IPJdI_zp4xn5&gkD>_fy+`p?AU^`S}1=7IO#3z4ZE&9=JYx1by z1mLEZPKdYntF6)%CQ;H*5DE^Fx|}G&_nR#56VAymXruJ8XTdXU{OCi8*{A2N{9AXo{ftn?__@_it-2c29y133(T!wk-Xkb$S%sTmMO;5r@@I&3$JiuBO;ZY2eX z#2cd%=8oIf?{Pfcim2`Q3gR_^{!fkmqVv66z;@XhnLhrw3b?v4c;8F^Vl%(=y9bud zk3fplYb6-hCqN-JFLt+x&c;|2JnBWtU69~;!VqfL|7wOPopvn4Gp!<2nd5kFUs!n(uMNHz;_1#e19d%W&H^dE z<$qhywLkdd#8OU`dR;@vPz3f{Q9gI}(NpW@0O}k4pc5O8s7`Ir%=_UJhId3h>93;e zPM-)|YAnk!b5s*Yf{0z`#NaPb4UV&kXWx~;hbj0XmIFhpU^DA6c0)M~3<@$DPX#N% zAc|J!ZMlBh)-zaylcGGVNToyGU+dAeP;5aRDz%ep7cm;6SBf5v<48J%8k579ucaZ(5 zXJ(#4*4+O;yh7ELQ-wNgIiVN zxq=shXPohz?LUD#BN<-!&QeS#r2>&h-O3_~2~V>@=ztpG_VOi4y6~!}=zuJ>0|RMr zDK`TlYAFX|wAYni0<0~ewUiKK%IZWCJrR0`RjTe~{Q+T(gR!@xYffU-@0EyCFO{^l21G8d=iA@FQl% zJM3TN+?08$lm{zJQ8~4}6kYy2?D&F7m?(a`EiwKMok+L|Z$eF<6{ImcyJX7{kIB~D zJioCaXT>!G5?BjY@NgMVPukQ>(SHwHhB)hypBfDwUp>{7l4kFmbYr8$)`!+Me8Mx} zDMO1|rX$gau33?1+m3J=4Qg>?yrV{^env9mxP1FK|)X^d9k8L}=`1~K-`?C9`cWWj# zC|kzbx>)%4nB~Fj?KZAaad(H}?$mZN$(=B^;of`*8Hf7Wc5QPa+-}{=^Fd;1vo(%A zzM87XjdwBw;q9jgW%KGSvsyFlvlZcCRgGK8`KSAZkZkh9XL>;6yyEZ5R~oDW-4^nZ zToeDrK?(GFg2c>tvCd0Em_+#M&G97NA6Gt4rvyFDaK;GyqN3Co5+-h^##1pOsPnZW z>`xn0Nvo<>lf|cmH1kQ)E)RNDIBV>%Q@ANn5)|K{!|xD|WoOOM(Jm~*=`e3GzkZ?T zoZYRR83@uCJ%glyVR3A~SMIzHRYm@X@y^Sxi_KnLIiaUoBKHSGR*x>@zg&}f{vL<` z%to3Kr&f=q*3ahFWqWzuuBZ1^omThlZm+weQ}_hE?j1`Bf-se=@D?mK6ln0;`C=E` zt|0P5nf9Zr{PI_7u>}n6YKD-wXTPAdM@mNTk1?(_ibxGu%`pF#`a)Q@NQr_WVOXj5 z-==5`X-4(Gu!OZh&5vjW3Xr}x84H=;ZVMAvJlE?SeB*itTEyg>TneX<1y>CaIhhGH z@Z)czCO9Q*FunrcC+5}bfO^2|FvxS_7I>Yz``>L9X9oFaz|h>)LfqNkd1v{zKH0YS z@5IKt_cx(IIgM%MJ=M*WnKJV!ax69MBL#P*CD|Qah^^O7+%s0RFVFSs2^9su_+*f zp$k|J>A6fJIhQuUtWq7wOwNZra|b(+zyxJ74vUvks&vzCvM4dleaa*;jwuFLTh#t~ z8Br)7X&e$zTty87-suB9+gM6M)~3y@c1!b?Y9ScE`0FJU^It`13`R}(ZV=3+)uzvt z-&-!w%4Yz7YjD+~$F54nx=bDnD!>Q1io@>cq#JqnG2-%Qx@QZM89O>|IxeSbxw;42 z@U@9%!+pKGdxXeuaxZNuZ3~9ja~2X~{UT#)RDecznPUAtql3kSpATr% zAsky7z^*K)e~QTGUUQZhFUCxKE3lyOo&Y?e0AE>~6PU;81MX_A_SkmSVP#rPSUDk-)h05M0#XD> z(B%+8gtmZ$ve$($Z7QQ*Qh_(TC)Wo{Fkmx^fX4<}X54+_r*B6XkGlHy$ye18rDK=1 zF3v+m1ar?5`RmRpfZ_I_C%w#swD{6NB2P0mO3o+vgvmBgNg~8D<)r*0@Hu()c}Yysg&b^~C||5URzSd`tWa)VglEY*(WQMV-p z&^0}KcJ~z|DPa3iLI!Goj3kdL)qNJhM__p)B$Tuzlf$F8oN;O1X8eKGjPlMk%faLl zHZ@lPUn3TRdB8J}Sx*Xfhs}s1pW+SE{!!2z3ET6!m{)#}Bo0Iy1X=2D0?DOv(1!b^ zQ(*Uqh_QUny&+>Ck9zw2z`~X*5e*09{2t;SHQdcTDiPXDJj4c>Ujc9>*6#3J?wTUn zK~+%8LCG5QC1gf+4g;2pwdWebHMsO?D|721T!zJyj#iwasrJ$SoB#yWai&Z*a=qVa zOdYOJHEvBQQp=C*YRN%o%kaFIBxJ>U>8eOtY?V=nh@qH+>gBe08|0JOSk385pm?I3 zOxpqE&xOlh|KnN(;qEME2sb*ss@&|Vo|#mdI7JB6e->Ua$n?4q5Y*TRuWpUn4gn)b z0pOZ6ahc3v`{r^-rBj`4_gg;gJ_|_Ukb-9yRrNLUc+8O^aS;L^TCbj9zsSC&m;Y--&-S&70e#?BqjTVOw{6Ys$1{WYF6m1^qoB(HUVEcvL0`Shn zcc{FCi56$RyaT%#B8nJ#y;rdz)irnl$teE%43k^Ub~J zhCIJKHJNGwsZLF|bDTZ!cIO}}BY{(bjG@q5hEnM7-h9%P%gUAuZoq}!J>qfVEEUdl zku$DTDJkaKVjnt>;eC~?}^V3Ob1jNI+HM~+T?VIH{;{7E_&e_G3qQ;s;E5Zx8Gux7GW?4~_=w40?IswQ- zvbg!`jQJsf{kWr}8l9K%oOs7Kbe&%LSjP8?wHXONRVW-HVRc{f^m;W{`Kc*Obw)Q; z$i;)8G88xge6wx0CU7<2$ekJXve9S`^j`7leidv;$RG_M^n;Bq!DG5+WEBS<;? zJ}ug<_M6FVng5*!F!-=NksV4y0kr<`8jNh`*n>YpA+V zH5f$hJ!(Utt{fcmOY@NiNY=o3aVSY)j%1^S7DCL^|g4i3|AB9QCq-(2GPreyZ0;1oPTd9oE^OZ zTg;DihJ%Em#?w)DW-UBYgUY}nF57X_$2_Lo31Y3G^sBbKF3SXxES%8FAK7A+b~Nev zy7d^X$HJ6Wr@B-ueia&@5|29%KU4DxU57*P%8ubEc2tZbcAAn;P)P`&QuBQ>DQ*!~1Y`xV+q5?OSWtz8!>EFZI2)k-GSyE`Pm zeo{^3J5n$3Pt5OrZzX5X_BtTaft6}y5{^QtB@+?*wQ5t`QMgl8M-EB z(*?N7JJi}DxDa?Flt5>C+z@tX87jW`lQ+ky2s2JgG(JrLpH=y zwuKSJgTx0L=8KC28E|m=4A8F-JQgE*$VAcia4h~~_epay{(rI}AC>PNaC>JZop^*j z0N{N)7?nI=x86dH(Quk8x#$Fw*JlB62e0GZMWOZoCc}o%?R`%M&<^)#4VFQ13Bc||qrTqQOrVK3L z!;pFO>EO968*ag{_Bm6}8J#1FL5K3)9USob0FN0<7Xds1t6ttjfnHxg{b8dRY?aCs z8cm47R?H4}-LBAy0sPjRD2I>m^~-?J)|^*(M&F5vL?u<)bmV zwURQf4^oksBn__(z^quQRpjMY{@+*d!xbp{VB+VQx7Tq~XAJlseD|}2z^3HTd^8HX z7R9aARfXlYNA?fMnQ8_CoRj^BvYbA}fY0Q3xeTVySdh{#4*|K}c|+x@go9I9&w zbxRn=_#%!;VWQygssdd`beujnyR}^soSOERpk~)*c2+xId?TFSP?h{iQoV@@U{k_( z7AzGtQ6sHaWXGPq4>`m;8&`V6dhr6`_QVlfG^V<|a`>V0>zE_~&mWj~dszRax8-8j zzT7R!WwD9dZFa1lTH0){EG+ZN3&C#=oOPGwPGHvYrnUB5sGoOQBGr~L3*%~9+>A2W z=%Tw&DjwYrq^VXvZ}fb^`3Jm(ykEYqKi{~u-X^NX?;nUh)yK82DZz`PN$b(I+I-b~ zGaaD>BSSsZR|Mjh<5a0qGtu7O5@aKgcV!XUGF(>iXZqJKdig!rLcxgwmkk~Z_C#@3 zn5(Ugl}z9s29S1QKb}f`EJLfVw1z^{u>Ac$d9PELGG_L<87oYK zlZa;pb$4>vv!54#KRE+`070Dvgr@H)AJV!FrRX=}ran$^gXcrUrcxDxrey*ans_yi zAx8kyS%$7(Vq$`#qpQi#|z)^7SFf<8A7#ixnk;)%gVJTVw z2SM4)?mXG>&DU;0L(2PrMH=vOiR^Oywyj{)hKz?_Q#UvX_qPf=+U(ot`Krq+$n{(2 z@qhPpKVSL(0XOcpn;pNv@U%Oz++5wZTHH6+hJuJ;gF8--mmPrymxil-Z+~w?MY()m z$gt$ki>vApFHEoLh{z~Z?0d((pe{(N#NH8w7W8V}eJ)zTNIE-xV$S=B0T3@7>Zkx?MpK_My8pvy zxeOg(=6Ne)pf1^!JzBT|4M~H|4ea&fw%8s@2?m2h93lLRy|3*;Jr{~bCei2(RJi=r znb^5(YdSDZk)bl>nEk!(FnI$H9w0mD{8az;&H&f+F8N!o)5n1-j96;Z!Xrw zYiIa-9#m_hfH9gTiY#!xCa8Bea{S(gt$WR!qGG=N@yM|4^29F<=6yON$FU;bc)ES(pokGD|w8@A=#}SZQ;^#&7Z1=Rz8PvVpU-+Y^c+ga)aL zRAqnbD;f`}2DFtqF>I&y^r6?1b0&$ZK7xx3p-GECS3#IaY zFQxK|?=KrJGlxmCj8Xq{$N6|cuMgwdS~b5Zmd`vP97q*?*wWeAK&wEJnFpFkTSq$N4fKM z3la5jKI6Vx2+8AIg@6oR?_#cusFAu{=1MaYTu*XeQdo%=<$AKuerBXjQ{%CJN6D67yK~yCQDoiHRXW8C-5q;g$bby27@_fh%Q?*0e zbG6~c*YQz~Cu^ZtHzFE#I21!xKqL}1LP=PQrqQ|2*57$chx?-6q0xK7KBY*gea>B2 zwUz8wvW?|ns5^pP+ny>lR?&6U$e)Qa{-1FsZeY`v--Uq30)BpTR6h?=sdAdmpEUKo zEKr^qP4L-Z`wNHeB0gQGh&37X8e-pwyRNwTFT=3?d5rD;efC0v-T%&iN9ox^FC~Eu zwj5&NlG%mjl9@Hu0S9s2W{yo{OxKwc0sXHGytp`H``lS_^I0GHx)Vq=!hcZA&clqY zYyE>Or{30YM1F_>wEDqQlJmj zM7ra{BIi6S%czilC};Qip|012{6?!2KU-@dXuK8bzS6KBS3!$6ez;?c`jV|u`K;2d zIrLvA`DJRmdJ6>>gUyKlejtv$!9eNwr~}~ZI?jFb?S&-Ap{d;M)Vw<>QoKGfxY~VzW6#;p~K#GFRfFuF&db?SSMpVb+Ni35JU!ZIWshWk?n<2$-pr{jJ_{RdX z;}>)T7|CBrtOM^8V31Z+3On3&-)HeOY&sVk8$?=wtc+@=nVJseX2l(AMffmSfUs06s1| z9Rvk(CjW4;v6zaQ1Io2pzqMQ%JKpF*APl5#wsnLRCx25WmsUz6E0KW{D@yH855$%K z-BwZjpjW4{TxhqW@ujnF@bLbn%RjNbO#OvIfced@OanZc`0v%A!sl^$DvmN+sf%eh zJ!=Q$e8v=Lnk{Xau0(8>u}={Js9N&)^Yq{7a&^BSGqyo}Z5_LYEhpc8&ASTxuVKwtJ8_XV8j*;`o^ zY0-mXXJGfhp;6_9BAF|XNX$g~+z`2EIxb!SVrl>htMyB19wWQ&`6|KA^vT7pk)e3| z|LQ7g8w897ku2Xh(Z~v6VR3M9N%u=v))odFKHbrOw_^-PBpOHc?Hb{^w6FOysNO+E zYEaOHp*LfV3rBTZOdHSrk>=~N=O-|OmFrEEeY7w?zFJ}80z-sz)CGA?rV|P$#44#W zVUKZf$nG8<27Y7p$1a!b*qmU8vT^)9w<_(DL;rbJ@5F|4h23ozEj{#hbJMSE1R zpC{OeoV*J_YoTHhs!6#KW}cxs{)Z|I1%}xBE98IGK?Z*HpHPPHiQ&`I3l({+LVOc zKGJ#pV8Ly7?2rL*zKeVUQUiJ>E|p$4$#t-_k96(p^h&~(U?BwDZ)HR+KRIi3#0%6U zAXRzRwE&h5Y8AoozK(k2iGl5^HVy|Ji&X~hecz6W4SyQk6idYXui`T2{s3ii8-b;>|@;l<3EQXVHDN6}hgd!`x zY#|bG6tU^S#paRxn`>7rLF)a=Q3)*?xsx9%Wch*aF~uA3HHg2Q$Jq9@v!8oy;$bu; z`zo@eXz)~MI$-HSD{E{l8j>!L zpcSUTuIVuuucvz+!xkKcd;1yeTSHMpshIV;8E}80)$*h=?(ann`$H#K4DF)i=Fgc3 zx%k>**V`#|dcb$IC5DzJIN@!_AkZw4bMuXaW=5E)OZ9k&*jjmC8o0EYiA&(L0N zjpK{%yt4O_0w1!`{K}j(#cXRfA62d`#`AlUYP%n9bZ+ZO-e zx4ROLIn#Z#mpFVD7aH(fx|byCMKafk*L$mw^n(>q z<}yhs*GiWX&Icn=Lcc*7ab0_T1atd7OvBVHw>uXW_Yp2ab>-uLStCFfNQ8kioMK=T z_)%LhY+@HJP~TK*$%*_qa}B|YWwz8Kq;f5kcO{irw^k=JCp|pGsl8`9crq-u#dH}~ zV(y>b(s#c{z7?ARL*@g7E$VoC`7Set-+oJRC(|}qObT>jKx|?&y_jJC>qkvYfp1+6 zKEFU%22Hzr0&i}|pLu9?R(o_L0eWxEbH1M&;qwGd8YOPIB%9A!lYjc2@lWC{57{8| zL{0=NWA8>KuLa!1cVXUP(;op~E-m`rzYR$e`~1`9Z{`f5BS(W1^McK4M8?}oSfzpY z&nl)CSsp^wdHK3+Vezno&ETFcp&&%V8R&J4+Wdx%DlS3?p)L_a_K(8}QC+JwykCnw zNQJA=mX~xqJh^tF79eo>t2>R#{T!@@-lv$&ze42eIucX$vV9Fgq7J5D$^|G)O*~0JuBe3FnFzt8dtILzh>DS2r z8Xj}{ZHu0&r5gP=b1(^+jrVKq&YrFgSaEgvV_Wrq38(p5XJtFc$_TzkO)b~qLoUyA z-SI;GjI$N+z+66XrEc}gdIJG`9VK)tWzJ3m&Sk|-`@l1oF`{gkD*IsL{JmraN^ajJ zIRWoccn!HfqNGYfLzlnN!{(6IR-%=o(3J-l-PlXVS&QVw*iC+gHKiL*EeR~y`-g5N zlD3?mn+?S2@y)S{%}6EYK#FD*E|RFFujTX8fmIWxmjI|-n-@|h3{y~^N!Raw{2N!J znDHO)eeA8m8c|>7`8YTYG64+*Y-&5x9v_!X>N+pi#`49P#xws-Qwh9*$8Gu$`Oo%t zNoTb;mNp*sv4e#U)9`KET>f#{8e0ZDBBl}ly&dhmeD-+=OsK^|8-ucE5mrKt`%}i{ znF9*UG*Jo})sSgC z>9dd=PpG+Hgd#t6IKL3H7in#wdb=Tv&b}i|hC;|@q{SSiX}_VfHU8{VV!c|4%Z;PY zJ)~(7nkx-JwM(tQe+$Cg#$?+sgM7G+Zv@(8Tn^?B->;E-gz@msUAT~%nuH`-U6H}a zlFQ^)Tg>i`qQD&ZfpUyrmrwsU0{QfKK2;2OO7@+3hIVk?ka=@=b^R z)pPt`#m7|nmMre|gwpLVW;Yf=uf?jDA)2!Kui|!ui0}k33Izu4IrbP$LgoJ00lm|Nc@SfM*$K9bDtvD{`<(6?Z+)v_)9e}E({+) z>!4xiEc`4bnSCzOkr_I4DYPbucIc70;(2gLv%JtE&#$U^`ac<9x)Q-qhca29)2gqD zY(dN!HMUQwd>aEbjuMSxe2q$L42$ARp_W3bBq9!1kfEI{WV6CQJ8^+57+Y0y-8_EV z7FX)w=qX23mHMwbNdDdj8hEDVr}IH_5ZQgqO^o( z`RSK9W#*4$>tW3J3i)4K9@hfo@+fd%RrSNript7h>a@3k?>|IrsdEc z75-^>zjfY-XkYz8qB6kdqLpZFQ^|fB)CaT1@uox@kmtBd`yjQ4%FespH2r>JEUH2& zr^Ia@9HKb2PMgXMcV~;6KWB`c)vP`5E9TRC=^2TG#GU9bufI!=&ErA}H28RIjlhnf zP!nqr$pe8x93U__wusw8BvH z!BBc6+S`*SPpH7>|3GH~6o^n0F~&WBUyGzL&aH6uPaq?Vm4r6b+xx~r6!H5ile@5T zn+^peN`;0F>pOvm2PVLWH=vChQ^)L>6y}N3gBN8pQ&jFyG}zX{f3SsbhJ>`3p(uam z?$7?2nqB=<)LoINODW#(gu;wdgHlux8lL8w)u_OgHA18_QKI<)jk-G+f?QD3jXr*O zVi)bs+0-h;qs;Gyh%ER#>a{=Owj{x|^?t_+gpVq^5=sheJPR^GA^&NL#P4aESm^;=lP2O{G%d|<~s zY}dz9tdh42Qo1^_j^()wnTh?ED=g8I+}25&n%dzAL92)Q^nGT)6Gn*i?zWDdYjWI{ zet}^~M4L8Lc;GQx#A|%naiMow+BnpGThZ;8v{5I#7p40>k4d0MnSMfX5l2!PyuVT+ z2tRTOsf3Hgzy*_o7hn7B9<1maaaf(GFQ&>II3}SI*&vM0ha~uC#TuPN1Ur_TjajP= zZJ(R2mc2N(f`A~rB!dH7m$ShS{$W~g6JiwCfoq=*w9y9{^qM&wgHJ4Q zRdgf$%(<6Z#}`yp2XGHI$=MTwmhd!wkN~k&h!-+!X{FXh@{3}<)0q)%_R-;{R8o-G z#2vxNHGF~4%g_dJlB;0rg~$?w5UBWVsbc>CeC%*wMVzL}MGR1wYdtm4B1I%9HdJ!G z)oJF_D?T(mo|~r|pG&QGN8RbDQ2k2nY%=Q-oUV8AvGmkoBCs_35dv}Ug}t`0fwn9o zzo-c1``zZ0zY8198qdPUH4t~W`{G5lyi3!}+InQ;O(wMtM%YpvS03?1ywU2^ zdSH%mF*EuzDTbJb8gs>n|6628Umr5-b5b;#7^3nuhks_~LcGcFzw~_>DQftl;57<# z<75Dn3_|S6)0S8zrYb&)T9MpRhOE;0qfpH$A)YWVoW0+*@+UB6`}iU6llJSbar)iV33RWOsZ;ojAR`+~07}li9vTspH#G;?-k0 zqqeQ7uuuqv#L`I@QqNXR_|KHO$`!DC{Y|GqaAy6nmpadV!|*JK-@0|{(cvSh5@)0D zvJ*6c%;$PIP61QLXS)lKP4Bvm10`R)xYhX(#`E1u`4)bPYc-lPj1c+A#Q=GTPfkzg zI5c1pSt%V?`d2Nf(5=AL*mR~&EKpNSY%E5kgB6@l{?X9qu_ZFRpt>XcM!|}4=Z*&% zFk8Q&9L!x!6FTa#;q#|)0Iwm@$Y$AEa`yH+2QPQey~1=av(chn14(9+4p)P) zDIX*(vyC0lW%h9bYebz?FxQhe2J~jS@UO}#G;f%EoKaZ6VR1l1+1s{&3kmlJq{Trq z_NRAhR+fKo_mzH;Ognq6e+HYJ2%!M+`&{q$iOqaXCavr-72PM=+s5%wBs~0U!iN*H zf(W7@5DNxu*)7@#=M%Zt?`d?r6s3qvL^-(6=|pcB|t-`na+#AaE!KtLx?!|MT%;cXxL=`|R9Q z7X6$*qSQ)t)RZM3;c&JHjSC@_&p8UdQ3r8H%K)rKh&z-r2ueD*cK|AU)^hw%pmc^W zuKUp&e^`wgCglC}aeZZO`?ouL5QKpap-`$hm9f9>c|SRJm$bvHtxZ@2XqD0Y%3XWB1Q=WnRAi>x9yuk~D7PC?|uGF35cHxbq z;j~_zugiwDZsiKa-+KZvbgdqrKwK#|VxDnr4rJ9=k|Kt9T|-hxm|9wTu7S8~MJCE; ztX@e*t~?$4*SDCnPjp4_!Tcfyk3ah-c{FGOp@pclMhRSpDXMXwLqGkUqf1!FC@v-ye?NJV%^vV9dH zy1LrG(jhutdjPiE59}Y%QC!Ek8^r^IfxjP5fmXmWGI)xnSP_zD3eG68B=KY(ZrfKV zq#Two$kNGDn#6Ae!6YPXB10**N=xJLZy1r5B7}i$)F%A94|jjGFwXT~M~JpV9U#)C zvZsXndD~5SX?}(f3sI)-Ui&>A?ILD7rL;s}TWa@-eVAc~p@taveL9B?-I+VCB(-CV zAFi4AHgEbVgT;#ZkBhybW7Y+d*CA7*v?BxHv0Txas z*~pCSo5*Us38^~?9bbffSp7w)fJ^o&ye)QL2Tqbii#`tz0WW9C2El(V=g7QH64f!4 zqSpGm9w|+4c26nMl?8 zAu=bS9<{F}Frrno{s!q|$mqs$QO6Pzt0l5Fpf#-o)}7%gEBpi2G1D&^q2u!B76Tg^ z9TM^k?mQd`L6aDnCM;YN53qcZYh5uqP|BBJ!*U8-*I9naJyJXhUdGzuG+o-vZtIJ1 zZTka~z2AXwtb28?*soSm=3u!CF?WP~XqW^i!r3*1r`oVjaI-;JO5Mu*?Z`frZ1&kh71dbilHf6GoNzXlq<$mZ_Zn%yyvLAu ze&qLHYA*TR+3K)cOStak>%kfFLMBX(QEl~Eh*=f4#HGE<1HUXkzdAcu{V0Le%*ImJ znDa5*ypU;Az`Ys?GIxo`C1%mcwD)oP`kMXu=9~%1M2SVPi)!4eYYouf5vpHv7r@rs zaB=WJaMd&AmG{)xALo@mj9`2CAe)&Oj&oKIyozGU9hf#Twk8#7^um;oVX>K?<-HpI z!~!o`ybTW3&&px_mj#K+5`&|xW&`ZtjS`svqg- z^uL@HRvq9{8^|){^2xGv$>u@%{=-F$jj2U(I%6Hp**FAvNmX@U6Pic@C;4?;_Io?I zxtpTsR0{7mgdW??gUWa&l5A*TdzM3kNT#3kEDZ8&P0faKk@N6op@c8ckEd(n{g3*f zAgz+wKDX*^LBRJlN_ZIpF%bynP~l9k?+Rj_G$K8r87PugO)c=gFyc~yF(wq{ZpYK? zY2k5dG(|s()ivPF?&M1@?7^eFRmTVJAP`6aQCkkx=6xuEH@1aU1dfCPj{|gEp1ZE| zr%&$p~q0&62=|N3%lyy6^4_PXr$hPm79pz~Jh zux7a+%4cu8J$5R5fKJh487LIg7VvT5@E@Xs&B#)L5T+6Y2 z&-L7kI=VbGLsU)WTBaOFq)U+W$B^q5Uux8U2IF8Tlb{NEVNLd(b zNQRDwsocM|B2Ft)rEJ!YXD9q-6iKXYq{?`D12~+JrsUV}S!NMYHJTVD;jGq?ci=WH zRuL0(WMeB!DsGk(r4=8Bvz#bB9WSwTRUy|U-EHS0ha1aJDMaCsYFgN=(B6qLytk|> z#A7OHd7t@bzgAS_rdX?A6&vwS2T{$Wk~uWg^5S|Z?=!1Yv*z%kjxYCRfl?JNI?^d) zV^LVs1wGs2VP!;R2M0ycC>8~cdxtjUMpWaRKYbv5+L*~e#OgQnINGcrm+>$3s3ih) zJ{Jf>+tjMqsMwIn^21=(wa>O&%^u!Tjbnw&gAfM+TtTQAo4@_6s3}-<)oReF6C0tJ z1GpA|Bx2tyPEZpJpR(Z$tbuR)X1G|XK6hGMYmNchQ&zFBl-x1e)H*l&Pt35IQY5N> zP9%VNB3|QS=6=}z(Ry`s5AGWe9%j_2!fNP}g$VlZz$})idyL_D!2~91(zO!jozGXv`VuE^I3kaE+?m~!?vC4On+fB=2Gz_0#u37X7J`!} zA{z98ycz?e34TAZr$W_0^d)Yrl)ou82;=#D#dh!lX4ZXyLXuzJ;sf6IeL=a&(V(~5 zpL|Wt9<%EU@*FvDH=@XbDK(pcSW^(1J47}tNyJ263h}LH^^&U|s{#h?#{eG-un|rU zj>>`p(x{nxmw}Kc9gp6jn5WMjP&~RflvH>knT>;2;FW;~>v7McTdZ2)PMFq`AXymZ z*_gV8AAR&-h_GQ*!B#&B?hMD~$T1$b+pcbs{dBEus+4QFy6KMbXgZ9vH)3RcVU3Db z;ZFLPr#!WpHD+ez6P5~z3idoO*z-Xp=5kSN$#ZVIqRjWg$N7uQo&RU4$d@D0A+>WR z!V_Ot)u<5f(hh)}+yPwcI zAWtd5U{^IFuP(Z)MDzVSw%lpWXPf}b((Wqoc$Hn~8{!KNr2D>3;|e}~NW%&FJ4sPuzw3)It5M&D<$b2T5$jAz zZrw}ptm8|2A{Eq6+^68Az$$CvISsZb#U4HTVLQ&g<6?-fyVyc(h$U_MiKYxx)&+SZ zse;AMV-`dae3z^V!E5;C?d{X{74(K36A6>Qp6xkx6OpeLELKT_7g0s&)p3+4bdY=8 zP6HhQ^K!*%Ff;%evf=t*_qP*Smbh()2c#7hb4S>Z?wB=_YiB#D!r`yUNtHuM5{Uh3 z2E@oJ(JXMzO15hawlVq*WMxZ2*l&X|z>St-FhY~|BJ0s&4vE7kO8R7xG}&SGB}jQT zad4o9Lu;zD)4IPeh^|&Z$IADUVGXO>r?7D;I~SssB#?+X&W%&dqERR*un+Z#RRxMy z=N1pMj9Gq-S`H1@bpC2~;)S8l5TR)B5I7AC^WA^qWTD2S=0#mh5t6oaSqKgPBt3}I zW3u7HpuO&eo`t`G{MR&=&we}W{cRLPv5l)+!^|FdG8Pbb0F|a7;o1bbb&tAe1Tux;jtFw-7ma4d8-x0rjq|0lVS&9Z2tA=iMHE$lY?j zzTSN+D+lfm2sn<-()FCDx#?gd;rPD|vF7BKkr|4i@-y$@&V)us7bdwNeWy2aF~7T< zJU_@p!W78cCeBk-f1>|h9`Wbt&HhCzb9QrK@u6adx4VBg0_bzu<1w~mw;ub_De-3H zdDi9k^zoSI@ZJsD9yDR_*zJ47n)i~u^_Em3+kNGC{CWlg#bMg>KA#k;{NMM9H9t;9 z1Z!W9JOJwGRu7u>zd#xO@gEBYMW8dSR>D8S_EU0%x>{>Sz31fz+4zs*!MX7FN9#Uk zk2Aw}m*p|EN(d2avI@$$xI8*S*Ye*%@hpqD+CON?3=e@+seqL`A4p&V zok@w{F=oiug!}5ZgAZkn^NpaN5a=nPy@}CTa^W!8b$k5F?^MWqouRq80xG8|PQRKW zU79cxl~HNcnm9G@#$psk+z5&v?NB_f352g^Gng6XIhyBQ>o$05a8ZWOxLzuNCv<{7 ziyNTKrpCQIc|E3VNGv(3!+)UigW8F6=}t^rA}pM$DY;ZrMwz^SR3$LZ-}4Gj{BKhFVybP;SU>{j578EVYzay5(JQnndKIINu&*B0~J+l&j#F$?3Bo)TmG*6i% zWh-3@C&y~9WEvhe=ykHNdcxY;O0tV~F);~G87auw0oN=!B5OzZ@dhZgG#UEAVkprU zGR0c$cnliyBogX+MNL*JVh-YA-_ZTl2fI94%up<*PJfu#6hm|D$vlX8W@wc}$rt12>Qi<%Vc?f!TuYk9+-A3EYqOiLz2o1j#-J-IK0^gwc>W4P z)H4&7i=v|cD~n6>Hx5e~Mda!X z_%_SF{Bd08?=s?+h<|A>0pt`*O z_IY_>;C6IcHZy+coFfBNvLYOQOWW^Qt@Az2a_dctw!=nrb#-O3nkVP>xZKFSn-Tm1 zG*0u__#FCp0>!a!fcOsYW$h9MfLB@H*KxX&46d7S5X;;}2xUBgWZ(IK>hJU1r|UU* z17(yc{AJzLzDZ|M!ydP<5*>ZyF&=pwx;9xEhCy9|W~EL_pnJLlB#Rp*4^S?EZSL>G zO?OP;1v}LE%H2-)dxA)LL|yY6Vjd>qg`<9r@bPk5cPAi?Y7&uwA^QQIJ>~8CgyeYW z5g<|Cmk1F?0wrcTXgZrkjlpFJ@E?1bw6!uWS8C#OMIYKo8L7PJrc97El26wsY{H4> z7qdh|C#1ju+gw{4U(EY5t^#(rK{P$;I_=cMFjrKB(UwKe?tR;{Z$fm_fJ5bVMm1HH zmxz>>B;dRvQONS37X4&ehYr{3w!x-reQNNPLQelS_5N89j@Stz8)E- zjysA99^FAFNH(=Bm`k*(iHIX9LA)a)LJ#99=FpTi(c@P(Z32tEMx`d4)6$Fpa$)uC zWUz;Uhgc()^p=&hq}3abAv9I5#{a@c+eWsuvESQUP~3&#+*VM#cOo$HFr)s%qudcheMQC{}ENdM& zXDn7JSI)qN9I387Bp5I(A z>RjXXUtC!JS|VZU%hSdBC`Hfj#(hV*03XWl;vx`*e+K1G4kc0iloLG4*bi`h(|aP~ z=3+~zBseOiYDS;T2*twAC9-&Hj!IywnR<1ej zjmvhic|{(N)>i@&hHu>tm*j0PuKLhx3mmM>n8VPTdhc{aO3vjnP5onk#0n^4s8FXq z&rEDhSG-M`Fc~xzvZGaCBISz=job0|%C3^2Wj)?iWq=Rag4c`(3o#ct^oPQQz1$rU z0w%#8#99DZMM&9_zcodRDUwE^SZHW@kT`D8DckV0g}}y7@G*RY)WCCfhVD!8N;y58 zUInsLXbh_{W?5PKOM`?p?AFJ>>$EmBJ4EjGDYw{d1q-stsL^LEC!v8z&g{had89

S$AnaQqXMdB zHxKv@amlxP&W|B#sNCW{?dA|A4~lZpY`z?sZdQ?TCdQe!YN3 zM+;-JgTRRSTcJZuc>4JX*pCzZd`<;z^nTii_d7Sy1-VQ<=z-lMKp#^U++m4`irR`! ze;_bZG?SFB$#Fod4hss20h+0Nrx z1P>#`(I=MXj;q#MU1SPmumF~))sAAG&MB?lw@A? zN>a?3e(JX!GuLijA^YC_KL9F0)xN!#Q3y2Jwa#eDRG5bU3_?njH4QQ&V~KV`WF#$> zOduSWNCmh;gZ6NAiaSh&SjvQYr8_Y$C<6w(^9n2rJ!{so8- zEhGXL6%`pN?nG-rq(X#98Bn1T$*em@{tH0K&~D6Tm|oHY+_(5SioQ=OlQOMrWjAa) zheiu4J1hueCqW}=fJPI9ici1wja+c_fehyhhMR8j6;^Z>KMYy2rPpY}t5^;>dgT#- zz#zp{ENv?xEGO2ZqoZA;qoZGnAL>n;z>)K2A%#b%G4t}c&y%#XD-xn{f7^*IhHR(7 zU_6MaoWi9p>rt1jVorMpXU?Bb7>yxChJqh3To~i=l`C1bc^eC7&g5tJ-p7MWS1~j+ zY_V`2fixmSB?ReMJrPByHSJAJROf0bmBtWQHAbxoe9fe`1{_OaRYKw@qZyTUJg&O* z?VNS&u`F7)5|7ASghXZpqBT(%@ZJ*-@~Jtg)uGGzJG>BVbe~SHNm{@ zyea5>3AXnd8EqB8{MpFS0M*wowAT882OgO7g)e;Jtj~PrGq>*T0PHrfJnSFPQkTiaUovK7n9 za9lvv*NCbGbEw&WAGD+CUA!Fi^qK_SY~?=2tuLKep$aMN{7guRbX-KrMWj99cqyE0 z8Yh)Tq&;LRg>cQh57)s-r%;YWg&|?F1fdZQ4NE>ch|oo!u;inH5Q;?u9twR^?uC&- z{gemP5|9J^eLVQUeHzg9_4O=Ru;8wzo_gxj)22=HKli!MZMg8l3-bVHocRWBzwOVj z+w~hA9lgGxvFXCW{=Q?h*06Pu>wo+Q4xKZHcN}{Pqopylh%Hhh8~6oEL`Gc4&TzG3 zHa;apBIECoB8W=hW=ueJO*JeMo&V5O{uteQEg>RAY7Z&Fkq)5_NJ&Gb6OKezj1Yvh z!-BYlElo>VY7bOIAsV0<#lZCdRbjqAWjF<|RJKXf%)0i?1kqZY5w zf)WC)qOuP_P{wWS+_^(++_Wj_b<8_tU#7NoptWO}6?PV$I3m839Wm}4cON^5@z0IF z4#SWj3JD?~*KtU>F0J*AoO9^@TyW$eNV2@~pd;xW?&h;M{+6wML#*rRVf)tY6jf+O zMM9&6B;^Q#AmHRf4#!1OaD-Lw6*$tv4@YUKZ=$ufj=texq!NUL%$hWrkH6(2_M0`6 zvHU3Y*)-{tOW?ai7{|Vj`bMt);J+|`>I_E43Ji~qA*E}jgDpibss0WBK`9FcjATMP zHEBX6WTjK;yU z;1M7C29rcX9W)CbUjid}fk1!eGoQKT&_fTcTeN7=@ChfJ#Qpc*yEg&Yd;H^$6Hh#m zpZw%UTzB2K4w%$2;k{uPzAve;XHSLGj)0mfbjc@?mXQ)YIE3!)Pj;5>o}HqygDacr zNzIu?)w~&`>uYfQke-zrh!(E`ztWY|YzuYc@T5Gslo|rHtT>*0!Z;Z+b6w4Ff_uw^nFeTfyo8g0Mv7`%nrHV|nyg9!B$K zo;R9@d@&Yk5g-^G9Mlg#{P3y3sXaYC{KtR%$M1k=PdokWw%c#}^XrBn{LB|W%NMTt zJO>|o;I|*T?~!9lenC^p3)XGrBj5aQrge33b>WXZ(!`|blF^L3~~s&iQ`d&9|`f5K6OQD}S(v@Flp!K50FV8!NLBcpz+OnA)y9U^~tDnBXLF#I1 zIBfoWB2`M9ps`&ir8SvMidmB^1s3Ygvsf+`M&xOaA!LDIY zfw2}|Fbkeu4t^j6f{hzDt-bi-e>wISzxe5@y&ZtP$3N_tIddlW-FF`sTyVjAuf6t~ zs|N-KT9TIik^7^LSzy|Ret?#yZ6$<4I|9~i1m7` zw`|3KU{Qh_aI-nw`f9RWEqD!eq-tw$YqB_=XL#FECV|~p#H)nYts?_0i}%e~|6WDP z?z`G@p@pTuSu+t`Hk46zztvW*ReB!EO`)q4x}n}yciObCOTI|}hDTvrH)4A)m8`m5 zyLPc_*RBg^&z^mu*80TP^BR8Ps?T%K!3T5q9e4kswzhsj$uBGcv=|%}15YpGec$*# zw|wqXbToD1hdxqA2qcl!L5thd+L084VT4xXQaM8HAW4A?5keA%B|Mo)W~WM92DS~f z(s2-xnahUwxMV7hb^J36qIbfD~RCNf1}CI<}`#XerS;&l4+O;E#_!LUkr*Gy!bV5hon_rTuuY z=x|3keEDDB$)R(m5CkECQl{Gxw|(t1B;dL(Yj$>{{Lt)_%BU@(Vl_Mc@*@CYAFmTL zdiyJFhyn4@+06d4rywwF45=Ke{r~q*#9pGE@RCj6pz^g=L=tdZr1Wr*L_!gk3TP+I zSgA-|Cc_B}=5xrLHl%P+L55-}WYvz9Py$lGk^Aq_Ii5?j>jFH+Jm^lenY(S%RUteGA9k<_lAh0(9 z*n7P8$LBux89w*9FR*s)TISB3d)&SE-ur`rfdLa9T}N=@A*jO^K(S;v+&Crx3(R64 z9YZXCF;QBxc{9$!Ii!wUh*O=#2_uv;bKKGHe*9ptXK$r5B!%QsTNU3l}cD{^_Tm{^07>t6%r)`OMQ#128;1xb(Es z&)jt99k)#eG~0HG<##{HN4tK;&;IRSNy(h0bSZ>z62O?2hI{Tf9?!3T9;INPNfW8g zR-+>iN2Dl)Bc#*SK!_tf{RBnELn9{iGzz!l1Pg?i>gqP*#~RQm}4k zAJTPEiE&b_UKqVf6Tphz3lNb)+o-?$Q$%YW2Tq-euca|8QWml)Ut);&8YKb}B~{WU zml`~bCxp@^l=RR-;)xWl0$*x$SU?97FI7#H64bg5b0@apIUV@Qj4NCr2nZ0$#lgYR zf*^`G{-FIheBM6P*Hz=nYO+q95tRx{2qb9-(ym8Cb&hX-;sfkAWj;Ze!V#eX;#=Q_ zP#H{x(qD9!S;ukKp$kyTB&XVuX6+gVGc%g&IAovc z{OPgh(2i5KzQ$lW5^SO8!20dzmIi1rehs?13UR=6ShNyR&}bFH)DGwyMC|MnVHoIv zp`jZx+1!K0!q~P?UwJuSzWSQI3Bcate}0^Q{`q|Fb6+qQRLY~aY}xX_=;){dq^?TC z@rS{|`#>RYTErIGszqSF7Xq<<3%c95m5EduJ*@-h@P#-XZQ%PzKOzKD+Ci%jFPo<0 z>|<~+$+%1N`0CHArz)ERmw zRRm^pR^{zp3lf=JEnMMg$P*fli7s*PJ%ylNdw)~sh|-!7EUI-ZitfxnQ#TD z0MNzjPokobB^$PL)WZ3Meq=;|Y{ee?EGVJz6!<~Jh8??zT*u;M5_!K@iM%B0e<-T~ z5basJp{=u-NsTRpp*6#`YItTn?^ysz2r>RM+C#J8<+K$9(#-K~cSVEI>{l8{8BnS8 zkVt%~4ewro>t;+rfF=+=VdSImNDFg+8ZLrs_7dqJgo7f&lY(?j21$yXTZa}3ge1_R zY1s?GjENKY*qblpplJ)p`w|F^GNp)}9W@$hbd_vg6(~&r1V;Ja-sjqm^x~U5G?143 z2yHvG2b7a??#W zam5v%UhvBse*MlZn>K$e4*oRP!)b@X%&AcH?L5)UJFO@=I1ajh2%cVQmczWsFn=aY zYC{VLStwc^bCJwG1(Hmz8le@s7$oBJLI`AJDtv|I8duIFwV|7t_M>U*npkdVMTyNV z(xA@chHkv!DWl|OG;7L2AaSB@9Beg880D`>i*h9-F&yW?Vf32Kuw}dHhQv35>xijS zr#?An&YX|la?34Gc64;GW5Zsx1s`31Rb zhR0|58 z9(MNjv!kz{e6c_jDbk)pbvA44;|Wm;92_DvI|lmc9T*^&uCrPKWv5+X*Fq2#i5TVC zb!+(k?YAPO#EmEiKW&ANRHauynft9O!e6Krn|pe3UDx6vV!ca|py?$Ngr*clZ0+eo zXFU>u{|YDMS1SGu6vmv4@FUX++r!hQPM=81NfQQkxMdj~F$GZT@qGhfXW-HXPp}EF zj?HpKWeSue1F={W7#w5FgExnhP(L*i*QP?!3O*@mlW1kfJj$r}2_a(10FZ)6X{509 z)7Y>|YaBA@%g4kwOV4!2%ohNj?ZUe*RSEO`F8?Yc`?AWmbfDe7(!+huZZ~w1eZ}?)YsrN)R3;pQB|GA&1OjFveed9F1+gvhgY+Xg=NlkYK>FOqd#gtmc17}Ypy0&C4-NEF@T6%r>EQb_vxhX{hu&=i%0 zlp_+nozNhp!@%GWgQEq=lq>Rb8|l?D0AZLX8VCXlV0|ezVMbRcDVe1tN+=|bj?-tA zup3Yoq^p&QLrGUnC-<1P$%zu8>^E!=r43b7CJ9rlwXeq|EV1@}EX5m-L_}=LW0MPI zu{%=RgvB!FoVd#(BBLu|`Ttd^I;8LnE5h>jl@7665;awIXjRc_uNeP0I5gDOQB;bI zlK5ysE6^7uz8LZB-(q}Tk_;G$=$jsVipQ3&=KCLiH^(fT&CuAGd7nZcg+?h&rYgf_ zXB@$0%hy7>+*%RI+KLRARsxO#D>p$+7Co^AN+CLkAl3+2u@N0c&{PA{C&0Qb0DAkj zo&S2~nP-gNcH8Zr+}i=zd;HDE3CA7J{SQ9CkAC_?aoM{sbDwzfna#t)1LaQp)K0|t zCqX6+fif*WJHJ#ivYVbnI}$ebz^uv0852=qXl|U)ZqzoghK|{QN>Za7fp!Fu75va; z4_W)?y;na0rEwHEk;V%nQh_#REJ29pD`aH;u492bTG)**u5UDDfsP90FB#7`6@*fN z_CQ9kX$ve~3Hh<|ZkLP<%x3NTzP{zQTNmCk;nsf7^O!MX*616~KIiPOeD#`#&OGx> z_qN+^ONiWOoN*er-+t%ocD;v&jVV*97!7{l10TBj`s=@QC4dY9{O4BlpFjCE?M+p@ z|KzjChaRDb5-DFHpr*ct=8i_zF56%>|4^ex^DvT!tvx6N`IJMxDuc*Yp)+YS=k%=F zO3cqw3a70B-PS}FL6zl%ds5>#4vx?`!br0TA(BeW2={2pV{{X)g%p&E0ZTS);F$du zCL%kI9rd6Uz8+@hu5SMId*7t5Z-}Z)7RM%`A{PA-!Z`fJ;8pEdLP6p(Wbk_kgcOXF zO88-5>3&g#gt4t~F`_iRBYB1kMX0Vx0FERMhOan$H;<1@yIb#34_<>SX{l{639B;k zMCl?@q!Bj2Il_SJbev{eilPw0KnyGuQ`&?_Xb_HJam2FDS_?~yHwuV4mU0$?P=*L? zJ9W|k=*pb~Y!YtMD`7;Hl zcS}9gRYO$fN(l$MGBqJlE6#Np7bY9YCuaE;^TmLY_#ge%vsHm33 zD|i9Kg{;t~10aP_hpTAemsgsmwYiy?dTB0b%5*h^bfLZL+Y?>N%6iNJXLf)Ea&4w=~2L^hiv9|ibY;9CX|vDSpr z;{~VUMW^C%nEA|wQsBAx`8@yfwV%>EIE?4IR&CL-qEr#Nbc#z(Il{CVDqd4mf-QtL zLK{*-7^0tEgDw@3!a++ro;+YCG}IUkqD&g5cYu^gl=eLDO|$3D`RpT)KlZ;WK(@C7 z@PFv|)F&?ID_^~aH^1}Z%u^3P`ta5*TjnG#p(zheJOq8{zQ{;#nxRbuW-0 zL$qT+JIDx~b1c_c8xxFp;j4JosFLj>_<gK_`D?_ zkuR8Pcz6^>MqxM)g)%mvP{{M-lTT_P#Nw@6w({>E|KuO0PM)&$%FlfI=kIyXd!Ktf zum2B!_jE`QSnpi-zvS^86o z8S|#&rai(^faf_JckGEoQN)@xYuNhN$}9_Dw1ny(C2Xn1v74+xtyif2+0l(v6|id} zW^>r-urgy8&r7j>%XW4R_EFnj2U?(23FVCP;IoVP#_xW|)}CJK(>lrJ+@ z%9XjcEh1C33yT9NmzYY*L|;E1GHb08lNm!P&}`}*pkzg;5=q}gHsWP~fMq}AGVm{7 z82^CybIPQsNm*5GEll7?BD5kBAn@^05q{tks(`_Kfq{J9j4y0OuWXw>n@N*Pr^#kA zRCz9ulsLl0Rp3YurA=ZGM3w<0oMdcb@H4TRQbji;0awa#9f3%PcGj;5!Xl9u;ozci ziIh(%%qROo%FS8af-OL70$|uV0x2A%aIFYcWfR4`yTFf_-PJ~2eH{bcyTH}uWFck% z>4=JXj}>Cn<&WA{@ET=wF)|stcl7X^`xo({H=alknM5a&3aJJ8F`qXaGN0>jdyrj& zqu{#it}a0o*%^fkt_MRS@cahU!E?&{UD|^~=OP|lV(5XLO|WwpYDb??fzM$7z~_!W z;>a%?eBePmz4)2E3Bcat<&V=(J(aI~^%{Qjs~Z=-k+^pD8q-*$V_N@?L@2}mH#cQPUpxl9#HFIB^wv~+*ztA)KP8!Rg%C+a)mi>~ zyT6K^`D>Y2&1#|0jzcNyP|AA7IyTa{c^_{qAT{bEOQz)*Ii^i3lmQ}YZGdJ3ei_IE zCTsURNO|b$9JFFvh>-yX4v)glUC`YRqXn}+YE5@+VSiEyx#%7O&u%Z{NtS zkx{O>_#&jJLE+#Dm_Bm~u4fW}zz=xC8{WX%-u5;|^J6Ssx|9!o;Dc=4vW@f4KaVgB z*|cdBN-27Fb`zoK?dc^bl~5`o>g&gAt~Fy>?CX+VcQDwSKF?!uex>^PcAgo)Vit+q$ zGGKKIVk9|ABws77to*Ma(%JySZ1CCAJ7_j~uVUtJ-LqfS64)lL8pb7*iOIKYzt+_N!^|jQbQ^-((aBWf`6Xi!oxJcgP1aQ$!Z zLe$okixE|U$E>7&L^k=d)YK#)OBP;)ay_12x0N7L2Fnm9hgzc~G}Tsd_CfRc>0OT- zb0o%hvH;UH^RUi<4s7j(l#6rFY-0l)MNpkZA2AmmcpjnvF=q<8cM!rzcXxM-1NT2* z`_qe`>Db!=*n8~pc>ksE<-dOPL+-fiF3vjR%tdc`+glC+p_Q_wc}oMl`6TFQGU7H$ z8rxGTY&B!%p4y8O`M8~_jHrdO!B)fuBT*uEYQERw3jG*NSnhRN$=JBH9Cruw9_FNp zXbj^jsN}UP96Xb1L_5i2%?#O8NWH{bjZTNh`Yb(X&CuDhq4b=Fy9x88bdl>rF^y7a_y z@!ioeiiHwic-Q&VI4vMNX3UsEwmM63v;b(HdFB}|x#SY+>+7kluA#G|gAMD~vuxQC zzVn^yIp&yS>`VHjycA#l(lvbMs;kVVHaun!-AW^*rCP=)bR8K$CfaleV&h&W6Btlz~;SO9K{ zy4qTlitJ})WR(m45CbFKyyKdmv-sH+CeryK1j7*VQ3M_)$>>6+j#%Q_q~)^CXIp!FUkkCA9081n-zIr%7lbmt@Z#Q;1D z{nt8imP|U5N~5EQy6S31iv=QO+VnyzyDe!D9_Rof-vCV$1E?rrIk>K1{0tUb;>IEPn3U_V|21 z{i!SX@>jmJHv!mtz`Ni5ZvOkf|C|5%(GPjwdoJ1Mh8ur#<*j$zen@g>ONp324SnX3 zP?JR#e3X_}0A7P5z%}k%2_VWaX)Tb+0$D^%2-U*(Mj2-GR#Hf~dITC_lD5CNv!ISh6jwNfXwj5Tyt?lt&B|z*mUK26ZjVLN0bJ zvb*4s0ZqknpFx>=SYHdx^`?s3H2~Xtpl`^0Z;RPYTQ+m~r!HSVbM~y_3CAAyzKbuu zc;hdA@r#E6E;|20ZoKJtulf48?Y7%EpkPZRmDWF0^L z)^FI^H^|lRelxQ>yXb7JB{g*->@;RiPd)V%g+hUJI!#SYHIpYz<}vXoOO`C-*kh07 zoO90M@=ssEehc=SxJP!f}iUi&BD6L?&=p`kG8WPK}na`h%rW;h8#J zfsl$^I?LKETlwA}|IAJI-p|g#L2^}T6WonxMy zZNRH0$Qhuiu+qP#C!nQ3BH1}O!V8!n!frnn>RLCPgpT}^v^9c}fs%xte?dUF%g+UjYmtD~c#ij?b- zO*y#Ivw=J^NB}L9nYfAHPT~ToW4%rxiBL$Zpko{)HI8wmukIS?q^G`yq}Czq{%(etFMB+;GR^kWSlIkM}%{ z>nj$_m_o{PDaDfL5+bdPGo{izxqKr!P__e92{S0$S!?B(ajSOCe(N~~J0rBA2U_cD zCUwHD5%jt(Frfvu?SlS60Nv8k;`jFUre5#hAD4rBkAI@$eV1Ow;%A@Xx#ynaJKy=v z!E4s6xnkM!71#6+^dFvVJDCg|yC0lT$jmyWZErh{NdRO8XsL2;7SC*530@jf zDM+Uvn>ApSOcpX3`!5YC&$PLOV+2E#wn%PWhGSRy03|bi@$$oD@scS)#rI;*kKMhS z5T8rT`Sm2aDvhekqN~!jO&5Stc4l18B1GI49A`m0ZU|ZaZw%(D$w6C_>9$l?nct0- zl3qxEU!RxH=g%D)8hKYP=hc7tvsZ8a+BdJ;^`X2GJ3>iDfbe zHjj}>%U@B}iBO`fHBkscCU&&(<`WJzo)dNr$rxcTpr$I#SO0h)4?eTP%x$aFFU7S~ zVqSI^-H`%O2n?QNED!6qfKqs#$G-b6VB7X>ruwR`;<8IGrlF?F=+_7sEA^vA#LsTL zlNWw}uVHGa=+zg9QVFhw(E<#NK<@xzXD_0sA9@C0*AVoL*!NXHlmh%xiIIGfo%sSQ zxAw4T?N%OLzJUjpy~zDb*YeD|ZLHkBi{9Z8f*>U2y3|%>sL7el&{G0V%H<&&iAf|5e`Pp(+xp5EVx3J8c4)Y?>wOHd7iHG3Tq4 z0XvsUP$*H8%kt&R-pm2L_&b$2;E1k|i&^Zt+I!4Y~gu$Ki(`$rDdJ2Ecp%<&x|E zc=OF~9T^)=Yo+R=C@M$srg{_j=S%^@iVY}s>JmvCPge#qN18zIxsY-Yj)Qh88bCtq zVMtjSY;E%^QZP0K`I42_Ezd`jJfo5>^$$IC#VA4S1}L!a%a08Grf<|d)Dg-25v!Jm z5C%9Iw-sU(aZDdlmG}o``OU78cO4mljXMm}KqX{x;W{n~HF)M3XKuXZmRt4*IRC;6 zxaoJl|GUrj_c#5n@wUI*_T!)Z;^*hZKfCnO_wl12{Q#}CZ0%@C_x1GWm6;DoAq2WM zL(@?Q^OgU&n8%-A%TNF9+T`_qd*g4p@XZ$j@bh2(f=e&Cl+gFlyS1xDg?|G=z<#q} z`b0b(;s`-X2vP!Eq46xITAGjAZt4nYYD9x}k7I-eWodXK5%Z7GR@yj3<63uv@emU^ zZX^`9^5bh4+1gZD)`=3<2olZUSc$_I&f(WrT*g=-Ff=z23+zB`RhH-0Z{eiReV5jz zTEfY#^hXinKa{drRf3nPyw?CZP(bY*gq|LF@M+M{-rmmXXP&`NfAZf31K8TYGmGzG zMn@Y#sE7#YAKL*a&U@3xdH%ttlfP44lcS}vm2@_X<3N6_h!m2Mv0=u>#uytL+r!QA zayOtrIOg-x?G3aZcOY**?Rd8L4zO}ZAH9Pkge9L$Dvj%eI3k4<5}`v{>T8(X(#X8d zW)7M=ovCegwASa4!lmH*s7Mj%cuZgtGo>}2n<4AuNPE=?QVjb$DTG7Rcx`08>V(=@ znHU1({b35xfOY3{@EpOWoxMD=bR7>aS;N|GJroKBa@jP;>^qZ-PC9})6WWNB!gD2C zcJ}d>Ykt6n)!Pucw7Ep11-|;JcXR2fM=_Ys0}?3=1yyTJHl5Z|3anzzW4EiAN&A-PkiFz-dDf+pZf5_kG$ilr=C3NCqMmh#V!-~ zYJ_0=B*bwCpeMGPz@>%ptgt~$>#|&>wzEId9%M|rPe?bBw$!4s%B=+a?O_{9I{v~W z5)HMG3t%u0em)UkO|-Jr>zH09_=Jk;BLN!;NK5qOW@xQL?;M1|F(V^v0Zm#+L=@T~ z#>>g4YU`XAi_HQmH1VLi26;d|dfF)Z#qF@8M-WEFWe!ny%PqI;=en*w_f6;B@cZBX z?j7-Ke(_6JbJZ1B{!OR))1UtGwtMfs>o9=XvuCq<^=f|fqaVaUS~-qWP)dpV`UX8X zIEdC-Gh7mV_b%eSef@OoGaZ`i5W9xZz-@Qlo+JSK?lTY9aR`zaYd0~i#&N4fdlPzM zvyp$bR4`-9YQR*H+40Sc*Y1<1A~$nu$Lg-fdH_02()&QGD2zRrL*%G zL>kKgQ}%{eb}p^0KD?RhTV@CnUqMTKEuQD0#!AGq3N19kaZzEwfBgDZT;J!7haJd+ z`9b=34OC3TDiz^gVOfR-sHY2ska#g(h*aMi{R72m`80)%sv21fMPp{g_x*db`kB$=R2-lHp?;mAL?;sB@TSs)~ zqqNslGo!PWh0`W**qo_!HrCKolSQ}=INNb)Vo1Ke>g! zJoPLR!6)8#0hgY641>c%XyM^nKLLfp5t6hk`Tb)rB*||%AsHuDU_go}Xsd%4)|>C= zP6TC{0j`84YY>GzV*lC3*sQS@ao}w9;#Dxc%c!u1N^jk~b>g?b{jG(->zV-U?Ew5Q z9uGe7P~-V;KJSS3*7h?uZrpU)=;-M9%v}nTf##}VT00y(*R-Icz*gHbQ85EE?-wc8 zNLZ#lgyW%QMRlU}%UpInzTN&Zbwo@(!cw`k)-W&xMc;}Isq#2LypA1!3e9(+Z6cy} zb5oIa);Lmt-eH3iz=)ERGknH>R!IjS797zP=s{IhhttBO(o&cNV@t1L5fqB!-tE+B zQ#VI}|Jlu3w*3rX)|}a_S@r5hL!bQQC%N|8YpJctJvclvcI@GYA9mOiPdvHkyKMk9Ttcs0gI==6cKHtHy6djv@WT%` zpNZ%4)_q^k{;S>Ktt}2a-B;`3cR*#`~c!V|E zcCmCzH!p11!nVE<28Ifhg23twKoA(IV^?Te>T8+a)xy4$TbVntgGnv*wA9s*%@|N& z6a|ElvI(Fh>(x?~YAE{}?A8Go3;QV*$1I&QKspAX8Fy?XWicen{{ty;l))ch4TrMX z3_JStpjz|eX1RagA-%O~@nuYk_v#@Iro?m133edA>&lY`!LGO@#4hnC-^R~Sm zfd9W8mtFQ=zW@Cn0&v=Cr+xIoi!QiuWO($jT|LVyL#-f_HexkxjnLj?zHY8Z)K*#k zY`puKszql!BX^tf(5{oT-gG>tN@m}?Rrz|iIeTRyP$?6dGzvuWceSmAL|qO-g%171 z3to%YF|Uj(L8-?<91OUzVs5J<6LMNIKK5ScKdixI`NA)lrzRx z2BA$BYI3ko4kou5TF}PrW>$&NFK&2oQYw}DX*!cWWuN);AAIha#XtOOPVw4nuSIK( zmr7*;y?Vvkp8<1EIN=2DzyJPmk6o}}0e`vW)*b))p${B?+bxBIw`|<@P309EZu!;|zYRM|=|eMY2b0 zZT#XRD+m;6O(X;p+l={6Id&UVdf!N%AK&>X>2!vfbEojfHJc1TPgG91v zG&p`lsI{5L+oPqWg&EVPC-;;JLV9<0)-q_@MD0Ix_kr6E7pGb5(dL$AT+0W2L|*YKrP?n!{#K z;?UWXDfkQN85-rqodZ0(ej7_RY-Rn90SYRj%5!iX$zZ<7lPlM=Xypdu@>i2(a!V7_ zI~&<=N*A-Iwlkrr#%S;RK7Kex#;vs`MeKH66;Tvg10gCD9c7Y4mRUtH4#XspQQU?U zic$prXr7v?ERoP=uAhJxBO>A8T54l9o#u|`7vm3(LQQ73DoDSyW{QAZ&J_AYP~7A2S-{_^+*C%=q7xjaGDh24=Rw#70vEhEX{eiWva$ zXQeB1E>Wg9CfEp3PDDcEFh?eBxx^R}=2jF0};pLuTm zHZop{P(_5QX#F9KHiXbv-w%jXXx5)L>Yg#NG}e_A+UWlarIQXIk(HkoA~8q;V=t~E zWpjy`E-H=mw7o;aDB!n`E;pHL5+36M$$qaZW}J@QA8TvMyXwG@G5;AJHa`n7^Z&6T zJiQX`Sp=JR8VYu8mCf58nX5SN*kfBdIy!Fq z+-JY=!=hiRk5uScIW(xrp%0h?Cmw`2_5e6+t_e;xDPlD|B7tx`sLerJ1GLm3GMVvW z7vpAU>;Yjf#-r?af1LfDh@Ewkq(D~=zHBVj#^j`T2z>v4XP7kZ+$;X={yi1KMxvtK zFEn&Ez`P0QhN?spKv!DPYQ`r)F)Bb;js$g?l9q^$C{Q7IDa8C4h@%!lQyoIaeFT|a z{Oq&d!G|1Ny7YbTecLy_{`K@Lo$A9+JenEKo4_zSI?7#l-PQDRkNwM^{+xV0JUX=T zqKn?L-}GrScGw$Um(K_8xZ^GpgrkVkNCl8gT3X$Vc0)0Xv=LPjDlw5UhC7N-DGr$& z@Rc(M_~a>h-gS71d7Tj@1;uit1RE1lL%IJ- z$?vo2>}#7dYfW{vX#-guL7M7oNx4Q9G>n}z$YvSQN~aNWvw;`nPWl8aR~6|2jQ52~YiSiBa-MoiaBRYG}gnynTS&kMjW{S7EVV`XaPqWS1F~9a$hC`jkV~u1|urrc(!6vuU(}*uGL?W zEW``FGLS}*QOoP=Gjh7INDC$#AFmwv&vsO*0GWziq*E}n112_^E=rsPXm)Gu>X%Z! zlD72jzmsMCf-r)*8aQk|ESO=ww*CWQ5b7WO;Dn+|^nk6})jD#ivdPXltq=6!rZ2*#>^TsFm{%f_ENW zVD1FTyom)aK6E|rJ@!TBP3Z$I2{9d3Khttkm8X-ya^CQa_3t}aIuS+_kcsL!VP!JUt>VZ(OnCb#mHQ;y)C z7dKh03Gp&Zxq?DkiLa4@R3S9?L9u9(V|z@RXe$4sk3KT_*`tpwviVq9k+WxTkUh^D zUW=Sr(9=`SFr-p6)z;ujfs6&0>8cl^O(6)`NBKT z;>RDoh>x6mGzZM>B9-ze`VoOLj3oz$hN=uh`2sgR{sNwpCJ6Hck;M^Vb^aA7LW9uJ zGD$ikZJa@4_>GK&m5(+*a4Kw!BWq(WEu~c3Wgn03%89!=4T&!AU#aj=SL{1G^C&#^O(mc6I@{yBW7EZ|GM|A|Mjv#Ep*BK@@9mfbm zp{Y)LJiBoR|8@IAi27>2bpFZsVZ>vbcN%KfE5=~G+j2LrnJI?GdN*INUI~KQx>~wA zI{`T1gcFiiSiE=%gJb=;o|i12fqaGNkNih$(PiyjM@SlSSu=4T*GLqW0aAf=i90_c zkpQy1c|jN{MoUG;iY1!sYIyTe`*Y1Z&fvPs&gJ5h4yLU>$56gNAqY`IQd?EcZy#99 z`t9AguA~qS+gnrE_vH{NpGYW#R90eIlFg*3%Vnv}rK!$l$fjLf$0D8*`XLr5C=;5r z5+)fCjdARBV||@b0 z7FfR(`uoiHu4_6wQXsM!C?(TTR-{ zGFnRUt7keGC_)q}M#F&6i9O(@QUA05R7I7q?Ht}X*;zL`Ey~>jYnU5ik^$e*#yO72 z1pi1Hs zTTNt>Cv#62Ukt5n+kCg6nfNPMlhx*0}*5SfV*Ebx)16$s51mD%;U7*Oq>zC|KFr9>)wUJ8I!rWwgLYuLeCIdY2LVhhG`91 zMgl?3lf2NUIb*)$z{!v=Ii%c(NV$k8jq63M?yl#?Cp*|VlqMxLoz1n(p4iDl&n+{0 z?XiN~Zc2gW%O}v0xgAupfr>KV&$f9(A&9JIeMm$YIYiBM95a6^hqkq#B84Xe=~Rka z7q8~gXI3$BQY%-VdmP(Ghq!(Hi$)<+=vTkLwDrfZ_h?lF6%l(8WWG&m(iRXWAHPd$jUkJy*rKlD5|J^BK@gTp+w{6*e&?7=t!g0Mg; zm5!VBgrN^O)Ocy`d~OAwyWviHhes)t0+bMVLXb*(#JEfrIUrzyO=ehl^Gqa zWL=4HtX4%78UU%Pq;%>;LDG|&=hkhbdnj+g1Fy6fRqnk8w5lBenUtaaYOQ9?ocYBl ziu#rT5wgpuC5ZQInJ{P-s`fz^8xfPdnn zp{ap^z5$Lq=GgZydgiIO-1?_KFSP7@i6fz<0j5oW$?eeIfNrTnL=n1V?0CthP1Tu7 zm(|vk+GE1`()jpywA=M=?dl3iToG5oHUZK30*n^WVUS1-#FQKJ(1@~{wAw?LLW~E| z>D^pfUQ(U^gIgQAg6>!O-l*_Pu>54A2%2k6HN2r4MvC@S_4tl&oJ@>M(loR-!O?Yy zwcF8Kc9@N!P&AUPN&i)vO{1m?sys1u%Jj$P&6*wD@S9(A?Qx&n50&N*lCm%rTlSA7gCm#^S$?|3`cf9Ja&1wOiB`HH7DZ`pdV zHJE~0n~2tA4FwRZEE#E-+5tg?7|3(#e1}pba2!eK!1T6=1(P!PD0JGv^$of`la@TW zDaBWA^YA>#xtig8ku&Bl;NlaH=7|;S2!g=i{B1y&mIfy6ydOK07L^sKHUdOS7@(i& z0+=flMVe4J=D)crnr5`~iNg;e?YfMHro!$o7WuE+A0`X~Ef658#>Pe(8yWyjDwX2I6Hnmw+iwTpw%hJzN6%Kgnlzdc zZYq`hiIK74*Zel9%H}BfMWQGmD*5#H58(>q)tIn*_K<)jRdf71Y27w4V8KY4B*4)c z?HB_d2Z@pzO~l}cCgZtWcGeM`dC(kgdh~hjdVVb%x_2?VvjsoQllAJXte8US5YH9t z8XD$PKm7~610|YkJ-Qm|sj2eFWvi%4d$_K|S0QV=ck$HvEeIi~&8C^q(!lJlR_0G? zXIe)q6Pjx9q=z3y_)%cl9X5$~;o+rgQGxk7;r;J138*NZgw@DUj$!_oq*UH@*KNmd z-PV2V8E2ebyKLDDS8v|D+5Bq7M!{GC=1xoYM8jH+(2aG_Py@Y#A_xL%Yid6-Z_Yk< zKJf5^;obz`pX@mQ{PVf#rkfb(8=$ed>5dncyl`5<_+8(^-HULA$AMg>TeI4i4;JEce+(J)6#N)@VRW@ zcIX#x0f@rzyUBAh8Ix4L*n`kYu3fuU|I5Ez{N+L&td~H{6 z@9&bNq_NI)E2`2q>bgcSNo(`_$?a6hEp%0+X&30)7VAW#nT z+Fj;$MJ(G9k#YpS(#)AWiT!6xX2FapJh5yot}82?Ar%6LP^)s_kC&dkhRV_eBdhus zS}S0s9DEU>wL&RH{mf3jf7S`?-`YSv2oONZk=(v`6;Cc*!|{jA0w7^whz4h;;x=C?sdM;qNeI~g4f2m+rwpIpk>NA6ErDnc#GG}vTH zrpE>U_?%29%t;c0`1g@5B!no-I2%DHNf3n$k0=`IYk2=zM>BO&8*8@rGOw$RFbauu zfRx7eTWiRAX>MA+jQ*g=SKoam6Wi)&sjHiTcH$)#B@lr ztA8*6xc&B9zI6VD7cNPsGhbc1cFi0>v#DE93eXE@8;p>S%>EY%m^l&IJBR|kdGn@| z)~#O`?!Rz9@!Si~|3e0=docii=W)|bH}SsrzVBW2jSWNneSN153=SrtL{6E2IAlJ0 z&NSF>225%;W+qxfZH<}lSLY0}8ogVlE%p#icl&xAKmTv7f=!~4u>0bq!j(qbzkdMw zhY_|SE6=ud#fni@ct=$z{)w`rur?fS%X=~3$AMRAJJ*b#AB)7u*8$rg_Dp?zSJ@w@;efepC zlukP-ovx1`yR&;o691YfHdE8y3Jui>G4nUS`Q32OoAq>y-`2yOw-8zv=35h6r5A<_{jCCRw(p2Gq%o}dr{ zj?2`x7OGQCyz!_5DJe~0XZV5E1X>X&Nno)6fdv8j8Uh3XP!JI%0fB&g6fokK81n-P zVUZ|bLX8zU>bQfr<6Y-*l^HF1qM^hArAZ2m*fn`#&)< zn#a-5N2_Tdr2PS|X$vSM`to$2eR- z^0=4$hwwdn}h21yu&?9Enh)@-+;xvSV^i^+K)tqc$(Er(N!rchNdYM%(Z{p+uz1b zzx&-SpZV-(kEpM&e;~Q_clN_GD$N8*g_STC2%NIXhEV^UIX4Kzl<% zV#uVkho64>nOEI<>tFun(>w0C6K2)c*8VnWXisQG)>J`*6*du3Mb}6tD#&9_mMw)e zS(FiRkpf3YNLfHTAyOJZm#L04e&jKsL9nnZq7*8$=P;?Y86S@`4n2rz6WbXs6)7Mn z0b%4(BEq*6K3_|GB?z>{*WfFS3RoTf5mlRy1o>M+V{cs`rv(2yt4I zD@6z*;|*W(p4@nN+`ml127&0NWu+D4L4=6x zT_yxtM`#@qsnD`UG*J|ybc9lxFx2?PBGuJt&N^@ww|)AZ{NeJ8nbpzGr9b!;2mZ&m z`N+@j;Fk}-0FH~UkPz4Uuh<+C<1t~zxzg+l>1?J>Yn}bo4Zq^@%P;30Z-3js;Naj1 zu5=!-_zErhhG5ZhWU*w~9vT@*qZDXg{`n;@xcA@vQ0?9X;D7nZWOFQ9w1^W=Jn_t1 zZoB1<;o+e_O>qk2QhOZ%+1;AMx>z|3}?ldrtG` z%@zPVdv^SKczD=c_FNTAX-Cy&ja?~~eh$iFLmcabrdU1ZAss;^1d#%zvV?vuQIsRn zo)O?Na(oCo)1A>;0u+%JwADAFLrr6@p7)$_B&8DgktR@36vCkRBk&`EuQ1;$MW9S4 zU`%R44PjVhzZny_#hO5`iFaI zpV-dZjys5A6cFl=`!{Se*1Ot(I>%Z5?%_5PRyk8iO-e;%OUn8WXu?9lSW(+gFxm~* zvpbY07#!xR@BWmfYqye3rwt9*9)JAfA18hP``>>}*765G_yOMk{ts^1xpU{U$#&2` zL~s8fQkt2#R7Pr7+A2RDQO0b5vi_E+NC6G!GP=5usN{|0WAS~_IoOexi&B9CH``$MI zTyxDeX5KCx5vu5fbUOVr&vQ(JZD?!~5!BT~ZFM3U@Tto`{u~%f@VyDZ z|H5&>o6e_L7$cjjIqjKe7XNw43rh~MkxWu;klf6lf}S-2J-rKRtI^r4;qcd1qdnK4 z<+Tys5EVc)p~ZMk`Rh>93Ly=ZZ*TpPw=Ku}6H zGS8J%r&8q7Y0{o+pAXtEnVINl0g3@SjEp)~rJ2z`X$wHdiA(GsKe-hqv>2^`I1zGW zxoV3Al#-1?*h*g+F%Z{9%$W)Y&o(zYh$xEm$msCdi=KS)YYh!`zX163l~({z^vjjv z!0;GhP~szRdo#5&rzVryp`oGEzW$$It2y!HlV0_V-gNHyEL*->A9%pNzg@Lr<$(yH zH4^4d1}_C&jrKiPoQH7C*h56gSoHSZG(m((`c#S_Oyh^OL_v-y$f84Oq+EnVD@C9} za-K;H8)|Audufz#C#~#SE_6A%DYX^sTVn??* z&t!yCfe+aumd08`D?v>mz>SOxr4)i_c+@D^S%7Im6>M*W*^|-x&9oBHWiYDh-o>|W zdDtXcnX)kCjW^!-i`Qy3fA_oBqqWX9)Hh5>7O3aaT`ZuK(FG7Hvg0W+UQBcx8$j5- z#Ii)RvK)Mq+zX*zl0`d&N&7$xO{6vHlt)v>WyzKvQkD`gg(L`zXdSVwZ-iaLqs(k; zAylF5G@6832#u1;j?r|5Gh|$FSm~4mk7Terr66E1U!=3Sj!&I;9JTe;;EM9NLbw%j zKH}x0f1(y@yMdl-ib2qU?|Z9Pt!k}&R;VJK$z&)Ni~rKp)byX}blPMZV|jRXEwX12 z;YkBP?JNs@KKsIR0DSq&Uw+MZx4j_1S2^a*o5%0}a1*DVa%%5gci+`iNJ66!bT%0@ zXLS|K=z#iaqo7t>gHER{ntyz2UuoA?!dS%p9x}>Gpx^G_S3=Oo(E=Gy<=dSiSV6y2I$~BwEAtxbnATX&#Oe&WREEY}hAJVcaviev zad{mvR4k#D%W%P`r&wUy=m_fuMp&_HfGxu#j1@u%eek4FIIO(Mv=~nh+#M?MO8J8L zd*>-H!~3<@Kx%=K8YZ`x&v3M0=w5z^Xvl%tc-Z5eFJLc^>?}U5rxcz~Ymm-g$hJ_L2{Sv1yJb-iF`6h1o#Frs5 z^1z23arl<|?z#6BPx{|J_7T2$-M4t>+u!x|8~^az3nXZ*wa{Hn$i_NUdxHU}hI$+= z4DEvS&^VwXYBN4Fsscs>NV~=vEp$^j!his^0u?E=f-v$4D3Q?t+Xf_rP?Z*>gv8OB zK)cjdHS+$mj^;nU_Zz}gnliXl?IyHilf_E>sg9`2d8QgiBb2d@MG1s8hbj1DWKu2< ztz6G-4?jm|XFHdka1fDF)Ojg>vtoluYO^U*(J2ot!iu%G+x><}46)KBP5qccNr8w2 zK~#dV!nn7stE-F~Ttl6aAl3>o8Fbo%)tixkQkpxSUJO3QRBC7hK(Ab}y8X4>(`L<@ zby^SwrzFDv6I$tNYUZ{L8#!cR!NG*U}51*zx)=<%BkQmFFpDk#3@>j<#)POS)q zgA@v_B{DM7zDg@5cQ*6vnr)^AFai%0!%>vhEZe#r-}jk4p@m{#fT2Qbgtd`26FQwp zmMe@Ebz)JTD3byzLgEk!s|@Ie1WMz09wHx@(WiFIf04VbIbOQ?Bvfa|fB-$u0KH3y zVzJ1U^_yQJ;!rFae8vtIJof`o!J@;B`KhFJE3eW5$f3yY9X#i4NLx1v9!}>O`okHhSr~oIz;kvS!i6 zvYJ#vnDzL;v^xqtrl9HZzSD_tm)7G0f1*`U25F6xx{c{bF;LGBV0ai&@(n^=+Q6>` z#3*k|aj%w=>THJ2>KunoXk~hR9iMsl84jM*!OiEMisQOSk;0WJ+Z(XvEtpY2q*a0m z(8@Y`>CkKhQAC8IFJEHit^r=??&skxn_1I0%xKk{Uoy$Z!7RUUU} zW$+VXpBd=JdRX-$j1~mIj;)*YKwr=OQ>IKgroXQ*SuXz27{jB3(5(3KB^Pu1AMT+4 z@#h4>=b=X)UbUyw`1mJ2#(#eGIzIf756%DCPk(++sZbCS&{bKO+J&mE zhDj|J`=%`)S|($giRl3jtlG-F>VWyRk{YjyF`Xd@Qz%Cx0yDYQTA=Y!+Ociekd!Xc zR}6S&b1k4qJ1KA-3l3ETD$AJ%?aOs-_p@VQ(Di+x{^{Fz~q(&!pP{v zOUv-q(n!PRqhYl68OVox_0JD5mM?I{TTh{*p^mXak!>Sm+`MKBIMP;*E?Nd<*(Dv> zfJ1qVWmSZPuc;m_*@v33o(dI=j+O&R+Ji&pnZ&B654HM5gmlsS&O}b_LT%iMD)~?- zA$^JRKxEvc&g|*ye$Do?B}~S_ zLalLBWaO8%Kq`e4j%8(3rUEux3dgkEwfR~RSeHoqk;w?94Q?nBATT4aDXsPV*PV;( z=tU5y623o-bUfB>?tyfM_L^#<$RtjVkSL{)(vB)9dlkfz3`$2xZNEp@ZiZ6^GiyO8 z6m@BjgQrd4?nO%=lQMSVmL;WMwuq=m3Z(#yE{9IJrg{g8r4k#rZ+_Y9u>XDs^Yk-M zTzK+{r`-406OW#d&*x1BxOlZ72w`Fu)YT%2yYT&hb(=PJ-1ES_?#aiW6z)v`{=vuo z2Ohw4i=XAFqmR1y@yDL{+PZb?%Bf#NEn?PWbbAxD*TIBVsHrwBJI6618nN5??q)nM zD}ZAIkWkje))--+A`_5P#wAT#baE_38&jpmIoFBud{PTQdM5DaM-lmgbxSkU6Cou! z2rWp>p*dH@g4Ra%ZExj(wkBpZ)H0#2j>b%i&p-M!A`H3un1j&LL&zqSa80bJFv<~V zw4?D5yJ2MvOIv9TGDJo`O;tX}O|Iei$rHHrfZ25C3oP#*;K6M>cy`MUmi6^pUT$Ph zN>)^2jwz;PG+q)pNqqheu-_{{CdSJL+n?1{Lv1x;U>IgkLDbg5>P_f%TWw3wfouk< zGl;4xbWOGWI)!#!o9tmMp4*#^(bKxEh;2RSC=$g&L2cZ)@nI@h$rOrg85v@ME;6yU zm9KsAQ@rQwcNp*{s0|x8tOP`3V?F)-gUM;U^{p52pI^O>uYLV%v%mPctN(j=WOxRk zm5_p&6HLW1yQ`x6Qz?dGKF{gtLC$VmM@vdE9JMi|txu59CInbvC@hXD(j`>IfXk^tKj4 zG@f=qXcP)p3lxe%F;C7-@wNLO=kcdku;0R|y#3hy87hv^=%xAD^0nj#2O*a+bWT|w z$(calll}r$Oc=xCceG=dQB<}PhjIE~XiaBr1G`2> z*fpA`v#y1LKSqc^_$8LTxRq(G4b)a=h$@@{r5LYMP{}}$*2GK+EBd9B(I$u~$x0GQ zlZ-pAq^+(hF+S6k66@n+!}qjVl*NFO{XO;9h1BPsf10C@JX+jy-`yvkfByMjdf@&C zFYD{y)d*;otQQ0kbTy-Uc7cWo6DGd>d*8YK7r;Gx6M%o<(bUo`o?HB^-tU0@*DQW& z@pPr4csMP@v@Z0dc64J6%S;DP2psvq(}br5**0jKbKc$xwymwo3tFg!W6w>MW;BoXn{+rf^Va z6CJrUS=U1dfhTiFC&gpiH}cIVU*L*k4q{$IGg{UnrDsv^yac#tOg$)9P)WPcHR`!K zg^)Qk5lV!pFu>C#TB;n5pOWF&sU3`ze6|i3_}b%(d0@+S!=w<_;tK~vI9@v-Za=;* zKuY`fTn90w1wA}s@Bp1nP@hG-@FKczz>H3UF&G|0i#}7$dJfuk3=Oot25PGe4j}6x zs;kipXQR8C5lh#hM+>rS`d|;g#M+%ZVc&?6V1$d0JC;AZ=Plg+ou329EnBwg=H`a$ zcI_JY*xTR!4sN*NmmGTdVf^~nH}c^Rf8g_1UUB8SO2yKoc$?GnrohB@X$B(SPRhjYc&qZEG=u@It@TW5Ys3#D95*xp zz>$O+O2H_#8Np2}Ht^lQJPg?spE>U&B5i27!-3E5m#;JP+qgTULM!l8PC3l&tP!q6 z4~!u)DRdAkehH*yfGD6eHfppq;%vO56){qP^;^+VU?F1~#(bm}MAg=JJ`59$4xLKd zL_<+17GIMkd+wXw$jyKF)3B6r2`_}x(aQ1r&!)8|L%|PetV;2w+0%J+%MPx6`dJQa zZ{wU96RCAF4EaTC;G~UmqcW{@6+>C=nJHng0m=f1rNE%;rSaED&_34Np(^9yIu09q z`rlBUo*l1u{?a8E5zZ9EbRrQq8cI0od0kO=A&>$m} z5@b>ibtxAq9THzPr7dP9`YS4i3L0pftX8G>Fw5QZ@yKJ3=yT6Kmz!?7>5BJU@}8T2 z^Q+(dF<;0}1Yp%B=xPPW(^YAwFlExDlhG{MI|BFz9amm?C0Ad4HGRFibW=<7(DTne zR~vU~5kiQ4XP~>9p`i|DO@PKaL?(-t+ThssATRs3&Y)w9OFb4KO97ub@?hRLYa#uG zBJ28g@J#o1mhbFkRo@`X`}-N~E0#4p9f|NLql;$?h zpEHfO&Y4bEU5-dc1d&3@G@e^cCY3`9kI|rqA1r#FnT>V)%f7QH$P{&MmWa@}Zb^5~ z?J>J+mf;JACX_g6Dx;Y#w1?w(q`fSmZom%)7%L9Zk*nr`4cl10s}G71oh^+F7seRP zmk_Rpj$6Z)KA3bo{u+G1Yl97hP@!w95Y4r)v)?3d*=qD5^Wgbauwz#lU!e^TA%AHHd~t_h4_kI7o0HI>i#}_*`;79vmIPtQ=RbNGPu%?o z1FJWfVUm`YeCR_Tx$isQ`POZ94fQN~;z^D^_L%Sg;0Hf`U&&CYg6}mc+liE>@ zwHDN9MVpi!-<{GL;Y4gH*6@uT$8g}tCeCYK$Fxj8j*}wNS)}lYLX8j}j#DBXhCI3v ze(`vgo-q$xZAJA}Pn|$} zeU9M*RC$)3svxB`T9$ZW*8u-|)15Fh!uiJ@$^lb52!axxo8ifA-E8dX1J|>;V`RE& zN+hEXvz5!T=+Bz%=%yMI*h9l`h*9!^(5SwV@~8qc*3(17Fj62^i7-i(u|PI@AZ4(e z#%fPUVG`fh=(zb0f8xxu<V!mfOt=ZfT&pqm45UnoSf5qnEEjq;@!IS{FxlweiCj zR&mL#k8twzPR^V*iN>ldN@p&Qpj)|1Yw&AVFQZm8O zI8qY?KD|Q)lnMw#pInv8^BcDjT*KNn~83&L$o)dXG}04Ki4tpXwmLk z;T6IEZvvuOL7X6hkr8G#H?V)lWQ0>iYjuu}x@L}_u>c4eEsZi%$g^d5fM#SQ#r!)9(c=Xj*_$fcXi3{VNQG&9~kwa3O&hss>yxSK1aH65|0ItGC( z$ap!rM|bkEd!ONti&v7ZuHw?e7VwEf=hKrfaP5;zd1(D+hWyYn>||Mw9r5~TDU8q9 z&{I31Z_EgJh``K?7tS`1*|94LB5{)^l}ZV}l#bYm~S-;gY9V)K`Q3_;alm(**?FmDV)5iWq2~A5)GiMyO zfM=GkCrVkN1EpSylT9j7!5fb{kU}Xm(o@E_WfMgU%O`#S&`7fp$eK7Nmvg1o)vskL<4BA0h)? zrnq&spKFOY-H$W5u8#R_bqsupgR4kmV)vfR6U|Q$GEv%fA5(yxR4d(At6H2oXiPuBxhP1JHHE;YVD2?|t|F_J|{n z5RX6pxCUO+;J-Hk0GeA{#EMlb^@92Pe(%8tAAEmYA!!gyXoDFO(GArwV*+|oJ0hJi z!A3=PJ}8nbAIDaDVPrJaUrtJDcTIe2St*o84-6u7$T3r=GO4~56&b)xoM;FHj;x`n zx|+7?Ru1l(4g$tXd4~K^1`7o?4h{0NB`f*k($%0#bk^5#&a5e%GixgQwl~!karlHzQmH09;i8n8>BVxtdlLTG4aHc# zWn!3uH0^t#H4z#qBn|-&Zd}2q?s=3KHg03~gciPV(s8_D=6nW=1Ef8V>rXv`McZfb zUr#OLzKxp==*V-*HiYB40K1K1{$}H(iZ}go_kW~}b6!USY~G1>9E6UHUjKrb6-j`_ zTxGLjdRN!`makpcGDcP@(`zv1X*6HN*AbgrrgqXiYd&LiLV8VGNoq z0?hNQ??D!dMPx36h>S8^BuzIX5(@Bm(-DX8&EMY1Kt69RR;j4ADwrWb#LP(@95sI$ z#ZpKnoduzBv>=ip`Qivad0`d#?q2k8fs;=@fCHvZ~8ys#aTLTurG|g2B=8>tt{gT~lKL6Ct`-goF1%c@ARvdi3^Q z^EfLFjyA$vvAlF`T`fa{L;s_F?#3H$9K+$J;-vCRxd->JMe)7JLBPFgB)TTU|vl(hLX)-B?YU!ec zv}%|zueE`WToq9)CMC+9K`D(bZZQn;!ve0*3>AyqyKD_DO?6CfZA8VLgK?s$;w4|Z zj>L5wLKRX9Beo2Vux!^LFYMUKGu?f3kCmtqFtwqEPaSa(XU?9&^?!Vn8&~Z>duhAO zD)C!;s3 z@&9ZB@Wn5FiL0)W_VH)v z8!kasBO+;~g`EnY1Vcx1lq8a`MD2N{=8SxKgrG3Y3Ef_g=pHcL7EEFwq>J8fmPrn` z^_ciw@Yy*q_$J`g4}bW>wZHhqFD4HT4u~mJX4X%gH0c*hmM@vy-QAn)AtxSp+zo&F z%b&lM&1Nqz6beu%GPJFSjs1Oe)pnw_z}FFz8k)G`s*m&TXWs=Qc~L4AHSp0jYt|%4 zKHb^~bEg>a;`B}fJ_{|#u2|&Xjy;Mu&7RFz5SfssA+JVoltap`LP{4YjFx@gA3_NM zks|9k+`n-P*F3xkT*m<3>T)mjs)*OSUxl97hE_gWq!3yra?r(4F}rgjC+xouf4KJv zM73*^ZP!+SQ7pcWqe3n`^)MQ%t5Mn^IaojyeZ)u}J$;gC?+e@ZCZbd-#`L{%g}9>+ z-PLYb0K=n*{vq@u&za<6tWf@Z>T46hEIp8z0O>;yJ*@ujyYBiQ?|BbCbpO|rZ?YNY zESSb2GbU3k23G$drY&1clY#bAiZrD#z;h%Av^8;1TQeoCDTX0^V+Hz)A>D;MJ4Qy? zGCV?m!6yV<6iQ2c6;V(TZ1)1Qx7t8_$Yd5#aSuC8&{>;MHKSru@Ue? zF4%8Bj+ii&ksv@j!sG{)+3s%Dw$vJpM?MJAdWbJS{xrF?%WvOu9@A=S7>zu#UJlRA zkrIxj=#{y+-?&G7kKLi@yf9xTA^`z5qoEl1zZ~eg`ld8t^GK}PR;raudz3(Ir zoY2bq?|hW!x9>2>X(fQbBGRoIpLB_IWHxdw|F$l`%e4WM9Kr_Bw1;k~h3$O?pMWqU zBBf#f8Rk-N>p|&={=U9bCQO*{$B%yWqvrujKkg>~!JPKjUs()V0)`kJ+C zZ(qH3%_WB%cIf2o+qSWF%T`dD;hq7OY~0FWljb3%gH(b-P~cxqJc-|a=wG<&E7!-4 zIp)o~9!%?kDeX{I1^aYCuF3@e_#~Ak0~|GZUkZNFj%yV8QXdG1>U4v>mWm(@38Ffx zGEL@rp3C;J(17P+yo0EOd^29BLYUThB#d9SZKC6#kdcEV&D)MYj6dA{5L%}J$A}HN zAw;%K?iZQ8-z?sF;^9O(Am`QMI5~t0$$2izc5dPKtJlyr8qnQ6$cHXGiP;lc85k=d z9K#a$%jy>m*vpkKb)&3gl}OX6qTr*7MHn7M=S#*c%SoAg!HV02LnBZO#&^I5MiG7q zrgXxxbtc))7soHMYzjJ?P>z895$GSb{cS1kzU!{`(@#I0JMOsS@7nK9IO%xqzxM%N zcy5W8{Jpwr&OUs9Qfa~1s4h!b+p67>4rteOWo$6pKDiya!3iEzhlnP%~$G7dg)%)FF;=$rl6G z74qauB}PgC`AAbz5mk;uYjuXKbZN-C997-U1+%8nP?a&FLlFcjG8AP2zEZf3M1%o@ zV}%O3X;R|9%AQcUw#&3_;W!C_BnX0p_y6}C|LEWk{|_nw&YCrg2Oqqj(@#6&%sF#r zj|3(E>;zL$yg zfT|oKRIgBER`$RoluGEKAqWj8_SzFqq@;!6u|~YSPQF#zjnVd5x5PagHu3uxR`KtL zAH?M9T5y|atm>l5tHTj8ktD4Q%!#>&b;B$9LtOpnBHC+meEhHl1gZ*0X3@LRc%*#g z+2nZnP?0Ef2}>bzgh1&MpL_UrK6=XoG^R3q>9k|{=BaPM5p{%Nh(Mx*4G~%)rAI?e z2MxI{RFGm)T{VAs^C`UVpoLVa3f+UG?hTD1n@VAlyw?aIFmC*3*#|8RmI|7Pr5h8J zNTBCWh33ZibI}6>1Lq!m@WEey$GH~?<9l8{-u9Na@}r;p_>PAjen_lbxw7<$PkwSs zCY`wfdj|gYUY=RCk-R@_#wcharSNr$?|$gL)Sh~{X|<p%9}14%cOIRSCP6;5dNTIETBGxMI$P`cuMb>Ab1H=- z%cwt!z{hnZeT6YTde>c?HL;V&o?b=AUN-c0nf`V0gi1!WALTLbLjMmxUOd~b}9l#lXV?3sWgpMDdxA-bIRmSPMa~A{aRX>)zZkmt*uON zs3YUK_Wk%20-rE6e@keEYr7DIC}Mlxpy^!2>a58w@ptSM6$R1Q*ciRNz5mql@c*d< zps~J*HEY%|fByVWEM30z)>W%kS0|0ht`@|;(-Ex=uy7i3zgcDjjZCmoo@12Xo>_su z<1xhY4aV#vl|s5{v&T6OqNxso$OO}uMUTqzEYmN-zySCW)#(&JIO9}Wa;*fuZ(3x| zE1LwFOj;mCK<{WjpS<@`W;Zu-P**crX34l!XdR;X|JZx$ILnHw`}Pim-0g^ZJ z{5X92L(fe2wNq7l@3q%nD>SqCgG@d2APS;XE*hU_H?8IVwVS!>*aN7Gr|`TwyEjVj zX>gVQrcm_K&kA#_c)|mUT=wXLT>i-OOl)rAS7#o}m-j!6NXPMoPf3^4TG8(tF9ejdG97B5>z zPre_aLtDK`@_vCy!-jL&g&&1EQ(&)Y#(ZewhjVZ$;!@NGGP|a zIynjjLMDwYs@B$aRae9%Q3g6i5En6n0OWH}$U(6Hg@OrwCPF}1@?Mwh%oT~Eg3Uil zEN#R3kD`zvH7y*y=VU1643{8VgiH3_^U^g$zHckPH%iu(Wv*-J&w=lo3ccVX z3I(IjVfRrn^ie(iyDb;>wsxa5ICm;y#L&t=HPylFNibog+3U;KL7%Dqy;zKM&pqpe zf5zGOzRePfFKCyyeGOi~{KNmnwaCe4iIdgcrt%BZ?DG0&wKg!oG1hY@}d;)fxjeH~Iu zl#pg(%eFjAWW-#dNN+A@+d$SSm1-Mc{pPBH()r{#b}So|QiNgn9~~3_pJ@SjUYzdU zE`~M_`^K8JYraz~6f3>a>EmJ4P;^5L>^%)y>QRxM?C{LIt6sDgmac(9jtOI@vazon zZHZgTLa5ZI(e*VI=zq6?Ta>z4kS~B0YjLFJ`|mo014m6E7Z$9%WMr)|cb})3kr*>` z>jM^QesHnc$quck_$+OE_lIC=PEO zjTUw002J11%ZhuH5(0tqrh5;Kqo)sI(hg%t6ZlKiVDZly z6|fb)QYLswff(6@?(8)rz>-F|R){Dv{t)|2g(sJS3dGKi4zB&_PyPnf)TV31KsNKb zr_E7E996sEl?C+n_Gk)4v1-{`7H`?a$cB*!;(*50lKwEy`9~hXO>363VB;o>1jJ4I zqvREPFIdl3<#(el=bY%zF z)Zar}UoYFT{p`qO>B#2DhmiFH{3w88!1jTD0;Nz=nfBVCsY6AeU5?*>AO868iyS(8 z3Z55ZSbZbY#|-EF#~nd)O&Tp?Br#)VDW?Wk=b67P$FwGwxixis`u^uQVD40onl+wW z;G?A=7N`yz7C**rq2^7yWwFBnY-Ksr)S zojOgdTe}|LFTg+^R%}4*IR(AfROo6k>$1Mq5XV9vmaHprMa=Gs)P+}GdDXIuF1m5p(hVkeC~%E;Wp}lRzm&5ar4GeH6nyN(c7-JH|r< zZAK+ao(W|hoLTRot)4YLb;%Szec(CnUa*AOts{xM9$&rj0kXwBA3o+libaD$ZQR*I zluXjvP*2e>a{nu`mNqr$!}+x@a`ozk4n z<`zrG8dC|2Cc13u>?bM-j;bol^S4_h$V!VblgVItW$z>a|E}x&^UvqT8*k(%*Ig$+ z_nFU}-O=6o9ibx)QV7?9nd8tShe2Zv9554+PM{-QaRcklpkG*w*wM+PiBtLE$3DYR zbN6QWc_)(dLx@>gUmoYk6kdPHsQ@7`#|53Ae@&|8z-!r{WM+4Iu3f4JiG&LjD8KamlHE&inK2Jh*Hr z$Ih9=Z%#Uymh=dMD8jL3FRpNH|JBS&I|!6khIqNS=-EY-a`cJUl|(=7l|c2G2|%*f1#*VPz* z0HG`+-F{9gf|?pQU@APf0*LU7eyTQI(>;*QGyz=r@lWu}U;k>*QyqQOG0c1Hk?#Y? zfH;CMBHFl}ho4)V-b%IDJLLqQ9G$!Kw_}%C7@q6#2-!GyRq+@Xenz$nwSyP81 zVpuvw(sOZzWLQlS0p!Ahv2V4gh9eC@FVYIBONpa_OC4oK?o^~1l1y^?lxb)wO-iVh z9p8({g?T!%J#^Lk$-$o>K<2oSwl6KsMAGKGrglh%Zp9OTTzMJyH*`9l6Z6DExN+NzZ+ z_tc=-+AeeyBBoD-mL{_&f&kjOVC6PL0=6$?(!`0I&pGStr+#qNmH%+?2PgzZSzfEn z4NRLb5|l~c8`C54WD>27Wpcu;BN1;Tj6w>2H-#XFA7;@yw1MBTq~Ve%q9yqX$IRht zs884Nn@6AL4^PeKuCHFe*p_-c;n3Pp%dZ|?z-b5VMPuB-#bM3XE`;YXZfFCmcl7Y; znynxr-h0Sg9PL`-r%@mbtqy!z9t&MQa==V3IdpFvj83{x2CkCAHNmgykf92O zElE*_6u5QyGInDnaQCb;@P??~sErGBU1a~)!TW%>}?2k)7<2f$fg?>JL-|alSVl@{Wun$+f>nIwM zL-C`?SjHl8ZO|7&8uz&pYA+-*(kMp}X>gQ832mJAgu{^ZDEbQ>jIDRM=iC$c@O@A4 z(v~)>n8<5wT}2f{zbgss&9(qa=!jNENJMKG)eOrr;7LP16s{fVQVQjb5=4 z0U}$-HO|>{&b)=ME<9#;q9OAhGwPocCysa4t=nk+vNyx+kI&~T?>UY!O|=jS9Brzf zq7!k@$WgrbkxvjrAcdeV7Q=ORO>(LsPScjk7V`v=-2>WuwvP15?#~sOWr>msp(6y6 z2*E%Q;95Z@Ws@qYC6Y8F>S`HL4-g==j~`~~$n{fH5pl;uVGeO^A!lFt%xrAt7pI;~ zJXR#*hc<~dFIy@ICAek|632=0%+_wEHYpxo*uj%8F5$qvrgG@CaYp1uDjWoz`8vRd-FbZZ@f?z3u-o&6P2r$P}GhG^lSl)~@Jl%_yLDv=8InKM`3e%GCI zW3Km)f=eeeQq z_`~o2p>y!VAO6r@^B$RZ=H@M1070_3hRLIb5Je&B*8@KOd>ZCCoHGMq&eh#GtE&^XG9IG_DvUk^hYtddmqjK4Wp zg^*AT4dkE6KoC;r#<=3x{rL8w`y)g>LdLBgwUuBk%aW_t5cW#WR|rXae-D3MwGJG? z1+%A+4|LhNR#e?(qlYakYgQXAeGPbGfL|?K#@g;4zPRsPYT`|XFt1G@r%d9LRU80S zexDULuu^6qP}16=B1m`+UAYcEcF*lRylNv?oNyS|9Dgiz$rggBBzWRjltbcZVVuU4 zENd!B%d{3s;#hdy5fZ62D$Ef?eKaQH#AS?zc#L11a41Jk7*)1qE!`I(lpQTADZLrv zqPGtF+26O1YuXGNnra{&w`6ID!D1l_0u5tFB1W{BM~D<_R;@mK*7TWsztOXubIyCd zW)>TeDbl}kJ-0r-fP|yU$&Ik`y@epelO8p(7%9)A7)4}?A(>+7{~?)TQ1!h}rdR}f z52T$gK|s>0Lt6JWv@wK9cxk%|jMJe|3Kx@*mAb@^{fr{52%?A}R0N?zpwi@{q)8l9 zv1Icz$bn5ONz8MZ)HnoJNJ@jSqMS#YL)|FQYkZ|RXZln|r)#<9zQ@3G`P6X-Q5%n! z+edNN<+06ewD%5Fbp1=JxVmybMagWcB&nVC(YXMMJ|bsDdz6NJ5rQJZkpz(<= zr0B_HS+}8$<7Q8wh~}>67lR-0xf2e?bv$%r?z}=Eg)sUAwvR6mNPEx;JGN^2`v&Dy z!UTDtB}$00y|K1NPC*p1wyo2kNkX7Yt-?X*;NRQ+VmJOH=9@4K|Dh>>cMyPo;99a| z2?rf~&>r)ic=UlCJ9b!562b5mm_8nA5-?{1jJ2NJN`WH{0`T-gs)wzSKo_LANj@*x_Lr0=S4G148Om!x0kguNQ7bV>QUGfI6RMdvyZ#G=a zacJw`#;Ld5#=7<{u0P{wPMW+Yu2V}GTFq`zrHfEig=t~by#i_YW=4@!fp(BmQVeoH zFF{yjRaX}eZQRO&ZCz~c??Y>cKq$-A@XE1R+e}@Td4rGrYMiHxz+%yEd`0d&5gbNRfxt!>-$fOpC%r*PkW_YHccGtM}JE3Wv#a}y>^ zaMrJ1ZwL)LyZGtdkMV&c4`Nu;IKnWp2U#UqjH>t-ZOpUoJpP<4~82Lhf6=nV>9qV{ebLkb*@vw5IZBDRFypM4>`w3+Q4{dBeG) zG1^KA^7%ZvFH`0+NJr)g;j3T#5?5XQWBg+Af_K07ym^m3{Ky|Vx;h7a?#XmYj2%7p zf%eWF9|79F_{Goj(T{$d>#zUyKjkcJ-@a1?hOZ=u$Ej~>pfQ~w?j-S~XXSIn?z>!e zLzZB1fy9%BEST~jN@C@E12iV7u1}^Y6kf*l1jT~l$wjNJnYHF84?M}CGsZBYK8+v2 z(#`E`&Sg1mzgf&*xtV7cuVK!t37jxz3fW?@j2=QMNL&9wJ-EU)$RvZ>IAzkYuE+=L z(m5ss#UNm7dnX84DY44TF!2UvK)Z502MZGI%6WPR0r(eQ@ucY$wzLczx^DH_MLV|d zD3PQEt-}y|OoYZ7b8G{_2UWmJ6CpUcUaz1wQ8HCD=kECkT4CJ%?{GQtg z6ESNnAq;t^wFSluL)c1|l5&_7$gB^YI}yD(PzvcQj-E1x$KHQ7$4s1qE9(%Bt{i}> zWLqh1<*&;dFcKyJE3M4;8iFXx&CAz97;(nb@!-TE3W%bRC=4rycUiBxER~K%;3~)k z{ao|XLM9Gv;v;is5s5Ueb@RfWg%!?#u7dq_6~bYQ8?6Ynq96)HzE32IZ0udd$v54} zx}81TcHXI+K4TwTua-auAeHIoRcrb0jxt&9+e;$~BLlMe9rR>3bNlk;oO|cP9R7!U zx$5zkS=Zak-Xn(bo*Co$#GX_5@$pA7BN9pU$97NSzjq>3ocAp^ZdH@fGI`tqOi0VVS^m({K z5_96Hu!z=CnWG}A^xcJ!Nb$xsio%%qXjjrX(96y9=A%*`mz;Jug}`VGIF|FczI%XI zwsxRJG`LuE>^>_y!5M)g1USVIFXN+i2>tz4LQj!F1oA$PfFPHLOun4yOr17O16*~r z(cbygXFjcN`O8gz?C9zgfcWW8ui59v*IvCpAoAIqSh;e=Nux%LF3A%9(}F)hG4Mrc z{Fj;pwT(5@rDAw8VLU@#m-AK<1*+mj2yGot&7_D_0#C$9$7-mFHIq^qMN+ zSe8c7P(&&;0bd1#QPKQg6;Ucg=?K?#>FF=<+54X+3IiUz;4G##)RQUXNw}U-mXpeW zxJp}s(QeKlQK_CGMC&};d)jz#-8!ycw499{156p#$fZZ_#c|^&GNGZ7+E@Zd3JPH! zR|kx5O!L8e9%Z2DqaD{KSd`_1wf@H@19VyB#y&eT=YA2Dpjj_qyJ0oc5QKmP3*&O7`N z#tj<-p*DSZUMtGl~`uk`09>DPlbI>Ox*!zKKtt{VpaAA3{$)XT0OJB<8^5o3_!B%NoLn49+&q9Rh$4J@G?F!vew)^nZZe7u?V>WfsQEjXG}}Lyu#@4gAci7@uFADKl+QG z{d~}S_}u5d@bd0Z%YXKD&9&Fc8-Dk@Jr^&wMsl?&8XD5X9D(O1D@HoIT?d9cq4l6e zZkKWeGSjxrBgzF!$k@h4?#z2j(whXjh(JeC6xBYu2804P*BTVR7j2%sRN4^Q%H>#vd0p!5mPWP& zR+Grp+_r2LOCt+k!s|kixXO6TZJVF)87CX6R*;0Nve<>R?SKdZgKzR=_w(!r-t+9<(Q ze@I$u3lUew$6`(jDP#Cyo_IW6RryzclzO+xh7cvnsMV1Vid=E$-xxNsne&g_gIuv_ zWwOoh_<`cK6>DwMU&6$cO>%eR-YEq#QX~h8_*#Q+<$tR`ph5saNRTTM^i>i7tyOs4 zFRr`(+_T@!t+(IuZ#@%VUa%lmS6BDN^5+(h(NtfHi;L&R|89WNueVMHA0(!AVhMqP z@;QFbS$yt>zp!lkR;COe$?5y=!@<+1BSfA|v5opff@|)5hDpPknKHVC^RN07v6=** zKJ`%QlPU5+h=Zc4DQd@gEecTO09c){l(wW81Fa)Kg($y(?(BxnZe#XQC=in_ zAKq^^^FDA6-#+|U#x{<^*REmX3kZckMA8IUX$)}?nusEbK9uf4hykSIn++xmt5s?c zQqYs@<+hb;ARc4($l;_s&yEf%LJ=Vyk8G|TU*#>N723_KKu8LHhV}h@Jh6E@AKPm- z3AYhXNKCSAWH?xg_LI;H~LqMU*huh4GOARS6Mp1>FcH5(j zuS@aM;|`@R7N-zJNHi`kp*B+oo!L$FSbleD$c$0UOxA? zXE|{6aOS=L46ZxzbdH|5Cw1`_eBlvlBWzNFlRY<1eQF3fKhKF%$MF8SGm$}Hy~(Qz zo3~>WG)NCzS01BerCXme%8^x56XjZ@j5=7NQBbz=t#(3;qQIbIN|x7RO`@4d`G(QW>q|+$Mp9av2?Mky?bYy; zhv%_r{TAMH_*{n7))J@?M}t(FhM45RjXT)T(QkM@x-=nPO1M>(-9s5e#w|u9{D>$D zAy+`>3)NX41OZxw6uWv1zsFufh8Urre|PW)*t&JA?Cb3tQhs-yOLI*M*Nai&jtT}R zT-C{~R;ApiN-x1S=1OZz2wCl%jvom|Hw|HriLLzZv1jn4L*DnPOT@_gz0@QV-2U7O z?s@VREYH;b}*3#PkUi3xVy-MO28khGeUSsO;COtyhBoh1T}VAgBiP z7uM?6{AXGKiX|I1+g6XLCJ2;U2yYq*c+J|>?<4^KitG5}j|Jd2zxp-jzUSS4dhXfh z?lz^e0@p#$nPxn@XO4j}LviYAjanZXBF9wl+qw`huAz9~G;X7Zow*FsGQ(4;8ft24 z`12zV@%uY&g_>FeVTKV*XhF=FfXHN_y$d>fAfHD@inP?6I%_JAeeiUCe&PvC8#0;D zNfIeV5M;^wU1Wnk!$g;c-R>Y!I;0qOvvSJ{zVP$kGy5Z#a@seq;??yl!0|29RidOI zB?QlJ+sux>JaNxq-{Fl&;eZfCj=ZCme>55E7Nia9SAFy~e1*=7Iq_1~$>2*+enSlv%wcU5;Yd&hKA+k)!@}57}bC zBkwznpPzgRbB4~ub<;%3Fn*;ntrD~>SD8_yNX6@k$Lffpkgpyzi&-N_g0GA?cX){k- zw_)v|r~S@%zGITzgAUx0PN&R|7kv5_Eahvz`3th#H>FI}RMIG$l~pCH4=E85>7ZPp zSGbL)(h5`&6)B{U2pQS8?oy1hW!?Zt!z)qBm=mc&HA%pVu1J*j2~+_gH9~u6sc>bS z`uGSt@>xkhq?Ok#{hzA7Z`ooR@H~&5nQne`*WHX6J%V%gpNZ0?6yHb<2a)7=iy6>DZ|l*WSO%A`n85&YD1^BMs#dzsiW12to)U%om`i;?{S_K?nBzr<{>peLW16 zCKmvah!JxgJZX~r(mgjwk47sqVWD({AS@?!XhW9N(yBdIDIl8Mw?t0XXdM8O&mVgX z_q_NLI|uskM2td|1sSq(YX@Jr;U2zx{_(uDdIR@8{sPAyychp-`e9`KB9Tx?9ip^j z*HkG+YXru*P&wutj6_w7P*>`IB{U(LP((yRp=4x)t+Yf6Np~j8OKUrAK_{!&MpdZ7 z-zx}8qGD3oNh7t}cECFc!2eIzLl6Cp_rL$Vv4@x$#4}+<# z=pprxN}&?5N|h!M-ihw&fkGaEW@1AlAKPa(cfa>E{&f1W?A3#+Z+sOv~7K{uSD7Nv7dmrZbFI~g$ZhwTWJ34vv*;hIL+dpSR+h&Aoq%4I39Lb{_ zw?Y`u6i+a-WvH3Mm8B4(EV0TV2nzJ)+VEAbOmfkBfLFI~=Yb8I`O3j_2}7TbferL! zw=t0Kq!0`cYFimeX|rij`A`ySxh7nX48VSDqy`R8!>=soat9ZDE> zce%=~%H&H@%)%-GHl&84v>+xOetFV?%pTSR1)Kd#tcSo`#{Mf)3)Nq?0>PDtraH=M zHFkjxnsg{bs2VY)6=8z9=pX1OU(9|5;Mil29rVn5?X@S*KKuN&&CNspQVQ2}4lwVY z$GH6FzmSS~WujpuLxeKmyHwRv3#BT@F(f=HZG&nSwbsh;I&=xjx7$EPMA|PWb*0r& zB7!O%86-(nGovM86bx>Ipx6fA?SMZSUgDBll+f@S!NJi7d~h z&WrKrrp+wb(giX1HMg&-Nl}%gX@t_G^9H2|L*KZ4?gFFeAb==B`9Abj5P+|K^Xt?9 z6VAtDk2#SguP(~<^>kO3suncWCXkM6D`(H_BZ=YgyEYsO2ZcA-#=(v!M^$63gGivd zTtt)g^PIBxzSN`=Tye*JbY}*Lq70jMcJuLH-p0rwwJhDRm7m`92uB^fC)a)C6!Jx* z3MsW9k`+Y36yu`uWhX$e)xNT*K-qSJ(%iolQnTV;T1%8rc%H+`EuC!d=mh7r(Ab-= z1N3Wu!HTN=x1a(4wH$yW4?T>14nC;<(Z4GN0b|}^=X(j2}TTsiNlQRS-J*N zC51mrMD|=*yplbKj^dXe{VeUF&qLeS(&(m;j>pg;%`8~6f=~YN`-Gu1(yj`aI2t{w z8L}DhePk@bq2tGL+SG|0Ii{82wPrrLuUH_ZvN*bk&j6k$XxrJx=FT2;q^L@w)ALHyu(`dPKR)>a-#lj|QY8?sBwNhz(zfm32!__z zF|syEB#hcsNq0bL(?gR|5JpA%2X>N7*5OGHt@2#@bbbfpqY zS7(W0mtME9_N4;HljMsbSHHA~(G zd!Jx!S1-7(d5!<9#aT5HteeuXwaP7Qw~Q+RDnh$1%o-0bE(6dTHf%ijgcDA<=fMXb zJgxetUwLIA0Gl>#x^TpZ5$|nlYg4F5vc8QU{q}aIjTy`P4>^jg&LNaZj$~<&PDsPz z7P6u*p*4Xn5O->;w2?$v_{UcTV$=+3Whku(q5?4|Wm)`KX=s}?=pruhvV5$$*Dj&X zR_0oCW&ZxnR7!(60N^?iFt9J*tm_I`8*fxKb!tS5f@{Sp={Gn>XMpYsdpv^tWG7vI?NR9(Uigdh@LeNhkj2M}!;X8-#%g673 zf`Pyy9n}rde>e%y2o<4gQxK0E>uC8pL8x?s1rZEwg0aJ4Q=0&x=RGp-RDh||r?6_p z>hiB#c;STzAqFN-oYd4IWp|{Mrr-s=0SK^XZ~v)xo?LJFe4 zGj6SSL-E>%D|S)q zY|4Zn1wjy@`ZESC+_glEl#$8qDnsmg_Ut{x`~~y>t-=56U;jGa|Ni&+(wDyS^`BgO z^~vS)QM!1kGzU%?MZFi1RXs>YA(d-j|Dc<`KqIAxBN8OyHN=D|h#alZ(pZW~?HDM& zO0UE0wF(O4qVc1Ev-aPQ%^y6UZ~o;kEZ(@uNbW`vTERu<9mnTSJO~wOqR{sEwSz+7 z3d7hh`Jf1~Ys*~^(j6(|Yoa90UePfS+9nkUTvyUrDDc3d)ev*|XL*7QN={4mTvFmV z&VO_){jW*@_TGD6UVeE#vuBTUf*=TATrj^fv(r=udryI(%`m0aLZBGI9$gVC5ki1; z(Jw9Ml!FgpzZtU$f+AWwq!LML>eAfy^y9qmic9fxIYc6jZmK~{98NNoU_wJ3@0&H9 zv!_p?wV{ce?^93#QV9~mcweI+PzBNnmuHqN=fhY1o}L|DP?ti)Vrb!k_F28Yoo}wV znQQNTlJ1^(afE?#Lpw?(0U;fu zo+pi(phhF5Ll_18VaZCqe83(g9f#h?K%GYHrzDOeOTJiDm44MCFO6(TNyd-(?V_c8 zeC{-+G}qH#2yG|AR0Ptp?4wB7{x7c)i!qgjB;yBsb>8zNT$jJS_c)|*$QA>X&e7Gk zoyK%4u8bifg)8iae}gq+Bty+>@T5yB(M(^i4UOQCQA0U<`UHNzXa#x@YyBTR4}`6b zl!2XVQ^=h?C@IUdyVuPdLeP^(A=FPY^yI0Nx2;;Sy0!Y}e)-E^0`SA1{IKVz z*ZlOHCm(<6wn#;qp1j!b=u>?APk-h&U-&$Z)b{W*-U)*OsT~iM(jn3T3Li(r?D!tm zG)kaUNErFJRppWpk{~J&slcv1Rj&3GKvb*}ZPDd9ZmlCCdw zI@yxF|DLIFDaEaw1`&1d)jcb<_oH7UOT{qOVb?|gUcH!uCh z7s_OgL=xxxV{nHx^7TbaNGw^27J`xK1TpC_ES+RRLmeY)Qq;#hT2gV+g)TfNj_0P0 zop>yPv;yB6*Cuz>9D>s7HZ3Qlz|(?D&pMS!qvL$_xA)WA-^tuPr|^~2j^e;6qv*~Q z3?~Q=v};v(BSMTCsM<|VURnyJ=M+`2TB#*aDqu=tVvaJ2Z!+fc#HvlSZSO=R5`zS$ z{wdI37#cCT|B~y!Dgk);<@ua+^68_VeRkpEb?erZ*Mc6_2zyL1(!S$|7>B4(p;HNT z!mCX9D9~{i)@){2HsA|qegJ_c9Z!<1sbOR1PQH2LulU*RHyff*a|7|Q!KpuS})wl#im4 z>}@IF%JNcQ(a}fTg%c-^p~v^jqlRc<$X?|{fbzjDEYZhtAm(~ymUqUFcy9Z4-ZN_| zqiPala$$LPSZYmVbpssbAgm(WVAj3axJlP#VS5KRtys^|6Gn6Pv~lzmL&7LP3W?)r zieaAa+%}q0BXLEnYOHMcCwfVV(2W0>L%z;!B%__li~y7hiJ~H|TT>R9Dz%@2sE8&)3a?BxD)Gr8RV3ynUsF(5 zPgIt)FLrGc30nfD;z@ot?`e9wy7|#ZPe!Q-jcat@5hx|una}g=hV39-A{kOe_1{g- zRu+P%E*qL^RB3$QM|Sp=>0PN*>iyHFPW#K|&6{fgXz$f@^%)s2M~dakm-m0`+n4jL zZ(jCqIU_Tf96<70mwoFtU`VO>iS0Xu51n}=`?NL_SCH^r9D5&gQAmF=q$^+G`EC8= zLq(t>Tmk8LjA4lw!)p_auWw{zZ4*P%^~BsHN;`mSCA=-~$Y2CG7%dV7Z13I9ku%3} z_az@-M|VH7#*Dy~&^eH|($x|zLxeWkB+7Q~Rr##kUGH6%l_kp@8bMj3L<>=_{zcjE z0X#==_wy^ttsY}$@K&jCuQx8NOUmK^#N%;NsT6tJ9(pGM_y?}x!-jL_xo4#xy8poi z8#ZicECY6}!(i%I1DlR%DUV?(38a%%>Ru5@2azkH7cAwH4}XC<)25KkWm&s@2iM>7 zJMMjS9-DXWfFTVuO&`a}drjly=~LLVWh5i(8gQI6N<%>@<25ZTb6RQJbB-*GUSR$9 zZoc`4yC?)9B9*j|ltxRhN*T@u!9>E2lo{g~sg=>OmI@+CU0ssX58W5(Bv4U^2DS}k z@uLVY<}s$OhA`CS-mF9#wKFYoO7@sqqfo>hho`r0=hz9OtscI#dIUyJRa*SOhzLhG z!bt8W9Z5~nqdOn4c*8c7)(mf~WmQ)%QyUu@QIo(;#%W0l0$-7jLLxszXwzx~h0x}C zq*iDl4H;1=YT|KjU$&lAz5RS_&QvDU*V3O4i3B)OR0wLq!4GqEWw+6s9)T-UgZv08 z@V^y0viH91=Z-)~XiN^L!{0(NRJ7Km_{=`Dx%i=HAt5ax&A54iQ_%>1OKe_4PBI$# z5xOyLA?Pv<@C_0Md*4S5g)JTEOcsP{>FwygL~DJX5F)7lmD5f+m0$n%`t37k&bl?0 zh+S697a$RbbdpC`FJ;b(2^>6qI{9L*Y~fn!-wI(8BS#6O@bIGn6tyN83XsZ-grdQZ z3Z&wV<~`Y9DYPJr0zA(qb~>VDVxhId5A(!aE2wXE1C#(?6-nAjkCLLLDECjbA%Y3} zZ|pLoFEpO(u%WY)YaaX?2hN?w0h7m4@KssfS1C=>jWci4cGmaw8BK;V>rlT=$3~!~ zCRNlV15G51&R3K#qIw6+=Yhk*g$sAgo;mC2Lk>CkuZ2R<%ST~-Hdcf0`=YtIiI$cY z=ie3l&ph*Nap#@4>#^g;zOrfKrfDVxSHhh&k#BtZJkHy18VM06=B1I+BZ!J96`+WS zbYudyj!+tMVZ?wRk@F)q_4cu`x4;vd){u>Sn&WZy89AJNh7D(YQ$3E8CQ=EMbZ~`> zvZ83lB0%GZ1LXYzP3bg4YSV;aL@`v>O51+^w$zWx$*@Ty)NX@ql_7PN^mT>ksBKHn zj5{L)N^4w4u)QzGGt1UN+$~QVY5f+>e{_jBT-Dzy$p@>@CKV8m#i^^QW#`VF?<4?k z_xj$qzRM-w`UY+7ZQOR#t(lI_j`EC>7%>z*b39^VE4sDG%#>A|n>kLoiqKjZ{r5H7 zsfncsP<-|mKj!(xOIWdP1$hVb$Pvsv;#fYo&rD93G=bqYjYyfY@DzkmgwPJkafoRw zsm=DZg<+aTDkAO(uDbaFHgD@NNl0ma+Ht68n2SMButwUZY>09l6FBf7JHRK-J&gk< z&mS>I{s7=K1gMdOIKxre!QMySnB!5`A63>-xy&f3iP$2=$&ED3M77&kV`nAaYU!MNeDbRAl2c6N50Ro~RO zH}FFBuibOsy#RD~cX?4@#|>SFgnP7#~3g9?5kW+x4TxKMN@*8|>o^p{ z0+A*5DXmdbp&}FTgQ!Svp}j2s97O>_Y6@X5#es|wAF}Fw25^$}`CZ7sK8I}=xj+~e zQHjvBw`>w9aEOSI$^kbrme0!cmbFF2gkvUK;!cw9-SG$XKp!7G`c#r}hoY|xj$vlh z2%?aimaVhsl_*VyR{3r0nzET6NajN;b?XplAJyH5Fr#R?b@WIvWy-|FpKko~GavcL zhsN}D_tMqVEnTH46bjVWH!x(#klerPti1Ei+x1yzowMeSJ8qkVKntw|yVj^MAc%Z|s6Y@ENr@r}Cxm3kq=u0QM<7u27a|t6_we-Q zc7C^b87;8{M~xrF5o3olwziq9h~df5Cfl-1 z4%Sq}xn56+au9A-l>{iQj9RHSek4(qw!iC0o>{qpj-I~qsIDGl;`4S;fYR8Ju1HAR z`DHKWku+01?<4?k_v#zyOTPcS^T+(<)>~J0baq(kDS}}w=)ESx_>t&g4JPZdH`9zC zg^=^n^^Ot8QJ|s#w(TSnhJ5LF*BaQpxrv4YXL97M$y_jJDo2eSPra<8AYzpa&(5qX zt%wNFen3HoWg{Hnnvpn9B&kUx`0Fccx#!tej7+d2%dUH_Fidw7+yssd6k3_U6k3u} zXvJ^H!>~3(yN=dqDTukS zw7Z9CLz);`pT_q?T-Pk&qHo;c2Kw{t=;&tY$_=dAu#MF#H?eBv1_~X0P_S%PX#!PX zVcH(0=m{fMM9R1-CR~WeNDOag#;gfUoic{GGbXV2tjP>%sG&Ay^a!FTo7eQnO|>koMJjCX=w-&JDX%5cDUFcYa#bZ- z3JN~tLxnE(Q0o;5DWH|{r*Nf%mJo#ngosd9Mp-&Blu0v@N}9QQgf)WFxCpe;WiqJ> zLK~npnPMMtH-#f(NNq%}9Gd_UnJq4)(G}1_nh{c^NyTHlv|%m3o%aNLPM^dP(5OE;MU zMwR5njiv(vTsKDCOB-$@M*PUQIOZt$IfAf=)**2ZjvhCR6DAHPQ-o*R+IVdJR&HCh zfpK*;95Hq{bA~n3l&U4^qzF{OR>rPTUbIQQDWI(jp_WzXOlj;-50a$*I~%QPGQgTS zA&kG90Hq_NP#D6ai`Nq{ zu&tw;TrN+L_o;12Gkg3PZh86@(@%CyhUf}K%yICvG5zt-HijCp8|9e8I6@eY5dp=Z z$ngj5#qTfrI6~B*bY$&(H7G^iFM?9E)WnE64!JPIQHl_ZAP@?q!t*>lN76HprK79B z@@<{8CgME$>Poh4>tyrR?X+)dr(X`AKj=gYx~{| zx51AJ^k&-(G0<`X$~@fN>DQNYc7<>pY7$NK6*}mP6z>`{f-%jFZ0;Q}B2prxA`tQq z5`(mcR2;hA=rF0)+Lb2gxGrM)SoF)w0rboB=b!tfFMRQ5KfdPbr+0mXhQ``NS9iA& zt5KSK(I?Z{O%N1;0LR+x3Jb%Ro>vO!$PDnQpZ%8hY%d8JqcQ1`PNngZF15)diFk~L zgvXHjI?{<4$(TodB97}>yWyBiGU?(72Uj|VaOr^KNE~T|SE49F3yq2(LV?OrC}t4C zK{_!U$HmiWgyWRQ6Qs3gHU2@;$N@)+AKY;-K_TzJYMgh3tk@doq0RAf~_b$QfNm6RMycG*Zg5yO*^ za+1`5mTA?P=G3h#HdUF)UjAhq|@nl5`edIop8bleDfQohn9$Yiz6jwhhborrsD{vkAv~8 zh>0VhrQWn?OFejW*=K7GKxoH1=WBkP)Rg-fUexk#Zz zgrg)!N2f_SfB0g@9mFJBv28v*_VxxUJzXnnw-c=+lni!|ywh>0^eG?avwk7mQxFBTX;f zjIJvS?Hk^L<+J05S$eZ=G}W~tl!X+nliX|Hi7uOkpdpp0C+qhSL`Bk`;Mj4axqjiY zav!@=9lnk6z(EEo!XyACfdKJFzf(b-@FVnyW*FKCJ9~sibNd~)-3hc@bkRjzd+oL5 zU)^KYtSeWqTze*{afBgJt^l4xzEGefb*r@5@Y>Er83P>6D{I#=Z~Z!o$t0)&ll*B7 zg@_^bX2!>mWSr*O8tURP>XJzs zYEvXUhvvE(8d7m;V=v5Du;G=|(PZ5_io~kv5K|)udHzAIU^URvHJo@5`%$+@h zQ}&udwh$mJ`PCPinwZCf>$kC_tphx_WV&DowKCX!^)CcEQV3s}c9|ALI>gTyeSZxk z5^-kFoSB-xV8MS(@CUg3vTp&fWZ|L@=d<}liSu;m`%mQa=N*fP>PRK(jnuNPs-{bD zyNGOita{2vTkR@AM1-RRS~$2~f>#c8OoSMMYMZ}MtwZRNoSALPt4 z&%EQFd+#~f_rq9;!l%ACu0_F5rfXz!DKLv?j11S`bFX%TzK$)eD#pS z8Il@;9~t6{ud5+Zjg~ozD$DW>o4E1Om$>8kC3J1w3fnu;-C5`!u!Ozp#bZ{2dVVRS zTu9gB3~wYgriDbp!OtO)f$V+MuP!cOQI~U;p8L^4mL5z5USE0huBtU%ir1N?BKRP_)w|;|V5Bo-A5N zwdRHoAO5S_+S-S%yY9M20MEQ0Vfh7>_i^?)=hU<`HGgR1=FQ((zjkeM{l;|!LBt@| zj)I`Om$vR+{=9fCcU*rrU;6q-_~-{u!bOnJ7x92d2jw|n$B||{4T-j7MJ)wdI~2oS zy8EHIZZtxbByV0DY0GDy(nu+AiBS`4q^Gb0l;Gg8!}!aJRpf%G0{siUd)WBRoDEgW zL&RffDa-xA-R4-L`WBcmDwHxl7CUQhWzYjKRer=N{aA%N;ub zBUk4~kjq1Tieea1n$VXzLgAR?vvfP8%QNdYP#jv1tgk^uMmvHiBIU-p@BPQn=p`ul z0UC!*U0p11?_@=LH!IruSk>9XKqd#-9Q5@DeGejxz*WZf8X?h2q8-g0&%eMxp~#m`ImlG6$`EhS3WpFs za`?@{74}Njjp+S?Zd0DEa2T|oiX$eH{Nv7z4zXCW)v!2 zCULhk!Jd<#br@pIP_*Yk6jlyQX_=o&R0T78V|^c2Yi5od%C`?ch*PHQMOHcZVPF@F zgOq0JNU7+~ck$HXh1@)EKKDKIGHl%mJ$;Cdf%0fvH5*h2i7N%T0_BH9g(4J+sO~KO zmhE)E45@L$b<2!#!fQwYk+C1AN^eDIv_0$!L4@z;87TJRiUu=xD-BepG)Up$s(^-A z%#g8U6>nBTOgb!S@8*BzJ;joFufmG;h&5ZPgP7Gl6L_viJQgF9%`Qo#l5+awsbboU zY0GcA>E?3)^2Gv6mM&q*(uz&#*S_{OuDId~UzOBks)Rx9zjXsYwqNDzLm&FkuU~lK zg@aeDSfS&|#JIrs(<)Mc(D@ym;=7-{lDq!&S1!KnBOI{*9HgreMPbt&Gs|BhHcD$U zQ##N!9>rjQp3Dv!(j!cV+M0hApo|zE}H|noyt>d> zy{1!XnayQ2DiU<`Lu(721ASzpqDh>rbaGj#P(kEJEZ(*aJP#E{NbR9?2!6;VN9@gn z+FH7b1yTtk;4)|IF!q};f|%pd9|aVA#r8~rWgT6t=^9{lPahk4`smN(DHcO=VTjhy z;(3g%t)a$|G`I;+KE~`3U^cx=a#*SWgQ#o~?I7s) zi_n`b_jHvX^qqV5*&Dxd@mKlbmH!zCz#envvUt&}OrJ9KmHDr{Y&zR9j}ty|28T=? zPtqL%QHYQVr(}H$yLH_xnfp{<=ChBiny6#YBXqgnuC3gzD`K?NjVGJ$W+2x|NRdEj z{3s+2yl3VZ&Y3ZeXSeL&cS~1u^RjguKWQ|Fj2X$$M9k>+D_vzuq$??iO~CD}l1-|$ zwGS7AOrxqToke-R31TsiMXNXP{EAJuo@UN-&U#z@fY%ln8iDY`GAPj2zH{N{ zF8X}-^Iy2=odjTa*A+kb9$)*POL+B_1srhTA)or|0}p?ytE+2f>C@Hm1dJNOhy!M^ zV@N$T)fgtd3U?{9s{DPW^u0z5<$ZH!asJFXwA3__2{ho_1JN*Bwe|@00JlB; zG{3t0VHPY{0bAOQzIQG+sLKNg*Yg-QbQrl@?zaP(OvkXMCgIg2Y1`J8k0;_^lTsvx zv<%A+^bb53^W0hyaZKCei>aGEN)MURYKC1bvC!2H0Sd=4V^xW`!!K@mkjbNlbHJ>< zNy=JO2{{njm}5vmQ_6@2x#c-}hg=l$tCtq@i}}kKSi1$bb->y!r5CP1%Va7kh7M`j zvT5_?-?z37kIk90*T6mZ-1EIcF3+or7V_$%g`9TUY2u!H?%C~*xZ;W{UjKgX=HI^i z-S6_7-~5IfZn)v&rN2AshC`)*GJ-JV!11k|Gi@CGzNRKV#8^Q)5n&io^aB(D4&X@5 z_!^IC^{seQJn||c>xc9deKz+Eur*s?V{euXJ$8-HmMC(#E!)9wrVOYNUMaL0c0`^6N+Lq`R-1j~;g>#$QPi+LoA|{^qXLn;3`! z%9`Kh_+~3wZ4)ysEB{_7O?~Kczdv6n!a$}J81&59v(t+fE&7iM{s4;?y~^JE?050} z1uvPYO<>4DbNK8zN8^YZq>R~sY4%RpH)A*Lv62n5*hO+r3&$emdQjzEBHWf$N28FM zL<2FIpfk7GxG~!M(^Cv_5gasn1P6^7&a(Dy9@(&!E1!Lt(RH;PIc@}Vhqd4d#XzWR za#|YUvzj7hUyn-ct+*2F!L1F;8;YbsTWeg0|D87Mc>V22FkZk*Qa3eSdKaQa4viQ$vnNi zlkYzHEZIyRJc)2)gWFarFoU~c1fF8Q(PR10+}WHoc^b_%jY#c~@h#krBt+wsJ>wNR z^qIeU9SiP$8alcVK~!cB+u$$8Pnbx|b3eXi+t#I1r%o?E`sm*l2_d4b?QPI*UdFhI zRK!!mz3Rh?tb@7|8O)N1o%^tvgV?ImFgZ^zsd5^8A=F zV`L_iIm>aJ9furxP{*blH?Q5eaSIzaZlSiemWwaGm~VXJ8vwjs@P9j3=`jJm^PS7N z^wP_C@WK0U18)1$SH3*->Z`9DHFVgR|J}M}+kRR_S_Of)_vXLx)T1wP$T>%I(P!Vs z?9oHW=JOP74_he*fkIiSVRM7b!8VZZB<0kAmn7-9xH3Yi3_CM@ENt7(s_sr!b@b6z z2vjanUNYZiyvL0tLew(Hr83{v1&lHof@L^9KWi5`YIDdhp{yh>uAGI-5gx z_0f^(Ctt{usHq1XmPf0E(nwd*lN%rx1$b_ZKm};wP?w1F#eGa39-&Fc8i+Xw6J(Wf z4pd4J=sYS42_m0jYjd9cC_=z z`i*q^K3Y1o4P;oiqm609M-mVq5O|);ww`W&^5DZ9Hg`I6#}6Z~!V;!K67A;!zA9HX|ojO&lTD3~A zT(RtmatFGhmXCk(3??+zp+w4R_9=^0>Ni}*yA4!TDx16hd-WenpQqLu&x=!^8b)_! zYZcMZ$OLD7b3dmv*E6}Po*uuzt2?^6aq%ktB-ZernUgqt)Clq_Am=M%G^S0zJ`#4y z%Q5{UZ9Px47K2H&RNN=Ejz}e9ytHmB55KY&ClRljxDmUwaNpwgE=h%yTcGx3*hwkD z+n+D^esD!YYy@(xjVG_`Wtd zsL*&$XcluMh)F?5S1*20M7y?lr!wjyG>opVB^8U)k;}8Nql5R|{RpeOdqKFcemi>g zMr1aJ0-a1Gg)3thc6WE*32@_$H*?%^$MEpOj{q<*Ffb@k|NnJedTB)<<)SZqiOVm) zY$vdDU|{q908Py;y1T0b5W2UcU;OodZ|C91UgU$HJ&(_xdIT*EH4NnQ$dXUEHm+re z$d2xroIbDmsaGM3+PCt=rY+pJW)lnBJCLqRjq5P7F3#k-1}2XhY2=d;Z0pZ**;6m$ z;1W4b6~t%x0B^YipsKkQCeXW1S!&sgsw#t2HP^u6_0XS1?=ux*Npu*1)aDS3BqEl8 zkwek_8$oMYT84aQ^r+Df&7VJi0l?=zcM(De4nFW8o_+o~^Wrz|Aehj~j{Y8+>za_- zCz1|Qo5qSOB<ZaJ zOHmkzIWALN`PZ9K{r#MK=v-=J4mqoNptQz~AmzsR>*`hP?9Ui9`{L0HP_tzpLB4qTD3~gm@(sp<;#}?jzDT!4%w6U9=bOfKcqe# zLmRm=9KD;U{g3e8s<=z0SXY*8XXK!hUOfq~o4lV#N~g+S!jN~P2&9f^@DjXh+(=HC zG>WIUbnx>9EBNE0ReW~8SP#^)Ko# z{N(3{KJvE*R(ExER>r)&7|ygY9B}+0eE*|ovd_3yIx{(>j1%H8sv*u#k9`-H9GYY6 zK!%P&k*psuDqYX;bR&}*n{nK@F}*2hN{P{1wy#M|Oh!tY9l%}WP;s}ke&4i=Wf-q9l*Vf=UG3%3V`rRc! z6e$^9Q%hYW;Lu}lJ-r8A~FLhk!SL-*f{ngmf@)-}~P8xa5*c=6NapYKnhh>JIqCj4gDEjS-y@(x3rTj6se6TICRW#zOesHCe$}GrlE!UWF3fD zc>@Q<0s8&zM3Lmq)th*=eJA-KvcQXc>*vFu!c&*YlDLkAogEW0r4eFM(t*|{#QJUM zCtgL&oB$(R%8Ggjlf*Kr1=eo`Kca0%8;N*g7O()|r$4=xLk>PfJoD@`!t-J}2m(z< zk5JpYS-5QzdyF1SUe*ER=9#Z0X*?4Uas^l!@awYSws)sw5l}A*72#M6X}u_e^;ZQ zP!pq2^zcd}tipiYMqWcB{)t8Dt|UAoD{Y9$F*ive$XbU;Sxy4V#hlr$!tQ?o=zkZjBIUX{n~Z!Bme+k`N|jh;SaCo)Dur1 z{_~&z>My{NU0t2#mT1s*DOwKOi%(r}1|K|fU(#`pj{YpkL>+0Tflx>s9Z}RUG~K}H zTB~R#je=C96$Kp<`uQ?6sI6>(Lf|OZazw2?szJtxbV$sTBxMRn@$q+`#M6Jglb|Og zhywQ9`+$$^x8MG+{`_Y@c}wFQci(+C7hQDG0r%W>*E1V7ZPI{Dji{&f@F@sSaQy5x zYFx$d=eH0l$L7WkLJE}7Oq(#8WUR&tcG#>}3;UWCW9#Y}(U9WR?Hy+Er(&>eCv4q` zUbEFI38F@i9wRqz-gJ==q8$AH)2>S{xupF4^Uptj_ORijPH-Ik!1it1OqB2FX5fV- zT-BH3_9y3a#<2%-{t0$pck%!o_?4z+61UTfr=oNLbMJ?Z`cZ;9Vu@Be*e`ke1)s7`616d`;4ACb*k*? z>A895&YkZOK)7xT_s(C)*?aAWBvx*b8sQ)l5LBs;s}x^9cu&UG*3n-qfV9HU+CvD5 z)VfT^Dr+rBY5L2mBrq zB;=U!tsK-koaeW;asS#aAmE6xBbYm^kx)te$V{^6YU7Bi$qu0%D}(M3g%LMDyO?a? z8!@Zu#IQ;s@a-i8rHv#ja^XQ(B8}=~A}J<~8Rz_`Cjjza@g)20x4-z|53lC3%Pu|o zp+_EAykyCeBcsTs{sQ#4ksSZ2^SJxki}~bn2b&Q&6=P(>IGWSLNhDI#$Kxauangwd zo{Uk@ih&@cFYw9vMe>1f#d7Q$vkR`&`>XJ*m1UMjxUNfE?+(tm?E9Sa{cm&Soqr+L zkYMNmbIY%N)24Nw{Of&py(O!-x;o<%@`peC>CBB=Haj4MoAMa3|5&mJ4jkXf9>cRt zXelsfR4)UeQOHt2G4vVMRL?=PX5fjWB{-Q%tYmJXwV*a0W1rSmBR%Q4(4T>Ay|830 zckYEY3!s1y;(u%NXG zT*|VF(q1j021La8hC0(;(&Fup2vyAn>rw?Or3s+wHQuIBmxg4byd}k^9q__(bZ4)T z1r`PlW!#AJkE~n2o@=i7@!?lp^TTRrSjA%QuWD=3rdib9$&*jN!b=<00 zGsa{_Kus-&9lkfi>T8h^;J6mODIM|38chuj;?*$zu48t8uLZDc;IAn5iCsQ=Va<3z zTLn>LoTe?u#;NQvZ7j{DP#ijT1RvjP3dc_v#r^9xbNMri*q+Hzn{aR}fm(}_Re9B8 z3X^b1saW6M!=nq=7*|xaE000H>3uAA{cK8pBT|-)v(Va9{}zsrj_jW{W5%lg^z-&# zf&jeq(u?}Q0}tMO`Q_gkJ?N89In?aCFJJh~*?i`tLy3xtq8~7%ww3;Dz;i3t(caz7 z&i*U~zrfgG!>ILQ3~z2?SaUt~skF@?tqiJ7#GLXZxM6}jLZP%{p$1#2NS7E9^OmmQ zv6~+zSi70qUB?`@O*Q40xU;>3<{`~*DN*Y0&(PRdcXT#8@D;6$Iz{uW5m29GN>hfT zr}dMI1Th?rnw;bL9We@inxv!1XA8XV_@f!sGKw&=D2Fz|s6-xftYg-x6UOkHmzN^^ z0KKIHmaVbYrA8Ao2!e^vJ^R#pfNQR~`oAIp=iR!tl~YPgF0#S33qI23># zJE10y8b6--4?fKkvnKNKxzj0x5rOgvwW+361fhtKXtIS4LS3Y#c04+=E_bECtc(S* z79p;*8YdGwuZ|#QCraLG*;IxkOLORUVM=R>TQWfrRkPOdI5Z?7o2iVP3}oPi zr7&$QOdJhLp=%S!;X_f|cLM0EfBw@a0CDVbC-Aq2A7tFv(QMqb*;BwK zIMtP5H9R~RDmF$*wTVVDg&k)9BCT_vWX|{zytH^Vw>|$nm!ESM&#hU<(hXa<{3FLx zpG?!2$=d9~Of)1t$uC~rNN;};5=K;}G!;-ftOb_rXJwBm6k(fnXN(H4W;#!)gX zDe4Kq_=Xz3dC*+uw{`H#1xuMddzma}z+pe7Gnh(t&T#-%Yh2;d<^<>GFT4>1oWh0>qe(~hK2D4>NT;WTp3v#)adQ_qvl7ub8! zWIph&gSqhJ<2Yu{EXIr&LRWte#bQt~jCdW`)o=T5jvF_@Fl&^Cb=#q*3t1FA z@bL5Wh5<#TQQAQ&V;rM|l@HPaAv_Aj9NAnqj&yd(=4};ZeeZ<@EJxJT40ig`|D>j& zeq(4_G}W6VVOPj{2@xQ#`X~6{%PfN0c8kC`UVgSH-IXjH?^aqh+-I^ zclMT#lBrXttv>wlBmeDcZs))MeE>Z7%=7H*?%ZeFjyBsBRJ6{S$ljAj8PAhQSV13Q zQN_>}NV?2a*A`VQ>2eA2)|a@}R#I3?OSveKaUs+JMSlRt@vO{+Nrpwq5mKqLT(2SX zmCkWdP7ccZQ3v!( z0N1giN4p>(uglrlC6h0$ar0@(N+MrE#stc6ue_Qn)q+F!n}QZ_z*x=5x>}TI!gZT*W6k)o zkpoA?adeS`XY9$B-}`Pn(TqkC35BCfzdF#qU3VG>k4Q_BuHX|>r@)%6uzIuUYnuJD zy{miY-Z$TN>o)$2uhULBo!{K>>qqz9f1i_wve-g+OvcP4y-OV|Bs1inv|JvD$T`92N$<28D3eI0)aC~z4Pr= z{?!}+v&W38pkScTNf;F>37H+!-F4|yw;`&Lqsr?t((aL?C=`8)QN%G5T6zDB3H0Y9 z9@?;lm0i6!NIYrA4ILry;x5wcrKmNI~vFU(Ry2i|J6av=&^(j91xhr{P!wwR0 zhitKr{!EVTJsm9DwwbM+JJ{Z}leJs7bMFf;^3!|n=I8f5!165{iL`oSMr+l4sDXTK zuSrN-MTd;3Z(zAf5o&!qt1Qzd4Fze>)bGO=#c;B_|HA} z-OXV~9>Hz5-1@hn!-q|DU00R@8p}44Q9choy@)UhEz{V_Gvn9;%CK{#kQBorL6k?9 z$B0BFKpCjW_|vP1#*}MBdz5}_KH;xlNBrGfLTC-C1R|9z=PgsGPP_K#qmM2L*lUr^ z!J@UWcs-)A&IUQyuztPPS|{u&-(7mlQ%*T+HYK*+#vLqQvWClUxsAA+v)h6XUbPWFpTY0yF|x)$GMQxfuwga-&OLC(S!dGL*2dVeW6!?!$JgA42rq7HYb&Qa z$DDgCpFHgl@_uA0Q6b6rUG!u(lk!VlSC| zcR4VYrkG0o+3J0_D+giMe^c6c0SGLLtDz7;Di-7LF~d1_Y%2r#kiV|mOrKxC5m1}( zcx>S+?wY@fR3c^&Et?SOx0uXVB*pCx*4mbcikNheQdaD}wW@OaRMgd`|0~Yee@P4A z{`>DY#FbSmUrfYfC&XegQ<{g0wf8^Gdp`eto?o$%bVBjvb53S>(-7`>>P7zdfk(LR zzK8kwUH7wc%NFKLp1?H8s5M-uuG z(}%?wQX9i_KDbEpY+X?Mm zJicT-9eo344%xBpVj7eVO@=O%Rf)vRq=VVGRn>XvAX3&vDkdG%zOS+o{>PJmH_j!r z(ncqsxxV~&jZF>Sym|9tM;>|P5klIPtQB(W4)mrrD`)Cx>B`x&XU+H$Kxe)$_~g>7 zJ^^sePp;^^-~%80Ga$(1Ve58&_4us_HETpR0a<4q=L z>&o1-5LPwr?|d-TT!0evE5NiMEX14i>J5)jg&+iV=>$`Tw}6I$fehn^*E4!}9ZD;d za4fk^lW-lL*wW6c?VSkeS}3~Y{AUlhl5T;r6Bzjbdh_N+Wb#IUsT2-3v>El!{(&-# z+cIn@`yPDIzXkqJ*BT%ByY9GC9Ch@&)TT|FZtLyqOIjRX#A{Q0@*5ZM)$d$L7%B?I zES@J2PK45e{z511{cGqL*hn$VTU11r1HIDLPD@JOY7d}1%BN+e*pe>!pr8KSc01~7 z-5a&o&A9z*rw4XT2!t?_--f8GP*M@;5KTyg#8(lXD>-0HGlz~E$-*7oWI{!@P~^J% zo;MRKQkYf+5*-C^V+69~+~QQB0j2|x^kNk>fY5M-3Vs=5*>j)0^g9W_E>}ZC1Kr)- z54myglb#c^1%amP(fOSD;Y+yw;iu^JJ2-0gbS^vZe7^mG_j2V0@8@Tq{R|hM^BxYF zF#{=~5EPB`xES2q*%i`KC2I)jP*8nz4s4+(*N$+CxSl{pF7KK(n?v4veED|wcK6Ua zeB|!|-t+GF4tl)%?!Wi%_v+4j&#k2e9&4&2){w-}l6@zp@!S|vct|OUIWDerQPM?v zNgCsVd?8DyLL@F)YX*w#B;6XMlQ0&?!XaDeAW#J}j3q!T!LSiS%gq(h z15!vFT$DDF*n3WB#Ssc21$#{#MSUWH621klWw{#r^{cB5iOW`ILYV1}GI^`o=}l?e z?kv(b$u--%26u(EhLsyFkH#kQ8#n#vzB})F?C9f<`_84Y#*QB|Ry{WF(Grv? zv~U@<=R|&ZmOoBT+%j>VPR)KPj2aCd3!IN*&IcMIbWhaItJF!Hn5glv72I4 z1R-!liT@qhX^d)!zQTRcy3zsHdY9y`RA>oF5M}A@-%2Dxi@rt{fvb-EdN+T5ZPG{; z2S93pR05$uO3$9_sx0W_`%o8?96h0xI@jZ_=a;f%QyWRoG3&%CYD($8WdxwSmQ__- zPibPVN6fX4S9(j4vI&4j2*LvnJn))#5`bN<-rio4=@hwv>@QR4kTqFDubp zixw`Unq0;Y_l)+x3o!>A$9^v*Qn=^|)Jwzw0J#A9`4v`Ppv#UA`1JJ?6Y zftIF*^7C(R-@*UI>#|F~$zzW_xpnmDv0q80)8-WE&%(|gZhHJB{7_-ywnE|903F z4SK?)i7b9~(Y%j+_2%Fk=6+9 z5a@_VMAXJT?pn2prQ6yOp5-%0U4C691DVnRt))XO>l5oM7=L)*H_o1e%271=B6Rf` zo{b}EX&I6NnD@}b|FU)doy)%sz_6ji_I7a>Z`izvvUou{$$sxYhF|~ra?XC&!RSJa zp|wMqJA5R24{v66a~+-|S>4mm-_~#Et~Hxj(B4fDDv~lJU)V<1z$Usg+sFp}C;<}J zCS`{EVeX^t$0Mu=ncYjmjL_=pP%0o$MS2Fd6H-KKugvQ(rb87c)7@9tmE@wjWmFpT z)WQk~+1Dt9V+4(~B^?5Rf_xa!Gmz(xkH2cW4+dlw*7M=*j`~xzo=TDi^~rbz`OuMJ z{ulhR3ZPOty8N5pe&9nNx!|1yVAm_3%~4lZM_*sxtt~@Z_8U2JWTk1hqm$dN`XeWP z`f_f5?s3vF2iK8AmOxT6Rx6GCm9(zQOwB41iPj(^X-EHz=XIbJFF(JSAAkRMy!T62 zaOA~T@VVdrmbfQ*-$%}XxK}RuuKV@>UJ7vh@yEZV_t(B-M_77{L}Q9V0JFy@@m!Fu z!1W@e7vaVN97iKv7e^=@VHn81%91PYBnW&`u?8cwqBX@ZLm}ux32iJ=waJcS5wx~8 zm!H3{x1ayZ*K^N3`zIBIi*yNo>+EIqn$0}Dd@adj!hS9`o|ndS?D!8_RqR69g~hIo zn2ib7Rh9bN&H+k&XlqubB5P13EQ~E)JAS1##680U0D>T(SS4mz0UF8eV@UwO$_o|lCmZXc4;0;G@vCXMDJ zUw#i4p0E!;xbt43&_yW72RDl%rCM3F)Z)6#K;WT5EtqXkQiu7VVUU92sk&>R4!M=PU<+MPKA3k!|v?gKL&qnjF= z#c8LV_DS?0L3!fw6o(ylWcaUK+u#1q_qg=3Z*ta|XH96|**-rE!n!h3`$}Kys;1sr{RcTed zBY)+I6{iD)0egtmK1Uj^jJE6BWdhpg*0HF z)B-0{K&{?F=JENg{M}t#ckwmsd)gOy^yTF+b3$bdEAXeDeDcY^dg!5tIQWpm{_cCa z=%R}T#S7uO$aDfB1+zyxL|WiD3gP;A@et{TI5CBABOJ%Ww;Bj}KTAH!l8n{i${0#% zv<}G@x{a5*c8#KzRHjh#GzDK(g&oEJ_3M+L{?yH-xlYlOf$ki)KKUx1&_ay+fcvQF=JFhYprL`-ecnn&ppd0fBW+pYqxFvQg@*b_MRy? za4vf4SdM%DiG2S9Cvm~ybLq--a@+jps7t$a^=IuYx0#O7Dnbi~f}g<;vj}P2105tX zDs?$cGgOGsPSt=Ld1wJCFTwhbogDbJOZn7wzo1YE$%TS7tJm`VKiV?=-1#to9bM(SK4t3U^)q zX*AW2C6%b5HId@1>ErmH17|V2xq;s;TEnLvdYao;ZKe=LAPV$nx6skEn!emNqA0?X zMrcP^E9J;~vYWLbDhf~Yq@`ObjSRK~t&!q(Bx!#LhmVmzT2RmWN^eb~BeMp^(or z@6pG{ed^Pnt9$mDr~dAHx%S#?O)pt`9ta%IA#{?o)H@7Gn_Ss(0z9{f<96e@8HD5G z$Rg4aWQrlVLSR{?f_N-#d<#UxKz=77k+Fp(0wM8a49Agt@u#=&*Wcb*x|te{_kTI~ zf8YZj;F@c$xpL&l;pVVb5%l)+$o!RTZtubIq~&m_K?FZdwTr4Rc(>C zVHdh98lY6!TmB6T4yC{nzyQ5=?YbZC`g33W(pQ)`aZLL_Z{M5=lP2ER)Z7dpmMmG! z)jzy);(ZHWI(y^xZNnJIX?il~Nh3+^Go7!TeI)()A~8pD#ruxqrw`rBvuidGYBS+1 zg+l8PDI|f))6u_y_WqT$^{k~Qvz1J-lcLI_bYN>giKAut(2t}dAw8a3y_y5Rd?{_6 zoxJdqYgqil@3H3UEBMuyKh4z1lUeZ60xtN)Z*ZhbAu13kza&b`Ba7G3*V)H0`%mSt zY2(QhO<&ch|0~*ZIc{FE9__jYnk|LwU0oaPNLnfvQZrCQxmJ%pmxrA_2+&eWUU=b! zi*CI8&S2}trC*vech5~ixB}3Lq@mW{efORJzpv>D6DHvMKJi3+;x#}1Q5#5wM(B79 z=1%3@51+lMSZN6xO7cW)Rmi6Em5g$+NOmpL&7}+83qakdmsx` zN%W+2`t}YOqLvaU(2f+x-geuqGvDm{`N35`I3$sXHG?r1DhNqK+98=Jc}7JzB0xA< zq|75xmV6b_lT&o{X06PnCJ0TxGE?Xz)CHsNr8N!?(ouv$anZGZ=Em>*+Ax|0%7i@L z_kTG7_~Re{2*5u3>~le>ZBAPkes6{cUs*{!=2pS`s(knuq)xx4uV0-sTCAJ_zkm*c zvf#%*cG=evD0CF={?SV4sI;#yohrw&l`B`i=Etx8@ej*^W6hd1ryg|hf$xsTGT5DXOHyiNq%d2o}Q+)BH zL&+2Z+sCzDVN&w9wcAlbx@+LCpo5N5H1`%Pbr5tELT4}dJ{m-Gb8~p&2`2^s zPd)W=F;d~)we>Zd0dd5kM`Zt1YkK|q^-P*LX{PJAFAHlDPCN!vM)Sc7PU5>CJdU_i zOUh|NsR(7#m#RRk%LNfYpaW0}*NIV^8p4p8F{Bc$C>og7+`{Mfox(Q{n$4a=n|Wx% zX1?&)e6D+CHSGgA60%69xQ))f4fGY;iGpH9^0p)%gd|hwW+2yQ$NZ`nv3`R9UtR6% z*GULoyFYhr3kU>SM7RhNagXaCdWpsBw^Ngh4T9|dVG57s1_`ARE;Odn<_xx`M@B?U znU~*R_Kx6P?>hR_cM^a%d42DD-veOg^jW;J@Z}%vx##}ri4!M2XQ`xG2!U$v;-x>{ z&*#qn90yd*ZK6VyN8nydOR8(sS zBC^>Gb+xt6?7i2%u{ZNx{6Zli?XFagq!9C{OL-s_N(m$}0__k*X;hR#Yh_5xO0lV< zz|OwD@@6W888XFA{3vf=S&SOHB1FnK7ysf`?zs9-h=D8u*T@E-j{|P}zup2k=9pu+ z_uhN|(Ad;$J}lpdo*o`wypA9r8fZ`mYx`Q3fQrdoKN zpAl4zVkHx0B49^H#~TI?fWO{*->s*da>|Q!sT#J#)a0&L7Hc+l2qFo+z0f~^pAA4o zjBl=?C2dAZht<~;<~6k`kB)qSSGRZa!uD>S+q#oi+j>~u)5p@zZu)&i+D(#hTpU;7 zhydTu(4E^xd;cbO^sQ!RW(|d6Cl~+uCN^%`!3`H(#N2U{7%1k6B8b9}Y|&@j&=!9C zsSh)xbp$`Y`(Acrx^WyqI^pu*%PVQy)WQ1>-;=2$8YqUooi;b!>0A_X_sWe#O7Oa} z?xOOMH}@Awlvw{70^f(7J>}22ySw+k2OfOjA%F>!CbD$V(yspA-myq{@ZksN{HxaU zr#^FGL-Wuf_hqx$dK+P2(r8Y5_c46^yrWT}CKYQzJBIk?Y9sGs)EG;7P=po{5aB6< z92yC6bIiw_Bn>q~sZWh29UsGx+6E3C-NM%o-kVDg+LO*~p7Za1nomFcJR1ixq~n@G zzJreb)pY%T?7elI9o7BE{XS=AuC06ALxKcLaCf)T(n19))ZGOsv{a~jDW#>f6l;qV zw-8(+5aO?IVNhDTD(SR^gEk z2Itjatkyd`lpWjuVuwGgP6otIg7EOMK#bXOJm#+1%%5k^rzYvyf=&MA^^U z)|-_+MNpeg@ZG=M&COR|4+B{=4q5~P_!#iue|zx1?EasKLq2~h00$p*;6LIMV{1Qa z)^28V|A4`XM5qyqE|yZFR7j`-i%vFp5=TlLX>cS$YowH9i$y2}R=h{Q@h*TKo>dwJ zy0S&cSENNMXlI6Zq7p7RR;xb!o$-ETGBN%B^;0;W9l>P(cH+aQSBT$x{bp|wa}6FP)bt{VBVIk z+`M!dcdyvM3!4X6w7rLcVxFXQkWPpa0iILh#wQ-*&WGmk&XW${km@wM~aw2qFH@ zjoh#Pfl-OO@h>-xdhVHLCt9Zn!MIWEf5L%WanUJ+VVO*_g_KNLPP=2UELNIXI@*dj zxpwR!37ycI|H!C0V8$p4q)1TXHPBHrg_edXB)kmc>+AUbaR+eIJC4GYg41t)kS{zu zmrc1MxRPR!rK^7(Jwxjl%5PyH*J*;F2ym2fgb2Za1*;sFD*!-Q^%ViO#jvm8*nkSC zn<`Lu%(@dAM?2)pd4740idTIb`9e_pGT4RXR8h~H^`d4p>^VI$S+Xby$xstDb`D?uQ!uKoyQU@M%&<{7PU;lw^+qO2v zBcNPCY`OO-E`RVTez50m9Cz%YoP6w29I)3OjBRVCxu(`Sdl}7gl%anGIwUB0oVEX< z?0fwresIIzx$##wF}Qqv)r<;~$s|V|ee}?pRjY4WxoTx%%;>S3SFTvG(~|J!n{U4S zsH2X0Y0jKEw|(+spIQiP2SyMoC0>DeofbwU`4=h5TgSq`88? zph_i?X^Wv-xsF4^_4xKp_wdWBu7SP*>+==r@#7}WUcY|rZ~5O?bwKg`7hY8UlE)J#{+ukAr;sYZAS2utzHed}9Sap|QM z+vHRtNwHiakx0CA)tc2e=W{uQC#6m&A(^CR`Xr`I8^@(@KaQ!R+c@)z>sY^izzAY$ zjt(2(+I z%Ov>D?T^vc-ol4Zm_>KChdGN@vAM6niTmuvgdY+JCdA5SLm5>|57=_d{Kloo|0Ny?1pVLIT=zl z6Y;|mgQaf9WE_5S!hw8X->Lj|!7?tqV-EX|XySqyQ`x_x6-}O={2)>|)^JFpr9x;I zDU@MoX`7shYFeM#NkeUCEu899SXS9)i^_<>zTZ?b!Ho|sh?~7k);-pE%&70pk3hd7RA1~_3 zr=E;|zj^cK2QRwdJ&!*>f9`$z?Yqx;Teo&a%IX>=M0r~e%b$Ibd+vRhdmea%2VR)R zyp0>^EfjGx9;rlvhGZQHH%-z_kaQgslBQHWCmpaKGmo6X=3;?$i`E*?bp$~W(6x1I zkZ=>%3=9rjal-M(FIc>I@lLHBOQq5;dwP04o=hg)VzD?I_y{lp*MW{!CXY{Z-~@+q z80{(t6^1x6MPuu91Om@X;s}WpW{*iBEGtP_>0(JT>GH$79_B|^Tm$R3VhuFZ{xc7d z=f3T%Q=WL@iJt#~>Ypo5{#=4L*K*0*kL8Bh3%G0cJUZH%dD{WIQ}P3n35Orw{R~~* zgS_YX{TSO^PpDLE%A&OaL;5Nt<<;Z4wFpt9EuCOYeGQYE>Y3PBM^h?+@FahJViC{I zT~6!RHul(U96$Km9R76w^IUw=EcO`RLcUa>>}Nsb>B?^7lfSu{OpU{5PdkLoeL22- z-F>7}39h>EBdM;o8m6H;4e;(%2mQ`kG&V=@TFOBrnW;KEAh)Jo@OcU;i&xAzx&V8N2^x?V5G7 z03kdN_MF65KXy8&&DxV}Ax~Ypo!V5B2}Y5vxu~?biD_p`pN4B{Bd2fB;EEK~%GQ`g&_C&rt|UK0{l(*|=y0 z^B#JJd+)rT>umJrQ9FG!PrbAp z)n~eb<#IVOFgS498Q=nnoiM_N>Jl@wAa z?cBF!Ge3HE5gUdIY|iJb)UJB%Q*`IU!}tJ`j)NY^A-49K1H5wDRSw5tj3_I*)43f= zWdN?f?oW5!an~KOL|r~#q`j^2RV`)s{hidB+nZYtwxC^h0qS2c?a`R($*l11)K+89`He zG&RW<1cG9iCsYBhqp9;!jI2%a*V!+!d2JFY?yo#TH@?3Tw*~X9l`7Dn;w}j8W>u65eX9`)rWEnmZ&lPOR7Wu+` z&r^uHCql&C6k&r7ksWx!$5l|H6s|JGUCA%eH!xrfvr0aIxZvII{q_9$^B$-U{{L^T z<4!u6wX0Xr+ui?1tyKmPjA-H5w;#=w7oJKkS3*lcb7nM-@P^ILtDW=SaAT@Up)qQ+ z3ycVmgG<`2CFwPww4gSjIc8i3$4?r`<7>P4?vwLbKUCn5u^rSVprka8l4z-|BVULV zu64Q=RY84c(!bT!e>KQZR5}-0$B#Sie7PQdxgsC^`QI7H7ja$3IzAGA|C>nww2)K@ z92kYk#u{j>CFN_<+G2D=h0>a`QWQ!hbg^K}q-+wjdGn^rKk&heyB92&ziR~WpIHC6 z>(2Q1yY0Dm|BtW!{sLeGz=}I8a+heNzM4aq((Wv^Uh@j&3C=6cC-g){F;l^@^1`kx1wZFT8NCrArsB z1@d)u4Gawp@V@uGk3an351$c2d|GQQ2L=WziabFG`2yPqeX_*>tu$qfrAiel%2K&H8P;uyGrw?^Q=B2xApUEd^RCq>_Z8k9H(U*-RqYOs?3Alw0`i ziHGpj$LI3r`OCqJtb+w_N)gy{rj=CCH)Lf|9b?$yh!_y4g%zw(Dn5Ah4yWF;^PYV_ zumE86=&?+iFn*tP>(~Fv_xlYDDVgBJkG+FmUh-Z}yzF`&UAl&YcN@!RPdkJsUS7wH ziS7LK{iiXZqlJ7aq{f3kKRKWN!7PW&nnp)ml3dw3Vp`f$1gcFq8EO*shIS?$>NBIM zO^+a7?q#slM-XP|%lWL@)P?U#n$ij0x!XkEHgz0dYOdvrzrCG@7O&^PNuyY}zLQ7h zt|Xf;^8JsU!_m_w@WPr-{xN$lyX`)j4;?*|fqWUET!aomICzfa+W9N#EtQOPrk(w3 z5t@VF>dq5tD2Et0OojR>r66DSp>Gfda{$_L9P#_#|L$`aU;GiSz4n^_PxkF258TfQ zr<{8GoQEH73l-oxI8(>)jSEgBU-Svkq-2_eo3<@<9aqo8b@kuixVy@mA;QLJt#E8! z8lZ55q%kvsRHB~#d?(}T1lON^1b402z&9U%fk)SF;_@T+=eS9u5Uz&MxN#yplvV$W zD)*?0H{<-uD4?Rk`P!p-Gv2V*>o{no`OeJ`vZ-%?w3m#N=>Xr5Ne}~U^@d+Ku|?BXDDYz%s@v+2OaGl;t$td`<6LB-M7+V|KqE_AOHUBv(My? zJML-)c>B5MTyn=XZ7^A-*dzVdW6YSr`BqV31Am>-EOxwn36& zRRa=EPk^rssZO_?(3*>t+;n4zJ*;<3jZ5mVA8O`62&)vI6mu^h^=u@ANnW@)Pp z36ulM1u1Yv$WsfSV8Gp%gLj)izU&)iOJTIHeW|Gc|3Co0tx59o`pta!%3qUxei6d7 zXtkSgL(h>XELpx}HUHyl^5iM*>eXv07K`X|8A@gDp0}KHW=^9R`gRXkB}rV0xG%=&BOO&_S$W192~GM!GAG7e6{l=QY;G;PH&D-sw(F&9W^&i ze?dp>U2Rp)gfXv)Kcq5W8HsJAP{_Zdx3?!k8gStGC-I#xokwHFW9HNmJoM~RK78y< z(#Zrjf9X8iMe-;VeQFbur&ev@u4fj5(wsAE8p3foZll&~!Phxfb*(o*E+N>^)z7wUoL)Oe?WDil&uP=fanP6!e)Ga2 zzVh%395k|x&m261{YErX3<5M^MOQfv_7!%3aqLu;{5b9ssGZ{i1TnQy3rON{$1^YU z@PgIUCOtdr7Y2Zcr9nnQMQ=3v$0$QZSet@TO}49~2qKAOJ82R^7zJP*B6@~mW>H;T z-4iFCbmG>9FE4z{oS*Wodhp+IhcV_k^^}vi@upk8oy!$IP{`%qzVCiBPpYe{J5xBE zHFM^yzfYbtNz~TV#IArlL7wdJ0a3&M*6!$Xxx|tsOAjs-`kp-M$V2aYboLYR_w2s= z?&t6HQ#mw5I27{Y1|LB;${)g4gZSY9x%?mxFH4e1CJC&{l{L&n2~Axh!Mg2zy#K1} z=zi!0@I&hZgAhr1K)_&qPDaY(4QkL6it-}{+&7{Ns6Sv2zVr2W(~?S%E0#HV|LLsQ(9La6FD2!< zmg(S72z{FBQY_li&DU;tfWGcQ#*Odb%$d`T02LacvBBSTR8nr5x>Sqtnb$HFpAjO2 zFhEI2d-b%}k24C43CY@xy=)yA0HG*_0bf4nP=5cJxAWdJ59Pz}IGR&Vn8joL1LTzA z_UBe`$73(@zT@{})}+xUP)ksbImkUJxozoMw&aSHJFe_~6xv|6%08^_GLC;#<`+sE z!`ia%Q_dG*Q^gsxxvlN(|8MTm4_^GC`1gOj{sunw(T`j@dd#@Hip9dQk)>|U_z|3W z)IJ1(vZD=+BNIfv3emLIoMU>YW2e`{SJ{~ZpB4Bu>Y_%S#Hc^25C@0)bQ=yHgGHZO zPx95n_vPkuj|B(bcH4t||Ctw2Xwr^jEqrywq|K@o$|y_z$PU$_U35%g~a6lxMn1R9Y2MgAyXP z7*@WI?#;%pvTD_;JAU}XANIbL&QJHP9susW&&-A2{hs$Bgb1jj!X0?ff%iT4?6ax9 z-aehxISxJekj(Twc0a4HukQ=nws%b%?CWPJn>8(W5gQ1bV_zsbMvTQxfC>U?YwOEx zt!=jlVUW^VPpH0zxpU{l5jP%*Q7Y@*blJR zxRI266??`<5~~9RpHKht2G-s8n01*l!?FwB^X?=6`j;DDbkiQ&d%FMU6M*Y}_xsy` zuM5~$ham(Z+qd-4l`k?mQ)^m+7MUCh46j`K^yjwVH6%#LS`;CL@&Ho8#(^>e#ggq! zR_mAVylN0uH$6T_;uft1s%`71ii=eNHJ6GoR6upKAqcGTibYTd+6WOg_-D^!kCCnP4i#_(9K72IrcCPK`!_vAOGAct9=r!7Kg3J8-0}QU zzVyd?$QJ`}BwsxH2oed0LcVOSm%vu?#tWgLc8pP@jBU4_7;+Q6)lh}B)@EpFY-Dp^ zKN|)HcyVKaQ)e_#2ug$q4&Hq<$L=)|jYBCY^Q#4`IPZoBSUqmQTb@u0J<*^Te{I{57E(%4oos_LFyEBh}zx_zWEF_H#do8 z%N8&F;Kd)}x@&*`f4Vm>zv2?Excu8(ckS=_#jk%k{!iEc`JeOWzA)i;*Zw}Elyc%| zBoULQjA!zQRzl?)S!S^2Op?F`X(g1QzzL@!bYXZF;@!53 z6JrqUxhpKEBcjSmfmTM-BPA0Q3z|#*@(=^rES{G@MfAa8s=pN`*Ul28=#&-0jEsb3 zCK??B4Ze>q7R}xYE5Opo{#Zr#LxT!^gVD*Gu~NcIiuSfvZ&T-Hb|nD+AFLbya>FbB z>^HyuwGa4U+~ltK)|J_(pMB<9;B^gY)~sFks(*L>`R8-fO-7%+t)rcq+FDkxT4gf! zQO$@#i0<_u z**LE_@wnrc{`D_6K5@xqm+9b`tf~I14_YD29DCz7 zXlq1E$C{h$sAv`4V^zsF2eS*^^WEo=iShMz{);p+-t!41sFXtt7n+N`+OyWVpt< zc0zRMQj8 zzg6;)#PK1&I{4_kW8cwkdEy1o{i1Ud{2 zSW5`<#UgBp6J;@e{Dhk?`rrrpKl8~?{hw^aQ%^mWd+)uMyYIWl`Qm53F!Ic^P9OK; zf|s89)W<)$!_J8sOhVv!v`^|FlW+|Y#4+QRe6gQCEy$!=@SKE^UAAthaeH0r3JA^y zcljE@e`j5QVUJeqnB(f$APTLBq!$9M2}1bbjA`uK-o|I|dxGQtd^bNl{!mVyItCR6 zMow4@>n$MBG91=b(-EsdhjtVo(L!1yHy_&G>OcJGM?VS>2Y-O`&V9Qc(b4glI1dd1j{WF)Og&;h z^oA`2dCjBC8%R2e&hC)ASI^{&?>dj9Bhb<^a}|UL>e4Chcyb=U`qfRazSBG+A;joW zqc;o``i}&51^*pZDxI#R0e%Rj659sz2q}z6ime7CuCzuYg`^bb87OQgTN<#zUa_iw z$W#{6pvqsDmRJ?4zY?f`o-Cpi3|BuDX0AvgfyfsOrPK3lq7gS^ZTr!zU;gr!R{?zF zqaQz4D1%HuNDe=Gf0`Ro_<@ncmeQeE3^;Ap6pr3^3JAFCiI@4nPyfc>o_x`O4}Hb) z`%UB0cN|Sw3vd-$86AFvaZmJQg8Fp3(Mxy@JyoGhzzLM%W5*szrmhhLJg{Is|D3yk z)|$~Y*N&s3ZW`kn_hmxMG+tWY%ZGmXPX@dD*>BJB96fUi#XzBjV-)|jrq*+LYI85Q zE?#4(m=UN?RQ1;!5L^2Z`64(HJv0cLwT%o_{iDO`F8$?|+i-J+S~kgrs8>H?)ROgeYyy+01n+ zE6t4sJ-ad1!O#gk(3*rJ_{E*ia{q#rG}YChqH6u$U6ICs1^!Vk$L}pp=HsNkdP-r8 ziAq5L19`9pUwwUj&)jgs4SzcG%roCoXQ$j1K6buNJmI98(PPG5{=hx=-3mNBZQ9ho zJ@wSn6Mp+!qqp8+orFm*y zlIvcW#Fg*Am7?go8|xbOf9~nI-7{zI zx9j2Tuttm;QTdNBgiui~2Ug0zq62ItC5fAXLL#J#bW8wL8dmi58wWID+o}K33utGs zW^M2YUHt|~7y%KYVnv$jM>{U8*@P(O!Er0E6^7=kQlvuDr#l}4LRYE6;@ z_8d>C9GH2r7AO_q3Ps9ux%^$nvB$)b)`Td4a!5@o$*0dcgzsN;B8_!vloij>LZF4U z&PI_*Hj{KSC>^{y)hq&N2}Lm|F?GZ!E{lHu&E)J3))O_oy7l-37BaXN>_z00Jp*Qs!NdVV{ zRh`he9X*t@KKGh(;Nx%WGZh_(#>U3}bI*JGrvHmQc;`Rw;FBN!)Oq!Fb@xB{VuSwa=q*}Y>a znmX=u<;nqR$K^Z69>~=v9?WeES99^*PtxZX$s`g++r+AwT6KNX>9l6k!c4P_<6p!U zAS9J^xa+xP+&brF>e3!4Wh|Yw;>{rahqYd+FQc(km3jscxnf+k z#`AroQLU4J zdf~~8Zb*|YnOUqv5~`3)!r`w=*Rgy{KO`f0TUCXvFsHU&--QSj+A+)l(KCo%-w7Sf z=yVdP9dg+r*xqZC3+V3de&WU(Z=C&~+MU?OKg2OlLJ zd=(;qGp3DWY-2qixN|lq-S7~%op%zG8#83f{wu0YRmIVlIQY%%ARNkH`OOQjMN%jm&u^n~@{hacX1%PqIO z<<8Ds3BYTtv(G)J>yd{Z4tjffT^l|U0|Nv4=38&s$B|M`nmCd16DIuh;YS|1=Ak){ zZ5rtB{{`?V&}>_}k(C>|*nQjxE;#xC_L(%A$6s8{S%>XKf3}Q}3aK5G09Px5AmAH+ zx`Qo`JP!les4x@fo_pT2GxyxT|C?7`!8gBg`L2huvp}TP@J}hwo^lLkT}O?sh!iT& zggAH=+L9CqE$Jy1=^Dx#0U%XPH`A}Isv@wIv@LxpZF^Q4+uw~{)=E_FP;i8?Xq~n& zFuidbjA?_qI)o0F>!yrzp%w@knhOBO@xU|ljOIbYGb(-|eEw}maOfW67%UcWq-A1gf$L~Gb0z-t z(i(hEA(Ufy{@O^i+BpZJYY^R+LwgS3KrUqV#2=%!YR{aNTY!d_BJ_L;GF zZox}0{>S#+kACponr~eG&Dv2TMsL0M-g_gmsQ^TxCdKIer*YQ1Pv)!>_Ge0K6QJ<} ziRaXlb{j|~YLLnRkVB*J4_eb$GnSOwfG4+b@%|}JojQu&zqFi>J@^c#Oc}#5quY@5 z(A76cCfQ6wrVXu)QB9~r99wNyq;spLP*EN%c2*LLSG50grGCmm-p<4A-o zFJF5<19_jCglqi|T(tHP+OfdfH|o)$hqX6^GS@szk+T%U-8UmLRS_|Y?oQD!L#_n5 zeDqn+x7>2eY3H1C4!7Ta`&;VlbasW0ov#y4I+1_gdDr6Rrk3NgLxbaAF+I|n-o8G) zX6@QTfKNJ7e$I8hgMz@F74 zFW}cdzZtb+L;PtRIeOGX&p-F<(dV3VF2DWNuXjC^S6LmcEg$Lb?imR{LoJMK<&)dK~wZrZ(+y!oGXcIWWlL)$5GBwrktJ%Hg8pX7b5X52ECU)}%L#lO#_{ zZeF~GyO(c{$rr-{hP2h$x-O)$ph*b~WD%RTn#8LnjY=iZ0&*KR!}_h!wHB`a=?~w1 z```cZZ&POysU)BH>g9>MZ@>NT-Cf(S>Fe){13w9msfX{)M=p6kmwx#IPM9^7jO(F; z6iKI*hV%$(lg+qJ0#s;_{Z<-R+BUw{3eQQAPBamOE(yoysBtaq)!NKs8@jk<#aem` z0plA})H)>wiUWiw5;BP+y~sz^+&O6_Y%Aj=E1slxfD2e8zSZ3q!l;(^Ww#LOGD0}< zbI@8EprO@{h>-UJ!{8{YkP$T*PMtD_`P+K<{k-KIG`gK}4YibYU;(zn`T8Lemyo3A z&^3_bOMkeRbz6JLBoamtS_`{Z93sJLU4^|dJbkf4vMnkdBb%`6NG@0@Pys?2+)3OC zC>9Z|jnG(c{#z-MT9XbVDPTp<&>(7K7xWAO=n3P-$^L@`RjmFNq z-hTcg^In|y36PFJ!^mb+^;t>LO6S=p@cqh`EBiE07|Y2=9)MOMD%6xhzv3rtN&Q~J zV{=z8AHM1uaxW}G24U2!zB@ZKbS9vdEnB+lfxO15uc`Y;-$1`j0BUHPHh~YFav+Z5 zTJ3K0sC1+t8*O`GRLit51h=_cd$?=m2IIFb%uE`gDzm{?v=J-Gfv~e_oh`ufjTIDe zlq6JrzlaW?&g~`v04SEAwFyyE2OBm+-w?yhsrQ=(Cmlq`aWnbk$w%;sgLdcbyN%XJ!DW>O?v$GVyc!cfPp z{-)Z|q(qIuM8twcHVu+hv@>ZaX(G~TH#|K{3slsklAOBVKFpjtiP}sC?Lu39hA*9a zBo`jHpY7UM;EOQToFfI@g#urnJ)c|N zphvdi7mMf(TcQqt9y@ll^QS-j=~M6j&mwiVxpu#Nug?==Oq+4tKM8dfIH>N#1 z%1^)2G(Zy?;+u3B%x@!K9zfz)GMtPj_}XG*OhRor`&PA22tio|WSj)YO&G!at$qCJ zg+-h=c`T!AQ}{vjxsjH-sABqau^jTv8y;Zcx^1L9*Wx+MYlhJ!TgqU>eArn6psGKY zXe0GYMd4B?WBrYeTvZH%NEGtukuA{B0D+HCkkaPM1xkei{n;!mUvECMAkH}B^vf15 zeEIRW;@P=t1n?T`z*z@z?H{k%IC=6!RfkR+w#6TiBN-lrBpp^O63=^D;B8uzAEX=cp|A;XGYs*nh&Slr!*ADW6)DCc#l zt_f{|qXvW{jbKwbG(sX#@*zb<93|2LkiuXEq8BRpuxT5*x!zdTMn{>OL?1U34w=q7 z_L{`k58Z>tM4Ce2$9AbL=^CcC)gu*Ly!RAB4QmJbS-7pAhc|5HuI1~w`T6B|nG^?& zZRXU8V>xVGJ7XF$=0_KOLg~;ou!erOo4Q03sdOElmx3U)Aaer}R2I`Hg^W7_T33AB zwFci;NU1qv-vc;xzrEQ&21rD?4_}0 z6g7!P+bJ<(16r6)S7fg%;;~M37r?Zsib0OSVwctUe}V&=9y={ z}$W<;(ow`&Z)^io`%W&!xGkj@o3JzA#tS?lzUYMuT)Lok+x@a)E{w+XrG# zc`fwt1L)Np)r1XVgy>K}!Zo~fWs`zPctuokmvz+A-r+?zZ-H^6VaO%`HMMZ!{v>Da z&LQmGvlBjTyoDJ;(*E&^7q=pcS z$fn}rrnN#yVG;y9azQ^^2iFm(g1OI1g4DPgLdt-PmOiy^lBYYj@z)nu8=Qc$9T+8I zxmb;WO+D5_LB}&)9jK~=$^OlTE~Mk4@&y2$Oee%uSAFlVpa1-4`SFi``lj~UcfR*s zKK7B1?U6_(9#a}G9wfKcalpGz=0~4;2jg2B8OZhHx*1w)#*;}k5~>gffmSkZv%hXB zUu}5)A_Of15?-1y4ZG1-+|EF*lgSM!?l|{&Zg^=GpMKz3PMJD}_wKbDNw-9Ib~QP# znZ|SnuA8=1xCedGB3M^6~qg<_~8cMvapp2+K&};7Wn(N`Cv#=ehl<#blBR3^K)5_^&(a zS4IMkj)Z%J0UIh}v#av{K=f5On5c`@pH@|3A7RFB}JU8_z`-pTmzob_N5vJW?2xyA;A8{)Hy+H3bpkhh`!ul_nd8 zoO;uPY|j-DQrecGif5@i2LY5em;v~b})s(Q{KP^yp%qkqS-!g8(T%J;F9?Y?% zdypqLZe`{6AvPBBw5QX|8rj03V_MjEWGn6I1bz@wRtn)HNP4x@IQ6958l;=BYII@T z*{HN$H7*V%U1Hnd3d%tqMR%F;5_$4%o+GL8lq@X5c9HsJs zarVQiTnS|=Hb)4GWyM#nxrLQ?KW17=pxfKp#gRuGarn!NUhWg6G1_=`dpo zUpjt2KDpm+6ns;?ML#C$E*RBYX>|>-EoNdz$*8ql4i$c=2sP9vJtj5RbIiCAoIHIL zr%oEp$V`S6eSO@xbR9Rnyq1@H`e?05Gpa5_ohQhba}1OR$d~&mm5l+4bkjJ}H3xKL za3myw^4U7HnsS(bg;%?kVM0m;3et|?x`nIx=aNozqRNt0%ZPXl`7&aCpY7O~gF9}c z_h(`AwwUS{U5isH$6=|iuI}`no}TS*W`B*FFkbZb_OWs8nzf};d3==mi9IIrkpR`v;N5f=1nXs;S7KLw>AZ0`aeFHpwlSo#Kj$Cbmqm&*s$p(^MJ-Ol# z8876d$zz$?P{S|gE#vVG+c;+Y2x`3)gQWoqK|dkXHJY3f`36qtg*3zkT%i?=cNi=qb0f=mY6~bZyG(u}!1fJs%YDK72{rJ()(r7@X3Q|gw)(XE=Cc9}XYSl(S>tr$|wr$z+jf>uY(boC%=f5S-&s`&c z*SYrCd#~+UIxJrFvH-z`Idi%1#Ra_ku%mIXn@UNFeu*&f(ZWLtO<*R?C>`QRjT5>! z35UNwHJ2yudj|SV`%*|Ddi#3M`s+=9UAF6Pzy9^&i}PBFW#68#k`WWevftE+jHyep zN7Hyht>`P{*;?>f)thC}wq9;p_#A_Q;%&Q);iCua&YmreJhOQ#lmkR6Wh6`0s|5L- zwjJ$^QDdlSjx-g5h&%;J+z*3 zP{JW;s&yHdcE8XTL9WsETGtO2xpmQcLNCBk4xuneO<`$Ys1SF{097u()1E26PZ2!m!f(vzsel zDiUt%i#6LPO`4QD{P2T|*Is+=TlW0i)d6^&Yw@DRJ-KYIM=5Ui}9Ko_^W1pAd{6H-7myzxjtFqSgNKL8KNbPhr8)kzBe>}JeMrd!o-}f#P3bff8)`UsR12p~9mD(fp30QQ z2JTqCmfydyoQ}F0?pd{g&TP&A`J(x}P*tR9@ybIms!jxeMOnKNx_S*ycumE-hc#dg@Jtr}G?}_~Iq(ez1L}lI@8K5955~frvO5?*gE|j9mvr2(Y zRwW_UvRDD-&?n`!Qj=(8d}E4JCXVEt`%GYZLmdmZ^>f>j^~~=Ypd19$cpf#LhbIMv zAWN>$PuA~4DWAbY4>^Cp>e1_pvzrA`iD(QUG)dv|%lXTgvvxB`4{gU4=AIhbnb(&` z_vNj8ETA+MQk#N}TcK|dkfN=vc>qC|@B59>?Ho0F%@?NhgwgarO&@p<>?=t$5PK*Clf09!h=z$4%l% z7bzTslnmszFjVS7NNGDMBDV3Z7-NXxV7yorP{&S%v8A<@aum@X5E5U7%xG@{Df!+* zFYx#iOYnVdM3AD9gx1CkD7Nw5c?TdiBveQ`(DZlr5iVP0*aAYZeS6R4^XJdMw|23>Ln-@ zqph9woXm$l^O-NK`@jb-+I6E}=lZ~f7mXM*X7t(7X_RPf=CE12p|pe2AxdjP4dpN- z9|ZIjOY{{=1X^?E)KT1i-f^5iVyjtR@I>Y#bGTN#<`CFIFT^DHAlk2 z6$UZvM4AAqGFuHRVm|<+5-@cF&d3(tbI4wdZ%9{L0@!(~j+2Sl*WLaaQLs#V7W=ER zVc1F_Yg2_A5hQbfYOQdzLvu|BEt%0YW~Pu#j-$mJ#nBTd@tvb)@vD;$a;F2Hj@iXy$aE#&>d9n5H|U1p+S5t4Bo=5OoaFAGER0xK2LA4 zNQ0X~;!rGS=^9u`*U&}^ewLwP7ej@umhW#8O(R-mrFT`->eo>N-XPK&&c;y$iMcU z%9#JJ9Rb@0%-;pdex@S|tillvB|o6t-HXVTKtN3wmQQwHvEb6 zhjAkjEwxPAb3EtoHkOhKk!tv1SNW20)n%+yl@)l20)A+}w9OZ6_dr=e6)kL#au6CC zYDVFR6k3P4LXz}q$z(=QpP4{yW+H9%93R+wB4)vSnA5%EdJxL`_|7*Sp^H-i2>uPd)bdY<@r@~dcH#kyZK~z%w>`$oJ-yT?lkp|x{T{l8*3p;iv{Nr>X7H#AgGHNt zg|%xoVME59ol3~3qO55va4n)&4b8Jpxcud@`TYDJ&r;`lxNgMNf8+PXB(wSz-)g)E zG)>7g35dn3!dT+l02^fxnx9)P!InPT$TLYngzt^UFu80F-Q9~W`+%gF&o7<*=BVB&9vR8vwG#qeYM$Rnjqw_x7^K|?)4-RDSYMIOxYaljuy5{t8k>GR4Q`C z4R^uH^;YX&kVquNGtWGoIr`{h+1$B)*NuJyYkP0Em(Ar&mgTzaeaPO7ZLULw5re-1 zQj*Fs^Yc)mkvO3yM4}bs^T7_out*5!^_6MEsuitKN!LUG*EJupLIJUG4TQ?<2{1t} z2xC(+YSJ*O2|c=%&mA;_hE$RusBpEb;~%!Ov|~5fXyaJ!ymIW9jH{#A#0AHi$4F2i z3Acv2REwcQ3M0!aH3&i^63iM1^IZ&i#ph#FvmDE+QBZNU|7vthy zfA_oJdqfDKrca+f1e)HS-j{yy)1N;1u}^*aH6P)jhaT>odg|#NhaYytde?FF0}tJQ zkU;I>mxCrt-xGCX+xg7L&t+6=+VJ_6scNMo7|L&F+rV0s6bS89(M|0$(z433_dnxg zr>m@Rl~R^|=ODFX6ze1eB2QThlEUGehtJ?+2kpVxx6Nku+HKT$uAwI)QM!y0f$dHh z`kvW$VccOdiE3z0zED@3Er~{9kt!x=B~UoAb+gt2rCn-LlKY-p#_#TW9wh@ivX@mU z#2dT`(Y}skh3#ia3Qc1sO|nYoK<=;$L7{>GJPF%+pj@o{U8t*6E(N|Slh0-=j2*2R zKWRc<2odZ`0RD&8@}&l!H)+zOm!ln6nzxD{-El98h@KLmy=?2%n576@*Wqu^z0Au` zz64$UQSr~a-}An&0X+8Dqq}bK>s(*^>X!kSK7F@mqCvPA-OAZV>_x(H<2h_x^=d2? zQzJ!SI+~8c5dob;d7jv^4IvZ5+K^hj{=@neMP16XDuYhkO3>ZCh}E5hhTM!Ul^|4= zu0dNfw6!p6pQ)TSaTM87+2EOkLO3RvXrW?x;;0K=d5;1WTD(AHDO?R*&{Z+ip50mm zNFiyh8;j$3XrV1l&Ak7px>5)NX*vo?nWnX79AldHprdXY38$5oWG(x&w=li6(bBI} z)ySe^p{i6!MhKqV(9IuST82niE&sUXYs7(MDWG9{-aZ3%VsUH1UfDuCMrm$p0AT9W zsbbl(W&66W$Ki(`xe4GmzxesE$1`Tk7ywQ^_0(oBkvyQkzrTF%y?1YY@~J1r1!178 zyE)W&(9y*47oWj#`%R)0C|sc}OGJZm(fAA&wy|wsIi;XzN9QK!D_bj6Y?c2L%xfLD z+~Y9=kE0xXNSN2fS!p_~zm$E91 zXhFhpd9t$$zZ_albXA0mBj)QlgQ}vemWYIB_JCs(01F7!E7v1Bd%+Wi`e^~6I4*i@ zJB)1Rll$$4Qod=OMwF`R_PwnpvHu;lL8F6vcvm3$J0mk&ZLDLAjvSin$C37GE7i47 zR(MAtaIIO3@fR{iN{UeX2rWo?b+puurM-SSuG@egnpv@`YR~E_u^=e~*&yKObC=@# z678s0c&-ZtjXg!&a$qWIb_o8lJ%gwSCV`qUV}=8;a^*@5Fm3nUfBDs~d}Y`nz1#Gu z0BqW{iLqnHUh~*vkNr&wo?o(LQFQxOb99YNBOmhL8y!XaNCV$0A<26LT+gb3kP+T>NqnBK{JTfdhTCFTnioA0BRF$ zAuU)?Vn}xe=i*3>a2&3^?*)E#`_o9F@LUJ9z(M|NR)pC3JsNfk<78D(n@W;!BuX2U zLX=`FT{WoC0!k$_N*l;W=4-b4SCs_7;v4*dEMjZ7899L(J!&+c`uHaw{qRRW{FXmU zchLaf;QI2Hzs$^;GkXs^;_&iQPdu3b7<_IK*FF3gm%Q_IgcNq8MDsC;bTo4ot>J|y zUqTM$P@t3Plt^bXH`CLjue(;2^7Q5&e62vZRaR*`1pZemP$Da^NaaUpLtk^GY5zN7_)BPwUbq};Q;4!( z0US1DpuL`br;XvjQ7vSB-_oc;8}Ko5!eIU^LS>7JDUYa9EQ=*fb;RQ~Xl!lU^9n_% zH0^a`sZX|`l{MyxX7IMH5$Osa5Y}BL*C2EJtlwIShD5_h{5%N8Hzym{3^H{dGw@<8oG{5@Q z&pvvaz=~xn*=PT~uUxWd@dce*IwyxgSoL%@G}dz18HaM(X-BZ< z)G;*Fr6?niQqz=_bfh~N^ou;RaT9YkY~_g29qiH8K;94VwL;<$>M}jKt>nu6wAM`| z<<=60=6S}?Dl)Q(@gvG43va4^v-5f3fC!MKHynBH8=uTMFM z_ucaZ14YGE$L!5OzJwBrP`gNr5sCc+c1!}|y=Rk31VTx)2u!A^ZCl^*aHZxaw>`tX z&o3kC$zl6c*?aI>sgKaQ$_ct+&n1OMso~6knpA?6=f-N05%Cfo$*^f0B&Y&T5E6P4 zv8kdVVdl2P{C}iG2YGZ~A7X27eAD;ZYp(-0cW&l)zx~~=1mJ&dU48Y{ocFGGa_h~v z?B__iI8;iLD~j81yN~ysa0m?v7hizX0YXTW(jhK{zB1e_#5r@NE9co>8-RXRuQl_Ut-CY?FdH>J1Ae#seQHJ zFXBuiE=ddsN*V?LSi9h8B!oF^URZ3cY@?oZ2eh{Gwi#1Vl#OddXe?|M!c=IHrn{5~ zCD2l{qa&)hj3}VkYqNU#(LowXpElKW(2#CNh01{NB7oXXRNo>YD{?V98qptJu~Jo9Bk@r9BwdFMgJpj7{1Vfw))Ji1jxUUDveb%(zLFW$sLFUn+3ON9 zv>rsL(R~B4AkuAr`^P$fPrh)KgCIP5)-nFLaTEB(FMh`7KmXapKmKt?b1I$Q^3wc; zfTLrIn$W`OXy&AMpU8(VJehqbbP)PJML#ej6%>w;)TKw#kRHKEr5RDz%F6C_+`W1W zkF43u8M}{TY^H`{Xml5}3@HT#I(wJXR6Byk^hi^QDrMN0HW3vv0`a9V>W6Qv4IUW= znePjb!lSRSm3%&DgMWyKj(DMs{IyaPghNZp+bp<_UHj>IA0$A5pCJDyoiG9fKvp%U0tEYu@jd)g7D z@YS-s+U(n?%alx~NhdvY7$RP!br&VS6w8D{L#d4J9UT5o1Iu`@iLf5X8;fZ}*VVPP zwc>#XADH*8Z+(kPFTHfv2;hHl-FovaoPYj#`LW~2ZH_**>z-T0qw^QzNC$yME-OWS zO_F=(FJbQE3m{vHlFVT2xCzezTzTb{yKd;~T&JCO3IKcWv(L){X=oOX;QVusqa~9e z^h30;CO@!4@Yiw0tx&kQEbi%N!%*G?X!-Agvm#!y0#715$M^!o=tq5l zDd=eAz&*!v+QgBF&_yc4(^pzp$s5MOdwr+^hw*Nt? zfQ;Knb9$`F4@`A!$gDWv>x?@tK)3IABaW*T1-uU%a%O)dPcgjv^^Nq!uWl>CJ6q zQ~y#*LCyjKEAw(~6C17Hc<>(|$38l505PQ*ChX%YP#pR!VvLd6ZI zAHj>=+xhdtHDo;7VY11dmX%;g)ksH(>HrRbaIBt$1NeAJLAFrjTYr6=TOVIaCXv92 z`~m(0pE9&*uBnLopGlHTr*@bN?ChH*It;+~4L+x50EUKZLs89I8YD-$m>^6Zj zkKTuTF|gH8_zFyMb&K2}oHfExJiDofVmUAYN$Y>(L}K{pKsspGsm$w9!>&iP)kA9w zI`SQFt!G4gBgIftpMXpzMWGZ>RvKRmq}4zd@f=hV3#^DLT>)KrzY>8`QJ^u56Qu*v zZY?bh6OcG2C{$9Ho#y}+Z65L1l@6_?t)_cu4aM>xQaTn_Q5m)#C}=()70_rz4eB5zUD7&kI|&^S5Q|afHixyN_k>jz$JbKB1EMewJ+m ztEfx1P+!wV!l^}tWiz4H;!OpAT~(1wprnfQWH-h4OzWthUFBDyT@b!??b8Hdh$|)E zJ9ZYIe`p@*gy5nXQ|K<1ETbSq2^n9Vs#pk`BwGk0mLna6Htv+^RFbt@`uM>ub9i}u zHw~GT9gS(5@VxmX=auHg0zc!CNF@#3_FufX(i&ANS^+Exo4Vr9eT)#0fC`P*M6rnO z?2a%3x~8U9ELpPn;-{Z}`oG4bWtS4*zp)1T`yUI#@LZq+t=Z7m&+#W7!l>p(l+x6v zQrtIx8Na#VE?BcMQU?+5|G)>&n>Y7`rB_^W1&=-U*sdG-2G&c97N1!z7T>0|f&3o# z?h|?E$%hzo9oy<8nq5a~eUWW#RfsDG0pELO5q-s?Y1i+x{r!51e*MbRNeV zXk}6Qs!E%k7zI7N^QkM002C>wmX7Ahcp?cxp@c>ViHxX;J9+;i;&zFOr-c^KJG7ph z-;ETm6}{3i;8kF{>{>zEkvy}xm+w5bkdmX3+NnTfg{jJfQjFYQ#0dk#)z%p4-%t~3 zO{l6I8kHTZEM5&c0|MN-ZOaG3Fx>L|?;fS8xs75W&z^hkx$T)}pFPv}{pMKDIg^Hc zcjx0@zJTw3;tZyYX+wt!Uj?8{5~GwN?bb80VG5aKqfMTS_^@%7Gju!S=PaN) z8IchjFv5K9zyI7amURzu=%`lGu18rIdT=q!k}vfkw9#2Gx72_w-;hgSC8Sy49c<67 zr4$ybTDnyZjdo1nAkhSNPekZ=L9OR<^tg7u`q)c!q*KgjZK4?ZR=u=JzF3Hu@+t&4 zDnv;Kp+gj!nq-0{8@6-BpC4x3wgJ+fG1ZbPL`lzRq*U!OZGSIbB?;0o#kTVEwf&51 zCCO)8R3?R|!IJ`Mjk1IV^G01ir44g2^nHqjoKfrSAA;rUhXsFA5<4)m4aT;^)^1p^ z3Wl-(qOq~z?n^Jd^mh+D@Id*$;-`LBVo<4+|h+WX$5F4rL)QI)n zbR{3qo&%n=ZBhvhHL(9QnA}cg^hl1`Ya*Z9cPdjGYsiNoJ;f4R2a2p1$g-rnm!CYp z2nU$a-pm1`+t{nQf%=ru|5s&=BMjwKRSV7thB@;|GdOb3vE+&&Wk0YpY?r_-BbA^b(@I<2B$SkB6?Hq5 zF{Tlr!7jK89RN}jBFK2PB|Epb3n<0W`z z=|--&aSr*SPdZ_=5+vr{8BKvVSNTVutC-lMAz$N>txJ*dE!Z>+5&uF?pj$L%;vav1kma3SG}UByY0X9!E?r|>-|Xjh=FFLo09^h3@9w&JZ(!a3 zz};-!(tFynm8;^0`}7kJ;;4Og!`C_%Cyg4G!cyn7ig@!DaD^i6IQ(P9x=0Yu1~By| z+mjIwU&b}J%`z&IwWFHh$bAs|?Z*Cx?#a*3ID+3CwLjzPGYpgh0-z<8Vc(IBynD|{ zeD|pR`RiFn@RQ>YWY(xwHudMZb@^IuS+<#H*LSf#J4nCpqqN484pNF(emDOAD98$p z<49T?Cz6mELggcHtecuN)JO~Jiz$P)+SaIHC$SKcTzQcG>?T`@8KuG4 zl2Y);g=<)_aXSdt%#`@sZnA6|4eGKL&Ky3o&fa#q4{*$=zviESrjPc}(fenH-;Sd3d(4#ps zj@G(K<_?BoOo!A$;AnxXJX~eKaY)PX(Z;4$3Qb4t1Tx7XnYWV9 z%zlBz-2=F;gDYHw@W}c7Z0lV{Z*CJoY*HgFwj-izvxPR2w)r;y59$R|QTe_iSv=rQg*YkzXeDZ6Ba8u7h_RK9k?x|2R)R{2Y4y764sW zTPKz+UpDKMQ%)(aTD5A|4Sbzz)~s2gv$GQfPiC`2=G^LN>(NJC{)CigcZ#(Mm>>)geKvo$#~6_ zv|vmPoHThPIbZX$=a;dvcYv9r+GtKX6ho6>75zc-<$eMckZ{sS$3<#MXr+{mdmr)I#3EvYm!>yX``+wbOnnN<@HEGUv7|~?3=y#@~X%~Le$kY{C@G`Mej)@ zQr|3>OQv%;VU%G5EL~^x0zl8$YmffF-gNWl&OiTr7A;!zUvswZ>Hz#3>$~4IRs8g6 z(@$|->%10*+^Oh73=Ve5opM<2j?3u{LPsh z8pM9&Mi$Yda6PC^z&=wLci?pXdcm>0fA5LZC_ym{aWqDXRj62|G&-D>)~HYsgdrtA zq*M+NLQ$V~m{?!OeyzZJ#6k> z%+{f`l!IPe;ed2e(gM4{wBLn95r9<$jAY=okQ7ypt$i!dDzFHD8Jn+2Ef7i&N`p49 zO}K0r$nk}TUNST?X`BaR8knUm)aOEKi&eS?uU4hlHnT=U-beHp0AMneV%qMz)d0Az z>_*BIafN3og(}uvKnq;QK?$GjgXve@j9-!@t>?*(+NHO_GFi0;lhR2FI>2AXxCkPgL6PrX|)+-yM{@l_~ylD zpnW6g6KO9=A#Dp(*qNa{z$3t%l=PGX?q0pw98^+Ru^o&!kdklYqR^3fP^e;RxtWt& zTi}t+oP5+wesuZ)q(qXO?;~7`ND{(SIF{QUYPCaZUg=IKtHLL2(25TGw3MV$nh}{M ziYg%Q`*at}Z0arHx*qLy2{NurO1LN;kj-x;U)+u>)6`{}sqva|Ws->0r*s)9TpJjy zbh7jaRf(>FRR|fxI`Jy9Keqo;N`a%n6Ow$W_}s%Uku45_o3w|y6I<6J1)i^H9|};? z^1xp$0~5mNy4Xl2dj?VYoDCdm`LZQTuWoK_S>4yu*Az+BiOFNw^OVE*M5c%9 z&OVIa&Rxxg|9par_MOD1W=^yN2^Ep4aPYos>SLDEf|1QXMS&y{=W z9o$5qEO=FkIJiq`#yYWvKcKX-dIJ$WU`N$IbJeaks(F$Gp45Enh#9=|&ZpS7qk+kd z4U_^!r~_QB@e&>{ukYhKe|?Zmy#;E$1R=h8{qW6&l#0q<#PyHR2O3SJyv;5O}Ujp=yMt*KCQilRall z>lM|iV!IN6T`O9@yY_c{?JHm1?}tDBapeyuj^v?d7eap)d>;^^p}tnn*mKYPlTSah z>!!WIHKJqWTmcD%;ecQGp|jX~@<@iVMLXZqNU39klwlQ*ML=sHiR76rJ*?k0012nk zDy*(J-bf3;_R1s0JkxSD+V9Csf)BjySU!LF9w;F12PUXkK$aF*(Gp>2v7#bJOcggD zgWo2urRi!&GKyB-a0JStWHI$Az;>fG>*}|l#4==}$f=xCfuU!j(P zVke(DU<$KFH*(42FY^4R?R@>veb|3=69Jk)30zXBFkm3q&OoV$q)3r)Gav+hP@o(Z z49i3q5T&qsBSI=8^s{4WYz@goRgkSDG!>r=qu?kA@lj>Tq^3r`c);#_W%hh-IQ7+-fG)g#@TcCL}9J!dLTLoX$*7BiLEVF%Z02TNk9Yn$; z`0*G@RKJGJ$*r_UzFekIE*W*so*_Fr0u6pgd;2{?h!TM3Rg@TY=k|zZs%z`&#NwBi zw(POj?qbQJrTV|^Y~3{i_&3&--?|EbTW-7cF5kDzkfu8H*byef?$0Aav#E=v@{>L3 z5Q5sgA`xnoH1qY>46#BO#JUhrF2lBXD=>c4xakWQFM4;WR50Q&?ah4o$`5kMdrrX9 zf^5+TD}*d6!mu>gj-{o3qG_>fRpGQ#oqWkRbvzD(ktk{RT}VT^owl0E^!cz)TRk_O zaX1HzY~zD>J;hI+U51p9aLq`_%)A|h(v(zzp;8~&VlSmIPpq9QlzC@5wD1ZU>+cIu zVGu-0d%F5diI^H1fiblRQPPe&q@br*;N0EEGpV7TYZk1cIg=q@_W8*_p5<3}&!-p! zWLyyuERmQd*qaOg!xMq%S1ASAT#lZ>K~zwLMQgxU=!Ex5_06gdOf&)jK{lT=oPGqX z-wc5vnl?8yxyx28|7rAnVfAaR>5N}4nMz)@-+>3n|Hk0ID*^a7*JYP}1Aw(_){G$v zDN`mygCxl2;t!;QGa!U0U;M!j?YePqY+VfEWDR5*Yx(Mz-ouE-dT=1+IHX*cS}#Fu zGC@ruK|)F#p+I{kNGapU<^Wr>Ip%HL7E9G&4?(RWcehv3{H-=SuU7Pn19w#yAqe>S zi3jt}J;xJ-K`f2y6UG5e3uD8IuF^8sSV>-D+LHieY`!8aSjwWB9UZqwRjgoR!?QMB z5#RU8cr~=vj9^?tJCj=)*r&aY5w#xug&gy@Y-f2_j_tWJS_YKDL3*-l>FilV_rMzZ za+~STb(&F!*2Yd5ZDdq!>t9GksG-)AtQ#8OtFz}BUcIC$L9^0rIJg01ioWG(i=863 zcf9|h1mQ^N9)iJqoG!e)bV;JWudfc!NXd79^I1N0`hjTe8)G8-{SFpfh^DoE0uAYr zKww4^NF%jONaV0rLEgWK0A@b@Xc@-*dyVP*WD*TDr8+2tkn|*%96p1qPoBl^=B?zS zJD(xvD-u#vfR)mi>PTrLtPru)u-2L|x_?!jBWbH(U6oA692rY_(K-_IF{V&LX(SGk z&^lO}IsA|x@QGQw@l0ngcfY)v&tLNp_bph3kRd`kR&g^ld4$nF{nzF`uiZ~Gb9*cC z+uPSq?_icdD0pr;^bHsv4Lhc)_E%Iw3>zjm3JQLaY%z~?UFaS}Y>V~$#bsaonhS90 zH!cAnj|PBX*xQed*HW%Qa}B zo9dyt2BEY8?&J%xcgEQ9(X?j6O5{_q0UieETA-DDDhmyyv{yW4Hm(zs#7A({8!T>k1SAk z9-E8_inNnoE&1LF`*QZ4qv^{PD-LkBQdg12y#*&3N%hM7QfMmI5wo>yRcGmTN=Kdo zrt=_`G;MgT4XRox3rY-Ws2N3T{UoF|NkX7P%3+?SaxY_Q3lw#Z&cQreizPPXa3CUow)3o(v!XBw1!m9K|Gka;=aPb`I&nqta=hNg00VEP-5&hfFY%%784j zCJ-7|d$iV$r#9IZUsvSRXT~^@Yu^q4KVF@S|Eik;0opZzH_}BA5mrJXR6r;ka=y>$ zQ%AGMyX*PTJx_D~-{$bslMiHabB4f|D6KH>LdAQ?+;sD+6cA`@m{f(fk2El}HIgz7 zf~Y-SVPlAhZfH9I2BfLtgwqj%(Y3WqYpCU8e|wzKc|p?i5K7s9q7cfAbrc|#fPcZo zr^*N@a+j#+WSfK~Une~Q}8Qa0uZJR2eYav7~m;LFIB}*QhK7BgNmMzm)lD>VevgI=ReD_Qxxcdy+zXW9e?vgMdrAnc(Q{}iovFdD25 zE)^HO9qmplRep3(MwkGJ(m|D2nn9x1rkZK49}AJXo&Z-0Tv<;|qLx4f1Yw@~vAV_)2;0_!YrIqPIAdL-yuF&C>FzRvzKjibX=drP;h)6gU)1^o@*2*J` zf{$Ac2_5hPL)j99n0|->rYV#KauPEQlm~3w3Y`_-cF&VEwKgzvR6Ae&_J=t5uo(>Y zWRVg=Wdf5TH19(zlIc3?YDS=yZ-t>`RSQSGrV^xhBMLS`Ae1$T5{A<+ZAZaHFjVYA zNsViNQ%us(&{6kx6)T59YXK&QhLRuo7LLM(YwzAW*Ma!~g5_NNbC* zhzxh4rx7Z8h6czMau%5D8g%daZRVS66Oc-qq&QHq-%6Ayn+}!06_R{8PcD~3BvR;A z>mXME&<*vCV(W&^F_R}xW%cTnm7-q_&swCE*%MDZan9X$-~C@3{C6b)|K>X8xZ^H< z?wM!y$mjEjL;~I1VAWcU5Q;G?5vWiVumAJ)U)y!ZUiV~581$D3{xc7lF0S~&#|iR9 zJV#g%y&~;-)VK*+(=fHAj>B~;F#!l@^jsi#J@(U2<9l-kZfvBz{AG_fOJsO_vcdL3aX zeM&$=NPhaH_iat6! zgtKZb<0p+|zXNw?+CGyRKemH06GqV9(M&1fFnh%&GM->+b1luu48YG}B8A65xsReh6c_Q4wL#Gjs84wO_>@`v z^7-X_@&3828!YmO*mwd z4dlu_CNK&~h&0T55ySrM?{%ym*PIai_NBG_`K2`o&oz#Nii&5vvY!Pdpyb;zdu7~V zzKpYBh(YRy0ThZpg;3F4pXTsA#&Y@5&Qf29MYNaBYfp-^0U@Lr5>%<$C*=8`X$x%}`M3Arl_&Z+Ph!G9^ zMJUYN-BFSFj?r0{S{l815rT5@b&1`Z8~EV~2Xg42?lI5Cao%{<@@koiG6(GyNAAPE z9WC@)+0f`viUeY!sw=J!hoQ8o3i`Z)(gebS=VctAD)Vvd+%^QIQ97WtVLX{+GbrD{ z0fbvMt_Wkv;+PYUKud>QehUM+F0|v|MglZ(yw;XuZbX3uAx#OFo0e|kyN|tS=Co+T zy^56aA_E~LlmkRyT>JtwI#3AdLZ}Euh(h9o=6$u**Ra=q<2iJ%vFtZx6eAnz2o)4{ zNU2c5FGu3<3LIhK8G=y4tkF&EJF10eHh1%z`KxJ4Bsg*M2*x(nl9CAm8Bh*}*wVe2 zmimd*B%4k1IpU7}CsINIp;hnG2ufj*!J#!|OT7jyucK-^()N)kd;`MMk}ki*yY?85 z5Ds5?U><{|GT%OCe`AoOeG6#}aHQ3nVE70?8_AJMVxWez0^%`%tY`sf0U0Uj9xCzO z`{(lDiz}&1Byog5OAoCB1cE>aB!O|xjz=c1|FblF`~U+(L-Y*}nl^s*m_=*zIUN{` zWz@9yHoiyDDC8Pz$LBSUwLXIBO z!oee3d46*@|5(0>ViRG+u%wXG9zfpjK&j5vzMv^S~TK$MP^WC zmLzugWBd4A;ZP3q^yjydEo~=M0m35swTzr96^;^yKQBVG2td0yLNHVgdHb|cq&>-( z?w?C3DD$mjXOfg2zU}D5!QOUTcEl;X8g4;X+usU}=Q@N69$d7ZKRmLKwcGn?NF|ZD zCV8-(A~15hffj^9B4ZZK4)^6Xg1=+Y{n=uXfuSsgLf%aKq^__*qKzvxVtJ>f@B!&0 z)YViV8(Q1%sOWzPA?VKz5tIYt>bGhml#K~nT|FN7~5aJcVA3#c31Qz^)SdF?PLGA}LYAptTXOkqS>{XsH>8(1BGztRM-aNrJh5VN4A(FBj0AT~9d- zaD_aKzsJVy7;krF;DY9Q6+?kQYQ-UA zTRC7<6N|ft_}j7#T(@u?AKrHo$4}^>;0N^Qw^8s1>8P1NI@wI9d}76bs6^jMqNr@( zHM4Bvf5Qznh3`E4E_ zx$}7>3;6zV`^OjzX^#{~M}$@ZGC(NTs{NVd*H9oWW5n!Al%)_hrad|bi~Q`~=XrA3 zX8cf5pN^CpLyJ3btdgcScm%7(9g9~*hzFb0#;y`V3>#0lu1nDm=pE=Mo6nny-LVdw z!-BsC*F|sI2HU$Uw>_PKni_=bqE#>~nT|9AgHSOzIAn~tI=8{Lp7?2YjOdspgb2U% zl`r#y?_d3jkG>ncx$g+Isk8SZCt-e3=R(2Z7UJhwaiFR32T5N zhgEeKU3Af|8@H2n^fAXUI51 zZEjk;+GqhNjR-@NV8jQeLDFkkvGR?Av#P4Ast_fhe(jqnO zQ4wPfup05k=qJJUp|upsgU0q26*oH+K0+Eh*hr5)oe(V8(!)0%UBEyPSSjV|YB|nK z%#j`dKBkIPJ_<>`q-d;h`O=vOaP22f;k?6kr@gTj0TfGRf|$QwZ5<;`(kG*5Z>xSJ zLP*oekX8grfmUTeQwn`T6nnPS@vWowg_f*`6=bnDp?&A{%>`(w$## zDpa8eBMhq4v9V3;42U91Ma@GCZ6)PWEa%xc@DhE4+XyV%Kr4&XkGT03_dxYCm3A)+ zs{vp~Cq+Nt;1O;7_Oye!bLAF(`uqy&Jj2F7Nwk#aGGnlxV+47u|Am8Nv;u@QNu734 zgt!tKlOB&Q-pGZ&xr_T3Za^VOI!;BmAqwZBviBowN7di~S*gP-L4U_?gp~C453+Gf zCqvn+O$@3`ij?^xT8*L|w+V|BWYtW5lb`j@1BgBt!iJ_<;}Q65{1` zao_9ELl0%;@)h&Oj2pYt;1A%dU~4j!n6rHOvOoN<1pi$Lz`wEbr2;_^#zWdz#xkPl zI1-Wuaqc*z-+$5jzjgif*YCPy``BydRPwnYB-W4J zR++j={xhzm?cBN2i4`arGEfM)Z`CHsjxf!x>Q=tk@k^W5b!1l?tMNp^*+HnNEnZ?w zV-4@vV*-wFNeM|pI7r9X!|Dj6r%X3UA`wy=k9ld2R!3O+oBeyGQ7EhRUkMVzLK}re zMk_nhHB>5%BA_POL~XJKt!0%Mi{9xd!6>YmZa{Bg69dIAq=iLD?GU=!YQjrGB?+wn zP_5_k^yckce9t`k@+D)eGRzTCR09~$%0ZL?5uk;K4x!1Dy!YVA{N*Djalw(hAsxv3 zCP-_Pxh`u%EQI+oR}-2arz;7W9V(y+Fk(L*NvD>^Ob6|C6LH0V&XlA=;oYia9UGtTJA zZKSjBWh0sF2vZOUKnem2){I4bsDMDtYpG#2zp5&T7W|MyMz(O(G5he_=a+Nq(oPx@ z9!iA9vKU1`V5xjj^61&|eu%96L>v*~Nr(P?nJe#oflu8uo4#B~ZPKff;w294uRYMm z2LH-uQ0>5U5klaHA)VW|(>2gH?0pRzYe}eLIcyO%ohf&J#lTS6q78|IGQj zYXtBnS2~%*bq#gIba$&xStSsTgH9!2D34Ownf>Ua2kg3Q!`C5)9KtitJVQgO{|_{MI6T|6ofo(EScN=gTg38J4>Y1V zHZu0MM@Rbic9tzebSUU`%3MBsF5{XTn9^L&q=p(s*QcoW5+oeMUoWbFa$v^}p&Di# zToDJdcmOHly1%;Uij`k?@}9NUcp^nx{a8zsM7|i@FHeaxZ<^jb@)Ji54L) z3MULfB+!I7cI=UH1-CEnQ3wKr=h-fa-0{UL9e^OR5_G^1ICAP3K6U6c_8Zqo zITQ@!{n&WL=nRNgpe!O!2Mw`Kzt#bslfacpJU30kO_OkH@SHS`;~|9uNNSU9WD8yN zmbMax1sv^=_caMA_~9}8@XWM+e*XLt9$d49kIbCRi4)r?1wCx)FVI#uo>a2YCW5vb zgtEA|D*I?c21|YP=QmRJ3rOJ@bh{X?XeUL*flur>i?8D3$D<#Muot!yQAG2uJ;t$l zsK{3ydXBoJs$@x~rQae`9KN18EV<}uK9!N4FC@IM!i#GFzCl|3|Yag|qherh> z8p%>e7SaC-7^&ich8~6h5JFH6dFXF*G0@d(lINZw*s>i!C%lBHudn-JcTZ3Lkw+eR&G#~T%-DysgSq7Zmw)TZ z|Cuw`*%gM~+&b*A!#akBhCbTU(_=ou9W79ou27$(Kn&%f-6ce9^{dA+qik@CT?E3fd|)aW@*n5+w%on;W9FlqBbE&cn(4fLM>5| znUC#AL>+Wd-C&I+Uxy#8l`nH1Z<}74IPo9Iuwo;Q2^cJ=QK54JXCTk%QFTTH0I`}$A&(M1M z@|y`&fRv66f->f@$AV3EugWU0-Ye$JvVyq~LKqz-gweFMotUG>cCay9;*WEeanz(y zw5MHsWkw(ZZJ%MKT_3qL)+Z%vx97P0uIIS%*`*9*%Vb=~>I+1;7;S&1d5+S~*oDnV zD_tcS0|

s6<=9k!B<_l+DuB(_?1+k=d4gT_JYZFLCG8>H@yJ29eDV-v~($CXR-2 zBS1JdvD64H@uVOa%988qF|V^^O(gmwLKVJn#>uCAVezu1{%f5>U;N^ix%%qw^#ELP z`IS62XZHWh87y{%@;A5sbi<8xmtS_tpVzHhdlrD4G9ER3EcgKk*R-m-dSStG2$gPW zZV~(Lv)_jvnf>r}0PlO>dry7*iO23)w{|1%de;Td-hA_44*?iAZVVeXZ2GUie+M2o zi|3wuftJ>mkM{QT{s!P9S65WgynJ{SWhdualk^fS>FVR` z+vb>xUOH9&;^GzE1gqL&!wr^FBq0c>OL@F+pQ)U``#46_*Wd|(4h`2k(1LvEQ}7kV za+$6|iIqKBmh=p=dMHP>P(or zsVa(rQQ%NY(O5HrmWD}a-$zJkEeWix@i4iAN`)25fbIRO$(H(%jzERNwA-Zt(+TOK z@IgyzJ&zZ+^>fjk&yWoRke;PJDvR8iBGSs0=b*LblXRPybqc z;hT<&lGdS5TPbGe6;*yz{fiyw88N;?Q0W*{?`ZxI2wVr=e*06jB|Lt9$}EHF z0Hm-$R4HTesFWkYQQW?ulOH|2fT2>6TIr!xXc&{So77lZbhSv)j=?|bsCWXsd?T#bFuVl>&{zjY><@cR zGCQPjTDBKl*>zd+%^Nj{5%pHM4u_?OnZh z*^=en8#Wk&jp@ZCfawr=AP@`zLJOfK1cJc<0vJp;VBCUn#g-*Ywj^7<>-Jtw-`$zt zA2YjW&y`F`$nT5E9Y6Pxb#?DK+s=I2yHF~5#{ZqbAnvDeokLyo>OF`E)z(~wT{ z`r9AjuAPSvY1am+X^3t;z1M7aXRRU7WL%eLEt$)^&RWTemIkK0GG1VCZ8Gc=ScNr5 z8wWKhC21j%E;u-hl}ZejJPwWJ*grZ+Z@x$ZL0es#d37n~H`URWNs)G4Tq#U)ff4Uf zHX)F)7O6=BOptJ$By*bAfN+pfSRo`)OU8-)1UO`9ZCFHIx&_ZGFqZFTvM_{nt;T^C zku|c`VGkz+(8b#Q5l-bq4_;V=>snj;5b5q%;U1+)ItdO=O!Cs7JiztmpThH3&86%s z3s_VTND_`Q5Zc){!I$oTlHWXem~`4D;}{UER2nHv#qTI-5*MwJ%24&N-6R=yU_zrT z6?Op3c*haOufPui#wI5ipO~;pNKQ?He*A|n1aKOVBncOW$6@1>HcQYEloT{{wZcWG zAyzCx2RZNm0Qd6qLgUW3xiOsz;O^b(tHU^U>+~~j2BA`mwbi`B`QIH(u(?2f|gW*j!c@4`ZP&tj=QV^ z3plF*gRu8l}DJh$i}Zj%%rFeInh4@E9Z|e~R%!A5-Na`+hD7DR716rYDc^ zsfTxS>AViEzvyH-vq?$;G^AQ7RC4&rxDlGlSVR)NF*4_LP)T%+w0Np5SJ!j~suWF= zD7nf(+5WuNnmQ-R*S78D#>WrwtCw6%b0&coXk00%OC&iwHpRCe-OG<3Kg2}7Oug&i zSPcc&R`Sw1EjV^$DbP4dSLvmp<+KGj8*09cs&H4xr}Dog;gDdPPffqZk{XoZ(;3Bmn<=%S}3af=aMlgP^ev&O8Yz6DS#&3dxml zum^S>uGvH-pyqZ$$%BzG0G&)EM8)&|qVLK2^&8l>?J-(f>mL~#&7BEw{ioi-U%%nG zR7zz#2Q?Lh(y=N}hrlah=xOr^M^0u!k(MdmaM#1!v+tPEV!+b>bTF+Vt|GdPyejBY zz^U`w_{`;}GQY9jwCMFTr@-iNV%6F-2RR)Y=1i}EtcsoxAaMwkCO{CVfP(KcP$<%$ zt1wpdXw4*<*O+BRa~%msqLiW(7^XmTW;Sh&i%`n6ZA1Hdp*2#Nd2!t8MmU08ag@QS zy@t4@Ly6%kz0zpbOOmc&_s9hAy!|nbIK8E8BEH_4UM)#MCmgRW8(%M~W`1xlqdzVAofCG*Iu z*vN_6*1wSEc@p;XsLeCOz1LlME zsq_q>M<)^cyU}|O142t7#G-`@Uv%*Bp`Xk|r{BM3K!E?l_0f-gboe*--18!V)RZfN zsRDXlt9{6A#@p6}XlsFD#kAX+o6sAUA{Nhqxot3(heAmNM#}CZz(@a5uh+mpKc}5` z#&?e%?R~aV0UOR(&EI|WHHIc<T}MdEt$m&e9NB?E1uXUM@XlW#{mgir7XEi_-Jbxtc64h2VW~32c}9D-gf6!4vgjPW*rJB z5jCxhXMA`AoGMk)tMIDRmh!5#3r$;E7;e5WU2L=?s^UJeFRa*)0uTX7kz!uUdNRpI zG`&74+ne9m61ZYj{EPA zJ^uJVDWyIDByk*A*ab`G8i5~W1Or5&gg!Qin98Gf9)Q5efHpTbeXOs)|0^?*X(j>q zUte$en>X{BPyh21C!KWCB}2nQi_ltAC0A>6$AknF7D(j&pLy8CrL?FOn_IqW(*Mz{^A5ct~g>kZ2D^*mm3haP*zd( z=-6Y^+RXkvG`?2M%BES~(!{AW5H+2 zb~q#sfesj$+(*UF5r$c16DFggYpUU7Qcx^ac*E^md9r5&QWBvPAUtYl0datVz&yiR zFsm-fne)1M&si&QEg&w?VUu2>ovI1aiQ16bde){A4RkfGB<0i@{f7`yZ`BD+LS_@i z-znG}r#yU$ncC2H@7!D3XD3&%gvZa62=mTszNcV6a znQ?7kSGdxNFbUGW@9_yhd<3KAR=q7 ziTR$g*G_^=!q^yWI}qM{(caqj*x1fM{%J^v*u#>@OcUaA4O=bec&3{@2&$O^>pA^=fwR-1)7RmZtfB#XD7L zttplSLt~I|pgseM1X9^HCa!S=lNc0PAkeM@Ne2c-0U@R)r~Eg(_O(xZ@8<9S#YF$N zzV$6^-n^NSk+Gi)4-c;g^vhm-rFg^JUq~@m!Vyl@@J1*C6UHL9GHn^ohL=wa4`6=9 z5e|o@3ViP2Cnzd)0-g4FKp@&osQ6sDdI6ui^mMYWpd19opWK4!b)>8(A{x_iqA8)t zO3YnN#l72QwL&rz4iTeRQ4us_eN~+v*V`_b+1f#PA3GD6`!}?`50Tfhar=+ErghE zLfH1#VJBCCSD~pc!z*;D-PSUM6_=HGiR!n0XN}gJ-HN+68h!(1~Faj~c!4Gnb6?z%TAErevA* zS*%b9(h14sOS%{@RrvhIz09ghaY{!EUNjb(u7$6wY|@AwQB7Ws>kj;$(SYeBIacD@ zj9$_SNj52Yynmd3x_<|c9vooYFXQ_H>4cvT-{3qfIMIpp`ko>I5JcS+S4eaa;QIlk zVu`6ziHhf2zYS?{HPgmg$0dgGu0Sj~2orDNx-gZ4$M#ywbkw|g^TbC!{E=tgdfTrC z>oVDYJ$&%sN~JYqGq8LfVs^WIcpVrTMU0O_?+6@>7*lG=(j~9kxN+mnXPC zPhY$qR|qO9eU`Gp(3wh>nqcD7LP6gNF_h@bB3r7qzyx4uH5G=>7wZUX}o`LIyMRw#x|S=K&8IbyB$JTLuglPy zOz?2uFhASdO>-*2vZgwOa`3fR1^S5^XaSDabhVsB%56aD3NnN?it3FPv1+oW3llLU zYI+JL@504#9Lj2n(cDpn^G7Lp<7VI>oN8xA28757qc|)Gw7?PY%q6qYQt;{fwv)~z zId^U+6~AII9XckN8)Isidut_lV}})nUQ^BMDh<;9T!aM-fvZBHrD^{+Ws>wx7Wv2D zZ08I2Ji+5VBNTjTiU$cOWuG63a1@R*ls%z?sIr&Qa3M?p%uR5lL`q31U!XWSWt5cz zWyFo7`8`M2G+Y{Rt%!HoL_F|EnVRWzRWnbJE|g2~=#!8y0YcZ+)ydhjXP@L6K#;PP%ZxdPvq8-uw35&^v4aQ~KW(`YrE# z=R5i07r*%Q9h1D_jeO;6H<(RENF5j>bMYTP{1{8mJDDdA4>43Oacru3|9>CpoON z6hb+iJgbp!TyYMWgz+|07L8rwfn%%9XyjmJTSGcxsDrMRo)(mJL}rSDR@GlO{E@0% za9Ftt#ffYrwF))kv3z|^+L1T{Zapx_=Qr-AvoX!zp0S*Doy|xmL$Q*t%GZV}h_=-( z3>}}O)O`Apef;Ov1I9cdoU_~G5K3A=qd;hdREl+T+qwSSm7FrGjZ($KkFzKM7fCh= zyTNY%6)9o!AQjQQ(ry!TTUH^oV?eZ_y>RF~uSKmxqO$6a zLK{FJ!~~)&v_pA}=X;na^`UgwM+$KP)h?2fVj4NmN)l_0QZ5Zihktx%C*OKxFJE}> z8C#6BA|B6dh|8W$&vL)0`fa9f#QGM?1#E%E9W{3k#rA(llT~?!PO^RXo1^ z=mBonw3|xaGu=f1=|C30i>wz`@E2vCUx~mG8b=#GztpC}7s3iKSx_Ka|&s<=6n92|34Uy$CYWp7O zAC8h7A;fc)Qop+X??1@LKluryXIN6c!5VI;qo_k zZ05FIhaiph)kxn<_`vH|;5?__@gTVL!2u)K$QV8JRx9sKS zo!y+))xuj(Tf*x07CdFt;zRmXn0z`~l1>V~_V`ggbMH1tCJo9yvb)uhSPX%}#bH%P zJ+C}@G1n}cjVmSj5CI;VBt?1!Ca`5(jpI1{=I{_d-P6mQh74CM?&PHQMjTgC@%>11 z-i%EGS~K%$t(#vRorgfo6WH?V5Xh-5C{d_bqUBQbbBs*vr{Im@IO*tJYPY@^nv@ey z6oi$BPDshe9(aQ9Z$HLAU$LHRmd~N!2UZ_P-~_^GFj*lUh+_qa;Q`EFLTAa4N*Hww zq{h_}$A$4ig**25^6f_sa$s=OT3VmLUDN_pg%Aj(Z1)3Pn*fC9{ty-5+MlZw3KS0z&LGct?;$M+*B;3R%?x?RP{5Y48BI|@H3|&@L1Ax$(Y+9^e zzkb8Uhc`Yx6M<$%0RK-{Z*L#7X3Y{m|M|}k1%7bD>8GFm=&_^6zPoz$>R0-nk01Cb zrEna_aL)k>WyHb`~se(;_{ zhYw$Y*0Q6cg@5?WTWRfR#`6OLl%=g{Tu0K9O0l%9o-^mQaruJTJa6TEE?+d8uEs2T zM#lNiCl2zf9fvtq$TP1o!^-A5?mjZaXCB&NEPq8zVnM`I>YPwLETAQu;oq-3o0D1_ z$ydA@C%&3Ce}o>dy6?r?{1Lc07Cho=ebtzyt3a@@!mj~{5sd_-<&=k`iq`stbTlla zF40U~s+opVJ9Vj6vWX^=i8KyS^eYGvaPflKT)L=}t^K3?`<8=fU~Ol;k*U>=wNN${ zVtp#X*LNJ`pYPj=PDnel2xryOfGB+*0-uvQ+j!gAD|q*r%QWX{Tl=L z3ColBY^AuOrHP9dwoz6-Kiu8JuMZ6|w=u)wmJCvBJevSH4iqX=I8K60q5-8t+uh@V zb6Qugk!iwPVw;c%nP9Rw!0^-o%BqMXleQAKU74tDUA=$Di`K-_1T%+1NVsgtY$iO9 z&)&a_Rh`YOYOTk&{Q3BpXL=GD1-D2G$7oW7Eqi4XK?gxyGQm{E=Z8Cv@|oZ4;0KQ# zW~}HTQnEUZs%aw~U(K18J&|dT=`ujlb`DHJAMfsk4elrt<{>U|B2J|Of?|#?&`1}_>qk-PGj&^TwXjnb-nOCSF@L05H z5m!9xSzLU{C1|ZV?X=Sff&j{8bgl@k>3CxRDP^)yC?uZF*JJPAy{uZb>g@jh{?BNo zkka9rYcFT*x}}s#K0=C!u4bI`G-Yia^sFnN>u46YWLVmi)P*|4f^w!pUNp6O-y+eV;!s#1TwIQ{FvEJNa-UUBy>%i zS)T~iKK*+&cDd8l2xDq?$f!P5Dxke#5iOZn1VS0X9}B8V$P9^OmO9Y_X^pRa3c&>9 z69<`FpXO7StYhcM1P8~8j1_!l)k!LZmbQ|#E4XD(AOHHmZdA%Oo2hMiO9V>$P=dDR zH19ZlCC^{okuJyHF=yBatc~(3*l)XeqgLehcT%Yvs;^!@TRi z9%Ef+BOf?-HFN9JOqCUZ1%M9a4v~~8vguBAP&r|rvZ_ZAf+>};Wfp>=$$jKXgJ?XY zOhlHuI>sNZ-XrmpfI^K%Drv8bBJefkz~@8foJ_&;CU+(MXEBEc>;7ATn2!!iIY!t^d*u&9xHTgPD z{K(wzgpg=uq>-iL;7#P18W~09@>V2EgGiVTlu{%d2ggkiD1{?Mjqz0U6+&zGqvt|tsZG6}Sf4hA}#f;}gAGl(%*mLf= z=Z-vGuf@qHujd6Xc%Hod_B-CSd-ra@p|!J-*S__I1WKbF9}!3#8~l|pN^(LPGul7| z2;rF-G!7nsuj#5w@qsf}@cdQt`1t+X`Pe;MO(p82Kzk9u3M&j`_CnXTAj`bt?A2T_ zw}bJ(!?l`tS_Vif8WUB5b`Brvvg=sjm!WomIDWcQ-SmlQfsvGP=q?z!|0o-1Ogk7m z+t*6bluaA}}p>S=mab*IpT)@)-LON*Wb8<%uXLK}CMBsS>DGVvlEnBb~|=o(8I*XY+V97cRrAIEG60%@Ee z6G9MJajJr<@S$_o&@)=#9d~TwXD>dRgqtJ?6iPUjKFV?9B&B^L-K+#s#&qzdPa4T% zeWQHlzMX76JY<1=CNT&Dt`>%!fSTs2XB%EtP1$+_7@%iGD^e0v*`qi-L}g;a2z?G6*ZVHa} z!tNtzZ3btJ4UKYSXrSS-2RG*czJB93qEk86*DuPYvNzK8A^gu}fd8! zhLsEL)8B7@R#GVB@A&q&zx}hn{oB9gp@*Jcz?S#F|NZ>*r$1qIbo}LyJ+}43VGsPH z|NJ+cd(kQ6rplHX7wV_SN2Jnf;A2towz_c@js+v-eMNgJ$#a&?D-1RRmP-p;#X{U~^h80#hPsAjKt^BPOLc>z~#!3T><&Ij>BU2d%N>S0El!%h5 zgd-R&m3ha1J;ssoe3hQ46am zgE_a>x&?IBub@8FO2SE!kO|UmBMs?Ucv_)?0#_~XU|DAa-+b&4zu4PPb2h=!<~m$l zJbVh?1leS>p*31MUlsTtBK-x@k(B%b1LJ#{sthAV5`;nZhoVJV+T)7=m!^V_lqKRF z0jkMcn5?Pj9L>E-Iu2*f@8G995Asm&6jv{wQ^k=~Vf-~gS`t$F%r#6o#=z-`!3jS9 z;BG$on&3Tx_Lc}INRn349Oz8-TDBJfNsob&Qk>TU^j@;DLh9K~t2S9TjV%dBsddU6V=-r2-3~j;EB|p3WzWZMI zf@_{HcJ1Ch6L|icYX$`PCtk0(_7%5(@22lv0T_$ml?&kh$C(b=3E2Rgz6Ls5p;CrN zcEVI1$8qWE>iTAHZ_jm4*Xy9QPPMeOmd3}&G$1ax;w--Py?>-oE>*=mBBwv17HO!s z7dEA(os}DezO;^ikdT6{1LM5zR~sq%UQ9SBHU_W&GVLq6>XO{_f{U16pP>?{SPK~g zRua=1s5-{uj{^3IxY{u@K@oBSEU#L}I|DLmRilj#f7GS0uN&w9S0tF}ZBkAcbkHuo_$)PV(kVPm^1l$q%&c+G8(u<7s!q#bj7HO9Pm9&XfLE}z|k=&Wnu4=7LKh31xhL$CFyKfMnk&O1`QRH#kX^A;V@Mm zXQ*%hsq+*9!LRo9^6hO$ncI-&J?F0EJ?(W1$tK&4Dxjs^NsH$bj$pjh z&)C!vJSwrL$UaLE9W=h-P1ETQ%k0>lCT8Rl23zyISXD^{bxDUUgE?ODy}iNIKm zO!LSHA2%tD*-yTJ8W~6B^B8xnNRBb|+kvEm*n0%M=LpPchjlCISU8VVI)w}Z!yrJ} zW|fXfXA_N6%ww+!kSG-(ghmB|;i+*7{R6Od50olcQ3BbR&90j)JaAzDIrA1Rr2FuZnV|DOSaRkP{At(e zr=9xQ=r8#a)Mt%~)wG;TISz8&a%i`n3IGZU2-7+O-)Vr zj*pK6h-5ayJ3sg;yh;E%up6qjt<10luhwOetDUeAJRJsP6;Z4buHc*74^S+XEY}#K zAI3=T$`C28;GZr#i)GDO%7LP`Y|>F>69u)kG{x;7h#A9tKnSPeCS zO#-S3h1Nk-nRYZTCE+HGC2tgvM6}n3?tsz}|gOghuC}|(h4?rpcp$Md|g6AUImafkE2@tl; zPT9*mbc)_ZohAsPP zOuGcSK=)GLXueM}87JZ_8KsJ)lrzlDTQ zWhJET?}dOwAcoo^=}E-gcNf4h@i$j?G^KL}1woTH`ARDI8kTE`w7A z-uvq(c+C$V;;#MOjQfFc#0y7Dx*E~7tj_oa()vzWDy!D^d9WfqQbMVOI@*JOq!%@n z$C?+|>`_E)P?7?69WoZYfT&9&5-z1of`ZVLgus&mPY41b(b7dZpe=3(A&`z^l^P{3 zkdzXMWH_Ir(Ay82p0vT=a2roQ{fzd>LViakl|EtczwWy0+E=Vv@ek2P(C9+hgPr?q z@E3a4>{-lPFz@Wf{7w&3rhAM`Mzhnx^`e-FMu1`v>3o&UdnLgSg@!g^&QLYSX-ap|T({74B*N<;A}J!Xk1LIk4n;r5!1!L2te|nsdkTBpHVi5u zkuo5WP~5cr7~kBo59K&GLBQhH20nDjTCTrnEnRhKDqaO8WMuKHv?hUw+U`P&*c@I& zh<7uEcTu`RYkEHI^-ECNwAO2x5V78j47D944Vg{?Ehv;HNlC#~OXskny^c>ku#1Pf zhdH&Yoz_epQ{_?erD4!M=|n3CpMj}^jOV&d;3KBM7t6hBzM>i&1$MhuK1(v1)MX#ldnJLOq6ZIhi%pP+&4bwXZmJ)!ubZZsD3@IkybNLuvKMv z-jSl6viWxa7%l(V%_otN2|}HFgW30~2P zITZX69GQrcl<@izqi)um&F}IKh-*2B6Q8Y^E-8&2=SYqAHP`-p6YIK~_{7EQ$W?q2 z4kVq?h`v>{%V+T1pG7gDU)c`?C>j|Q(5(U$diJ@?i{kKq-8l}*sGK@?h#wHD8 z!jV?yT2!$J#5MRO9P5K84pu)eNf%CC1}u z(9EB|;MQZuj$YN=+QRtg*i4|A83FuxuIE4h1=qB;wgM!ji)UPP*$rB&%WQPyl9xS$lUB?p zP!3wDnm`r_$3(?f6+{=!7_~MnNShI4lafaVhxzT{K1e01WPCkc&_&XkN%PLL*Wi#q zD1i{Zsi0%r?|ASJTfu)=>a1c_m8yP)f;6J~ryyo16w_UgLW}Zf&MqL~BqPvS_2+HU zB1}722^gH%PsyJ|%9u)CID*jCj)FqtAo4fTFM*53BO%jtH7>K$9A$x*`h?|%jwJ&w8gxLQ0_qdZ%xzjrSHm)L zDocy&@Tm*e^8WMI^35Gbx$YN_(wDE$l1|}yIf}s;GVWAJ5VK|GILE>1_xt#Bsl|~B zt*3PmgdH1%V*-t~=2cQbI^po43)b+noyYjq!DGyANKy3R8;>30bw7KQPu>3nN5_kZ zR5ofa2&>-rlor8Z@Q+pf!ZGfPI-f^(55WFoFgj{RORj6(8^f-Zvajy|4kDQ_K;xZ9 zOky1+?FsX{^=Wfdjv#O(fs_=5rXU1)0eJ~|2MP|99EI;l0@tPF`Sgv9QRo|l$D-h` zL2=pTmwkHQp+oolAs?w%yzCVtYuBu~{L~E_KH1jM0Z;COAW)#y;>C-(_0~IH4a@}p znGV38a}azN|MD+iV8NWZ&mSHg`Dvk4iVq@f)#pdqSGax6n>UZsPCM;oKmYm9e{kW2 z7jysp_dc!8`_$7;W9ybJBwSZ}mf=vhY%aIn`32@Q)=~BPF&@n98I0$^6tC0aLb+}){RWnKE~R#$fGkxdkot?(p4)GcX9Cb)fn9}jeo^3Kzj)0C0;TA+OmjyA6;Ej3Yr zlFBj_bQO##9JCIOtDdVJ5;8wV6Lou@N*6#|Lnm#M zSAjx^1PX`7q~a@&9^|W!9pc01tl?{q9^lZ#gz>SEvT8xCWVNcdu9Hffr~_c0ClT0A zfz(haqX$P3<9Yj>2z&EQ|HfcUb+yAF1Oy6^N*eXNCl6P5oiI;pYJfA>z`7M?q^4>C zh9-C~9D{z3esy{7V4LDVCA)0^J(vaf#it3LpE=R4lU7yso;f6)E7 z<(6BVx4-S}^$5MBR4Q*B9~)!IlBHd{_v{{g{p;Vz*S~(lOrV)b0RDW}+^$*l4D|E- z7ro%`@3`&uHv{v^#Y))bC$u$9CR3ElmF`umR`>7Tz4Hu!Yp%J5TW-1KX?4D{I%m^A z*vCmHpRAwQu|tKOr8j^1yB?jce@uMaKdY z8d~cY&{n?~RA9R`Sm{}DqDYICJFqlK8wj;E;t>JDIuuIBrQ+x5%k9VWC#iE2-0;{z zKEG)%?>=ieuUWH*ilzE#rK02^wdKb3S~%0gmBF@Q#uw;Qy53l$HBCt+;DbY@(qYDg7+ zcC@nNCTYADBoG7!BXD#8cI-dybO9kcThZsPhgFNKc$yO>0oo=#%HRPKg(8(>z0lJS z+YdmXstig*hei*-=RNP?bD#U%Oi-9f0RC^SOD}r{zxnmu0KD*pFTCNdJMLsEpNlYK z*>px+a>+CDzq;+#cL6M0wnFURzxQc3_rLD7ujd>8@pTr>U;NC&#}3^Y78R`*ZQ#!D zeV95oK@j+MPHVL0q_TB>xQmKft^MO4QM19hQu3`G2l(fQpG4zY&HO5DDiX9QRru&L zPvg3i7BgC|Aa#I|DbZEjzYtY5UUaNI9a;fb%Xkr0WmTGCL^Kon1pB0pwWH(eg1V~M zqCf|Vw#G%Y)Gt8!1~6$_{whMEX)ClcTI^;df7tNaZ2&g8N!8fK5k{U>NCQ#~upl{pYWtGn=O9dB$J}ZLUX+ zK$AHksisjxrzZh|8uh-~!!+kpO$Ky?mq;faJU?Jl?*unLag@6b^x0}%QU$$)Yyfrq zn*x^C7jKhT0H8*c$}m|#Pvi`j-jUUZP1hz@QE?HnSd_6H7rn#i?fa~YBQ!QPq7`~7 zH)&31!5sAY>tN{ub1Y$?4^4iwA|k@te`9>g7?&OGHU1@5*vyfl7$|){uyrO1%p?H+ z=hszNUBxed`OClPbNu>$d~5Cd{`TGXkByDC2oSoto{xV0{rvT%XE0SN*;%+WOyDq< zN?jF^)w;%UFCIii*dmnzUj@AO7mu)YU>F>iDuBR(>9hl$$H{YA`O)*w#}5=rn6ZNE zy9CmeliU?Zv>GNlZw!I4P@C-yK>I!v9Dp}$n%llSdo*VqJKzI+2KI~vLR6@;=$VT~}( zbW1*c!mY2SsS^cyJCczCsjTXtb%#v2ka8S0_Kfh&$B*#Hu`%Ng=vdPL8^FzLh1`2< z`5a03YN}8eU9|w#8cH5wERQY~!B@n={}C78WDn+dg3$EJs$Yhc|FM3=wtZ;R1yfQ= z`Rr#u`-07zH-C0;aPTaoFqQxL>tJqYO#%?kmIU_W6@pj$#$ad^b{{slCi847={U09 zkt-)F-rlD`fy}Hwvo#|H{J*^Z(t|(1+ur)77gWmS)(|zm>eADB?%AuEER_(#(7m*( zI_OEKDzq~_`0Htoe8TeEla9ltzJ9h2jG8v3lHeEwy+P932RiNWj~ARmQ^uuS@eta@ zLl8(sQaE_pCr~o#aGEhh*xs~$@Dh9-7=V`*@CnUYOg~;nGQ(O`w>l9sAF4@Y!ho$q zH#!GFKy&?kW7DGbG!r3H$qHAHD~~cXu@9t+6cU7I0DICg=b#L&PHLZp**fZ-6#GWU zd17FKn}^3aG+83)xXj5US=-sdS+iSN)|R0@;o`^y1z+K#5VC>@q~&;99Dw#wj*GOS z2qr)B$v91PH7qfdOLb+s|2D@dvpa^zEFT@x+8^SH4@6zGWqQLCpSZHK}D=K|`J zY4(qg^X1KlxNGkqWnD3kj^kL{>8DP9vS{;4A!{tPZZ-Q5db02vo2 zFo9f9ZDDJrXicZM`)D5z9~-1Toxs-$R|@KrE_KNy?dc>9sU#^!lXL_bCqV*P^_9n{ znmO7*YBM8OA{0=m()mOrj6=0r3?~}eAn>DVQimWzGdmT5CX;NUF4=-a5kz7+_63x{ zk&;4XlD_dh#?239D1pifNrjbOWFzk&grGBV&Nhtg2uY;EEJDo{u|KM2;7X3!ftigs@iB!pi?w>43gAMny=45&~rt2s{re z9%5t+{rKJp#2}>z5(JH9VCU{#?o>V$;*p4kdUQ5v)hR`U%dxIxCdV%OhbXS7gev{W=QG+N?FNpnWhl}R(VF~fp}I%YMb z>CC2RN+wA;5Ji)qzlIOdO9r&i1;s*o+7p}B6JWdiuM{sKZFg-cl# z7@XKkAS$@pgg;>eOB7fGWkq$Qy_P1KC{_ZBwlyq;=CnCYoHxIXq6!!;cBse z?maxfH?|+9J}Ef0vy}@Mb#l_IdKNZh$x4Tk4}mC|YTUX6Dw!hhjUZ(^u9LEzZG*)S z5diX!8v#VNzP1_`0;EV#4vGv+?jcZtwb;dg>XeTIO!|s9p0bo#b!pyz_io;CMwyqc zSxC|IB0q*2X@F3jK-WfPX*(C8Rj@!ufJH~Tq+P|~i6Xb|9pXp3yXhOvK>|o6YXmAx zaUTO8P6xJxEeU1E1QMLGPc~m6lP@zhG(xta9w*@vgea2$a3p~?;!N5m0!hs82O)Dp zYbt?f+(pO6(A)PKqbHM{PBk_*ojX20UIaLH>=>0w#axzD0^N{?gd0h1>$r8b;~*w- z=tKSJo&nf%3`QpiKLSgZE-AINwOz1f)8_t}9dRZBm|6cv*3zYm#eoBd^w7ZITcc8G z{w%Jz;v5#WH&QJ51X7!#Sp)`TMs@C~Bj5CDyRljzRe^02YBDzTWL>ZIeA_)FIqK+3m3H0m`IbW z1o+C541*GbQ~Q}L^wFH1O+#ibj!d9bFwH5Uwhd4P*To~UsOmU~(3nReg@dQc^o~D4 zIVjlChd?25Y=WR{t36i+R>0}Us9K$({y+_)N z8X^-XrI12WmvR}-mHGPiZhpM;7=4o^^E)Z0dh8Y$39>pPk0lw?EFnTYXHWr+lRk~P z60RSRuT&`dMbdtPx^x;}838DjkdgS0ua(7t*mu#&vPB#!l?q;|f*Kz)`uk-sd^hoo zOD}!)-FM&pM0g0rV$q9^C!0ppXV8ulF-am}E!TnGF?9DJ9O;8yN1#-S?(D@EUOZ6W z+Hn4@xBPPd%GImbvunnb=jpa)K!7vrf06{04;(m@G#g2R)Me*#=V#xx_a zvj}g2#AqHVBU!6LuvxX0kEOP00a__s=@Q`c%sd9-~jae?7*U7~T zS~+!gD{Yw+zE=32BCx?<3lWoYS7uHwl&LZ;lVDNHX-GF|{;Ev-TWTv`ETC_EH&f+7 z9GQx^=2};o3p(ajsFVdR3WL(Gsd}RzYcUHN3z*cAxDZO?O5-G< z6qwan$D21S(>o5dC2ni4uo`3%P7A{=)h40*SlYjB0mvHZI?wQ#TpN4D33t(pb zQS18a|DOBre}D@vJg@EX$G5*fN+K7}}bGr z0YW36NTXc}Ge6e>Qb5Lax$oF8KiqK`?Ko8Blk5l~2yh+2jaQ$;ik5l`fktY>ffjLZ zfG8futbEZHoM>dreF9wR(3Egk)>6l%i#vJg>Uq3m^&GBRHkYn!iYG@Vxb;9kH*Y(_ z!@c876$28kpgt){I+BEtV5@eCk%^VkP{0E1(VSgKUAo;Af>A1B(fq=pe_|iGQa`Sf zu)#mDE%mBPT?AUwx)wV?m8KTy)yEVFrIb++)}dyBHh2Q9HEro6moMqy1#9Lrr=_0# zqf`8R+fjbFe-IbV;>J1}60S8%(zx28qKZtEhVgV%?1S|D*qNaJt6v3H#J-m`=6Z9PcdS5{s(PAw3%HB?+3IMg?=rGGdH5kiyl z6&+I*I;Sc~G*UVUSCT8_nCR()z7a%QGcDOVV?8Y~*1Dk;wG>DxaF9p|2`51%@EIMS zAefkdM|Ywtfd(O5Hzi*F@@voj;uk)@{X-xAF!$egANSt#8$8czoXkz#GB_}3j%?v9 zSg{c5lZH0vxCTS8uN#gHBlaJGy+@ahBuX3q9J_hC3CVlz-O6pd`V2xj)HD|uXF;X;_(i91?b`WFc)o2R z2Po~-?$cpOWaW87h(S1-&{g!FwI4RfY>6Nt!Ic768lL?~vBI&bGEel6@#OF%eT6b9 zDOuE1$A(!=tnFxIRzsE`P?Q4S?wtyR%c9m(aYVv)9~=Yl(~1fnGS=3psR@c>Ld{rkuEL3a#5=6WuZ*7Vb(jn`*(ohqRSG zR#utO6@pAclJf$7+cV6Mcl2=Iv0(@_B;rbw(|jgEH%nqB6>+bF(B@hwQl6%%7*JnP zxIqBII6OE)P^nZn+TV}byc1dRP-m@W(fs+i(lOnWaC8(hO~QLG1QpMxXMBucWDK!w zFM6r~Kq8Ug(n~M>#EoD6@;}`0t#1b(|Mw68lCcd17#cpN~(HFZg5~hh<%jykgA~E?d$? zOFC`*&{0@gJIc|xTGKaKW=G$+rKeScmDC!gG|ykPkgHeDA?N$X7zc%pdBVp^|44=x z9YgJls&S0gh7uTY?5z`_r@{9`)Ot@!$%>{7%bV-D8cnI<)1NQ1Yh;o;j|_0rj&2sT zrg{F#*_<}372j9ne2pT&^UI`CS%c|U9>ww`Q(ozJtY|TJQ7lK{+tfZ>1t*FsReG{ahR_@vWFk< zILvELU&gCXUI;=_@O-qCs6aDO86jU8BUNmqB|DdfRJ*+cCWHlcjG?rl{7K_ENWq_A ztkBC;Y0zj!2qOt>=#%mUrHU2!p$f=ED<&!)r_FBU(-)u2#~#?toVs<)Zc3n}V-+YZ zg-#37NkLM$+}Az8*B?E~_Wn_dfn{o>!fPmwr!~fT^7_Ozl@&XGyaS@FTHuwwl(SGO~LmlgdJx8HXI=*G>x^%U* zyFCN_Gr@l*0hn3;*Ot~=w70gMRIZeb5>GZQGRx-ik_%5kBAJ!VAcbIdLx4-YMWUPb z_-L`rv57p}hR3<{P#=GH&lc(*O!D^AmhrNa7vd|4Z>dOHDO};OZD@$W$zoM1)mFI* z!R-1BZ#`of3E@z|vve}YDxqmRFODIaBSkkN<(E*1$k?h|F9I!*%5u}gi9FzXn&!Lo2XTRv222B@G(`siaZERvU4ITTCK!wBvvFK5xDq5A;Wr8 zYZMNiGAxA^%~?M2jFb7RQU>)q7n)nzYfaaC$vOp#grFt zN@o+-ty{onH|^uIm#swxA{xg_0a-_Ka5TqfHyz}j{evjs8$%okhybk|+sd!XKp!X3 zJN^2GES4Z3;b|I+0gloXZRbd6$LdN1NFgcYixh^(;EDa__dFk+%Tw_@gpZp0{_;6YR{W?f zETyH^X=j>cuZT4At6*nUbpq58n479GuBC!$g@HeXEo|dY0Lo$!B|`dUmM$f(5Y#1H zd?nb}J;*J4yD50^j76QCGq06~q^W{^ZQcG*2yHp=R;JhFC_&8DH5O+=1t1}-k=fi9!9rXkruYj!SaoBZUxQ6`H$6ucaP4sc0=R5pl*xCM>UhRS%{ zR;5FI24ROJ0a`fWl`|E-E4cpt-7Id-@P>6uDCqz+^i37{{;qDmyZs1$#Ww~xGUSxX zX{JxHF2HnJU)&xzyq3N~76PONOFDMYBGH!Vp-9*SY^tXZegEUA!IA1~u3kj)pld%Iz9BPW6z&g-r^m$eH!B1TkI6b4K6v+8P= zwp8+c@=B3*B&*sQxn}u%7PK^Qcr4F&xlC(1LwzE_WTnEtZra6o(YKYE(T1m7;brTV z@b=SJGT~K-3~NNSeQ!Ddu@c7G+(tIU#J%Z5fSss<=R$^|tyryJu^khb_B8RFL|Z<- zt$>SufUkU(HaBp|l6IE0W{h6^lgBtPUSdu|9W5ybpEv`|F@lrt!QFHo#$Z{)el=Fpr;@}G|% z=I+CTENE$DRcjr7B;X{F0wfLm8sSi_yS#YRvbA z7RQ$=0?-ax_|Ygp#F+&oP%_~3SuK2S(*b5RCdfFFuRVT{&pfn`-yR+^-JOIR!}rOE z8W=E6_6nXgtq5aQmHieB|}7dp%pX z&dB}GbO2`7|A}?}`R9uVAAC?JlWAS4l*|^nZUqZZU&;6X{;z1M&*1wWCo;;b1|(fm zJVjJ0G)XD(5fnU+O}!&5X|7|k?DNu}Jz!d^7A%IRSln92k6wHcSx4fjz>b4!r~XLW zz|=Bk^A}eA>I5GIYhxQTg{f&C2t5r4CSoH7B345v)MN03cI<$IBLf^Q>CP4S>SG63 z)!xL*R?o+0x>f=)tKsk?8k!zeM*wlR*XeEj>HlAQ&1?P^b3m+G-NxTP;>}y&WO$uH zBOQT*!?DR6pZV=x9yrv;tIk}`d(K)$5D2`$H%W;-zfdYzh}up?B-p2?yE|&DrEvU4 zrLFN#$Q*EVb+%pw>ub8|liaemj}P4a1of^wxTYJzVH;};)RHei`3v~fmA+~ql5T` zJUp_)27mLLmtK0wv1dL1>ZO18ws(0a`s}{#ZExdCUouv_sdQGCO9m{+>8oI19J>3> zrA{Yc@dB9Biby8VP6D(CI}XB8)AG;MWp@^GK;!Fo%X8j*ouYBbzx%JjtIsg3g zgF}Z7nyA!J4=d;Lyo*ldnzL3>Ec?{bq(bRm5tH?eqt>+rc$v*y+3zJC$+DJu9_kt4 z2fGe)aCiz_0onz8gmn1S#p_wwQjZrH&a#NCaKnzQO%|-f9a7m@zpC=zV~L5BGIISB zS{sSmFzU!E?>?lm2^;*i7HFZ+QkhCs=vZsrP|LJ10bVJIFDo><8Ln6|i<3GV2m)=5 z)&d(;tetPX!;BphgpmIjh;Mq4KmEK;nC(Z`NYpaeVl>05#&E0~!U?XkG8Jx9I>`%G z&7q^Aj?X=`mtDh?T(Gc>w3{Xf0&9jRkixO2AZv~>ehk&)t9Fr2RHYaf-Ri$6>EqbW ziI$KO;3N3X~4sSPUx$g~TXX_VmM}yI^DjVU-D@TkiRS`CaJNMo1?Kq%<9b-a%Au3Lf2w9GfD{ zcQ1eD72e&y{&lOXh1$P=fAur_*MG(KZQB9Zv}qF``N&7k+qZAu&WW+ngqZ*d=o^KJ z9HbMld?DhLmAJFo3=~%g7#M-AdyVmrU1ywr`e1i=_rK5VihmhP&Rl|-_50R$zx!PV z1_qiQeDJ{_D$y3q!gXCO^@|(o>n~ZqZr$dOe&iz$_Vo1Bhq{GY z3PfEBRxU(dd5|%MVx0u%Uk6W;cs_UArGSL-Pj(R$w z*wjD5M6P7PSw>POn-IKu{Zi5)C@SRdpC~#A6$`4mrcFM*RUR1<*_OLyiB-kj;zePI zZVagbVc<}@+6E5gfbFkKZDdx3w(_njYza#{gIBSZxQxA*YS#6~0^bs)gPxJl;B&h+HY|;hg^Naocyydp7yz8#V z**i1=DGTtkqXsRcWrL_lq4IYhlYI~z2azwr?xW~E-RNV3=!7sqKYt*sw4rXkIU;o#g8sL%(FBZSP<90st#V>U(Ub5^9Klt9wca#dn-)!5y{q$&nC4i1* zIB6O3{0%g1SWVlqMWjw$L++GSl!_%d+K(QZsJRMlt?lB<=UnxM@7;XU+kfA^dG2$b zJ+pB>P1XzzaAy6^^^YGlA|g9??w+F!(hc3&0twA)pLG@$-#4D|LdL*w)9U_+lWzat zYP$<f^wR?Xx_!HUphW_ofKPSRYfr@De#PSa_r*}a6C=nPqozMhA;^J;Kv8!Op?im5Z#N80 zg0mc&>!G93PMoSqq?Xh;{b{AmXrONxHt$7ODge5!J}Wvq+s}CNN!Yu0@0RGgPUO+~ zA{-q;kB!3Kqlm##LhZsetJn0u@%`^S^X;#Ey#hGzGDzfeCHQcEV_< ztKz*%ifXkV%Jar-V9oE@prgTv`v@GZkk(&a2?$U)N?Hoz3Fh|V&l9JswE$8i?@?%{!hL#E<(LdJ)0a3jLEihUA|1JXEBLfDnCh<>fACOGE8o9CohHc0)x z5yYM&=)NJ7xIN)ODurmuqLVHt#~xh}F$uK@fr^0V!fID%2DwuS{2KJd-+S_jC+GafKmS{FFE(!6$ORW%@VPBp zw!Hh-zqwlj!t*NO<0xorf#vhi9WA7q>ZxyRLCxu8eED1|4fWuApnQ~@L8McVbdJMA znq-1COvA$F%N6q7$LQ`p7Jh30;1i$vBp>|1-_LBGGYP=VdOEMIk8EqwBu{IibOUeg;EB19_ckdJTp{#d{t z(fA_16NcMmP^|((fSWbwaU$>99oX{LDt;n3`Hd7W9-ok1LjT zl65!m*1NVbQTBNAY0D}5zA?2y8qpnX4SR%J^=Po21!1)vL+$^hW59g}$MW3tL^nU( zbp+*WNJ&r$g!ZjbkX5fyadf|m%y-P&#Qs0h0Z^s_4g&PhBpmF4ql3u($56#m^=|hJ zBGM^zHj7xZ04)Q{c5uL|_nBwLU;)^D2%g+;^!7o_ojW&o#dEIgz43;x0kCGxNqXnb zCm9_b5qLf#Uqm14GZws{rEo-NXWPDG$BwO-KYza1wryMV^j&t@rKj)OwddW1LZRBr zNG71A5thzDc6H#^*O6^)hW1vb7IabRY_*SUV5qL83QkHO+gmAijG#v+!Skx06=f+g zeh?+TCz`&6`SVQhpGg2_)?dJS!(0DmelnSQm)$;LRy&!NIxg9;60hRbRD>a@E^KSp z2H{%tw*k6^d~dU7`C5^Y2_74oAgK5TJf$>=Op>>rx}1F3ptq$G1k$&(xhR_225GhG zKaK{ctE_`6>GzjGsbaTNyc&5 zJ~+WmPaNakgF}qu3y_eIl*Y?mc#+I+4YI%XqCZ7T!|D%6iOvUmf5%b)*(XI=iR z`*%LE{YhZ02t4%m0~UZMkP^|}(YAH&yjAD-4-9hb*f9<8`q#aluiyA}wr$(-@u8t1 zo0&>jI2&fSBf45iv^J5-X3<@3%ewH(w-?FCq&il7$j(Ax|=!A-8lf z#m)}=VuheoMrm^&gdY%uV=CW6D1|P2Q1PHpLKG`d@dbs#%*Oe2`S{LUf|>PH>)Fq` zg4^%Bqe}?cueH*+uHd|rIP0Y4{QG-ff}3!T5B_!oj{tsJM@BXAfNXF9)qe|LBjE@> z^x%{H_=&@4M}p^Z)v5)2?y^%TdD_U-N{QAUf@GxD7V`At^L{C7F|I0RI&?h0%ybSk zB5L327(`r#2>+NF%k!2{yMqy=}Q_|t^M3L9sx|wTF zp2ur9ETiQ4v0svCJV2Vxi&6;3q(qI0B>j1hf7`l;TX**|S@A5rGqi@*MhZDhCr+TA z`1=n!Ft0Z_3H!R?NFVG!hNyT^=yzO)*SzL6eDlU{5omktQo_0G;HNAfe^nrZEK-B4FQGL_GD0L-7ikYmS= zMF04%cf9jMU-*|VevGi^v2GbGn~&4lM53X=NC<}SJU)&dpMcRRBMww9L$M5%01*V>`)I8nzz;5* z**#}E05j`pzHYzs4$eRCy#5D&`&;8A-`S38XyDX!3(2OEc!8ScE*E#At7`0r9QxXp ze9WOPW?5Sf6nh89BZ{_kU7ojUE*0NU&cfckz_qVqX@yS_{38ifrK;vSqRK^x2kyvh zMZ~p(1O%!owmVISzh(#^Vx0v}6#S2OIL2-wZGWP z;>JcUS=vgeV!)h6I@d*Nh1MR@buCC#@XZ|u`P|0c6!Hp@wmkdL0$Btmc~G)OuK&MP z3kk=(_UIVwJXmv^7cN}L*KW9hXFls$Tz%EmTz&P`VOD7beX=R^*=xad?J&m$*MS3l z@W77fUFsX_#NGG&CSjB7nj>gxtY>m6A7W>;10t2pmZ$Q$j>h_WCUZHC9XrDN-uFH} z^O?^85C(rhsLobcFdL_<1Ghel^p(M8^o@`>Hh_>uf?FpY{KhO^U6y=PBYtBYekO%Z zx+vFpQi#AuI~t)}oJXI;9~p%`hv7iaanJEIE{>krIiEgjMhIwTop4=w<#XA$Z!brW z9s5Ys-Cetwrp7F9z2-t@w>JzSTJzZtz3Q=II3^&6mb76)zzIhOLJInFd4Bjr zHxr%*Dqwv_E7z@GO2U!Vma#U$Ra(j4`0K<+05u6mjlx`P<{l~i#ap+bAaJeiu7NgG zI|NnX8XXhM(Xozm2n_taWb?nQo}$&f7eZDOIRw5ASkRDVetnw1y=MojI~rKi(nvW_ zkueiel1#V|Xg2kZasB;I@Pq9~@Nf`GX~!{f8RQVolovO?l8_h_q>-JJ9>1r(n?DqM5eBOSD}!flg(yDE}xHn?zg}FEdWaw zFFr6fKHdxnl1VseDa@aZY-vJx0a}9VIHuC``YFX+TqcGI4g`d2yYRY^4w1BO+7>h&~=n+e9f z`4S_gVzh~$Hn)xDlxteb2s`)JC~II7=keF#5Mtd0Ta}CH!bDmdB|o8TQV}ZSQw8~{ z5dCk}=B?A97PYcQ;kZC(Z9VK&1aOQ?A%r85@VMju9|5a$%v(Ov9@5qFDgsVUQwyyI=v8aS7S`yNO4jhfcK0KIiD9PG7b4nj1ywEXDQGdHN*MDB!#anVH= z|D#f>00=jcc)X>x>2v@K?yFe~7SF%>$kC&-qYu==4w&DC)6#;H8a015{)RP_&RS3L z^fi>%E~m6$E|u06bTVncx}Jyd6^KwIOuE;l`Kh)+Ja z9bA_>q4~Ef&*Ypr?Ua3GRoki}KhtT3@rp#N>Nuj-pFmYHViB@GWaNj5LA*OL%~sd8 zxV5%Pg9PnJL=adYT3pj#ptL|(9RQ&eQc8rh9s$XiD8$<*fksGKz%C3zir;jPj~n6-D}RIC7mRj6x_VC zhkt!|AA^Om8BppNy)wN2@tYLA?Q~IxKNbTJ%2C-&W6M6+u^$fgL_hYzYhJ)NZ~9N_ zvsna^a=FY4Uho2LyY05>Yb}`#FMlSKEAXw`V0aRcI4%$VcGIS3oPFwPmEW@^j|(BR z)~W@dv9XcK$;q0Zc*ZlHv3mdh{X35wIbzPUAq(fPgQbgbl1Y>ZNG8+J(uCj9h;C^{ zB{Lv=WW_2P>cIS|B#sa$J6_XDAY6w;v4nr~ZK#7sj2y6eCp~w;g6`M8{N+nN^65_p zLY!DZ=>^w3pP%0HvzZNarUNjup3bYcyC>|2Lt7INaK%|C;RVW63^G)&Bi<~J>E_o` z0K?9$wt4`>Z0;2rEdq{=Pg#1BrX`hTOID%yZ4rDUpH;>{bDv9LMI7dP#ppgjKWzn8z+>+2}wihw4SN^#TozsKs8tE$iA z!9KWS6FjsNh9>~6laA)Rb1pu7_Nk{;KKjv*{?2!=&(;^TRxLu9>1;gsUuAIz_uO+& zmkIv%Jy$P4&hA8HQv^aIm5VNxp}UvVW4p=TyOsJaJ4hVuhe`nv1Zc-a;vl82(p$Bm zt4cJ^_Wh`dDa5hi=>1z;TF1MO9$oN_AKdIeRqzL9g8xhhU}int*VWfN?_0P3;?}?R zR3Jos2EAbwUGqD*_p^TkQkkHvl#R<_JKVI|<27>#)PrdPYhfpV_`F{8w%fOG|FI#^ zK3A+*#Fwu)g}ilJ(;{RJR6Wwe7Zb5oc~}Y81pjE}Z`yAkcvo9}JZWb+wD3Wn@|G{22-e>Dc&KYfVB*dUIu7d+VcU zrRf>ZK`LR!EKz1D{{PvfZ2P-v3#?&(FXHF`dg~sTiE@p$o!OD^T^dww&sQ9jMr3=3dpop3#H-~F=!rA)ot zP;ZQQHmsnoF3nVK%Buf`Qn)(agN_CN>H9`Jcvk-@oZaUtK1ZhtMpxa3(`Ps1;@ELP zt&MLDen7?a{_VV9$?3sgRl$4F``ZRbY~23)f`3g{!^;0^G>#T{8tRe>5<>8B-zY!X z*~?=`1~@WR1jixiN;$@D@SjHpV3R&Y!V$RA;jV)NjF-yfD#`%x zbgaS;H39zD8#P7+Yh7T2m!a>b~{&JeKr5~Z(riP^Uh<% z$`yR~rki-li(kyZ;Glgb6@Z#EcfRa7di421h~F9f0m7hvqTt`v)-DD{hV}jT-ushs zxugN98nUovDWanTEhRz)=D3A2qFO>Aq{N@qhM%cJn~wlbImo}a?33MzW}Zh!a=W`3$tf&;|H(h(hW-}l)NhFO@Rs#+!!g~P;4g>Z`HMu zygF8an`%!Wg{CiG<~cXti>G}ETz>iT^H|Z^K*=aTn*zY2u_= zEi9-{laj7Ua1h3$1_+cQ5Sq!7&(X;O2PX>b9GK#f-XVIXN>KK3q=TDrxp00LFI+j7 z^A@y_bR>Dtua3T>z;AH~e~t!%8q$u$SDJUJdxmYa; z;=)bJn)yuRVf$etm%D8r42?y<*3#U}SHJufUh;~U1Muzde1|u_;SH2aB{Wh?p+r-2 z%jsidV_V+$!N21(pZKRg`p`b~!Rz_QPkbDJxt(3N^b8JMZHN|*V8e1)w-P$qAux8_ z5(ljUl0qN~d6KCVI+>)rXg1#Bc@QYHuW?FcoMM6GRFPz^NFtXfIa$I{3fBo3&lMRS z7>0+p!FVoepc(6IN?Pf{bDw*q_~kEu)jG3lK7H2=4RB`FtlhhJ^P(5M=(^$I;rHhA zc_U=9U=EG5TlwI%m!qsKZn#-1Yic7krt%~v$@`SSRYb~q+KRm~d!X%*Dj;F?Ou=?H5X-~&={!OY7>d;5=U5DL+X&nL~jB{MbCWu6f z0PP@9I8u@nE_WOn;ElIFN^haUTh3m|CofseE7r{Cv{|jRq*6FSB7|i##B~saKuU*t zH^JhDI!>S6!evW3c-h)TJbOte^V=IKX~-7?cJ&VN%YD84=Ewj-!2HH0>J!pf&jvmS zjS@1dnGFx$jw!-~%g*IvmoyrS{7>U-ZPFCV#fm6_a~;W0!RL*?+QLJJ1|XS0gp$v3 zN}saxe=Vbg>3_ErQq>NUvU99JK_-o8%)oFCx>}%6hP+YqE0s$8_@_T%Vrr7J&pwN@ z&OD1;F2_R;KdiM@V)fd!H~#oXKmOK@H-0_%?E}C4gAU`;%bvlZgNFck{)=AN_TBG& zr{&zU&wbV8#N;D`Bg3o0n<;0tqt`8md0h|~hf0%-DkGENdsGhhQ5l{o!hxjYkaQ$z$0g}VTu0(a(^1e?Q@)xEL{TyN zewFVpqmgrH60e1@u7Xt~nyMgx`EDwiq*M<0%%^5pq^?(z*>vY>^ObSVZZ z(!LL0Q;MoxvIrq&w%zR!Pzn^4z?94F^(oGq+r(AN=kSch9W3f-LOKrnhjZMqvzyxw z^fO-ZXi2+t)n{>qV~vnhRqwzatH8Q8MkYM5yy`e<&JPre;iVYDtbTE?zf2*Qpf)Ozl;MA@&Bm;7bAUuY#JKVkSjr3BMuThnTvGtH$J?P zpZ?^h6p96|eZ{p*OiYN~yY>vUv~~RLr#|`dqrdB|-}|1w<)MeGqk%&Q4{_NuFMspV zBS)9(Ao$VP`1r^6@85rAsZIJON;z|=w^wdLkZ+rqa&SX&+V)|BL<5ANc|P5VJAE?F{%uU&N}1+Q%JSsEcF zbqNPY3OqlcFIS-_muIpPFkUQ^a2*6((filso{NDxwx5Sp?VaAc~&y+``FZO=guqJC6IrT1i*|*WJJ{zIB2D4O1V7LJHZF;ew^;fqS5dVC39o6$*7MI z&nCtHb_YNo?+R7Z8L-!|Sb;+Wh>>yh*d**c1o={pbKZh^3z#)`E`tLDdk!7if4&fM z`1ig07eD`n3x4sdTi^ZQgAXJs<%-|l-u}F?(J=xuf3Kc=CJl4jVQwd4v2ph^Ig*Sz zaYBPG714+L5F2-(iv?(JMa=C$w>9Fr3EWf?XT@Utb*m^hWDr`B=^IAfy^-?JFnVwt zF+7FV71N$fY`iTRGJ%?;!ZaW(tjj&)2bhaYVBwHHM=bcV4Zx)GP zJwR#a9`v@oFqMzg9BU(mbyjo*B$J3_5+o!Q*Oy1fKk-zT@1-w$89%uBW&j@FvAyMW zuYK*$wm!P$bRem; ztUvWS|J?Hy^!4{0IdJfx*@RA8&7w6+`PK(tN^4^_Lf8rW33Y7cq!0)dprrW`!}qps zdP>-;IWTzq$p78?!XrsJaP7}G^60S<@O`d5eHovw!Y3hIdZtRe@t2$NrQrM5oI_WAg1lET;yzL% z)t{zqZK#VfqIgwx{xm{62%)JXg)5=p!OtM-TXl=xCQzSZ@sZ36x?%M_v6Y-wa?_Jq! zhV|>#zwhCV8~=Iwzy0eCU&?;x#&6Hrym|A)bFO;sEssCC_1vDm-s6%SAq3iSp*{;O z^)NIJ#ZowCh<>)Et(6TMHheudmixq}Esq=lxZ;Xua>pHa&1~E=3Bb(yQ>=74HQx_{ zqrT^xdEW)6aQ^8l`L}nz7%3D|7&@Ck5GW{mKBd5mTIX5Eu^RnGsV?a_2rVe8psKwe zwN}j|=m-yGXgCINi#%1$$J=k)iYo*nNij<(6I?Y=)>^mw;c(sYV;nW;O-azC{q>mL>|Vc zU|@FB?KTJyfkrE3 zs(Y=>sLk^bzKi?}eKld8E8*)#{7#`TR?J zdX8CKN^NIDB$MdIEVMKsXSI@SZ9=9J6mxmBy_SrOLCLcKNAqb|yl63p4j+2^wb#C^ z@1~n>{_)JNJ(B>;tUtl};0Lbf6QBC{Y`~=Hby>s(r|?&oZ{P#3xSXUEl!JiB2S?e` zKfy$$g4Tl8M1t83SsX`EpGeS>PBP{Blqvzzb?8VZSk~G=MoKDL;rR+B42NCYwtd<2 zx%}n_jmNtRSUb0i&XmJLhX#1b`h{G3(oz;QWRN1j3j~3-+ zjgKDU@Mw|Mq#nmw#F2x4PSw9jz9Qy?&5-Ps##sKkhAj|iD0`4AAjWg(i5yH7A)hzj z_X6-L<~&^&64os+l|W`vsJbkoK5aBN(n(0CA>kkch4z)H_`QmGok|&eZIX*Z!C(`L zCCC?%Q)SfA-YDsK!HZtVzkcCgxb2SH`07`_%GSrWo*?T_8jzpk!00683joyDWjTE4 z2mzWxp+LD*qEe}l%jbD=+cq9}=pi<5-ZHU#`QnGRKfXP6w7Z*ZU1p9D&Z?=Zf?;i2 z$#G0)qpcZQ>u{T!sjF|KE|tPfxM-#EeV=@>z*HfRp3K9*5F8tXvKLpq7R@cK<$3ex z-uu08efOm&pSphH)vtav-}=_KW;XJf1Yl_yKWe$x@a(L3?(8L%^TIxA_ zb_a7BvUoZ`2L^oSI)Z$~=ko90&qSdBZUW&c>M{;rzG4IC&S|IY1q8y>y2iOp8SxVo zN(!WkG0v2>LO`a~ZQ2g5r38XRAsvSx2)KE7FTdQ^%}drUiX`smIh=w@b zuPVcDszyf|CdNx|d59;vCn4q3&@>SaDBs?zP@6&gSqc{!x+dAQ9vX$WY)1fk~mYMhd8C#biE5p-@6q0yx|QN4mk&RSRN^wR!Dp zU;B+4Z@lrf0PlL&yZFKvzA&?y&m;gd>yKSmTye$F9e3Q(4#0{9G^}364S#zL%NNgQ zSKlyeXSdRsa`Ci-=bP4f#K{-cs#gF)N>YwPLIji)>>M6v|7ecJWP;TlO|+#_2uG0= zlEGq;^S}8ULu*nM<~7yvpU*vmWvva2m;Bm2S?EYVK*j$aI{t}ij)Rs$XbL)q!0{0Q zIKrhdD;Sva_{QV=$p!GTH49kUn5JS|*+QF&)o~OzJa&Yy{B}40de!M%wR{d^g$hFI zh!PlvNrS2vf6_>#V~T|lLMrUp*L+_@Zh;DrLei8>uytU9PdvDjZAVABYTZ2EdHOQi z>r;5j1`R7=9P;(0Rs@bUFcR{Fvk4OvRb=ubwF5H1btE6YXBR)+egv`!6EwAJD(2AE zFWz2xI;@z|WQ}=Ht)!*-UlsdVw8cD_e~;T#N4$Dv6N|VTB-*sVhex4MMC|KE5001) zz*BDKqJ}@RX3ZL2{_>a8+}c7@LnCwM&ZVWf8Lc&U-E|jV{NfiG43!I~M+HZ6_8DiB z&rNak*fA!?$N#W^;yR|wlS)8KBcihvTIzA?vLs!H`gDeDGEG8CYx$uqqgYg*t56DB zf+I8~&u1!Mq!^S?Q$;w?2mOO4!7|6I(TMiew#hTkKI;{ZBX9fVFK^Xno_QvlHf@^O z)MpZane~URb?esa?c2ARt$F=&+SV-Lhu6Q7Ijwahgi9sx@uSU98PJW=$I*S!8jZ9X2GbR?g z#>EdSDXT+4Az={F#5UMSIgq$Qpz$z}!cf(e23I(w5-!^Y#(DVIC<~jjTrjVVR6h(Z}gr_d7oJHl`#KX0VJ6~r;?CK84zD%9n@!W8nYy`8Io?2x(86lvVRlBVPd?a7UTaWQsbj|PJ4OgBGLQ_!+ zWvfK2m1roGV{~n+R;>|oT~;fkK!dL|$z+1Ibb{I0BpZ9j_}54FP*H;WyN4iv)m=@z z`s78FG=}~rO`BL$rBGr!kd8!b#P1FM;jaiBAyJWUy}@U=#2&DxF@p1HJ(fn1({ zeP}laa%Ik&*Ft^D#S4^G5tQ~8E0F5MNsiH@MN5U!5+M{R1basdeB_=T6oQHYxakld zA*#Yae>tC)6Q5HgfF!DapWaQ-v9U*FRH>t`h``WkrJF=Iq)iLGu^yW0p{c=C*6mFO zHJ?nFq(cRN781??1HjOJDk8@25ZcPyG7sU(amtGaZ1L^}CjoQY)p*NcqfD zxbTuw_}V+KLHR~lrrPQ^mcBX=gt1=72E9Urp7&T3yD}A{w#@;HUaw2I+`Ri3AG`B$ zDoF_ypXaYx#3!Dy7Qd{}j-1v~H`11<>v6vKHAq_~04zPL$0j_XJ zCtdD1*w6d_>j^ruNxt;#4J>P^qu_fWTm(K6H|FLjj(Z;^toe)`Pb8C)SO5G`HXj{A zBvPO&Xqhyv|0v+;zmRR`59k1dG*{(B)ouLy5okq)EC@xYIvx2>#42Dx(5p87;~lqEJB<3Z^P9R-jNc)Wk{!JQZsU#K#oEViFvSNk|%3#!M2Ow$**w zeo1MPdMQacF4;_mlgNRt8%^t(5og=m12Y-`JQjK%=#w z;+M%yPT}jo$TL5AsK%=S(AjKObar$uJACBufiurKhfR+>JhREi){GnA%&J++wiJcy zqFu?tjwalsL&5i~G;V0pW`JWRsKn$`<9n8{`eZiZ8?hZjlS4_g49I&GUUTw7QjXxg zcRU8tr7N2vp#>GETA_z!k`4pDl_L)SUx!w})4^;tl|Rv_KnOt)wLzt6g^9p+10X8| zXU%J7_sAq)-*|x6pS6NBXEiceR!9Lp9?qYm>z+MH2M4WuwCf-&|6VEy(jm~AsdAa; zES=4|jwU|*npP=;5aLahgJ{QC&)qD6qzf`+8azimCh=0gLJ zNuu#VCJ~{4QFMKszx=WzeEy_7UK8Mi&x*y4XcO2XVW#lGwcRZf=rt;pg02*Fw4y3L z6pN5AqRSq-IjG_Z0;|p$=&DV&uMB%2%#MXNbUXnc1T#DROad^oo^taN z=!6RbX1COn5DB#QsxrT!MtbPhCZ6Iou%cLsl5!AM6ZXNUH-Nm?)R&$RzmEm8bIE9Y^`c z`*-ue;Zfdy{wmtC2}-`ku_8f4RJhvvErcNLI&2vl=l^5xy#pjWs7~#4tNE9dB3FNzZwnPu#J|QOAOJUUA9^;FKdJW&J%S>Z*t8 zuj@1{Kq@Hh0|DdMG7~VTQK_qK`h8%mBd~I1mjH5|(ADlH652Fjfh}&`)u=Nsb^0F+t#l8x%s1(npn8V~D-5mvvOtv1(n2O5HjT z3EXR#Cghb!FaNfs>^LfXz@AnNyaK7$VkqQW$Y!#XCMT)Qn}zmu!j1uS`yQCA7y%x* z|2|q<+jg9|;-oJDe*y6FSN;v3{q$#!?TT;H<24Q7O>cTr!>&^ZGhhPxdkX1@k*as9 z>Ja9(PEa?cG%5)hOyeKDs$MFtr)rnWlG87tWgM1gGtxMx?)L zz4srx&sj`><}#Sp9Hyg{pr?aOPbc~Q9$IGh(>7}cZ8Q34pV3dpjD9-$`snKKr?a=4 z&Yo`CyE7-MLM~Sz%w#Yoc{-(*(0r##oLU!v(z*a-a%QBzJj6$D`5oP$WUV4o zuBS^R+!R6byv76+T3TssYb9uDfyHy+?2};bjO4CbEEdg%jSsyTSpVLCdEW~^`{~cH zY}vAA0MN9ieei=H{OYTR;yk)uoDQQx3iaAK)Fl1|LGmb_ywWPo*Nx*)Rxvezj}JQzj?m>`|)ifCv&9vVq~|?fY4?dl(6)k@`sE34gQ! z0DqU`dISOo5#M%`DOeLt9c%rXCfpF|R6$Y|nfktty)$=+is$&~yd*JK(-(5>BuHzxIf#DrN|+B?a%v_hc(r!9pumqWhA zg9IZ4mc8SxZ~On2FJJ!E4I4I~s+@k-nau#8X~(v0*|O!5dX#M-8_?0#QpW`}h}a); zgeb}S6M0wl0KP`&pDsK<9wv%arC>t3^8r2iES>qlPrf_Q9thTeu~JVatfr;GgUW_! z5RjCggR~6&a7T}(N0o!M4OL@)xqFzGoVpkrM`?heG8IF0*tG!u$gV-CP$j~ua_!}( z@Hb~I;$_$0&41mqm8=op&o!hn$yn6DWHsh15AJ5tMrq|?iik|p4x`|3>cKBs=ax{_ zx=_~<{Qksu9kVShO{Q_IhK&6j;cF{CxWX`tli8&giVqEH?}yr1HH- zK~^iO#3HB!SQSc9jaRKYp6jk!#kbdQ=bwK10F}s+@#TF{7YvvH?%XrP?Yo9>f)1K0 zDINuJ(J@h^kfW+9<8VjT;J7}*fNV!A*-Q>{1vqILoO-+yR`N&F#*LdU-1yLjA9r_m zykTU-(HFnuB`D2qGLdFO!*^t&kmRu(E69itlu5p7WOkr9N5K=HA{Lwvm5pm;93Rx5I?e)8O=CZlu z0w)P9M$!->5aR$yN6Xt3umuD7R@G!-uLg@ zr(>hVYZotB{Ilz>`|P|geBpnZ0YKA^!DB(|1@t7d&3W;b#%!T6qd#Qk?;GTGFp#A8 zPs;vc+|m=PX{8`CmX4Mz0ggb(sCcC~O{4pI5R$y+I!mA)lK?AaY;YcNXN z^a*vVSnNS#OO2&`nTq!JiglV0rA&X0DSYP%##e|%iK@!1wj2hF#*&f+`QXGme?toG zOM!sy?~a5AiArt^(Fs-dfON%2#nm61452XMAfB;EEK~w`d>m=yzBspz1 zZQ5ja?A$pZa2mjS-}_#k``qU?1AwL-V-|a~zG-lL`f&NdH1MB`#SeiKn3{28)v*W) zRAObQ95JV@fC&=K_y#ANmfY(Mf5{6oB7V$I)3GE0{?Ihk2$Z9kTX!7b>XT+uj`2b` zGG&I@Xi_rgs2FWaM300B6+@tow8;fJmYT+ll_Fk!_Hn%Nyyg7+?Hl>{oey!_?qMfs zi+DIh&};!55!HY???AeJ<=`oeBd@|G4Fq6XpGrzp3jJuJ$!4LW4JAN3+u)27(Bl^- z@81+B##Ke`IqkGnpZeT&|JD8VuYbK605t6w@cD7v-tYr9QYI!V4&Rj=9E}NoTKbn1 z_3s!#JOf!nb}=0Qm^$z@b5ybh`U-hRV{4KLfT@mLadZ7DsW7e+Bce_`^2Y)5luQ5* z4vf;5Z((JBCzWbk7a@{*8>4|u<*2B1r{kOrV}eu0uDslHv0CE^3%Ysl#V7O4_4|pc zRWAV52+nNoqa(9qaH!uOp&w@BIOR0bD)GT8L4dTjK$wFdfaB)F8Ot59l8Jp&V5G`9=Y7;7|b zha9`UL41G^fC>@H-1a;znHYi)wF%#{r(m|h!EK?YHSKW^3fy^OlOjRv$b@LgK}##f z#xS!V&R*$$2Ur{P;M&!>+4C3Z&aGRV!wiou{k&!X(6rQ6oUr^m=?{^k`HUKr;Of0a zZOGh{%-EBMSjAd<=!t>ktIk!;KTSJ&B3Vz6 zWgSs~2Cj|g00TK}Ya3!MroA05I1OfWrYGK>9ox0Dy`u=svQgZiaM}z2nsyY~si&W| zIo&UD47G^Si4uW1l-#Lj+|Z;1Y*FHaoc+>Is5milfOGp(7uXPL)lIH5#8f zrAYNX`o?y{A8TXPm~5cTZ!1uXtp^!49T{p6F}}oaxohtzqt(RWTmRt(o+!v3mJ$g~ zJJ#3m)b%_CzJ!G^hqkt3jY1e8t4?xs!alzl9Up7Km^;Y^Jy_+R-};tj0MN9f$KL$r zH*>)S7mTKRB#OaWM#d%xjA?MxdWao$aOT}8$(ttnUQZw)@^O#l97e(hm=8lt490VP zrxd3o#fAn^np8S;YP;dLo&nR?Pf5r7V7OdmW=kugk(UN`a<|8FHamstDNv$Vxqsgv zaiS!LPILJ7PbtJSt!aMv?BR4s#}<<#k0Ydr|AF7%^^2(i=hKYq?X zb_jiI1Th9RV0+D z1VXU~EtYCAvsweCC;{mxhX_bmS7>Qk z(+($RC$6byC9Y2w`Gmk>1KhfmmK>VPL4=zQSh=~Y*W=Tiz4sxo}FpEE}?4L0A)$iNDJSNF_j{Ca>I&xtH=};=& zm#FvF`^}QbjGFX$r#|lQkr3433#n{SHMaD&6nvlq7B7W+ELQ*$@*}Yr5%!JO*fC!6 zlxuqEY+srsfTkVh<$&MvBN8Cl3}i#7RFFk;Fsqg$nK0$d`t+wh^U-HM^O>(wReAH9 z-`orUns#(pPfxG=N2H(;TMvv8$B`r1F`7EB;9D z&8|W^yE`R_Nb2{J5(3E|g*H!^1GRAqkx~@Vlh012wLM6`{TQnN;Ly{8Bm7%GR3xg| zrhjkR(Nr7oXN^1CG$9hp4!Id{KYSN(d7qKPn!Wi z(~eZ@?d_?1kA ze4XB6{(}U59xeemxK-eX-N*+C`oJP;eEZ=T&Xtl8OBJ%A@W8&|Cdj{OM|W+Yfqz7@ zo+}`(!i*m5IVU>a0MJr-GV{M*{_;&6!P}u305oli&7VKdrt5j4M5$b3V5EpiNqqcR zpvM7NThIKBF==+M)-mQ;(=arUIPhsW!bCH`T1_hl3H@*qJcu^(4g85cW<5BNP@s^> zrV|f>xW?cy?&(}D#DFNV3L8hpU8bbLAFsUBw5AUqYy`bs$f^@a z4n%9M3h4QNagG4=^mH`?fTkU}me1#3lx~EHNh*^Sb`6dZ7&8TN?@DE^M}AP>J$2p( zPYftdUtntf?!-CSB?%-1VrvP3FffiH6a}My6s2(5 zshA$?=%4;|(BnK7=cBP?L>MmD*ga88rJ|eGw4*HoNVk>XtCSY3MY4Gp1XOB{Flf~Z zBn)wNQNtZyx$D5}*)!)34UIGdfTkUp_L|qcn(ut)yFX3c^5{5~a+U4-hJ6<9h;h`n z0wh6*H^}`en$FgyDgx>vY4w!B#%~+-RKTKm7QcjXPV2PZX*td`EZ0ZM`6t{25NnKR z>;eFdQyJnv3Sl6Pm5auSgFpRi`r|w%W|dHcp~)Hp#WI+HRR5uAO*_)jh?i`A4OKH)u<V$)p{4ELKq88&Gk){X%f6?DAI&S}GRzgedmN@b1HFVBdm zdWicycFB!o|GF6fH0{W)X(gH}z{>F>sBuauJ z#Ar(I>(ulVk=V`hTSvJYE6i;xkjsWxtKJEFG(L4IK=~8M{_8?FQjh%8Q9~sZSMJk8 z$RGbv&*vR~BMzeRXZKaVJ~Hij#7{t2Bd93WetL0}Anr7BZ^ z4NYs>u@D1@Ki8~3z=8nDWZYh;#c=WxWL9@VBwb@bq-__TY}>ZE*;{R{%{C|3rp>mk z&92Sb>^5UEHg2}{&A#8CnZHlX{oLoA>s-(*+;7p}g2u%swK#lNy^oE3Tv`}^1jybMuNGP9)%49T8~;t2wd|E z+(3{JNK%-MLhsmGAXWxq{Z%=k1oB8pA5YE9k5?^NeUP2yIw%;df;a#oYNRP)-v%gL zf&N69xWuxA<}}8?n|7|Xy-nOH);+236yR-?Ah^%|whkB3C9-MFh>>SIvq%sPe34I# z(@auSt;e?e{C(K_3~QSe_(!IC|r&l zCD%qHcI)5_8pfsS%U`(pko4#%jDXfA`t;-Botv&~2WM1hHiGu=@L;$S64dP<(t-K3 zzA6pkVywvUgY{&z zQ(F<-&}h14pYo@EP~SyK8t60dFJnIK2NMv2?S5j}RcjV0FeZ7yGoXundONL8Zbx-H z^bg#AX3RiZVhDLW%(@NcAKn+j4|zYm21>aCi3}h6?H=dSyZ@`zk87gcyJS5dzpO+q z9Hg``hE!@Vt57=eiL;Hlqxfrjg6Y^!OKQ-QXo?9(25}2hq`$J;))%_ny8R@E2VdQ$ zzn$7A!ulvZ&Pe{8*nPvuNN_!LbM6cBJ7~2+2ujeUmeS0KF_mWGksim`-6u3_j`*T1 zX{S(#VLX-{(DFU)T_R1VMrXBw0I{Hem_Z{}c=N~kjM@rX4HDr{C9)DIV_uVdxZ}G4 za^P?r9(e_Pai$PM?oWsyu~8TZ@|4|(F|dF*$K0r*zgH@gWEbaNDTN`8F=mKkpgF>Y zMVdou@Q0i^+-L837&-B$p5}rm0PGRy3zD8TuYng0S8y!5}cCEU_8-YCp5p z~*`B9DNDK){8f zy>~{79-R@}UaGkiyNHkq=eKox{{)Dc?%v&LXlEs7W=*1kQ1#2^4~=x|GGDhZjd%As z#i$00rlaUk(xx#%cPrf(6qqHSC3FV@8Z=<#EJ*p-r?SA@mM+JTGfAu%E!&vEv|i{5 z>)$`iyL#7KgpgcnCakCD=d%jRXyp5#&7sma4jUkbb;*L-mZ~s~BO@v0i{%sxEX~5A zF{n}zv*nXxw5X(+GzztC5G0;g8<@|5`)zrs2Tc}76JZO?3Ls_<9xW|&3YBP_-33CJ z!46w_g;REN>cNTgMz^Azz5+QU@SQwM06*%8fp$H2kc2Q(S*Qxll-{e2z>qc}RX++& zTnwFt;7ViG>7TFjWgzpJ(tCPw{FNRrd{`6yIkgB}=tq_KZx+aeoR;3SDj~bhegZMr zzTbPjo>bMEdKRDJc2$_veEEF?(uFJjx^<$o08!5{R98ub?XpLRK|p2A{N3WrLBwxK zU^txi=;UnsbcG~`zbF0cOGoBLT1f)J7=HQ+taSNMeHHiP3>7S6bA+0CyT5S`(Wi?) z-NHpV>_x##`M$)ig5Z?!L2}%pFzp;F<qMh-zFx)bd*{PEigI-dZswzt{k`sQX%DRpF4Az(0&6x1kS+xYJYk~-%#`kR zdex2`_+QqL;>;kb>+y+-hK;d|OYf)>1JNnX2b&?s>(!#nq~&mUQE_xcb85~w&K zlTnc3I+Vm=&8nZ89#fp?>7l4+Eo9cN>pER03k+2#h!%g9V6a2$j!p8jER_4JClDAa zhO^r#Uw~Lnw8is&f$DlPyb+V%%VFF5QEf_Mk|uy?y(``u_1Jt;<(KBRprwJ})Im1? zB$&kMouj^6{rH9A!RM}5>%>AVnO3Wsx28h}r=vsB$ z^Bpol-{4Zm?~(^r6OxPk)sdeALA6FFx+;N;n2vuUyexin{btZ7Bt@Ash#XyW=R ze-nRg7TNv8fxGay^3A=QxuW+IaojPN5=u&~{^)xoS3|T0;@Chz*F@a-|6Lp|spx zivy2+cy70F(jaa20`v&A$P|(y9EXkec%oM1pAN<;K|B*DOh0WM(5xoU51YEbdFwVb zSwf&N$Y7`fBR_YwC5kdD>;PgU38~8jK}OTPW@y+{1aLx-?7YJM3-!0VNUzZEDqJRF zn#e4HNQkiG7QDzfI$i!LHANPbvD$Mh!`GXP6ai9CA^1ys(Q5*lU?-88aQf(B2> zWWQXg@;lsF_8PjCjln1^7l5w?3V`#0FOpFAnR;P=y%pn|;Hwd9y3aN^w(ejIoM?CW z0Qj~096#Ebci%BW@@4+tAeqp0om#g&pZ~6W-M%i>u4V%vrDPa(?|zx-?=7O0;|^(- zZ1EF9HYd-@0h~j*n}0jDE?srOl;33QPl|>uSj~}KCBSgB z6-}5ry}99ew!Q1q!rP2NpE4<3*SPzrXw-^0i?sJn5>dk?Q~kwgiO0=c%%ft1U<5W4p(0o>+GWqaP zP&re6sqOh&hlenhcoii3Ww6-YiUI{eM$YW?UAas!QaxgYoKMUGA6|z_VHg8ymj{Fr zcQqrMxUp+dsGT{Vx0}+fq?9+S+t%!8)Z%HvAiM1zoN_{L z%}+zd3ymc5Bxn@mS>|`8r09w3QyTKeBGmkeC4VmE9m>c{N!cHJX)Fj77&&5h1HS|$ zn35ZG_C^@nEAVUHV>7LHI)>!iul-J&Wu&`rxjEf$-g(W_^*pF z|6LZX_nr}VoKNBbih{+$XEw^a&nI>1+*hRdk_#>`!FtQS#wq7IM^wcZ#} z?)8KF@xUY5yu0h(z|K0WRk@i9{Hq}-kH64gT9^^y{TtX$rj(^luDiyzoEruigE-QL z49<@JQ0wAB_rvqHgqYHs!%+V5?eUAqKgZv0XcyLhSeVyYm{kN)MH!MXx9niOEOX&> zKCH5%WZchT%wJ|L+MzunK-N%QldQzsI8l!E?S`h#DNB})QhyTgNU}?Xh8kPWUqIU$ zwPN0>B1T%hVLr9pZt8NR;7!o7;wwQ8`nq(c(CR;27L<*DI- zk14zO^mzbTiif-5Cs5?u2}F4+0U6VAiSl>TqhTUH`e`pvBbmqHRyDW<_t4#{&h$3E z5IK}kGL-YX(%*cDVrsjd*sWNxA-*Rxi!IK1K=4xB@kBkis?&llU1zB!kB0 zgn%0Q()~0;+TGwS=p+5RI%j2!p|SJn!lwls*0sGtoQ)G;3A4Ri4WRa)e?GzfTtle} z%`43X(cmiTeIa=y`3lZA_}>3g_tq;JKEQ~Y#ae6AGYQVxy#*t)t@$V4jHS36!J^EO zk}}reVaU>M@ePIcV#IHA?Ee1NhuOx^ggvBzW{lOMkSPN@=Xn3AwFS2M|56xH2U_M2d zKiq2XLgr;Wx1nE+5xZ#W0(}`pID89gcP*ShqyUR@qRpX_nekb0R2(iJJL*1XKwJ!J zk2To41Yf@40tGJMnw@4(CQnz1s0^!=zgu!132Ebr_;<$|f`nv+?!YSj2IW|au(_1J~#QAg5LZ zJL!vgAPm=>Xq`ci$Va5|_k$g#pkGtuMOzE8ujUHR* zqW;!wPt^+*9KO_b2z>E279KTr>vToI=zO1hWwcLaG&qKZfFS?!doi`)Xem{@NSfdw z4Z z;x?MW+0@d`;vOUcU5LS9?9KZ)|5ty2RlcvoKRoG=-PY5T2XBo|W*3d;O!m27KUB*LK6tG@^c>kFjB%)7XGdfCco%46+TQ)= zj@eN(;;1%abYtj;C5*YC@q?P)2(T(kum`R;zo8yS^VWbH;K9Bfx&oC^%O5>!BM50b z+Rg`6hHoDN4n1$5{%!cfTfx-=i|Oo)Bu>3YKTItWPRns8UGHH&&E2g%&T2EZiT~WU z^_Ntv%*iLjRk9X}@8cm>=p)*)zImei6xR5&qH|b(hHW6S;i)3;F6I@1)E8a2L)Cvz zZo{+fB_hChRYhh9(QGQLzU($#33kQ?oC%;D*5si7!uMoNOZYs{|K_XR>O})Ms^s8< zfQYCIMT~Ojlq}3NRC)6|nyCb2d_ot6g?P**d}$2iL77Y0Qckvx6UP84R56h}mRZqB}F@ zSIWvTxwSyZR;U-(6#cX==DTfs-u?&aZ2g`R*qy-G{cL?U0}r|GF=FZ0Zj~T`-*Md@ zpb^b8rX7zL?_667L2fC$^!|qkDg*9mt$cKJs7&3V|l+{k!>yf>xv#%E0~lM z1S7sO%QA?7O|K;b ztAG6r3C2Ah+jr-qQ`f1Ax)T&Va!rSBJ7FKW&oQd%!PwmCNg*^U{BJCYF7v4K#l!W& zJ9os`COVFA2BAPnFEO;MF7Qk6?I8xAiwFNQ8A3NYVXC$Xg`Jc0xvhKQzn^@Kwf&Y8 z>|wNogcus62O8M@=^wC>4fl8e)oC+k5wKifh;^AyTkJg2;C71PpxHIy8lmw!2gDrh zBbcZyd=$wG{Vk1Q)(DImFw?wm{;9gV`9LsmX1qel;+k2>+uUV)-=Vnx{v%?Xo~7l# zhtL^1KRKbpZYlg~2PZ3F(Y*H<)tEd;#RBQIk1fnF*b`uKoWeXHPO3ahC=jU8JLYurf#=+>j~?ngZt!YA)i;x}eZ)HI{t=!%_MlRn6

&YZVW3!3DaM$9`2Lh+730 zM)z8Fd(cz9Bnk3$W9!Y}zq4t7;Wh08(Cz>p#oF9}?`#E70?W(eph0$oIs#!aN7=(i zwtWBBi?SyL}9jj0|WEFc|81T)X!@&ttomsIWhUzqo!lao({Svu52MS zlOrJl0ilS+GozmgQ0uiTxcJn~e!tdgp09iwjw^6xr$8_3fOO}0DiW%jmxLCc-&vDn zlIHy>SIX!T>z{ViTK%DSm(ZFR=1=4-lq&7}$nu5$e1!kae;5z=Ye5TYrDQ==LUr1! z;)u#KFb4M3sxXs-r}NeRMVJC1IlM2{de^ScRke7hP^8Z~;YEp5xy*cHOqeEjOv~Tj zIP1qq-_qT-vRK*G8?l6E^%aNvbI0YjHPR_bfUXp8`ftaL2A=N2JRd*Mzdr3}t4GfX z2|)kbiUrb@q$zMKJ|*kYRFf6yvpp4qVjynYRC8{I_GKk)} z`t{BRDUm&!6qto6!oy}TpT$d~z>Xqr2s;|`95 z&ppt#d9_l4;({_DP<8nez=!s6rskw#_!!g%!2=uo?R=HldJ@y;PvKkdoXsVePSZpb_w3M(P%>&2E6 z$i4lZ%;Cy;Z-z(6QD&isz?3GFtNB~4J3;tmbQl**Q;nzAPTs3O`89O7+M8R$J%-;I zkmF9TnT7Tp`eQ6jC@r4h)^`7i|`n=Yih1crxs=)~F zLNb|I;1C}L9d=dJ4mXKZN{jwz+z$1J=kMU}JLz`yAeXVE%-5GxEA~#R=|GoME=%{D zX}p{Oif@t-rd^r=OK{eZV(|s$TBYCp+t#SfLXPkY$)363X-NP%xPzpDBOwZrA#Z<+ z+;2jj`IILAEhOK@?qjTkf|Y%b=a&rb2YNi?ZQ(dakwFccveeV7$ZUSp^y&+5eOtpUs|Mwv|Y^yo-EbD{b(&a z8MbYHZc(#QQt*L3G&FA%77K!E5dk^$S!lIbYh7e=7LaCt&rdrXznku?{e#ovv^#gFI&Dkl_Kw1wvX^hOVzHtD*OjL2TywC?yrz7HxM+i4j#lO_u#N1=pljI5Y>ss#S^ zg|bL+vX#4dO|#PQj2s0Ay1d zY3!7K_{VU9#A10Zz7>dTT`geE7S$FOw(Os9Y`8qG* zq>CPDnBXHrW$aLQxZ(|_z4*6eeRTM9@k7ZDn+!lx;~?1zM94frOAJwB7Mj9;wwVrT zI&`fTWbfDW^Cn|^eXe`@I}K9#?6r$ib{%S!H)J<05;v4h^vC| z6O*D)VOUOU__8j&W^cmlO(is#a6nNIQEOTKhz&zLrU(KpwhtO2ki(&?9CL)DzFE6! zu%0Gv!^6&C#W1F`2YT37S&v3$TSCqU3$c0m%Cc=sOS78qC~f5A##VQpl*8vu^j933 z|1DLH)6RAC$x^i*D!u7ojt654%ScW#-p!GgP-Lh*j102Wsh(wRxMy+NLn*03Hy-0x zpYX!&!xhhfCm?NRz|5XiITTgd-S?p_qtM%|MZvoF`axmsB=@o)@ZS?dL1syxX7}o{ zgl?qYmD|~RMu!@z;c9s~_x0c=1jaW6ma#tj)D00J7t+RAqYa5v&u0%u0n5XH^doA3 z5IT?|Dn)C{4XtOT0nMfT*=BiWKzJ{3bH+$SNZIuS(IB?VC}Z^yW{?ogaz1SBOBbz! zFExh0ab~v7gwDi*hmI_u)$kg0=)gXF z3U&%{^aLa>=oRGQ2q^3qyC3u*T`gDjD=cQYY6R3?(?vc_d5w>Kthl|^V1IuE(jtg2 zGZBAg_+Z95V*ilQ^)1d^dKG?M3aVs#(aWIkJ42Ib4(l}xUHPxVhO!9$@m%@&4wfq% z&n6~PJp4Xa;(MS*AIKMe)35a%&K#^~qcB4^9dw+dn!P1AP9t(u@S{V42oP*r*exf_ z4fi-Uoy+`wRpc3a=nL7R22sx{*$^oy2L+9efL;WRg4r#Ztig*Mcav=Y^7zyuK1}QulsT$gkdxkp&=2vh^7-!&}D0nE5;Q(Cj7SI z-J7QpHH$Ln;~3I^tK0D~HWN1MPIhg&#d4n~!tRfnPty9nQ_Cs^tqlIj0$_!NWCrNd zh9hug^gh1ur$p*L;DdDWvIxZ~<$()T@U#$sbAyuZ_e5mC>r3OeV_z!wnHOJ4r|FJ8 zt}UdA_jLa^z{jhy<9|eNfm0ebzbmHqiz=fx1+e)~?RlHmUj(EAnvtIF0|Ft(A${p8 z4C$IRN$I$C4l;k0iUl<8S#Q$(6iFKZzhV_yak!ybVlTb+ZexSFCH~JHxl3I4m2A_urMpsYQ3a6 zchNrKutDFx_;IpcV$_pjY!4$z?n-2yoUaY{Y_uopPDDa%@!2@RQU@Bbt+Rn0Cx!&>A_|NeBnklsE4iSWnk@D>zm=c!r>7eQ?BI=PVztEvu9Z=!2G%$0wIA*JRmE-0u#ga9HD*2oBx_ zl4MFr>1;0b9dQZpnQ5X$3m{^;$>x{;~tCk~5xqC;D=6sj|P zWlUp8iyBmo zzo)nPUc&M(LlYM?s?9wXctHu`c=rQ4IV!Yed? z9~?H(59o1KH}gP1S5dawwQ?M_d!U##b%~%mfqe#PxAUB+R!JHusRU0{g;bgxkYR)) zmCy7SA(u+EvvEVeu}xCo7-4WpM7^Ap9`BDjo`LmyNV7zil`45au>~n0k%R7JaCKtp3+c z|26OKZcD+`(Z>ktS}n;-2q`S6OL|zq6a%3uWK~?TOsa0lxVcTz)s=JQeuK|7xl=v{ z$d|jB5c~I3B1&A}XgSlBa+mCp9()k;)Au+D5yz2X>5FQR?Ps%?+uPfjwYA@;D~$*P zD&9UmGX3m1F+lxtjY?z`6!*BexCWmGhx@ZNIP|-R$+qu6V2GT1R+J%r|Bep3KkeR4 zNG7qk2plar2zK>kgb9HDLoHbEynLP_=yl)dohJX|_3%HcDJz(2YT@LRpiwo|_Hf>L zA+VTwiJaq0IdNQ8B|L5QzBRAIQJ2lv(EY)}P)=u1j6&d{`wcI1e7t0SDi@Zwmb>LL z+%c(y_dEo8^iychufQK-C8$3KsPahyDj}8~Q@``dPfEYK-2i;RZE>J1%+Nf=NLqm| zPBprYNt;k)Wr228`vVR%G$N%OExh$)$Zd=H(RirazUwVc!-VzN+*THq733->M5b7| zuDm%`abu5Wr7__u>JF#NkOpy*h_4HwP5(Kq`)SY<6cm>S2~-IDVDQLXwV}|)PjFAj zoJM9(vW?{dG=A&m7`0qK<91rbuq`G1+J7NKcvqeel#v7ca9|;La4qMC2B2$yvb917 zHuvvICA!p0mFUwd4KD=s-fi1MVLQ;*F% zD+WauG{5(QM8Lo0|{z{v$y)`s|W?Ooxj@e{CsmQ zrr(F=Jsk;@m6E~ccKYBwrbSm5+VLW+vEEs*mn%5dTR;%hfkFZnqnCr{{>wZ z)A)NF>-KnonrN^aW2o)hPg}Qj6zo#QuffG(ouyW}pd%xVcXp>z#oz55a@%Es$8ZId z5%|m;6hRze^|q;CaulmsiuA6hXGavwy5Z2+W?B_>3^VUrTykF{?qk#LA#iWWopK}6}0pm$adm7 z?_+{rS6|9hnMVc(txuI$s!-9+55|4HgxQU|Otll#qc)_Qj>k8mYP66qi(HTBF|)xrWZyuiS z=$KVrT=uB}U|6F-`88RPUAzr>!_wL=1hr8}UuhtI$v}RK`6DiqL8{Ng7X}G%qVfL; zZORUUaVao*DR7>q8aAe*%@ktqH+Np=r{B$ZjKKglBf||FFZnIaJIY?qtFPf#HxG4p z=WXvqvu(ajI{Lk|jrcs>J=}KNnFC+Xn#;4oZoQuoGnU}?3B?O=u3=1pT}|cjxM*TK zkHT94BTs)PJtUixgiH^?2L8Y5KVEw3L|B)q7+@EgMh1t6huiPp$hezz-TUrI1eLyO zq?(R-?MvhddZ0Luj6!QrDJW>x<5woq%w=S0*z%MRB7rq1i7v5V<_ZWU_9{DfK)=VC zE#Igsmrb~hQHzwK@8^w1q z38-x7;Tu~5ogetN)|&jlznZ1Xo%*fGO2dvWyUm;F4o$tUT`o0lj;$K|<`d0=k%bCP zZEHgL<=}veLp4TD_-p!rGm!Hr8J~_j*^{5+Xb|V8fiY)!Y3ghGbfLA~ zDJd%#0Y9R+M;`1~w1e=H5Z`L}T{KY+^3NMmv0yVPqul=OnYVhiYO;b}-4cfq|Jzk#2W+}^BOP)HTVz=Yjs{6-% z5S~!{VinoUBYu~TMx5FZ`VsDmM~yVZb+{C0Yev>aMN3Qkr@>o{EsK( zoO(z^7=ey8uZ`ceKX74zWGrfx(%LDbw60w$u`JE>w0O|i{Q*<@qcLeht^$qtD3ABg zxu*;uJ|87IWj%rL`RBDUD~U>wS|oGg*5Fs^HJ*|+=h~hETth2c6trH0%DwsAsW$ht1(!L!20!8kC^GL z)?_k=&HZQQmEJ8{2YBu*oPY`(z+Gl85-v)DI6Bc+5~4BzAtn9Fwxv9zT>8mv=u<&J za8X>rloG_eEINLi=({J#arw5=tML%@exF+Rd?ebvKbbwR_U^MaskilfKVbTl>pG>g z{%ws!|E}7q=it5b;;Gest%Z*^I*mD}6?5!h_MR6{0WsbasaIG53L}Bhl!b7S9IM~J z&SV+_prq~hy2RSC9n|w!_t9PZAK!LiEs{yecyjgb3!1;^jFlMBpY9+gb-8W$D=S|h zTF~-y zay)4LW+1Jy9&bEMu2(gpCRGd~NP7V)R$;D-9d>aP4knhsbUP8XC2#Q)G^~5nR!Vl6 z-(Rw@d{@MUTPowE84~i_CgvYS_Phm_bH!R36*h@oRBPoRSaAt;N(Ezf(B%mU)c4C4 z6yU1hj#yA2n*>?In==p&@Rc1}#9+Ubifu zmj@57ol3&Y$RYRSzo*n9$?OTX?d-n&^fC{+{~m|cxdwh$$iQvzyefN>r7Lz!0@~1p zRe^qN`Cz{%aD_`?d=)DB61jjw|!29^N`kK!az+F+S5-*GSm)w>FDm%=$s>!nR z=uBTuemSW5*s5WpI$$vZ3QLfn#=+xu06*s0cnqE;lbOe~+wBAO{pMT|Os&?}p!rFx zCMBmRnX-VdAe@wx94`*o?)d}@7@lrgf&%1fLR|XvYr7<>ZTbXwIw5mJg%OPOxB8F) zH=y`+XAdT$nm&upMC=;3BSeu8)MAI zYdek^pTM!f1vL)1dP4BMVzA^Uz}L8Gwv3_F$C-Rbh;?Br%H( zAu^`Qc4b6{bc@yd&q+hna3%@yNj!w#gyGhSy(Lu(nrm>Hy=DCUKk|qi-~ZU9k+qr% z_IlyvOxO88RZ%@xw_gqCGy8(L@}9HR+Sj4rbTAcn!fD`}1;PbWiX#z0A`YYrM%Cg(LU_>53 zcn#K;bVDvH97BmQ3GD-{xXuxWZUdnCE-4r`hHOhnN&Gfs!3H`01_gDhsKgS?5p_EZ z5I!V1Uf3R_^>5gwLr(M9z6d*+1)!7y$$lQz%)yb5N+c9E%MtQfuB#X5Su=)nOt!C6)}1!#Vc5u#@A2abkAV2vaLtM3kt==;%Rt3Irl z4^oZ?Vv~mi{-vxk1a-`hiUd^_7dz*MsPz`Y8g=*qm3+6SlBJEy0kXHdUEkP$06eLd z&#vgN^OTeB$IufrWYj5{0DXul0n!E-CH;jFye&VJOnq7XXpG%GS(uX&2Yzaw9};rZ zDfA$kl&-meO+}uuSM8L_WKq>vmEEUHthn!0#fuIV@y*f1MS8MVx7}m1MiT4T6ohkI z^(nQl6Y9q+whH84rh4WdgSfPn!BT`+#ng&^>uSuQah?xKhaiRDAM9d+Foc^%8@FcyFR>nKxS;jO2U44ev8XXbNrL zU^-%+a6|8fZD>ur{?>xLF}b|wz#RwAo@YdH*&3QN#;)J|YwvkYr^_sbJ%85#kJZf3 z4lYpxn$DNFssw1ZdJW<4f3N27y$|Ns>#q{9r~*?8Hx)jX>Vw~c{C*-t!L?duG*t;) zf>d+3A$V0M8jn?8i98Ayzl@sy=|x}nCKC`sjCj5ief<~zQQ8Luw^!SF{?zJqbAU`e zMaGwvD@s?VuhWwSMOAxzOTX7^gCvF`g=_km5~&llc&JC7wZm=ekBdQ;5J1sq{q$b& zVy}TtIFamqd-x(B?5=dNJUYs+ip`K(nbD_uy6y)$!>3M1;Xf>fL1(JxyVeah8%z#o zII64&E>fAkU;4Qf8dA3Pn6F=YF75SKPXS%wc2$wA23=|f=O zE;88BezVMol?rhm>u7B5@~K`L-?=xsn3Kxzn2!vRXoS}DM)~|tw>_M-quqW!t4K1K zADMks9?~aZY>_171Cc$JRlZGqI#)JXrH0;qU&L^3Q#87W{nHIV&n6md~tON zM@>ylgUPPs+hM*>;OTPv|Gi^cSh8E4z~!?3KJdjcV|GbYJG!t;O0`(G0&$>dW^0n< zW+3%P*3%6F5{?&-A8g|XqAu(qzs{Jl0-9FjvVJ2Uv{Z2S&aWO5Cz2Qly zU;A`++O58#H_tCm7goaI>3QFHO=iAGyJ!<(tT5V|eY9t#IErD=77>!PCp3bW=Eb{~ z&f_uPnEOHXlr5P24MbG#iXoz7PomNg0les>B{_0CBaf)Pn-Jxn6UNAW(0ZZJ`nn7D z>VdS$i8#NN+YTbrMXz$T4BQu?dsmz7;w#*r!3wmLliE%PclpfA540%^+zKI2-Thrcevg zD9hdCxEKJNZ+UnBv$kzM7G=FBJ z8D*Bruf@=5+*NLo6$*XF6tUrsyXgzb^TYXX{&z2SF)sx25xHwIMb8f-T0t{<2Lo zk$W+^fQ5K*4aEb?4<*To1>D{g#CZxx!2V24*x<^`)tom>Z`()ecx`o$8GsRo8mr$E z1LPQZx2BKOEBgHUgmkX=ZQc2z>+rmD3pRo8!)&9r{eaN-vJcJ&oND8Xy1f_VBS$5npC>IE76^uUM04C%}JF7gn!)OGIOiB@(p2L!8}FS+Wp(a)2yFtl;LtbiCMbre|_L6?^hzlS(z6`)pH~wpc7Hh%E|z;qhC}NKO$ol*O+U4 zlIUOCm6=s2IBS7fC{Vfs$V6eZj}yLnZC8C~vLe$=N}|anH}qNjC|A9Gvj1bi%C?W!%Tk_{Qgl#|6CK~|Dp@Ae2Gb6g#m z_CQr-&?Hx<9`%%#Rz6R$=8t$J?`;JTLIDJ82J?v)t@>{yCqNKL#IRX+lqLxf+# zO{@neldUA1^aB+IO_m^vbrl(>=C(wkVvCmEcSS#LTDLC4J^@9q2C;M+EfrmJdA0TQ z)?DdmX}e*2cle#=)JFFW&;#C0SOQZ1$P=ydwVjIAit_}mkp`&2U}W&S9**lj=ZLXK!eUVJiG7P=_j5y@npu+qx5wh+X}Tl zp!}OtETsbB^edN9gxTb5Ms(zsK-0x1xf&~05%ThMb7or#a`N=CWHiB}(dkl}B^3H* z>vb&I(B;uTQm6_k{ALbx$_4`AWh~jB{e6&p=&F$MMkp}RFzw0#Z7JP)QnZd94;WLgl`uR_fx#9X!QE&ZiuqwjzA z!iFLvBe4Lqw6v&Ic60xz+MXkjm91gzr}_(d1&nefjL67EzPao7+YYN>>l$65a53z% zJ3Md8cCa8t^-W(2V-h64WT-wFK_iBsD9aM|5+3$6dY0{VI8A0;thT#o#kNzV+#Vuo zvykHE6#h#ltX(qQTbRJ*C2;-Lv~Q`> zY+!|{^oGH-yCw7k*CmB3Y$)+lbp8P>U*p@ zBZ8QeKN_;wfNZ3A&SffSrT}APUX*Vqj};(2{3j3Pr@b=cDpnXlb?n2hM>eC|#;w=m zmgvp9T8}F&wl^k+_p!-!ufyC)7=g*|t60ZTupRr=9ypaw6zWG0k>#z#K|BybLDl+N zR4UPqDmH!l9c66$r@m7kj2*bwy2>25>iEwB1cYnJCAGNvaJ?cSk3Sl!O3c(OyUZoK zp0p2&4USON1WRSUClui7ZPlhrk;d9kLNah9DE(%QPYM`=N+N8~xNuUdAf-?xEH^tS zH_GQO5?RV%xTD+qP}nPQ|uuJ30IP{&TVK(spavbFR6@9HaNA*K&P;>G)nF)9Tcv ztzAu)k3dwW03l={k6!HJR9Mz=p8U}3{bi_`IQTfGJf}paa2cGW2k<-`qV(emX;#Eo zIQ#VKhh$q29QFoyLG06jm;A=ZmI%?En{JDSncUXr*Q(OiWIX?dsil=ImnmDqcR(^a z7v$A9-S7k*WcUTrR@@QC%O7TaK6{V#AkB~#Lo$6G93T4JFfFaEX#n%)TI-#jZg{`+?%5S+eU}WjA5cJ* z;|~0(vwQ74W&{qd-sHxBu<84A**MMl*9CCsu4<>6BrG-!Zo{;5Cnhs~F`0Z$3ES^4 zBn~HdkaJLHK>j_pdsF}GwlkS4Xlj|Fz#%$>dupSy#Zt~Ax}FGSjs?~?$1+{2XfoP; zkZQCp@OA0MgCxCGwl84EY0a#|GoW6#?16zB2c6`_8mM7BI19$N&fOQ=a+!~+t}=DK zU(n8^#?cwwqlL~8uoUNxOO`m<(x$^3t&SQ>Ud&du#p0zho-15hLAqbcr9@)@qGb4^ zda#}A&mY`f_;NpzyWP)1b=+7`n-~$z1MU{bx6Kv=7hO3&+)?6q&xN&T0#gBKE|l)Fz)LE zg(&xrR3kNykNO=TWVoZPxAkE=*6XtH*$y-j_c~?Vc*DwS^nly}?;E;QNEPGI(YFYl z-+MF3V(BU~T;lP0DNQm6gX#xz*Ko%7`{8XuwZ}mX@MFUQ1k*v%GBOU!>ZbM^wl*Kb zxqLt1U)Zd+>ROd58o(nD7>FJlFVE=JOY>2;J-dir;4>{Ie=1;#! zEm(5gKe@NtS!s%6HtDg*;JOxW-r073hkkZpJ*0}p zlZA&5zs_*mpN1${^R0ZJpIqWq-nPKX>Q&(scOj~PF^`1V_w!TETmpF{BuIiS7KCA@ z#Z%cmXUXLF&I{&rS&>e@uhZ*?0B9H%DH_ye(LAAkZ3;i%gsWZH5FwkDEWnJM{@hLA zDz+iv3Ru&q_wEH{&$|ygx1YLS`=)$+PXKEFTBF(cUB|os$1g7WwLP0uo%^6Og`^8O&vjP;A(ep$ysx`^ zo?6VQq6;y9JdYQ0`&)ZIaJPT@5wc!lZ9N_=qtYy^G*ma~4(lUL<q>NP#Lm~rezyXq7x5aD&E8(lPqwc!o-KFyvb@PTUMXXuH5&Z8wb(s^ z21w9fR&3^o6z~t*5qcz|%;uq(4gQFlliLcx@Q@?zt~=z|2vLouRYM_5n(3Q7AS|_N zm?HG-5S`D1ePJJKsq_Q%#NFLnmZmc~FM*yn-5>Bks=QAW4udbgc~dC62#u~i4_93e z**C{c3o;9UKUi6EMV}H-p%rrE2wnX#Oanqe{x?n(#If3reZ3Xu72+~{e`KrKX|vUv z<$jzV%0m7>R8m-@YWKVC+aeh+bl-k(WKW0n=yPRtGoFIAo(V#g+Q7uogWCcu?fz#n zEGC`G*J=yip3L54cw1eu)!$KD z(g$w23g&^Fy@Ph`#?pBOz!WFEUp8Iu8*`s7>ur55GPyE3zv3B)MYRhE2HMF4bn%dmV0=95&Fi>+{b~8jPR#m@xCi>mlj#6<6Owk2hJZ zTC<;OZcmT`&448O64X+fmRer-tgNREX*)q|JoT_y7!R>!*nWd20_m+X%Ej;9Pc9TP zIcgni9cThnjlnoi)|+F#o^Na)`x*36=2O#;bZSqs#5{O?z;&TY%l*93rsFJhM`n98 z7(-{Qx^;VfbJw@1dr#W-Pzb*(MI`dr7SL!IMedUa0(2%|uH?x1FRAG6Ayt5?f-RP| zu2f$J)R6ce-q0yh|L*7fJb9f4;{T^swOlVWo@qNzzt6t$)&zzL9>}q%=A?@08fwQ> zW5n>_R%W`gaLN*GG>EV0aJQLP2j*qD>jRJ1 z$1$Xy5lD!bR(UV7^qbMf#<~;09+7jR^|jf(^SZv03v(MprZq9+^Sp38@{MwJ**J6j zykUD1Oy@HP{`1oNd?l=&k^Y70bg(WN%v{Sb10tLM>~t<3U{kU^)d+; z=f*5YBNY0h{hB(N-BU3Y$IDQ=5z}u{Di#Cmz#vRzROg@u5W!t>bM~ae%8~%V*k@YF z(RT$Nw^GmD3EXu8%p093WfD}gDR8UbHMjn{wI|2XogCIK7-ZAuyKU1lDNZf)y`8~5 zULk^~Nobb#QilvO%Us%bP+we?Kw0zU{YY*{Lm@&endZhiD-`8GiJ*iQoY1>k zmRKsx+$zXrB#NNpmZ-Y>@OAdVbN4ED;xObm&Q9|LSgc{cXsT^7ZkCM>3&ja`gU#snk(14ki8m{ zwKhBa#uv1hIs79dv*h7+ICBE7u57_t*M_Az4fpxjHt%z#K;M@XsuKvlc0!G#KTzw5 zIgdr^t~=f@Ga(R=v8sO4E{6boaEptX`IBM#vwkU1!jhV)^`m7cGc@wxHDTKiVO<#m zWh4eo`&W{pY`ekHL~`Mc&r9cjO2mw3wKc$eb|_;B!QrI3_g}929=P{kbh@>A_sQc9 zF_PAoXb|ZA(r>4fX$0QQOQ7M__uxJAShQqk+oM}4RM3fjo3~}mG ziH!E=!7_y_emP~RhshTQ?&R6nlYYG#3uY}vp2rw+Uw<$Lm>qww90(D$VeuARva5V_ z#p4OnX4eCd?@M=Q`)ixdwsSv>!y3rdo4V7HNj!98TisxJOL>P~VT>j{Z5uy8>j{d2 z{Tp*5hJh6K$71Se%tWx|3VScJS7YYI$A__!YN8DOoKqfO1- zTv%xITquD@h!9`c55PvbI=>Hy##WjgZ*~5NkOSb_O+V*EtzRn|f ziTu?!8&Fu2!Tq(k8T;e2NcW}2>HSR-$64`g7;R4Y-K;>?`#!StAHxysJT(wVyusq0 zdO-qUv&(Zd5dRTC`(6~T5&`b+S+}YXhr*WY=g+jpY{-Zt%{>w8J_tB<%o!;Otkf-N z&fh-Mn^-lVUHRwsy1vhz1?U4HG?M3O)_6;sA(Nsl;9=uE74F&TFYhWZzy5s}3m1^6 zd>**h{u1xcFF>C2=WyfO5L)T{0%z#;CdhykUNZ|dB3V`cxgfCRANZmw{!@!zL(PnV z&E0UxF33biLV;<1kS&+TzP=88Y@b%}$N*heMZ~s)c0a;Qyd8=eelSdwS>EnF?>9ZT4xb7<1 z%~=@Sdw-_YSu=B%xeMePl}isvqj_GPEVj6&#C%cKijHY)YBt?YOohkNfY30@7u$Sq z*!k8QGC_-BX1IOu0GA?2dE*9jr0^LB`6zJVu%JiRI3>*UPatUh1ot5jpckoSQPhU5 zf9IV3S*Tvk;C!rZb_!Wd1WI6)NK0+v<=i7`?rcYGr(@w`igT2@9(rW>Uq^x5S3@FR zml1##jIKC24ZFQw=6x%avz$MHT0KQwtp*j7IT^X~FS+Q^{^c_AOJ4f^E6Wzguc;UN znQUxawx89u3uv}Q@+bzUCRg<6_$A*rRo^#R{I@YN9~iqOW!WPDC*8+UkymngeOuJt zD`0y&r&vgc7#r16J_;4)RD?{Z1irSKT5|f-iEnaZnPMR zyR^oHeCZxr`>S|UXfh{_OKJ9IRB%TlIC#nijM}-KE19Qj_|`FjoUNhdGjkNdQQ~0X zkHp>We#rT@c>9*;h?q1T0f}j$OeQb$Iq>Am235Ve5+|z?#R>kZOk;yGU0LK^2*|I1?dDAD$G*}nZe;jz8I=(!!X z1?@VMw%rfJ|I~97;)PgV+VJi_bh|T6wlM00X{UBLhG{CyCeY=-S6_^%hd7SyY?D_K4wZ9uq9h>p>nM7Kd|DUt|+7-7coGiUeX&`(}Oq7YYa^1F(8rUI-o^VDWy_z z9VMOwf!%l%l%j&*;z{XjnhAlJp@dKZjUEqmu=ue{DH#&yH4-=8_neQ+X8oUp@0xVz zKI!1(e(0_Hu?4*gG&XFJVNd;_PfA6L^kCvg!SywIofLlImxMAiMIxU9CXnhj0dqn|H6 zl`OaUbjy{RH~5MeFCw_zN3_`m(Kt&&Gh5;obb~OIXvAh`mOde6peTX^66U%(OGLcY zU5QMfSL)jcz;`qljf-I`WIN7i7~XCu`V4A7pZ5d9mf9Eqd5+^N>A@y!bEATmm6D12|Q^yJw=5tNi;& z&3ydExK4nS7)Fwd0tpCa!?F+1Y&N)tUhvi@K_MfkZ>H~3OKJBShMC4Qu?ks6S!{(r zyE;}r6eXD6I9sj>covvv*~JOt#0sbOavKHQXUp$Mb|=aigNW1@hiZ_4!Oq2_mSd%F zzjJF(*fw16CLCuDKvVewTcY%dDhPslN^d~vsW6F$uo%>_jhndn+gYQalPy>bKDOn3 zzIRn@-k*f3dMp#Mudwi{VLzA!5w+u(-8bipgN;Y&xZXl;es%@?O!;2ay&f)hENq%a z`*S|JPBvejYJCopoamRq#>__tFM0n!jkh$TtgT+~v>~aqc4V1^EcHQxX2dKR^rU&;iu?mcW*{=S*`dQlLQiO=OMV`yvf>^~BH>BI5O6z3R~^R6y&?%Y>;q z9%o`bFWom?-?h5mjNc!PKmWa2mz#*kb-pW9@7H9#*FW&#Q}KKEZAl{xF=SLK=`eZi z`WAfMDA?_?_Vl6N;J#o_>Kv8~Xxp7gWZ6BzAC4dODv^dOERlvrkj?z4ZZ+v7F4G@| zhz!hTf`lniE75)>Ra#+EHnCiJ z0e^+ViHCeJFabXX21=5ViNH(T?a`Qi{p*dEz$NUL`n~+_%hje#o=lg4K1@_HTt$3n zM|~ck(~Aq^=PHgJ%|@Fq*V>NrGp^pR>e?Urw~fy2C)(}17*}St1w*qLulL5ojh(L) z5P*reh|YGa>kT?FF|lz0+sT=Tj5g@{7h^k!0PhWis38es4u_!zI1tq@SU+}dex+cG zVVZyS42L)P7QPf88pW%SqYuNh_g>@+BgM|>4$d=hQfAxQ?-Q=&WvL^b< z1NM7;$aE?G5V#aZF42|-{S$PbZW|O=>$O2|OIL=j7oel9K&2PBLSn<|y$#M4|78vc zlFX@w{UNmC=a!hp7TX;SuOq5&lUqQX#Ilml4gUAulh=%|UAJx3yX!nHmU@4Twr+Zj z8`b|2Kx`RSfyXKh{RQ;*xIg)%-s;FJr@btfDrMSO^e+Ul;HCNybA|hDUVp`2e?HPO zPFkKqWcr3iUTd7Oy((mA1ZEf4toI+S=OE1qKF+4YT}Tdxr2*_vgvmYp>%+ ze@p0Me&_2AHs>WDfBUhpcvyi#mqIls%ckH#wE!a*qMce8DP1t-!PMFDdmtUK=>pxa zz}FprNAVlc)Wf(F9}f8O=KPhqt9PPlxVEicqWt60?PnWeRP;ZKZuhG6`>bOCaH|US>yR&*Sk0(Ae>AxGB*|4S#l9_5(|NfV{_p zJGu)hySodS>GZY!Qk9GcEX`pwy*cqjy+}1a;Sh%dEZDiZWPC_Q+W}Z#D{_?veMx^h z>9Cc=(*^Ejd5*HCgvr;1p-jb-fhQx&Y#afb)X@rXlnQE~y`(R6B>s36pNwih3i%TL zbP>~=1sJg)CjT}VreWD|%9ut(yzz@saP~psz0iyHlwE8f1bZ-(ca-v(x8QR}B* zIGC>Ln#C~6ut!*Ci{gK>rZ0^df16BYNMnZJ?{vDZWLL^?arNAVVAtASSp0@`yKc-K zT&f}<0w`~4t#*2>)lt_LB8NHoRe`eC zARj&$m^{rbulkIHT3roViIBpqafJ-34ZQg+mA`;W{o5c=67?n#kF)I-z7X1X{395U z!O~TQni+d+~i4&|Lw{ww8Ju3nm`Xnh&kzFtMw*EvVXNJrLz(iTFsTv$5{@Dw8F z2yP1v!-ZTB59nRgt!qg1ly&JaXf6-B+PA2$%?MK&7WdOEa8T3_$bG)V^RPq~CvUO1 zN$QxPPM3c8;^*w6`kj-7q`_^#nt2Hj4<7KzY$*jf5wh8>8Dd=2%;Ka|-qZ5dF%3bi zgvNQ>;R6hD0EHD+1C+q-X{4dDaPpnTznVK3O|i&J9J)s1rm>JY2^WMIhIZei^B$!A zI|(ZsLx4VO2H5BZQ6s}?g>9K4sd}ODivWuK>2cxo?E1Sgck8~EPwVIY_)%~ z>1@_ISfGafMHPfmFz#&O0$8C=t@@1WoEu!w1957&qd`v>O3GXJh<%naYW4%X=))Qq z;)*zT=W)L=@x*S_QJUpivXPWExJ6E>2c)}#vd|L(oWdr;S@NUx(G5Mj|s`hRH2TvAjW$KZ4_CNDU zBILwmAgVm1A)RI=Wrpz2YWz&an=I=vA)uxZ%=m0~Yy|Ulo z(9)_tJoo7=vm8MtL=C9)1UOV#@iFd$aPi2uLGafw<;P!Rml)MmPR8luc*YM>s-y}Q zHV5Sj{(2C=DHJZjT){bzJV$hi#s7>@*dm|WOuJ|kMTl*(@6gP+I=4+>n(HVt3Q&vZ zI>vC>%*oxqb)R_O99!FRa5L_G+;r;x_me-?YIiPQueK*{Z*T90r}EwvAoU~MH zrjyIaQ74xzSA;GKTfjN^OwK6&!xZW%=FgYQ>nuzZiNr`X{g-w(0!T^t`AP_b_UQ0T z=d;BdrO_;~_1xG9k>$E#=K5mzuim+>aqYf{_1UTQTB>{lt#ck^+*CO2-^s#{>zCLY?beZnHo(Lj;@O+IqPLg?#QN&YV)<0edj~-zgZwZ)tsz z$G-O~!<6Sl-RlCo7vKG_s_IQue0;wy0kw#~diR(+)!ag=$7OdePE$nKlecxChBL6A z>lo%{lzr4sL?2YUR!loCN6J%ELsMh4`xec=8>@UaII|gJbIVB-2w+jK_HDk>=xVM< zrTTi2sD2FrmYT#24pj*~@go-zFr;D3!1~t|(Ca6UQX6}%GkH`+0SYmOW;Ke9G=n8Z z9a<)>at2Oy!y=2{6siEX!SA%H2491Oy9!1;5i=T>U)n?Ad4lmsM+x$4@U$x}BCQv>_oOKB3vQ&bFe=LGvSAa5hR_2QL)5ZNLut6%w-k(DXU>JR^TlLYbP?9sW@<`)-> zz_fpUK!%2Xmv?ri?(Ov#K2!hC$4gq>S$f0e`(0q!^BnH`@$!SU&nU|N@dt3*cyuL3)i zF&>D(Ad?Ts%3l&34bgUriC##AKFwYky-e5sm$fDR6J-N{Fac!cgt_ozrl9K@_hr#$ z<40p5{dh_008Q^B+yp)7iL$pGVV)J0ZI88m5?@FEzMEC2IM8CMByfXsNrVe<$Xw%2GT91zkvQRZmbpl}VoiufVogz+j5Q0I$a`T6!oQ;rXB>PY}B?W+Au_e)m2-QK|Ymg^1= zDZEzy&*yUME!~axj(%fJ&dWZ==Idmp4Ts}OPd6#tU<-N7AjFqnk(ffS5NjYRjM-oG zb&l@o`;;TdWGss^?q8cN!%ldwHC^vggJ z(AciW$AgKWEn5QoRtHS*vKMwW;NoDl+}f1o)ubV0g?bl@LDKI>%D?CVL;xaRC0q>M zq$LWf`Zd3lsW-a)$n*U2WdGT4pnE^5`*R)%&>NbL#^8$maI89kOLK`zW1EC8g^kS{ z|2@09@qP1l-FgT-;r%&Z$LPHs2Ifbn)iG+dUen;KL!a_rQ0aqq%&Xo-(8mX|!WVA6 zah2)Ta`CzsG88Y5I0iXA3;M<*Kit}DHX`k)+i3==tJx_(@AEZGJPqX1{}NqotL$$s zS-8L7$QV*&9F#h3$Prvl-c79Fx7_xxKz|~nO6hMf7Dp^tV#FGak@bBLRh>cvoR%X}FK(WYkr1_(KN@<-%F!2iI35LrTUadDE;^h zW;E<96IQ1Up1?!W!mC9fh*(mX2B7$0y8$2v3vQw6LZIGMv9Ut!k*0N9wr0gPCs0(m{D3`$l-`u7E!Gf2mG@qtj}sDGw(}4%-=6 z1vpfDl{vacfO0COs{&o!h{~wLjLwM3YDG||gT75?-0ms^h$!Cj8F5Guz8NY!S)Q^PK1O=Yg*qE)=b5)w&ciDE>K(+l={L^j& z+oxFL)$j=jjz@q^UrLnaO<$^11-&gI(|)dSMzBsZFMPe~bh*kXsQSZ8S`gi)A2QqbOb$P-$Af6OCzth#g`@4x8;R^OK-+g`QulklS0^(`&wOTZ_f_DR(>Zs07CqqzfEHW{MSuhI={6FQ`kO!f`388ThZvk$L!@5-iN0$9Az^W~4EqHD9P}Cd^U`eVb0D(OYSqo$Entd$ ze2FqU2h(ARZ*oJ=$w9FIlQUrNIC~VSH*6qfN~KcRQBmDL9xNk8p!u8!Kiykdm{`j5 zMJc1{%!!S^-ly90tQ-P~d#@>(C}VuNuNcoWXeQRr0Y)Vktu67)e{NJXtKl|x@^cc| zic^uvpq_CE4ba|xHDBO)v`bpwZ|rn!PiJ$zr1Cs?V+gw?OElb86(bqG)K&dbQ}d*VDQoJO8e6^eVYtT#~t} zW9IbCF42usT7H@ZfB!?zkHew3O9(~e*Nk})mJ1h?B@smk2ink1ZIC}G8v-!gG)o36 zlna+D6)fuj$(|l+@cO`zFhhk%A%6Z`WxIOeEImENmc+}&p!Q8C08b5b#_BNgV7|qrm*F#RgN9=p>;%#tM zt=wvNHM!<^$vWYN%$*UNJsCZ@+h>vT@`)wA2#3S%wB{;MS`Tl5AB}epRXD_Ba+7(Z zI*ZASnal|r2@59HD}H>+li|ze>ztENR-QPC(+=B9plx3mq z{dDjFG<)sm!^ygyPkOl-slGbQG1XcWFI193HRxeEtWroftha!Nh-`x9tQ$ znU@8=pvGVY6|zpN4oEQ}tSStkB^U$VS;Zzz79xbv$}k) z)>(uN=JeS*{F9Cbc@N|ZDf26!ki?P^upJ!eD=3i`0-Kuncl@^7H%4YD^+~dQP9<+% zyGn>@%mT^bCP$v#)cWeyi(1|#FMBj(fKeL?cE#L~5{Q5E{+CysCmEz;ca1X$tpnBfFOU|$(!Ck)b`yr8jX{iw-z#?-~(Vder9 zBJ%#{%#2VvX}HXPm{`GkDtn9Wh!t08y+48 z0|EX7=6l)nq$@5i{@e}ao7ex>FJN@Vy7($Dp3-=lSu)*C%G}Dq*UPW0q=IR=t17_g`%Gdx$F-C$*ho+bhhYu%O$7VCC7^iT!pM z@D_^I`t|r6yY%F6W}NEyVa>PSev)Ij-Q}KItJY%?!?(*f&F~Ebfd{Ir6{LhNB+u)T zqKiWH(3nrJS_;(ktNObhKBVOgLde~FyhtIW<*-5QAXi>riqEI^iudLg_Ib9Fu=+O7 zB^B7NfmMT(O=wDW&}H4FqqvzA8Ny4a!Rrkb?GPbSvIrO3o>Dqw3%})ZIcHtry;G_l z_qZnqo^Ed_#$-Hi z)Z?{QTon%XZ4U$_Z!aM%ptMt$Gm7u2ReNOJtr2bIRlO~NFw)GKQ)rcwtGmkQ`2KI3 zhXbfI+n(~}XHNj){oQshit8`7Z!ToT1cQZ`UTk#$lF06pxx0Y8o?DZSttVYV155dw z3taMoyj=6k>3p{m$ofYUaa=<_J@&a6fj5#iyu3z*^BWJIwz?iBqIBOf>*`#Jikc!x zF^Q6j^0xPetZl4UR!!o_h$x^E5NmRNTwGj=YBM~lNEUl}d1BbKFRB5ln26H@`ozQC zrla9MG9nD&K!uS-;agBf!Zf1BP6$scihhuj4c33=O#HRFWycwf?Gg(Yc6vE^Yt~nn zGV!i!{TOO$CmgZ~oCW2-KGnx5fDm$Yu%JxYQf&)=^5GPolPw`qBvO2(9~0Sg12@`D zUoY%bqw7>@6=EV@TDW*U_sf0sN0OpSDWU(CAlyu{a@w_ z|6j3-_U`wt>!*<&XCN&v3;QXSl{&XOgKeGe5(Qyq-0~)pPbg=8%VQpiLm9B;?1$5Z#<3 z#ZOO_8sbwDPZx%S#P`Hx)o=VtM<})EM;7?K&LhEb26M!m#>gNJJU2!F7|40VbdiRD zH}pWSu{K>m{^8@>IlZ}2{gBGB;(j|Qy#(ym}a8VnlT%LiozuLo$% ztj$1pO+{8<)fZZ>WVh_Lo}_PBwp*5C=2%~yeb$G_X@_*$_*(Y--PBMPfRc*SKX5_I zqPgO_& zJ^x|{LBv^CkNMeDp5M7$Uf6W()!2G}VgEc_94z1L{A2622M6$wPaNSNj;DIR-cEA4 zT-0!M;xj=FEAzUb7`QW*baf%x1;l)&*QMjgP}12HI+?_WouZ1we7n-WQLKaDC(r)H zH8}klk+cZVo&aHBgwM1qkhOT7)`bs#9;Sd~1{vJ91Yq=eD1iK1dezOf=1z_{hBb21_Va6wm*&XH36@@ zb^?y+Zs1V5e`2m>sf92-$e&(8s{mTen`d?&dg|); zLGK2#v86t$JgGQHgoFH=fcCo)rk*;vP`Ux^-xO+&>wio$pUZ$O`_x3@_%XOFpKhWX z^65z!GijjOYf>{X(AAQ3XdtDP#eeVfs&q6z$Hu9xH|AAq{Z%?4!P3@~g3&g!)TgsR z^UDx{`d=U4P*$tZmMwiTtbY(^|CF1-IlvP10uduG)r1-sdVDZ>F0QYyo0*!P%o{Os zkR?k(b8VoZk<6|~Cx_)VJTRN)HDhP2>w7wSXseQtknp`Puk_xnG|upZdR~7&{XDLV zWB+97EnflvxERZ|y1CHnD7X0*VgxM3h)`z1JrhLa6ZS?&^G3X$X{+&ABO0z_juYdS z8wJid`_Nk#1S!JE&{uXOiW!gz+w~DlC+3jAqr9a`z)Ajuq~S^la({%G@s_s3R%)@uuFU4lNvXCXHx!7)mKWyNpNE?* zmw5qBs*}#h{0pGA)r~s+1Bmx|cdbFC1Qg+PyzYg8`3biac&?7PEG@Xwl(cI+B~_@i znWP5^0sZ_4u|i=(hVG*?c=N!s7eN7Dg(OIy+L&Kz5W(Q!0D1E1J}CN*(?MnL&(}?_ z>-t&g*4wQR0$++0sVVW`KN0<3s2KeANKqA{+#PGNxVMBH>K$Epw{KsHY&Gh-;Foj2 zX?(WdfSqwltSeeJ(9mojK3d<+t0X}9h`>)?!DoFztJa9NHdg{^O41BUkLZ7{kTlBn z=d%z_n$s~S+iP9|gjRzx zz}lWN`+hcGXEInKS9E=|*Ftgb4-+tSx%KF=By10ovE-wos)f9O$L@rz%UM717R>2P zOAkOhkM0({32xc_Or7<3E}#RnKEu*phla26zq zbE1Kb$Yu01)J>cSzy-T;XRupjAl{xIJaHNb@x~HUSS1inuW?H2sk5puf}4HAgkTlG zV(Ep2-=|^5I3nJDK)-*wb>VgS(2+uDr1Z_tg*oxTZTp6+YfRB!aqkLa@aMxJ+zAKx z_an}^X~BZNd1bgZ8bi)6X4vdh7E1BfHdw!H292Yz*=}`wIs4sgdlB!n?^C)8IN<_e zc%pcCc!paJGm?}5uK^F)iL15bV=OgG&u$?UQaaPJB@dj&>b*Q)Y-Q-wD(l+TGQu5T z!`PtlJG&6lWMhiq1Q{I>6%VifwrhJCSF8HW7yD*}cSGC#=G)#u_*Y(rGdJH-=`0-b zf-8|nnnE=ER(4m&!Z0H#NRRFCxf%mYKf7|H+r2+^`GR%fev;dYbP8ONWK3Mo&WJhu zZ)&hbp)9EyI`+!Dt{YsV38DjdRYFsh3vMJn$VTQ5UTkAwgM3Q-+Q#>5%SHx}g{6fM zSB9$@@hTrwK2%N)luB}d5lDbe(wRsW)C9I|7X$Ea$3@Kn;Pa8Ijk2Un?DqAvlFn+K zLG6AgA|@jnu0YP>^T$OSd;)}GX2~0`3(xvBTV=+mgXpE*O^I2han8`W%vllg*YG8J;+vy=p7M`?e>IBUp_DyzJ8p3M~E= zC|^9tTC>#zo-gMf39Z6f)pDsv@p-MzXJMqi-VAjgIzCl}iga1Pk!mr;@Hc75j$gvQ z)VS&nKmHue#g8%f(!pJvWbtDFC!*j}NZdJ$bdO5G!tZLHGTiL-HNwQLU^}?*Q|+>% z1ffo~jcLrgJ@&Vv#OvO#=MB^KFa=QkKkxOrg`Qakm07dP|b}9hrn~fJy4&O_79QIlfs`?GArtBApj`v;eUH z5-yTQ73B1bpSea;fUDRKIb6UO$^)Wlq^BmNZ#xjzC~S0;9xZPx?ae~1mFp=dMu0S% zK#iOln@j(!VSbOkNw^jaq^!$INd}Q?qcj=ji+9RXZltsIUgnV)DK;@|^z7zlkRHCF zA>a_q@%E$JO-j~8jWH_gl@mhU^>OhS_Kdxi9{us6G#?s|&SkEtH|5 zcL=prMTWj)sm<;mLB<&QSSDX+W@B?)y=41E%SHAv324}%TUiRwXu^)h_$7c8H33cB zJGbGIQ_=OhZLZ$+x}TT(Hi0&^wv6*8meyH3Wgh&}wR^SI@p(F$2_4i2N3Yrn5&kZ5 zwQPJA@q&?zB;@jg5eXmNKRh{kgZLhH6N|+~QR{Wdo;G|5$*YEa#)YL2Vwxa^K0O!e z_{e5)Romv=`Xs?xs5a#3AoG)y7*Q8L__rW?GTOT1f_+QOAF5|)e|odfxof6GwfP%A z_h>kRj9^mtywONq)3cP!(1-G`zE}71>CDVX4c&_Km&&}kU)khJ6Id;=tyNgc;MH$_ z=b$)$sE`Gx6k)hC?4W60DEM>Sp0C>2sgoB4Ev16{`+Fc2_z=kdN7FSh*0nb49osgV zHg0SijcuoCoHVu?+qN60v7N?^t;V*o?>gr@_ZRGUt-WU6nRzga4eZU8P;&jutV6R0 zH`_N)(nDCh_2$Tlu&@ZQLE1PtI9NfwTMcS-+61Vf>V}3w@ea_-@>o3{CacdKgMXzB zyKf3+)R{zba}w9`VsLlATH}o5+5a}tMP)ODUd4nJ3qnTyapfrh9Vqhs*RPR#xGcLr zu0tHk{n1>oAu3c!=&>j8V(hpdlQ*u2LaJ4kr(=!}#VVuN=mLa=)ipE(IbOEJCc7`1 zyDbTYd^>cyeLMNz7pd04K+B^xYx1=R$d-x-gIf_9e z;ZQ5n^sm&I$gnPwD&@TZ%wq2zqmM`T?~9o2^~gxKBzJsRn9ASj}fp?jRs zWUolddSGPWErRse`LtjK%JF`_uux3zm}*|MU8w4{sWe6lBx9U=Tf#TsWF^Vl{U^5?I^cI z9r;Ln6v;bE>*Eskw&|(!&6^jYcMSiC`tK{eD|e+oOwq%w_n(cN!x$bM{dbPsG0UUF zlhosuyJO2ko(XNkk7boVL^uck*qiJ6k^$a&y>Rqx{zWvu5>2HNmLKlxs>#Ie_6=rG zoKCen=PP{CnL!Vp*=<_9S`>|8t7Cr&)5TIN+bP;(dG*hNuKZp?K3AKA{7|ODOd$&c zIlekEC;Zsq@Zp_ypo`A!|HeM*qG_1e?mc*&u%D9MT4ie+l3X7iVw!OiNEO5VH_RHi zOodjb7bYk7v$awhz1T^WsS@I(Dc_90Nf8;>Ko~GV2eqXuDnrom<*nkEzFg{feob_Z z*fk34bx87`l5#W<)D{tzom=eZ~Kh`njt6HPi5-b+<244Ddw5;o5L7Y^lfr>N*DqVP!{_5jE;McR4CcTAXI~ zRz^}OmwSqA)b>uM%G}Vtu;CyTomqY?cbC2t!^b|nM}RKp<;aZB&jqkD>R`0HadLb} ztmu_dIDQXRl@&l9o-3CpG0s{jocLY^r_QZC-8>#RO`$DQnd=DV)^H@t{p?sHMhNcn zd^Z$toIKcKxY9Sb3NZGJYIGJvgXW7#7 z(FOxMv|*oEUwX2#h;4rSHqyeH>r@m7HCeu8!8F+>2ZKiw|XN z+fon?K6;uO8#6UBBDekcF}Z%`_RHWSEWUQ}>>k!hT%e5_|1UGX$&c*|SS5 z5G2(dzp8??_ybf%duX)>al=;8V-bUtB`nbX6n%j4ST4K9ENT&!LX_JJlUau6oOVyz zpM>}I^Y82M{{AL1fUXh_o$rtq;1HG+Y!_tvEvJCJ+0@3WS3$E%x@|Z%AuG$Kyu6$v z<+J|J{fW%sk9Y>iJ<(hnho9ZSFvxC*dfqxLp0`?K2o+WtS9xMa5ucRuX$G>g%4{jB zNXoj%Pd>U%)k&kFlPR^(U%2UFbR^3?64ROMocj0Tt`*NAW|>YV1% zx((ONjYq`{<~kuUl9R)}jin-|GGB|*64rV)VrFZQ43afRgucU`TVhj*AvK z27Rsp6&pv}>G$uQxH7U~v#hStd2kKNlsICx--Zl+krd!I)hqL@ZWSl%SQrrbLBK!y z&@nO9(DHGeBxA)0-COm{c2o@B#Fpmp6B}K*EMB-~acw@X$J!|P0t&T`lSYY1+^fXg zSFt zPi&x#V9hCF!9}-Urp2qWdgUJ2bkEu3)-ba&Eu-qiCjdpEQqT^M8A-028UK;qcu&%d zISWB$&#Lqx8CVH<&~^MXqdPSvS$mk&FU#}&>0n)A5=i&=*=SP9J zHc~!wQ#8D7h;QfOD_*s#GQTH9pICcY8UYIC_~dDZb+rgBPI*Pei~6U&)%hULQ<&2U zKBL_5vJPT38Q-t@diO)udmz;kIgdq_dz2qavMf$usQYX|)8jFP1`#S?b!)RxbEAk) z6&44_Qk#qJd^hpUnn!7g*pxF$-o{2CAv_941xpCBBW1c7P@@s)OvClHAt+NtR6*;W zDXff6u5`lZ*VbMtrc)~{t;KMU-%IPIQU)d^B{6&69>z9YEya+mmjA3~LLD}#P#G}; zi5mm!Yd+-HBiFw&=i`n{Lhu#eJdX~=AAP6_W~%C}wW6PyuK98TcmY_nHglacgql9y ze0Nfpm!J6cflku<zzu{t-R|618xWv99#xm1f{x$RSi(T9%17X_-s-a=9eShX)#}+B>mgG9_xkuX z5Vzd^yRUpk`}HV2fF`rdmMU7jJ>MNbb<1ARnOh@$pZXA&8?2T}slI1f%r-yQu%5$V zy`ZRBV=&>esDEQu=<}PHv;+LWC`IBjz>-Lv4`1c@OnR(6Mdk{qvJ_xKD3?>!TT<715G9a6ccb-ROm+Bq&AM7yS%nDZ2?a(B zQ?Qre!HQXij)a5UH|ip%CMHO&KM@M%X2xb$>mOZ+UWkH2S zG=92%eumi_Qgrybp=v22GNkuEbgGDQX|tloV2+zMT+_Sy?a z*3w?s_y*S#yFZcZCMw}^1fAz7YPxfTMJ>l3BH?~J2vqk{-8uc{)^VB|eHpf8Bxkjr zNcGMn9rdsawjwKSv-22`=*Y11(^4c)atwr)fa}c3txw6hu3g4HFLq?5TEx74XXCb? zw(K!4=(C=;sFH^A=k&pHp(y9uPSJ>&q-~ zQp?Hv8d|Lg$(X+pj1C^Nb87y~&50{0ppwR7oxw}Rxnm+oaJ0&^BH!HdpWge}+S*!l zI&sA7>+_QQna}m`01kl%-gfKWyi?A)Sav#axQXVfJ3N&L?P`6V(3=tUxJ&+{1SRpr z+_Zo(FB5O4UuaXRv1w{ToltAluEBOoShla>?pT}>>e{x7Us8UbT|X810N&@4h!wd1 z{dAz`u-(*t-d4fnLoD>Pe3l#Wa$q6!vfOUaevz|zTdCLRNmA>3*5>k1qunm4ol;y4 zpuSKgav24}gUJ20Y|*g^wD1zaRTIyo%hM6l>u^^sM&TbazAZuI3h@BtvM)xoSc3>-L` z$%o#NU7Sl)t(RLbj(t&<;7NZwJE`eB?!L|-qRa6+CjfQ5?lC!?^Bh$3y)~#_Fns0M}trW1ZlO0pP!lO|BRpY3UW z!{=fB<)ONspMUAow<2F7P*ZEvd_h1=Ow84g;LiTQNF2~5!if3ENX`nXP(L%D8IT8U36C2An-_SrdO)y&L$aE9;^kz~lAQ`?PG4RK>5rg8;7 zW$*OS2hn{$G8f$UpjqYXbRS;o)AW#W;5S6l{kUx4lk0Q9x4FGyUE^bWw_1TC?J!;7 z)TODSavimK;Ps)Koa{sP>h}$M(>NUDve&@C^R=}=i^-?I1!O~*j^Kn;gVzKnAwu7p zi#2&&PCp^c=%P%bFP1V0z@POUj}z~+-m7(%d*2Ai-KXoU=p|!86LEMFV_yNQQCH0M zpp?dt+p+pGnk{%)6(&~-bmi$YqqKP`;2(}f)ac}x@cwEVD{!2Uv7#eF9d~ySRe=|i z$vCH8BDDIMfhMl}<&5ijlf=!o3iWCVAbmh%uz-NvOmN|~M)|jbrp6sQmjZH7IZSF>#6HtZy7|~<=XAHN*rwlPlc4X*;kfh>Z)Z6D z$o!06Eu`79&Ho1e>l8eA5Z-pgue|x1<#1}V9VYhUi7j|0aJ@P@;cvp@077&#GI-KD z=f$$ztMn`;G3!NCD%|te{&>0cc9q(xT=4_4U<0u+4q^@R=#Q@o=p*y_@e! z9MtuF#GD!j4-YKpvx(n7*_*~v_`&e;^?&%yKXKT{fVaI_aX2*uI52)Cmh2&eV zAh(}yeh^LK;O2hNyLesm&cCdhLXaY(Bo>h3^W}lCSPKEU8i?4vD2I|IXP@tR5jW2_+fb zkn^jMe-K~|YI)a{VeKP6Ew{%CtozKLV8rkXx13q`rAvin@bli}_&ls@HaIzIKUahh z`$JJj@|p)YY?<|%T1ow8uZ#rN%k0M<>-k;4HREcktG^{0Pa@w~SV^6?;~_>)VYsY& ztQ;~4O0{egZ2K zA?BHgKmBop?&#|ax>M+^Gf=uv2%wq8{wj~z_40AM;Y09Hn;Q=(&#B>vgitV-*}l!; zR;1wPD65l}jt(WLH1~ZO&8H((@75d`FLsZi6uX_$d>l_B&tjHpIj+pt2ZHj);K2#l zo?o-YHQr&yd;3zmZ|z9bj@jwex7!ev$Niqy|0)_Q*$dC7HqE6+4%Fo|pZvkv%34AB z*|Px~o;0>BUi~?PjvgDkASuC!**%iaiHukeGcQt60F~z(=NALd?aP%6PuuoN?2dWp z!KXG-Vx^FOFq<}b{^2jX&A zNboX0<_^H{b}igqld5yh$#^qvWYvMSt`tdlB0bIRq}^ekKsu0_y2?Q;Z?9F+3S(x> zNh)j><9e-IVPd5am4?kjReWIotLF-PhnaHfD4$)xoT9|s;wD!-H60)NmD!SNgLdaK zKkgeOG`|5FFn_E5un%M>F!BTV9s@8Xog6v6L=j6{D3h_DL|r^UdgZjGWNrUy4v#a~ z*DxK((oi9ElJ)E2&295(&}p)@XXono^f2ixtdg3_YkbVpvln6@N6u$B+A6p)iCK|LOAmrN5}c@uuIr|T2OEwvgM>} zSTM2oWiQ!?))enarO?;O%p;8b3+gQ9spYrai__;REZp2G4^ZS3-e(>OE%!KwQxQ@1 zkxT5jPKWJyfukwG=flEvqQjsKkLM2W^CH!b!NHIHg$@PvzkURjN-xMD6&+V5QaKzl zP;6lde|K`)`^Tfk#O+=WXdTFQhK1f8eQf0?R=)+iQP7iHIY&q54;&y#|2dh!wx>7O ziZO0z%x4q#2vLC^W#4$#+;o|Q!8^Zy9Y|Ds&W&0=K;quHS}O?Q<80;Wd$knxh`04W zObSlKq?yFoxeYeS@@!GkjduhI-lR`4kaY!&b@=`Ly*&@vG<*xM!g^mEGSu&s<~~N>E(;pO-z4wP?t((&XGV6IQyy;Nnt%&i z{^bIDTH5@!rkjy{pl+b}brJkn zs7dx2Y3Y`aZ=RA%pqHfSlDjO`G|0J+;&^`50CmU9oxU6JN|?~VPkyZD;-U|H=rTUK z1Vgd%{eO=9|B!do684+^OsK!s|8+3#vB92fH=oi_$M;fO=!n0;sIU$7xR!1~oSB@= zK??0{u>R4`iA|w3g^h%8O$q$Q`{ShlC6KB%Z4Dp{=a`#3Y24Btl0a&7N*4nJi5O`{m0Qudb&F`?kcR zf0~mHzt`*3?xHSVDk84x7kv#oqX3l7 zAuEgA+dQuh_QpNlTMzbEn+{J*6Or5TE+S#=iEVIK0A#vjn7F_ zv$(3EW8gTm{_xs;kLIP79(c{?{*@o=x!mE|H94H%}od+cJLaH*mvo>_}EFwLjs>Gr+nw$ zf^Nh=A>&;+>~lBIs{{ZEfDKJ|7MtHj!SS&bOxer|>*nNyF6RkNK!4tslH0zq^D2KI zZI4xuhW%1QRlczql+qfvT}N;AXU2GI8p&v@Z`#*Wcp5%xrWI8+?Q^(Z>@>lfkx?`v z<`yF67)1>U`M4MJ3ZN0}`c9Nr(xv$r=Z7Hw#RK#6HJ;2(Z)@9JuTpP^mdn49!hGWi z$;mjDb{jk_q_IfwlFaaIpW+QwC46_F+t9Kl@~R@gsUt`NE9xQQrH3#`lnu83do7zg zd}!XWncyoYo7HojcGvzbug;6XRKrnz!MpKUxEzn;qoW&K;x-x~p>8h5*i30Ep2w{q z&G#ckzrRU|imywt0`bxgYY4+P58ZEPUHkiAVaoI~UCqC}7fQvdac3_bqFI0S_AU#J zT?!xH5qdic2+$5Cp80h?F>kdpegwGST0CTqE;ahT4IS+aML+!>nrpMxv}BEkwo&s% z-Q6YMgQ1yq{$>tYl4rAy7S=?n#t(CaZDT*-tzc)jF?x{mazNm8FzITafOeg++8BSs z#1Fpl%~hm~4^wrej3^M@jq{-?BMopH64$|-BzN0!Ril$BDuA|Um!ORI7pJ??R&PwE zb&~{OHsAt6df#C!csXxPwPY)~d1ag0Slrw+)JrpTcnBNC0Cn8XeCd*~@Oe)PC4C>G zHo1%iqSkIIbhx!tA-j#8O=vsq-L?eJ|L^^(U;S&6sZg#5_=KrTdS?KE!OwL0EWcOD zhc1~Aq1L#+1kH!o@MUEYpUrcwq3<tN<_ou0k=Oot<upEUgi6(jT81j2jVUn$+k9Q8z<3CNSRb5_ zMRCKK8*hznf17CIux>pby~sxE-q-m(fc_qY ze#zJBr;qJVBTjpWB*q>PF<@lvG(^Eb`}v8oCx@4#?QzPXRcxFXA2~5M^=7w3UU%~1 z?9Ay|#>=QrIxxDBro848=L5*|Q*_^=fbdoQ-2mdRaCWtAk|>k#H~>S$9rM1A^>bKV zKSu_~x`}-TFf?vp*}>D8;cX09ck_LJqJz+*rqs$9mkaw2Tj7K zpQ*wqt&J&Fow1w#NxfU4s z5QSzy<^h8e&+5*59k=@beX@*Q&+}iNu3{UVdwPGNdEXa*tRa4uAyWl9QJc-_B5TsG z3jU3&#>@!@j2-Y~L~z0cvIDqhpz-twx^b~jb5?uZ>;oY4BfabEs<^OzB>G<2hyazQ z-*x`F7Y}~ozP^HQZ*Sw7T;Op=T~4qaAjXUFz@YgoEKe$9AVb?~dh#t(Fg^*unmC^_ zU6t!i7^f4wb$~4aoG7xI)lwT9qKg^PI@uUB6*R?#RkMwnWXx;W{z!P>k26DLTmPKZ z^LJK|&=t}gKu>#5S;lX;LskZD>6-_DzcA>vTxOb_Kqd6){YIn|sX+xp$%de6q>~<= zE*?eQ+tsS#2O^qTG%I9t{F?7f0DI{@oza5;I%6p?iKe%&*12mZ;dABglZ9;Db1&gk zQBe=~Tfo*qUBer@kVuaZHvAFTm?=!)tVj@j#=)Y3OP4}!r;8r>wYnqzgH&tc*}tPd z@2kH^Og?|Dhk-A;5m`jk<(?9-hw0C&Eeo5OxsHtvy4fF9-yCb9GMC_;(Tj^@O|B-= zoIF=u#-~N%eRk>elVVy5L@6@4`bcl!XWHtu_x{jwgu8yqf)2ligBWagadd_uOxv#} zM=WDBqcwVL9X6ROVPOh2iaXGxM4NARM99w)sbo%DS5ImCiqWynU9N@+%l70q|A+Zn z*{$iHZvY98470lXo_CV_<~Ajgsms0F;|7&6PL0l=5u!NCe-jTL8ZuxP{EXjyTg-H_ zB`#HpLW4}cUee4woKKe_=3y#kEMbB!Bg`Lw{6pD)@x*j8|Av37Ddo+c#d6f_Gaxjs zi;l+XtJ6B|P#aws62ce$8bi(97V|g$?shzP#7LWEw5hJH_g1OHh9qEvnYLTRObrIH zYS9SbZd^f+m|;?iLHFQ{rR1JZKEk1KmHq`veSyDiC-z%y)-~@-B#XtVK6hV)TF-`s zaFlkx_Rn3l{n`;MbXg5?Ue2YtB&=;jacvUSCF>}68kP0nl~6HvI+)tYof5dnIeiEx zs_u@jsOd!XpPBjV7*Kh7$Cv5KjTJ*FL{t)0m{;&)ZMyJV?zHsGg$M&tFnNfK!tCeK z)M~LLnFgxR7^wT+dqVh#9^oGacq!8h4Nx!Xi!Q^GC_-@#Q~rP&VY_coY8&K@94*u% zWa$2Wdb=-S{?vOCutq*=U1IJ-f&zj`$$S2wL)yZW^bSwJTCZ zG-|BD$2Jn*wEK)>2Gg@6u?OukD_I)Kc0>bEY!Cvc@sTB6vUF(Ap9l5P zTG*c7m6dq{&FNFvOlOLg>i5QCG}=lFw(femcHpDROHG^^*Fz_%)O2GoYwMKp;RE-$ zM%LHld{ycHaxjY@+Eq%WBYrGU&%|;6z*4D(h#tEoo+MkxT=Mh43XCJ(1vtUE-wlJgBiL4g$sFo6sE|O`X!55FM|LyrNAvRWz2h zREjTD>YLIhVG3VEMrbGgCev3O`Qdn)(JVAwpf_F=j0w{eP;Z-bMEz&u%gE2FB5y(d zaH@C=i2-_g@?_zpzFL6zM-Xm2h=m?*LEPHBSoyX9ph7$M5Dowb54e3M+%NNmNC+-r zq{1PQp}Y;Kwx+B6NC2G%NIXtUE))z0%f>f4G=xyo&h~Us2YzP*aX;pXb-~*lpC5__ zKtLv&pcFdVf}2t~Mi%j;y+U=Rb9V z?@cXR2`y9c=c7%nYT3EcSE<&D);$KdPhgJY6RSDv8pdP-wi0` zQVUAjf`FcldPY+{e=wN=Y4w)UAehT?=j5n=c23s78tq*Rl7$~%Bcb;i^6%giz6N6N zfHF#7tqOXyF?C{Dt-_*vr$JzE-t^|?MGp3VpH`GK17(VBfWpHGyT2xr>B?>eg;Wo& zv`(Cyr3Q~t#wY8AYL}{!?%w;7Y!yRIEbTUDZQ)W&Zq0rw6yyACL+8&&N&;o4*0UF!o)8sd%Dm5js>lB>>WVwJnK(P|=MeX>Cmp zz`@qS*P!+%bK!behKc95?mQQ5>{kfpuCU3ekzBT@UUz=dej^rJ?MN4wMY@vQfqv=3 zu3VO#R%P1pI<$n%@ky^vKEXdF>PgLv+&oy^$OyzXx(&U2Krx~*m2T=)0`8IzfXLj8 z%Ab~jK~4_v*7zg9X9xXH>i24gLPy;e2eBsmnsCR4BCsHlr&I+kY)6SGtEcoymqe4 zI&REZ)6ha*Pk>a`4BqDIewrXUC;0xqAlOq15#fDiidl-ic5mqQqgIp?ubAT5_5JhPU6*IwPNM;>l6oSi ze{M)u680_&?j230f3N+%7g5WXSbO>VgZuRbm>e@aJ{iZ|X7;%e?r13j0ye^DXq!m= zi?*>KZNQ(OjpCFTm1!^nKDEE}!MW+*p&}v?;GrNJxB ztcG$Ce~c#?kb@}cgO{kobj+?7(FE=8?v^Rh>=OF@FE|Xkbx~liXjGBjmm!-_Qi4_5 z(#OwJ3@ur;X9!8fl*lT&hQMO{fHc=(yl$BE?w`_RWx2zN6Hz%Zp@UqGFj(0@u1C$e z$qoJDEc6}!)>+JgY2ZOA#V{%8A}?GmS>0&Kh&~t}7B*r-Da?WD$I4nnHXgZwj%1#- zznL9p(@d^;Na4WFNL2s+m1kK+jjDb3U6WV6-oI6d7vD7^B7ey+v5F{-K)s%PIy-%P6tXjluqN3p znu&NpM=EhH_CX?tHR8v;Wc-i-X-qM>B-XG`Cb#0Ee>nWvn?==WgTlFaZ1s`nGz$iV zi*3dovds8l%duhGpdC)r>Vm4FF1LHD{tIBNp=iTG4*B!r)(Xc=*g zR^w(cK(m+RqYnMxen7`;>1PYi9}$jHR&JW-2J$$wb@$+?Tt%$Pu7%sl&DYyK_?ycS z9&s!S8G_}5G2M&HC!zQaot_`w-fsE=EjWA-%f0=D#Z>t+t;`JZ111H5q9|Q(G$m;) z*XB)yp&!>9$EN3sJk)2l+4a2n=0FHJ=IJBMZx^PAXBP>?>|dZ1t-BEBF{>vmsp}{ z?qc~f2z8}nl~+~|nbL@3r@+g4p#SKSPII7ww&xP*JKE>N|40x+?gIr4XA)*?RKh@o z9U?yCxCBjaK8O^71PAK6kJXKN-!L|Gv;Y4aKP=O}%i{r$;S1MO_#j34_^FJ9Wwssg@pcL>sUngZtK9lJ)$n9 zMoiy5$_1l@)r-)sFD+uOczH_S-S?MdAI-923mhI(m=s?+-vz+GzoR>j1xlC9vbngl zSUK?bt?jT_F5r_+Qnfbd+R?P<| zO5P1Zt=?lSsQcFwTdB{z7eEezpkm@;YW}(% zA8JS%9dhw>*4gb*R9|v@tH$bK$RGa)I?_M3N90ABqnb2V#VE)asmXY&4x&G=u{lzl z0oA%$gp#L{b=DEe6RsBS@6y|wdjjrPzcjPaKym&zR02NN4zw+_QgGTfxc$FkCzyLL zN!1v-bSCy=C?`Xuoo z+8YIKET5wX+IzZc8S%Wo6v0vo=P4)dX!+9x5k7fRSpI@t=mx}$a!@}W@q((F3OxCM z>QcOKWf${?68@ACG#_q|G^>75IZ)d+EOq`B(n~wXZUM$3iGhvQi;!`-xn4f}qcg=O#6;g`f^3Kc1laSvK4|C$20* zW@bz$GL5nepxNnle~k&NbvaqEKimQFK1&Z`nVp>q--Y(p$7$I#?>x=d`0g2;0&<2v zps*1GoK$KItmrJBjuAv?qK?Vd&*3=n}^Cfjd z$V#rCVuDYwGdfU1?^?@bFqQ1ZniqzdI91=5He4LpkNhObf!kGzif~#XVUfyhlELZ| zN1(s$s^{nAXca^#D6GNib61mWpW12!^JVg~)5=Pe#m(AB-MnHSC|~=vi-!}YC~@f@ zaQW?_YTwW)!;zJ1TUwSnfB&xs|GW`hh({VvxX3M-yfO6477tTVG4|n~?(ddyM z$bA8KuNWb_qvXw2lb6M=eCx-92|jiW9gUyeOZ9PGA}S+Pw5uTjy;0IPMKXzNk*^>8 z$Nufbm6722PL+ygk^GO{Wg>f#ZbZ_^OZ=0lXiQBk*~k^ zmmpvDJlF_7J>=hqMzmwkF+*q!(Ccc#_td_Rd zJe&b|$2h06hG9Gjx&67EEOktOtxeLIvnDn=HY{XGuQ0o;rY^nJ)2Bl;2x)S3HGtIC za+6+~BY5!JGIsR#6^+AJqt1_IjLZhnVc*G*d+xUJBhC`RrewS$Td8O12bxPpD=K1A?mYylI z-uNUXbyMrvGbV>c8T&x_`!2uiaIAPSLv63Z@WJd`l3dlz=KMlPCUJ7iH+YARKlerH0cfLTGMSqSEydSzcUE5N_a0R1}fAMq_0p765C z7uDJOzK>wPD;p-g@@*3-$ND@6@^k>+pajR|uhIV7RpC%#{vH|8 zCP59AqE}K;MoyFxaioy@InN->x7UEAVTNsq9MT3yS;is%he&c@M&6pYjbOo0OMcz0 z`yQu4Ljx)|MI&$n0gDh0FgHBtcT5~mOS_v-8qbwbVAdU@C;Aj<6v2H4nce2MT4JtA ze}zMoS3JS;P80kb6qaS_DWEmtrZ}Hon%#SG0frJrQVM4^T5*qBV>mr<;W06=BNgms zDy^s(vt8T$U-taF4p2Jn3zH(|V}G_|N&QG^vQyJVyG6^(Xj6*$+{v8`BG|DnEriUV zCdVR-`)M*kk;aSriQRuQ^j&W-LY;mL2?>$&w0){;Q^5~xp&)RE#inWDW30S?6=gYF zGd?o9-0FJ9oBO@*1Lo~cE>G}vFkF0MGK>b|sP;Pw!D;aqhN)X1W($K;e4+#R44=3wLYyVb5+a^;jPy4#~JZ%9S z6^rlR7An)1mN@+@Z37*kSK8vMef1G(nmF%6{JEb&CV2y(FA$tR^Dzk}4{1bP2*$JE zgP*tyf@W41xxVl0%WuNm?S3?DJw5UBynK&+Bi8phQwOa*ta`N`M^sF4C{5MqH=hsn z{x)hQO%wJ&=oPb2VRxbQt;tmz6-@;#tq4If*Z`_$hRpi~+=7~JlnD}o9Ydk|?M0tX z9}CE}md6l3FTGG=Rxg|*cxN!V6?wvYGF=UgA&<-RT#{F?-=l*n0DHDP4w!DNEiaF0 zRuU59kKW__TGN`^xSrauHZifmFd~SE~C0ZvtwG0ztk zTOuh)!zXWp7~bnc-CXZuGNHHGpa(Z#4GF>(aGPH5CMv#99Tfij`Ln6I+HRq((VF!1 zY!=za_FkT5R79Rs{{6S-_v;&S^L+Fqtu&e>{IDf_d?R7HWFyU4)P$O<;Ei{=Ybttt zZ+^_^cTE$7;NW0B%y6>-Q$qJw5pPlnb#<4fse_j_dZ26w^pg1Bz*4V+siV_Z{W6Ow z2V4qxypY(g7M$su6RD}`B}7&bmo$m_>RTUq2c zetBrVKtkCZ{Q3F{3D~im6L46~m009@+^5_!F|}=pp0}J#qPeVbZFplX>UrQa{rVtu zbIXS6wOc1e?cTX@@o;zNLBcc)Qu5%DmgmWtZrqKg`G5~kPKn=ikCL>MhB`Y{ixZNM zFE?;x(49UIamS4BI8>P=>PvOW;eS%yngS4X{T6(UjVS={)r+SWK$KJKe5CSF;QH@O zqvdh2NTiiOG;KM);?E8p<$v4h1)2X@+?0CAi2kjsOA!xB0&E9p6KhKTmal@U zyPmD=TDD;yDF4w8{}W-GTbKQ42j!(X0P0k&kdcuwFby@=`ZnYl^;6~4pKM57%=fca z$_9DlcUc(QQWYf-R#MeO`!L`aU}G21i;rKj4}JPAXkwyFypN?Y#J?&lEpT1Q(4N%w zaa#zy$K>ZB^UTfEe##06hMLgK#@*H&rKW5A-cHWV$5M)uR7%2%7M%rL`^BSwiXPK3 zM<9(bejYe^Fb>PXS7i{#E>WS;Wk&Ap=~2*XxO2uZY{cN?Fu#5?hz-3S#c1ZdSbAc7 zh;aJvQMB^&^F?e|o8&(!r2Xmg-5F9DlP!<>?QM==<;<9X^CJVZjLubOxd6tVl@{W| z4t|k@19B|fYE#}Xw8lcB@FAs=@S=o2GZ2jWyy7|aA&fN{4yDKvKDH#LLs3tAs)|BB zUaqb=r3D3n%7ujg%(IR<_EL2Dl2qDRHYElgpA`Kv9{$qTL}>xyzM8653EsALe6Fv0 z`WmkHrq&Bx68t&BWZyF8$N?)EWML1Cp+iC%TJp5iSgx^9O#*4w;P4sJKwDF~?1Kj# zPK{AY;_&Ikg^-R`f|WK_goKU`{^Q}O_x|HO`pL@5Y7|7VG9`4Lpb|^*guyG-XYUVsD39*FAWnNIABC0~XJal~;a##WwVlkxJPy?&0B4L)>~9Wy}nkJcBz)cwc*&2=VD@l@%6+) zk>@?C{i4%;>(MlJXL@)YQQ*HkuLx4$J;Hu}JqRtUuHq>vZ9lk@=BDIc@edRw95qrC zcob05j#Ac*Is3hNsOAq@j09HOXUgsY_%}UD=!(K_@Vs8+#KY3dO9uL`H3hi04<7{H z{s_Uxx2S4glJziC90sk~{GJj?#-$vDQPKk~Yi}*?ugfjt>!gsOA@(o8+0j9X(bn1| z_)zreuP>DsX$YO7^&g`!qxXX9Tv82}{lITro%bu&JBX2^hi69)OrQS$;HaNpPA1k| zZ*f504?~$T9p@!PT}R6MYYtRVrZYIcWKq=tGnD#_O8S9xqcAm#<(Lf{meCyg!ZSZa z;7C=SKqd%>By%AgnDguK$@wS8RoJfl<&Cffj#N26#EJW1`Qqmkf~TNL^8FxvNjA_P zF%s!QuC}qO33mP&mJgEZ}Tb zw$aH^k|3IFxc~!*dAxOpeiX&=G!`*N{kA!jr~hsx?`wx6L;DTzePN9|lrY;vFB1WO$NZIcusliv{c!?uspN6XeJ3vS! zHpp_u`PiHKybh%b1VUJ>Kd^*TLj^XWfCj99zjB)Ui`;eJ|4N zEf~&Emw%a$Bz&ZGaCV%5hh~;kH_^lnT7+vADWmz}>`z|2qH)#44hBvcXgnA%`N2yHe9$qThB|4#n`H19xr4(ASPSk+#OVno zDRpvMm?{eq3{=5Bl;suZuFk?1iq91=N&rW10PD(P3Q$!@oj>mB3pv%G|9>cQblnXw zuHCQLdq)=+D(Jf$VRb{LaoLkj34!@RaAe+pBmntv1>J9^mio>@p9i6PPvxg&9j?4G z`0Kzp66jpCdZ@UwMOvs>xQ>vGjM6NUjx&6BV;Yz^SC*Mhgc)TBjs{VBY8&#HI}H{j znE`UbU}>AO0$~Jqd1+dFeE*owhs1x>;aGQVp@T#^3@(DAcZQgJe2$2OK-}9cJ03s@ zwjSC4U-NO%)74DY|MN@kZ~k0PTf(taCMgqIb#+a39>-kEhwkUmgdjLLIJa1M8mK*% zxGaV;nh;hJ0wq$iKp4TA7((dRXRwhlJt`rr3Edfb8HI9A!&R!YWj>?PDt?m@H70tr z7<&m=aexFBlDEbl-#-{5+_?F^0BCG_!#)wB_QFQh?F`pBzJ<)dAmNJV0K2Y#j~~r? zm@czEi2iSC+2RmCbVZ%jR~X9=-2>D+o@;;&bF36xKgJiERcFz=epaw-DjM#AhzBjS zcZO}QM=DB*<_#=AD!~-vb={bj?8ms%lbAftK1Rk0T7zdzM47^t2TGVR(B{F$%o_E8K>=khJ~L6k@Y-}irWS7FfIxtB7FsHR~i6i z$Sl$=qz`E<_0g3(;IqVnES98Ffc#O`valv;^c6pZqQo*{c&9E|g(45`kc9249C##` zXK!TQzAOD#sVUD%&e+7V(6bFh&q#OIqx{2Zi#t;b@&8I=5c64zsrLKXFnG`FGe0=6 z0@zR`*jQ1zdVY5H5jQd*|M2{fDp@*SH%`jc4mE`48tIyrj;^4gf!%rJW2zp9+xc3` z!}Ho=Qzfgt_p`;Yjpas;&tp-LfmW;a+l6Pro1y#5sNX67UJg@v=;V8A#ooog&#Cu+ ztBJVrez*Jm!W;f}-*0@6-?95y^S?L1-5oDt*U$a%n!9fMeO>pz5)WorpSNB6aTV+H zo#_XU{%$=!mkAX1KMoX_Ce$UL+xd3#zUm{uD-RF+biKF7#W(IJKi}M{3+MfAKW}+b z|N9`YC4PKf+&?Wp-$%mY_iF7Aw5;Y&e#`5>JN?kn{YU?^JL{ZnIPho1O9lo8$r9Iy z66gHf+|;}h2Ir#G#FEq$h4Rdj3 Date: Fri, 17 May 2019 09:05:44 +0200 Subject: [PATCH 002/332] v9.1-dev init --- CHANGES | 4 ++++ hydra.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 48dd919..6ef0ff4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ Changelog for hydra ------------------- +Release 9.1-dev +* your patch? :) + + Release 9.0 * rdp: Revamped rdp module to use FreeRDP library (thanks to loianhtuan@github for the patch!) * Added memcached module diff --git a/hydra.c b/hydra.c index 0199729..2b6e3a7 100644 --- a/hydra.c +++ b/hydra.c @@ -214,7 +214,7 @@ char *SERVICES = #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.0" +#define VERSION "v9.1-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define RESOURCE "https://github.com/vanhauser-thc/thc-hydra" From db9025bf86e79f1af1e1d70bdc6ea133e486c781 Mon Sep 17 00:00:00 2001 From: Hank Leininger Date: Sat, 18 May 2019 15:56:08 -0600 Subject: [PATCH 003/332] Worked around APR_PATH_MAX errors on some Linuxes when SVN is enabled. On Gentoo Linux (and possibly others?) with Subversion 1.12.0, compilation of hydra-svn.c fails with: In file included from /usr/include/subversion-1/svn_client.h:34, from hydra-svn.c:9: /usr/include/apr-1/apr.h:632:2: error: #error no decision has been made on APR_PATH_MAX for your platform #error no decision has been made on APR_PATH_MAX for your platform ^~~~~ This happens when PATH_MAX is not defined. PATH_MAX is defined by /usr/include/linux/limits.h, but rather than include'ing that directly and possibly breaking other platforms, include sys/param.h (which will include linux/limits.h indirectly) iff PATH_MAX is not defined and sys/param.h exists. I based the approach on how math.h is handled. --- configure | 8 ++++++-- hydra-svn.c | 4 ++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/configure b/configure index d09ac9d..0309e53 100755 --- a/configure +++ b/configure @@ -557,6 +557,10 @@ for i in $INCDIRS ; do fi fi done +SYS_PARAM="" +if [ -f "$SDK_PATH/usr/include/sys/param.h" ]; then + SYS_PARAM=-DHAVE_SYS_PARAM_H +fi if [ "X" != "X$DEBUG" ]; then echo DEBUG: SVN_PATH=$SVN_PATH/libsvn_client-1 echo DEBUG: APR_PATH=$APR_PATH/libapr @@ -1501,7 +1505,7 @@ else fi if [ "X" != "X$DEBUG" ]; then - echo DEBUG: XDEFINES=$XDEFINES $MATH + echo DEBUG: XDEFINES=$XDEFINES $MATH $SYS_PARAM echo DEBUG: XLIBS=$XLIBS echo DEBUG: XLIBPATHS=$XLIBPATHS echo DEBUG: XIPATHS=$XIPATHS @@ -1519,7 +1523,7 @@ if [ "X" != "X$FHS" ]; then echo "MANDIR = /share/man/man1" >> Makefile.in echo "DATADIR = /share/hydra" >> Makefile.in fi -echo "XDEFINES=$XDEFINES $MATH" >> Makefile.in +echo "XDEFINES=$XDEFINES $MATH $SYS_PARAM" >> Makefile.in echo "XLIBS=$XLIBS" >> Makefile.in echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in echo "XIPATHS=$XIPATHS" >> Makefile.in diff --git a/hydra-svn.c b/hydra-svn.c index eaf51f2..f180fbd 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -6,6 +6,10 @@ /* needed on openSUSE */ #define _GNU_SOURCE +#if !defined PATH_MAX && defined HAVE_SYS_PARAM_H +#include +#endif + #include #include #include From 30e5d53fce14af9f8f38694fa0fdf81d69d956d6 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Thu, 23 May 2019 13:31:37 +0800 Subject: [PATCH 004/332] Delete rdp header file We don't need that header file anymore as we are relying on freerdp now. --- rdp.h | 634 ---------------------------------------------------------- 1 file changed, 634 deletions(-) delete mode 100644 rdp.h diff --git a/rdp.h b/rdp.h deleted file mode 100644 index 1d3c7c4..0000000 --- a/rdp.h +++ /dev/null @@ -1,634 +0,0 @@ -/* - david: this file is based on header files from rdesktop project - - rdesktop: A Remote Desktop Protocol client. - Master include file - Copyright (C) Matthew Chapman 1999-2008 - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -*/ - -#include "hydra-mod.h" - -#include -#include -#include -#ifdef _WIN32 -#define WINVER 0x0400 -#include -#include -#include -#define DIR int32_t -#else -#include -#include -#ifdef HAVE_SYS_SELECT_H -#include -#else -#include -#include -#endif -#endif -#include /* PATH_MAX */ -#ifdef HAVE_SYSEXITS_H -#include -#endif - -#include /* stat */ -#include /* gettimeofday */ -#include /* times */ -#include -#include - -//fixme - -/* The system could not log you on. Make sure your User name and domain are correct [FAILED] */ -#define LOGON_MESSAGE_FAILED_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x05\x04\x06\x06\x05\x02\x04\x07\x06" -#define LOGON_MESSAGE_FAILED_2K3 "\x00\x00\x01\x08\x02\x07\x03\x07\x04\x07\x05\x05\x01\x05\x04\x07\x03\x05" -#define LOGON_MESSAGE_FAILED_2K8 "not needed" - -#define LOGON_MESSAGE_2K "\x00\x00\x01\x06\x02\x07\x04\x0a\x05\x08\x06\x0a\x01\x05\x07\x0a\x08\x0b\x05\x03\x09\x07\x01\x07\x0a\x07\x0b\x09\xff\x00\x1c" - -/* The local policy of this system does not permit you to logon interactively. [SUCCESS] */ -#define LOGON_MESSAGE_NO_INTERACTIVE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x02\x06\x06\x07\x05\x04\x06\x08\x05" -#define LOGON_MESSAGE_NO_INTERACTIVE_2K3 "??" - -/* Unable to log you on because your account has been locked out [FAILED] */ -#define LOGON_MESSAGE_LOCKED_XP "\x00\x00\x01\x07\x02\x06\x03\x06\x04\x06\x05\x02\x07\x09\x08\x04\x04\x09" -#define LOGON_MESSAGE_LOCKED_2K3 "??" - -/* Your account has been disabled. Please see your system administrator. [ERROR] */ -/* Your account has expired. Please see your system administrator. [ERROR] */ -#define LOGON_MESSAGE_DISABLED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x06\x05\x01\x05\x02\x06" -#define LOGON_MESSAGE_DISABLED_2K3 "??" - -/* Your password has expired and must be changed. [SUCCESS] */ -#define LOGON_MESSAGE_EXPIRED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x07\x06\x07\x05\x08\x05" -#define LOGON_MESSAGE_EXPIRED_2K3 "??" - -/* You are required to change your password at first logon. [SUCCESS] */ -#define LOGON_MESSAGE_MUST_CHANGE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x06\x06\x04\x05\x09\x06\x04\x07\x06" -#define LOGON_MESSAGE_MUST_CHANGE_2K3 "??" - -/* The terminal server has exceeded the maximum number of allowed connections. [SUCCESS] */ -#define LOGON_MESSAGE_MSTS_MAX_2K3 "\x00\x00\x01\x06\x02\x07\x01\x07\x05\x07\x24\x0a\x25\x0a\x0b\x07\x0b\x06\x26" - - -#define DEBUG(args) { if (debug) {hydra_report(stderr, "[DEBUG] "); printf args; }} -#define DEBUG_RDP5(args){ if (debug) {hydra_report(stderr, "[DEBUG] RDP5 "); printf args; }} - -#define STRNCPY(dst,src,n) { strncpy(dst,src,n-1); dst[n-1] = 0; } - -#ifndef MIN -#define MIN(x,y) (((x) < (y)) ? (x) : (y)) -#endif - -#ifndef MAX -#define MAX(x,y) (((x) > (y)) ? (x) : (y)) -#endif - -/* timeval macros */ -#ifndef timerisset -#define timerisset(tvp)\ - ((tvp)->tv_sec || (tvp)->tv_usec) -#endif -#ifndef timercmp -#define timercmp(tvp, uvp, cmp)\ - ((tvp)->tv_sec cmp (uvp)->tv_sec ||\ - (tvp)->tv_sec == (uvp)->tv_sec &&\ - (tvp)->tv_usec cmp (uvp)->tv_usec) -#endif -#ifndef timerclear -#define timerclear(tvp)\ - ((tvp)->tv_sec = (tvp)->tv_usec = 0) -#endif - -/* If configure does not define the endianess, try - to find it out */ -#if !defined(L_ENDIAN) && !defined(B_ENDIAN) -#if __BYTE_ORDER == __LITTLE_ENDIAN -#define L_ENDIAN -#elif __BYTE_ORDER == __BIG_ENDIAN -#define B_ENDIAN -#else -#error Unknown endianness. Edit rdp.h. -#endif -#endif /* B_ENDIAN, L_ENDIAN from configure */ - -/* No need for alignment on x86 and amd64 */ -#if !defined(NEED_ALIGN) -#if !(defined(__x86__) || defined(__x86_64__) || \ - defined(__AMD64__) || defined(_M_IX86) || \ - defined(__i386__)) -#define NEED_ALIGN -#endif -#endif - -/* Parser state */ -typedef struct stream -{ - unsigned char *p; - unsigned char *end; - unsigned char *data; - uint32_t size; - - /* Offsets of various headers */ - unsigned char *iso_hdr; - unsigned char *mcs_hdr; - unsigned char *sec_hdr; - unsigned char *rdp_hdr; - unsigned char *channel_hdr; - -} - *STREAM; - -#define s_push_layer(s,h,n) { (s)->h = (s)->p; (s)->p += n; } -#define s_pop_layer(s,h) (s)->p = (s)->h; -#define s_mark_end(s) (s)->end = (s)->p; -#define s_check(s) ((s)->p <= (s)->end) -#define s_check_rem(s,n) ((s)->p + n <= (s)->end) -#define s_check_end(s) ((s)->p == (s)->end) - -#if defined(L_ENDIAN) && !defined(NEED_ALIGN) -#define in_uint16_le(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } -#define in_uint32_le(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } -#define out_uint16_le(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } -#define out_uint32_le(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } - -#else -#define in_uint16_le(s,v) { v = *((s)->p++); v += *((s)->p++) << 8; } -#define in_uint32_le(s,v) { in_uint16_le(s,v) \ - v += *((s)->p++) << 16; v += *((s)->p++) << 24; } -#define out_uint16_le(s,v) { *((s)->p++) = (v) & 0xff; *((s)->p++) = ((v) >> 8) & 0xff; } -#define out_uint32_le(s,v) { out_uint16_le(s, (v) & 0xffff); out_uint16_le(s, ((v) >> 16) & 0xffff); } -#endif - -#if defined(B_ENDIAN) && !defined(NEED_ALIGN) -#define in_uint16_be(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } -#define in_uint32_be(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } -#define out_uint16_be(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } -#define out_uint32_be(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } - -#define B_ENDIAN_PREFERRED -#define in_uint16(s,v) in_uint16_be(s,v) -#define in_uint32(s,v) in_uint32_be(s,v) -#define out_uint16(s,v) out_uint16_be(s,v) -#define out_uint32(s,v) out_uint32_be(s,v) - -#else -#define in_uint16_be(s,v) { v = *((s)->p++); next_be(s,v); } -#define in_uint32_be(s,v) { in_uint16_be(s,v); next_be(s,v); next_be(s,v); } -#define out_uint16_be(s,v) { *((s)->p++) = ((v) >> 8) & 0xff; *((s)->p++) = (v) & 0xff; } -#define out_uint32_be(s,v) { out_uint16_be(s, ((v) >> 16) & 0xffff); out_uint16_be(s, (v) & 0xffff); } -#endif - -#ifndef B_ENDIAN_PREFERRED -#define in_uint16(s,v) in_uint16_le(s,v) -#define in_uint32(s,v) in_uint32_le(s,v) -#define out_uint16(s,v) out_uint16_le(s,v) -#define out_uint32(s,v) out_uint32_le(s,v) -#endif - -#define in_uint8(s,v) v = *((s)->p++); -#define in_uint8p(s,v,n) { v = (s)->p; (s)->p += n; } -#define in_uint8a(s,v,n) { memcpy(v,(s)->p,n); (s)->p += n; } -#define in_uint8s(s,n) (s)->p += n; -#define out_uint8(s,v) *((s)->p++) = v; -#define out_uint8p(s,v,n) { memcpy((s)->p,v,n); (s)->p += n; } -#define out_uint8a(s,v,n) out_uint8p(s,v,n); -#define out_uint8s(s,n) { memset((s)->p,0,n); (s)->p += n; } - -#define next_be(s,v) v = ((v) << 8) + *((s)->p++); - -typedef unsigned char uint8; -typedef signed char sint8; -typedef unsigned short uint16; -typedef signed short sint16; -typedef uint32_t uint32; -typedef int32_t sint32; - -typedef struct _BOUNDS -{ - sint16 left; - sint16 top; - sint16 right; - sint16 bottom; - -} -BOUNDS; - -/* PSTCACHE */ -typedef uint8 HASH_KEY[8]; - -#ifndef PATH_MAX -#define PATH_MAX 256 -#endif - -#define RDP_ORDER_STANDARD 0x01 -#define RDP_ORDER_SECONDARY 0x02 -#define RDP_ORDER_BOUNDS 0x04 -#define RDP_ORDER_CHANGE 0x08 -#define RDP_ORDER_DELTA 0x10 -#define RDP_ORDER_LASTBOUNDS 0x20 -#define RDP_ORDER_SMALL 0x40 -#define RDP_ORDER_TINY 0x80 - -enum RDP_ORDER_TYPE -{ - RDP_ORDER_DESTBLT = 0, - RDP_ORDER_PATBLT = 1, - RDP_ORDER_SCREENBLT = 2, - RDP_ORDER_LINE = 9, - RDP_ORDER_RECT = 10, - RDP_ORDER_DESKSAVE = 11, - RDP_ORDER_MEMBLT = 13, - RDP_ORDER_TRIBLT = 14, - RDP_ORDER_POLYGON = 20, - RDP_ORDER_POLYGON2 = 21, - RDP_ORDER_POLYLINE = 22, - RDP_ORDER_ELLIPSE = 25, - RDP_ORDER_ELLIPSE2 = 26, - RDP_ORDER_TEXT2 = 27 -}; - -enum RDP_SECONDARY_ORDER_TYPE -{ - RDP_ORDER_RAW_BMPCACHE = 0, - RDP_ORDER_COLCACHE = 1, - RDP_ORDER_BMPCACHE = 2, - RDP_ORDER_FONTCACHE = 3, - RDP_ORDER_RAW_BMPCACHE2 = 4, - RDP_ORDER_BMPCACHE2 = 5, - RDP_ORDER_BRUSHCACHE = 7 -}; - -typedef struct _RECT_ORDER -{ - sint16 x; - sint16 y; - sint16 cx; - sint16 cy; - uint32 colour; - -} -RECT_ORDER; - -typedef struct _DESKSAVE_ORDER -{ - uint32 offset; - sint16 left; - sint16 top; - sint16 right; - sint16 bottom; - uint8 action; - -} -DESKSAVE_ORDER; - -typedef struct _MEMBLT_ORDER -{ - uint8 colour_table; - uint8 cache_id; - sint16 x; - sint16 y; - sint16 cx; - sint16 cy; - uint8 opcode; - sint16 srcx; - sint16 srcy; - uint16 cache_idx; - -} -MEMBLT_ORDER; - -#define MAX_DATA 256 -#define MAX_TEXT 256 - -typedef struct _TEXT2_ORDER -{ - uint8 font; - uint8 flags; - uint8 opcode; - uint8 mixmode; - uint32 bgcolour; - uint32 fgcolour; - sint16 clipleft; - sint16 cliptop; - sint16 clipright; - sint16 clipbottom; - sint16 boxleft; - sint16 boxtop; - sint16 boxright; - sint16 boxbottom; - sint16 x; - sint16 y; - uint8 length; - uint8 text[MAX_TEXT]; - -} -TEXT2_ORDER; - -typedef struct _RDP_ORDER_STATE -{ - uint8 order_type; - BOUNDS bounds; - - RECT_ORDER rect; - DESKSAVE_ORDER desksave; - MEMBLT_ORDER memblt; - TEXT2_ORDER text2; -} -RDP_ORDER_STATE; - -#define WINDOWS_CODEPAGE "UTF-16LE" - -/* ISO PDU codes */ -enum ISO_PDU_CODE -{ - ISO_PDU_CR = 0xE0, /* Connection Request */ - ISO_PDU_CC = 0xD0, /* Connection Confirm */ - ISO_PDU_DR = 0x80, /* Disconnect Request */ - ISO_PDU_DT = 0xF0, /* Data */ - ISO_PDU_ER = 0x70 /* Error */ -}; - -/* MCS PDU codes */ -enum MCS_PDU_TYPE -{ - MCS_EDRQ = 1, /* Erect Domain Request */ - MCS_DPUM = 8, /* Disconnect Provider Ultimatum */ - MCS_AURQ = 10, /* Attach User Request */ - MCS_AUCF = 11, /* Attach User Confirm */ - MCS_CJRQ = 14, /* Channel Join Request */ - MCS_CJCF = 15, /* Channel Join Confirm */ - MCS_SDRQ = 25, /* Send Data Request */ - MCS_SDIN = 26 /* Send Data Indication */ -}; - -#define MCS_CONNECT_INITIAL 0x7f65 -#define MCS_CONNECT_RESPONSE 0x7f66 - -#define BER_TAG_BOOLEAN 1 -#define BER_TAG_INTEGER 2 -#define BER_TAG_OCTET_STRING 4 -#define BER_TAG_RESULT 10 -#define MCS_TAG_DOMAIN_PARAMS 0x30 - -#define MCS_GLOBAL_CHANNEL 1003 -#define MCS_USERCHANNEL_BASE 1001 - -/* RDP secure transport constants */ -#define SEC_RANDOM_SIZE 32 -#define SEC_MODULUS_SIZE 64 -#define SEC_MAX_MODULUS_SIZE 256 -#define SEC_PADDING_SIZE 8 -#define SEC_EXPONENT_SIZE 4 - -#define SEC_CLIENT_RANDOM 0x0001 -#define SEC_ENCRYPT 0x0008 -#define SEC_LOGON_INFO 0x0040 -#define SEC_LICENCE_NEG 0x0080 -#define SEC_REDIRECT_ENCRYPT 0x0C00 - -#define SEC_TAG_SRV_INFO 0x0c01 -#define SEC_TAG_SRV_CRYPT 0x0c02 -#define SEC_TAG_SRV_CHANNELS 0x0c03 - -#define SEC_TAG_CLI_INFO 0xc001 -#define SEC_TAG_CLI_CRYPT 0xc002 -#define SEC_TAG_CLI_CHANNELS 0xc003 -#define SEC_TAG_CLI_4 0xc004 - -#define SEC_TAG_PUBKEY 0x0006 -#define SEC_TAG_KEYSIG 0x0008 - -#define SEC_RSA_MAGIC 0x31415352 /* RSA1 */ - -/* RDP PDU codes */ -enum RDP_PDU_TYPE -{ - RDP_PDU_DEMAND_ACTIVE = 1, - RDP_PDU_CONFIRM_ACTIVE = 3, - RDP_PDU_REDIRECT = 4, /* MS Server 2003 Session Redirect */ - RDP_PDU_DEACTIVATE = 6, - RDP_PDU_DATA = 7 -}; - -enum RDP_DATA_PDU_TYPE -{ - RDP_DATA_PDU_UPDATE = 2, - RDP_DATA_PDU_CONTROL = 20, - RDP_DATA_PDU_POINTER = 27, - RDP_DATA_PDU_INPUT = 28, - RDP_DATA_PDU_SYNCHRONISE = 31, - RDP_DATA_PDU_BELL = 34, - RDP_DATA_PDU_CLIENT_WINDOW_STATUS = 35, - RDP_DATA_PDU_LOGON = 38, /* PDUTYPE2_SAVE_SESSION_INFO */ - RDP_DATA_PDU_FONT2 = 39, - RDP_DATA_PDU_KEYBOARD_INDICATORS = 41, - RDP_DATA_PDU_DISCONNECT = 47 -}; - -enum RDP_SAVE_SESSION_PDU_TYPE -{ - INFOTYPE_LOGON = 0, - INFOTYPE_LOGON_LONG = 1, - INFOTYPE_LOGON_PLAINNOTIFY = 2, - INFOTYPE_LOGON_EXTENDED_INF = 3 -}; - -enum RDP_LOGON_INFO_EXTENDED_TYPE -{ - LOGON_EX_AUTORECONNECTCOOKIE = 1, - LOGON_EX_LOGONERRORS = 2 -}; - -enum RDP_CONTROL_PDU_TYPE -{ - RDP_CTL_REQUEST_CONTROL = 1, - RDP_CTL_GRANT_CONTROL = 2, - RDP_CTL_DETACH = 3, - RDP_CTL_COOPERATE = 4 -}; - -enum RDP_UPDATE_PDU_TYPE -{ - RDP_UPDATE_ORDERS = 0, - RDP_UPDATE_BITMAP = 1, - RDP_UPDATE_PALETTE = 2, - RDP_UPDATE_SYNCHRONIZE = 3 -}; - -/* RDP bitmap cache (version 2) constants */ -#define BMPCACHE2_C0_CELLS 0x78 -#define BMPCACHE2_C1_CELLS 0x78 -#define BMPCACHE2_C2_CELLS 0x150 -#define BMPCACHE2_NUM_PSTCELLS 0x9f6 - -#define PDU_FLAG_FIRST 0x01 -#define PDU_FLAG_LAST 0x02 - -/* RDP capabilities */ -#define RDP_CAPSET_GENERAL 1 /* Maps to generalCapabilitySet in T.128 page 138 */ -#define RDP_CAPLEN_GENERAL 0x18 -#define OS_MAJOR_TYPE_UNIX 4 -#define OS_MINOR_TYPE_XSERVER 7 - -#define RDP_CAPSET_BITMAP 2 -#define RDP_CAPLEN_BITMAP 0x1C - -#define RDP_CAPSET_ORDER 3 -#define RDP_CAPLEN_ORDER 0x58 - -#define RDP_CAPSET_BMPCACHE 4 -#define RDP_CAPLEN_BMPCACHE 0x28 - -#define RDP_CAPSET_CONTROL 5 -#define RDP_CAPLEN_CONTROL 0x0C - -#define RDP_CAPSET_ACTIVATE 7 -#define RDP_CAPLEN_ACTIVATE 0x0C - -#define RDP_CAPSET_POINTER 8 -#define RDP_CAPLEN_POINTER 0x08 -#define RDP_CAPLEN_NEWPOINTER 0x0a - -#define RDP_CAPSET_SHARE 9 -#define RDP_CAPLEN_SHARE 0x08 - -#define RDP_CAPSET_COLCACHE 10 -#define RDP_CAPLEN_COLCACHE 0x08 - -#define RDP_CAPSET_BRUSHCACHE 15 -#define RDP_CAPLEN_BRUSHCACHE 0x08 - -#define RDP_CAPSET_BMPCACHE2 19 -#define RDP_CAPLEN_BMPCACHE2 0x28 - -#define RDP_SOURCE "MSTSC" - -/* Logon flags */ -#define RDP_LOGON_AUTO 0x0008 -#define RDP_LOGON_NORMAL 0x0033 -#define RDP_LOGON_COMPRESSION 0x0080 /* mppc compression with 8kB histroy buffer */ -#define RDP_LOGON_BLOB 0x0100 -#define RDP_LOGON_COMPRESSION2 0x0200 /* rdp5 mppc compression with 64kB history buffer */ -#define RDP_LOGON_LEAVE_AUDIO 0x2000 - -#define RDP5_DISABLE_NOTHING 0x00 -#define RDP5_NO_WALLPAPER 0x01 -#define RDP5_NO_FULLWINDOWDRAG 0x02 -#define RDP5_NO_MENUANIMATIONS 0x04 -#define RDP5_NO_THEMING 0x08 -#define RDP5_NO_CURSOR_SHADOW 0x20 -#define RDP5_NO_CURSORSETTINGS 0x40 /* disables cursor blinking */ - -/* compression types */ -#define RDP_MPPC_BIG 0x01 -#define RDP_MPPC_COMPRESSED 0x20 -#define RDP_MPPC_RESET 0x40 -#define RDP_MPPC_FLUSH 0x80 -#define RDP_MPPC_DICT_SIZE 65536 - -#define RDP5_COMPRESSED 0x80 - -#ifndef _SSL_H -#define _SSL_H - -#include -#include -#include -#include -#include -#include -#include - -#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) -#define D2I_X509_CONST const -#else -#define D2I_X509_CONST -#endif - -#define SSL_RC4 RC4_KEY -#define SSL_SHA1 SHA_CTX -#define SSL_MD5 MD5_CTX -#define SSL_CERT X509 -#define SSL_RKEY RSA -#endif - -/* for win8 */ -#define KBD_FLAG_DOWN 0x4000 -#define KBD_FLAG_UP 0x8000 -#define RDP_KEYRELEASE (KBD_FLAG_DOWN | KBD_FLAG_UP) -#define FASTPATH_INPUT_KBDFLAGS_RELEASE 1 -#define FASTPATH_INPUT_EVENT_SCANCODE 0 -#define FASTPATH_INPUT_EVENT_MOUSE 1 -#define RDP_INPUT_MOUSE 0x8001 -#define RDP_INPUT_SCANCODE 4 - -/* iso.c */ -STREAM iso_init(int32_t length); -void iso_send(STREAM s); -STREAM iso_recv(uint8 * rdpver); -BOOL iso_connect(char *server, char *username, BOOL reconnect); -void iso_disconnect(void); -void iso_reset_state(void); -/* mcs.c */ -STREAM mcs_init(int32_t length); -void mcs_send_to_channel(STREAM s, uint16 channel); -void mcs_send(STREAM s); -STREAM mcs_recv(uint16 * channel, uint8 * rdpver); -BOOL mcs_connect(char *server, STREAM mcs_data, char *username, BOOL reconnect); -void mcs_disconnect(void); -void mcs_reset_state(void); -/* orders.c */ -void process_orders(STREAM s, uint16 num_orders); -void reset_order_state(void); -/* rdesktop.c */ -void generate_random(uint8 * random); -void *xmalloc(int32_t size); -void exit_if_null(void *ptr); -char *xstrdup(const char *s); -void *xrealloc(void *oldmem, size_t size); -void error(char *format, ...); -void warning(char *format, ...); -void unimpl(char *format, ...); -void hexdump(unsigned char *p, uint32_t len); -/* rdp.c */ -static void process_demand_active(STREAM s); -static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason); -/* secure.c */ -void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt); -void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2); -void buf_out_uint32(uint8 * buffer, uint32 value); -void sec_sign(uint8 * signature, int32_t siglen, uint8 * session_key, int32_t keylen, uint8 * data, - int32_t datalen); -void sec_decrypt(uint8 * data, int32_t length); -STREAM sec_init(uint32 flags, int32_t maxlen); -void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel); -void sec_send(STREAM s, uint32 flags); -void sec_process_mcs_data(STREAM s); -STREAM sec_recv(uint8 * rdpver); -BOOL sec_connect(char *server, char *username, BOOL reconnect); -void sec_disconnect(void); -void sec_reset_state(void); -/* tcp.c */ -STREAM tcp_init(uint32 maxlen); -void tcp_send(STREAM s); -STREAM tcp_recv(STREAM s, uint32 length); -BOOL tcp_connect(char *server); -void tcp_disconnect(void); -char *tcp_get_address(void); -void tcp_reset_state(void); From b9c5e7e125497b3dc45d9bc0311c25ca27ee3ae0 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 23 May 2019 14:04:14 +0200 Subject: [PATCH 005/332] better compile options --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 046aded..ca82167 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ # # Makefile for Hydra - (c) 2001-2019 by van Hauser / THC # -OPTS=-I. -O3 +OPTS=-I. -O3 -march=native -flto # -Wall -g -pedantic LIBS=-lm BINDIR = /bin From bd70ea79c29dc460efd2c3672bee87cee9bdd909 Mon Sep 17 00:00:00 2001 From: raynull <51116855+raynull@users.noreply.github.com> Date: Tue, 28 May 2019 12:52:27 +0300 Subject: [PATCH 006/332] Update hydra-redis.c --- hydra-redis.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-redis.c b/hydra-redis.c index c010577..e97dd1c 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -167,7 +167,7 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi printf("[DEBUG] buf = %s\n", buf); // authentication test if (strstr(buf, "+PONG") != NULL) { // the server does not require password - hydra_report(stderr, "[!] The server does not require password.\n"); + hydra_report(stderr, "[!] The server %s does not require password.\n", hostname); free(buf); return 1; } From d24d7a86657e9e880ddf2c7ba139dae960a774fb Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 29 May 2019 08:54:16 +0200 Subject: [PATCH 007/332] hydra -m help --- CHANGES | 1 + hydra.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 6ef0ff4..627882f 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ Changelog for hydra Release 9.1-dev * your patch? :) +* forgot to have the -m option in the hydra help output Release 9.0 diff --git a/hydra.c b/hydra.c index 2b6e3a7..3b5aa3a 100644 --- a/hydra.c +++ b/hydra.c @@ -475,7 +475,7 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " [-x MIN:MAX:CHARSET]" #endif - " [-c TIME] [-ISOuvVd46] " + " [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] " //"[server service [OPT]]|" "[service://server[:PORT][/OPT]]\n"); PRINT_NORMAL(ext, "\nOptions:\n"); @@ -512,6 +512,7 @@ void help(int32_t ext) { MAXTASKS, WAITTIME, conwait ); PRINT_NORMAL(ext, " -U service module usage details\n" + " -m OPT options specific for a module, see -U output for information\n" " -h more command line options (COMPLETE HELP)\n" " server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n" " service the service to crack (see below for supported protocols)\n" From f6001f39e239b1a8d844118b003cf7962de8018d Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Thu, 30 May 2019 23:43:45 +0800 Subject: [PATCH 008/332] Initialize properly sockaddr_in structs --- hydra-mod.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-mod.c b/hydra-mod.c index b53390a..7df7928 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -102,6 +102,8 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t selected_proxy = random() % proxy_count; } + memset(&target, 0, sizeof(target)); + memset(&sin, 0, sizeof(sin)); #ifdef AF_INET6 memset(&target6, 0, sizeof(target6)); memset(&sin6, 0, sizeof(sin6)); From 5df0ab39c0fe65f4878f2da4b9e80716d30ce704 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Fri, 31 May 2019 17:14:45 +0800 Subject: [PATCH 009/332] Fixing memory leak lresp variable is not freed properly, also taking the chance to switch the printf calls to hydra_report function --- hydra-rtsp.c | 62 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 24 deletions(-) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 020b64d..444ba0c 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -79,9 +79,11 @@ void create_core_packet(int32_t control, char *ip, int32_t port) { int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[1030], buffer2[500]; - char *lresp; + memset(buffer, 0, sizeof(buffer)); + memset(buffer2, 0, sizeof(buffer2)); + if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -95,12 +97,13 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha lresp = hydra_receive_line(s); if (lresp == NULL) { - fprintf(stderr, "[ERROR] no server reply\n"); + hydra_report(stderr, "[ERROR] no server reply\n"); return 1; } if (is_NotFound(lresp)) { - printf("[INFO] Server does not need credentials\n"); + free(lresp); + hydra_report(stderr, "[INFO] Server does not need credentials\n"); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { return 3; @@ -112,6 +115,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (use_Basic_Auth(lresp) == 1) { + free(lresp); sprintf(buffer2, "%.249s:%.249s", login, pass); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); @@ -121,43 +125,53 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha hydra_report(stderr, "C:%s\n", buffer); } } + else { + if (use_Digest_Auth(lresp) == 1) { + char *dbuf = NULL; + char aux[500] = ""; + char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); - if (use_Digest_Auth(lresp) == 1) { - char *dbuf = NULL; - char aux[500] = ""; - - char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); - - strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); - aux[sizeof(aux) - 1] = '\0'; + strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); + aux[sizeof(aux) - 1] = '\0'; + free(lresp); #ifdef LIBOPENSSL - sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); + sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); #else - printf("[ERROR] Digest auth required but compiled without OpenSSL/MD5 support\n"); - return 3; + hydra_report(stderr, "[ERROR] Digest auth required but compiled without OpenSSL/MD5 support\n"); + return 3; #endif - if (dbuf == NULL) { - fprintf(stderr, "[ERROR] digest generation failed\n"); - return 3; - } - sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf); + if (dbuf == NULL) { + hydra_report(stderr, "[ERROR] digest generation failed\n"); + return 3; + } + sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf); - if (debug) { - hydra_report(stderr, "C:%s\n", buffer); + if (debug) { + hydra_report(stderr, "C:%s\n", buffer); + } } } + if (strlen(buffer) == 0) { + hydra_report(stderr, "[ERROR] could not identify HTTP authentication used\n"); + return 1; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } lresp = NULL; - lresp = hydra_receive_line(s); + + if (lresp == NULL) { + hydra_report(stderr, "[ERROR] no server reply\n"); + return 1; + } if ((is_NotFound(lresp))) { - + free(lresp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { @@ -165,8 +179,8 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } return 1; - } + free(lresp); hydra_completed_pair(); } From 392bb0e3b30c6b70517318a41e7465eea3109494 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Fri, 31 May 2019 18:38:10 +0800 Subject: [PATCH 010/332] Fixing open() off by one error As reported by coverity: off_by_one: Testing whether handle fd is strictly greater than zero is suspicious. fd leaks when it is zero --- hydra-gtk/src/callbacks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-gtk/src/callbacks.c b/hydra-gtk/src/callbacks.c index 62c441c..5600f15 100644 --- a/hydra-gtk/src/callbacks.c +++ b/hydra-gtk/src/callbacks.c @@ -690,7 +690,7 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) { text = gtk_text_buffer_get_text(outputbuf, &start, &end, TRUE); fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644); - if (fd > 0) { + if (fd >= 0) { write(fd, text, strlen(text)); close(fd); } From d01f473d2ed7ff30ad8e621e5638a903bdb50f79 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sat, 1 Jun 2019 09:27:23 +0800 Subject: [PATCH 011/332] Fixing distinct used types --- hydra-mod.c | 2 +- hydra.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index 7df7928..9e7d862 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -33,7 +33,7 @@ int32_t do_retry = 1; int32_t module_auth_type = -1; int32_t intern_socket, extern_socket; char pair[260]; -char HYDRA_EXIT[5] = "\x00\xff\x00\xff\x00"; +char *HYDRA_EXIT = "\x00\xff\x00\xff\x00"; char *HYDRA_EMPTY = "\x00\x00\x00\x00"; char *fe80 = "\xfe\x80\x00"; int32_t fail = 0; diff --git a/hydra.c b/hydra.c index 3b5aa3a..a0735f0 100644 --- a/hydra.c +++ b/hydra.c @@ -305,7 +305,7 @@ typedef struct { } hydra_portlist; // external vars -extern char HYDRA_EXIT[5]; +extern char *HYDRA_EXIT; #if !defined(ANDROID) && !defined(__BIONIC__) extern int32_t errno; #endif From 99205f0410291c2fd63279288cafb0348e586ec7 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sun, 2 Jun 2019 11:11:30 +0800 Subject: [PATCH 012/332] Add length check for fixed-size string To prevent possible overflow. --- hydra-rdp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index f2fbfce..c75e722 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -48,7 +48,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - strcpy(server, hydra_address2string(ip)); + strncpy(server, hydra_address2string(ip), sizeof(server) - 1); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { strncpy(domain, miscptr, sizeof(domain) - 1); From f1e0df4080342646bff3adc3bc88abacb83fba90 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sun, 2 Jun 2019 11:18:27 +0800 Subject: [PATCH 013/332] Add length check for fixed-size string --- hydra-smb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-smb.c b/hydra-smb.c index 0337ffd..ffea905 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1212,7 +1212,7 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - strcpy(ipaddr_str, hydra_address2string(ip)); + strncpy(ipaddr_str, hydra_address2string(ip), sizeof(ipaddr_str) - 1); SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr); if (SMBSessionRet == -1) From 87a6e9385ee2109a7fc9cb0937ab43397acfa8d6 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sun, 2 Jun 2019 11:21:54 +0800 Subject: [PATCH 014/332] Cosmetic change to please code scanner --- hydra-asterisk.c | 1 + hydra-ftp.c | 2 ++ hydra-icq.c | 1 + hydra-redis.c | 1 + hydra-rpcap.c | 1 + hydra-ssh.c | 3 +++ hydra-sshkey.c | 3 +++ hydra-vmauthd.c | 1 + hydra-vnc.c | 2 ++ 9 files changed, 15 insertions(+) diff --git a/hydra-asterisk.c b/hydra-asterisk.c index 5be7896..1ec351d 100644 --- a/hydra-asterisk.c +++ b/hydra-asterisk.c @@ -114,6 +114,7 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); + break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); diff --git a/hydra-ftp.c b/hydra-ftp.c index 6b853eb..504c0bd 100644 --- a/hydra-ftp.c +++ b/hydra-ftp.c @@ -155,10 +155,12 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); + break; case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); + break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); diff --git a/hydra-icq.c b/hydra-icq.c index 68fd667..eba21bc 100644 --- a/hydra-icq.c +++ b/hydra-icq.c @@ -236,6 +236,7 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); + break; } run = next_run; } diff --git a/hydra-redis.c b/hydra-redis.c index e97dd1c..a2b9757 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -95,6 +95,7 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); + break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); diff --git a/hydra-rpcap.c b/hydra-rpcap.c index a1cb9d3..ff15956 100644 --- a/hydra-rpcap.c +++ b/hydra-rpcap.c @@ -111,6 +111,7 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); + break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); diff --git a/hydra-ssh.c b/hydra-ssh.c index 2f1d2d5..1ca2815 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -126,6 +126,7 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL ssh_finalize(); ssh_free(session); hydra_child_exit(0); + break; case 3: ssh_disconnect(session); ssh_finalize(); @@ -133,12 +134,14 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL if (verbose) fprintf(stderr, "[ERROR] ssh protocol error\n"); hydra_child_exit(2); + break; case 4: ssh_disconnect(session); ssh_finalize(); ssh_free(session); fprintf(stderr, "[ERROR] ssh target does not support password auth\n"); hydra_child_exit(2); + break; default: ssh_disconnect(session); ssh_finalize(); diff --git a/hydra-sshkey.c b/hydra-sshkey.c index a9b85b2..7a51389 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -124,18 +124,21 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, ssh_finalize(); ssh_free(session); hydra_child_exit(0); + break; case 3: ssh_disconnect(session); ssh_finalize(); ssh_free(session); fprintf(stderr, "[ERROR] ssh protocol error\n"); hydra_child_exit(2); + break; case 4: ssh_disconnect(session); ssh_finalize(); ssh_free(session); fprintf(stderr, "[ERROR] ssh target does not support pubkey auth\n"); hydra_child_exit(2); + break; default: ssh_disconnect(session); ssh_finalize(); diff --git a/hydra-vmauthd.c b/hydra-vmauthd.c index 95ba53f..06f656f 100644 --- a/hydra-vmauthd.c +++ b/hydra-vmauthd.c @@ -134,6 +134,7 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); + break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); diff --git a/hydra-vnc.c b/hydra-vnc.c index 6dc3cdd..227f053 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -77,6 +77,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char case 0x0: hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf[3]); hydra_child_exit(0); + break; case 0x1: hydra_report(fp, "VNC server does not require authentication.\n"); if (fp != stdout) @@ -84,6 +85,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_report_found_host(port, ip, "vnc", fp); hydra_completed_pair_found(); hydra_child_exit(2); + break; case 0x2: //VNC security type supported is the only type supported for now if (vnc_client_version == RFB37) { From f2d2cd338e18208a0a80f20ce32622ba01bf56d1 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sun, 2 Jun 2019 11:32:21 +0800 Subject: [PATCH 015/332] Add length check for fixed-size string --- hydra-snmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-snmp.c b/hydra-snmp.c index 5ffc4ef..a9adb17 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -111,7 +111,7 @@ void password_to_key_md5(u_char * password, /* IN */ if (mylen < 8) { memset(bpass, 0, sizeof(bpass)); - strcpy(bpass, password); + strncpy(bpass, password, sizeof(bpass) - 1); while (mylen < 8) { strcat(bpass, password); mylen += passwordlen; From 2f1c1438ea8e3c520a0ec96e60d2329235ba2fdc Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sun, 2 Jun 2019 11:44:47 +0800 Subject: [PATCH 016/332] Cosmetic change Missed that one in the previous commit. --- hydra-icq.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-icq.c b/hydra-icq.c index eba21bc..86c968c 100644 --- a/hydra-icq.c +++ b/hydra-icq.c @@ -233,6 +233,7 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); + break; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); From 85d51ba494074872163d8ed54e863a669de02768 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Tue, 4 Jun 2019 13:53:08 +0800 Subject: [PATCH 017/332] Fix memory leak buf variable is not freed properly from the hydra_receive_line call --- hydra-ldap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-ldap.c b/hydra-ldap.c index e00265e..d04d180 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -393,6 +393,7 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { /* TLS option negociation goes well, now trying to connect */ + free(buf); if ((hydra_connect_to_ssl(sock, hostname) == -1) && verbose) { hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_child_exit(1); @@ -403,6 +404,7 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } else { hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf); + free(buf); hydra_child_exit(1); } } From 5ea9c47bb56e39106b5c324d24f70bbec4a23c00 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Tue, 4 Jun 2019 13:56:48 +0800 Subject: [PATCH 018/332] Fix initialization of pool struct variable --- hydra-pop3.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-pop3.c b/hydra-pop3.c index fe07eed..91d9c48 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -523,6 +523,7 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis p.pop3_auth_mechanism = AUTH_CLEAR; p.disable_tls = 1; + p.next = NULL; memcpy(p.ip, ip, 36); if ((options & OPTION_SSL) == 0) { From 6d70d30c51776e482672858271d0c74d456bb8fb Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sat, 8 Jun 2019 11:24:41 +0800 Subject: [PATCH 019/332] Fixed a typo in readme --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index fcd354e..b2895c6 100644 --- a/README +++ b/README @@ -24,7 +24,7 @@ access from remote to a system. THIS TOOL IS FOR LEGAL PURPOSES ONLY! There are already several login hacker tools available, however, none does -either support more than one protocol to attack or support parallized +either support more than one protocol to attack or support parallelized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, From f4b48c0513967c4e6aa932a00fe5634630e71e6e Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sat, 8 Jun 2019 11:38:14 +0800 Subject: [PATCH 020/332] Add radmin entry and describe dependencies --- README | 6 +++--- README.md | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README b/README index b2895c6..129a9f1 100644 --- a/README +++ b/README @@ -35,7 +35,7 @@ Currently this tool supports the following protocols: HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, - Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, + Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. @@ -81,8 +81,8 @@ for a few optional modules (note that some might not be available on your distri ``` apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird-dev libmemcached-dev libmongoc-dev \ - libfreerdp-client2-2 + firebird-dev libmemcached-dev libgpg-error-dev \ + libgcrypt11-dev libgcrypt20-dev ``` This enables all optional modules and features with the exception of Oracle, diff --git a/README.md b/README.md index a5e095c..129a9f1 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Currently this tool supports the following protocols: HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, - Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, + Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. @@ -81,7 +81,8 @@ for a few optional modules (note that some might not be available on your distri ``` apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird-dev libmemcached-dev + firebird-dev libmemcached-dev libgpg-error-dev \ + libgcrypt11-dev libgcrypt20-dev ``` This enables all optional modules and features with the exception of Oracle, From 6e3f02b419ce2eeb6b4918cedd63ea258c1771ad Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sat, 8 Jun 2019 11:45:54 +0800 Subject: [PATCH 021/332] Add more check to detect missing header file for radmin support --- configure | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/configure b/configure index 0309e53..9c2e248 100755 --- a/configure +++ b/configure @@ -38,6 +38,7 @@ WSSL_LIB_PATH="" CURSES_PATH="" CURSES_IPATH="" CRYPTO_PATH="" +GPGERROR_IPATH="" IDN_PATH="" IDN_IPATH="" PR29_IPATH="" @@ -125,6 +126,7 @@ echo "Starting hydra auto configuration ..." rm -f Makefile.in SYSS=`uname -s 2> /dev/null` SYSO=`uname -o 2> /dev/null` +SYSM=`uname -m 2> /dev/null` if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" -o "$SYSS" = "Darwin" ]; then SF=`uname -m | grep 64` if [ `uname -m` = "s390x" ]; then @@ -260,22 +262,33 @@ if [ "$SSL_IPATH" = "/usr/include" ]; then SSL_IPATH="" fi -echo "Checking for gcrypt (libgcrypt.so) ..." +echo "Checking for gcrypt (libgcrypt.so, gpg-error.h) ..." for i in $LIBDIRS ; do - if [ "X" = "X$GCRYPT_PATH" ]; then - if [ -f "$i/libgcrypt.so" -o -f "$i/libgcrypt.dylib" -o -f "$i/libgcrypt.a" -o -f "$i/libgcrypt.dll.a" -o -f "$i/libgcrypt.la" ]; then + if [ -f "$i/libgcrypt.so" -o -f "$i/libgcrypt.dylib" -o -f "$i/libgcrypt.a" -o -f "$i/libgcrypt.dll.a" -o -f "$i/libgcrypt.la" ]; then HAVE_GCRYPT="y" + fi +done + +for i in $INCDIRS ; do + if [ "X" = "X$GPGERROR_IPATH" ]; then + TMP_PATH=`/bin/ls $i/$SYSM*/gpg-error.h 2> /dev/null` + if [ -n "$TMP_PATH" ]; then + GPGERROR_IPATH="$i" + else + if [ -f "$i/gpg-error.h" ]; then + GPGERROR_IPATH="$i" + fi fi fi done -if [ -n "$HAVE_GCRYPT" ]; then - echo " ... found" + +if [ -n "$HAVE_GCRYPT" -a "X" != "X$GPGERROR_IPATH" ]; then + echo " ... found" else - echo " ... gcrypt not found, radmin2 module disabled" + echo " ... gcrypt not found, radmin2 module disabled" + HAVE_GCRYPT="" fi - - echo "Checking for idn (libidn.so) ..." for i in $LIBDIRS ; do if [ "X" = "X$IDN_PATH" ]; then From 1213174e9a2c180473fe2c338293622d18141684 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Tue, 11 Jun 2019 17:22:07 +0800 Subject: [PATCH 022/332] Remove RDP related entry --- PROBLEMS | 2 -- 1 file changed, 2 deletions(-) diff --git a/PROBLEMS b/PROBLEMS index 74dafd2..4fcbf44 100644 --- a/PROBLEMS +++ b/PROBLEMS @@ -3,5 +3,3 @@ List of known issues: * Cygwin: more than 30 tasks (-t 31 or more) will lead to a stack smash * OS X: brew installed modules are not compiled correctly and will crash hydra -* RDP module: disabled as it does not support the current protocol. Help needed! - From 41300792097d3a1ccfacf229c597d5c081050f4b Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Tue, 11 Jun 2019 17:24:18 +0800 Subject: [PATCH 023/332] Remove README file Duplicated from README.md which will be used as default readme file. --- README | 531 --------------------------------------------------------- 1 file changed, 531 deletions(-) delete mode 100644 README diff --git a/README b/README deleted file mode 100644 index 129a9f1..0000000 --- a/README +++ /dev/null @@ -1,531 +0,0 @@ - - H Y D R A - - (c) 2001-2019 by van Hauser / THC - https://github.com/vanhauser-thc/thc-hydra - many modules were written by David (dot) Maciejak @ gmail (dot) com - BFG code by Jan Dlabal - - Licensed under AGPLv3 (see LICENSE file) - - Please do not use in military or secret service organizations, - or for illegal purposes. - - - -INTRODUCTION ------------- -Number one of the biggest security holes are passwords, as every password -security study shows. -This tool is a proof of concept code, to give researchers and security -consultants the possibility to show how easy it would be to gain unauthorized -access from remote to a system. - -THIS TOOL IS FOR LEGAL PURPOSES ONLY! - -There are already several login hacker tools available, however, none does -either support more than one protocol to attack or support parallelized -connects. - -It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. - -Currently this tool supports the following protocols: - Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, - HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, - HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, - Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, - Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, - SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, - VNC and XMPP. - -However the module engine for new services is very easy so it won't take a -long time until even more services are supported. -Your help in writing, enhancing or fixing modules is highly appreciated!! :-) - - - -WHERE TO GET ------------- -You can always find the newest release/production version of hydra at its -project page at https://github.com/vanhauser-thc/thc-hydra/releases -If you are interested in the current development state, the public development -repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra - or - git clone https://github.com/vanhauser-thc/thc-hydra -Use the development version at your own risk. It contains new features and -new bugs. Things might not work! - - - -HOW TO COMPILE --------------- -To configure, compile and install hydra, just type: - -``` -./configure -make -make install -``` - -If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need -to add "-DWITH_SSH1=On" option in the cmake command line. -IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! - -If you use Ubuntu/Debian, this will install supplementary libraries needed -for a few optional modules (note that some might not be available on your distribution): - -``` -apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ - libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird-dev libmemcached-dev libgpg-error-dev \ - libgcrypt11-dev libgcrypt20-dev -``` - -This enables all optional modules and features with the exception of Oracle, -SAP R/3, NCP and the apple filing protocol - which you will need to download and -install from the vendor's web sites. - -For all other Linux derivates and BSD based systems, use the system -software installer and look for similarly named libraries like in the -command above. In all other cases, you have to download all source libraries -and compile them manually. - - - -SUPPORTED PLATFORMS -------------------- -- All UNIX platforms (Linux, *BSD, Solaris, etc.) -- MacOS (basically a BSD clone) -- Windows with Cygwin (both IPv4 and IPv6) -- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - - - -HOW TO USE ----------- -If you just enter `hydra`, you will see a short summary of the important -options available. -Type `./hydra -h` to see all available command line options. - -Note that NO login/password file is included. Generate them yourself. -A default password list is however present, use "dpl4hydra.sh" to generate -a list. - -For Linux users, a GTK GUI is available, try `./xhydra` - -For the command line usage, the syntax is as follows: - For attacking one target or a network, you can use the new "://" style: - hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS - The old mode can be used for these too, and additionally if you want to - specify your targets from a text file, you *must* use this one: - -``` -hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] -``` - -Via the command line options you specify which logins to try, which passwords, -if SSL should be used, how many parallel tasks to use for attacking, etc. - -PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, -http-get or many others are available -TARGET is the target you want to attack -MODULE-OPTIONS are optional values which are special per PROTOCOL module - -FIRST - select your target - you have three options on how to specify the target you want to attack: - 1. a single target on the command line: just put the IP or DNS address in - 2. a network range on the command line: CIDR specification like "192.168.0.0/24" - 3. a list of hosts in a text file: one line per entry (see below) - -SECOND - select your protocol - Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. - Use a port scanner to see which protocols are enabled on the target. - -THIRD - check if the module has optional parameters - hydra -U PROTOCOL - e.g. hydra -U smtp - -FOURTH - the destination port - this is optional! if no port is supplied the default common port for the - PROTOCOL is used. - If you specify SSL to use ("-S" option), the SSL common port is used by default. - - -If you use "://" notation, you must use "[" "]" brackets if you want to supply -IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: - hydra [some command line options] ftp://[192.168.0.0/24]/ - hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM - -Note that everything hydra does is IPv4 only! -If you want to attack IPv6 addresses, you must add the "-6" command line option. -All attacks are then IPv6 only! - -If you want to supply your targets via a text file, you can not use the :// -notation but use the old style and just supply the protocol (and module options): - hydra [some command line options] -M targets.txt ftp -You can supply also the port for each target entry by adding ":" after a -target entry in the file, e.g.: - -``` -foo.bar.com -target.com:21 -unusual.port.com:2121 -default.used.here.com -127.0.0.1 -127.0.0.1:2121 -``` - -Note that if you want to attach IPv6 targets, you must supply the -6 option -and *must* put IPv6 addresses in brackets in the file(!) like this: - -``` -foo.bar.com -target.com:21 -[fe80::1%eth0] -[2001::1] -[2002::2]:8080 -[2a01:24a:133:0:00:123:ff:1a] -``` - -LOGINS AND PASSWORDS --------------------- -You have many options on how to attack with logins and passwords -With -l for login and -p for password you tell hydra that this is the only -login and/or password to try. -With -L for logins and -P for passwords you supply text files with entries. -e.g.: - -``` -hydra -l admin -p password ftp://localhost/ -hydra -L default_logins.txt -p test ftp://localhost/ -hydra -l admin -P common_passwords.txt ftp://localhost/ -hydra -L logins.txt -P passwords.txt ftp://localhost/ -``` - -Additionally, you can try passwords based on the login via the "-e" option. -The "-e" option has three parameters: - -``` -s - try the login as password -n - try an empty password -r - reverse the login and try it as password -``` - -If you want to, e.g. try "try login as password and "empty password", you -specify "-e sn" on the command line. - -But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is separated by a colon, -e.g.: - -``` -admin:password -test:test -foo:bar -``` - -This is a common default account style listing, that is also generated by the -dpl4hydra.sh default account file generator supplied with hydra. -You use such a text file with the -C option - note that in this mode you -can not use -l/-L/-p/-P options (-e nsr however you can). -Example: - -``` -hydra -C default_accounts.txt ftp://localhost/ -``` - -And finally, there is a bruteforce mode with the -x option (which you can not -use with -p/-P/-C): - -``` --x minimum_length:maximum_length:charset -``` - -the charset definition is `a` for lowercase letters, `A` for uppercase letters, -`1` for numbers and for anything else you supply it is their real representation. -Examples: - -``` --x 1:3:a generate passwords from length 1 to 3 with all lowercase letters --x 2:5:/ generate passwords from length 2 to 5 containing only slashes --x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -``` - -Example: - -``` -hydra -l ftp -x 3:3:a ftp://localhost/ -``` - -SPECIAL OPTIONS FOR MODULES ---------------------------- -Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -command line option, you can pass one option to a module. -Many modules use this, a few require it! - -To see the special option of a module, type: - - hydra -U - -e.g. - - ./hydra -U http-post-form - -The special options can be passed via the -m parameter, as 3rd command line -option or in the service://target/option format. - -Examples (they are all equal): - -``` -./hydra -l test -p test -m PLAIN 127.0.0.1 imap -./hydra -l test -p test 127.0.0.1 imap PLAIN -./hydra -l test -p test imap://127.0.0.1/PLAIN -``` - -RESTORING AN ABORTED/CRASHED SESSION ------------------------------------- -When hydra is aborted with Control-C, killed or crashes, it leaves a -"hydra.restore" file behind which contains all necessary information to -restore the session. This session file is written every 5 minutes. -NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little endian to big endian, or from Solaris to AIX) - -HOW TO SCAN/CRACK OVER A PROXY ------------------------------- -The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works -just for the http services!). -The following syntax is valid: - -``` -HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" -HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" -HYDRA_PROXY_HTTP="proxylist.txt" -``` - -The last example is a text file containing up to 64 proxies (in the same -format definition as the other examples). - -For all other services, use the HYDRA_PROXY variable to scan/crack. -It uses the same syntax. eg: - -``` -HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port -``` - -for example: - -``` -HYDRA_PROXY=connect://proxy.anonymizer.com:8000 -HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 -HYDRA_PROXY=socksproxylist.txt -``` - -ADDITIONAL HINTS ----------------- -* sort your password files by likelihood and use the -u option to find - passwords much faster! -* uniq your dictionary files! this can save you a lot of time :-) - cat words.txt | sort | uniq > dictionary.txt -* if you know that the target is using a password policy (allowing users - only to choose a password with a minimum length of 6, containing a least one - letter and one number, etc. use the tool pw-inspector which comes along - with the hydra package to reduce the password list: - cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt - - -RESULTS OUTPUT --------------- - -The results are output to stdio along with the other information. Via the -o -command line option, the results can also be written to a file. Using -b, -the format of the output can be specified. Currently, these are supported: - -* `text` - plain text format -* `jsonv1` - JSON data using version 1.x of the schema (defined below). -* `json` - JSON data using the latest version of the schema, currently there - is only version 1. - -If using JSON output, the results file may not be valid JSON if there are -serious errors in booting Hydra. - - -JSON Schema ------------ -Here is an example of the JSON output. Notes on some of the fields: - -* `errormessages` - an array of zero or more strings that are normally printed - to stderr at the end of the Hydra's run. The text is very free form. -* `success` - indication if Hydra ran correctly without error (**NOT** if - passwords were detected). This parameter is either the JSON value `true` - or `false` depending on completion. -* `quantityfound` - How many username+password combinations discovered. -* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, - 2.03, etc. Hydra will make second tuple of the version to always be two - digits to make it easier for downstream processors (as opposed to v1.1 vs - v1.10). The minor-level versions are additive, so 1.02 will contain more - fields than version 1.00 and will be backward compatible. Version 2.x will - break something from version 1.x output. - -Version 1.00 example: -``` -{ - "errormessages": [ - "[ERROR] Error Message of Something", - "[ERROR] Another Message", - "These are very free form" - ], - "generator": { - "built": "2019-03-01 14:44:22", - "commandline": "hydra -b jsonv1 -o results.json ... ...", - "jsonoutputversion": "1.00", - "server": "127.0.0.1", - "service": "http-post-form", - "software": "Hydra", - "version": "v8.5" - }, - "quantityfound": 2, - "results": [ - { - "host": "127.0.0.1", - "login": "bill@example.com", - "password": "bill", - "port": 9999, - "service": "http-post-form" - }, - { - "host": "127.0.0.1", - "login": "joe@example.com", - "password": "joe", - "port": 9999, - "service": "http-post-form" - } - ], - "success": false -} -``` - - -SPEED ------ -through the parallelizing feature, this password cracker tool can be very -fast, however it depends on the protocol. The fastest are generally POP3 -and FTP. -Experiment with the task option (-t) to speed things up! The higher - the -faster ;-) (but too high - and it disables the service) - - - -STATISTICS ----------- -Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing -295 entries (294 tries invalid logins, 1 valid). Every test was run three -times (only for "1 task" just once), and the average noted down. - -``` - P A R A L L E L T A S K S -SERVICE 1 4 8 16 32 50 64 100 128 -------- -------------------------------------------------------------------- -telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* -ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 -pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 -imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 -``` - -(*) -Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with -128 tasks, running four times resulted in timings between 28 and 97 seconds! -The reason for this is unknown... - -guesses per task (rounded up): - - 295 74 38 19 10 6 5 3 3 - -guesses possible per connect (depends on the server software and config): - - telnet 4 - ftp 6 - pop3 1 - imap 3 - - - -BUGS & FEATURES ---------------- -Hydra: -Email me or David if you find bugs or if you have written a new module. -vh@thc.org (and put "antispam" in the subject line) - - -You should use PGP to encrypt emails to vh@thc.org : - -``` ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v3.3.3 (vh@thc.org) - -mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT -KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ -FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c -vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k -Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p -lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI -zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI -DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf -lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN -DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 -n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB -tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC -F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ -xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH -Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 -qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz -dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp -QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga -V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 -slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl -Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM -0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP -JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs -IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL -CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS -AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ -HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR -2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C -nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc -XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 -Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL -ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V -l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F -n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl -7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb -/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii -tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 -Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR -gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt -x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 -0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS -+C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw -G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA -oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr -rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC -v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 -02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv -s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ -Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK -d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP -gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y -ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP -8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd -X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD -aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN -cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC -Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR -zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni -1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT -zB3yrr+vYBT0uDWmxwPjiJs= -=ytEf ------END PGP PUBLIC KEY BLOCK----- -``` From 7009b6db0390b600084b37f4b87fbdbf9a07dd31 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Fri, 14 Jun 2019 13:33:11 +0800 Subject: [PATCH 024/332] Fix json output in case of connection error to the server --- hydra-redis.c | 10 +++++----- hydra.c | 13 +++++++++++-- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/hydra-redis.c b/hydra-redis.c index a2b9757..c230453 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -129,7 +129,7 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi // performed once only. // return codes: // 0 - when the server is redis and it requires password - // 1 - when the server is not redis or when the server does not require password + // n - when the server is not redis or when the server does not require password int32_t sock = -1; int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; @@ -151,7 +151,7 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi printf("[VERBOSE] Initial redis password authentication test and response test ...\n"); if (sock < 0) { hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport); - hydra_child_exit(1); + return 3; } // generating ping request as redis-cli if (debug) @@ -161,7 +161,7 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi // $4 // ping if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - return 1; + return 2; } buf = hydra_receive_line(sock); if (debug) @@ -170,13 +170,13 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi if (strstr(buf, "+PONG") != NULL) { // the server does not require password hydra_report(stderr, "[!] The server %s does not require password.\n", hostname); free(buf); - return 1; + return 2; } // server response test if (strstr(buf, "-NOAUTH Authentication required") == NULL && strstr(buf, "-ERR operation not permitted") == NULL) { hydra_report(stderr, "[ERROR] The server is not redis, exit.\n"); free(buf); - return 1; + return 2; } if (verbose) printf("[VERBOSE] The redis server requires password.\n"); diff --git a/hydra.c b/hydra.c index a0735f0..288712b 100644 --- a/hydra.c +++ b/hydra.c @@ -1127,8 +1127,17 @@ void hydra_service_init(int32_t target_no) { else hydra_targets[target_no]->done = TARGET_ERROR; hydra_brains.finished++; - if (hydra_brains.targets == 1) + if (hydra_brains.targets == 1) { + if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { + if (hydra_options.outfile_format == FORMAT_JSONV1) { + char json_error[120]; + snprintf(json_error, sizeof(json_error), "[ERROR] unexpected result connecting to target %s port %d", hydra_address2string_beautiful(t->ip), t->port); + fprintf(hydra_brains.ofp, "\n\t],\n\"success\": false,\n\"errormessages\": [ \"%s\" ],\n\"quantityfound\": %lu }\n", json_error, hydra_brains.found); + } + fclose(hydra_brains.ofp); + } exit(-1); + } } } @@ -3741,7 +3750,7 @@ int main(int argc, char *argv[]) { for (head_no = 0; head_no < hydra_options.max_use; head_no++) { if (debug > 1 && hydra_heads[head_no]->active != HEAD_DISABLED) printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); - + switch (hydra_heads[head_no]->active) { case HEAD_DISABLED: break; From 6a758105bb815dd5a860bbd7486b6ad8da09eeca Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sat, 15 Jun 2019 16:03:16 +0800 Subject: [PATCH 025/332] Fix typo in error msg creation Prevent typo while generating such kind of logs: "[ERROR] 0 targets did not complete" "1 of 1 target completed, 0 valid passwords found" --- hydra.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index 288712b..51dc65c 100644 --- a/hydra.c +++ b/hydra.c @@ -4033,7 +4033,7 @@ int main(int argc, char *argv[]) { printf("%d of %d target%s%scompleted, %lu valid password", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found); - printf("%s", hydra_brains.found == 1 ? "" : "s"); + printf("%s", hydra_brains.found < 1 ? "" : "s"); printf(" found\n"); error += j; @@ -4090,7 +4090,7 @@ int main(int argc, char *argv[]) { error = 1; } if (error) { - snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not complete", j, j == 1 ? "" : "s"); + snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not complete", j, j < 1 ? "" : "s"); fprintf(stderr, "%s\n", tmp_str); if (*json_error) { strncat(json_error,", ", STRMAX); From c2286ffb00bfb4b7e0fc09b0a327d7e42f487d59 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sat, 15 Jun 2019 16:26:31 +0800 Subject: [PATCH 026/332] Remove extra comma from the json output related to #412 --- hydra.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hydra.c b/hydra.c index 51dc65c..756ddb4 100644 --- a/hydra.c +++ b/hydra.c @@ -4084,10 +4084,6 @@ int main(int argc, char *argv[]) { strncat(json_error,tmp_str,STRMAX); strncat(json_error,"\"",STRMAX); error = 1; - if (*json_error) { - strncat(json_error,", ", STRMAX); - } - error = 1; } if (error) { snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not complete", j, j < 1 ? "" : "s"); From 4cda4ca18962c9f118adae1d5a1ad5bcd2b4eda4 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 25 Jun 2019 12:52:07 +0200 Subject: [PATCH 027/332] added -K no redo switch --- CHANGES | 1 + hydra.c | 8 +++++++- hydra.h | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 627882f..33247a5 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ Changelog for hydra Release 9.1-dev * your patch? :) +* added -K command line switch to disable redo attempts (good for mass scanning) * forgot to have the -m option in the hydra help output diff --git a/hydra.c b/hydra.c index 756ddb4..23f0061 100644 --- a/hydra.c +++ b/hydra.c @@ -508,6 +508,7 @@ void help(int32_t ext) { " -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n" " -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n" " -O use old SSL v2 and v3\n" + " -K do not redo failed attempts (good for -M mass scanning)\n" " -q do not print messages about connection errors\n", MAXTASKS, WAITTIME, conwait ); @@ -1397,6 +1398,7 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { if (k <= 1) { // we need to put this in a list, otherwise we fail one login+pw test if (hydra_targets[target_no]->done == TARGET_ACTIVE + && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { @@ -1429,6 +1431,7 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { } else { // we need to put this in a list, otherwise we fail one login+pw test if (hydra_targets[target_no]->done == TARGET_ACTIVE + && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { @@ -2220,7 +2223,7 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { switch (i) { case 'h': help(1); @@ -2228,6 +2231,9 @@ int main(int argc, char *argv[]) { case 'q': quiet = 1; break; + case 'K': + hydra_options.skip_redo = 1; + break; case 'O': old_ssl = 1; break; diff --git a/hydra.h b/hydra.h index e12fdfe..2d6a35b 100644 --- a/hydra.h +++ b/hydra.h @@ -213,6 +213,7 @@ typedef struct { char *server; char *service; char bfg; + int32_t skip_redo; } hydra_option; #define _HYDRA_H From 74b78c5322e5ca7ff67869a7f401d202ccd186aa Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 26 Jun 2019 10:24:22 +0200 Subject: [PATCH 028/332] fix for -K --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 23f0061..159fde9 100644 --- a/hydra.c +++ b/hydra.c @@ -1376,7 +1376,7 @@ void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) { void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { int32_t i, k, maxfail = 0; - if (target_no < 0) + if (target_no < 0 || hydra_options.skip_redo) return; if (hydra_targets[target_no]->ok) { From 296e5e32043063e5bb4c36116081005ceb45c958 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 2 Jul 2019 22:04:58 +0200 Subject: [PATCH 029/332] print the necessary info on found passwords with issues --- hydra-smb.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/hydra-smb.c b/hydra-smb.c index ffea905..c46fd0f 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1240,38 +1240,32 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n"); hydra_completed_pair_skip(); } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, GPO Disabling Remote Connections Using NULL Passwords\n"); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, GPO Disabling Remote Connections Using NULL Passwords\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, GPO Deny access to this computer from the network\n"); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, GPO Deny access to this computer from the network\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if (SMBerr == 0x000193) { /* Valid password, account expired */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, account expired\n"); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, password expired and must be changed on next logon\n"); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, password expired and must be changed on next logon\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, but logon hours invalid\n"); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, but logon hours invalid\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ - if (verbose) - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); if ((miscptr) && (strstr(miscptr, "LM"))) hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); hydra_completed_pair_skip(); } else if (SMBerr == 0x000024) { /* change password on next login [success] */ - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); hydra_completed_pair_found(); } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ hydra_completed_pair(); From 71df2b35181f3b2d1490a78535a596435a648b98 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 2 Jul 2019 22:09:30 +0200 Subject: [PATCH 030/332] fcknscriptkiddies --- hydra.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index 159fde9..e17bf27 100644 --- a/hydra.c +++ b/hydra.c @@ -3184,9 +3184,11 @@ int main(int argc, char *argv[]) { hydra_options.max_use = MAXTASKS; } // script kiddie patch - if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, "gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) + if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, "gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) { fprintf(stderr, "[WARNING] Google Mail has bruteforce detection and sends false positives. You are not doing anything illegal right?!\n"); - + fprintf(stderr, "[WARNING] read the above!\n"); + sleep(5); + } if (hydra_options.colonfile == NULL) { if (hydra_options.loginfile != NULL) { if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) { From 39bc8e64db60a5cb39e278c7bbe7eb3b1e51866a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 3 Jul 2019 11:43:47 +0200 Subject: [PATCH 031/332] more scriptkiddie annoying --- hydra.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/hydra.c b/hydra.c index e17bf27..bdc75c5 100644 --- a/hydra.c +++ b/hydra.c @@ -3184,9 +3184,17 @@ int main(int argc, char *argv[]) { hydra_options.max_use = MAXTASKS; } // script kiddie patch - if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, "gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) { - fprintf(stderr, "[WARNING] Google Mail has bruteforce detection and sends false positives. You are not doing anything illegal right?!\n"); - fprintf(stderr, "[WARNING] read the above!\n"); + if (hydra_options.server != NULL && ( + hydra_strcasestr(hydra_options.server, ".outlook.com") != NULL || + hydra_strcasestr(hydra_options.server, ".hotmail.com") != NULL || + hydra_strcasestr(hydra_options.server, ".yahoo.") != NULL || + hydra_strcasestr(hydra_options.server, ".gmx.") != NULL || + hydra_strcasestr(hydra_options.server, ".web.de") != NULL || + hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || + hydra_strcasestr(hydra_options.server, "googlemail.") != NULL + )) { + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); + fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); } if (hydra_options.colonfile == NULL) { From a93539e872932728b5d11a95238bb90e44f17d03 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 11 Jul 2019 11:27:07 +0200 Subject: [PATCH 032/332] mysql module not using a default db now --- CHANGES | 1 + hydra-mysql.c | 10 ++-------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 33247a5..4435e92 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ Changelog for hydra Release 9.1-dev * your patch? :) +* changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ... * added -K command line switch to disable redo attempts (good for mass scanning) * forgot to have the -m option in the hydra help output diff --git a/hydra-mysql.c b/hydra-mysql.c index 0fda989..c33dc88 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -180,19 +180,13 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *response = NULL, *login = NULL, *pass = NULL; unsigned long response_len; char res = 0; - char database[256]; + char *database = NULL; login = hydra_get_next_login(); pass = hydra_get_next_password(); if (miscptr) - strncpy(database, miscptr, sizeof(database) - 1); - else { - strncpy(database, DEFAULT_DB, sizeof(database) - 1); - if (verbose) - hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n"); - } - database[sizeof(database) - 1] = 0; + database = miscptr; /* read server greeting */ res = hydra_mysql_init(sock); From c639f21a72bc9b1d8ac1e143690776f306f73cf5 Mon Sep 17 00:00:00 2001 From: jopravil Date: Wed, 24 Jul 2019 09:27:40 +0200 Subject: [PATCH 033/332] HTTP-GET add end condition. Simulary like in http-form --- hydra-http.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 70 insertions(+), 2 deletions(-) diff --git a/hydra-http.c b/hydra-http.c index 61f7c65..bae18a7 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -1,10 +1,17 @@ #include "hydra-http.h" #include "sasl.h" + + extern char *HYDRA_EXIT; char *webtarget = NULL; char *slash = "/"; char *http_buf = NULL; + +#define END_CONDITION_MAX_LEN 100 +static char end_condition[END_CONDITION_MAX_LEN]; +int end_condition_type=-1; + int32_t webport, freemischttp = 0; int32_t http_auth_mechanism = AUTH_UNASSIGNED; @@ -23,6 +30,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha if (strcmp(type, "POST") == 0) add_header(&ptr_head, "Content-Length", "0", HEADER_TYPE_DEFAULT); + + header = stringify_headers(&ptr_head); @@ -215,15 +224,28 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha return 3; } + + if (debug) hydra_report(stderr, "S:%s\n", http_buf); + + ptr = ((char *) index(http_buf, ' ')); if (ptr != NULL) ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { - hydra_report_found_host(port, ip, "www", fp); - hydra_completed_pair_found(); + + if(end_condition_type>=0 && hydra_string_match(http_buf,end_condition)!=end_condition_type){ + if (debug) + hydra_report(stderr, "End condition not match continue.\n"); + hydra_completed_pair(); + }else{ + hydra_report(stderr, "END condition %s match.\n",end_condition); + hydra_report_found_host(port, ip, "www", fp); + hydra_completed_pair_found(); + } + if (http_buf != NULL) { free(http_buf); http_buf = NULL; @@ -260,10 +282,14 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha } // free(http_buf); // http_buf = NULL; + + + free(buffer); free(header); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; + return 1; } @@ -319,6 +345,10 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if (http_auth_mechanism == AUTH_UNASSIGNED) http_auth_mechanism = AUTH_BASIC; + + + + while (1) { next_run = 0; @@ -390,6 +420,42 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis // 0 all OK // -1 error, hydra will exit, so print a good error message here + + + /*POU CODE */ + char * start=strstr(miscptr, "F="); + if(start==NULL) + start=strstr(miscptr, "S="); + + if (start !=NULL){ + if(start[0]=='F') + end_condition_type=0; + else + end_condition_type=1; + + int condition_len=strlen(start); + memset(end_condition,0,END_CONDITION_MAX_LEN); + if(condition_len>=END_CONDITION_MAX_LEN){ + hydra_report(stderr,"Condition string cannot be bigger than %u.",END_CONDITION_MAX_LEN); + return -1; + } + //copy condition witout starting string (F= or S= 2char) + strncpy(end_condition, start+2,condition_len-2); + hydra_report(stderr, "End condition is %s, mod is %d\n",end_condition,end_condition_type); + + if(*(start-1)==' ') + start--; + memset(start,'\0',condition_len); + if (debug) + hydra_report(stderr, "Modificated options:%s\n",miscptr); + }else{ + if (debug) + hydra_report(stderr, "Condition not found\n"); + } + + + + return 0; } @@ -398,5 +464,7 @@ void usage_http(const char* service) { "The following parameters are optional:\n" " (a|A)=auth-type specify authentication mechanism to use: BASIC, NTLM or MD5\n" " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" + " (F|S)=Invalid condition login check can be preceded by \"F=\", successful condition\n" + " login check must be preceded by \"S=\". IMPORTANT this option must by last option.\n" "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service); } From eb8fc1686cb41515c4182ea7301620734899efef Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 25 Jul 2019 19:00:41 +0200 Subject: [PATCH 034/332] fix --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 129a9f1..c6a9b94 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,7 @@ THIRD - check if the module has optional parameters e.g. hydra -U smtp FOURTH - the destination port - this is optional! if no port is supplied the default common port for the + this is optional, if no port is supplied the default common port for the PROTOCOL is used. If you specify SSL to use ("-S" option), the SSL common port is used by default. @@ -167,7 +167,7 @@ All attacks are then IPv6 only! If you want to supply your targets via a text file, you can not use the :// notation but use the old style and just supply the protocol (and module options): hydra [some command line options] -M targets.txt ftp -You can supply also the port for each target entry by adding ":" after a +You can also supply the port for each target entry by adding ":" after a target entry in the file, e.g.: ``` From 98afb8e32db0cb88da06bd468ed63fec65b9e9a6 Mon Sep 17 00:00:00 2001 From: jopravil Date: Mon, 29 Jul 2019 09:38:37 +0200 Subject: [PATCH 035/332] http-get better log --- hydra-http.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hydra-http.c b/hydra-http.c index bae18a7..3489b38 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -441,7 +441,8 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis } //copy condition witout starting string (F= or S= 2char) strncpy(end_condition, start+2,condition_len-2); - hydra_report(stderr, "End condition is %s, mod is %d\n",end_condition,end_condition_type); + if(debug) + hydra_report(stderr, "End condition is %s, mod is %d\n",end_condition,end_condition_type); if(*(start-1)==' ') start--; From 150d3250277d5eaeefd5adf4dcb3bffcbba41a55 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 29 Jul 2019 12:04:57 +0200 Subject: [PATCH 036/332] cleanup of submitted code --- CHANGES | 2 +- hydra-http.c | 36 +++++++++++------------------------- 2 files changed, 12 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 4435e92..262c365 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ Changelog for hydra ------------------- Release 9.1-dev -* your patch? :) +* http module now supports F=/S= string matching conditions (thanks to poucz@github) * changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ... * added -K command line switch to disable redo attempts (good for mass scanning) * forgot to have the -m option in the hydra help output diff --git a/hydra-http.c b/hydra-http.c index 3489b38..1c12ff8 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -30,8 +30,6 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha if (strcmp(type, "POST") == 0) add_header(&ptr_head, "Content-Length", "0", HEADER_TYPE_DEFAULT); - - header = stringify_headers(&ptr_head); @@ -224,28 +222,21 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha return 3; } - - if (debug) hydra_report(stderr, "S:%s\n", http_buf); - - ptr = ((char *) index(http_buf, ' ')); if (ptr != NULL) ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { - - if(end_condition_type>=0 && hydra_string_match(http_buf,end_condition)!=end_condition_type){ - if (debug) - hydra_report(stderr, "End condition not match continue.\n"); - hydra_completed_pair(); - }else{ - hydra_report(stderr, "END condition %s match.\n",end_condition); - hydra_report_found_host(port, ip, "www", fp); - hydra_completed_pair_found(); - } - + if (end_condition_type>=0 && hydra_string_match(http_buf,end_condition)!=end_condition_type) { + if (debug) hydra_report(stderr, "End condition not match continue.\n"); + hydra_completed_pair(); + } else { + if (debug) hydra_report(stderr, "END condition %s match.\n",end_condition); + hydra_report_found_host(port, ip, "www", fp); + hydra_completed_pair_found(); + } if (http_buf != NULL) { free(http_buf); http_buf = NULL; @@ -283,8 +274,6 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha // free(http_buf); // http_buf = NULL; - - free(buffer); free(header); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -346,10 +335,6 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if (http_auth_mechanism == AUTH_UNASSIGNED) http_auth_mechanism = AUTH_BASIC; - - - - while (1) { next_run = 0; switch (run) { @@ -465,7 +450,8 @@ void usage_http(const char* service) { "The following parameters are optional:\n" " (a|A)=auth-type specify authentication mechanism to use: BASIC, NTLM or MD5\n" " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " (F|S)=Invalid condition login check can be preceded by \"F=\", successful condition\n" - " login check must be preceded by \"S=\". IMPORTANT this option must by last option.\n" + " (F|S)=check for text in the HTTP reply. S= means if this text is found, a\n" + " valid account has been found, F= means if this string is present the\n" + " combination is invalid. Note: this must be the last option supplied.\n" "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service); } From 5d25fa1d1c3fd64d17532316b1a2ea7c20983361 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Fri, 30 Aug 2019 10:44:09 +0800 Subject: [PATCH 037/332] Fix string matching call for system without libpcre hydra_string_match() function is only available if libpcre is present. Compilation crashes without that patch. --- hydra-http.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hydra-http.c b/hydra-http.c index 1c12ff8..3a6b378 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -229,7 +229,11 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha if (ptr != NULL) ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { - if (end_condition_type>=0 && hydra_string_match(http_buf,end_condition)!=end_condition_type) { +#ifdef HAVE_PCRE + if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition)!=end_condition_type) { +#else + if (end_condition_type >= 0 && (strstr(http_buf, end_condition) == NULL ? 0 : 1) != end_condition_type) { +#endif if (debug) hydra_report(stderr, "End condition not match continue.\n"); hydra_completed_pair(); } else { From 32a7a406538bdfd695f20c7e40dce3e30b360140 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Fri, 30 Aug 2019 16:41:32 +0800 Subject: [PATCH 038/332] Add myself back to the project --- hydra.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index bdc75c5..6b28ad5 100644 --- a/hydra.c +++ b/hydra.c @@ -217,6 +217,8 @@ char *SERVICES = #define VERSION "v9.1-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" +#define AUTHOR2 "David Maciejak" +#define EMAIL2 "" #define RESOURCE "https://github.com/vanhauser-thc/thc-hydra" extern char *hydra_strcasestr(const char *haystack, const char *needle); @@ -2094,7 +2096,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2019 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); + printf("%s %s (c) 2019 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP SERVICES = hydra_string_replace(SERVICES, "afp ", ""); strcat(unsupported, "afp "); From 2a62cb30bb71b79fee33222ca66cdb13b7094f9c Mon Sep 17 00:00:00 2001 From: Andrii Artiushok Date: Fri, 30 Aug 2019 15:10:32 +0300 Subject: [PATCH 039/332] Fix dump with folder --- hydra.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index 6b28ad5..ac495c5 100644 --- a/hydra.c +++ b/hydra.c @@ -1046,15 +1046,17 @@ void fill_mem(char *ptr, FILE * fd, int32_t colonmode) { char tmp[MAXBUF + 4] = "", *ptr2; uint32_t len; int32_t only_one_empty_line = 0; + +int read_flag = 0; #ifdef HAVE_ZLIB gzFile fp = gzdopen(fileno(fd), "r"); - while (!gzeof(fp)) { + while (!gzeof(fp) && !read_flag) { if (gzgets(fp, tmp, MAXLINESIZE) != NULL) { #else FILE *fp = fd; - while (!feof(fp)) { + while (!feof(fp) && !read_flag) { if (fgets(tmp, MAXLINESIZE, fp) != NULL) { #endif if (tmp[0] != 0) { @@ -1082,6 +1084,8 @@ void fill_mem(char *ptr, FILE * fd, int32_t colonmode) { ptr++; } } + } else { + read_flag = 1; } } #ifdef HAVE_ZLIB From 9ae7ed075ac781c0014ceabdb6e057a95e3c2232 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sun, 1 Sep 2019 10:15:06 +0800 Subject: [PATCH 040/332] Improve support for macOS That's fixing the compilation issues as /lib does not exist on these systems, remove pie warnings, and add support for libraries installed with macPorts --- configure | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/configure b/configure index 9c2e248..5afd0da 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #!/bin/sh # -# uname -s = Linux | OpenBSD | FreeBSD +# uname -s = Linux | OpenBSD | FreeBSD | Darwin # uname -m = i636 or x86_64 if [ "$1" = "-h" -o "$1" = "--help" ]; then @@ -1272,7 +1272,16 @@ XLIBPATHS="" XIPATHS="" if [ -n "$FIREBIRD_PATH" -o -n "$PCRE_PATH" -o -n "$IDN_PATH" -o -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$NCP_PATH" -o -n "$CURSES_PATH" -o -n "$ORACLE_PATH" -o -n "$AFP_PATH" -o -n "$MYSQL_PATH" -o -n "$MCACHED_PATH" -o -n "$MONGOD_PATH" -o -n "$FREERDP2_PATH" -o -n "$WINPR2_PATH" ]; then - XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" + if [ "$SYSS" = "Darwin" ] && [ ! -d "/lib" ]; then + #for libraries installed with MacPorts + if [ -d "/opt/local/lib" ]; then + XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/opt/local/lib" + else + XLIBPATHS="-L/usr/lib -L/usr/local/lib" + fi + else + XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" + fi fi if [ -n "$MYSQL_IPATH" ]; then XIPATHS="$XIPATHS -I$MYSQL_IPATH" @@ -1574,7 +1583,7 @@ if [ "x$WINDRES" = "x" ]; then echo HYDRA_LOGO= >> Makefile echo PWI_LOGO= >> Makefile fi -if [ "$GCCSEC" = "yes" ] && [ "$SYSS" != "SunOS" ]; then +if [ "$GCCSEC" = "yes" ] && [ "$SYSS" != "SunOS" ] && [ "$SYSS" != "Darwin" ]; then echo "SEC=$GCCSECOPT" >> Makefile else echo "SEC=" >> Makefile From b3ddd4a2d25231a890007d361de656eaf58237db Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Mon, 2 Sep 2019 10:41:45 +0800 Subject: [PATCH 041/332] Fix svn_client_list3 function call deprecation Update the module to support subversion lib from v1.5 to 1.10 and fix following warning: hydra-svn.c:124:3: warning: \u2018svn_client_list3\u2019 is deprecated [-Wdeprecated-declarations] err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t) print_dirdummy, NULL, ctx, pool); --- hydra-svn.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/hydra-svn.c b/hydra-svn.c index f180fbd..4f4b79f 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -10,12 +10,15 @@ #include #endif +#include #include #include #include #include #include +#if SVN_VER_MINOR > 7 #include +#endif #endif @@ -58,7 +61,9 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char //int32_t ipv6 = 0; char URL[1024]; char URLBRANCH[256]; + #if SVN_VER_MINOR > 7 const char *canonical; + #endif apr_pool_t *pool; svn_error_t *err; svn_opt_revision_t revision; @@ -87,7 +92,11 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char return 4; } +#if SVN_VER_MINOR > 7 if ((err = svn_client_create_context2(&ctx, NULL, pool))) { +#else + if ((err = svn_client_create_context(&ctx, pool))) { +#endif svn_pool_destroy(pool); svn_handle_error2(err, stderr, FALSE, "hydra: "); return 4; @@ -111,8 +120,15 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char revision.kind = svn_opt_revision_head; snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string_beautiful(ip), port, URLBRANCH); dirents = SVN_DIRENT_KIND; + #if SVN_VER_MINOR > 9 + canonical = svn_uri_canonicalize(URL, pool); + err = svn_client_list4(canonical, &revision, &revision, NULL, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t) print_dirdummy, NULL, ctx, pool); + #elif SVN_VER_MINOR > 7 canonical = svn_uri_canonicalize(URL, pool); err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t) print_dirdummy, NULL, ctx, pool); + #else + err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); + #endif svn_pool_destroy(pool); @@ -211,6 +227,12 @@ int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *misc // 0 all OK // -1 error, hydra will exit, so print a good error message here + if (verbose) + hydra_report(stderr, "[VERBOSE] detected subversion library v%d.%d\n", SVN_VER_MAJOR, SVN_VER_MINOR); + if (SVN_VER_MAJOR != 1 && SVN_VER_MINOR >= 5) { + hydra_report(stderr, "[ERROR] unsupported subversion library v%d.%d, exiting!\n", SVN_VER_MAJOR, SVN_VER_MINOR); + return -1; + } return 0; } From e1e708d1a1b1b96849e21fb4e9a45fef0e85dfab Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Mon, 2 Sep 2019 21:05:50 +0800 Subject: [PATCH 042/332] Fix compilation warning for long unsigned value printing --- hydra.c | 44 ++++++++++++++++++++++---------------------- hydra.h | 9 ++++++++- 2 files changed, 30 insertions(+), 23 deletions(-) diff --git a/hydra.c b/hydra.c index ac495c5..5f27ef4 100644 --- a/hydra.c +++ b/hydra.c @@ -594,7 +594,7 @@ void hydra_debug(int32_t force, char *string) { if (!debug && !force) return; - printf("[DEBUG] Code: %s Time: %lu\n", string, (uint64_t) time(NULL)); + printf("[DEBUG] Code: %s Time: %" hPRIu64 "\n", string, (uint64_t) time(NULL)); printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, @@ -602,7 +602,7 @@ void hydra_debug(int32_t force, char *string) { hydra_options.try_password_reverse_login, hydra_options.exit_found, STR_NULL(hydra_options.miscptr), hydra_options.service); - printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %" hPRIu64 " todo %" hPRIu64 " sent %" hPRIu64 " found %" hPRIu64 " countlogin %" hPRIu64 " sizelogin %" hPRIu64 " countpass %" hPRIu64 " sizepass %" hPRIu64 "\n", hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all + total_redo_count, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, @@ -614,7 +614,7 @@ void hydra_debug(int32_t force, char *string) { for (i = 0; i < hydra_brains.targets; i++) { hydra_target* target = hydra_targets[i]; printf - ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d redo_state %d (%d redos) use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", + ("[DEBUG] Target %d - target %s ip %s login_no %" hPRIu64 " pass_no %" hPRIu64 " sent %" hPRIu64 " pass_state %d redo_state %d (%d redos) use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", i, STR_NULL(target->target), hydra_address2string_beautiful(target->ip), target->login_no, target->pass_no, target->sent, target->pass_state, target->redo_state, target->redo, @@ -1139,7 +1139,7 @@ void hydra_service_init(int32_t target_no) { if (hydra_options.outfile_format == FORMAT_JSONV1) { char json_error[120]; snprintf(json_error, sizeof(json_error), "[ERROR] unexpected result connecting to target %s port %d", hydra_address2string_beautiful(t->ip), t->port); - fprintf(hydra_brains.ofp, "\n\t],\n\"success\": false,\n\"errormessages\": [ \"%s\" ],\n\"quantityfound\": %lu }\n", json_error, hydra_brains.found); + fprintf(hydra_brains.ofp, "\n\t],\n\"success\": false,\n\"errormessages\": [ \"%s\" ],\n\"quantityfound\": %" hPRIu64 " }\n", json_error, hydra_brains.found); } fclose(hydra_brains.ofp); } @@ -1544,14 +1544,14 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { if (debug) printf - ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", + ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %" hPRIu64 "/%" hPRIu64 ", passcnt %" hPRIu64 "/%" hPRIu64 ", loop_cnt %d\n", target_no, head_no, hydra_targets[target_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { if (debug) - printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %lu, todo %lu)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); + printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %" hPRIu64 ", todo %" hPRIu64 ")\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); return -1; } @@ -1561,7 +1561,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { snpdone = 1; } else { if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) - printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %" hPRIu64 " of %" hPRIu64 "\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); hydra_heads[head_no]->redo = 0; @@ -1871,7 +1871,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return 0; // not prevent disabling it, if its needed its already done in the above line } if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d] (%d/%d)\n", + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, hydra_targets[target_no]->redo); } @@ -3216,11 +3216,11 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.countlogin > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); + fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %" hPRIu64 " entries.\n", MAX_LINES, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizelogin); + fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %" hPRIu64 " bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizelogin); exit(-1); } login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); @@ -3245,11 +3245,11 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.countpass > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); + fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %" hPRIu64 " entries.\n", MAX_LINES, hydra_brains.countpass); exit(-1); } if (hydra_brains.sizepass > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizepass); + fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %" hPRIu64 " bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizepass); exit(-1); } pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); @@ -3292,11 +3292,11 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.countlogin > MAX_LINES / 2) { - fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); + fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %" hPRIu64 " entries.\n", MAX_LINES / 2, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES / 2) { - fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (uint64_t) hydra_brains.sizelogin); + fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %" hPRIu64 " bytes.\n", MAX_BYTES / 2, (uint64_t) hydra_brains.sizelogin); exit(-1); } csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); @@ -3519,7 +3519,7 @@ int main(int argc, char *argv[]) { bail("No login/password combination given!"); if (hydra_brains.todo < hydra_options.tasks) { if (verbose && hydra_options.tasks != TASKS) - printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); + printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %" hPRIu64 "\n", hydra_brains.todo); hydra_options.tasks = hydra_brains.todo; } } @@ -3554,18 +3554,18 @@ int main(int argc, char *argv[]) { if (hydra_options.ssl) options = options | OPTION_SSL; - printf("[DATA] max %d task%s per %d server%s, overall %d task%s, %lu login tr", + printf("[DATA] max %d task%s per %d server%s, overall %d task%s, %" hPRIu64 " login tr", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_options.max_use == 1 ? "" : "s", hydra_brains.todo); printf("%s", hydra_brains.todo == 1 ? "y" : "ies"); if (hydra_options.colonfile == NULL) { - printf(" (l:%lu/p:%lu), ~%lu tr", + printf(" (l:%" hPRIu64 "/p:%" hPRIu64 "), ~%" hPRIu64 " tr", (uint64_t) hydra_brains.countlogin, (uint64_t) hydra_brains.countpass, math2); } else { - printf(", ~%lu tr", math2); + printf(", ~%" hPRIu64 " tr", math2); } printf("%s", math2 == 1 ? "y" : "ies"); printf(" per task\n"); @@ -3928,7 +3928,7 @@ int main(int argc, char *argv[]) { case 'C': // head reports connect error fck = write(hydra_heads[head_no]->sp[0], "Q", 1); if (debug) { - printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %" hPRIu64 " of %" hPRIu64 "\n", hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); } @@ -4007,7 +4007,7 @@ int main(int argc, char *argv[]) { for (j = 0; j < hydra_options.max_use; j++) if (hydra_heads[j]->active >= HEAD_UNUSED) k++; - printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + printf("[STATUS] %.2f tries/min, %" hPRIu64 " tries in %02" hPRIu64 ":%02" hPRIu64 "h, %" hPRIu64 " to do in %02" hPRIu64 ":%02" hPRIu64 "h, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min hydra_brains.sent, // tries (uint64_t) ((elapsed_status - starttime) / 3600), // hours (uint64_t) (((elapsed_status - starttime) % 3600) / 60), // minutes @@ -4052,7 +4052,7 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); } - printf("%d of %d target%s%scompleted, %lu valid password", + printf("%d of %d target%s%scompleted, %" hPRIu64 " valid password", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found); printf("%s", hydra_brains.found < 1 ? "" : "s"); @@ -4122,7 +4122,7 @@ int main(int argc, char *argv[]) { printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { if (hydra_options.outfile_format == FORMAT_JSONV1) { - fprintf(hydra_brains.ofp, "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s ],\n\"quantityfound\": %lu }\n", + fprintf(hydra_brains.ofp, "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s ],\n\"quantityfound\": %" hPRIu64 " }\n", (error ? "false" : "true"), json_error, hydra_brains.found); } fclose(hydra_brains.ofp); diff --git a/hydra.h b/hydra.h index 2d6a35b..0d47f0f 100644 --- a/hydra.h +++ b/hydra.h @@ -3,11 +3,18 @@ #include #ifdef __sun #include -#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) || defined(__APPLE__) #include #else #include #endif + +#if defined(_INTTYPES_H) || defined(__CLANG_INTTYPES_H) + #define hPRIu64 PRIu64 +#else + #define hPRIu64 "lu" +#endif + #include #include #include From 866120e4e6e58c59e18dce044304d6504838b8df Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Mon, 2 Sep 2019 21:18:52 +0800 Subject: [PATCH 043/332] Fix compilation error if missing libsvn oops forgot the case if the lib is not installed --- hydra-svn.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-svn.c b/hydra-svn.c index 4f4b79f..91d8503 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -227,12 +227,14 @@ int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *misc // 0 all OK // -1 error, hydra will exit, so print a good error message here +#ifdef LIBSVN if (verbose) hydra_report(stderr, "[VERBOSE] detected subversion library v%d.%d\n", SVN_VER_MAJOR, SVN_VER_MINOR); if (SVN_VER_MAJOR != 1 && SVN_VER_MINOR >= 5) { hydra_report(stderr, "[ERROR] unsupported subversion library v%d.%d, exiting!\n", SVN_VER_MAJOR, SVN_VER_MINOR); return -1; } +#endif return 0; } From a06ee4882619a5a43eda0f82375ae9ea16875ab7 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Tue, 3 Sep 2019 13:34:57 +0800 Subject: [PATCH 044/332] Add entry for svn module update --- CHANGES | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES b/CHANGES index 262c365..d650eec 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 9.1-dev +* svn: updated to support past and new API * http module now supports F=/S= string matching conditions (thanks to poucz@github) * changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ... * added -K command line switch to disable redo attempts (good for mass scanning) From 273334df88f989a7e5eb4009370f8cb9c9c25c0e Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Thu, 5 Sep 2019 12:28:45 +0800 Subject: [PATCH 045/332] Force VNC protocol version downgrade --- hydra-vnc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra-vnc.c b/hydra-vnc.c index 227f053..4d9d706 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -110,7 +110,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char } break; default: - hydra_report(stderr, "[ERROR] unknown VNC security type\n"); + hydra_report(stderr, "[ERROR] unknown VNC security type 0x%x\n", buf2[3]); hydra_child_exit(2); } @@ -196,8 +196,8 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } if (verbose) hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf); - if (((strstr(buf, "RFB 004.001") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { - //using proto version 003.008 to talk to server 004.001 same for 3.7 and 3.8 + if (((strstr(buf, "RFB 005.000") != NULL) || (strstr(buf, "RFB 004") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { + //using proto version 003.007 to talk to server 005.xxx and 004.xxx same for 3.7 and 3.8 vnc_client_version = RFB37; free(buf); buf = strdup("RFB 003.007\n"); From b77d49d40722a84043a0438fef4fb74c6d1de787 Mon Sep 17 00:00:00 2001 From: Stefan Pietsch Date: Tue, 10 Sep 2019 21:48:23 +0200 Subject: [PATCH 046/332] Fix typo in PW-Inspector --- pw-inspector.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw-inspector.c b/pw-inspector.c index 86eb352..11afdc5 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -28,7 +28,7 @@ void help() { printf(" -u upcase characters (A,B,C,D, etc.)\n"); printf(" -n numbers (1,2,3,4, etc.)\n"); printf(" -p printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)\n"); - printf(" -s special characters - all others not withint the sets above\n"); + printf(" -s special characters - all others not within the sets above\n"); printf("\n%s reads passwords in and prints those which meet the requirements.\n", PROGRAM); printf("The return code is the number of valid passwords found, 0 if none was found.\n"); printf("Use for security: check passwords, if 0 is returned, reject password choice.\n"); From ebbea58cf6d8159337d74acbb739a4478c6cf014 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 13 Sep 2019 17:35:05 +0200 Subject: [PATCH 047/332] http-form parameter fix --- hydra-http-form.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 77559df..1ac8721 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1104,6 +1104,7 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt * - 3 -> Disconnect and end with success. * - 4 -> Disconnect and end with error. */ + while (1) { if (run == 2) { if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { @@ -1260,11 +1261,18 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr++; if (*ptr != 0) *ptr++ = 0; - cond = ptr; + + if ((ptr2 = rindex(ptr, ':')) != NULL) { + cond = ptr2 + 1; + *ptr2 = 0; + } else + cond = ptr; +/* while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; +*/ optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { @@ -1306,6 +1314,8 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 0; } + //printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + /* * Parse the user-supplied options. * Beware of the backslashes (\)! From b911269c1ab292c97ccfcb7e2859ef204684d322 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sun, 15 Sep 2019 23:18:54 +0800 Subject: [PATCH 048/332] Fix typo when only 1 password is found --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 5f27ef4..d3f7430 100644 --- a/hydra.c +++ b/hydra.c @@ -4055,7 +4055,7 @@ int main(int argc, char *argv[]) { printf("%d of %d target%s%scompleted, %" hPRIu64 " valid password", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found); - printf("%s", hydra_brains.found < 1 ? "" : "s"); + printf("%s", hydra_brains.found < 2 ? "" : "s"); printf(" found\n"); error += j; From 1658f4926fbb2a732d08f250a14204423a37dae1 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 7 Oct 2019 14:20:02 +0200 Subject: [PATCH 049/332] it look like github wants to drive me mad --- bfg.c | 32 +++++++++++++++++++++++++++++--- bfg.h | 3 ++- hydra.c | 11 ++++++++--- hydra.h | 1 + 4 files changed, 40 insertions(+), 7 deletions(-) diff --git a/bfg.c b/bfg.c index a3a1dad..a19fcfa 100644 --- a/bfg.c +++ b/bfg.c @@ -52,6 +52,7 @@ static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { + bf_options.rain = 0; int32_t i = 0; int32_t crs_len = 0; char flags = 0; @@ -189,8 +190,17 @@ uint64_t bf_get_pcount() { return foo; } +int accu(int value) +{ + int sum = 0; + for(int i=1; i<=value; ++i) + { + sum+=i; + } + return sum; +} -char *bf_next() { +char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) @@ -200,9 +210,25 @@ char *bf_next() { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } + + if(rainy) + { + for (i = 0; i < bf_options.current; i++){ + bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len]; + bf_options.rain += i+1; + } + if(bf_options.crs_len%10 == 0) + bf_options.rain-=accu(bf_options.current)-2; + else if(bf_options.crs_len%2 == 0) + bf_options.rain-=accu(bf_options.current)-4; + else if(bf_options.crs_len%2) + bf_options.rain-=accu(bf_options.current)-1; - for (i = 0; i < bf_options.current; i++) - bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + } + else + for (i = 0; i < bf_options.current; i++) + bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + bf_options.ptr[bf_options.current] = 0; if (debug) { diff --git a/bfg.h b/bfg.h index 2ac5f49..132571b 100644 --- a/bfg.h +++ b/bfg.h @@ -41,6 +41,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; + unsigned long rain; } bf_option; extern bf_option bf_options; @@ -48,7 +49,7 @@ extern bf_option bf_options; #ifdef HAVE_MATH_H extern uint64_t bf_get_pcount(); extern int32_t bf_init(char *arg); -extern char *bf_next(); +extern char *bf_next(_Bool rainy); #endif #endif diff --git a/hydra.c b/hydra.c index d3f7430..6f2b497 100644 --- a/hydra.c +++ b/hydra.c @@ -337,6 +337,7 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; +bool rainy = false; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -482,6 +483,7 @@ void help(int32_t ext) { "[service://server[:PORT][/OPT]]\n"); PRINT_NORMAL(ext, "\nOptions:\n"); PRINT_EXTEND(ext, " -R restore a previous aborted/crashed session\n" + " -r in conjonction with -x, use rain algorythm\n" " -I ignore an existing restore file (don't wait 10 seconds)\n" #ifdef LIBOPENSSL " -S perform an SSL connect\n" @@ -1745,7 +1747,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { #ifndef HAVE_MATH_H sleep(1); #else - hydra_targets[target_no]->pass_ptr = bf_next(); + hydra_targets[target_no]->pass_ptr = bf_next(hydra_options.rainy); if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif @@ -2229,7 +2231,7 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { switch (i) { case 'h': help(1); @@ -2256,6 +2258,9 @@ int main(int argc, char *argv[]) { hydra_options.restore = 1; hydra_restore_read(); break; + case 'r': + hydra_options.rainy = true; + break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! break; @@ -3267,7 +3272,7 @@ int main(int argc, char *argv[]) { #ifdef HAVE_MATH_H if (bf_init(bf_options.arg)) exit(-1); // error description is handled by bf_init - pass_ptr = bf_next(); + pass_ptr = bf_next(hydra_options.rainy); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; #else diff --git a/hydra.h b/hydra.h index 0d47f0f..1aa04a2 100644 --- a/hydra.h +++ b/hydra.h @@ -221,6 +221,7 @@ typedef struct { char *service; char bfg; int32_t skip_redo; + _Bool rainy; } hydra_option; #define _HYDRA_H From ed9d8f15165fe2945c4bfadc2b3f022c1a7483a5 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 7 Oct 2019 16:56:59 +0200 Subject: [PATCH 050/332] using hydra 8.8 files --- hydra.c | 8 ++++++-- hydra.h | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index 64d7da3..ff1b9e6 100644 --- a/hydra.c +++ b/hydra.c @@ -1708,7 +1708,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { #ifndef HAVE_MATH_H sleep(1); #else - hydra_targets[target_no]->pass_ptr = bf_next(); + hydra_targets[target_no]->pass_ptr = bf_next(hydra_options.rainy); if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif @@ -2172,6 +2172,7 @@ int main(int argc, char *argv[]) { hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; + hydra_options.rainy = false; bf_options.disable_symbols = 0; // command line processing @@ -2203,6 +2204,9 @@ int main(int argc, char *argv[]) { hydra_options.restore = 1; hydra_restore_read(); break; + case 'r': + hydra_options.rainy = true; + break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! break; @@ -3179,7 +3183,7 @@ int main(int argc, char *argv[]) { #ifdef HAVE_MATH_H if (bf_init(bf_options.arg)) exit(-1); // error description is handled by bf_init - pass_ptr = bf_next(); + pass_ptr = bf_next(hydra_options.rainy); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; #else diff --git a/hydra.h b/hydra.h index d1fcc60..2859de8 100644 --- a/hydra.h +++ b/hydra.h @@ -210,6 +210,7 @@ typedef struct { char *server; char *service; char bfg; + _Bool rainy; } hydra_option; #define _HYDRA_H From b09e39f98de5f4331d9a5d32ca5e72d1b2a2ada5 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 7 Oct 2019 17:02:43 +0200 Subject: [PATCH 051/332] modified bfg --- bfg.c | 30 +++++++++++++++++++++++++++--- bfg.h | 3 ++- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/bfg.c b/bfg.c index a3a1dad..068804a 100644 --- a/bfg.c +++ b/bfg.c @@ -52,6 +52,7 @@ static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { + bf_options.rain = 0; int32_t i = 0; int32_t crs_len = 0; char flags = 0; @@ -189,8 +190,17 @@ uint64_t bf_get_pcount() { return foo; } +int accu(int value) +{ + int i = 0; + for(int a=1; a<=value; ++a) + { + i+=a+1; + } + return i; +} -char *bf_next() { +char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) @@ -201,8 +211,22 @@ char *bf_next() { return NULL; } - for (i = 0; i < bf_options.current; i++) - bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + if(rainy) + { + for (i = 0; i < bf_options.current; i++){ + bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len]; + bf_options.rain += i+1; + } + if(bf_options.crs_len%10 == 0) + bf_options.rain-=accu(bf_options.current)-2; + else if(bf_options.crs_len%2 == 0) + bf_options.rain-=accu(bf_options.current)-4; + else if(bf_options.crs_len%2) + bf_options.rain-=accu(bf_options.current)-1; + } + else + for (i = 0; i < bf_options.current; i++) + bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; bf_options.ptr[bf_options.current] = 0; if (debug) { diff --git a/bfg.h b/bfg.h index 2ac5f49..c3a33e9 100644 --- a/bfg.h +++ b/bfg.h @@ -41,6 +41,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; + unsigned long rain; //accumulator for the rain// } bf_option; extern bf_option bf_options; @@ -48,7 +49,7 @@ extern bf_option bf_options; #ifdef HAVE_MATH_H extern uint64_t bf_get_pcount(); extern int32_t bf_init(char *arg); -extern char *bf_next(); +extern char *bf_next(_Bool rainy); #endif #endif From a4b4e54bd137783cf20764989127c431bea072d3 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 7 Oct 2019 17:04:44 +0200 Subject: [PATCH 052/332] option -r --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index ff1b9e6..59b7c8c 100644 --- a/hydra.c +++ b/hydra.c @@ -2180,7 +2180,7 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:")) >= 0) { switch (i) { case 'h': help(1); From 4b4148054925efcc1206c494138531972289b7c4 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 7 Oct 2019 17:06:32 +0200 Subject: [PATCH 053/332] option -r and help() --- hydra.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra.c b/hydra.c index 59b7c8c..cd42144 100644 --- a/hydra.c +++ b/hydra.c @@ -475,6 +475,7 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" + " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); From c414d9a3ab242b39dccedc49186c1aa1b8f3af7d Mon Sep 17 00:00:00 2001 From: e2002e Date: Mon, 7 Oct 2019 23:00:27 +0200 Subject: [PATCH 054/332] Update bfg.c --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index 068804a..2ff9f9f 100644 --- a/bfg.c +++ b/bfg.c @@ -195,7 +195,7 @@ int accu(int value) int i = 0; for(int a=1; a<=value; ++a) { - i+=a+1; + i+=a; } return i; } From 9d7ebfd3c9337d195b2e0499e379ea2cdcdacd8b Mon Sep 17 00:00:00 2001 From: e2002e Date: Tue, 15 Oct 2019 20:22:46 +0200 Subject: [PATCH 055/332] false is 0 and true 1 --- hydra.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index cd42144..01fd321 100644 --- a/hydra.c +++ b/hydra.c @@ -2173,7 +2173,7 @@ int main(int argc, char *argv[]) { hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; - hydra_options.rainy = false; + hydra_options.rainy = 0; bf_options.disable_symbols = 0; // command line processing @@ -2206,7 +2206,7 @@ int main(int argc, char *argv[]) { hydra_restore_read(); break; case 'r': - hydra_options.rainy = true; + hydra_options.rainy = 1; break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! From 217e025475582db7ee3071c01df1d1423282bd9a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 17 Oct 2019 12:21:47 +0200 Subject: [PATCH 056/332] Update bfg.h --- bfg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.h b/bfg.h index c3a33e9..ab2f5e4 100644 --- a/bfg.h +++ b/bfg.h @@ -41,7 +41,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - unsigned long rain; //accumulator for the rain// + uint64_t rain; /* accumulator for the rain */ } bf_option; extern bf_option bf_options; From ab4aa36fd0014930751fe178e2efbbbf100bac24 Mon Sep 17 00:00:00 2001 From: owein Date: Sun, 20 Oct 2019 23:26:44 +0200 Subject: [PATCH 057/332] rolled back head_init for http-post-form, still an issue with the display --- hydra-http-form.c | 12 ++++-------- hydra.c | 8 ++++---- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 1ac8721..65e54c3 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1261,18 +1261,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr++; if (*ptr != 0) *ptr++ = 0; + + cond = ptr; - if ((ptr2 = rindex(ptr, ':')) != NULL) { - cond = ptr2 + 1; - *ptr2 = 0; - } else - cond = ptr; -/* while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; -*/ + optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { @@ -1314,7 +1310,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 0; } - //printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. diff --git a/hydra.c b/hydra.c index 6f2b497..7d2decc 100644 --- a/hydra.c +++ b/hydra.c @@ -337,7 +337,6 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; -bool rainy = false; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -483,7 +482,6 @@ void help(int32_t ext) { "[service://server[:PORT][/OPT]]\n"); PRINT_NORMAL(ext, "\nOptions:\n"); PRINT_EXTEND(ext, " -R restore a previous aborted/crashed session\n" - " -r in conjonction with -x, use rain algorythm\n" " -I ignore an existing restore file (don't wait 10 seconds)\n" #ifdef LIBOPENSSL " -S perform an SSL connect\n" @@ -495,6 +493,7 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" + " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); @@ -2224,6 +2223,7 @@ int main(int argc, char *argv[]) { hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; + hydra_options.rainy = 0; bf_options.disable_symbols = 0; // command line processing @@ -2259,7 +2259,7 @@ int main(int argc, char *argv[]) { hydra_restore_read(); break; case 'r': - hydra_options.rainy = true; + hydra_options.rainy = 1; break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! @@ -3204,7 +3204,7 @@ int main(int argc, char *argv[]) { hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL )) { - fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?! If you really need to bruteforce gmail, connect to pop3s://smtp.gmail.com\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); } From 6dfd77a37d04e167a1dafbb2b2f5e21aa7dd31f8 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 21 Oct 2019 20:11:38 +0200 Subject: [PATCH 058/332] fixed http-post --- bfg.c | 16 +++++++--------- bfg.h | 2 +- hydra-http-form.c | 31 +++++++++---------------------- hydra.c | 7 +++---- 4 files changed, 20 insertions(+), 36 deletions(-) diff --git a/bfg.c b/bfg.c index a19fcfa..2ff9f9f 100644 --- a/bfg.c +++ b/bfg.c @@ -192,12 +192,12 @@ uint64_t bf_get_pcount() { int accu(int value) { - int sum = 0; - for(int i=1; i<=value; ++i) - { - sum+=i; - } - return sum; + int i = 0; + for(int a=1; a<=value; ++a) + { + i+=a; + } + return i; } char *bf_next(_Bool rainy) { @@ -210,7 +210,7 @@ char *bf_next(_Bool rainy) { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } - + if(rainy) { for (i = 0; i < bf_options.current; i++){ @@ -223,12 +223,10 @@ char *bf_next(_Bool rainy) { bf_options.rain-=accu(bf_options.current)-4; else if(bf_options.crs_len%2) bf_options.rain-=accu(bf_options.current)-1; - } else for (i = 0; i < bf_options.current; i++) bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; - bf_options.ptr[bf_options.current] = 0; if (debug) { diff --git a/bfg.h b/bfg.h index 132571b..ab2f5e4 100644 --- a/bfg.h +++ b/bfg.h @@ -41,7 +41,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - unsigned long rain; + uint64_t rain; /* accumulator for the rain */ } bf_option; extern bf_option bf_options; diff --git a/hydra-http-form.c b/hydra-http-form.c index 65e54c3..04260a4 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1250,26 +1250,13 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { webport = PORT_HTTP_SSL; sprintf(bufferurl, "%.6096s", miscptr); - url = bufferurl; - ptr = url; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - variables = ptr; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; + ptr = bufferurl; + url = strtok(ptr, ":"); + variables = strtok(NULL, ":"); + cond = strtok(NULL, ":"); + optional1 = strtok(NULL, "\n"); + if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set "" (don't know the difference...) - cond = ptr; - - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - - optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); @@ -1309,9 +1296,9 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { //by default condition is a fail success_cond = 0; } - - printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); - + + fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + /* * Parse the user-supplied options. * Beware of the backslashes (\)! diff --git a/hydra.c b/hydra.c index 7d2decc..a7fc7bb 100644 --- a/hydra.c +++ b/hydra.c @@ -493,7 +493,6 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" - " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); @@ -556,6 +555,7 @@ void help_bfg() { " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n\n" + " -r use 'rain' to explode the linearity of the generation. "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" @@ -3053,7 +3053,6 @@ int main(int argc, char *argv[]) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } - if (strstr(hydra_options.miscptr, "\\:") != NULL) { fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); } else { @@ -3075,7 +3074,7 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); exit(-1); } - switch (optional1[0]) { + switch (optional1[0]){ case 'C': // fall through case 'c': if (optional1[1] != '=' || optional1[2] != '/') { @@ -3204,7 +3203,7 @@ int main(int argc, char *argv[]) { hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL )) { - fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?! If you really need to bruteforce gmail, connect to pop3s://smtp.gmail.com\n"); + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); } From b34655617fee2b4e043211882bac26a8a4529a16 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 21 Oct 2019 20:37:25 +0200 Subject: [PATCH 059/332] !!! I did not test the escapes in the miscptr !!! --- hydra-http-form.c | 6 +++--- hydra.c | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 04260a4..e91db03 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1255,8 +1255,8 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { variables = strtok(NULL, ":"); cond = strtok(NULL, ":"); optional1 = strtok(NULL, "\n"); - if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set "" (don't know the difference...) - + if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set to blank + if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); @@ -1297,7 +1297,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 0; } - fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + //fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. diff --git a/hydra.c b/hydra.c index a7fc7bb..e4fa4e7 100644 --- a/hydra.c +++ b/hydra.c @@ -493,6 +493,7 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" + " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); From efbc35eb50cb5f8231bc2669bc183a121a64cc83 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 5 Nov 2019 09:59:36 +0100 Subject: [PATCH 060/332] verbose output for rdp to identify an issue --- hydra-rdp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-rdp.c b/hydra-rdp.c index c75e722..88599a7 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -73,6 +73,8 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, case 0x0002000c: case 0x0002000d: // cannot establish rdp connection, either the port is not opened or it's not rdp + if (verbose) + hydra_report(stderr, "[ERROR] freerdp: %s (0x%.8x)\n", freerdp_get_last_error_string(login_result), login_result); return 3; default: if (verbose) { From b8c30ef0b027be96f1dd7cd593576a80a6f03588 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 Nov 2019 10:05:15 +0100 Subject: [PATCH 061/332] rdp account missing permissions detection --- hydra-rdp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index 88599a7..9b15fed 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -68,13 +68,14 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, // login failure hydra_completed_pair(); break; + case 0x0002000d: + hydra_report(stderr, "[%d][rdp] account on %s might be valid but account not active for remote desktop: login: %s password: %s, continuing attacking the account.\n", port, hydra_address2string_beautiful(ip), login, pass); + hydra_completed_pair(); + break; case 0x00020006: case 0x00020008: case 0x0002000c: - case 0x0002000d: // cannot establish rdp connection, either the port is not opened or it's not rdp - if (verbose) - hydra_report(stderr, "[ERROR] freerdp: %s (0x%.8x)\n", freerdp_get_last_error_string(login_result), login_result); return 3; default: if (verbose) { From ccd3a99765a92b96ec0d1e3b0117cfdeb40d25b6 Mon Sep 17 00:00:00 2001 From: owein Date: Tue, 19 Nov 2019 16:49:54 +0100 Subject: [PATCH 062/332] rolled back the http-form parameters parsing. help for bfg's rain is in bfg's help now --- hydra-http-form.c | 23 +++++++++++++++++------ hydra.c | 5 ++--- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index e91db03..c6f3a24 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1250,12 +1250,23 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { webport = PORT_HTTP_SSL; sprintf(bufferurl, "%.6096s", miscptr); - ptr = bufferurl; - url = strtok(ptr, ":"); - variables = strtok(NULL, ":"); - cond = strtok(NULL, ":"); - optional1 = strtok(NULL, "\n"); - if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set to blank + url = bufferurl; + ptr = url; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + variables = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + cond = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { diff --git a/hydra.c b/hydra.c index e4fa4e7..6c58f58 100644 --- a/hydra.c +++ b/hydra.c @@ -493,7 +493,6 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" - " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); @@ -555,8 +554,8 @@ void help_bfg() { " valid CHARSET values are: 'a' for lowercase letters,\n" " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n" - " -y disable the use of the above letters as placeholders\n\n" - " -r use 'rain' to explode the linearity of the generation. + " -y disable the use of the above letters as placeholders\n" + " -r use a formula to explode the linearity of the generation, without loss.\n\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" From d0c9d7ca3f84c7eaeda64bba6309fe713ee3202b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 20 Nov 2019 12:13:14 +0100 Subject: [PATCH 063/332] http-form parse option fix --- hydra-http-form.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 1ac8721..0035c2b 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -393,6 +393,9 @@ char *stringify_headers(ptr_header_node *ptr_head) { int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { char *ptr, *ptr2; + if (miscptr == NULL) + return 1; + /* * Parse the user-supplied options. * Beware of the backslashes (\)! @@ -1238,6 +1241,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { } else webtarget = NULL; } + if (cmdlinetarget != NULL && webtarget == NULL) webtarget = cmdlinetarget; else if (webtarget == NULL && cmdlinetarget == NULL) @@ -1252,16 +1256,19 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { sprintf(bufferurl, "%.6096s", miscptr); url = bufferurl; ptr = url; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; variables = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; + if ((ptr2 = rindex(ptr, ':')) != NULL) { cond = ptr2 + 1; *ptr2 = 0; @@ -1273,7 +1280,11 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { if (*ptr != 0) *ptr++ = 0; */ - optional1 = ptr; + if (ptr == cond) + optional1 = NULL; + else + optional1 = ptr; + if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); @@ -1292,6 +1303,9 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { cond = ptr; } } + + //printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : optional1); + if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) hydra_child_exit(2); From db2a1feeb81c68d830f9b175e4de2607006bf1c4 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 7 Jan 2020 15:09:28 +0100 Subject: [PATCH 064/332] bump year --- Makefile.am | 2 +- README.md | 4 ++-- hydra.1 | 2 +- hydra.c | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index ca82167..f238f47 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # -# Makefile for Hydra - (c) 2001-2019 by van Hauser / THC +# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC # OPTS=-I. -O3 -march=native -flto # -Wall -g -pedantic diff --git a/README.md b/README.md index c6a9b94..f2edcfb 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2019 by van Hauser / THC + (c) 2001-2020 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal @@ -379,7 +379,7 @@ Version 1.00 example: "These are very free form" ], "generator": { - "built": "2019-03-01 14:44:22", + "built": "2020-03-01 14:44:22", "commandline": "hydra -b jsonv1 -o results.json ... ...", "jsonoutputversion": "1.00", "server": "127.0.0.1", diff --git a/hydra.1 b/hydra.1 index b8033b7..912533f 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,4 +1,4 @@ -.TH "HYDRA" "1" "01/01/2019" +.TH "HYDRA" "1" "01/01/2020" .SH NAME hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS diff --git a/hydra.c b/hydra.c index a6b052b..37e1323 100644 --- a/hydra.c +++ b/hydra.c @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2019 by van Hauser / THC + * hydra (c) 2001-2020 by van Hauser / THC * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. @@ -2101,7 +2101,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2019 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); + printf("%s %s (c) 2020 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP SERVICES = hydra_string_replace(SERVICES, "afp ", ""); strcat(unsupported, "afp "); From 2423cbd5d5e7182bf9df53b71b087ac138268a1a Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Fri, 17 Jan 2020 14:03:29 +0000 Subject: [PATCH 065/332] smb2 module, provides linkage with libsmbclient to interface with smbv2/v3 servers. Developed against version: 2:4.7.6+dfsg~ubuntu-0ubuntu2.1 --- .gitignore | 1 + Makefile.am | 6 +- configure | 108 +++++++++++++++++- hydra-smb2.c | 304 +++++++++++++++++++++++++++++++++++++++++++++++++++ hydra.c | 34 +++++- 5 files changed, 448 insertions(+), 5 deletions(-) create mode 100644 hydra-smb2.c diff --git a/.gitignore b/.gitignore index 0a9a618..4cf0c32 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ hydra-gtk/stamp-h pw-inspector pw-inspector.exe hydra.restore +*~ diff --git a/Makefile.am b/Makefile.am index f238f47..2f15a1d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -21,7 +21,8 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ hydra-rpcap.c hydra-radmin2.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ @@ -34,7 +35,8 @@ OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o BINS = hydra pw-inspector EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ diff --git a/configure b/configure index 5afd0da..9cec404 100755 --- a/configure +++ b/configure @@ -72,6 +72,8 @@ MANDIR="" XHYDRA_SUPPORT="" FREERDP2_PATH="" WINPR2_PATH="" +SMBC_PATH="" +SMBC_IPATH="" if [ '!' "X" = "X$*" ]; then while [ $# -gt 0 ] ; do @@ -1178,6 +1180,54 @@ fi BSON_IPATH="" fi +echo "Checking for smbclient (libsmbclient.so, libsmbclient.h) ..." + + for i in $LIBDIRS ; do + if [ "X" = "X$SMBC_PATH" ]; then + if [ -f "$i/libsmbclient.so" -o -f "$i/libsmbclient.dylib" -o -f "$i/libsmbclient.a" ]; then + SMBC_PATH="$i" + fi + fi + if [ "X" = "X$SMBC_PATH" ]; then + TMP_LIB=`/bin/ls $i/libsmbclient.so* 2> /dev/null | grep smbclient` + if [ -n "$TMP_LIB" ]; then + SMBC_PATH="$i" + fi + fi + if [ "X" = "X$SMBC_PATH" ]; then + TMP_LIB=`/bin/ls $i/libsmbclient.dll* 2> /dev/null | grep smbclient` + if [ -n "$TMP_LIB" ]; then + SMBC_PATH="$i" + fi + fi + done + + SMBC_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$SMBC_IPATH" ]; then + if [ -f "$i/libsmbclient.h" ]; then + SMBC_IPATH="$i" + fi + if [ -f "$i/samba-4.0/libsmbclient.h" ]; then + SMBC_IPATH="$i/samba-4.0" + fi + fi + done + + if [ "X" != "X$DEBUG" ]; then + echo DEBUG: SMBC_PATH=$SMBC_PATH/libsmbclient + echo DEBUG: SMBC_IPATH=$SMBC_IPATH/libsmbclient.h + fi + if [ -n "$SMBC_PATH" -a -n "$SMBC_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$SMBC_PATH" -o "X" = "X$SMBC_IPATH" ]; then + echo " ... NOT found, module smb2 disabled" + SMBC_PATH="" + SMBC_IPATH="" + fi + + if [ "X" = "X$XHYDRA_SUPPORT" ]; then echo "Checking for GUI req's (pkg-config, gtk+-2.0) ..." XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` @@ -1271,7 +1321,29 @@ XLIBS="" XLIBPATHS="" XIPATHS="" -if [ -n "$FIREBIRD_PATH" -o -n "$PCRE_PATH" -o -n "$IDN_PATH" -o -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$NCP_PATH" -o -n "$CURSES_PATH" -o -n "$ORACLE_PATH" -o -n "$AFP_PATH" -o -n "$MYSQL_PATH" -o -n "$MCACHED_PATH" -o -n "$MONGOD_PATH" -o -n "$FREERDP2_PATH" -o -n "$WINPR2_PATH" ]; then +if [ -n "$FIREBIRD_PATH" -o \ + -n "$PCRE_PATH" -o \ + -n "$IDN_PATH" -o \ + -n "$SSL_PATH" -o \ + -n "$CRYPTO_PATH" -o \ + -n "$NSL_PATH" -o \ + -n "$SOCKET_PATH" -o \ + -n "$RESOLV_PATH" -o \ + -n "$SAPR3_PATH" -o \ + -n "$SSH_PATH" -o \ + -n "$POSTGRES_PATH" -o \ + -n "$SVN_PATH" -o \ + -n "$NCP_PATH" -o \ + -n "$CURSES_PATH" -o \ + -n "$ORACLE_PATH" -o \ + -n "$AFP_PATH" -o \ + -n "$MYSQL_PATH" -o \ + -n "$MCACHED_PATH" -o \ + -n "$MONGOD_PATH" -o \ + -n "$FREERDP2_PATH" -o \ + -n "$WINPR2_PATH" -o \ + -n "$SMBC_PATH" \ + ]; then if [ "$SYSS" = "Darwin" ] && [ ! -d "/lib" ]; then #for libraries installed with MacPorts if [ -d "/opt/local/lib" ]; then @@ -1359,9 +1431,35 @@ fi if [ -n "$WINPR2_PATH" ]; then XDEFINES="$XDEFINES -DLIBWINPR2" fi +if [ -n "$SMBC_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSMBCLIENT" +fi OLDPATH="" -for i in $SSL_PATH $FIREBIRD_PATH $WORACLE_LIB_PATH $PCRE_PATH $IDN_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $NCP_PATH $CURSES_PATH $ORACLE_PATH $AFP_PATH $MYSQL_PATH $MCACHED_PATH $MONGODB_PATH $BSON_PATH $FREERDP2_PATH $WINPR2_PATH; do +for i in $SSL_PATH \ + $FIREBIRD_PATH \ + $WORACLE_LIB_PATH \ + $PCRE_PATH \ + $IDN_PATH \ + $CRYPTO_PATH \ + $SSH_PATH \ + $NSL_PATH \ + $SOCKET_PATH \ + $RESOLV_PATH \ + $SAPR3_PATH \ + $POSTGRES_PATH \ + $SVN_PATH \ + $NCP_PATH \ + $CURSES_PATH \ + $ORACLE_PATH \ + $AFP_PATH \ + $MYSQL_PATH \ + $MCACHED_PATH \ + $MONGODB_PATH \ + $BSON_PATH \ + $FREERDP2_PATH \ + $WINPR2_PATH \ + $SMBC_PATH; do if [ "$OLDPATH" = "$i" ]; then OLDPATH="$i" else @@ -1423,6 +1521,9 @@ fi if [ -n "$FREERDP2_IPATH" ]; then XIPATHS="$XIPATHS -I$FREERDP2_IPATH -I$WINPR2_IPATH" fi +if [ -n "$SMBC_IPATH" ]; then + XIPATHS="$XIPATHS -I$SMBC_IPATH" +fi if [ -n "$HAVE_GCRYPT" ]; then XLIBS="$XLIBS -lgcrypt" fi @@ -1501,6 +1602,9 @@ fi if [ -n "$WINPR2_PATH" ]; then XLIBS="$XLIBS -lwinpr2" fi +if [ -n "$SMBC_PATH" ]; then + XLIBS="$XLIBS -lsmbclient" +fi if [ -d /usr/kerberos/include ]; then XIPATHS="$XIPATHS -I/usr/kerberos/include" fi diff --git a/hydra-smb2.c b/hydra-smb2.c new file mode 100644 index 0000000..f42f074 --- /dev/null +++ b/hydra-smb2.c @@ -0,0 +1,304 @@ +/** + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * + * Copyright (C) 2020 Karim Kanso, all rights reserved. + * kaz 'dot' kanso 'at' g mail 'dot' com + */ + +#if defined(LIBSMBCLIENT) + +#include "hydra-mod.h" + +#include +#include +#include +#include +#include + +extern char *HYDRA_EXIT; + +typedef struct creds { + const char* workgroup; + const char* user; + const char* pass; +} creds_t; + + +const char default_workgroup[] = "WORKGROUP"; +bool use_nt_hash = false; +const char* workgroup = default_workgroup; +const char* netbios_name = NULL; + +#define EXIT_PROTOCOL_ERROR hydra_child_exit(2) +#define EXIT_CONNECTION_ERROR hydra_child_exit(1) +#define EXIT_NORMAL hydra_child_exit(0) + +void smb2_auth_provider(SMBCCTX *c, + const char *srv, + const char *shr, + char *wg, int wglen, + char *un, int unlen, + char *pw, int pwlen) { + creds_t* cr = (creds_t*)smbc_getOptionUserData(c); + strncpy(wg, cr->workgroup, wglen); + strncpy(un, cr->user, unlen); + strncpy(pw, cr->pass, pwlen); + wg[wglen-1] = 0; + un[unlen-1] = 0; + pw[pwlen-1] = 0; +} + +bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) { + SMBCCTX* ctx = smbc_new_context(); + if (ctx == NULL) { + hydra_report(stderr, "[ERROR] failed to create context\n"); + EXIT_PROTOCOL_ERROR; + } + // samba internal debugging will be dumped to stderr + smbc_setDebug(ctx, debug ? 7 : 0); + smbc_setOptionDebugToStderr(ctx, true); + smbc_setFunctionAuthDataWithContext(ctx, smb2_auth_provider); + smbc_setOptionUserData(ctx, cr); + // 0 will use default port + smbc_setPort(ctx, port); + smbc_setOptionNoAutoAnonymousLogin(ctx, false); + smbc_setOptionUseNTHash(ctx, use_nt_hash); + if (netbios_name) { + smbc_setNetbiosName(ctx, (char*)netbios_name); + } + + ctx = smbc_init_context(ctx); + if (!ctx) { + hydra_report(stderr, "[ERROR] smbc_init_context fail\n"); + smbc_free_context(ctx, 1); + EXIT_PROTOCOL_ERROR; + } + + char uri[2048]; + snprintf(uri, sizeof(uri) - 1, "smb://%s/IPC$", server); + uri[sizeof(uri)-1] = 0; + if (verbose) { + printf("[INFO] Connecting to: %s with %s\\%s%%%s\n", + uri, cr->workgroup, + cr->user, + cr->pass); + } + SMBCFILE *fd = smbc_getFunctionOpendir(ctx)(ctx, uri); + if (fd) { + hydra_report(stderr, "[WARNING] Unexpected open on IPC$\n"); + smbc_getFunctionClosedir(ctx)(ctx, fd); + smbc_free_context(ctx, 1); + fd = NULL; + return true; + } + + /* + errno is set to 22 (EINVAL) when IPC$ as been opened but can not + be opened like a normal share. This corresponds to samba error + NT_STATUS_INVALID_INFO_CLASS, however this precise error code is + not available outside of the library. Thus, instead the library + sets a generic error (EINVAL) which can also correspond to other + cases (see below test). + + This is not ideal, but appears to be the best that the + libsmbclient library offers as detailed state information is + internalised and not available. Further, it is also not possible + from the api to separate the connection, authentication and + authorisation. + + The following text is taken from the libsmbclient header file for + the return value of the smbc_getFunctionOpendir function: + + Valid directory handle. < 0 on error with errno set: + - EACCES Permission denied. + - EINVAL A NULL file/URL was passed, or the URL would + not parse, or was of incorrect form or smbc_init not + called. + - ENOENT durl does not exist, or name is an + - ENOMEM Insufficient memory to complete the + operation. + - ENOTDIR name is not a directory. + - EPERM the workgroup could not be found. + - ENODEV the workgroup or server could not be found. + + */ + switch (errno) { + case EINVAL: // 22 + // probably password ok + smbc_free_context(ctx, 1); + return true; + break; + case EACCES: + // 100% access denied + break; + case EHOSTUNREACH: + case ETIMEDOUT: + case ECONNREFUSED: + // there are probably more codes that could be added here to + // indicate connection errors. + smbc_free_context(ctx, 1); + EXIT_CONNECTION_ERROR; + break; + default: + // unexpected error + hydra_report(stderr, "[ERROR] %s (%d)\n", strerror(errno), errno); + smbc_free_context(ctx, 1); + EXIT_PROTOCOL_ERROR; + } + + smbc_free_context(ctx, 1); + return false; +} + +void service_smb2(char *ip, + int32_t sp, + unsigned char options, + char *miscptr, + FILE * fp, + int32_t port, + char *hostname) { + hydra_register_socket(sp); + while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) { + char *login, *pass; + + login = hydra_get_next_login(); + pass = hydra_get_next_password(); + + creds_t cr = { + .user = login, + .pass = pass, + .workgroup = workgroup, + }; + + if (smb2_run_test(&cr, hydra_address2string(ip), port & 0xffff)) { + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + } + EXIT_NORMAL; +} + +// constants used by option parser +const char tkn_workgroup[] = "workgroup:{"; +const char tkn_nthash_true[] = "nthash:true"; +const char tkn_nthash_false[] = "nthash:false"; +const char tkn_netbios[] = "netbios:{"; + +#define CMP(s1, s2) (strncmp(s1, s2, sizeof(s1) - 1) == 0) + +int32_t service_smb2_init(char *ip, + int32_t sp, + unsigned char options, + char *miscptr, + FILE * fp, + int32_t port, + char *hostname) { + if (!miscptr) + return 0; + + while(*miscptr) { + if (isspace(*miscptr)) { + miscptr++; + continue; + } + if (CMP(tkn_workgroup, miscptr)) { + miscptr += sizeof(tkn_workgroup) - 1; + char* p = strchr(miscptr, '}'); + if (p == NULL) { + hydra_report(stderr, "[ERROR] missing closing brace in workgroup\n"); + return -1; + } + *p = '\0'; + workgroup = miscptr; + miscptr = p + 1; + if (verbose || debug) { + printf("[VERBOSE] Set workgroup to: %s\n", workgroup); + } + continue; + } + if (CMP(tkn_netbios, miscptr)) { + miscptr += sizeof(tkn_netbios) - 1; + char* p = strchr(miscptr, '}'); + if (p == NULL) { + hydra_report(stderr, "[ERROR] missing closing brace in netbios name\n"); + return -1; + } + *p = '\0'; + netbios_name = miscptr; + miscptr = p + 1; + if (verbose || debug) { + printf("[VERBOSE] Set netbios name to: %s\n", netbios_name); + } + continue; + } + if (CMP(tkn_nthash_true, miscptr)) { + miscptr += sizeof(tkn_nthash_true) - 1; + use_nt_hash = true; + if (verbose || debug) { + printf("[VERBOSE] Enabled nthash.\n"); + } + continue; + } + if (CMP(tkn_nthash_false, miscptr)) { + miscptr += sizeof(tkn_nthash_false) - 1; + use_nt_hash = false; + if (verbose || debug) { + printf("[VERBOSE] Disabled nthash.\n"); + } + continue; + } + + hydra_report(stderr, "[ERROR] unable to parse: %s\n", miscptr); + return -1; + } + + return 0; +} + +void usage_smb2(const char* service) { + puts("Module is a thin wrapper over the Samba client library (libsmbclient).\n" + "Thus, is capable of negotiating v1, v2 and v3 of the protocol.\n" + "\n" + "As this relies on Samba libraries, the system smb.conf will be parsed\n" + "when library starts up. It is possible to add configuration options\n" + "into that file that affect this module (such as min/max supported\n" + "protocol version).\n" + "\n" + "Caution: due to the high-level libsmbclient api (compared the smb\n" + "Hydra module), the accuracy is reduced. That is, this module works by\n" + "attempting to open the IPC$ share, which is reported as an error,\n" + "e.g. try this with the smbclient tool and it will raise the\n" + "NT_STATUS_INVALID_INFO_CLASS error). Sadly, the level of feedback\n" + "from the api does not distinguish this error from general/unknown\n" + "errors, so it might be possible to have false positives due to this\n" + "fact. One example of this is when the library can not parse the uri\n" + "correctly. On the other hand, false negatives could occur when a\n" + "valid credential is unable to open the share due to access control,\n" + "e.g. a locked/suspended account.\n" + "\n" + "There are three module options available:\n" + " workgroup:{XXX} - set the users workgroup\n" + " netbios:{XXX} - set the recipients netbios name\n" + " nthash:true or nthash:false - threat password as an nthash\n" + "\n" + "Examples: \n" + " hydra smb2://abc.com -l admin -p xxx -m workgroup:{OFFICE}\n" + " hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m 'workgroup:{OFFICE} nthash:true'\n" + " hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n" + ); +} + +#endif // LIBSMBCLIENT diff --git a/hydra.c b/hydra.c index 37e1323..28365f8 100644 --- a/hydra.c +++ b/hydra.c @@ -45,6 +45,7 @@ void usage_http_proxy(const char* service); void usage_http_proxy_urlenum(const char* service); void usage_snmp(const char* service); void usage_http(const char* service); +void usage_smb2(const char* service); extern void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); @@ -92,6 +93,10 @@ extern void service_rpcap(char *ip, int32_t sp, unsigned char options, char *mis // ADD NEW SERVICES HERE +#if defined(LIBSMBCLIENT) +extern int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +#endif #ifdef HAVE_MATH_H extern void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); @@ -196,7 +201,7 @@ extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, c // ADD NEW SERVICES HERE char *SERVICES = - "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; + "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; #define MAXBUF 520 #define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) @@ -437,6 +442,9 @@ SERVICE3("mongodb", mongodb), SERVICE(sip), SERVICE3("smbnt", smb), SERVICE3("smb", smb), +#endif +#if defined(LIBSMBCLIENT) + SERVICE3("smb2", smb2), #endif SERVICE3("smtp", smtp), SERVICE3("smtp-enum", smtp_enum), @@ -1288,6 +1296,7 @@ int32_t hydra_lookup_port(char *service) { {"rsh", PORT_RSH, PORT_RSH_SSL}, {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smb2", PORT_SMBNT, PORT_SMBNT_SSL}, {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, {"ssh", PORT_SSH, PORT_SSH_SSL}, @@ -2152,6 +2161,10 @@ int main(int argc, char *argv[]) { SERVICES = hydra_string_replace(SERVICES, "svn ", ""); strcat(unsupported, "svn "); #endif +#if !defined(LIBSMBCLIENT) + SERVICES = hydra_string_replace(SERVICES, "smb2 ", ""); + strcat(unsupported, "smb2 "); +#endif #ifndef LIBOPENSSL // for ftps @@ -2801,6 +2814,25 @@ int main(int argc, char *argv[]) { bail("Compiled without OPENSSL support, module not available!"); #endif } + if (strcmp(hydra_options.service, "smb2") == 0) { +#if !defined(LIBSMBCLIENT) + bail("Compiled without LIBSMBCLIENT support, module not available!"); +#else + if (hydra_options.login != NULL && + (index(hydra_options.login, '\\') != NULL || + index(hydra_options.login, '/') != NULL)) + fprintf(stderr, + "[WARNING] potential windows domain specification found in " + "login. You must use the -m option to pass a domain.\n"); + if (hydra_options.miscptr == NULL || \ + (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, + "[WARNING] Workgroup was not specified, using \"WORKGROUP\"\n"); + } + i = 1; +#endif + } + if (strcmp(hydra_options.service, "rdp") == 0){ #ifndef LIBFREERDP2 bail("Compiled without FREERDP2 support, module not available!"); From a6eda417514dbd86cc19ff8543fa335653061a85 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 18 Jan 2020 11:14:39 +0100 Subject: [PATCH 066/332] fixed off-by-one bug --- Makefile | 94 ++++++++++++++++++++++++++++++++++++++++++++++- hydra-http-form.c | 4 +- 2 files changed, 94 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 372e67e..5ae4846 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,95 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBNCURSES -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DLIBMCACHED -DLIBMONGODB -DLIBBSON -DLIBFREERDP2 -DLIBWINPR2 -DHAVE_MATH_H -DHAVE_SYS_PARAM_H +XLIBS= -lz -lcurses -lssl -lfbclient -lidn -lpcre -lmysqlclient -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -lmongoc-1.0 -lbson-1.0 -lfreerdp2 -lwinpr2 +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu +XIPATHS= -I/usr/include/mysql -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached-1.0 -I/usr/include/libmongoc-1.0 -I/usr/include/libbson-1.0 -I/usr/include/freerdp2 -I/usr/include/winpr2 +PREFIX=/usr/local +XHYDRA_SUPPORT=xhydra +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro + +# +# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC +# +OPTS=-I. -O3 -march=native -flto +# -Wall -g -pedantic +LIBS=-lm +BINDIR = /bin +MANDIR ?= /man/man1/ +DATADIR ?= /etc +DESTDIR ?= + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile + diff --git a/hydra-http-form.c b/hydra-http-form.c index 0035c2b..80b141a 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1342,10 +1342,10 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { // proxy with authentication add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT); - proxy_string = (char *) malloc(strlen(proxy_authentication[selected_proxy]) + 6); + proxy_string = (char *) malloc(strlen(proxy_authentication[selected_proxy]) + 10); if (proxy_string) { strcpy(proxy_string, "Basic "); - strncat(proxy_string, proxy_authentication[selected_proxy], strlen(proxy_authentication[selected_proxy]) - 6); + strcat(proxy_string, proxy_authentication[selected_proxy]); add_header(&ptr_head, "Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT); } else { hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header.\n"); From da568a871aece9f1736e8af7f7adb07242bbe002 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 18 Jan 2020 11:15:11 +0100 Subject: [PATCH 067/332] in the future I will learn not to push Makefile ... --- Makefile | 94 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 92 deletions(-) diff --git a/Makefile b/Makefile index 5ae4846..372e67e 100644 --- a/Makefile +++ b/Makefile @@ -1,95 +1,5 @@ -STRIP=strip -XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBNCURSES -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DLIBMCACHED -DLIBMONGODB -DLIBBSON -DLIBFREERDP2 -DLIBWINPR2 -DHAVE_MATH_H -DHAVE_SYS_PARAM_H -XLIBS= -lz -lcurses -lssl -lfbclient -lidn -lpcre -lmysqlclient -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -lmongoc-1.0 -lbson-1.0 -lfreerdp2 -lwinpr2 -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu -XIPATHS= -I/usr/include/mysql -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached-1.0 -I/usr/include/libmongoc-1.0 -I/usr/include/libbson-1.0 -I/usr/include/freerdp2 -I/usr/include/winpr2 -PREFIX=/usr/local -XHYDRA_SUPPORT=xhydra -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro - -# -# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC -# -OPTS=-I. -O3 -march=native -flto -# -Wall -g -pedantic -LIBS=-lm -BINDIR = /bin -MANDIR ?= /man/man1/ -DATADIR ?= /etc -DESTDIR ?= - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ - hydra-smb2.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ - hydra-smb2.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile - From 69a6b4f7d76de53573da0e1909a59b7bd0878c06 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 18 Jan 2020 11:33:23 +0100 Subject: [PATCH 068/332] added changelog entry --- CHANGES | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES b/CHANGES index d650eec..3de75a9 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 9.1-dev +* new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) * svn: updated to support past and new API * http module now supports F=/S= string matching conditions (thanks to poucz@github) * changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ... From f05718824d467f8b5536eb26a92b48387ee591b4 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 18 Jan 2020 11:47:36 +0100 Subject: [PATCH 069/332] make CFLAGS overridable --- Makefile.am | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 2f15a1d..51a2342 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,13 +1,16 @@ # # Makefile for Hydra - (c) 2001-2020 by van Hauser / THC # -OPTS=-I. -O3 -march=native -flto +WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations +WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align +CFLAGS ?= -march=native -flto +OPTS=-I. -O3 $(CFLAGS) # -Wall -g -pedantic LIBS=-lm -BINDIR = /bin -MANDIR ?= /man/man1/ -DATADIR ?= /etc DESTDIR ?= +BINDIR = /bin +MANDIR = /man/man1/ +DATADIR = /etc SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ From c8de75bf13d6ee57010478de8e283e2f918a0def Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Sat, 18 Jan 2020 19:27:56 +0000 Subject: [PATCH 070/332] Updated xhydra to support smb2 --- hydra-gtk/src/callbacks.c | 19 +++++++++++++++++-- hydra-gtk/src/interface.c | 28 +++++++++++++++++++++++++--- 2 files changed, 42 insertions(+), 5 deletions(-) diff --git a/hydra-gtk/src/callbacks.c b/hydra-gtk/src/callbacks.c index 5600f15..f586208 100644 --- a/hydra-gtk/src/callbacks.c +++ b/hydra-gtk/src/callbacks.c @@ -33,7 +33,7 @@ int hydra_pid = 0; char port[10]; char tasks[10]; char timeout[10]; -char smbparm[12]; +char smbparm[128]; char sapr3id[4]; char passLoginNull[4]; @@ -274,7 +274,7 @@ int hydra_get_options(char *options[]) { options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else if (!strcmp(tmp, "smb")) { - memset(smbparm, 0, 12); + memset(smbparm, 0, sizeof(smbparm)); widget = lookup_widget(GTK_WIDGET(wndMain), "chkDomain"); widget2 = lookup_widget(GTK_WIDGET(wndMain), "chkLocal"); @@ -300,7 +300,22 @@ int hydra_get_options(char *options[]) { strcat(smbparm, "Hash"); } options[i++] = smbparm; + } else if (!strcmp(tmp, "smb2")) { + memset(smbparm, 0, sizeof(smbparm)); + options[i++] = "-m"; + options[i++] = smbparm; + + widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); + int pth = gtk_toggle_button_get_active((GtkToggleButton *) widget); + + widget = lookup_widget(GTK_WIDGET(wndMain), "entSMB2Workgroup"); + + snprintf(smbparm, + sizeof(smbparm)-1, + "nthash:%s workgroup:{%s}", + pth ? "true" : "false", + (char *) gtk_entry_get_text((GtkEntry *) widget)); } else if (!strcmp(tmp, "sapr3")) { widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3"); j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); diff --git a/hydra-gtk/src/interface.c b/hydra-gtk/src/interface.c index 6b665eb..7c002dc 100644 --- a/hydra-gtk/src/interface.c +++ b/hydra-gtk/src/interface.c @@ -171,6 +171,9 @@ GtkWidget *create_wndMain(void) { GtkWidget *btnClear; GtkWidget *label4; GtkWidget *statusbar; + GtkWidget *lblSMB2; + GtkWidget *entSMB2Workgroup; + GtkWidget *fraSMB2; GtkAccelGroup *accel_group; GtkTooltips *tooltips; @@ -273,6 +276,7 @@ GtkWidget *create_wndMain(void) { cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb2"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smtp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5"); @@ -849,25 +853,42 @@ GtkWidget *create_wndMain(void) { gtk_widget_set_name(chkLocal, "chkLocal"); gtk_widget_show(chkLocal); gtk_box_pack_start(GTK_BOX(hbox2), chkLocal, TRUE, TRUE, 0); - gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts", NULL); + gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts (only valid for smb module)", NULL); chkDomain = gtk_check_button_new_with_mnemonic("domain accounts"); gtk_widget_set_name(chkDomain, "chkDomain"); gtk_widget_show(chkDomain); gtk_box_pack_start(GTK_BOX(hbox2), chkDomain, TRUE, TRUE, 0); - gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts", NULL); + gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts (only valid for smb module)", NULL); chkNTLM = gtk_check_button_new_with_mnemonic("Interpret passes as NTLM hashes"); gtk_widget_set_name(chkNTLM, "chkNTLM"); gtk_widget_show(chkNTLM); gtk_box_pack_start(GTK_BOX(hbox2), chkNTLM, FALSE, FALSE, 0); - gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes", NULL); + gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes (valid for both smb and smb2 modules)", NULL); label18 = gtk_label_new("SMB"); gtk_widget_set_name(label18, "label18"); gtk_widget_show(label18); gtk_frame_set_label_widget(GTK_FRAME(frame6), label18); + fraSMB2 = gtk_frame_new(NULL); + gtk_widget_set_name(fraSMB2, "fraSMB2"); + gtk_widget_show(fraSMB2); + gtk_box_pack_start(GTK_BOX(vbox4), fraSMB2, TRUE, TRUE, 0); + + entSMB2Workgroup = gtk_entry_new(); + gtk_widget_set_name(entSMB2Workgroup, "entSMB2Workgroup"); + gtk_widget_show(entSMB2Workgroup); + gtk_container_add(GTK_CONTAINER(fraSMB2), entSMB2Workgroup); + gtk_tooltips_set_tip(tooltips, entSMB2Workgroup, "Workgroup to use for SMB authentication (only valid for smb2 module)", NULL); + gtk_entry_set_text(GTK_ENTRY(entSMB2Workgroup), "WORKGROUP"); + + lblSMB2 = gtk_label_new("SMB2 Workgroup"); + gtk_widget_set_name(lblSMB2, "lblSMB2"); + gtk_widget_show(lblSMB2); + gtk_frame_set_label_widget(GTK_FRAME(fraSMB2), lblSMB2); + frame7 = gtk_frame_new(NULL); gtk_widget_set_name(frame7, "frame7"); gtk_widget_show(frame7); @@ -1164,6 +1185,7 @@ GtkWidget *create_wndMain(void) { GLADE_HOOKUP_OBJECT(wndMain, label4, "label4"); GLADE_HOOKUP_OBJECT(wndMain, statusbar, "statusbar"); GLADE_HOOKUP_OBJECT_NO_REF(wndMain, tooltips, "tooltips"); + GLADE_HOOKUP_OBJECT(wndMain, entSMB2Workgroup, "entSMB2Workgroup"); gtk_window_add_accel_group(GTK_WINDOW(wndMain), accel_group); From 35cab1e1279bc351c5f61c25b3a640887eb59f16 Mon Sep 17 00:00:00 2001 From: Jeroen Roovers Date: Sun, 26 Jan 2020 17:06:47 +0100 Subject: [PATCH 071/332] hydra-vnc: Use buf2 instead of buf in hydra_report A compiler warning told me that buf was used uninitialised here and it turned out that instead of buf2, buf was being used. It makes a lot more sense to report buf2 and that happens to fix the warning as well. --- hydra-vnc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-vnc.c b/hydra-vnc.c index 4d9d706..95a12d8 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -75,7 +75,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char //supported security type switch (buf2[3]) { case 0x0: - hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf[3]); + hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf2[3]); hydra_child_exit(0); break; case 0x1: From 020137ac35af0cd130de0d06512234fac2b1af1d Mon Sep 17 00:00:00 2001 From: Jeroen Roovers Date: Sun, 26 Jan 2020 17:03:54 +0100 Subject: [PATCH 072/332] modules: Remove various unused char *buf --- hydra-irc.c | 1 - hydra-rexec.c | 1 - hydra-rlogin.c | 1 - hydra-rsh.c | 1 - hydra-rtsp.c | 1 - hydra-teamspeak.c | 1 - 6 files changed, 6 deletions(-) diff --git a/hydra-irc.c b/hydra-irc.c index f41f655..4111b86 100644 --- a/hydra-irc.c +++ b/hydra-irc.c @@ -7,7 +7,6 @@ RFC 1459: Internet Relay Chat Protocol */ extern char *HYDRA_EXIT; -char *buf; char buffer[300] = ""; int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL; diff --git a/hydra-rexec.c b/hydra-rexec.c index 5b7073a..4783bcc 100644 --- a/hydra-rexec.c +++ b/hydra-rexec.c @@ -5,7 +5,6 @@ #define COMMAND "/bin/ls /" extern char *HYDRA_EXIT; -char *buf; int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; diff --git a/hydra-rlogin.c b/hydra-rlogin.c index 5819250..36556b5 100644 --- a/hydra-rlogin.c +++ b/hydra-rlogin.c @@ -12,7 +12,6 @@ no memleaks found on 110425 #define TERM "vt100/9600" extern char *HYDRA_EXIT; -char *buf; int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; diff --git a/hydra-rsh.c b/hydra-rsh.c index 67c5e5b..0ec7b2a 100644 --- a/hydra-rsh.c +++ b/hydra-rsh.c @@ -11,7 +11,6 @@ no memleaks found on 110425 */ extern char *HYDRA_EXIT; -char *buf; int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 444ba0c..018f432 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -12,7 +12,6 @@ #include "sasl.h" extern char *HYDRA_EXIT; -char *buf; char packet[500]; char packet2[500]; diff --git a/hydra-teamspeak.c b/hydra-teamspeak.c index 3d9df94..78510e6 100644 --- a/hydra-teamspeak.c +++ b/hydra-teamspeak.c @@ -36,7 +36,6 @@ struct team_speak { extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; -char *buf; int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; From 13934c5b19fd2e42e807b043f2e3e50253bae130 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 28 Jan 2020 11:06:44 +0100 Subject: [PATCH 073/332] gcc-10 fix --- CHANGES | 1 + Makefile.am | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 3de75a9..c3eac12 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,7 @@ Release 9.1-dev * changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ... * added -K command line switch to disable redo attempts (good for mass scanning) * forgot to have the -m option in the hydra help output +* gcc-10 support and various cleanups by Jeroen Roovers, thanks! Release 9.0 diff --git a/Makefile.am b/Makefile.am index 51a2342..49e8476 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -march=native -flto -OPTS=-I. -O3 $(CFLAGS) +OPTS=-I. -O3 $(CFLAGS) -fcommon # -Wall -g -pedantic LIBS=-lm DESTDIR ?= From 60c76d0c647c5de5e8d0c4a52314e0b91d35816b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 29 Jan 2020 12:24:46 +0100 Subject: [PATCH 074/332] BN_zero fix --- hydra-mod.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index 9e7d862..f9b1358 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -466,24 +466,25 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t #if defined(LIBOPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) RSA *ssl_temp_rsa_cb(SSL * ssl, int32_t export, int32_t keylength) { - int32_t ok = 0; + int32_t nok = 0; #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L BIGNUM *n; - n = BN_new(); + if ((n = BN_new()) == NULL) + nok = 1; RSA_get0_key(rsa, (const struct bignum_st **)&n, NULL, NULL); - ok = BN_zero(n); + BN_zero(n); #else if (rsa->n == 0) - ok = 1; + nok = 1; #endif - if(ok == 0 && RSA_size(rsa)!=(keylength/8)){ // n is not zero + if (nok == 0 && RSA_size(rsa)!=(keylength/8)){ // n is not zero #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L BN_free(n); #endif RSA_free(rsa); rsa = NULL; } - if (ok != 0) { // n is zero + if (nok != 0) { // n is zero #if defined(NO_RSA_LEGACY) || OPENSSL_VERSION_NUMBER >= 0x10100000L RSA *rsa = RSA_new(); BIGNUM *f4 = BN_new(); From 531ee7734b49af4c265fc358a5fb224701c3de52 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 1 Feb 2020 11:36:33 +0100 Subject: [PATCH 075/332] fix for very very old compilers --- bfg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index 2ff9f9f..fa741bc 100644 --- a/bfg.c +++ b/bfg.c @@ -192,8 +192,8 @@ uint64_t bf_get_pcount() { int accu(int value) { - int i = 0; - for(int a=1; a<=value; ++a) + int i = 0, a; + for (a=1; a<=value; ++a) { i+=a; } From 720bdb3f968931822874011b112e68664c1b237a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 1 Feb 2020 11:47:13 +0100 Subject: [PATCH 076/332] code indent --- .clang-format | 117 ++ CHANGES | 1 + bfg.c | 85 +- bfg.h | 16 +- crc32.c | 138 +-- d3des.c | 227 +--- d3des.h | 10 +- hmacmd5.c | 25 +- hmacmd5.h | 27 +- hydra-adam6500.c | 120 +- hydra-afp.c | 60 +- hydra-asterisk.c | 41 +- hydra-cisco-enable.c | 230 ++-- hydra-cisco.c | 128 ++- hydra-cvs.c | 65 +- hydra-firebird.c | 40 +- hydra-ftp.c | 35 +- hydra-gtk/src/callbacks.c | 222 ++-- hydra-gtk/src/callbacks.h | 26 +- hydra-gtk/src/interface.c | 226 ++-- hydra-gtk/src/main.c | 11 +- hydra-gtk/src/support.c | 29 +- hydra-gtk/src/support.h | 13 +- hydra-http-form.c | 329 +++--- hydra-http-proxy-urlenum.c | 130 ++- hydra-http-proxy.c | 135 +-- hydra-http.c | 435 ++++---- hydra-http.h | 12 +- hydra-icq.c | 54 +- hydra-imap.c | 428 ++++--- hydra-irc.c | 50 +- hydra-ldap.c | 118 +- hydra-memcached.c | 43 +- hydra-mod.c | 456 ++++---- hydra-mod.h | 14 +- hydra-mongodb.c | 61 +- hydra-mssql.c | 104 +- hydra-mysql.c | 109 +- hydra-ncp.c | 68 +- hydra-nntp.c | 259 +++-- hydra-oracle-listener.c | 64 +- hydra-oracle-sid.c | 44 +- hydra-oracle.c | 79 +- hydra-pcanywhere.c | 26 +- hydra-pcnfs.c | 77 +- hydra-pop3.c | 469 ++++---- hydra-postgres.c | 34 +- hydra-radmin2.c | 323 +++--- hydra-rdp.c | 89 +- hydra-redis.c | 65 +- hydra-rexec.c | 57 +- hydra-rlogin.c | 64 +- hydra-rpcap.c | 32 +- hydra-rsh.c | 62 +- hydra-rtsp.c | 43 +- hydra-s7-300.c | 59 +- hydra-sapr3.c | 64 +- hydra-sip.c | 72 +- hydra-smb.c | 941 ++++++++-------- hydra-smb2.c | 88 +- hydra-smtp-enum.c | 66 +- hydra-smtp.c | 231 ++-- hydra-snmp.c | 223 ++-- hydra-socks5.c | 38 +- hydra-ssh.c | 47 +- hydra-sshkey.c | 26 +- hydra-svn.c | 76 +- hydra-teamspeak.c | 38 +- hydra-telnet.c | 43 +- hydra-time.c | 29 +- hydra-vmauthd.c | 47 +- hydra-vnc.c | 71 +- hydra-xmpp.c | 308 +++--- hydra.c | 2143 +++++++++++++++++++----------------- hydra.h | 266 +++-- libpq-fe.h | 436 ++++---- ntlm.c | 707 ++++++------ ntlm.h | 99 +- performance.h | 20 +- postgres_ext.h | 31 +- pw-inspector.c | 47 +- sasl.c | 165 +-- sasl.h | 11 +- 83 files changed, 6377 insertions(+), 6240 deletions(-) create mode 100644 .clang-format diff --git a/.clang-format b/.clang-format new file mode 100644 index 0000000..87040ec --- /dev/null +++ b/.clang-format @@ -0,0 +1,117 @@ +--- +Language: Cpp +AccessModifierOffset: -2 +AlignAfterOpenBracket: Align +AlignConsecutiveAssignments: false +AlignConsecutiveDeclarations: false +AlignEscapedNewlines: Right +AlignOperands: true +AlignTrailingComments: true +AllowAllParametersOfDeclarationOnNextLine: true +AllowShortBlocksOnASingleLine: false +AllowShortCaseLabelsOnASingleLine: false +AllowShortFunctionsOnASingleLine: All +AllowShortIfStatementsOnASingleLine: false +AllowShortLoopsOnASingleLine: false +AlwaysBreakAfterDefinitionReturnType: None +AlwaysBreakAfterReturnType: None +AlwaysBreakBeforeMultilineStrings: false +AlwaysBreakTemplateDeclarations: false +BinPackArguments: true +BinPackParameters: true +BraceWrapping: + AfterClass: false + AfterControlStatement: false + AfterEnum: false + AfterFunction: false + AfterNamespace: false + AfterObjCDeclaration: false + AfterStruct: false + AfterUnion: false + AfterExternBlock: false + BeforeCatch: false + BeforeElse: false + IndentBraces: false + SplitEmptyFunction: true + SplitEmptyRecord: true + SplitEmptyNamespace: true +BreakBeforeBinaryOperators: None +BreakBeforeBraces: Attach +BreakBeforeInheritanceComma: false +BreakInheritanceList: BeforeColon +BreakBeforeTernaryOperators: true +BreakConstructorInitializersBeforeComma: false +BreakConstructorInitializers: BeforeColon +BreakAfterJavaFieldAnnotations: false +BreakStringLiterals: true +ColumnLimit: 512 +CommentPragmas: '^ IWYU pragma:' +CompactNamespaces: true +ConstructorInitializerAllOnOneLineOrOnePerLine: false +ConstructorInitializerIndentWidth: 4 +ContinuationIndentWidth: 4 +Cpp11BracedListStyle: true +DerivePointerAlignment: false +DisableFormat: false +ExperimentalAutoDetectBinPacking: false +FixNamespaceComments: true +ForEachMacros: + - foreach + - Q_FOREACH + - BOOST_FOREACH +IncludeBlocks: Preserve +IncludeCategories: + - Regex: '^"(llvm|llvm-c|clang|clang-c)/' + Priority: 2 + - Regex: '^(<|"(gtest|gmock|isl|json)/)' + Priority: 3 + - Regex: '.*' + Priority: 1 +IncludeIsMainRegex: '(Test)?$' +IndentCaseLabels: false +IndentPPDirectives: None +IndentWidth: 2 +IndentWrappedFunctionNames: false +JavaScriptQuotes: Leave +JavaScriptWrapImports: true +KeepEmptyLinesAtTheStartOfBlocks: false +MacroBlockBegin: '' +MacroBlockEnd: '' +MaxEmptyLinesToKeep: 1 +NamespaceIndentation: None +ObjCBinPackProtocolList: Auto +ObjCBlockIndentWidth: 2 +ObjCSpaceAfterProperty: false +ObjCSpaceBeforeProtocolList: true +PenaltyBreakAssignment: 2 +PenaltyBreakBeforeFirstCallParameter: 19 +PenaltyBreakComment: 300 +PenaltyBreakFirstLessLess: 120 +PenaltyBreakString: 1000 +PenaltyBreakTemplateDeclaration: 10 +PenaltyExcessCharacter: 1000000 +PenaltyReturnTypeOnItsOwnLine: 60 +PointerAlignment: Right +ReflowComments: true +SortIncludes: true +SortUsingDeclarations: true +SpaceAfterCStyleCast: false +SpaceAfterTemplateKeyword: true +SpaceBeforeAssignmentOperators: true +SpaceBeforeCpp11BracedList: false +SpaceBeforeCtorInitializerColon: true +SpaceBeforeInheritanceColon: true +SpaceBeforeParens: ControlStatements +SpaceBeforeRangeBasedForLoopColon: true +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInAngles: false +SpacesInContainerLiterals: true +SpacesInCStyleCastParentheses: false +SpacesInParentheses: false +SpacesInSquareBrackets: false +Standard: Cpp11 +TabWidth: 2 +UseTab: Never +... + diff --git a/CHANGES b/CHANGES index c3eac12..3979a1d 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,7 @@ Release 9.1-dev * added -K command line switch to disable redo attempts (good for mass scanning) * forgot to have the -m option in the hydra help output * gcc-10 support and various cleanups by Jeroen Roovers, thanks! +* added .clang-format and formatted all code Release 9.0 diff --git a/bfg.c b/bfg.c index fa741bc..3479268 100644 --- a/bfg.c +++ b/bfg.c @@ -1,17 +1,18 @@ -/* code original by Jan Dlabal , partially rewritten by vh */ +/* code original by Jan Dlabal , partially rewritten by vh + */ +#include +#include #include #include #include -#include -#include #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif #include "bfg.h" @@ -21,20 +22,26 @@ bf_option bf_options; extern int32_t debug; -static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { +static int32_t add_single_char(char ch, char flags, int32_t *crs_len) { if ((ch >= '2' && ch <= '9') || ch == '0') { if ((flags & BF_NUMS) > 0) { - printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", ch); + printf("[ERROR] character %c defined in -x although the whole number " + "range was already defined by '1', ignored\n", + ch); return 0; } - //printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", ch); + // printf("[WARNING] adding character %c for -x, note that '1' will add all + // numbers from 0-9\n", ch); } - if (tolower((int32_t) ch) >= 'b' && tolower((int32_t) ch) <= 'z') { + if (tolower((int32_t)ch) >= 'b' && tolower((int32_t)ch) <= 'z') { if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) { - printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", ch, ch <= 'Z' ? 'A' : 'a'); + printf("[ERROR] character %c defined in -x although the whole letter " + "range was already defined by '%c', ignored\n", + ch, ch <= 'Z' ? 'A' : 'a'); return 0; } - //printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low"); + // printf("[WARNING] adding character %c for -x, note that '%c' will add all + // %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low"); } (*crs_len)++; if (BF_CHARSMAX - *crs_len < 1) { @@ -66,7 +73,8 @@ int32_t bf_init(char *arg) { } bf_options.from = atoi(arg); if (bf_options.from < 1 || bf_options.from > 127) { - fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n"); + fprintf(stderr, "Error: minimum length must be between 1 and 127, format: " + "-x min:max:types\n"); return 1; } arg = tmp + 1; @@ -86,7 +94,8 @@ int32_t bf_init(char *arg) { tmp++; if (bf_options.from > bf_options.to) { - fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n"); + fprintf(stderr, "Error: you specified a minimum length higher than the " + "maximum length!\n"); return 1; } @@ -166,23 +175,23 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + memset((char *)bf_options.state, 0, sizeof(bf_options.state)); if (debug) printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); return 0; } - uint64_t bf_get_pcount() { int32_t i; double count = 0; uint64_t foo; for (i = bf_options.from; i <= bf_options.to; i++) - count += (pow((double) bf_options.crs_len, (double) i)); + count += (pow((double)bf_options.crs_len, (double)i)); if (count >= 0xffffffff) { - fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) generates more than 4 billion passwords\n"); + fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) " + "generates more than 4 billion passwords\n"); exit(-1); } @@ -190,12 +199,10 @@ uint64_t bf_get_pcount() { return foo; } -int accu(int value) -{ +int accu(int value) { int i = 0, a; - for (a=1; a<=value; ++a) - { - i+=a; + for (a = 1; a <= value; ++a) { + i += a; } return i; } @@ -204,29 +211,27 @@ char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) - return NULL; // we are done + return NULL; // we are done if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } - if(rainy) - { - for (i = 0; i < bf_options.current; i++){ - bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len]; - bf_options.rain += i+1; - } - if(bf_options.crs_len%10 == 0) - bf_options.rain-=accu(bf_options.current)-2; - else if(bf_options.crs_len%2 == 0) - bf_options.rain-=accu(bf_options.current)-4; - else if(bf_options.crs_len%2) - bf_options.rain-=accu(bf_options.current)-1; - } - else + if (rainy) { + for (i = 0; i < bf_options.current; i++) { + bf_options.ptr[i] = bf_options.crs[(bf_options.state[i] + bf_options.rain) % bf_options.crs_len]; + bf_options.rain += i + 1; + } + if (bf_options.crs_len % 10 == 0) + bf_options.rain -= accu(bf_options.current) - 2; + else if (bf_options.crs_len % 2 == 0) + bf_options.rain -= accu(bf_options.current) - 4; + else if (bf_options.crs_len % 2) + bf_options.rain -= accu(bf_options.current) - 1; + } else for (i = 0; i < bf_options.current; i++) - bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; bf_options.ptr[bf_options.current] = 0; if (debug) { @@ -243,7 +248,7 @@ char *bf_next(_Bool rainy) { if (pos < 0) { bf_options.current++; - memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + memset((char *)bf_options.state, 0, sizeof(bf_options.state)); } return bf_options.ptr; diff --git a/bfg.h b/bfg.h index ab2f5e4..a3c36bb 100644 --- a/bfg.h +++ b/bfg.h @@ -24,7 +24,9 @@ #define BF_WEBSITE "http://houbysoft.com/bfg/" #define BF_BUFLEN 1024 -#define BF_CHARSMAX 256 /* how many max possibilities there are for characters, normally it's 2^8 = 256 */ +#define BF_CHARSMAX \ + 256 /* how many max possibilities there are for characters, normally it's \ + 2^8 = 256 */ #define BF_LOWER 1 #define BF_UPPER 2 @@ -35,13 +37,13 @@ typedef struct { unsigned char to; unsigned char current; unsigned char state[BF_CHARSMAX]; /* which position has which character */ - unsigned char pos; /* where in current string length is the position */ - unsigned char crs_len; /* length of selected charset */ - char *arg; /* argument received for bfg commandline option */ - char *crs; /* internal representation of charset */ - char *ptr; /* ptr to the last generated password */ + unsigned char pos; /* where in current string length is the position */ + unsigned char crs_len; /* length of selected charset */ + char *arg; /* argument received for bfg commandline option */ + char *crs; /* internal representation of charset */ + char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - uint64_t rain; /* accumulator for the rain */ + uint64_t rain; /* accumulator for the rain */ } bf_option; extern bf_option bf_options; diff --git a/crc32.c b/crc32.c index 364cfa4..ee9839b 100644 --- a/crc32.c +++ b/crc32.c @@ -1,99 +1,61 @@ /*- -* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or -* code or tables extracted from it, as desired without restriction. -* -* First, the polynomial itself and its table of feedback terms. The -* polynomial is -* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 -* -* Note that we take it "backwards" and put the highest-order term in -* the lowest-order bit. The X^32 term is "implied"; the LSB is the -* X^31 term, etc. The X^0 term (usually shown as "+1") results in -* the MSB being 1 -* -* Note that the usual hardware shift register implementation, which -* is what we're using (we're merely optimizing it by doing eight-bit -* chunks at a time) shifts bits into the lowest-order term. In our -* implementation, that means shifting towards the right. Why do we -* do it this way? Because the calculated CRC must be transmitted in -* order from highest-order term to lowest-order term. UARTs transmit -* characters in order from LSB to MSB. By storing the CRC this way -* we hand it to the UART in the order low-byte to high-byte; the UART -* sends each low-bit to hight-bit; and the result is transmission bit -* by bit from highest- to lowest-order term without requiring any bit -* shuffling on our part. Reception works similarly -* -* The feedback terms table consists of 256, 32-bit entries. Notes -* -* The table can be generated at runtime if desired; code to do so -* is shown later. It might not be obvious, but the feedback -* terms simply represent the results of eight shift/xor opera -* tions for all combinations of data and CRC register values -* -* The values must be right-shifted by eight bits by the "updcrc -* logic; the shift must be unsigned (bring in zeroes). On some -* hardware you could probably optimize the shift in assembler by -* using byte-swap instructions -* polynomial $edb88320 -* -* -* CRC32 code derived from work by Gary S. Brown. -*/ + * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or + * code or tables extracted from it, as desired without restriction. + * + * First, the polynomial itself and its table of feedback terms. The + * polynomial is + * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 + * + * Note that we take it "backwards" and put the highest-order term in + * the lowest-order bit. The X^32 term is "implied"; the LSB is the + * X^31 term, etc. The X^0 term (usually shown as "+1") results in + * the MSB being 1 + * + * Note that the usual hardware shift register implementation, which + * is what we're using (we're merely optimizing it by doing eight-bit + * chunks at a time) shifts bits into the lowest-order term. In our + * implementation, that means shifting towards the right. Why do we + * do it this way? Because the calculated CRC must be transmitted in + * order from highest-order term to lowest-order term. UARTs transmit + * characters in order from LSB to MSB. By storing the CRC this way + * we hand it to the UART in the order low-byte to high-byte; the UART + * sends each low-bit to hight-bit; and the result is transmission bit + * by bit from highest- to lowest-order term without requiring any bit + * shuffling on our part. Reception works similarly + * + * The feedback terms table consists of 256, 32-bit entries. Notes + * + * The table can be generated at runtime if desired; code to do so + * is shown later. It might not be obvious, but the feedback + * terms simply represent the results of eight shift/xor opera + * tions for all combinations of data and CRC register values + * + * The values must be right-shifted by eight bits by the "updcrc + * logic; the shift must be unsigned (bring in zeroes). On some + * hardware you could probably optimize the shift in assembler by + * using byte-swap instructions + * polynomial $edb88320 + * + * + * CRC32 code derived from work by Gary S. Brown. + */ #include #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif -uint32_t crc32_tab[] = { - 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, - 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, - 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, - 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, - 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, - 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, - 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, - 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, - 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, - 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, - 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, - 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, - 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, - 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, - 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, - 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, - 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, - 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, - 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, - 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, - 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, - 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, - 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, - 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, - 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, - 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, - 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, - 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, - 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, - 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, - 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, - 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, - 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, - 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, - 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, - 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, - 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, - 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, - 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, - 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, - 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, - 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, - 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d -}; +uint32_t crc32_tab[] = {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, + 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, + 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f, + 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, + 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, + 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d}; #ifndef HAVE_ZLIB diff --git a/d3des.c b/d3des.c index 7f964ea..c6cc054 100644 --- a/d3des.c +++ b/d3des.c @@ -37,53 +37,32 @@ static void unscrun(unsigned long *, unsigned char *); static void desfunc(unsigned long *, unsigned long *); static void cookey(unsigned long *); -static unsigned long KnL[32] = { 0L }; +static unsigned long KnL[32] = {0L}; /* not needed ... static unsigned long KnR[32] = { 0L }; static unsigned long Kn3[32] = { 0L }; static unsigned char Df_Key[24] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; */ -static unsigned short bytebit[8] = { - 01, 02, 04, 010, 020, 040, 0100, 0200 -}; +static unsigned short bytebit[8] = {01, 02, 04, 010, 020, 040, 0100, 0200}; -static unsigned long bigbyte[24] = { - 0x800000L, 0x400000L, 0x200000L, 0x100000L, - 0x80000L, 0x40000L, 0x20000L, 0x10000L, - 0x8000L, 0x4000L, 0x2000L, 0x1000L, - 0x800L, 0x400L, 0x200L, 0x100L, - 0x80L, 0x40L, 0x20L, 0x10L, - 0x8L, 0x4L, 0x2L, 0x1L -}; +static unsigned long bigbyte[24] = {0x800000L, 0x400000L, 0x200000L, 0x100000L, 0x80000L, 0x40000L, 0x20000L, 0x10000L, 0x8000L, 0x4000L, 0x2000L, 0x1000L, 0x800L, 0x400L, 0x200L, 0x100L, 0x80L, 0x40L, 0x20L, 0x10L, 0x8L, 0x4L, 0x2L, 0x1L}; /* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ -static unsigned char pc1[56] = { - 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, - 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, - 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, - 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 -}; +static unsigned char pc1[56] = {56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3}; -static unsigned char totrot[16] = { - 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 -}; +static unsigned char totrot[16] = {1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28}; -static unsigned char pc2[48] = { - 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, - 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, - 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, - 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 -}; +static unsigned char pc2[48] = {13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31}; -void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ - unsigned char *key; - int32_t edf; +void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ + unsigned char *key; +int32_t edf; { register int32_t i, j, l, m, n; unsigned char pc1m[56], pcr[56]; @@ -126,8 +105,7 @@ void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ return; } -static void cookey(raw1) - register unsigned long *raw1; +static void cookey(raw1) register unsigned long *raw1; { register unsigned long *cook, *raw0; unsigned long dough[32]; @@ -149,8 +127,7 @@ static void cookey(raw1) return; } -void cpkey(into) - register unsigned long *into; +void cpkey(into) register unsigned long *into; { register unsigned long *from, *endp; @@ -160,8 +137,7 @@ void cpkey(into) return; } -void usekey(from) - register unsigned long *from; +void usekey(from) register unsigned long *from; { register unsigned long *to, *endp; @@ -180,9 +156,8 @@ void des(unsigned char *inblock, unsigned char *outblock) { return; } -static void scrunch(outof, into) - register unsigned char *outof; - register unsigned long *into; +static void scrunch(outof, into) register unsigned char *outof; +register unsigned long *into; { *into = (*outof++ & 0xffL) << 24; *into |= (*outof++ & 0xffL) << 16; @@ -195,9 +170,8 @@ static void scrunch(outof, into) return; } -static void unscrun(outof, into) - register unsigned long *outof; - register unsigned char *into; +static void unscrun(outof, into) register unsigned long *outof; +register unsigned char *into; { *into++ = (*outof >> 24) & 0xffL; *into++ = (*outof >> 16) & 0xffL; @@ -210,160 +184,31 @@ static void unscrun(outof, into) return; } -static unsigned long SP1[64] = { - 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, - 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, - 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, - 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, - 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, - 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, - 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, - 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, - 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, - 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, - 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, - 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, - 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, - 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L -}; +static unsigned long SP1[64] = {0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, + 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L}; -static unsigned long SP2[64] = { - 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, - 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, - 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, - 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, - 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, - 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, - 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, - 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, - 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, - 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, - 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, - 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, - 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, - 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, - 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, - 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L -}; +static unsigned long SP2[64] = {0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, + 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L}; -static unsigned long SP3[64] = { - 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, - 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, - 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, - 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, - 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, - 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, - 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, - 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, - 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, - 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, - 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, - 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, - 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, - 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, - 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, - 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L -}; +static unsigned long SP3[64] = {0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, + 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L}; -static unsigned long SP4[64] = { - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, - 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, - 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, - 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, - 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, - 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, - 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, - 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, - 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L -}; +static unsigned long SP4[64] = {0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, + 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L}; -static unsigned long SP5[64] = { - 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, - 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, - 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, - 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, - 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, - 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, - 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, - 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, - 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, - 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, - 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, - 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, - 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, - 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, - 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, - 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L -}; +static unsigned long SP5[64] = {0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, + 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L}; -static unsigned long SP6[64] = { - 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, - 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, - 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, - 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, - 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, - 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, - 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, - 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, - 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, - 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, - 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, - 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, - 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, - 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L -}; +static unsigned long SP6[64] = {0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, + 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L}; -static unsigned long SP7[64] = { - 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, - 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, - 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, - 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, - 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, - 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, - 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, - 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, - 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, - 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, - 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, - 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, - 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, - 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, - 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, - 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L -}; +static unsigned long SP7[64] = {0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, + 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L}; -static unsigned long SP8[64] = { - 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, - 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, - 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, - 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, - 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, - 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, - 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, - 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, - 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, - 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, - 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, - 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, - 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, - 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, - 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, - 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L -}; +static unsigned long SP8[64] = {0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, + 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L}; -static void desfunc(block, keys) - register unsigned long *block, *keys; +static void desfunc(block, keys) register unsigned long *block, *keys; { register unsigned long fval, work, right, leftt; register int32_t round; diff --git a/d3des.h b/d3des.h index 18be88b..3b03d8a 100644 --- a/d3des.h +++ b/d3des.h @@ -1,9 +1,9 @@ #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif /* @@ -27,8 +27,8 @@ * (GEnie : OUTER; CIS : [71755,204]) */ -#define EN0 0 /* MODE == encrypt */ -#define DE1 1 /* MODE == decrypt */ +#define EN0 0 /* MODE == encrypt */ +#define DE1 1 /* MODE == decrypt */ extern void deskey(unsigned char *, int32_t); diff --git a/hmacmd5.c b/hmacmd5.c index 9400aba..d7b7691 100644 --- a/hmacmd5.c +++ b/hmacmd5.c @@ -1,24 +1,24 @@ -/* +/* Unix SMB/CIFS implementation. HMAC MD5 code for use in NTLMv2 Copyright (C) Luke Kenneth Casson Leighton 1996-2000 Copyright (C) Andrew Tridgell 1992-2000 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc. - + Free Software Foundation 51 Franklin Street, Fifth Floor Boston, MA 02110-1335 @@ -34,8 +34,8 @@ */ #ifdef LIBOPENSSL -#include #include "hmacmd5.h" +#include #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) @@ -43,7 +43,7 @@ the rfc 2104 version of hmac_md5 initialisation. ***********************************************************************/ -void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) { +void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) { int32_t i; unsigned char tk[16]; @@ -52,7 +52,7 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Con MD5_CTX tctx; MD5_Init(&tctx); - MD5_Update(&tctx, (void *) key, key_len); + MD5_Update(&tctx, (void *)key, key_len); MD5_Final(tk, &tctx); key = tk; @@ -79,7 +79,7 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Con the microsoft version of hmac_md5 initialisation. ***********************************************************************/ -void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context * ctx) { +void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) { int32_t i; /* if key is longer than 64 bytes truncate it */ @@ -107,15 +107,12 @@ void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5 update hmac_md5 "inner" buffer ***********************************************************************/ -void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context * ctx) { - MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */ -} +void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx) { MD5_Update(&ctx->ctx, (void *)text, text_len); /* then text of datagram */ } /*********************************************************************** finish off hmac_md5 "inner" buffer and generate outer one. ***********************************************************************/ -void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) -{ +void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx) { MD5_CTX ctx_o; MD5_Final(digest, &ctx->ctx); diff --git a/hmacmd5.h b/hmacmd5.h index 54e1393..7677bc6 100644 --- a/hmacmd5.h +++ b/hmacmd5.h @@ -1,19 +1,19 @@ -/* +/* Unix SMB/CIFS implementation. Interface header: Scheduler service Copyright (C) Luke Kenneth Casson Leighton 1996-1999 Copyright (C) Andrew Tridgell 1992-1999 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc. @@ -30,28 +30,25 @@ */ #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif #include #ifndef _HMAC_MD5_H typedef struct { - MD5_CTX ctx; - unsigned char k_ipad[65]; - unsigned char k_opad[65]; + MD5_CTX ctx; + unsigned char k_ipad[65]; + unsigned char k_opad[65]; } HMACMD5Context; #endif /* _HMAC_MD5_H */ - void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx); -void hmac_md5_init_limK_to_64(const unsigned char* key, int32_t key_len,HMACMD5Context *ctx); +void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx); void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx); void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx); -void hmac_md5( unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest); - - +void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest); diff --git a/hydra-adam6500.c b/hydra-adam6500.c index 9382fd1..ae664d4 100644 --- a/hydra-adam6500.c +++ b/hydra-adam6500.c @@ -6,57 +6,15 @@ extern char *HYDRA_EXIT; -unsigned char adam6500_req1[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10, - 0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31, - 0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, - 0x1f, 0x1f, 0x1f, 0x0d, 0x00 -}; -unsigned char adam6500_resp1[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10, - 0x27, 0x0f, 0x00, 0x08 -}; -unsigned char adam6500_req2[] = { - 0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03, - 0x27, 0x0f, 0x00, 0x7d -}; -unsigned char adam6500_resp2[] = { - 0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03, - 0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00 -}; +unsigned char adam6500_req1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31, 0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x0d, 0x00}; +unsigned char adam6500_resp1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08}; +unsigned char adam6500_req2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03, 0x27, 0x0f, 0x00, 0x7d}; +unsigned char adam6500_resp2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03, 0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; -int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass; unsigned char buffer[300]; @@ -66,13 +24,13 @@ int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, pass = empty; memcpy(buffer, adam6500_req1, sizeof(adam6500_req1)); - - for (i = 0; i < 8 && i < strlen(pass); i++) + + for (i = 0; i < 8 && i < strlen(pass); i++) buffer[19 + i] = pass[i] ^ 0x3f; if (hydra_send(s, buffer, sizeof(adam6500_req1), 0) < 0) return 1; - + if (recv(s, buffer, sizeof(buffer), 0) == 12 && memcmp(buffer, adam6500_resp1, sizeof(adam6500_resp1)) == 0) { if (hydra_send(s, adam6500_req2, sizeof(adam6500_req2), 0) < 0) return 1; @@ -90,7 +48,7 @@ int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, return 1; } -void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL; @@ -100,34 +58,34 @@ void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_adam6500(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -145,13 +103,13 @@ void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr } } -int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-afp.c b/hydra-afp.c index 0e55f6f..1d2801d 100644 --- a/hydra-afp.c +++ b/hydra-afp.c @@ -1,6 +1,6 @@ /* * Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com - * + * * tested with afpfs-ng 0.8.1 * AFPFS-NG: http://alexthepuffin.googlepages.com/home * @@ -9,33 +9,31 @@ #include "hydra-mod.h" #ifndef LIBAFP -void dummy_afp() { - printf("\n"); -} +void dummy_afp() { printf("\n"); } #else -#define FREE(x) \ - if (x != NULL) { \ - free(x); \ - x = NULL; \ - } +#define FREE(x) \ + if (x != NULL) { \ + free(x); \ + x = NULL; \ + } -#include #include #include +#include extern char *HYDRA_EXIT; void stdout_fct(void *priv, enum loglevels loglevel, int32_t logtype, const char *message) { - //fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); + // fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); } static struct libafpclient afpclient = { - .unmount_volume = NULL, - .log_for_client = stdout_fct, - .forced_ending_hook = NULL, - .scan_extra_fds = NULL, - .loop_started = NULL, + .unmount_volume = NULL, + .log_for_client = stdout_fct, + .forced_ending_hook = NULL, + .scan_extra_fds = NULL, + .loop_started = NULL, }; static int32_t server_subconnect(struct afp_url url) { @@ -43,14 +41,15 @@ static int32_t server_subconnect(struct afp_url url) { struct afp_server *server = NULL; conn_req = malloc(sizeof(struct afp_connection_request)); -// server = malloc(sizeof(struct afp_server)); + // server = malloc(sizeof(struct afp_server)); memset(conn_req, 0, sizeof(struct afp_connection_request)); conn_req->url = url; conn_req->url.requested_version = 31; - //fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername); + // fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", + // url.username, url.password, url.servername); if (strlen(url.uamname) > 0) { if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) { @@ -63,13 +62,14 @@ static int32_t server_subconnect(struct afp_url url) { conn_req->uam_mask = default_uams_mask(); } - //fprintf(stderr, "Initiating connection attempt.\n"); + // fprintf(stderr, "Initiating connection attempt.\n"); if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) { FREE(conn_req); -// FREE(server); + // FREE(server); return -1; } - //fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam)); + // fprintf(stderr, "Connected to server: %s via UAM: %s\n", + // server->server_name_printable, uam_bitmap_to_string(server->using_uam)); FREE(conn_req); FREE(server); @@ -77,7 +77,7 @@ static int32_t server_subconnect(struct afp_url url) { return 0; } -int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN]; struct afp_url tmpurl; @@ -88,7 +88,6 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char init_uams(); afp_default_url(&tmpurl); - if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -110,7 +109,6 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char return 3; return 2; } else { - hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; @@ -118,7 +116,7 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } -void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_AFP; @@ -127,9 +125,8 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -139,7 +136,8 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL port = myport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -149,7 +147,7 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_afp(sock, ip, port, options, miscptr, fp); @@ -172,13 +170,13 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL #endif -int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-asterisk.c b/hydra-asterisk.c index 1ec351d..bbcfce7 100644 --- a/hydra-asterisk.c +++ b/hydra-asterisk.c @@ -1,17 +1,16 @@ -//This plugin was written by david@ +// This plugin was written by david@ // -//This plugin is written for Asterisk Call Manager -//which is running by default on TCP/5038 +// This plugin is written for Asterisk Call Manager +// which is running by default on TCP/5038 // #include "hydra-mod.h" - extern char *HYDRA_EXIT; char *buf; -int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[1024]; @@ -41,7 +40,10 @@ int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, hydra_report(stderr, "[DEBUG] S: %s\n", buf); if (buf == NULL || (strstr(buf, "Response: ") == NULL)) { - hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf); + hydra_report(stderr, + "[ERROR] Asterisk Call Manager protocol error or service " + "shutdown: %s\n", + buf); free(buf); return 4; } @@ -62,7 +64,7 @@ int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, return 2; } -void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; @@ -71,10 +73,10 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -89,28 +91,31 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); - //fprintf(stderr, "%s\n",buf); - //banner should look like: - //Asterisk Call Manager/1.1 + // fprintf(stderr, "%s\n",buf); + // banner should look like: + // Asterisk Call Manager/1.1 if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) { /* check the first line */ if (verbose || debug) - hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf); + hydra_report(stderr, + "[ERROR] Not an Asterisk Call Manager protocol or " + "service shutdown: %s\n", + buf); hydra_child_exit(2); } free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_asterisk(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -123,13 +128,13 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr } } -int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-cisco-enable.c b/hydra-cisco-enable.c index 4cc9bdf..5a835e1 100644 --- a/hydra-cisco-enable.c +++ b/hydra-cisco-enable.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[300]; @@ -42,8 +42,7 @@ int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char opti } } - if (buf != NULL - && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) { + if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) { free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -58,7 +57,7 @@ int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char opti return 3; } -void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; char buffer[300]; @@ -70,117 +69,130 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + + /* Cisco AAA Support */ + if (strlen(login = hydra_get_next_login()) != 0) { + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + free(buf); } - /* Cisco AAA Support */ - if (strlen(login = hydra_get_next_login()) != 0) { - while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) { - if (hydra_strcasestr(buf, "ress ENTER") != NULL) - hydra_send(sock, "\r\n", 2, 0); - free(buf); - } - - sprintf(buffer, "%.250s\r\n", login); - if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid()); - hydra_child_exit(2); - } - } - - if (miscptr != NULL) { - if (buf != NULL) - free(buf); - while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { - if (hydra_strcasestr(buf, "ress ENTER") != NULL) - hydra_send(sock, "\r\n", 2, 0); - free(buf); - } - - sprintf(buffer, "%.250s\r\n", miscptr); - if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid()); - hydra_child_exit(2); - } + sprintf(buffer, "%.250s\r\n", login); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid()); + hydra_child_exit(2); } + } + if (miscptr != NULL) { if (buf != NULL) free(buf); - buf = hydra_receive_line(sock); - if (hydra_strcasestr(buf, "ress ENTER") != NULL) { - hydra_send(sock, "\r\n", 2, 0); + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); free(buf); - buf = hydra_receive_line(sock); } - if (strstr(buf, "assw") != NULL) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int32_t) getpid()); - hydra_child_exit(2); - } - free(buf); - - next_run = 2; - break; - } - case 2: /* run the cracking function */ - { - unsigned char *buf2; - int32_t f = 0; - - sprintf(buffer, "%.250s\r\n", "ena"); + sprintf(buffer, "%.250s\r\n", miscptr); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid()); hydra_child_exit(2); } - - do { - if (f != 0) - free(buf2); - else - f = 1; - if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { - if (failc < retry) { - next_run = 1; - failc++; - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry); - sleep(3); - break; - } else { - fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid()); - hydra_child_exit(0); - } - } - } while (strstr((char *) buf2, "assw") == NULL); - free(buf2); - if (next_run != 0) - break; - failc = 0; - - next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp); - break; } - case 3: /* clean exit */ + + if (buf != NULL) + free(buf); + buf = hydra_receive_line(sock); + if (hydra_strcasestr(buf, "ress ENTER") != NULL) { + hydra_send(sock, "\r\n", 2, 0); + free(buf); + buf = hydra_receive_line(sock); + } + + if (strstr(buf, "assw") != NULL) { + if (quiet != 1) + fprintf(stderr, + "[ERROR] Child with pid %d terminating - can not login, can " + "not login\n", + (int32_t)getpid()); + hydra_child_exit(2); + } + free(buf); + + next_run = 2; + break; + } + case 2: /* run the cracking function */ + { + unsigned char *buf2; + int32_t f = 0; + + sprintf(buffer, "%.250s\r\n", "ena"); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t)getpid()); + hydra_child_exit(2); + } + + do { + if (f != 0) + free(buf2); + else + f = 1; + if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + if (quiet != 1) + fprintf(stderr, + "[ERROR] Child with pid %d was disconnected - retrying " + "(%d of %d retries)\n", + (int32_t)getpid(), failc, retry); + sleep(3); + break; + } else { + fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid()); + hydra_child_exit(0); + } + } + } while (strstr((char *)buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + + next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp); + break; + } + case 3: /* clean exit */ sprintf(buffer, "%.250s\r\n", "exit"); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t)getpid()); hydra_child_exit(0); } if (sock >= 0) @@ -196,13 +208,13 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis } } -int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -210,12 +222,16 @@ int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, c return 0; } -void usage_cisco_enable(const char* service) { - printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" - "Note: if AAA authentication is used, use the -l option for the username\n" +void usage_cisco_enable(const char *service) { + printf("Module cisco-enable is optionally taking the logon password for the " + "cisco device\n" + "Note: if AAA authentication is used, use the -l option for the " + "username\n" "and the optional parameter for the password of the user.\n" "Examples:\n" " hydra -P pass.txt target cisco-enable (direct console access)\n" - " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" - " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); + " hydra -P pass.txt -m cisco target cisco-enable (Logon password " + "cisco)\n" + " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login " + "foo, password bar)\n"); } diff --git a/hydra-cisco.c b/hydra-cisco.c index 32d0e20..72709ac 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -7,7 +7,7 @@ extern char *HYDRA_EXIT; char *buf = NULL; -int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[300]; @@ -52,7 +52,7 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } - + buf = NULL; do { if (buf != NULL) @@ -95,7 +95,6 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch } } while (buf != NULL && strlen(buf) <= 1); } - } if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) { @@ -115,7 +114,7 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; @@ -125,63 +124,68 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - unsigned char *buf2 = NULL; - int32_t f = 0; + case 1: /* connect and service init function */ + { + unsigned char *buf2 = NULL; + int32_t f = 0; - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL) - hydra_send(sock, "\r\n", 2, 0); - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - do { - if (f != 0) { - free(buf2); - buf2 = NULL; - } else - f = 1; - if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { - if (failc < retry) { - next_run = 1; - failc++; - if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry); - sleep(3); - break; - } else { - if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid()); - hydra_child_exit(0); - } - } - if (buf2 != NULL && hydra_strcasestr((char*)buf2, "ress ENTER") != NULL) - hydra_send(sock, "\r\n", 2, 0); - } while (buf2 != NULL && strstr((char *) buf2, "assw") == NULL); - free(buf2); - if (next_run != 0) - break; - failc = 0; - next_run = 2; - break; + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + do { + if (f != 0) { + free(buf2); + buf2 = NULL; + } else + f = 1; + if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + if (quiet != 1) + hydra_report(stderr, + "[ERROR] Child with pid %d was disconnected - " + "retrying (%d of %d retries)\n", + (int32_t)getpid(), failc, retry); + sleep(3); + break; + } else { + if (quiet != 1) + hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid()); + hydra_child_exit(0); + } + } + if (buf2 != NULL && hydra_strcasestr((char *)buf2, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } while (buf2 != NULL && strstr((char *)buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_cisco(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -199,13 +203,13 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F } } -int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -213,6 +217,8 @@ int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *mi return 0; } -void usage_cisco(const char* service) { - printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); +void usage_cisco(const char *service) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends " + "an initial\n" + "ENTER when connecting to the service.\n"); } diff --git a/hydra-cvs.c b/hydra-cvs.c index b745504..5dfb40b 100644 --- a/hydra-cvs.c +++ b/hydra-cvs.c @@ -5,38 +5,32 @@ extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; char *buf; -int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024], pass2[513]; int32_t i; char *directory = miscptr; -/* evil cvs encryption sheme... - 0 111 P 125 p 58 -! 120 1 52 A 57 Q 55 a 121 q 113 -" 53 2 75 B 83 R 54 b 117 r 32 - 3 119 C 43 S 66 c 104 s 90 - 4 49 D 46 T 124 d 101 t 44 -% 109 5 34 E 102 U 126 e 100 u 98 -& 72 6 82 F 40 V 59 f 69 v 60 -' 108 7 81 G 89 W 47 g 73 w 51 -( 70 8 95 H 38 X 92 h 99 x 33 -) 64 9 65 I 103 Y 71 i 63 y 97 -* 76 : 112 J 45 Z 115 j 94 z 62 -+ 67 ; 86 K 50 k 93 -, 116 < 118 L 42 l 39 -- 74 = 110 M 123 m 37 -. 68 > 122 N 91 n 61 -/ 87 ? 105 O 35 _ 56 o 48 -*/ + /* evil cvs encryption sheme... + 0 111 P 125 p 58 + ! 120 1 52 A 57 Q 55 a 121 q 113 + " 53 2 75 B 83 R 54 b 117 r 32 + 3 119 C 43 S 66 c 104 s 90 + 4 49 D 46 T 124 d 101 t 44 + % 109 5 34 E 102 U 126 e 100 u 98 + & 72 6 82 F 40 V 59 f 69 v 60 + ' 108 7 81 G 89 W 47 g 73 w 51 + ( 70 8 95 H 38 X 92 h 99 x 33 + ) 64 9 65 I 103 Y 71 i 63 y 97 + * 76 : 112 J 45 Z 115 j 94 z 62 + + 67 ; 86 K 50 k 93 + , 116 < 118 L 42 l 39 + - 74 = 110 M 123 m 37 + . 68 > 122 N 91 n 61 + / 87 ? 105 O 35 _ 56 o 48 + */ - char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, - 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, - 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, - 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, - 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, - 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62 - }; + char key[] = {0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62}; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -85,7 +79,7 @@ int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char return 3; } -void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_CVS, mysslport = PORT_CVS_SSL; @@ -100,11 +94,11 @@ void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -118,12 +112,12 @@ void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = start_cvs(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -136,13 +130,13 @@ void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -150,6 +144,7 @@ int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_cvs(const char* service) { - printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); +void usage_cvs(const char *service) { + printf("Module cvs is optionally taking the repository name to attack, " + "default is \"/root\"\n\n"); } diff --git a/hydra-firebird.c b/hydra-firebird.c index 1b5228b..4898c46 100644 --- a/hydra-firebird.c +++ b/hydra-firebird.c @@ -1,7 +1,7 @@ /* Firebird Support - by David Maciejak @ GMAIL dot com - + you need to pass full path to the fdb file as argument default account is SYSDBA/masterkey @@ -14,28 +14,26 @@ the msg: "no permission for direct access to security database" #include "hydra-mod.h" #ifndef LIBFIREBIRD -void dummy_firebird() { - printf("\n"); -} +void dummy_firebird() { printf("\n"); } #else -#include #include +#include #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb" extern char *HYDRA_EXIT; -int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char database[256]; char connection_string[1024]; - isc_db_handle db; /* database handle */ - ISC_STATUS_ARRAY status; /* status vector */ + isc_db_handle db; /* database handle */ + ISC_STATUS_ARRAY status; /* status vector */ - char *dpb = NULL; /* DB parameter buffer */ + char *dpb = NULL; /* DB parameter buffer */ short dpb_length = 0; if (miscptr) @@ -49,8 +47,8 @@ int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2); - if ((dpb = (char *) malloc(dpb_length)) == NULL) { + dpb_length = (short)(1 + strlen(login) + 2 + strlen(pass) + 2); + if ((dpb = (char *)malloc(dpb_length)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } @@ -86,7 +84,7 @@ int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, return 1; } -void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; @@ -95,9 +93,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -112,7 +109,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -122,7 +120,7 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_firebird(sock, ip, port, options, miscptr, fp); @@ -145,13 +143,13 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr #endif -int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -159,6 +157,8 @@ int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char return 0; } -void usage_firebird(const char* service) { - printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); +void usage_firebird(const char *service) { + printf("Module firebird is optionally taking the database path to attack,\n" + "default is \"C:\\Program " + "Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); } diff --git a/hydra-ftp.c b/hydra-ftp.c index 504c0bd..590d671 100644 --- a/hydra-ftp.c +++ b/hydra-ftp.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[510]; @@ -20,7 +20,8 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char buf = hydra_receive_line(s); if (buf == NULL) return 1; - /* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */ + /* special hack to identify 530 user unknown msg. suggested by + * Jean-Baptiste.BEAUFRETON@turbomeca.fr */ if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') { if (verbose) printf("[INFO] user %s does not exist, skipping\n", login); @@ -74,7 +75,7 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char return 2; } -void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) { +void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_FTP, mysslport = PORT_FTP_SSL; @@ -83,10 +84,10 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr hydra_child_exit(0); while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -100,12 +101,12 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } usleepn(250); buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (buf == NULL || buf[0] != '2') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); hydra_child_exit(2); @@ -120,7 +121,7 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr } free(buf); - //this mode is manually chosen, so if it fails we giving up + // this mode is manually chosen, so if it fails we giving up if (tls) { if (hydra_send(sock, "AUTH TLS\r\n", strlen("AUTH TLS\r\n"), 0) < 0) { hydra_child_exit(2); @@ -148,15 +149,15 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_ftp(sock, ip, port, options, miscptr, fp); break; - case 3: /* error exit */ + case 3: /* error exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); break; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -169,21 +170,17 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr } } -void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0); -} +void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0); } -void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1); -} +void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1); } -int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-gtk/src/callbacks.c b/hydra-gtk/src/callbacks.c index f586208..74c3d5e 100644 --- a/hydra-gtk/src/callbacks.c +++ b/hydra-gtk/src/callbacks.c @@ -1,7 +1,7 @@ /* * This file handles all that needs to be done... - * Some stuff is stolen from gcombust since I never used pipes... ok, i + * Some stuff is stolen from gcombust since I never used pipes... ok, i * only used them in reallife :) */ @@ -15,18 +15,17 @@ #include "interface.h" #include "support.h" -#include -#include +#include #include #include -#include +#include +#include #include #include #include -#include -#include #include +#include int hydra_pid = 0; @@ -37,16 +36,14 @@ char smbparm[128]; char sapr3id[4]; char passLoginNull[4]; - #define BUF_S 1024 -void hydra_select_file(GtkEntry * widget, char *text) { +void hydra_select_file(GtkEntry *widget, char *text) { #ifdef GTK_TYPE_FILE_CHOOSER GtkWidget *dialog; char *filename; - dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, - GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); @@ -70,7 +67,7 @@ int hydra_get_options(char *options[]) { /* get the port */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnPort"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); if (j != 0) { snprintf(port, 10, "%d", j); options[i++] = "-s"; @@ -79,107 +76,107 @@ int hydra_get_options(char *options[]) { /* prefer ipv6 */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkIPV6"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-6"; } /* use SSL? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkSSL"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-S"; } /* use old SSL? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkOldSSL"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-O"; } /* be verbose? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-v"; } /* show attempts */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkAttempts"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-V"; } /* debug mode? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkDebug"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-d"; } /* COMPLETE HELP */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkCompleteHelp"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-h"; } /* Service Module Usage Details */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkServiceDetails"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-U"; } /* use colon separated list? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkColon"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-C"; widget = lookup_widget(GTK_WIDGET(wndMain), "entColonFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else { /* disable usernames */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkDisUser"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { } else { /* get the username, or username list */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-l"; widget = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else { options[i++] = "-L"; widget = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } } /* get the pass, pass list, or generate */ /* The "generate" button was implemented by Petar Kaleychev */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-p"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPass"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-P"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-x"; widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } } /* empty passes / login as pass / reversed login? */ memset(passLoginNull, 0, 4); widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { passLoginNull[0] = 'n'; } widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassLogin"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { if (passLoginNull[0] == 0) { passLoginNull[0] = 's'; } else { @@ -188,7 +185,7 @@ int hydra_get_options(char *options[]) { } /* The "Try reversed login" button was implemented by Petar Kaleychev */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassReverse"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { if (passLoginNull[0] == 0) { passLoginNull[0] = 'r'; } else if (passLoginNull[1] == 0) { @@ -204,7 +201,7 @@ int hydra_get_options(char *options[]) { /* #of tasks */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnTasks"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); if (j != 40) { snprintf(tasks, 10, "%d", j); options[i++] = "-t"; @@ -213,7 +210,7 @@ int hydra_get_options(char *options[]) { /* timeout */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnTimeout"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); if (j != 30) { snprintf(timeout, 10, "%d", j); options[i++] = "-w"; @@ -222,56 +219,56 @@ int hydra_get_options(char *options[]) { /* loop around users? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkUsernameLoop"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-u"; } /* exit after first found pair? */ /* per host */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitf"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-f"; } /* global */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitF"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-F"; } /* Do not print messages about connection errors */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkNoErr"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-q"; } /* get additional parameters */ widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); - tmp = (char *) gtk_entry_get_text((GtkEntry *) widget); + tmp = (char *)gtk_entry_get_text((GtkEntry *)widget); if (!strncmp(tmp, "http-proxy", 10)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxyURL"); options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strncmp(tmp, "http-", 5) || !strncmp(tmp, "https-", 6)) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPURL"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "cisco-enable")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entCiscoPass"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "ldap3-crammd5")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "ldap3-digestmd5")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "smb")) { memset(smbparm, 0, sizeof(smbparm)); @@ -282,12 +279,12 @@ int hydra_get_options(char *options[]) { strncpy(smbparm, "Both", sizeof(smbparm)); smbparm[strlen("Both")] = '\0'; - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { strncpy(smbparm, "Domain", sizeof(smbparm)); smbparm[strlen("Domain")] = '\0'; } - if (gtk_toggle_button_get_active((GtkToggleButton *) widget2)) { - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget2)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { strncpy(smbparm, "Both", sizeof(smbparm)); smbparm[strlen("Both")] = '\0'; } else { @@ -296,7 +293,7 @@ int hydra_get_options(char *options[]) { } } widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { strcat(smbparm, "Hash"); } options[i++] = smbparm; @@ -307,18 +304,14 @@ int hydra_get_options(char *options[]) { options[i++] = smbparm; widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); - int pth = gtk_toggle_button_get_active((GtkToggleButton *) widget); + int pth = gtk_toggle_button_get_active((GtkToggleButton *)widget); widget = lookup_widget(GTK_WIDGET(wndMain), "entSMB2Workgroup"); - snprintf(smbparm, - sizeof(smbparm)-1, - "nthash:%s workgroup:{%s}", - pth ? "true" : "false", - (char *) gtk_entry_get_text((GtkEntry *) widget)); + snprintf(smbparm, sizeof(smbparm) - 1, "nthash:%s workgroup:{%s}", pth ? "true" : "false", (char *)gtk_entry_get_text((GtkEntry *)widget)); } else if (!strcmp(tmp, "sapr3")) { widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); snprintf(sapr3id, sizeof(sapr3id), "%d", j); options[i++] = "-m"; options[i++] = sapr3id; @@ -326,18 +319,18 @@ int hydra_get_options(char *options[]) { } else if (!strcmp(tmp, "cvs") || !strcmp(tmp, "svn")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entCVS"); options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "snmp")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entSNMP"); options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "telnet")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet"); - if ((char *) gtk_entry_get_text((GtkEntry *) widget) != NULL) { + if ((char *)gtk_entry_get_text((GtkEntry *)widget) != NULL) { options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } } @@ -349,45 +342,44 @@ int hydra_get_options(char *options[]) { /* proxy support */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy"); - if (!gtk_toggle_button_get_active((GtkToggleButton *) widget)) { - + if (!gtk_toggle_button_get_active((GtkToggleButton *)widget)) { widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy"); widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2"); /* which variable do we set? */ - if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *) widget))) { - setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *) widget2), 1); + if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *)widget))) { + setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *)widget2), 1); } else { - setenv("HYDRA_PROXY_CONNECT", (char *) gtk_entry_get_text((GtkEntry *) widget2), 1); + setenv("HYDRA_PROXY_CONNECT", (char *)gtk_entry_get_text((GtkEntry *)widget2), 1); } /* do we need to provide user and pass? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkProxyAuth"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entProxyUser"); widget2 = lookup_widget(GTK_WIDGET(wndMain), "entProxyPass"); - a = g_string_new((gchar *) gtk_entry_get_text((GtkEntry *) widget)); + a = g_string_new((gchar *)gtk_entry_get_text((GtkEntry *)widget)); a = g_string_append_c(a, ':'); - a = g_string_append(a, gtk_entry_get_text((GtkEntry *) widget2)); + a = g_string_append(a, gtk_entry_get_text((GtkEntry *)widget2)); setenv("HYDRA_PROXY_AUTH", a->str, 1); - (void) g_string_free(a, TRUE); + (void)g_string_free(a, TRUE); } } /* get the target, or target list */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioTarget1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entTarget"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else { options[i++] = "-M"; widget = lookup_widget(GTK_WIDGET(wndMain), "entTargetFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } /* get the service */ widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); options[i] = NULL; return i; @@ -404,12 +396,11 @@ int update_statusbar() { i = hydra_get_options(options); for (j = 1; j < i; j++) { - statustext = g_string_append(statustext, options[j]); statustext = g_string_append_c(statustext, ' '); } - statusbar = (GtkStatusbar *) lookup_widget(GTK_WIDGET(wndMain), "statusbar"); + statusbar = (GtkStatusbar *)lookup_widget(GTK_WIDGET(wndMain), "statusbar"); context_id = gtk_statusbar_get_context_id(statusbar, "status"); /* an old message in stack? */ @@ -417,9 +408,9 @@ int update_statusbar() { gtk_statusbar_remove(statusbar, context_id, message_id); } - message_id = gtk_statusbar_push(statusbar, context_id, (gchar *) statustext->str); + message_id = gtk_statusbar_push(statusbar, context_id, (gchar *)statustext->str); - (void) g_string_free(statustext, TRUE); + (void)g_string_free(statustext, TRUE); return TRUE; } @@ -443,11 +434,10 @@ int read_into(int fd) { } output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1); - if ((passline = strstr(in_buf, "password: ")) == NULL) { gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result); } else { @@ -465,15 +455,13 @@ int read_into(int fd) { if (end - in_buf - result > 0) { gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1); } - } - if (strstr(in_buf, " finished at ") != NULL) { gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "\n\n", -1, "bold", NULL); } - if (result == BUF_S - 1) /* there might be more available, recurse baby! */ + if (result == BUF_S - 1) /* there might be more available, recurse baby! */ return read_into(fd); else return TRUE; @@ -530,7 +518,6 @@ static int wait_hydra_output(gpointer data) { return TRUE; } - /* assumes a successfull pipe() won't set the fd's to -1 */ static void close_pipe(int *pipe) { if (-1 != pipe[0]) { @@ -550,8 +537,7 @@ static void close_pipe(int *pipe) { */ int *popen_re_unbuffered(char *command) { - static int p_r[2] = { -1, -1 }, p_e[2] = { - -1, -1}; + static int p_r[2] = {-1, -1}, p_e[2] = {-1, -1}; static int *pfd = NULL; char *options[128]; @@ -576,7 +562,7 @@ int *popen_re_unbuffered(char *command) { if ((hydra_pid = fork()) < 0) { g_warning("popen_rw_unbuffered: Error forking!"); return NULL; - } else if (hydra_pid == 0) { /* child */ + } else if (hydra_pid == 0) { /* child */ int k; if (setpgid(getpid(), getpid()) < 0) @@ -597,7 +583,7 @@ int *popen_re_unbuffered(char *command) { if (close(p_e[1]) < 0) g_warning("popen_rw_unbuffered: close(p_e[1]) failed"); - (void) hydra_get_options(options); + (void)hydra_get_options(options); execv(HYDRA_BIN, options); @@ -607,7 +593,7 @@ int *popen_re_unbuffered(char *command) { g_warning("%s", options[k]); } gtk_main_quit(); - } else { /* parent */ + } else { /* parent */ if (close(p_r[1]) < 0) g_warning("popen_rw_unbuffered: close(p_r[1]) (parent) failed"); if (close(p_e[1]) < 0) @@ -620,32 +606,25 @@ int *popen_re_unbuffered(char *command) { return pfd; } -void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) { - gtk_main_quit(); -} +void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data) { gtk_main_quit(); } +void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data) {} -void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) { - -} - -void on_btnStart_clicked(GtkButton * button, gpointer user_data) { +void on_btnStart_clicked(GtkButton *button, gpointer user_data) { int *fd = NULL; fd = popen_re_unbuffered(NULL); g_timeout_add(200, wait_hydra_output, fd); - } -void on_btnStop_clicked(GtkButton * button, gpointer user_data) { +void on_btnStop_clicked(GtkButton *button, gpointer user_data) { if (hydra_pid != 0) { kill(hydra_pid, SIGTERM); hydra_pid = 0; } } - -void on_wndMain_destroy(GtkObject * object, gpointer user_data) { +void on_wndMain_destroy(GtkObject *object, gpointer user_data) { if (hydra_pid != 0) { kill(hydra_pid, SIGTERM); hydra_pid = 0; @@ -653,35 +632,31 @@ void on_wndMain_destroy(GtkObject * object, gpointer user_data) { gtk_main_quit(); } - - -gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select target list"); +gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select target list"); gtk_widget_grab_focus(widget); return TRUE; } - -gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select username list"); +gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select username list"); gtk_widget_grab_focus(widget); return TRUE; } - -gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select password list"); +gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select password list"); gtk_widget_grab_focus(widget); return TRUE; } -gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select colon separated user,password list"); +gboolean on_entColonFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select colon separated user,password list"); gtk_widget_grab_focus(widget); return TRUE; } -void on_btnSave_clicked(GtkButton * button, gpointer user_data) { +void on_btnSave_clicked(GtkButton *button, gpointer user_data) { #ifdef GTK_TYPE_FILE_CHOOSER GtkWidget *dialog; char *filename; @@ -692,13 +667,12 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) { GtkTextIter start; GtkTextIter end; - dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, - GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_get_start_iter(outputbuf, &start); gtk_text_buffer_get_end_iter(outputbuf, &end); @@ -716,10 +690,11 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) { #endif } -void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { +void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data) { GtkWidget *user, *pass; - user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");; + user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername"); + ; pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass"); if (gtk_toggle_button_get_active(togglebutton)) { @@ -731,10 +706,11 @@ void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { } } -void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) { +void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data) { GtkWidget *radioUsername1, *radioUsername2, *entUsername, *entUsernameFile; - radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");; + radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1"); + ; radioUsername2 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername2"); entUsername = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); entUsernameFile = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); @@ -752,11 +728,11 @@ void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) { } } -void on_btnClear_clicked(GtkButton * button, gpointer user_data) { +void on_btnClear_clicked(GtkButton *button, gpointer user_data) { GtkWidget *output; GtkTextBuffer *outputbuf; output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_set_text(outputbuf, "", -1); } diff --git a/hydra-gtk/src/callbacks.h b/hydra-gtk/src/callbacks.h index dd213fa..3b92c42 100644 --- a/hydra-gtk/src/callbacks.h +++ b/hydra-gtk/src/callbacks.h @@ -2,28 +2,28 @@ int update_statusbar(); -void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data); +void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data); -void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data); +void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data); -void on_btnStart_clicked(GtkButton * button, gpointer user_data); +void on_btnStart_clicked(GtkButton *button, gpointer user_data); -void on_wndMain_destroy(GtkObject * object, gpointer user_data); +void on_wndMain_destroy(GtkObject *object, gpointer user_data); -void on_btnStop_clicked(GtkButton * button, gpointer user_data); +void on_btnStop_clicked(GtkButton *button, gpointer user_data); -gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -void on_btnSave_clicked(GtkButton * button, gpointer user_data); +void on_btnSave_clicked(GtkButton *button, gpointer user_data); -gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entColonFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data); +void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data); -void on_btnClear_clicked(GtkButton * button, gpointer user_data); +void on_btnClear_clicked(GtkButton *button, gpointer user_data); -void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data); +void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data); diff --git a/hydra-gtk/src/interface.c b/hydra-gtk/src/interface.c index 7c002dc..e6262e1 100644 --- a/hydra-gtk/src/interface.c +++ b/hydra-gtk/src/interface.c @@ -7,13 +7,13 @@ #include #endif -#include #include +#include #ifdef HAVE_UNISTD_H #include #endif -#include #include +#include #include #include @@ -22,12 +22,9 @@ #include "interface.h" #include "support.h" -#define GLADE_HOOKUP_OBJECT(component,widget,name) \ - g_object_set_data_full (G_OBJECT (component), name, \ - gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref) +#define GLADE_HOOKUP_OBJECT(component, widget, name) g_object_set_data_full(G_OBJECT(component), name, gtk_widget_ref(widget), (GDestroyNotify)gtk_widget_unref) -#define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \ - g_object_set_data (G_OBJECT (component), name, widget) +#define GLADE_HOOKUP_OBJECT_NO_REF(component, widget, name) g_object_set_data(G_OBJECT(component), name, widget) GtkWidget *create_wndMain(void) { GtkWidget *wndMain; @@ -224,7 +221,7 @@ GtkWidget *create_wndMain(void) { g_object_set_data(G_OBJECT(GTK_COMBO(cmbProtocol)->popwin), "GladeParentKey", cmbProtocol); gtk_widget_set_name(cmbProtocol, "cmbProtocol"); gtk_widget_show(cmbProtocol); - gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "adam6500"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk"); @@ -299,53 +296,52 @@ GtkWidget *create_wndMain(void) { label7 = gtk_label_new("Protocol"); gtk_widget_set_name(label7, "label7"); gtk_widget_show(label7); - gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label7), 0, 0.5); spnPort_adj = gtk_adjustment_new(0, 0, 65535, 1, 10, 0); spnPort = gtk_spin_button_new(GTK_ADJUSTMENT(spnPort_adj), 1, 0); gtk_widget_set_name(spnPort, "spnPort"); gtk_widget_show(spnPort); - gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnPort, "select the port on which the daemon you want to brute force runs, 0 means default", NULL); label6 = gtk_label_new("Port"); gtk_widget_set_name(label6, "label6"); gtk_widget_show(label6); - gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5); - chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6"); gtk_widget_set_name(chkIPV6, "chkIPV6"); gtk_widget_show(chkIPV6); - gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkIPV6, "Enable to use IPV6", NULL); radioTarget2 = gtk_radio_button_new_with_mnemonic(NULL, "Target List"); gtk_widget_set_name(radioTarget2, "radioTarget2"); gtk_widget_show(radioTarget2); - gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget2), radioTarget2_group); radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget2)); entTargetFile = gtk_entry_new(); gtk_widget_set_name(entTargetFile, "entTargetFile"); gtk_widget_show(entTargetFile); - gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entTargetFile, "A file which contains the targets to attack. One entry per line. IP\naddresses and/or DNS names.", NULL); entTarget = gtk_entry_new(); gtk_widget_set_name(entTarget, "entTarget"); gtk_widget_show(entTarget); - gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entTarget, "The target to attack - DNS name or IP address", NULL); gtk_entry_set_text(GTK_ENTRY(entTarget), "127.0.0.1"); radioTarget1 = gtk_radio_button_new_with_mnemonic(NULL, "Single Target"); gtk_widget_set_name(radioTarget1, "radioTarget1"); gtk_widget_show(radioTarget1); - gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget1), radioTarget2_group); radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioTarget1), TRUE); @@ -368,50 +364,44 @@ GtkWidget *create_wndMain(void) { chkVerbose = gtk_check_button_new_with_mnemonic("Be Verbose"); gtk_widget_set_name(chkVerbose, "chkVerbose"); gtk_widget_show(chkVerbose); - gtk_table_attach(GTK_TABLE(table9), chkVerbose, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkVerbose, 2, 3, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkVerbose, "be verbose", NULL); chkDebug = gtk_check_button_new_with_mnemonic("Debug"); gtk_widget_set_name(chkDebug, "chkDebug"); gtk_widget_show(chkDebug); - gtk_table_attach(GTK_TABLE(table9), chkDebug, 2, 3, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkDebug, 2, 3, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkDebug, "Enable debug mode", NULL); chkAttempts = gtk_check_button_new_with_mnemonic("Show Attempts"); gtk_widget_set_name(chkAttempts, "chkAttempts"); gtk_widget_show(chkAttempts); - gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkAttempts, "Show attempts", NULL); chkSSL = gtk_check_button_new_with_mnemonic("Use SSL"); gtk_widget_set_name(chkSSL, "chkSSL"); gtk_widget_show(chkSSL); - gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!)", NULL); - chkServiceDetails = gtk_check_button_new_with_mnemonic ("Service Module Usage Details"); - gtk_widget_set_name (chkServiceDetails, "chkServiceDetails"); - gtk_widget_show (chkServiceDetails); - gtk_table_attach (GTK_TABLE (table9), chkServiceDetails, 2, 3, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkServiceDetails, "Service Module Usage Details", NULL); + chkServiceDetails = gtk_check_button_new_with_mnemonic("Service Module Usage Details"); + gtk_widget_set_name(chkServiceDetails, "chkServiceDetails"); + gtk_widget_show(chkServiceDetails); + gtk_table_attach(GTK_TABLE(table9), chkServiceDetails, 2, 3, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkServiceDetails, "Service Module Usage Details", NULL); - chkCompleteHelp = gtk_check_button_new_with_mnemonic ("COMPLETE HELP"); - gtk_widget_set_name (chkCompleteHelp, "chkCompleteHelp"); - gtk_widget_show (chkCompleteHelp); - gtk_table_attach (GTK_TABLE (table9), chkCompleteHelp, 0, 2, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkCompleteHelp, "Complete Help", NULL); + chkCompleteHelp = gtk_check_button_new_with_mnemonic("COMPLETE HELP"); + gtk_widget_set_name(chkCompleteHelp, "chkCompleteHelp"); + gtk_widget_show(chkCompleteHelp); + gtk_table_attach(GTK_TABLE(table9), chkCompleteHelp, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkCompleteHelp, "Complete Help", NULL); - chkOldSSL = gtk_check_button_new_with_mnemonic ("Use old SSL"); - gtk_widget_set_name (chkOldSSL, "chkOldSSL"); - gtk_widget_show (chkOldSSL); - gtk_table_attach (GTK_TABLE (table9), chkOldSSL, 1, 2, 0, 1, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkOldSSL, "Enable to use old SSL (the target must have SSL enabled!)", NULL); + chkOldSSL = gtk_check_button_new_with_mnemonic("Use old SSL"); + gtk_widget_set_name(chkOldSSL, "chkOldSSL"); + gtk_widget_show(chkOldSSL); + gtk_table_attach(GTK_TABLE(table9), chkOldSSL, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkOldSSL, "Enable to use old SSL (the target must have SSL enabled!)", NULL); label29 = gtk_label_new("Output Options"); gtk_widget_set_name(label29, "label29"); @@ -441,20 +431,20 @@ GtkWidget *create_wndMain(void) { entUsernameFile = gtk_entry_new(); gtk_widget_set_name(entUsernameFile, "entUsernameFile"); gtk_widget_show(entUsernameFile); - gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entUsernameFile, "File with user logins, one entry per line", NULL); entUsername = gtk_entry_new(); gtk_widget_set_name(entUsername, "entUsername"); gtk_widget_show(entUsername); - gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entUsername, "The login to use", NULL); gtk_entry_set_text(GTK_ENTRY(entUsername), "yourname"); radioUsername1 = gtk_radio_button_new_with_mnemonic(NULL, "Username"); gtk_widget_set_name(radioUsername1, "radioUsername1"); gtk_widget_show(radioUsername1); - gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername1), radioUsername1_group); radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioUsername1), TRUE); @@ -462,20 +452,20 @@ GtkWidget *create_wndMain(void) { radioUsername2 = gtk_radio_button_new_with_mnemonic(NULL, "Username List"); gtk_widget_set_name(radioUsername2, "radioUsername2"); gtk_widget_show(radioUsername2); - gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername2), radioUsername1_group); radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername2)); chkUsernameLoop = gtk_check_button_new_with_mnemonic("Loop around users"); gtk_widget_set_name(chkUsernameLoop, "chkUsernameLoop"); gtk_widget_show(chkUsernameLoop); - gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkUsernameLoop, "Enable this option to loop around users not passwords", NULL); chkDisUser = gtk_check_button_new_with_mnemonic("Protocol does not require usernames"); gtk_widget_set_name(chkDisUser, "chkDisUser"); gtk_widget_show(chkDisUser); - gtk_table_attach(GTK_TABLE (table2), chkDisUser, 1, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table2), chkDisUser, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkDisUser, "Protocols like Cisco, Cisco enable, redis, Oracle listener, SNMP, S7-300, VNC etc. are not using usernames", NULL); label8 = gtk_label_new("Username"); @@ -488,7 +478,7 @@ GtkWidget *create_wndMain(void) { gtk_widget_show(frmPass); gtk_box_pack_start(GTK_BOX(vbox2), frmPass, TRUE, TRUE, 0); - table3 = gtk_table_new (3, 2, FALSE); + table3 = gtk_table_new(3, 2, FALSE); gtk_widget_set_name(table3, "table3"); gtk_widget_show(table3); gtk_container_add(GTK_CONTAINER(frmPass), table3); @@ -496,20 +486,20 @@ GtkWidget *create_wndMain(void) { entPassFile = gtk_entry_new(); gtk_widget_set_name(entPassFile, "entPassFile"); gtk_widget_show(entPassFile); - gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entPassFile, "File with passwords to try, one entry per line", NULL); entPass = gtk_entry_new(); gtk_widget_set_name(entPass, "entPass"); gtk_widget_show(entPass); - gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entPass, "The password to try", NULL); gtk_entry_set_text(GTK_ENTRY(entPass), "yourpass"); radioPass1 = gtk_radio_button_new_with_mnemonic(NULL, "Password"); gtk_widget_set_name(radioPass1, "radioPass1"); gtk_widget_show(radioPass1); - gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass1), radioPass1_group); radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioPass1), TRUE); @@ -517,26 +507,22 @@ GtkWidget *create_wndMain(void) { radioPass2 = gtk_radio_button_new_with_mnemonic(NULL, "Password List"); gtk_widget_set_name(radioPass2, "radioPass2"); gtk_widget_show(radioPass2); - gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass2), radioPass1_group); radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass2)); - radioGenerate = gtk_radio_button_new_with_mnemonic (NULL, "Generate"); - gtk_widget_set_name (radioGenerate, "radioGenerate"); - gtk_widget_show (radioGenerate); - gtk_table_attach (GTK_TABLE (table3), radioGenerate, 0, 1, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); - gtk_radio_button_set_group (GTK_RADIO_BUTTON (radioGenerate), radioPass1_group); - radioPass1_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (radioGenerate)); + radioGenerate = gtk_radio_button_new_with_mnemonic(NULL, "Generate"); + gtk_widget_set_name(radioGenerate, "radioGenerate"); + gtk_widget_show(radioGenerate); + gtk_table_attach(GTK_TABLE(table3), radioGenerate, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioGenerate), radioPass1_group); + radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioGenerate)); - entGeneration = gtk_entry_new (); - gtk_widget_set_name (entGeneration, "entGeneration"); - gtk_widget_show (entGeneration); - gtk_table_attach (GTK_TABLE (table3), entGeneration, 1, 2, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); - gtk_tooltips_set_tip (tooltips, entGeneration, "Generate passwords", NULL); - gtk_entry_set_text (GTK_ENTRY (entGeneration), "1:1:a"); + entGeneration = gtk_entry_new(); + gtk_widget_set_name(entGeneration, "entGeneration"); + gtk_widget_show(entGeneration); + gtk_table_attach(GTK_TABLE(table3), entGeneration, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entGeneration, "Generate passwords", NULL); + gtk_entry_set_text(GTK_ENTRY(entGeneration), "1:1:a"); labelpass = gtk_label_new("Password"); gtk_widget_set_name(labelpass, "labelpass"); @@ -556,13 +542,13 @@ GtkWidget *create_wndMain(void) { chkColon = gtk_check_button_new_with_mnemonic("Use Colon separated file"); gtk_widget_set_name(chkColon, "chkColon"); gtk_widget_show(chkColon); - gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkColon, "Enable this option to use a colon file for login/password attempts", NULL); entColonFile = gtk_entry_new(); gtk_widget_set_name(entColonFile, "entColonFile"); gtk_widget_show(entColonFile); - gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entColonFile, "The colon file to use, each line has to be structured like \"mylogin:mypass\"", NULL); label20 = gtk_label_new("Colon separated file"); @@ -578,21 +564,21 @@ GtkWidget *create_wndMain(void) { chkPassLogin = gtk_check_button_new_with_mnemonic("Try login as password"); gtk_widget_set_name(chkPassLogin, "chkPassLogin"); gtk_widget_show(chkPassLogin); - gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkPassLogin, "Enable this option to try the login as password, in addition to the password/file", NULL); chkPassNull = gtk_check_button_new_with_mnemonic("Try empty password"); gtk_widget_set_name(chkPassNull, "chkPassNull"); gtk_widget_show(chkPassNull); - gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkPassNull, "Enable this option to try an empty password, in addition to the password/file", NULL); - chkPassReverse = gtk_check_button_new_with_mnemonic ("Try reversed login"); - gtk_widget_set_name (chkPassReverse, "chkPassReverse"); - gtk_widget_show (chkPassReverse); - gtk_table_attach (GTK_TABLE (table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL); - + chkPassReverse = gtk_check_button_new_with_mnemonic("Try reversed login"); + gtk_widget_set_name(chkPassReverse, "chkPassReverse"); + gtk_widget_show(chkPassReverse); + gtk_table_attach(GTK_TABLE(table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL); + label2 = gtk_label_new("Passwords"); gtk_widget_set_name(label2, "label2"); gtk_widget_show(label2); @@ -606,7 +592,7 @@ GtkWidget *create_wndMain(void) { frame9 = gtk_frame_new(NULL); gtk_widget_set_name(frame9, "frame9"); gtk_widget_show(frame9); - gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0); + gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0); table7 = gtk_table_new(5, 2, FALSE); gtk_widget_set_name(table7, "table7"); @@ -616,58 +602,58 @@ GtkWidget *create_wndMain(void) { label22 = gtk_label_new("Proxy "); gtk_widget_set_name(label22, "label22"); gtk_widget_show(label22); - gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label22), 0, 0.5); entHTTPProxy = gtk_entry_new(); gtk_widget_set_name(entHTTPProxy, "entHTTPProxy"); gtk_widget_show(entHTTPProxy); - gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entHTTPProxy, "The address of the proxy. Syntax: \"http://123.45.67.89:8080\"", NULL); gtk_entry_set_text(GTK_ENTRY(entHTTPProxy), "http://127.0.0.1:8080"); chkProxyAuth = gtk_check_button_new_with_mnemonic("Proxy needs authentication"); gtk_widget_set_name(chkProxyAuth, "chkProxyAuth"); gtk_widget_show(chkProxyAuth); - gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkProxyAuth, "Enable this if the proxy requires authenticatio", NULL); label23 = gtk_label_new("Username"); gtk_widget_set_name(label23, "label23"); gtk_widget_show(label23); - gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label23), 0, 0.5); entProxyUser = gtk_entry_new(); gtk_widget_set_name(entProxyUser, "entProxyUser"); gtk_widget_show(entProxyUser); - gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entProxyUser, "The user name for proxy authentication", NULL); gtk_entry_set_text(GTK_ENTRY(entProxyUser), "yourname"); label24 = gtk_label_new("Password"); gtk_widget_set_name(label24, "label24"); gtk_widget_show(label24); - gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label24), 0, 0.5); entProxyPass = gtk_entry_new(); gtk_widget_set_name(entProxyPass, "entProxyPass"); gtk_widget_show(entProxyPass); - gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entProxyPass, "The password for proxy authentication", NULL); gtk_entry_set_text(GTK_ENTRY(entProxyPass), "yourpass"); label26 = gtk_label_new(""); gtk_widget_set_name(label26, "label26"); gtk_widget_show(label26); - gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (0), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions)(GTK_FILL), (GtkAttachOptions)(0), 0, 0); gtk_misc_set_alignment(GTK_MISC(label26), 0, 0.5); hbox3 = gtk_hbox_new(FALSE, 0); gtk_widget_set_name(hbox3, "hbox3"); gtk_widget_show(hbox3); - gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_FILL), 0, 0); radioProxy = gtk_radio_button_new_with_mnemonic(NULL, "No Proxy"); gtk_widget_set_name(radioProxy, "radioProxy"); @@ -701,7 +687,7 @@ GtkWidget *create_wndMain(void) { frame13 = gtk_frame_new(NULL); gtk_widget_set_name(frame13, "frame13"); gtk_widget_show(frame13); - gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions)(GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_FILL), 0, 0); table10 = gtk_table_new(5, 2, FALSE); gtk_widget_set_name(table10, "table10"); @@ -711,50 +697,46 @@ GtkWidget *create_wndMain(void) { chkExitf = gtk_check_button_new_with_mnemonic("Exit after first found pair (per host)"); gtk_widget_set_name(chkExitf, "chkExitf"); gtk_widget_show(chkExitf); - gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkExitf, "Enable this to stop all attacking processes once a valid login/password pair is found (per host)", NULL); spnTimeout_adj = gtk_adjustment_new(30, 0, 295, 1, 10, 0); spnTimeout = gtk_spin_button_new(GTK_ADJUSTMENT(spnTimeout_adj), 1, 0); gtk_widget_set_name(spnTimeout, "spnTimeout"); gtk_widget_show(spnTimeout); - gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnTimeout, "The maximum timeout an attack process is waiting for a response from the target", NULL); spnTasks_adj = gtk_adjustment_new(16, 0, 128, 1, 10, 0); spnTasks = gtk_spin_button_new(GTK_ADJUSTMENT(spnTasks_adj), 1, 0); gtk_widget_set_name(spnTasks, "spnTasks"); gtk_widget_show(spnTasks); - gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnTasks, "The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice", NULL); label32 = gtk_label_new("Timeout"); gtk_widget_set_name(label32, "label32"); gtk_widget_show(label32); - gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label32), 0, 0.5); label31 = gtk_label_new("Number of Tasks"); gtk_widget_set_name(label31, "label31"); gtk_widget_show(label31); - gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label31), 0, 0.5); - chkExitF = gtk_check_button_new_with_mnemonic ("Exit after first found pair (global)"); - gtk_widget_set_name (chkExitF, "chkExitF"); - gtk_widget_show (chkExitF); - gtk_table_attach (GTK_TABLE (table10), chkExitF, 0, 2, 3, 4, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL); + chkExitF = gtk_check_button_new_with_mnemonic("Exit after first found pair (global)"); + gtk_widget_set_name(chkExitF, "chkExitF"); + gtk_widget_show(chkExitF); + gtk_table_attach(GTK_TABLE(table10), chkExitF, 0, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL); - chkNoErr = gtk_check_button_new_with_mnemonic ("Do not print messages about connection errors"); - gtk_widget_set_name (chkNoErr, "chkNoErr"); - gtk_widget_show (chkNoErr); - gtk_table_attach (GTK_TABLE (table10), chkNoErr, 0, 2, 4, 5, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkNoErr, "Do not print messages about connection errors", NULL); + chkNoErr = gtk_check_button_new_with_mnemonic("Do not print messages about connection errors"); + gtk_widget_set_name(chkNoErr, "chkNoErr"); + gtk_widget_show(chkNoErr); + gtk_table_attach(GTK_TABLE(table10), chkNoErr, 0, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkNoErr, "Do not print messages about connection errors", NULL); label30 = gtk_label_new("Performance Options"); gtk_widget_set_name(label30, "label30"); @@ -1038,18 +1020,18 @@ GtkWidget *create_wndMain(void) { gtk_widget_show(statusbar); gtk_box_pack_start(GTK_BOX(vbox1), statusbar, FALSE, FALSE, 0); - g_signal_connect((gpointer) wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL); - g_signal_connect((gpointer) quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL); - g_signal_connect((gpointer) entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL); - g_signal_connect((gpointer) entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL); - g_signal_connect((gpointer) chkDisUser, "toggled", G_CALLBACK (on_chkDisUser_toggled), NULL); - g_signal_connect((gpointer) entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL); - g_signal_connect((gpointer) chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL); - g_signal_connect((gpointer) entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL); - g_signal_connect((gpointer) btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL); - g_signal_connect((gpointer) btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL); - g_signal_connect((gpointer) btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL); - g_signal_connect((gpointer) btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL); + g_signal_connect((gpointer)wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL); + g_signal_connect((gpointer)quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL); + g_signal_connect((gpointer)entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL); + g_signal_connect((gpointer)entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL); + g_signal_connect((gpointer)chkDisUser, "toggled", G_CALLBACK(on_chkDisUser_toggled), NULL); + g_signal_connect((gpointer)entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL); + g_signal_connect((gpointer)chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL); + g_signal_connect((gpointer)entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL); + g_signal_connect((gpointer)btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL); + g_signal_connect((gpointer)btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL); + g_signal_connect((gpointer)btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL); + g_signal_connect((gpointer)btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL); /* Store pointers to all widgets, for use by lookup_widget(). */ GLADE_HOOKUP_OBJECT_NO_REF(wndMain, wndMain, "wndMain"); @@ -1090,7 +1072,7 @@ GtkWidget *create_wndMain(void) { GLADE_HOOKUP_OBJECT(wndMain, radioUsername1, "radioUsername1"); GLADE_HOOKUP_OBJECT(wndMain, chkUsernameLoop, "chkUsernameLoop"); GLADE_HOOKUP_OBJECT(wndMain, radioUsername2, "radioUsername2"); - GLADE_HOOKUP_OBJECT (wndMain, chkDisUser, "chkDisUser"); + GLADE_HOOKUP_OBJECT(wndMain, chkDisUser, "chkDisUser"); GLADE_HOOKUP_OBJECT(wndMain, label8, "label8"); GLADE_HOOKUP_OBJECT(wndMain, frmPass, "frmPass"); GLADE_HOOKUP_OBJECT(wndMain, table3, "table3"); diff --git a/hydra-gtk/src/main.c b/hydra-gtk/src/main.c index 931493b..03c5f21 100644 --- a/hydra-gtk/src/main.c +++ b/hydra-gtk/src/main.c @@ -8,17 +8,16 @@ #include #endif -#include -#include +#include "callbacks.h" #include "interface.h" #include "support.h" -#include "callbacks.h" +#include +#include char *hydra_path1 = "./hydra"; char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra"; - int main(int argc, char *argv[]) { extern GtkWidget *wndMain; int i; @@ -60,7 +59,6 @@ int main(int argc, char *argv[]) { wndMain = create_wndMain(); gtk_widget_show(wndMain); - /* if we can't use the new cool file chooser, the save button gets disabled */ #ifndef GTK_TYPE_FILE_CHOOSER GtkWidget *btnSave; @@ -69,13 +67,12 @@ int main(int argc, char *argv[]) { gtk_widget_set_sensitive(btnSave, FALSE); #endif - /* update the statusbar every now and then */ g_timeout_add(600, update_statusbar, NULL); /* we want bold text in the output window */ output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_create_tag(outputbuf, "bold", "weight", PANGO_WEIGHT_BOLD, NULL); /* he ho, lets go! */ diff --git a/hydra-gtk/src/support.c b/hydra-gtk/src/support.c index 22a1a3a..96d5e17 100644 --- a/hydra-gtk/src/support.c +++ b/hydra-gtk/src/support.c @@ -7,17 +7,17 @@ #include #endif -#include -#include -#include -#include #include +#include +#include +#include +#include #include #include "support.h" -GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { +GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name) { GtkWidget *parent, *found_widget; for (;;) { @@ -26,13 +26,13 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { else parent = widget->parent; if (!parent) - parent = (GtkWidget *) g_object_get_data(G_OBJECT(widget), "GladeParentKey"); + parent = (GtkWidget *)g_object_get_data(G_OBJECT(widget), "GladeParentKey"); if (parent == NULL) break; widget = parent; } - found_widget = (GtkWidget *) g_object_get_data(G_OBJECT(widget), widget_name); + found_widget = (GtkWidget *)g_object_get_data(G_OBJECT(widget), widget_name); if (!found_widget) g_warning("Widget not found: %s", widget_name); return found_widget; @@ -41,19 +41,16 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { static GList *pixmaps_directories = NULL; /* Use this function to set the directory containing installed pixmaps. */ -void add_pixmap_directory(const gchar * directory) { - pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); -} +void add_pixmap_directory(const gchar *directory) { pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); } /* This is an internally used function to find pixmap files. */ -static gchar *find_pixmap_file(const gchar * filename) { +static gchar *find_pixmap_file(const gchar *filename) { GList *elem; /* We step through each of the pixmaps directory to find it. */ elem = pixmaps_directories; while (elem) { - gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data, - G_DIR_SEPARATOR_S, filename); + gchar *pathname = g_strdup_printf("%s%s%s", (gchar *)elem->data, G_DIR_SEPARATOR_S, filename); if (g_file_test(pathname, G_FILE_TEST_EXISTS)) return pathname; @@ -64,7 +61,7 @@ static gchar *find_pixmap_file(const gchar * filename) { } /* This is an internally used function to create pixmaps. */ -GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) { +GtkWidget *create_pixmap(GtkWidget *widget, const gchar *filename) { gchar *pathname = NULL; GtkWidget *pixmap; @@ -84,7 +81,7 @@ GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) { } /* This is an internally used function to create pixmaps. */ -GdkPixbuf *create_pixbuf(const gchar * filename) { +GdkPixbuf *create_pixbuf(const gchar *filename) { gchar *pathname = NULL; GdkPixbuf *pixbuf; GError *error = NULL; @@ -109,7 +106,7 @@ GdkPixbuf *create_pixbuf(const gchar * filename) { } /* This is used to set ATK action descriptions. */ -void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description) { +void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description) { gint n_actions, i; n_actions = atk_action_get_n_actions(action); diff --git a/hydra-gtk/src/support.h b/hydra-gtk/src/support.h index 4fc185d..bd88545 100644 --- a/hydra-gtk/src/support.h +++ b/hydra-gtk/src/support.h @@ -19,26 +19,23 @@ * or alternatively any widget in the component, and the name of the widget * you want returned. */ -GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name); - +GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name); /* Use this function to set the directory containing installed pixmaps. */ -void add_pixmap_directory(const gchar * directory); - +void add_pixmap_directory(const gchar *directory); /* * Private Functions. */ /* This is used to create the pixmaps used in the interface. */ -GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename); +GtkWidget *create_pixmap(GtkWidget *widget, const gchar *filename); /* This is used to create the pixbufs used in the interface. */ -GdkPixbuf *create_pixbuf(const gchar * filename); +GdkPixbuf *create_pixbuf(const gchar *filename); /* This is used to set ATK action descriptions. */ -void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description); - +void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description); GtkWidget *wndMain; char *HYDRA_BIN; diff --git a/hydra-http-form.c b/hydra-http-form.c index 80b141a..324fe6a 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -45,7 +45,8 @@ rewritten by David Maciejak Fix and issue with strtok use and implement 1 step location follow if HTTP 3xx code is returned (david dot maciejak at gmail dot com) -Added fail or success condition, getting cookies, and allow 5 redirections by david +Added fail or success condition, getting cookies, and allow 5 redirections by +david */ @@ -80,15 +81,15 @@ char cookie[4096] = "", cmiscptr[1024]; int32_t webport, freemischttpform = 0; char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "", *url, *variables, *optional1; -#define MAX_REDIRECT 8 -#define MAX_CONTENT_LENGTH 20 -#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 +#define MAX_REDIRECT 8 +#define MAX_CONTENT_LENGTH 20 +#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; int32_t redirected_flag = 0; int32_t redirected_cpt = MAX_REDIRECT; -char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers +char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers /* * Function to perform some initial setup. @@ -98,7 +99,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr); /* * Returns 1 if specified header exists, or 0 otherwise. */ -ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, char type) { +ptr_header_node header_exists(ptr_header_node *ptr_head, char *header_name, char type) { ptr_header_node cur_ptr = *ptr_head, found_header = NULL; for (cur_ptr = *ptr_head; cur_ptr && !found_header; cur_ptr = cur_ptr->next) @@ -118,7 +119,7 @@ char *strndup(const char *s, size_t n) { if (n < len) len = n; - result = (char *) malloc(len + 1); + result = (char *)malloc(len + 1); if (!result) return 0; @@ -128,8 +129,8 @@ char *strndup(const char *s, size_t n) { } #endif -int32_t append_cookie(char *name, char *value, ptr_cookie_node * last_cookie) { - ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node)); +int32_t append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) { + ptr_cookie_node new_ptr = (ptr_cookie_node)malloc(sizeof(t_cookie_node)); if (!new_ptr) return 0; @@ -149,13 +150,13 @@ int32_t append_cookie(char *name, char *value, ptr_cookie_node * last_cookie) { char *stringify_cookies(ptr_cookie_node ptr_cookie) { ptr_cookie_node cur_ptr = NULL; uint32_t length = 1; - char *cookie_hdr = (char *) malloc(length); + char *cookie_hdr = (char *)malloc(length); if (cookie_hdr) { memset(cookie_hdr, 0, length); for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { length += 2 + strlen(cur_ptr->name) + strlen(cur_ptr->value); - cookie_hdr = (char *) realloc(cookie_hdr, length); + cookie_hdr = (char *)realloc(cookie_hdr, length); if (cookie_hdr) { strcat(cookie_hdr, cur_ptr->name); strcat(cookie_hdr, "="); @@ -187,7 +188,7 @@ success: * +--------+ * Returns 1 if success, or 0 otherwise. */ -int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) { +int32_t add_or_update_cookie(ptr_cookie_node *ptr_cookie, char *cookie_expr) { ptr_cookie_node cur_ptr = NULL; char *cookie_name = NULL, *cookie_value = strstr(cookie_expr, "="); @@ -195,7 +196,8 @@ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) { cookie_name = strndup(cookie_expr, cookie_value - cookie_expr); cookie_value = strdup(cookie_value + 1); - // we've got the cookie's name and value, now it's time to insert or update the list + // we've got the cookie's name and value, now it's time to insert or update + // the list if (*ptr_cookie == NULL) { // no cookies append_cookie(cookie_name, cookie_value, ptr_cookie); @@ -203,7 +205,7 @@ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) { for (cur_ptr = *ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { if (strcmp(cur_ptr->name, cookie_name) == 0) { free(cur_ptr->value); // free old value - free(cookie_name); // we already have it + free(cookie_name); // we already have it cur_ptr->value = cookie_value; break; } @@ -218,7 +220,7 @@ int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) { return 1; } -int32_t process_cookies(ptr_cookie_node * ptr_cookie, char *cookie_expr) { +int32_t process_cookies(ptr_cookie_node *ptr_cookie, char *cookie_expr) { char *tok = NULL; char *expr = strdup(cookie_expr); int32_t res = 0; @@ -252,32 +254,29 @@ int32_t process_cookies(ptr_cookie_node * ptr_cookie, char *cookie_expr) { * * Returns 1 if success, or 0 otherwise (out of memory). */ -int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char type) { +int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type) { ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; // get to the last header - for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next); + for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next) + ; char *new_header = strdup(header); char *new_value = strdup(value); if (new_header && new_value) { - if ((type == HEADER_TYPE_USERHEADER) || - (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || - (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) || - (type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) - ) { + if ((type == HEADER_TYPE_USERHEADER) || (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) || (type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) { /* * We are in one of the following scenarios: * 1. A default header with no user-supplied headers that replace it. * 2. A user-supplied header that must be appended (option 'h'). - * 3. A user-supplied header that must replace a default header (option 'h'), - * but no default headers exist with that name. + * 3. A user-supplied header that must replace a default header + * (option 'h'), but no default headers exist with that name. * * In either case we just add the header to the list. */ - new_ptr = (ptr_header_node) malloc(sizeof(t_header_node)); + new_ptr = (ptr_header_node)malloc(sizeof(t_header_node)); if (!new_ptr) { free(new_header); free(new_value); @@ -321,7 +320,7 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) { - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue) + 1); + cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(newvalue) + 1); if (cur_ptr->value) strcpy(cur_ptr->value, newvalue); else { @@ -340,7 +339,7 @@ void hdrrepv(ptr_header_node *ptr_head, char *hdrname, char *new_value) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0) { - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value) + 1); + cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(new_value) + 1); if (cur_ptr->value) strcpy(cur_ptr->value, new_value); else { @@ -351,7 +350,7 @@ void hdrrepv(ptr_header_node *ptr_head, char *hdrname, char *new_value) { } } -void cleanup(ptr_header_node * ptr_head) { +void cleanup(ptr_header_node *ptr_head) { ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr; while (next_ptr != NULL) { @@ -375,7 +374,7 @@ char *stringify_headers(ptr_header_node *ptr_head) { for (; cur_ptr; cur_ptr = cur_ptr->next) ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4; - headers_str = (char *) malloc(ttl_size + 1); + headers_str = (char *)malloc(ttl_size + 1); if (headers_str) { memset(headers_str, 0, ttl_size + 1); @@ -402,8 +401,8 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { */ while (*miscptr != 0) { switch (miscptr[0]) { - case 'a': // fall through - case 'A': // only for http, not http-form! + case 'a': // fall through + case 'A': // only for http, not http-form! ptr = miscptr + 2; if (strncasecmp(ptr, "NTLM", 4) == 0) @@ -425,7 +424,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { miscptr = ptr; break; - case 'c': // fall through + case 'c': // fall through case 'C': ptr = miscptr + 2; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) @@ -510,7 +509,7 @@ char *prepare_http_request(char *type, char *path, char *params, char *headers) if (params) reqlen += strlen(params); - http_request = (char *) malloc(reqlen); + http_request = (char *)malloc(reqlen); if (http_request) { memset(http_request, 0, reqlen); @@ -571,7 +570,6 @@ char *html_encode(char *string) { return ret; } - /* int32_t analyze_server_response(int32_t socket) return 0 or 1 when the cond regex is matched @@ -584,7 +582,7 @@ int32_t analyze_server_response(int32_t s) { auth_flag = 0; while ((buf = hydra_receive_line(s)) != NULL) { runs++; - //check for http redirection + // check for http redirection if (strstr(buf, "HTTP/1.1 3") != NULL || strstr(buf, "HTTP/1.0 3") != NULL || strstr(buf, "Status: 3") != NULL) { redirected_flag = 1; } else if (strstr(buf, "HTTP/1.1 401") != NULL || strstr(buf, "HTTP/1.0 401") != NULL) { @@ -608,7 +606,7 @@ int32_t analyze_server_response(int32_t s) { *endloc = 0; strcpy(redirected_url_buff, str); } - //there can be multiple cookies + // there can be multiple cookies if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) { char *cookiebuf = buf; @@ -622,7 +620,7 @@ int32_t analyze_server_response(int32_t s) { str[sizeof(str) - 1] = 0; endcookie1 = strchr(str, '\n'); endcookie2 = strchr(str, ';'); - //terminate string after cookie data + // terminate string after cookie data if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))) { if (*(endcookie1 - 1) == '\r') endcookie1--; @@ -635,27 +633,33 @@ int32_t analyze_server_response(int32_t s) { tmpname[sizeof(tmpname) - 2] = 0; ptr = index(tmpname, '='); *(++ptr) = 0; - // is the cookie already in the cookiejar? (so, does it have to be replaced?) + // is the cookie already in the cookiejar? (so, does it have to be + // replaced?) if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) { // yes it is. - // if the cookie is not in the beginning of the cookiejar, copy the ones before + // if the cookie is not in the beginning of the cookiejar, copy the + // ones before if (ptr != cookie && *(ptr - 1) == ' ') { strncpy(tmpcookie, cookie, ptr - cookie - 2); tmpcookie[ptr - cookie - 2] = 0; } ptr += strlen(tmpname); - // if there are any cookies after this one in the cookiejar, copy them over + // if there are any cookies after this one in the cookiejar, copy + // them over if ((ptr2 = strstr(ptr, "; ")) != NULL) { ptr2 += 2; strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1); } if (debug) - printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie); + printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: " + "%s\n", + tmpname, cookie, tmpcookie); strcpy(cookie, tmpcookie); } } ptr = index(str, '='); - // only copy the cookie if it has a value (otherwise the server wants to delete the cookie) + // only copy the cookie if it has a value (otherwise the server wants to + // delete the cookie) if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') { if (strlen(cookie) > 0) strncat(cookie, "; ", sizeof(cookie) - strlen(cookie) - 1); @@ -670,10 +674,10 @@ int32_t analyze_server_response(int32_t s) { if (strstr(buf, cond) != NULL) { #endif free(buf); -// printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf); + // printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf); return 1; } -// else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf); + // else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf); free(buf); } if (runs == 0) { @@ -694,8 +698,7 @@ void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, c } } -int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char *type, ptr_header_node ptr_head, - ptr_cookie_node ptr_cookie) { +int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345]; char header[8096], *upd3variables; @@ -705,7 +708,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); - cookie[0] = 0; // reset cookies from potential previous attempt + cookie[0] = 0; // reset cookies from potential previous attempt if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; @@ -716,9 +719,9 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; strcpy(b64login, login); - hydra_tobase64((unsigned char *) b64login, strlen(b64login), sizeof(b64login)); + hydra_tobase64((unsigned char *)b64login, strlen(b64login), sizeof(b64login)); strcpy(b64pass, pass); - hydra_tobase64((unsigned char *) b64pass, strlen(b64pass), sizeof(b64pass)); + hydra_tobase64((unsigned char *)b64pass, strlen(b64pass), sizeof(b64pass)); strncpy(clogin, html_encode(login), sizeof(clogin) - 1); clogin[sizeof(clogin) - 1] = 0; strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); @@ -744,7 +747,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - i = analyze_server_response(s); // ignore result + i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options, hostname); @@ -753,7 +756,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else @@ -798,7 +801,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (use_proxy == 1) { // proxy without authentication if (getcookie) { - //doing a GET to get cookies + // doing a GET to get cookies memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); if (http_request != NULL) @@ -815,7 +818,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else @@ -829,8 +832,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); else hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); if (http_request != NULL) free(http_request); @@ -847,8 +850,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); else hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); if (http_request != NULL) free(http_request); @@ -860,7 +863,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // direct web server, no proxy normal_request = NULL; if (getcookie) { - //doing a GET to save cookies + // doing a GET to save cookies if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); @@ -868,7 +871,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) { - //printf("[DEBUG] Got cookie: %s\n", cookie); + // printf("[DEBUG] Got cookie: %s\n", cookie); process_cookies(&ptr_cookie, cookie); if (normal_request != NULL) free(normal_request); @@ -878,7 +881,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } // now prepare for the "real" request if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else @@ -927,8 +930,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = analyze_server_response(s); - if (auth_flag) { // we received a 401 error - user is using wrong module - hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", + if (auth_flag) { // we received a 401 error - user is using wrong module + hydra_report(stderr, + "[ERROR] the target is using HTTP auth, not a web form, received HTTP " + "error code 401. Use module \"http%s-get\" instead.\n", (options & OPTION_SSL) > 0 ? "s" : ""); return 4; } @@ -936,13 +941,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - //if page was redirected, follow the location header + // if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - //we have to split the location + // we have to split the location char *startloc, *endloc; char str[2048]; char str2[2048]; @@ -950,7 +955,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options redirected_cpt--; redirected_flag = 0; - //check if the redirect page contains the fail/success condition + // check if the redirect page contains the fail/success condition #ifdef HAVE_PCRE if (hydra_string_match(redirected_url_buff, cond) == 1) { #else @@ -958,8 +963,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options #endif found = success_cond; } else { - //location could be either absolute http(s):// or / something - //or relative + // location could be either absolute http(s):// or / something + // or relative startloc = strstr(redirected_url_buff, "://"); if (startloc != NULL) { startloc += strlen("://"); @@ -988,8 +993,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } else { strncpy(str2, webtarget, sizeof(str2)); if (redirected_url_buff[0] != '/') { - //it's a relative path, so we have to concatenate it - //with the path from the first url given + // it's a relative path, so we have to concatenate it + // with the path from the first url given char *urlpath; char urlpath_extracted[2048]; @@ -1030,11 +1035,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options free(cookie_header); cookie_header = stringify_cookies(ptr_cookie); if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); else - hdrrepv(&ptr_head, "Cookie", cookie_header); + hdrrepv(&ptr_head, "Cookie", cookie_header); - //re-use the code above to check for proxy use + // re-use the code above to check for proxy use if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { // proxy with authentication hdrrepv(&ptr_head, "Host", str2); @@ -1052,14 +1057,14 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); - if (normal_request != NULL) - free(normal_request); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); } else { - //direct web server, no proxy + // direct web server, no proxy hdrrepv(&ptr_head, "Host", str2); if (normal_request != NULL) free(normal_request); @@ -1081,7 +1086,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } - //if the last status is still 3xx, set it as a false + // if the last status is still 3xx, set it as a false if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); @@ -1092,8 +1097,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; } -void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type, ptr_header_node * ptr_head, - ptr_cookie_node * ptr_cookie) { +void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type, ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; @@ -1118,35 +1122,35 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt } } switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t) getpid()); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_http_form(sock, ip, port, options, miscptr, fp, hostname, type, *ptr_head, *ptr_cookie); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); if (freemischttpform) @@ -1154,7 +1158,7 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt freemischttpform = 0; hydra_child_exit(0); break; - case 4: /* silent error exit */ + case 4: /* silent error exit */ if (sock >= 0) sock = hydra_disconnect(sock); if (freemischttpform) @@ -1175,7 +1179,7 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt free(miscptr); } -void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); @@ -1187,7 +1191,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi } } -void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); @@ -1199,7 +1203,7 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m } } -int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -1222,14 +1226,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ *ptr2 = 0; ptr2++; ptr = ptr2; if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) miscptr = ptr; else - miscptr = slash; /* to make things easier to user */ + miscptr = slash; /* to make things easier to user */ } else if ((ptr2 = index(webtarget, '/')) != NULL) { if (freemischttpform == 0) { if ((miscptr = malloc(strlen(ptr2) + 1)) != NULL) { @@ -1268,18 +1272,17 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { if (*ptr != 0) *ptr++ = 0; - if ((ptr2 = rindex(ptr, ':')) != NULL) { cond = ptr2 + 1; *ptr2 = 0; } else cond = ptr; -/* - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; -*/ + /* + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + */ if (ptr == cond) optional1 = NULL; else @@ -1304,9 +1307,11 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { } } - //printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : optional1); + // printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: + // %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : + // optional1); - if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) + if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */) hydra_child_exit(2); if (*cond == 0) { @@ -1316,7 +1321,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { sprintf(cookieurl, "%.1000s", url); - //conditions now have to contain F or S to set the fail or success condition + // conditions now have to contain F or S to set the fail or success condition if (*cond != 0 && (strpos(cond, "F=") == 0)) { success_cond = 0; cond += 2; @@ -1324,11 +1329,12 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 1; cond += 2; } else { - //by default condition is a fail + // by default condition is a fail success_cond = 0; } - //printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s + // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. @@ -1342,7 +1348,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { // proxy with authentication add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT); - proxy_string = (char *) malloc(strlen(proxy_authentication[selected_proxy]) + 10); + proxy_string = (char *)malloc(strlen(proxy_authentication[selected_proxy]) + 10); if (proxy_string) { strcpy(proxy_string, "Basic "); strcat(proxy_string, proxy_authentication[selected_proxy]); @@ -1352,13 +1358,13 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { return NULL; } if (getcookie) { - //doing a GET to save cookies + // doing a GET to save cookies if (cookie_request != NULL) free(cookie_request); cookie_request = stringify_headers(&ptr_head); } if (normal_request != NULL) - free(normal_request); + free(normal_request); normal_request = stringify_headers(&ptr_head); } else { if (use_proxy == 1) { @@ -1366,7 +1372,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT); if (getcookie) { - //doing a GET to get cookies + // doing a GET to get cookies if (cookie_request != NULL) free(cookie_request); cookie_request = stringify_headers(&ptr_head); @@ -1380,7 +1386,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT); if (getcookie) { - //doing a GET to save cookies + // doing a GET to save cookies if (cookie_request != NULL) free(cookie_request); cookie_request = stringify_headers(&ptr_head); @@ -1396,37 +1402,62 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { void usage_http_form(const char *service) { printf("Module %s requires the page and the parameters for the web form.\n\n" - "By default this module is configured to follow a maximum of 5 redirections in\n" - "a row. It always gathers a new cookie from the same URL without variables\n" - "The parameters take three \":\" separated values, plus optional values.\n" - "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: :

:[:[:]\n" + "By default this module is configured to follow a maximum of 5 " + "redirections in\n" + "a row. It always gathers a new cookie from the same URL without " + "variables\n" + "The parameters take three \":\" separated values, plus optional " + "values.\n" + "(Note: if you need a colon in the option string as value, escape it " + "with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: ::[:[:]\n" "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" - " with url-encoded (resp. base64-encoded) usernames and passwords being replaced in the\n" - " \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") placeholders (FORM PARAMETERS)\n" + "Second is the POST/GET variables (taken from either the browser, proxy, " + "etc.\n" + " with url-encoded (resp. base64-encoded) usernames and passwords being " + "replaced in the\n" + " \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") " + "placeholders (FORM PARAMETERS)\n" "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " Invalid condition login check can be preceded by \"F=\", successful " + "condition\n" " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp what a\n" + " This is where most people get it wrong. You have to check the webapp " + "what a\n" " failed string looks like and put it in this parameter!\n" "The following parameters are optional:\n" - " (c|C)=/page/uri to define a different page to gather initial cookies from\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " ^USER[64]^ and ^PASS[64]^ can also be put into these headers!\n" + " (c|C)=/page/uri to define a different page to gather initial " + "cookies from\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each " + "request\n" + " ^USER[64]^ and ^PASS[64]^ can also be put into these " + "headers!\n" " Note: 'h' will add the user-defined header at the end\n" " regardless it's already being sent by Hydra or not.\n" - " 'H' will replace the value of that header if it exists, by the\n" - " one supplied by the user, or add the header at the end\n" - "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the examples above and below).\n" - " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as option separators.\n" + " 'H' will replace the value of that header if it " + "exists, by the\n" + " one supplied by the user, or add the header at the " + "end\n" + "Note that if you are going to put colons (:) in your headers you should " + "escape them with a backslash (\\).\n" + " All colons that are not option separators should be escaped (see the " + "examples above and below).\n" + " You can specify a header without escaping the colons, but that way you " + "will not be able to put colons\n" + " in the header value itself, as they will be interpreted by hydra as " + "option separators.\n" "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" - " \"/login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/" + "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*" + "success\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" - " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic " + "dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" + " \"/exchweb/bin/auth/" + "owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&" + "username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:" + "reason=:C=/exchweb\"\n", service); } diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 0ca7b47..2f00ae5 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -5,11 +5,11 @@ extern char *HYDRA_EXIT; char *buf; static int32_t http_proxy_auth_mechanism = AUTH_ERROR; -int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { +int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260]; char url[260], host[30]; - char *header = ""; /* XXX TODO */ + char *header = ""; /* XXX TODO */ char *ptr; int32_t auth = 0; @@ -19,7 +19,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha return 1; } pass = hydra_get_next_password(); - pass = empty; // ignored + pass = empty; // ignored strncpy(url, login, sizeof(url) - 1); url[sizeof(url) - 1] = 0; @@ -46,12 +46,12 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha } if (http_proxy_auth_mechanism == AUTH_ERROR) { - //send dummy request + // send dummy request sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; - //receive first 40x + // receive first 40x buf = hydra_receive_line(s); while (buf != NULL && strstr(buf, "HTTP/") == NULL) { free(buf); @@ -61,7 +61,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha if (debug) hydra_report(stderr, "S:%s\n", buf); - //after the first query we should have been disconnected from web server + // after the first query we should have been disconnected from web server s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); @@ -74,8 +74,11 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { http_proxy_auth_mechanism = AUTH_BASIC; sprintf(buffer2, "%.50s:%.50s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + url, host, buffer2, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -87,8 +90,8 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha buf = hydra_receive_line(s); } - //if server cut the connection, just exit cleanly or - //this will be an infinite loop + // if server cut the connection, just exit cleanly or + // this will be an infinite loop if (buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); @@ -104,19 +107,23 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha char *pos = NULL; http_proxy_auth_mechanism = AUTH_NTLM; - //send auth and receive challenge - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + // send auth and receive challenge + // send auth request: let the server send it's own hostname and + // domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); - /* to be portable, no snprintf, buffer is big enough so it can't overflow */ - //send the first.. - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, - header); + /* to be portable, no snprintf, buffer is big enough so it can't + * overflow */ + // send the first.. + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; - //receive challenge + // receive challenge free(buf); buf = hydra_receive_line(s); while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { @@ -134,17 +141,19 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha pos[str - pos] = 0; } } - //recover challenge + // recover challenge if (buf != NULL) { if (strlen(buf) >= 4) - from64tobits((char *) buf1, pos); + from64tobits((char *)buf1, pos); free(buf); } - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, - header); + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -206,7 +215,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha } } // result analysis - ptr = ((char *) index(buf, ' ')) + 1; + ptr = ((char *)index(buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { hydra_report_found_host(port, ip, "http-proxy", fp); if (fp != stdout) @@ -214,7 +223,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url); hydra_completed_pair_found(); } else { - if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) { + if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */) { hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n"); return 3; } @@ -228,7 +237,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha return 1; } -void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; @@ -239,33 +248,34 @@ void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, cha while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp, hostname); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -278,13 +288,13 @@ void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, cha } } -int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -292,9 +302,13 @@ int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char opti return 0; } -void usage_http_proxy_urlenum(const char* service) { - printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" +void usage_http_proxy_urlenum(const char *service) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P " + "option.\n" "The -L loginfile must contain the URL list to try through the proxy.\n" "The proxy credentials cann be put as the optional parameter, e.g.\n" - " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum " + "user:pass\n" + " hydra -L urllist.txt " + "http-proxy-urlenum://target.com:3128/user:pass\n\n"); } diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index cdeb714..0e07d9b 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -5,11 +5,11 @@ extern char *HYDRA_EXIT; static int32_t http_proxy_auth_mechanism = AUTH_ERROR; char *http_proxy_buf = NULL; -int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { +int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500]; char url[210], host[60]; - char *header = ""; /* XXX TODO */ + char *header = ""; /* XXX TODO */ char *ptr, *fooptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -22,7 +22,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option strcpy(host, "Host: www.microsoft.com\r\n"); } else { sprintf(url, "%.200s", miscptr); - ptr = strstr(miscptr, "://"); // :// check is in hydra.c + ptr = strstr(miscptr, "://"); // :// check is in hydra.c sprintf(host, "Host: %.50s", ptr + 3); if ((ptr = index(host, '/')) != NULL) *ptr = 0; @@ -32,12 +32,12 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (http_proxy_auth_mechanism != AUTH_BASIC && (http_proxy_auth_mechanism == AUTH_ERROR || http_proxy_buf == NULL)) { - //send dummy request + // send dummy request sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; - //receive first 40x + // receive first 40x http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/") == NULL) { free(http_proxy_buf); @@ -69,7 +69,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option if (debug) hydra_report(stderr, "S:%s\n", http_proxy_buf); - //after the first query we should have been disconnected from web server + // after the first query we should have been disconnected from web server s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); @@ -81,8 +81,11 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) { http_proxy_auth_mechanism = AUTH_BASIC; sprintf(buffer2, "%.50s:%.50s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\n%s\r\n", + url, host, buffer2, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -94,8 +97,8 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option http_proxy_buf = hydra_receive_line(s); } - //if server cut the connection, just exit cleanly or - //this will be an infinite loop + // if server cut the connection, just exit cleanly or + // this will be an infinite loop if (http_proxy_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); @@ -106,24 +109,27 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option hydra_report(stderr, "S:%s\n", http_proxy_buf); } else { if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) { - unsigned char buf1[4096]; unsigned char buf2[4096]; char *pos = NULL; http_proxy_auth_mechanism = AUTH_NTLM; - //send auth and receive challenge - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + // send auth and receive challenge + // send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); - /* to be portable, no snprintf, buffer is big enough so it can't overflow */ - //send the first.. - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + /* to be portable, no snprintf, buffer is big enough so it can't overflow + */ + // send the first.. + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; - //receive challenge + // receive challenge free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && (pos = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM ")) == NULL) { @@ -141,24 +147,27 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option pos[str - pos] = 0; } } - //recover challenge + // recover challenge if (http_proxy_buf != NULL && strlen(http_proxy_buf) >= 4) { - from64tobits((char *) buf1, pos); + from64tobits((char *)buf1, pos); free(http_proxy_buf); http_proxy_buf = NULL; return 3; } - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; if (http_proxy_buf != NULL) - free(http_proxy_buf); + free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) { free(http_proxy_buf); @@ -170,7 +179,6 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } else { #ifdef LIBOPENSSL if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { - char *pbuffer; http_proxy_auth_mechanism = AUTH_DIGESTMD5; @@ -206,7 +214,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option #endif { if (http_proxy_buf != NULL) { -// buf[strlen(http_proxy_buf) - 1] = '\0'; + // buf[strlen(http_proxy_buf) - 1] = '\0'; hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf); free(http_proxy_buf); http_proxy_buf = NULL; @@ -218,7 +226,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } } - ptr = ((char *) index(http_proxy_buf, ' ')) + 1; + ptr = ((char *)index(http_proxy_buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); @@ -226,7 +234,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option http_proxy_buf = NULL; } else { if (*ptr != '4') - hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass); + hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(index(http_proxy_buf, ' ') + 1), login, pass); else if (verbose && *(ptr + 2) == '3') hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); hydra_completed_pair(); @@ -246,7 +254,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option return 1; } -void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; @@ -257,36 +265,37 @@ void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscp while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (http_proxy_buf != NULL) - free(http_proxy_buf); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - - if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (http_proxy_buf != NULL) + free(http_proxy_buf); + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_http_proxy(sock, ip, port, options, miscptr, fp, hostname); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -299,13 +308,13 @@ void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscp } } -int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -313,7 +322,9 @@ int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, cha return 0; } -void usage_http_proxy(const char* service) { +void usage_http_proxy(const char *service) { printf("Module http-proxy is optionally taking the page to authenticate at.\n" - "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); + "Default is http://www.microsoft.com/)\n" + "Basic, DIGEST-MD5 and NTLM are supported and negotiated " + "automatically.\n\n"); } diff --git a/hydra-http.c b/hydra-http.c index 3a6b378..a1868bf 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -1,8 +1,6 @@ #include "hydra-http.h" #include "sasl.h" - - extern char *HYDRA_EXIT; char *webtarget = NULL; char *slash = "/"; @@ -10,12 +8,12 @@ char *http_buf = NULL; #define END_CONDITION_MAX_LEN 100 static char end_condition[END_CONDITION_MAX_LEN]; -int end_condition_type=-1; +int end_condition_type = -1; int32_t webport, freemischttp = 0; int32_t http_auth_mechanism = AUTH_UNASSIGNED; -int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) { +int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *type, ptr_header_node ptr_head) { char *empty = ""; char *login, *pass, *buffer, buffer2[500]; char *header; @@ -34,7 +32,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha header = stringify_headers(&ptr_head); buffer_size = strlen(header) + 500; - if(!(buffer = malloc(buffer_size))) { + if (!(buffer = malloc(buffer_size))) { free(header); return 3; } @@ -49,133 +47,153 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (http_auth_mechanism) { case AUTH_BASIC: sprintf(buffer2, "%.50s:%.50s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); /* again: no snprintf to be portable. don't worry, buffer can't overflow */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) - sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + sprintf(buffer, + "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + sprintf(buffer, + "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buffer2, header); else - sprintf(buffer, "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header); + sprintf(buffer, + "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", + type, miscptr, webtarget, buffer2, header); } if (debug) hydra_report(stderr, "C:%s\n", buffer); break; #ifdef LIBOPENSSL - case AUTH_DIGESTMD5:{ - char *pbuffer; + case AUTH_DIGESTMD5: { + char *pbuffer; - pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); - strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1); - buffer[buffer_size - 1] = '\0'; + pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); + strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1); + buffer[buffer_size - 1] = '\0'; - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); - if (fooptr == NULL) { - free(buffer); - free(header); - return 3; - } - - if (debug) - hydra_report(stderr, "C:%s\n", buffer2); - strcpy(buffer, buffer2); + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); + if (fooptr == NULL) { + free(buffer); + free(header); + return 3; } - break; + + if (debug) + hydra_report(stderr, "C:%s\n", buffer2); + strcpy(buffer, buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; - char *pos = NULL; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; + char *pos = NULL; - //send auth and receive challenge - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + // send auth and receive challenge + // send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); - /* to be portable, no snprintf, buffer is big enough so it can't overflow */ - //send the first.. - if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + /* to be portable, no snprintf, buffer is big enough so it can't overflow */ + // send the first.. + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + else { + if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); - else { - if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); - else - sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, - buf1, header); - } - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - free(buffer); - free(header); - return 1; - } - - //receive challenge - if (http_buf != NULL) - free(http_buf); - - http_buf = hydra_receive_line(s); - if (http_buf == NULL) { - if (verbose) - hydra_report(stderr, "[ERROR] Server did not answer\n"); - free(buffer); - free(header); - return 3; - } - - pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM "); - if (pos != NULL) { - char *str; - - pos += 23; - if ((str = strchr(pos, '\r')) != NULL) { - pos[str - pos] = 0; - } - if ((str = strchr(pos, '\n')) != NULL) { - pos[str - pos] = 0; - } - } else { - hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n"); - return 3; - } - - //recover challenge - from64tobits((char *) buf1, pos); - free(http_buf); - http_buf = NULL; - - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - - //create the auth response - if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); - else { - if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); - else - sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, - buf1, header); - } - - if (debug) - hydra_report(stderr, "C:%s\n", buffer); + "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, miscptr, webtarget, buf1, header); } - break; + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + free(buffer); + free(header); + return 1; + } + + // receive challenge + if (http_buf != NULL) + free(http_buf); + + http_buf = hydra_receive_line(s); + if (http_buf == NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + free(buffer); + free(header); + return 3; + } + + pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM "); + if (pos != NULL) { + char *str; + + pos += 23; + if ((str = strchr(pos, '\r')) != NULL) { + pos[str - pos] = 0; + } + if ((str = strchr(pos, '\n')) != NULL) { + pos[str - pos] = 0; + } + } else { + hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n"); + return 3; + } + + // recover challenge + from64tobits((char *)buf1, pos); + free(http_buf); + http_buf = NULL; + + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + + // create the auth response + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + else { + if (use_proxy == 1) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else + sprintf(buffer, + "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, miscptr, webtarget, buf1, header); + } + + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + } break; } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -191,7 +209,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha tmpreplybuf[0] = 0; while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) { - if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); + if (debug) + printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) { strncpy(tmpreplybuf, http_buf, sizeof(tmpreplybuf) - 1); tmpreplybuf[sizeof(tmpreplybuf) - 1] = 0; @@ -204,7 +223,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha strcat(tmpreplybufptr, http_buf); free(http_buf); http_buf = tmpreplybufptr; - if (debug) printf("http_buf now: %s\n", http_buf); + if (debug) + printf("http_buf now: %s\n", http_buf); } } else { free(http_buf); @@ -212,8 +232,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha } } - //if server cut the connection, just exit cleanly or - //this will be an infinite loop + // if server cut the connection, just exit cleanly or + // this will be an infinite loop if (http_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); @@ -225,19 +245,21 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha if (debug) hydra_report(stderr, "S:%s\n", http_buf); - ptr = ((char *) index(http_buf, ' ')); + ptr = ((char *)index(http_buf, ' ')); if (ptr != NULL) ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { #ifdef HAVE_PCRE - if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition)!=end_condition_type) { + if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition) != end_condition_type) { #else if (end_condition_type >= 0 && (strstr(http_buf, end_condition) == NULL ? 0 : 1) != end_condition_type) { -#endif - if (debug) hydra_report(stderr, "End condition not match continue.\n"); +#endif + if (debug) + hydra_report(stderr, "End condition not match continue.\n"); hydra_completed_pair(); } else { - if (debug) hydra_report(stderr, "END condition %s match.\n",end_condition); + if (debug) + hydra_report(stderr, "END condition %s match.\n", end_condition); hydra_report_found_host(port, ip, "www", fp); hydra_completed_pair_found(); } @@ -247,11 +269,11 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha } } else { if (ptr != NULL && *ptr != '4') - fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char *) ptr, login, pass); + fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char *)ptr, login, pass); - //the first authentication type failed, check the type from server header + // the first authentication type failed, check the type from server header if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { - //seems the auth supported is not Basic scheme so testing further + // seems the auth supported is not Basic scheme so testing further int32_t find_auth = 0; if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) { @@ -266,8 +288,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha #endif if (find_auth) { -// free(http_buf); -// http_buf = NULL; + // free(http_buf); + // http_buf = NULL; free(buffer); free(header); return 1; @@ -275,18 +297,18 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha } hydra_completed_pair(); } -// free(http_buf); -// http_buf = NULL; + // free(http_buf); + // http_buf = NULL; free(buffer); free(header); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; - + return 1; } -void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type) { +void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; char *ptr, *ptr2; @@ -298,14 +320,14 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if ((webtarget = strstr(miscptr, "://")) != NULL) { webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ *ptr2 = 0; ptr2++; ptr = ptr2; if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) miscptr = ptr; else - miscptr = slash; /* to make things easier to user */ + miscptr = slash; /* to make things easier to user */ } else if ((ptr2 = index(webtarget, '/')) != NULL) { miscptr = malloc(strlen(ptr2) + 1); freemischttp = 1; @@ -313,9 +335,8 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI *ptr2 = 0; } else webtarget = hostname; - } else - if (strlen(miscptr) == 0) - miscptr = strdup("/"); + } else if (strlen(miscptr) == 0) + miscptr = strdup("/"); if (webtarget == NULL) webtarget = hostname; if (port != 0) @@ -333,43 +354,45 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI *ptr++ = 0; optional1 = ptr; - if (!parse_options(optional1, &ptr_head)) // this function is in hydra-http-form.c !! + if (!parse_options(optional1, + &ptr_head)) // this function is in hydra-http-form.c !! run = 4; if (http_auth_mechanism == AUTH_UNASSIGNED) http_auth_mechanism = AUTH_BASIC; - + while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - if (freemischttp) - free(miscptr); - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + if (freemischttp) + free(miscptr); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_http(sock, ip, port, options, miscptr, fp, type, ptr_head); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); if (freemischttp) @@ -386,76 +409,72 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_http(ip, sp, options, miscptr, fp, port, hostname, "GET"); -} +void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "GET"); } -void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_http(ip, sp, options, miscptr, fp, port, hostname, "POST"); -} +void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "POST"); } -void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD"); -} +void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD"); } -int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here + /*POU CODE */ + char *start = strstr(miscptr, "F="); + if (start == NULL) + start = strstr(miscptr, "S="); - - /*POU CODE */ - char * start=strstr(miscptr, "F="); - if(start==NULL) - start=strstr(miscptr, "S="); + if (start != NULL) { + if (start[0] == 'F') + end_condition_type = 0; + else + end_condition_type = 1; - if (start !=NULL){ - if(start[0]=='F') - end_condition_type=0; - else - end_condition_type=1; - - int condition_len=strlen(start); - memset(end_condition,0,END_CONDITION_MAX_LEN); - if(condition_len>=END_CONDITION_MAX_LEN){ - hydra_report(stderr,"Condition string cannot be bigger than %u.",END_CONDITION_MAX_LEN); - return -1; - } - //copy condition witout starting string (F= or S= 2char) - strncpy(end_condition, start+2,condition_len-2); - if(debug) - hydra_report(stderr, "End condition is %s, mod is %d\n",end_condition,end_condition_type); - - if(*(start-1)==' ') - start--; - memset(start,'\0',condition_len); - if (debug) - hydra_report(stderr, "Modificated options:%s\n",miscptr); - }else{ - if (debug) - hydra_report(stderr, "Condition not found\n"); + int condition_len = strlen(start); + memset(end_condition, 0, END_CONDITION_MAX_LEN); + if (condition_len >= END_CONDITION_MAX_LEN) { + hydra_report(stderr, "Condition string cannot be bigger than %u.", END_CONDITION_MAX_LEN); + return -1; } - - + // copy condition witout starting string (F= or S= 2char) + strncpy(end_condition, start + 2, condition_len - 2); + if (debug) + hydra_report(stderr, "End condition is %s, mod is %d\n", end_condition, end_condition_type); + if (*(start - 1) == ' ') + start--; + memset(start, '\0', condition_len); + if (debug) + hydra_report(stderr, "Modificated options:%s\n", miscptr); + } else { + if (debug) + hydra_report(stderr, "Condition not found\n"); + } return 0; } -void usage_http(const char* service) { +void usage_http(const char *service) { printf("Module %s requires the page to authenticate.\n" "The following parameters are optional:\n" - " (a|A)=auth-type specify authentication mechanism to use: BASIC, NTLM or MD5\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " (F|S)=check for text in the HTTP reply. S= means if this text is found, a\n" - " valid account has been found, F= means if this string is present the\n" - " combination is invalid. Note: this must be the last option supplied.\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service); + " (a|A)=auth-type specify authentication mechanism to use: BASIC, " + "NTLM or MD5\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each " + "request\n" + " (F|S)=check for text in the HTTP reply. S= means if this text is " + "found, a\n" + " valid account has been found, F= means if this string is " + "present the\n" + " combination is invalid. Note: this must be the last option " + "supplied.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: " + "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", + service); } diff --git a/hydra-http.h b/hydra-http.h index b6b4c2b..18a12f0 100644 --- a/hydra-http.h +++ b/hydra-http.h @@ -4,10 +4,10 @@ #include "hydra-mod.h" /* HTTP Header Types */ -#define HEADER_TYPE_USERHEADER 'h' -#define HEADER_TYPE_USERHEADER_REPL 'H' -#define HEADER_TYPE_DEFAULT 'D' -#define HEADER_TYPE_DEFAULT_REPL 'd' +#define HEADER_TYPE_USERHEADER 'h' +#define HEADER_TYPE_USERHEADER_REPL 'H' +#define HEADER_TYPE_DEFAULT 'D' +#define HEADER_TYPE_DEFAULT_REPL 'd' typedef struct header_node t_header_node, *ptr_header_node; @@ -15,7 +15,7 @@ extern char *webtarget; extern char *slash; extern char *optional1; -extern int32_t parse_options(char *miscptr, ptr_header_node * ptr_head); -extern int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char type); +extern int32_t parse_options(char *miscptr, ptr_header_node *ptr_head); +extern int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type); extern char *stringify_headers(ptr_header_node *ptr_head); #endif diff --git a/hydra-icq.c b/hydra-icq.c index 86c968c..c59e38a 100644 --- a/hydra-icq.c +++ b/hydra-icq.c @@ -4,32 +4,10 @@ extern char *HYDRA_EXIT; extern int32_t child_head_no; int32_t seq = 1; -const unsigned char icq5_table[] = { - 0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, - 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, - 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, - 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, - 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, - 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31, - 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, - 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, - 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, - 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, - 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, - 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66, - 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, - 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, - 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, - 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, - 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, - 0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, - 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, - 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, - 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, - 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, - 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, - 0x5A, 0x00, 0x00 -}; +const unsigned char icq5_table[] = {0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, + 0x33, 0x31, 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, + 0x5A, 0x4A, 0x62, 0x66, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x3E, + 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, 0x5A, 0x00, 0x00}; void fix_packet(char *buf, int32_t len) { unsigned long c1, c2; @@ -141,7 +119,7 @@ int32_t icq_ack(int32_t s, char *login) { return (hydra_send(s, buf, 10, 0)); } -int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *miscptr, FILE * fp) { +int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE *output, char *miscptr, FILE *fp) { unsigned char buf[1024]; char *login, *pass; char *empty = ""; @@ -153,7 +131,7 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis pass = empty; for (i = 0; login[i]; i++) - if (!isdigit((int32_t) login[i])) { + if (!isdigit((int32_t)login[i])) { fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login); hydra_completed_pair(); return 2; @@ -162,13 +140,13 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis icq_login(sock, login, pass); while (1) { - if ((r = hydra_recv(sock, (char *) buf, sizeof(buf))) == 0) { + if ((r = hydra_recv(sock, (char *)buf, sizeof(buf))) == 0) { return 1; } if (r < 0) { if (verbose) - fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t) getpid()); + fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t)getpid()); return 3; } @@ -177,9 +155,9 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis hydra_completed_pair_found(); icq_ack(sock, login); icq_login_1(sock, login); - hydra_recv(sock, (char *) buf, sizeof(buf)); + hydra_recv(sock, (char *)buf, sizeof(buf)); icq_ack(sock, login); - hydra_recv(sock, (char *) buf, sizeof(buf)); + hydra_recv(sock, (char *)buf, sizeof(buf)); icq_ack(sock, login); icq_disconnect(sock, login); break; @@ -188,7 +166,8 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis break; } -/* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */ + /* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) + */ } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -196,7 +175,7 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis return 1; } -void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ICQ; @@ -221,7 +200,8 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL sock = hydra_disconnect(sock); sock = hydra_connect_udp(ip, myport); if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; @@ -243,13 +223,13 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-imap.c b/hydra-imap.c index f9a3822..b93fc6e 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -20,7 +20,8 @@ char *imap_read_server_capacity(int32_t sock) { if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') { resp = 1; usleepn(300); - /* we got the capability info then get the completed warning info from server */ + /* we got the capability info then get the completed warning info from + * server */ while (hydra_data_ready(sock)) { free(buf); buf = hydra_receive_line(sock); @@ -30,7 +31,7 @@ char *imap_read_server_capacity(int32_t sock) { buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; - if (isdigit((int32_t) *ptr) && *(ptr + 1) == ' ') { + if (isdigit((int32_t)*ptr) && *(ptr + 1) == ' ') { resp = 1; } } @@ -39,7 +40,7 @@ char *imap_read_server_capacity(int32_t sock) { return buf; } -int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], *fooptr; @@ -69,7 +70,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha } free(buf); strcpy(buffer2, login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -84,7 +85,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha } free(buf); strcpy(buffer2, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); break; @@ -110,220 +111,212 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL case AUTH_CRAMMD5: case AUTH_CRAMSHA1: - case AUTH_CRAMSHA256:{ - int32_t rc = 0; - char *preplogin; + case AUTH_CRAMSHA256: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5: + sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + // get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { switch (imap_auth_mechanism) { - case AUTH_CRAMMD5: - sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); + hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf); break; case AUTH_CRAMSHA1: - sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter); + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf); break; case AUTH_CRAMSHA256: - sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter); + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf); break; } - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - switch (imap_auth_mechanism) { - case AUTH_CRAMMD5: - hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA1: - hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA256: - hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf); - break; - } - free(buf); - return 3; - } - - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 2); free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 2); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5: { + sasl_cram_md5(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA1: { + sasl_cram_sha1(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA256: { + sasl_cram_sha256(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + } + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + + free(preplogin); + } break; + case AUTH_DIGESTMD5: { + sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf); + free(buf); + + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); + if (fooptr == NULL) + return 3; + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + + } break; + case AUTH_SCRAMSHA1: { + char clientfirstmessagebare[200]; + char serverfirstmessage[200]; + char *preplogin; + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + return 3; + } + sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + memset(buffer2, 0, sizeof(buffer2)); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; + } else { + /* recover server challenge */ + memset(buffer, 0, sizeof(buffer)); + //+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2 + from64tobits((char *)buffer, buf + 2); + free(buf); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; memset(buffer2, 0, sizeof(buffer2)); - - switch (imap_auth_mechanism) { - case AUTH_CRAMMD5:{ - sasl_cram_md5(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA1:{ - sasl_cram_sha1(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA256:{ - sasl_cram_sha256(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - } - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); - - free(preplogin); - } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf); - free(buf); - - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", buffer); - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (fooptr == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + return 1; + } + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); - } - break; - case AUTH_SCRAMSHA1:{ - char clientfirstmessagebare[200]; - char serverfirstmessage[200]; - char *preplogin; - int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - - if (rc) { - return 3; - } - sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf); - free(buf); - return 3; - } - free(buf); - - snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); - free(preplogin); - memset(buffer2, 0, sizeof(buffer2)); - sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - buf = hydra_receive_line(s); - if (buf == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); - free(buf); - return 1; - } else { - /* recover server challenge */ - memset(buffer, 0, sizeof(buffer)); - //+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2 - from64tobits((char *) buffer, buf + 2); - free(buf); - strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); - serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; - - memset(buffer2, 0, sizeof(buffer2)); - fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { - hydra_report(stderr, "[ERROR] Can't compute client response\n"); - return 1; - } - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); - } - } - break; + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //Send auth request - sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter); + // Send auth request + sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf); free(buf); - //send auth and receive challenge - //send auth request: lst the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strlen(buf) < 6) { - free(buf); - return 1; - } - - //recover challenge - from64tobits((char *) buf1, buf + 2); - free(buf); - - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); + return 3; } - break; + free(buf); + // send auth and receive challenge + // send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strlen(buf) < 6) { + free(buf); + return 1; + } + + // recover challenge + from64tobits((char *)buf1, buf + 2); + free(buf); + + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } break; default: - //clear authentication + // clear authentication sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass); } @@ -353,7 +346,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha return 1; } -void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; char *buffer1 = "1 CAPABILITY\r\n"; @@ -363,10 +356,10 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(275); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -380,12 +373,12 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); - if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ + if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n"); if (buf != NULL) @@ -407,7 +400,7 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI int32_t i; for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { disable_tls = 0; @@ -415,14 +408,16 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } #ifdef LIBOPENSSL if (!disable_tls) { - /* check for STARTTLS, if available we may have access to more basic auth methods */ + /* check for STARTTLS, if available we may have access to more basic + * auth methods */ if (strstr(buf, "STARTTLS") != NULL) { hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0); counter++; free(buf); buf = hydra_receive_line(sock); if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock, hostname) == -1)) { @@ -444,15 +439,16 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI hydra_child_exit(2); } } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is " + "not supported by the server\n"); } #endif if (verbose) hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); - //authentication should be listed AUTH= like in the extract below - //STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 + // authentication should be listed AUTH= like in the extract below + // STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=NTLM") != NULL)) { imap_auth_mechanism = AUTH_NTLM; } @@ -487,7 +483,6 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI free(buf); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - if (strstr(miscptr, "CLEAR")) imap_auth_mechanism = AUTH_CLEAR; @@ -554,11 +549,11 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_imap(sock, ip, port, options, miscptr, fp); counter++; break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -571,13 +566,13 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -585,8 +580,11 @@ int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_imap(const char* service) { +void usage_imap(const char *service) { printf("Module imap is optionally taking one authentication type of:\n" " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); + " CRAM-SHA256, DIGEST-MD5, NTLM\n" + "Additionally TLS encryption via STARTTLS can be enforced with the " + "TLS option.\n\n" + "Example: imap://target/TLS:PLAIN\n"); } diff --git a/hydra-irc.c b/hydra-irc.c index 4111b86..d56eec4 100644 --- a/hydra-irc.c +++ b/hydra-irc.c @@ -10,7 +10,7 @@ extern char *HYDRA_EXIT; char buffer[300] = ""; int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL; -int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; int32_t ret; @@ -52,7 +52,7 @@ int32_t send_nick(int32_t s, char *ip, char *pass) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } - sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t) getpid(), (int32_t) getpid(), hydra_address2string(ip)); + sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t)getpid(), (int32_t)getpid(), hydra_address2string(ip)); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } @@ -62,7 +62,7 @@ int32_t send_nick(int32_t s, char *ip, char *pass) { int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char options, char *hostname) { if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(275); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -77,7 +77,7 @@ int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char o return sock; } -int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname) { +int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; char *pass; int32_t ret; @@ -87,7 +87,7 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, s = irc_server_connect(ip, s, port, options, hostname); if (s < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); return 3; } @@ -105,10 +105,16 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, #endif hydra_report_pass_found(port, ip, "irc", fp); hydra_completed_pair_found(); - hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass); + hydra_report(stderr, + "[INFO] Server password '%s' is working, you can pass it as " + "argument\nto irc module to then try login/password oper mode\n", + pass); } else { if (verbose && (miscptr != NULL)) - hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr); + hydra_report(stderr, + "[VERBOSE] Server is requesting a general password, '%s' " + "you entered is not working\n", + miscptr); hydra_completed_pair(); } @@ -117,7 +123,7 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, return 4; } -void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, ret; char *buf; @@ -128,11 +134,11 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ sock = irc_server_connect(ip, sock, port, options, hostname); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -147,7 +153,7 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0) buffer[ret] = 0; - /* ERROR :Bad password */ + /* ERROR :Bad password */ #ifdef HAVE_PCRE if ((ret > 0) && (hydra_string_match(buffer, "ERROR\\s.*password"))) { #else @@ -180,19 +186,23 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL hydra_child_exit(0); } - /* ERROR :Bad password is returned from ngircd when it s waiting for a server password */ + /* ERROR :Bad password is returned from ngircd when it s waiting for a + * server password */ if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) { /* seems we not successfully connected */ - hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer); + hydra_report(stderr, + "[ERROR] should not be able to identify server msg, " + "please report it\n%s\n", + buffer); hydra_child_exit(0); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_oper_irc(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -208,13 +218,13 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -222,6 +232,8 @@ int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_irc(const char* service) { - printf("Module irc is optionally taking the general server password, if the server is requiring one, and if none is passed the password from -p/-P will be used\n\n"); +void usage_irc(const char *service) { + printf("Module irc is optionally taking the general server password, if the " + "server is requiring one, and if none is passed the password from " + "-p/-P will be used\n\n"); } diff --git a/hydra-ldap.c b/hydra-ldap.c index d04d180..4f79365 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -7,7 +7,7 @@ unsigned char *buf; int32_t counter; int32_t tls_required = 0; -int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char version, int32_t auth_method) { +int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char version, int32_t auth_method) { char *empty = ""; char *login = "", *pass, *fooptr = ""; unsigned char buffer[512]; @@ -18,7 +18,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha The LDAP "simple" method has three modes of operation: * anonymous= no user no pass * unauthenticated= user but no pass - * user/password authenticated= user and pass + * user/password authenticated= user and pass */ if ((miscptr != NULL) && (ldap_auth_mechanism == AUTH_CLEAR)) { @@ -65,9 +65,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha if (ldap_auth_mechanism == AUTH_CLEAR) { buffer[11] = strlen(login); /* DN */ memcpy(&buffer[12], login, strlen(login)); - buffer[12 + strlen(login)] = (unsigned char) 128; + buffer[12 + strlen(login)] = (unsigned char)128; buffer[13 + strlen(login)] = strlen(pass); - memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */ + memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */ } else { char *authm = "DIGEST-MD5"; @@ -79,7 +79,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha miscptr[sizeof(buffer) - 16 - strlen(authm)] = '\0'; } - buffer[11] = strlen(miscptr); /* DN */ + buffer[11] = strlen(miscptr); /* DN */ memcpy(&buffer[12], miscptr, strlen(miscptr)); buffer[12 + strlen(miscptr)] = 163; buffer[13 + strlen(miscptr)] = 2 + strlen(authm); @@ -87,9 +87,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha buffer[15 + strlen(miscptr)] = strlen(authm); memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm)); } - if (hydra_send(s, (char *) buffer, length, 0) < 0) + if (hydra_send(s, (char *)buffer, length, 0) < 0) return 1; - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return 1; if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) { @@ -115,13 +115,13 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha } #ifdef LIBOPENSSL -/* one more step auth for CRAM and DIGEST */ + /* one more step auth for CRAM and DIGEST */ if (ldap_auth_mechanism == AUTH_CRAMMD5) { /* get the challenge, need to extract it */ char *ptr; char buf2[32]; - ptr = strstr((char *) buf, "<"); + ptr = strstr((char *)buf, "<"); fooptr = buf2; sasl_cram_md5(fooptr, pass, ptr); if (fooptr == NULL) @@ -148,7 +148,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha buffer[9] = version; buffer[10] = 4; - buffer[11] = strlen(miscptr); /* DN */ + buffer[11] = strlen(miscptr); /* DN */ memcpy(&buffer[12], miscptr, strlen(miscptr)); buffer[12 + strlen(miscptr)] = 163; buffer[13 + strlen(miscptr)] = 2 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2); @@ -161,10 +161,10 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' '; memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2)); - if (hydra_send(s, (char *) buffer, length, 0) < 0) + if (hydra_send(s, (char *)buffer, length, 0) < 0) return 1; free(buf); - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return 1; } else { if (ldap_auth_mechanism == AUTH_DIGESTMD5) { @@ -172,7 +172,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha char buffer2[500]; int32_t ind = 0; - ptr = strstr((char *) buf, "realm="); + ptr = strstr((char *)buf, "realm="); counter++; if (strstr(miscptr, "^USER^") != NULL) { @@ -213,7 +213,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha ind++; buffer[ind] = counter % 256; ind++; - buffer[ind] = 96; /*0x60 */ + buffer[ind] = 96; /*0x60 */ ind++; buffer[ind] = 130; ind++; @@ -240,9 +240,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha buffer[ind] = strlen(miscptr); ind++; memcpy(&buffer[ind], miscptr, strlen(miscptr)); - /*DN*/ buffer[ind + strlen(miscptr)] = 163; //0xa3 + /*DN*/ buffer[ind + strlen(miscptr)] = 163; // 0xa3 ind++; - buffer[ind + strlen(miscptr)] = 130; //0x82 + buffer[ind + strlen(miscptr)] = 130; // 0x82 ind++; if (strlen(buffer2) + 6 + strlen("DIGEST-MD5") > 255) { @@ -279,10 +279,10 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2)); ind++; - if (hydra_send(s, (char *) buffer, length, 0) < 0) + if (hydra_send(s, (char *)buffer, length, 0) < 0) return 1; free(buf); - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return 1; } } @@ -306,21 +306,27 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) { if (verbose) - hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass); + hydra_report(stderr, + "[VERBOSE] Server unwilling to perform action, maybe deny by server " + "config or too busy when tried login: %s password: %s\n", + login, pass); free(buf); return 1; } if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) { - hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2'); + hydra_report(stderr, + "[ERROR] Invalid protocol version, you tried ldap%c, better " + "try ldap%c\n", + version + '0', version == 2 ? '3' : '2'); free(buf); hydra_child_exit(2); sleep(1); hydra_child_exit(2); } -//0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, -//8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, -//16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, + // 0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, + // 8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, + // 16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, // this is for w2k8 active directory ldap auth if (buf[0] == 48 && buf[1] == 132) { @@ -335,10 +341,9 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha } } } else { - if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) { hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n"); - print_hex((unsigned char *) buf, 24); + print_hex((unsigned char *)buf, 24); free(buf); return 3; } @@ -351,7 +356,7 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha return 2; } -void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char version, int32_t auth_method) { +void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char version, int32_t auth_method) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; @@ -360,10 +365,10 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(275); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -377,18 +382,20 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } counter = 1; if (tls_required) { - /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */ - char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; + /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC + * 2830 */ + char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31" + "\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0) hydra_child_exit(1); - if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(sock)) == NULL) hydra_child_exit(1); if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { @@ -410,11 +417,11 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_ldap(sock, ip, port, options, miscptr, fp, hostname, version, auth_method); counter++; break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -427,47 +434,46 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR); -} +void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR); } -void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR); -} +void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR); } -void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5); -} +void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5); } -void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5); -} +void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5); } -int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here if (miscptr != NULL && strlen(miscptr) > 220) { - fprintf(stderr, "[ERROR] the option string to this module may not be larger than 220 bytes\n"); + fprintf(stderr, "[ERROR] the option string to this module may not be " + "larger than 220 bytes\n"); return -1; } return 0; } -void usage_ldap(const char* service) { - printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" - "Note: you can also specify the DN as login when Simple auth method is used).\n" +void usage_ldap(const char *service) { + printf("Module %s is optionally taking the DN (depending of the auth method " + "choosed\n" + "Note: you can also specify the DN as login when Simple auth method " + "is used).\n" "The keyword \"^USER^\" is replaced with the login.\n" - "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" - "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "Special notes for Simple method has 3 operation modes: anonymous, " + "(no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user " + "and pass).\n" "So don't forget to set empty string as user/pass to test all modes.\n" - "Hint: to authenticate to a windows active directory ldap, this is usually\n" - " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service); + "Hint: to authenticate to a windows active directory ldap, this is " + "usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", + service); } diff --git a/hydra-memcached.c b/hydra-memcached.c index 9065c1e..ca21d26 100644 --- a/hydra-memcached.c +++ b/hydra-memcached.c @@ -1,5 +1,5 @@ -//This plugin was written by -//Tested on memcached 1.5.6-0ubuntu1 +// This plugin was written by +// Tested on memcached 1.5.6-0ubuntu1 #ifdef LIBMCACHED #include @@ -8,9 +8,7 @@ #include "hydra-mod.h" #ifndef LIBMCACHED -void dummy_mcached() { - printf("\n"); -} +void dummy_mcached() { printf("\n"); } #else extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -33,9 +31,7 @@ int mcached_send_com_version(int32_t sock) { return 0; } - - -int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; @@ -93,7 +89,7 @@ int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, memcached_free(cache); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { - return 3; + return 3; } return 2; } @@ -109,7 +105,7 @@ int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, return 2; } -void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -127,14 +123,15 @@ void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, return; default: if (!verbose) - hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose " + "option for more details\n"); hydra_child_exit(2); } run = next_run; } } -int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -150,7 +147,7 @@ int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char * if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Can not connect\n"); - return -1; + return -1; } if (mcached_send_com_version(sock)) { @@ -160,16 +157,16 @@ int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char * } if (hydra_data_ready_timed(sock, 0, 1000) > 0) { - buf = hydra_receive_line(sock); - if (strstr(buf, "VERSION ")) { - hydra_report_found_host(port, ip, "memcached", fp); - mcached_send_com_quit(sock); - if (sock >= 0) - sock = hydra_disconnect(sock); - hydra_report(stderr, "[ERROR] Memcached server does not require any authentication\n"); - } - free(buf); - return -1; + buf = hydra_receive_line(sock); + if (strstr(buf, "VERSION ")) { + hydra_report_found_host(port, ip, "memcached", fp); + mcached_send_com_quit(sock); + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_report(stderr, "[ERROR] Memcached server does not require any authentication\n"); + } + free(buf); + return -1; } if (sock >= 0) sock = hydra_disconnect(sock); diff --git a/hydra-mod.c b/hydra-mod.c index f9b1358..65f7725 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1,10 +1,10 @@ #include "hydra-mod.h" #include #ifdef LIBOPENSSL -#include -#include #include +#include #include +#include #endif #ifdef HAVE_PCRE #include @@ -15,17 +15,17 @@ #define HYDRA_DUMP_ROWS 16 /* rfc 1928 SOCKS proxy */ -#define SOCKS_V5 5 -#define SOCKS_V4 4 -#define SOCKS_NOAUTH 0 +#define SOCKS_V5 5 +#define SOCKS_V4 4 +#define SOCKS_NOAUTH 0 /* http://tools.ietf.org/html/rfc1929 */ -#define SOCKS_PASSAUTH 2 -#define SOCKS_NOMETHOD 0xff -#define SOCKS_CONNECT 1 -#define SOCKS_IPV4 1 -#define SOCKS_DOMAIN 3 -#define SOCKS_IPV6 4 +#define SOCKS_PASSAUTH 2 +#define SOCKS_NOMETHOD 0xff +#define SOCKS_CONNECT 1 +#define SOCKS_IPV4 1 +#define SOCKS_DOMAIN 3 +#define SOCKS_IPV6 4 extern int32_t conwait; char quiet; @@ -56,26 +56,29 @@ RSA *rsa = NULL; #endif /* prototype */ -int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec); +int32_t my_select(int32_t fd, fd_set *fdread, fd_set *fdwrite, fd_set *fdex, long sec, long usec); /* ----------------- alarming functions ---------------- */ void alarming() { fail++; alarm_went_off++; -/* uh, I think it's not good for performance if we try to reconnect to a timeout system! - * if (fail > MAX_CONNECT_RETRY) { - */ - //fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int32_t) getpid()); + /* uh, I think it's not good for performance if we try to reconnect to a + * timeout system! if (fail > MAX_CONNECT_RETRY) { + */ + // fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", + // (int32_t) getpid()); if (debug) printf("DEBUG_CONNECT_TIMEOUT\n"); hydra_child_exit(1); -/* - * } else { - * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int32_t)getpid(), fail, MAX_CONNECT_RETRY); - * } - */ + /* + * } else { + * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], + * retrying (%d of %d retries)\n", (int32_t)getpid(), fail, + * MAX_CONNECT_RETRY); + * } + */ } void interrupt() { @@ -96,11 +99,11 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t struct sockaddr_in sin; char *buf, *tmpptr = NULL; int32_t err = 0; - + if (proxy_count > 0 && use_proxy > 0 && selected_proxy == -1) { reset_selected = 1; selected_proxy = random() % proxy_count; - } + } memset(&target, 0, sizeof(target)); memset(&sin, 0, sizeof(sin)); @@ -133,14 +136,14 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t sin.sin_addr.s_addr = INADDR_ANY; } - //we will try to find a free port down to 512 + // we will try to find a free port down to 512 while (!bind_ok && src_port >= 512) { #ifdef AF_INET6 if (ipv6) - ret = bind(s, (struct sockaddr *) &sin6, sizeof(sin6)); + ret = bind(s, (struct sockaddr *)&sin6, sizeof(sin6)); else #endif - ret = bind(s, (struct sockaddr *) &sin, sizeof(sin)); + ret = bind(s, (struct sockaddr *)&sin, sizeof(sin)); if (ret == -1) { if (verbose) @@ -167,7 +170,6 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t } } if (use_proxy > 0 && proxy_count > 0) { - if (proxy_string_ip[selected_proxy][0] == 4) { memcpy(&target.sin_addr.s_addr, &proxy_string_ip[selected_proxy][1], 4); target.sin_family = AF_INET; @@ -214,18 +216,21 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t #endif if (ipv6) - ret = connect(s, (struct sockaddr *) &target6, sizeof(target6)); + ret = connect(s, (struct sockaddr *)&target6, sizeof(target6)); else #endif - ret = connect(s, (struct sockaddr *) &target, sizeof(target)); + ret = connect(s, (struct sockaddr *)&target, sizeof(target)); alarm(0); if (ret < 0 && alarm_went_off == 0) { fail++; - if (verbose ) { + if (verbose) { if (do_retry && fail <= MAX_CONNECT_RETRY) - fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int32_t) getpid(), fail, MAX_CONNECT_RETRY); + fprintf(stderr, + "Process %d: Can not connect [unreachable], retrying (%d " + "of %d retries)\n", + (int32_t)getpid(), fail, MAX_CONNECT_RETRY); else - fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t) getpid()); + fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t)getpid()); } } } while (ret < 0 && fail <= MAX_CONNECT_RETRY && do_retry); @@ -233,10 +238,11 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t if (debug) printf("DEBUG_CONNECT_UNREACHABLE\n"); -/* we wont quit here, thats up to the module to decide what to do - * fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int32_t)getpid()); - * hydra_child_exit(1); - */ + /* we wont quit here, thats up to the module to decide what to do + * fprintf(stderr, "Process %d: Can not connect + * [unreachable], process exiting\n", (int32_t)getpid()); + * hydra_child_exit(1); + */ extern_socket = -1; close(s); ret = -1; @@ -280,7 +286,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t else snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); else if (host[0] == 16) - snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication[selected_proxy]); + snprintf(buf, 4096, + "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic " + "%s\r\n\r\n", + hydra_address2string(host), port, proxy_authentication[selected_proxy]); else snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication[selected_proxy]); @@ -302,10 +311,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); err = 1; } -// free(buf); + // free(buf); } else { if (hydra_strcasestr(proxy_string_type[selected_proxy], "socks5")) { -// char buf[1024]; + // char buf[1024]; size_t cnt, wlen; /* socks v5 support */ @@ -325,19 +334,20 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); err = 1; } - if ((unsigned char) buf[1] == SOCKS_NOMETHOD) { - hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); + if ((unsigned char)buf[1] == SOCKS_NOMETHOD) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method " + "negotiation failed\n"); err = 1; } /* SOCKS_DOMAIN not supported here, do we need it ? */ if (err != 1) { /* send user/pass */ if (proxy_authentication[selected_proxy] != NULL) { - //format was checked previously + // format was checked previously char *login = strtok(proxy_authentication[selected_proxy], ":"); char *pass = strtok(NULL, ":"); - snprintf(buf, 4096, "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + snprintf(buf, 4096, "\x01%c%s%c%s", (char)strlen(login), login, (char)strlen(pass), pass); cnt = hydra_send(s, buf, strlen(buf), 0); if (cnt != strlen(buf)) { @@ -408,15 +418,15 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t hydra_report(stderr, "[ERROR] SOCKS4 proxy does not support IPv6\n"); err = 1; } else { -// char buf[1024]; + // char buf[1024]; size_t cnt, wlen; /* socks v4 support */ buf[0] = SOCKS_V4; - buf[1] = SOCKS_CONNECT; /* connect */ + buf[1] = SOCKS_CONNECT; /* connect */ memcpy(buf + 2, &target.sin_port, sizeof target.sin_port); memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); - buf[8] = 0; /* empty username */ + buf[8] = 0; /* empty username */ wlen = 9; cnt = hydra_send(s, buf, wlen, 0); if (cnt != wlen) { @@ -439,7 +449,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t } } } else { - hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type[selected_proxy]); + hydra_report(stderr, + "[ERROR] Unknown proxy type: %s, valid type are " + "\"connect\", \"socks4\" or \"socks5\"\n", + proxy_string_type[selected_proxy]); err = 1; } } @@ -465,24 +478,24 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t } #if defined(LIBOPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) -RSA *ssl_temp_rsa_cb(SSL * ssl, int32_t export, int32_t keylength) { +RSA *ssl_temp_rsa_cb(SSL *ssl, int32_t export, int32_t keylength) { int32_t nok = 0; #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L BIGNUM *n; if ((n = BN_new()) == NULL) - nok = 1; + nok = 1; RSA_get0_key(rsa, (const struct bignum_st **)&n, NULL, NULL); BN_zero(n); #else if (rsa->n == 0) nok = 1; #endif - if (nok == 0 && RSA_size(rsa)!=(keylength/8)){ // n is not zero -#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L - BN_free(n); + if (nok == 0 && RSA_size(rsa) != (keylength / 8)) { // n is not zero +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + BN_free(n); #endif - RSA_free(rsa); - rsa = NULL; + RSA_free(rsa); + rsa = NULL; } if (nok != 0) { // n is zero #if defined(NO_RSA_LEGACY) || OPENSSL_VERSION_NUMBER >= 0x10100000L @@ -507,8 +520,8 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { if (ssl_first) { SSL_load_error_strings(); -// SSL_add_ssl_algoritms(); - SSL_library_init(); // ? + // SSL_add_ssl_algoritms(); + SSL_library_init(); // ? ssl_first = 0; } @@ -524,11 +537,11 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { } } else { #ifndef TLSv1_2_client_method - #if OPENSSL_VERSION_NUMBER < 0x10100000L - #define TLSv1_2_client_method TLSv1_2_client_method - #else - #define TLSv1_2_client_method TLS_client_method - #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define TLSv1_2_client_method TLSv1_2_client_method +#else +#define TLSv1_2_client_method TLS_client_method +#endif #endif if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { if (verbose) { @@ -540,11 +553,11 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { } /* set the compatbility mode */ SSL_CTX_set_options(sslContext, SSL_OP_ALL); -// SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); -// SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1); + // SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); + // SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1); /* we set the default verifiers and don't care for the results */ - (void) SSL_CTX_set_default_verify_paths(sslContext); + (void)SSL_CTX_set_default_verify_paths(sslContext); #if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb); #endif @@ -567,7 +580,7 @@ int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { SSL_set_fd(ssl, socket); if (SSL_connect(ssl) <= 0) { -// fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl)); + // fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl)); if (verbose) { err = ERR_get_error(); fprintf(stderr, "[VERBOSE] Could not create an SSL session: %s\n", ERR_error_string(err, NULL)); @@ -618,34 +631,34 @@ void hydra_child_exit(int32_t code) { if (debug) printf("[DEBUG] pid %d called child_exit with code %d\n", getpid(), code); - if (code == 0) /* normal quitting */ + if (code == 0) /* normal quitting */ __fck = write(intern_socket, "Q", 1); - else if (code == 1) /* no connect possible */ + else if (code == 1) /* no connect possible */ __fck = write(intern_socket, "C", 1); - else if (code == 2) /* application protocol error or service shutdown */ + else if (code == 2) /* application protocol error or service shutdown */ __fck = write(intern_socket, "E", 1); - // code 3 means exit without telling mommy about it - a bad idea. mommy should know + // code 3 means exit without telling mommy about it - a bad idea. mommy should + // know else if (code == -1 || code > 3) { - fprintf(stderr, "[TOTAL FUCKUP] a module should not use hydra_child_exit(-1) ! Fix it in the source please ...\n"); + fprintf(stderr, "[TOTAL FUCKUP] a module should not use " + "hydra_child_exit(-1) ! Fix it in the source please ...\n"); __fck = write(intern_socket, "E", 1); } do { usleepn(10); } while (read(intern_socket, buf, 1) <= 0); close(intern_socket); -// sleep(2); // be sure that mommy receives our message - exit(0); // might be killed before reaching this + // sleep(2); // be sure that mommy receives our message + exit(0); // might be killed before reaching this } -void hydra_register_socket(int32_t s) { - intern_socket = s; -} +void hydra_register_socket(int32_t s) { intern_socket = s; } char *hydra_get_next_pair() { if (pair[0] == 0) { pair[sizeof(pair) - 1] = 0; __fck = read(intern_socket, pair, sizeof(pair) - 1); - //if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); + // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) return HYDRA_EXIT; if (pair[0] == 0) @@ -697,7 +710,7 @@ void hydra_completed_pair_skip() { /* based on writeError from Medusa project */ -void hydra_report_debug(FILE * st, char *format, ...) { +void hydra_report_debug(FILE *st, char *format, ...) { va_list ap; char buf[8200]; char bufOut[33000]; @@ -716,7 +729,7 @@ void hydra_report_debug(FILE * st, char *format, ...) { // Convert any chars less than 32d or greater than 126d to hex for (i = 0; i < len; i++) { memset(temp, 0, 6); - cTemp = (unsigned char) buf[i]; + cTemp = (unsigned char)buf[i]; if (cTemp < 32 || cTemp > 126) { sprintf(temp, "[%02X]", cTemp); } else @@ -733,96 +746,99 @@ void hydra_report_debug(FILE * st, char *format, ...) { return; } -void hydra_report_found(int32_t port, char *svc, FILE * fp) { -/* - if (!strcmp(svc, "rsh")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login()); - else - fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); - else if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - - if (stdout != fp) { +void hydra_report_found(int32_t port, char *svc, FILE *fp) { + /* if (!strcmp(svc, "rsh")) - printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); - else - printf("[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - } + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", + port, svc, hydra_get_next_login()); else fprintf(fp, "[%d][%s] login: %s\n", + port, svc, hydra_get_next_login()); else if (colored_output) fprintf(fp, + "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: + \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), + hydra_get_next_password()); else fprintf(fp, "[%d][%s] login: %s password: + %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - fflush(fp); -*/ + if (stdout != fp) { + if (!strcmp(svc, "rsh")) + printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); + else + printf("[%d][%s] login: %s password: %s\n", port, svc, + hydra_get_next_login(), hydra_get_next_password()); + } + + fflush(fp); + */ } /* needed for irc module to display the general server password */ -void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp) { -/* - strcpy(ipaddr_str, hydra_address2string(ip)); - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - if (stdout != fp) - printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - fflush(fp); -*/ +void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE *fp) { + /* + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); if (stdout != fp) printf("[%d][%s] host: %s + password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + fflush(fp); + */ } -void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp) { -/* char *keyw = "password"; +void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE *fp) { + /* char *keyw = "password"; - strcpy(ipaddr_str, hydra_address2string(ip)); - if (!strcmp(svc, "smtp-enum")) - keyw = "domain"; - if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); - else - fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); - else if (!strcmp(svc, "snmp3")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - else if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, - hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); - if (stdout != fp) { + strcpy(ipaddr_str, hydra_address2string(ip)); + if (!strcmp(svc, "smtp-enum")) + keyw = "domain"; if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) - printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); - else if (!strcmp(svc, "snmp3")) - printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) - printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, + hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); else if (!strcmp(svc, "cisco-enable") || + !strcmp(svc, "cisco")) if (colored_output) fprintf(fp, + "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); else if (colored_output) fprintf(fp, + "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m + %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, + hydra_get_next_password()); else - printf("[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); - } - fflush(fp); - fflush(stdout); -*/ + fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, + ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); if + (stdout != fp) { if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) + printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, + hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) printf("[%d][%s] + host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) + printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); else printf("[%d][%s] host: %s login: %s %s: + %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, + hydra_get_next_password()); + } + fflush(fp); + fflush(stdout); + */ } -void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg) { -/* - strcpy(ipaddr_str, hydra_address2string(ip)); - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), - hydra_get_next_password(), msg); - else - fprintf(fp, "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); - if (stdout != fp) - printf("[%d][%s] host: %s login: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password()); - fflush(fp); -*/ +void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE *fp, char *msg) { + /* + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: + \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, + hydra_get_next_login(), hydra_get_next_password(), msg); else fprintf(fp, + "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, + ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); if + (stdout != fp) printf("[%d][%s] host: %s login: %s password: %s\n", + port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password()); + fflush(fp); + */ } int32_t hydra_connect_to_ssl(int32_t socket, char *hostname) { @@ -886,9 +902,7 @@ int32_t hydra_data_ready_writing_timed(int32_t socket, long sec, long usec) { return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } -int32_t hydra_data_ready_writing(int32_t socket) { - return (hydra_data_ready_writing_timed(socket, 30, 0)); -} +int32_t hydra_data_ready_writing(int32_t socket) { return (hydra_data_ready_writing_timed(socket, 30, 0)); } int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) { fd_set fds; @@ -898,9 +912,7 @@ int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) { return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } -int32_t hydra_data_ready(int32_t socket) { - return (hydra_data_ready_timed(socket, 0, 100)); -} +int32_t hydra_data_ready(int32_t socket) { return (hydra_data_ready_timed(socket, 0, 100)); } int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) { int32_t ret; @@ -910,7 +922,8 @@ int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) { if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buf, ret, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", + // buf, getpid(), ret); } return ret; } @@ -919,7 +932,7 @@ int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) { int32_t ret = -1; char text[64]; - if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) { + if (hydra_data_ready_timed(socket, (long)waittime, 0) > 0) { if ((ret = internal__hydra_recv(socket, buf, length)) <= 0) { buf[0] = 0; if (debug) { @@ -931,7 +944,8 @@ int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) { if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buf, ret, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", + // buf, getpid(), ret); } } return ret; @@ -949,9 +963,11 @@ char *hydra_receive_line(int32_t socket) { memset(buff, 0, sizeof(buf)); if (debug) - printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid()); + printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, " + "pid: %d\n", + waittime, conwait, socket, getpid()); - if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) { + if ((i = hydra_data_ready_timed(socket, (long)waittime, 0)) > 0) { do { j = internal__hydra_recv(socket, buf, sizeof(buf) - 1); if (j > 0) { @@ -976,22 +992,24 @@ char *hydra_receive_line(int32_t socket) { } } while (hydra_data_ready(socket) > 0 && j > 0 #ifdef LIBOPENSSL - || use_ssl && SSL_pending(ssl) + || use_ssl && SSL_pending(ssl) #endif - ); + ); if (got > 0) { if (debug) { sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buff, got, pid); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", + // getpid(), got, buff); } } else { if (got < 0) { if (debug) { sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid()); - hydra_dump_data((unsigned char*)"", -1, pid); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i); + hydra_dump_data((unsigned char *)"", -1, pid); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", + // getpid(), i); perror("recv"); } } @@ -1002,7 +1020,9 @@ char *hydra_receive_line(int32_t socket) { usleepn(100); } else { if (debug) - printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket); + printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, " + "socket: %d\n", + i, waittime, conwait, socket); } return buff; @@ -1015,22 +1035,23 @@ int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) { sprintf(text, "[DEBUG] SEND [pid:%d]", getpid()); hydra_dump_data(buf, size, text); -/* int32_t k; - char *debugbuf = malloc(size + 1); + /* int32_t k; + char *debugbuf = malloc(size + 1); - if (debugbuf != NULL) { - for (k = 0; k < size; k++) - if (buf[k] == 0) - debugbuf[k] = 32; - else - debugbuf[k] = buf[k]; - debugbuf[size] = 0; - hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", debugbuf, getpid()); - free(debugbuf); - }*/ + if (debugbuf != NULL) { + for (k = 0; k < size; k++) + if (buf[k] == 0) + debugbuf[k] = 32; + else + debugbuf[k] = buf[k]; + debugbuf[size] = 0; + hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", + debugbuf, getpid()); free(debugbuf); + }*/ } -/* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */ + /* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed + * in the future */ return (internal__hydra_send(socket, buf, size, options)); } @@ -1038,7 +1059,7 @@ int32_t make_to_lower(char *buf) { if (buf == NULL) return 1; while (buf[0] != 0) { - buf[0] = tolower((int32_t) buf[0]); + buf[0] = tolower((int32_t)buf[0]); buf++; } return 1; @@ -1046,15 +1067,16 @@ int32_t make_to_lower(char *buf) { char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { int32_t str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; - char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github. + char *c, oldstring[6096], + newstring[6096]; // updated due to issue 192 on github. static char finalstring[6096]; - if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 - || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) + if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) return NULL; if (strlen(string) > 6000) { - hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n"); + hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max " + "limit is 6000 characters.\n"); exit(-1); } @@ -1062,7 +1084,7 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { strcpy(oldstring, string); // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) { - c = (char *) strstr(oldstring, oldpiece); + c = (char *)strstr(oldstring, oldpiece); new_len = strlen(newpiece); old_len = strlen(oldpiece); end = strlen(oldstring) - old_len; @@ -1081,13 +1103,13 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { newstr_index += new_len; str_index += old_len; /* Check for another pattern match */ - if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL) + if ((c = (char *)strstr(oldstring + str_index, oldpiece)) != NULL) oldpiece_index = c - oldstring; } /* Copy remaining characters from the right of last matched pattern */ strcpy(newstring + newstr_index, oldstring + str_index); strcpy(oldstring, newstring); -// } + // } strcpy(finalstring, newstring); return finalstring; } @@ -1110,14 +1132,14 @@ unsigned char hydra_conv64(unsigned char in) { } void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) { - unsigned char small[3] = { 0, 0, 0 }; + unsigned char small[3] = {0, 0, 0}; unsigned char big[5]; unsigned char *ptr = buf; uint32_t i = bufsize; uint32_t len = 0; unsigned char bof[i]; - if (buf == NULL || strlen((char *) buf) == 0 || buflen == 0) + if (buf == NULL || strlen((char *)buf) == 0 || buflen == 0) return; bof[0] = 0; memset(big, 0, sizeof(big)); @@ -1129,12 +1151,12 @@ void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) { big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4)); big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6)); big[3] = hydra_conv64(*(ptr + 2) & 63); - len += strlen((char *) big); + len += strlen((char *)big); if (len > bufsize) { buf[0] = 0; return; } - strcat((char *) bof, (char *) big); + strcat((char *)bof, (char *)big); ptr += 3; } @@ -1152,14 +1174,14 @@ void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) { if (small[1] == 0) big[2] = '='; big[3] = '='; - strcat((char *) bof, (char *) big); + strcat((char *)bof, (char *)big); } - strcpy((char *) buf, (char *) bof); /* can not overflow */ + strcpy((char *)buf, (char *)bof); /* can not overflow */ } void hydra_dump_asciihex(unsigned char *string, int32_t length) { - unsigned char *p = (unsigned char *) string; + unsigned char *p = (unsigned char *)string; unsigned char lastrow_data[16]; int32_t rows = length / HYDRA_DUMP_ROWS; int32_t lastrow = length % HYDRA_DUMP_ROWS; @@ -1217,10 +1239,10 @@ char *hydra_address2string(char *address) { if (address[0] == 4) { memcpy(&target.sin_addr.s_addr, &address[1], 4); - return inet_ntoa((struct in_addr) target.sin_addr); + return inet_ntoa((struct in_addr)target.sin_addr); } else #ifdef AF_INET6 - if (address[0] == 16) { + if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); return ipstring; @@ -1231,7 +1253,7 @@ char *hydra_address2string(char *address) { fprintf(stderr, "[ERROR] unknown address string size!\n"); return NULL; } - return NULL; // not reached + return NULL; // not reached } char *hydra_address2string_beautiful(char *address) { @@ -1240,10 +1262,10 @@ char *hydra_address2string_beautiful(char *address) { if (address[0] == 4) { memcpy(&target.sin_addr.s_addr, &address[1], 4); - return inet_ntoa((struct in_addr) target.sin_addr); + return inet_ntoa((struct in_addr)target.sin_addr); } else #ifdef AF_INET6 - if (address[0] == 16) { + if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); ipstring[0] = '['; inet_ntop(AF_INET6, &target6.sin6_addr, ipstring + 1, sizeof(ipstring) - 1); @@ -1260,12 +1282,10 @@ char *hydra_address2string_beautiful(char *address) { fprintf(stderr, "[ERROR] unknown address string size!\n"); return NULL; } - return NULL; // not reached + return NULL; // not reached } -void hydra_set_srcport(int32_t port) { - src_port = port; -} +void hydra_set_srcport(int32_t port) { src_port = port; } #ifdef HAVE_PCRE int32_t hydra_string_match(char *str, const char *regex) { @@ -1292,9 +1312,9 @@ int32_t hydra_string_match(char *str, const char *regex) { * str_replace.c implements a str_replace PHP like function * Copyright (C) 2009 chantra * - * Create a new string with [substr] being replaced ONCE by [replacement] in [string] - * Returns the new string, or NULL if out of memory. - * The caller is responsible for freeing this new string. + * Create a new string with [substr] being replaced ONCE by [replacement] in + * [string] Returns the new string, or NULL if out of memory. The caller is + * responsible for freeing this new string. * */ char *hydra_string_replace(const char *string, const char *substr, const char *replacement) { @@ -1323,16 +1343,16 @@ char *hydra_strcasestr(const char *haystack, const char *needle) { return NULL; for (; *haystack; ++haystack) { - if (toupper((int32_t) *haystack) == toupper((int32_t) *needle)) { + if (toupper((int32_t)*haystack) == toupper((int32_t)*needle)) { const char *h, *n; for (h = haystack, n = needle; *h && *n; ++h, ++n) { - if (toupper((int32_t) *h) != toupper((int32_t) *n)) { + if (toupper((int32_t)*h) != toupper((int32_t)*n)) { break; } } - if (!*n) { /* matched all of 'needle' to null termination */ - return (char *) haystack; /* return the start of the match */ + if (!*n) { /* matched all of 'needle' to null termination */ + return (char *)haystack; /* return the start of the match */ } } } @@ -1340,7 +1360,7 @@ char *hydra_strcasestr(const char *haystack, const char *needle) { } void hydra_dump_data(unsigned char *buf, int32_t len, char *text) { - unsigned char *p = (unsigned char *) buf; + unsigned char *p = (unsigned char *)buf; unsigned char lastrow_data[16]; int32_t rows = len / 16; int32_t lastrow = len % 16; diff --git a/hydra-mod.h b/hydra-mod.h index 5d613f7..cb9c342 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -4,11 +4,11 @@ #include "hydra.h" #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif extern char quiet; @@ -21,10 +21,10 @@ extern char *hydra_get_next_password(); extern void hydra_completed_pair(); extern void hydra_completed_pair_found(); extern void hydra_completed_pair_skip(); -extern void hydra_report_found(int32_t port, char *svc, FILE * fp); -extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp); -extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp); -extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, char *msg); +extern void hydra_report_found(int32_t port, char *svc, FILE *fp); +extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE *fp); +extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE *fp); +extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE *fp, char *msg); extern void hydra_report_debug(FILE *st, char *format, ...); extern int32_t hydra_connect_to_ssl(int32_t socket, char *hostname); extern int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname); diff --git a/hydra-mongodb.c b/hydra-mongodb.c index f017c4c..5b38a42 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -1,6 +1,6 @@ -//This plugin was written by -//Tested on mongodb-server 1:3.6.3-0ubuntu1 -//MONGODB-CR is been deprecated +// This plugin was written by +// Tested on mongodb-server 1:3.6.3-0ubuntu1 +// MONGODB-CR is been deprecated #ifdef LIBMONGODB #include @@ -9,9 +9,7 @@ #include "hydra-mod.h" #ifndef LIBMONGODB -void dummy_mongodb() { - printf("\n"); -} +void dummy_mongodb() { printf("\n"); } #else extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -31,16 +29,17 @@ int is_error_msg(char *msg) { } int require_auth(int32_t sock) { - unsigned char m_hdr[] = - "\x3f\x00\x00\x00" //messageLength (63) - "\x00\x00\x00\x41" //requestID - "\xff\xff\xff\xff" //responseTo - "\xd4\x07\x00\x00" //opCode (2004 OP_QUERY) - "\x00\x00\x00\x00" //flags - "\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" //fullCollectionName (admin.$cmd) - "\x00\x00\x00\x00" //numberToSkip (0) - "\x01\x00\x00\x00" //numberToReturn (1) - "\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73\x00\x01\x00\x00\x00\x00"; //query ({"listDatabases"=>1}) + unsigned char m_hdr[] = "\x3f\x00\x00\x00" // messageLength (63) + "\x00\x00\x00\x41" // requestID + "\xff\xff\xff\xff" // responseTo + "\xd4\x07\x00\x00" // opCode (2004 OP_QUERY) + "\x00\x00\x00\x00" // flags + "\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" // fullCollectionName + // (admin.$cmd) + "\x00\x00\x00\x00" // numberToSkip (0) + "\x01\x00\x00\x00" // numberToReturn (1) + "\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73" + "\x00\x01\x00\x00\x00\x00"; // query ({"listDatabases"=>1}) if (hydra_send(sock, m_hdr, sizeof(m_hdr), 0) > 0) { if (hydra_data_ready_timed(sock, 0, 1000) > 0) { @@ -51,7 +50,7 @@ int require_auth(int32_t sock) { return 2; } -int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char uri[256]; @@ -70,13 +69,13 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, pass = empty; mongoc_init(); - mongoc_log_set_handler (NULL, NULL); + mongoc_log_set_handler(NULL, NULL); bson_init(&q); - snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s",login, pass, hydra_address2string(ip), miscptr); + snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s", login, pass, hydra_address2string(ip), miscptr); client = mongoc_client_new(uri); if (!client) - return 3; + return 3; mongoc_client_set_appname(client, "hydra"); collection = mongoc_client_get_collection(client, miscptr, "test"); @@ -86,7 +85,7 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, r = mongoc_cursor_error(cursor, &error); if (r) { if (verbose) - hydra_report(stderr, "[ERROR] Can not read document: %s\n", error.message); + hydra_report(stderr, "[ERROR] Can not read document: %s\n", error.message); mongoc_cursor_destroy(cursor); mongoc_collection_destroy(collection); mongoc_client_destroy(client); @@ -96,9 +95,9 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, return 3; } return 2; - } + } } - + mongoc_cursor_destroy(cursor); mongoc_collection_destroy(collection); mongoc_client_destroy(client); @@ -112,9 +111,9 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, return 2; } -void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - + if (!miscptr) { if (verbose) hydra_report(stderr, "[INFO] Using default database \"admin\"\n"); @@ -130,20 +129,21 @@ void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, switch (run) { case 1: next_run = start_mongodb(sock, ip, port, options, miscptr, fp); - break; + break; case 2: hydra_child_exit(0); return; default: if (!verbose) - hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose " + "option for more details\n"); hydra_child_exit(2); } run = next_run; } } -int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -179,6 +179,7 @@ int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char * #endif -void usage_mongodb(const char* service) { - printf("Module mongodb is optionally taking a database name to attack, default is \"admin\"\n\n"); +void usage_mongodb(const char *service) { + printf("Module mongodb is optionally taking a database name to attack, " + "default is \"admin\"\n\n"); } diff --git a/hydra-mssql.c b/hydra-mssql.c index 2f9608b..ee273ca 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -5,47 +5,55 @@ extern char *HYDRA_EXIT; char *buf; -unsigned char p_hdr[] = - "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; -unsigned char p_pk2[] = - "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" - "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" - "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00"; -unsigned char p_pk3[] = - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" - "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00"; -unsigned char p_lng[] = - "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" - "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00"; +unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; +unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" + "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" + "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00"; +unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" + "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" + "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00"; +unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" + "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" + "\x00\x03\x00\x00\x00"; -int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024]; char ms_login[MSLEN + 1]; @@ -81,7 +89,7 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) return 1; - if (hydra_send(s, (char *) p_lng, 71, 0) < 0) + if (hydra_send(s, (char *)p_lng, 71, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); @@ -107,7 +115,7 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; @@ -116,7 +124,7 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -129,18 +137,18 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = start_mssql(sock, ip, port, options, miscptr, fp); hydra_disconnect(sock); break; - case 2: /* clean exit */ + case 2: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -153,13 +161,13 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F } } -int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-mysql.c b/hydra-mysql.c index c33dc88..eae5fd9 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -1,19 +1,16 @@ /* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */ -/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */ +/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, + * adding support for mysql version 5.x */ #include "hydra-mod.h" #ifndef HAVE_MATH_H #include -void dummy_mysql() { - printf("\n"); -} +void dummy_mysql() { printf("\n"); } -void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - printf("\n"); -} +void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { printf("\n"); } #else #include @@ -41,7 +38,8 @@ extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; char mysqlsalt[9]; -/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ +/* modified hydra_receive_line, I've striped code which changed every 0x00 to + * 0x20 */ char *hydra_mysql_receive_line(int32_t socket) { char buf[300], *buff, *buff2; int32_t i = 0, j = 0, buff_size = 300; @@ -51,7 +49,7 @@ char *hydra_mysql_receive_line(int32_t socket) { return NULL; memset(buff, 0, sizeof(buf)); - i = hydra_data_ready_timed(socket, (long) waittime, 0); + i = hydra_data_ready_timed(socket, (long)waittime, 0); if (i > 0) { if ((i = internal__hydra_recv(socket, buff, sizeof(buf))) < 0) { free(buff); @@ -98,7 +96,7 @@ char hydra_mysql_init(int32_t sock) { protocol = buf[4]; if (protocol == 0xff) { pos = &buf[6]; -// *(strchr(pos, '.')) = '\0'; + // *(strchr(pos, '.')) = '\0'; hydra_report(stderr, "[ERROR] %s\n", pos); free(buf); return 2; @@ -108,7 +106,10 @@ char hydra_mysql_init(int32_t sock) { return 2; } if (protocol > 10) { - fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol); + fprintf(stderr, + "[INFO] This is protocol version %d, only v10 is supported, not " + "sure if it will work\n", + protocol); } server_version = &buf[5]; pos = buf + strlen(server_version) + 10; @@ -116,7 +117,8 @@ char hydra_mysql_init(int32_t sock) { if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) { #ifndef LIBMYSQLCLIENT - hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n"); + hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck " + "configure to see if libmysql is found\n"); #endif free(buf); return 2; @@ -130,35 +132,32 @@ char hydra_mysql_init(int32_t sock) { char *hydra_mysql_prepare_auth(char *login, char *pass) { unsigned char *response; unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login); - unsigned long response_len = 4 /* header */ + - 2 /* client flags */ + - 3 /* max packet len */ + - login_len + 1 + 8 /* scrambled password len */ ; + unsigned long response_len = 4 /* header */ + 2 /* client flags */ + 3 /* max packet len */ + login_len + 1 + 8 /* scrambled password len */; - response = (unsigned char *) malloc(response_len + 4); + response = (unsigned char *)malloc(response_len + 4); if (response == NULL) { fprintf(stderr, "[ERROR] could not allocate memory\n"); return NULL; } memset(response, 0, response_len + 4); - *((unsigned long *) response) = response_len - 4; - response[3] = 0x01; /* packet number */ + *((unsigned long *)response) = response_len - 4; + response[3] = 0x01; /* packet number */ response[4] = 0x85; - response[5] = 0x24; /* client flags */ - response[6] = response[7] = response[8] = 0x00; /* max packet */ - memcpy(&response[9], login, login_len); /* login */ - response[9 + login_len] = '\0'; /* null terminate login */ - hydra_scramble((char *) &response[9 + login_len + 1], mysqlsalt, pass); + response[5] = 0x24; /* client flags */ + response[6] = response[7] = response[8] = 0x00; /* max packet */ + memcpy(&response[9], login, login_len); /* login */ + response[9 + login_len] = '\0'; /* null terminate login */ + hydra_scramble((char *)&response[9 + login_len + 1], mysqlsalt, pass); - return (char *) response; + return (char *)response; } /* returns 0 if authentication succeed */ /* and 1 if failed */ char hydra_mysql_parse_response(unsigned char *response) { - unsigned long response_len = *((unsigned long *) response) & 0xffffff; + unsigned long response_len = *((unsigned long *)response) & 0xffffff; if (response_len < 4) return 0; @@ -170,13 +169,13 @@ char hydra_mysql_parse_response(unsigned char *response) { } char hydra_mysql_send_com_quit(int32_t sock) { - char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 }; + char com_quit_packet[5] = {0x01, 0x00, 0x00, 0x00, 0x01}; hydra_send(sock, com_quit_packet, 5, 0); return 0; } -int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *response = NULL, *login = NULL, *pass = NULL; unsigned long response_len; char res = 0; @@ -221,7 +220,8 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, } if (my_errno == 1251) { - hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n"); + hydra_report(stderr, "[ERROR] Client does not support authentication " + "protocol requested by server\n"); } /* @@ -235,8 +235,8 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, */ - //if the error is more critical, we just try to reconnect - //to the db later with the mysql_init + // if the error is more critical, we just try to reconnect + // to the db later with the mysql_init if ((my_errno != 1044) && (my_errno != 1045)) { mysql_close(mysql); mysql = NULL; @@ -264,7 +264,7 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, response = hydra_mysql_prepare_auth(login, pass); if (response == NULL) return 3; - response_len = *((unsigned long *) response) & 0xffffff; + response_len = *((unsigned long *)response) & 0xffffff; /* send client auth packet */ /* dunny why, mysql IO code had problem reading my response. */ @@ -280,7 +280,7 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, /* read authentication response */ if ((response = hydra_mysql_receive_line(sock)) == NULL) return 1; - res = hydra_mysql_parse_response((unsigned char *) response); + res = hydra_mysql_parse_response((unsigned char *)response); if (!res) { hydra_mysql_send_com_quit(sock); @@ -302,7 +302,7 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, return 1; } -void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_MYSQL; @@ -311,12 +311,12 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) { hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); } -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -324,15 +324,16 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F port = myport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_mysql(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); @@ -349,8 +350,6 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F #ifndef LIBMYSQLCLIENT - - #endif /************************************************************************/ @@ -367,9 +366,9 @@ struct hydra_rand_struct { double max_value_dbl; }; -void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ +void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ rand_st->max_value = 0x3FFFFFFFL; - rand_st->max_value_dbl = (double) rand_st->max_value; + rand_st->max_value_dbl = (double)rand_st->max_value; rand_st->seed1 = seed1 % rand_st->max_value; rand_st->seed2 = seed2 % rand_st->max_value; } @@ -377,7 +376,7 @@ void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, un double hydra_rnd(struct hydra_rand_struct *rand_st) { rand_st->seed1 = (rand_st->seed1 * 3 + rand_st->seed2) % rand_st->max_value; rand_st->seed2 = (rand_st->seed1 + rand_st->seed2 + 33) % rand_st->max_value; - return (((double) rand_st->seed1) / rand_st->max_value_dbl); + return (((double)rand_st->seed1) / rand_st->max_value_dbl); } void hydra_hash_password(unsigned long *result, const char *password) { register unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L; @@ -385,14 +384,15 @@ void hydra_hash_password(unsigned long *result, const char *password) { for (; *password; password++) { if (*password == ' ' || *password == '\t') - continue; /* skipp space in password */ - tmp = (unsigned long) (unsigned char) *password; + continue; /* skipp space in password */ + tmp = (unsigned long)(unsigned char)*password; nr ^= (((nr & 63) + add) * tmp) + (nr << 8); nr2 += (nr2 << 8) ^ nr; add += tmp; } - result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ; - result[1] = nr2 & (((unsigned long) 1L << 31) - 1L); + result[0] = nr & (((unsigned long)1L << 31) - 1L); /* Don't use sign bit (str2int) */ + ; + result[1] = nr2 & (((unsigned long)1L << 31) - 1L); return; } @@ -408,8 +408,8 @@ char *hydra_scramble(char *to, const char *message, const char *password) { hydra_hash_password(hash_message, message); hydra_randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]); while (*message++) - *to++ = (char) (floor(hydra_rnd(&rand_st) * 31) + 64); - extra = (char) (floor(hydra_rnd(&rand_st) * 31)); + *to++ = (char)(floor(hydra_rnd(&rand_st) * 31) + 64); + extra = (char)(floor(hydra_rnd(&rand_st) * 31)); while (to_start != to) *(to_start++) ^= extra; } @@ -418,13 +418,13 @@ char *hydra_scramble(char *to, const char *message, const char *password) { } #endif -int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -432,6 +432,7 @@ int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *mi return 0; } -void usage_mysql(const char* service) { - printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); +void usage_mysql(const char *service) { + printf("Module mysql is optionally taking the database to attack, default is " + "\"mysql\"\n\n"); } diff --git a/hydra-ncp.c b/hydra-ncp.c index 5c68d13..edbdfaa 100644 --- a/hydra-ncp.c +++ b/hydra-ncp.c @@ -1,28 +1,25 @@ /* * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com * Tested on Netware 6.5 - * + * * you need to install libncp and libncp-dev (tested with version 2.2.6-3) - * + * * you can passed full context as OPT * * example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx * */ - #include "hydra-mod.h" #ifndef LIBNCP -void dummy_ncp() { - printf("\n"); -} +void dummy_ncp() { printf("\n"); } #else -#include -#include -#include #include +#include +#include +#include extern char *HYDRA_EXIT; extern int32_t child_head_no; @@ -33,11 +30,10 @@ typedef struct __NCP_DATA { char *context; } _NCP_DATA; -//uncomment line below to see more trace stack +// uncomment line below to see more trace stack //#define NCP_DEBUG -int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - +int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *login; char *pass; char context[256]; @@ -47,13 +43,11 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char _NCP_DATA *session; - session = malloc(sizeof(_NCP_DATA)); memset(session, 0, sizeof(_NCP_DATA)); login = empty; pass = empty; - if (strlen(login = hydra_get_next_login()) == 0) { login = empty; } else { @@ -71,8 +65,8 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char } } - //login and password are case insensitive - //str_upper(login); + // login and password are case insensitive + // str_upper(login); if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; @@ -91,27 +85,27 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char memset(session->spec.password, 0, sizeof(session->spec.password)); memcpy(session->spec.password, pass, strlen(pass) + 1); - //str_upper(session->spec.password); + // str_upper(session->spec.password); ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password); switch (ncp_lib_error_code & 0x0000FFFF) { - case 0x0000: /* Success */ + case 0x0000: /* Success */ #ifdef NCP_DEBUG printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); #endif ncp_close(session->conn); - hydra_report_found_host(port, ip, "ncp", fp); //ok + hydra_report_found_host(port, ip, "ncp", fp); // ok hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 3; //exit + return 3; // exit free(session); - return 2; //next + return 2; // next break; - case 0x89DE: /* PASSWORD INVALID */ - case 0x89F0: /* BIND WILDCARD INVALID */ - case 0x89FF: /* NO OBJ OR BAD PASSWORD */ - case 0xFD63: /* FAILED_AUTHENTICATION */ - case 0xFDA7: /* NO_SUCH_ENTRY */ + case 0x89DE: /* PASSWORD INVALID */ + case 0x89F0: /* BIND WILDCARD INVALID */ + case 0x89FF: /* NO OBJ OR BAD PASSWORD */ + case 0xFD63: /* FAILED_AUTHENTICATION */ + case 0xFDA7: /* NO_SUCH_ENTRY */ #ifdef NCP_DEBUG printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); #endif @@ -119,7 +113,7 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { free(session); - return 2; //next + return 2; // next } break; default: @@ -131,10 +125,10 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char break; } free(session); - return 1; //reconnect + return 1; // reconnect } -void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_NCP; @@ -144,7 +138,7 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if (port != 0) @@ -152,14 +146,15 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL sock = hydra_connect_tcp(ip, myport); port = myport; if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_ncp(sock, ip, port, options, miscptr, fp); break; @@ -183,13 +178,13 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL #endif -int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -197,6 +192,7 @@ int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_ncp(const char* service) { - printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); +void usage_ncp(const char *service) { + printf("Module ncp is optionally taking the full context, for example " + "\".O=cx\"\n\n"); } diff --git a/hydra-nntp.c b/hydra-nntp.c index f6b7f35..c3622c2 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -25,7 +25,7 @@ char *nntp_read_server_capacity(int32_t sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { - if (isdigit((int32_t) buf[0]) && buf[3] == ' ') + if (isdigit((int32_t)buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') @@ -38,7 +38,7 @@ char *nntp_read_server_capacity(int32_t sock) { if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; - if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ') + if (isdigit((int32_t)*ptr) && *(ptr + 3) == ' ') resp = 1; } } @@ -47,7 +47,7 @@ char *nntp_read_server_capacity(int32_t sock) { return buf; } -int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500], *fooptr; int32_t i = 1; @@ -79,7 +79,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha } free(buf); strcpy(buffer2, login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -94,7 +94,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha } free(buf); strcpy(buffer2, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); break; case AUTH_PLAIN: @@ -120,128 +120,123 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha break; #ifdef LIBOPENSSL - case AUTH_CRAMMD5:{ - int32_t rc = 0; - char *preplogin; + case AUTH_CRAMMD5: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } - - sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (buf == NULL || strstr(buf, "383") == NULL) { - hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); - - sprintf(buffer, "%s %.250s", preplogin, buffer2); - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); - free(preplogin); + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", buffer); - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); + sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; + // get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + free(preplogin); + } break; + + case AUTH_DIGESTMD5: { + sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); + if (fooptr == NULL) + return 3; + + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //send auth and receive challenge - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } - //recover challenge - from64tobits((char *) buf1, buf + 4); - free(buf); - - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "%s\r\n", (char *) buf1); + // send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *)buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; - - default:{ - sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - buf = hydra_receive_line(s); - if (buf == NULL) - return 1; - if (buf[0] != '3') { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); - free(buf); - return (3); - } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); free(buf); - sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); + return 3; } - break; + // recover challenge + from64tobits((char *)buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, "%s\r\n", (char *)buf1); + } break; + + default: { + sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (buf[0] != '3') { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); + free(buf); + return (3); + } + free(buf); + sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); + } break; } - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } @@ -266,7 +261,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 2; } -void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t i = 0, run = 1, next_run = 1, sock = -1; int32_t myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; char *buffer1 = "CAPABILITIES\r\n"; @@ -276,10 +271,10 @@ void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -293,12 +288,12 @@ void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } -// usleepn(300); + // usleepn(300); buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (buf == NULL || buf[0] != '2') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); hydra_child_exit(2); @@ -352,10 +347,10 @@ void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } #endif -/* -AUTHINFO USER SASL -SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 -*/ + /* + AUTHINFO USER SASL + SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 + */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "SASL\\s.*NTLM")) { @@ -405,7 +400,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strncmp(miscptr, "USER", 4) == 0) nntp_auth_mechanism = AUTH_CLEAR; @@ -426,7 +421,6 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 if (strncmp(miscptr, "NTLM", 4) == 0) nntp_auth_mechanism = AUTH_NTLM; - } if (verbose) { switch (nntp_auth_mechanism) { @@ -456,10 +450,10 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_nntp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -472,13 +466,13 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 } } -int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -486,6 +480,7 @@ int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_nntp(const char* service) { - printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); +void usage_nntp(const char *service) { + printf("Module nntp is optionally taking one authentication type of:\n" + " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); } diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index 4f32997..e6b77ec 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -13,9 +13,7 @@ at http://marcellmajor.com/frame_listenerhash.html #include "hydra-mod.h" #ifndef LIBOPENSSL #include -void dummy_oracle_listener() { - printf("\n"); -} +void dummy_oracle_listener() { printf("\n"); } #else #include "sasl.h" #include @@ -31,7 +29,7 @@ int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) { int32_t i = strlen(p_str); char *buff; - //expand the string with zero so that length is a multiple of 4 + // expand the string with zero so that length is a multiple of 4 while ((i % 4) != 0) { i = i + 1; } @@ -44,14 +42,14 @@ int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) { memset(buff, 0, i + 4); strcpy(buff, p_str); - //swap the order of every byte pair + // swap the order of every byte pair for (k = 0; k < i; k += 2) { char bck = buff[k + 1]; buff[k + 1] = buff[k]; buff[k] = bck; } - //convert to unicode + // convert to unicode if ((*result = malloc(2 * i)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); free(buff); @@ -75,7 +73,7 @@ int32_t ora_hash(unsigned char **orahash, unsigned char *buf, int32_t len) { } for (i = 0; i < 8; i++) { - sprintf(((char *) *orahash) + i * 2, "%02X", buf[len - 8 + i]); + sprintf(((char *)*orahash) + i * 2, "%02X", buf[len - 8 + i]); } return 0; } @@ -106,8 +104,8 @@ int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) { int32_t i = 0; char lastkey[8]; DES_key_schedule ks1; - unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; - unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + unsigned char key1[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}; + unsigned char ivec1[] = {0, 0, 0, 0, 0, 0, 0, 0}; unsigned char *desresult; memset(ivec1, 0, sizeof(ivec1)); @@ -115,14 +113,14 @@ int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } - DES_key_sched((const_DES_cblock *) key1, &ks1); + DES_key_sched((const_DES_cblock *)key1, &ks1); DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); for (i = 0; i < 8; i++) { lastkey[i] = desresult[siz - 8 + i]; } - DES_key_sched((const_DES_cblock *) lastkey, &ks1); + DES_key_sched((const_DES_cblock *)lastkey, &ks1); memset(desresult, 0, siz); memset(ivec1, 0, sizeof(ivec1)); DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); @@ -146,7 +144,7 @@ int32_t ora_hash_password(char *pass) { memset(buff, 0, sizeof(buff)); - //concatenate Arb string and convert the resulting string to uppercase + // concatenate Arb string and convert the resulting string to uppercase snprintf(buff, sizeof(buff), "Arb%s", pass); strupper(buff); @@ -179,13 +177,11 @@ int32_t ora_hash_password(char *pass) { return 0; } -int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - unsigned char tns_packet_begin[22] = { - "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" - }; - unsigned char tns_packet_end[32] = { - "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" - }; +int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e" + "\x00\x00\x01\x00"}; + unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"}; char *empty = ""; char *pass; @@ -210,9 +206,12 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o free(hash); return 1; } - pass = (char *) hash; + pass = (char *)hash; } - snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass); + snprintf(connect_string, sizeof(connect_string), + "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(" + "PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", + pass); if (hash != NULL) free(hash); @@ -226,7 +225,7 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o } else { buffer2[1] = siz; } - memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + memcpy(buffer2 + 2, (char *)tns_packet_begin, sizeof(tns_packet_begin)); siz = strlen(connect_string); if (siz > 255) { buffer2[2 + sizeof(tns_packet_begin)] = 1; @@ -234,7 +233,7 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o } else { buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; } - memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *)tns_packet_end, sizeof(tns_packet_end)); memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { return 1; @@ -257,7 +256,7 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o return 1; } -void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; @@ -283,10 +282,10 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char * while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -300,13 +299,13 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char * } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } /* run the cracking function */ next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -324,13 +323,13 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char * } } -int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -338,8 +337,9 @@ int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options return 0; } -void usage_oracle_listener(const char* service) { - printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); +void usage_oracle_listener(const char *service) { + printf("Module oracle-listener / tns is optionally taking the mode the " + "password is stored as, could be PLAIN (default) or CLEAR\n\n"); } #endif diff --git a/hydra-oracle-sid.c b/hydra-oracle-sid.c index 7570379..c2db73a 100644 --- a/hydra-oracle-sid.c +++ b/hydra-oracle-sid.c @@ -11,9 +11,7 @@ find a big list on the Internet #include "hydra-mod.h" #ifndef LIBOPENSSL #include -void dummy_oracle_sid() { - printf("\n"); -} +void dummy_oracle_sid() { printf("\n"); } #else #include #define HASHSIZE 16 @@ -22,19 +20,16 @@ extern char *HYDRA_EXIT; char *buf; unsigned char *hash; - -int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { /* PP is the packet length XX is the length of connect data PP + tns_packet_begin + XX + tns_packet_end */ - unsigned char tns_packet_begin[22] = { - "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" - }; - unsigned char tns_packet_end[32] = { - "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" - }; + unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e" + "\x00\x00\x01\x00"}; + unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"}; char *empty = ""; char *login; char connect_string[200]; @@ -47,8 +42,10 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option if (strlen(login = hydra_get_next_login()) == 0) login = empty; - snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login, - hydra_address2string(ip), port); + snprintf(connect_string, sizeof(connect_string), + "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(" + "USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", + login, hydra_address2string(ip), port); siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); if (siz > 255) { buffer2[0] = 1; @@ -56,7 +53,7 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option } else { buffer2[1] = siz; } - memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + memcpy(buffer2 + 2, (char *)tns_packet_begin, sizeof(tns_packet_begin)); siz = strlen(connect_string); if (siz > 255) { buffer2[2 + sizeof(tns_packet_begin)] = 1; @@ -64,7 +61,7 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option } else { buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; } - memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *)tns_packet_end, sizeof(tns_packet_end)); memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { return 1; @@ -72,7 +69,8 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option if ((buf = hydra_receive_line(s)) == NULL) return 1; - //if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse + // if no error reported. it should be a resend packet type 00 08 00 00 0b 00 + // 00 00, 4 is refuse if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) { hydra_report_found_host(port, ip, "oracle-sid", fp); hydra_completed_pair_found(); @@ -85,7 +83,7 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option return 1; } -void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; @@ -94,10 +92,10 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -110,13 +108,13 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } /* run the cracking function */ next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -134,13 +132,13 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp } } -int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-oracle.c b/hydra-oracle.c index e598401..e132b81 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -4,8 +4,8 @@ david: code is based on SNORT spo_database.c tested with : -instantclient_10_2 on Oracle 10.2.0 --instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip -on Oracle 9i and on Oracle 11g +-instantclient-basic-linux.*-11.2.0.3.0.zip + +instantclient-sdk-linux.*-11.2.0.3.0.zip on Oracle 9i and on Oracle 11g */ @@ -13,9 +13,7 @@ on Oracle 9i and on Oracle 11g #ifndef LIBORACLE -void dummy_oracle() { - printf("\n"); -} +void dummy_oracle() { printf("\n"); } #else @@ -40,7 +38,7 @@ void print_oracle_error(char *err) { } } -int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[200], sid[100]; @@ -55,14 +53,17 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c /* - To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries. - The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name]. - With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name]. - Service names can be found by running the Oracle utility lsnrctl status on the database server machine. + To use the Easy Connect naming method, PHP must be linked with Oracle 10g + or greater Client libraries. The Easy Connect string for Oracle 10g is of + the form: [//]host_name[:port][/service_name]. With Oracle 11g, the syntax + is: [//]host_name[:port][/service_name][:server_type][/instance_name]. + Service names can be found by running the Oracle utility lsnrctl status on + the database server machine. - The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin - and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web - daemon has read access to the file. + The tnsnames.ora file can be in the Oracle Net search path, which includes + $ORACLE_HOME/network/admin and /etc. Alternatively set TNS_ADMIN so that + $TNS_ADMIN/tnsnames.ora is read. Make sure the web daemon has read access + to the file. */ @@ -78,26 +79,28 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c print_oracle_error("OCIEnvInit 2"); return 4; } - if (OCIHandleAlloc(o_environment, (dvoid **) & o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL)) { + if (OCIHandleAlloc(o_environment, (dvoid **)&o_error, OCI_HTYPE_ERROR, (size_t)0, NULL)) { print_oracle_error("OCIHandleAlloc"); return 4; } - if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *) login, strlen(login), (const OraText *) pass, strlen(pass), (const OraText *) buffer, strlen(buffer))) { + if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *)login, strlen(login), (const OraText *)pass, strlen(pass), (const OraText *)buffer, strlen(buffer))) { OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); - //database: oracle_error: ORA-01017: invalid username/password; logon denied - //database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor - //database: oracle_error: ORA-28000: the account is locked - //Failed login attempts is set to 10 by default + // database: oracle_error: ORA-01017: invalid username/password; logon + // denied database: oracle_error: ORA-12514: TNS:listener does not currently + // know of service requested in connect descriptor database: oracle_error: + // ORA-28000: the account is locked Failed login attempts is set to 10 by + // default if (verbose) { hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg); } - if (strstr((const char *) o_errormsg, "ORA-12514") != NULL) { - hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n"); + if (strstr((const char *)o_errormsg, "ORA-12514") != NULL) { + hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to " + "enumerate them.\n"); hydra_completed_pair(); return 3; } - if (strstr((const char *) o_errormsg, "ORA-28000") != NULL) { + if (strstr((const char *)o_errormsg, "ORA-28000") != NULL) { hydra_report(stderr, "[INFO] ORACLE account %s is locked.\n", login); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -106,15 +109,14 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c } if (o_error) { - OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); + OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR); } hydra_completed_pair(); - //by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening, - //as we don't care, we are deleting the file - //set these parameters to not generate the file - //LOG_DIRECTORY_CLIENT = /dev/null - //LOG_FILE_CLIENT = /dev/null + // by default, set in sqlnet.ora, the trace file is generated in pwd to log + // any errors happening, as we don't care, we are deleting the file set + // these parameters to not generate the file LOG_DIRECTORY_CLIENT = + // /dev/null LOG_FILE_CLIENT = /dev/null if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; @@ -122,7 +124,7 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c } else { OCILogoff(o_servicecontext, o_error); if (o_error) { - OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); + OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR); } hydra_report_found_host(port, ip, "oracle", fp); hydra_completed_pair_found(); @@ -132,7 +134,7 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } -void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_ORACLE; @@ -141,14 +143,14 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, return; if ((miscptr == NULL) || (strlen(miscptr) == 0)) { - //SID is required as miscptr + // SID is required as miscptr hydra_report(stderr, "[ERROR] Oracle SID is required, using ORCL as default\n"); miscptr = "ORCL"; } while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if (port != 0) @@ -158,7 +160,7 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; @@ -167,7 +169,7 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, next_run = start_oracle(sock, ip, port, options, miscptr, fp); hydra_child_exit(0); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); unlink("sqlnet.log"); @@ -183,13 +185,13 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, #endif -int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -197,6 +199,7 @@ int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *m return 0; } -void usage_oracle(const char* service) { - printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); +void usage_oracle(const char *service) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is " + "\"ORCL\"\n\n"); } diff --git a/hydra-pcanywhere.c b/hydra-pcanywhere.c index 483e6fd..ea450e1 100644 --- a/hydra-pcanywhere.c +++ b/hydra-pcanywhere.c @@ -1,6 +1,6 @@ -//This plugin was written by +// This plugin was written by // -//PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5 +// PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5 // // no memleaks found on 110425 @@ -71,7 +71,6 @@ void pca_encrypt(char *cleartxt) { passwd[strlen(passwd)] = '\0'; strcpy(cleartxt, passwd); } - } void pca_decrypt(char *password) { @@ -92,7 +91,7 @@ void debugprintf(char *msg) { printf("debug: %s\n", msg); } -int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char buffer[2048] = ""; @@ -119,7 +118,6 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option server[3] = "Enter login name"; server[4] = "denying connection"; - if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -158,13 +156,15 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option if (i == 0 || i == 3) clean_buffer(buffer, ret); - if (debug) show_buffer(buffer, ret); + if (debug) + show_buffer(buffer, ret); if (i == 2) { clean_buffer(buffer, ret); buffer[sizeof(buffer) - 1] = 0; if (strstr(buffer, server[i + 2]) != NULL) { - fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n"); + fprintf(stderr, "[ERROR] PC Anywhere host denying connection because " + "you have requested a lower encrypt level\n"); return 3; } } @@ -224,7 +224,7 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option return 1; } -void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; @@ -233,9 +233,8 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); usleepn(275); @@ -251,7 +250,8 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -278,13 +278,13 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp } } -int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-pcnfs.c b/hydra-pcnfs.c index dc9e41a..3f9a963 100644 --- a/hydra-pcnfs.c +++ b/hydra-pcnfs.c @@ -5,11 +5,11 @@ extern char *HYDRA_EXIT; char *buf; -#define LEN_HDR_RPC 24 -#define LEN_AUTH_UNIX 72+12 +#define LEN_HDR_RPC 24 +#define LEN_AUTH_UNIX 72 + 12 /* RPC common hdr */ -struct rpc_hdr { /* 24 */ +struct rpc_hdr { /* 24 */ unsigned long xid; unsigned long type_msg; unsigned long version_rpc; @@ -29,11 +29,11 @@ struct pr_auth_args { char comments[255]; }; -#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args) +#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args) /* Lets start ... */ -int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH]; char *ptr, *pkt = buffer; @@ -51,22 +51,24 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch memset(pkt, 0, sizeof(buffer)); - rpch = (struct rpc_hdr *) (pkt); - authp = (unsigned long *) (pkt + LEN_HDR_RPC); - prh = (struct pr_auth_args *) (pkt + LEN_HDR_RPC + LEN_AUTH_UNIX); + rpch = (struct rpc_hdr *)(pkt); + authp = (unsigned long *)(pkt + LEN_HDR_RPC); + prh = (struct pr_auth_args *)(pkt + LEN_HDR_RPC + LEN_AUTH_UNIX); rpch->xid = htonl(0x32544843); rpch->type_msg = htonl(0); rpch->version_rpc = htonl(2); rpch->prog_id = htonl(150001); rpch->prog_ver = htonl(2); - rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */ + rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */ prh->len_clnt = htonl(63); prh->len_id = htonl(31); prh->len_passwd = htonl(63); prh->len_comments = htonl(254); - strcpy(prh->comments, " Hydra - THC password cracker - visit https://github.com/vanhauser-thc/thc-hydra - use only allowed for legal purposes "); + strcpy(prh->comments, " Hydra - THC password cracker - visit " + "https://github.com/vanhauser-thc/thc-hydra - use only " + "allowed for legal purposes "); strcpy(prh->name, "localhost"); ptr = prh->id; @@ -82,16 +84,16 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch } *ptr = 0; - gettimeofday(&tv, (struct timezone *) NULL); - *(authp) = htonl(1); /* auth unix */ - *(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */ - *(++authp) = htonl(tv.tv_sec); /* local time */ - *(++authp) = htonl(9); /* length host */ - strcpy((char *) ++authp, "localhost"); /* hostname */ - authp += (3); /* len(host)%4 */ - *(authp) = htonl(0); /* uid root */ - *(++authp) = htonl(0); /* gid root */ - *(++authp) = htonl(9); /* 9 gid grps */ + gettimeofday(&tv, (struct timezone *)NULL); + *(authp) = htonl(1); /* auth unix */ + *(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */ + *(++authp) = htonl(tv.tv_sec); /* local time */ + *(++authp) = htonl(9); /* length host */ + strcpy((char *)++authp, "localhost"); /* hostname */ + authp += (3); /* len(host)%4 */ + *(authp) = htonl(0); /* uid root */ + *(++authp) = htonl(0); /* gid root */ + *(++authp) = htonl(9); /* 9 gid grps */ /* group root, bin, daemon, sys, adm, disk, wheel, floppy, "user gid" */ *(++authp) = htonl(0); *(++authp) = htonl(1); @@ -113,7 +115,7 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -/* analyze the output */ + /* analyze the output */ if (buf[2] != 'g' || buf[5] != 32) { fprintf(stderr, "[ERROR] RPC answer status : bad proc/version/auth\n"); free(buf); @@ -136,7 +138,7 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -155,22 +157,23 @@ void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, F while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((sock = hydra_connect_udp(ip, port)) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((sock = hydra_connect_udp(ip, port)) < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); } - case 2: /* run the cracking function */ + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_pcnfs(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -183,13 +186,13 @@ void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, F } } -int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-pop3.c b/hydra-pop3.c index 91d9c48..78f29bc 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -1,12 +1,12 @@ #include "hydra-mod.h" #include "sasl.h" -//openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110 +// openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110 typedef struct pool_str { char ip[36]; - /* int32_t port;*/// not needed + /* int32_t port;*/ // not needed int32_t pop3_auth_mechanism; int32_t disable_tls; struct pool_str *next; @@ -18,7 +18,7 @@ char apop_challenge[300] = ""; pool *plist = NULL, *p = NULL; /* functions */ -int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); pool *list_create(pool data) { pool *p; @@ -27,7 +27,7 @@ pool *list_create(pool data) { return NULL; memcpy(p->ip, data.ip, 36); - //p->port = data.port; + // p->port = data.port; p->pop3_auth_mechanism = data.pop3_auth_mechanism; p->disable_tls = data.disable_tls; p->next = NULL; @@ -40,7 +40,7 @@ pool *list_insert(pool data) { newnode = list_create(data); newnode->next = plist; - plist = newnode->next; // to be sure! + plist = newnode->next; // to be sure! return newnode; } @@ -59,7 +59,7 @@ pool *list_find(char *ip) { /* how to know when to release the mem ? -> well, after _start has determined which pool number it is */ -int32_t list_remove(pool * node) { +int32_t list_remove(pool *node) { pool *save, *list = plist; int32_t ok = -1; @@ -88,18 +88,18 @@ char *pop3_read_server_capacity(int32_t sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { + /* + exchange capa: -/* -exchange capa: + +OK + UIDL + STLS -+OK -UIDL -STLS - -*/ + */ if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') { resp = 1; - /* we got the capability info then get the completed warning info from server */ + /* we got the capability info then get the completed warning info from + * server */ while (hydra_data_ready(sock)) { free(buf); buf = hydra_receive_line(sock); @@ -117,7 +117,7 @@ STLS return buf; } -int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500], *fooptr; @@ -134,235 +134,226 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (p->pop3_auth_mechanism) { #ifdef LIBOPENSSL - case AUTH_APOP:{ - MD5_CTX c; - unsigned char md5_raw[MD5_DIGEST_LENGTH]; - int32_t i; - char *pbuffer = buffer2; + case AUTH_APOP: { + MD5_CTX c; + unsigned char md5_raw[MD5_DIGEST_LENGTH]; + int32_t i; + char *pbuffer = buffer2; - MD5_Init(&c); - MD5_Update(&c, apop_challenge, strlen(apop_challenge)); - MD5_Update(&c, pass, strlen(pass)); - MD5_Final(md5_raw, &c); + MD5_Init(&c); + MD5_Update(&c, apop_challenge, strlen(apop_challenge)); + MD5_Update(&c, pass, strlen(pass)); + MD5_Final(md5_raw, &c); - for (i = 0; i < MD5_DIGEST_LENGTH; i++) { - sprintf(pbuffer, "%02x", md5_raw[i]); - pbuffer += 2; - } - sprintf(buffer, "APOP %s %s\r\n", login, buffer2); + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", md5_raw[i]); + pbuffer += 2; } - break; + sprintf(buffer, "APOP %s %s\r\n", login, buffer2); + } break; #endif - case AUTH_LOGIN:{ - sprintf(buffer, "AUTH LOGIN\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); - free(buf); - return 3; - } - free(buf); - strcpy(buffer2, login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - - sprintf(buffer, "%.250s\r\n", buffer2); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); - free(buf); - return 3; - } - free(buf); - strcpy(buffer2, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%.250s\r\n", buffer2); + case AUTH_LOGIN: { + sprintf(buffer, "AUTH LOGIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; - - case AUTH_PLAIN:{ - sprintf(buffer, "AUTH PLAIN\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf); - free(buf); - return 3; - } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); free(buf); - - memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); + return 3; } - break; + free(buf); + strcpy(buffer2, login); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.250s\r\n", buffer2); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, pass); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + } break; + + case AUTH_PLAIN: { + sprintf(buffer, "AUTH PLAIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + } break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: case AUTH_CRAMSHA1: - case AUTH_CRAMSHA256:{ - int32_t rc = 0; - char *preplogin; + case AUTH_CRAMSHA256: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "AUTH CRAM-SHA1\r\n"); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "AUTH CRAM-SHA256\r\n"); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + // get the one-time BASE64 encoded challenge + + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { switch (p->pop3_auth_mechanism) { case AUTH_CRAMMD5: - sprintf(buffer, "AUTH CRAM-MD5\r\n"); + hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf); break; case AUTH_CRAMSHA1: - sprintf(buffer, "AUTH CRAM-SHA1\r\n"); + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf); break; case AUTH_CRAMSHA256: - sprintf(buffer, "AUTH CRAM-SHA256\r\n"); + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf); break; } - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - switch (p->pop3_auth_mechanism) { - case AUTH_CRAMMD5: - hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA1: - hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA256: - hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf); - break; - } - free(buf); - return 3; - } - - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 2); free(buf); - - memset(buffer2, 0, sizeof(buffer2)); - - switch (p->pop3_auth_mechanism) { - case AUTH_CRAMMD5:{ - sasl_cram_md5(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA1:{ - sasl_cram_sha1(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA256:{ - sasl_cram_sha256(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - } - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); - free(preplogin); + return 3; } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 2); + free(buf); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf); + memset(buffer2, 0, sizeof(buffer2)); + + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: { + sasl_cram_md5(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA1: { + sasl_cram_sha1(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA256: { + sasl_cram_sha256(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + } + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + free(preplogin); + } break; + + case AUTH_DIGESTMD5: { + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf); free(buf); - - if (debug) - hydra_report(stderr, "[DEBUG] S: %s\n", buffer); - - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - - if (debug) - hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); + return 3; } - break; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf); + free(buf); + + if (debug) + hydra_report(stderr, "[DEBUG] S: %s\n", buffer); + + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); + if (fooptr == NULL) + return 3; + + if (debug) + hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //Send auth request - sprintf(buffer, "AUTH NTLM\r\n"); + // Send auth request + sprintf(buffer, "AUTH NTLM\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf); free(buf); - //send auth and receive challenge - //send auth request: lst the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6) - return 4; - - //recover challenge - from64tobits((char *) buf1, buf + 2); - free(buf); - - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); + return 3; } - break; + free(buf); + // send auth and receive challenge + // send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6) + return 4; + + // recover challenge + from64tobits((char *)buf1, buf + 2); + free(buf); + + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } break; default: sprintf(buffer, "USER %.250s\r\n", login); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -413,11 +404,11 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha return 2; } -void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; char *ptr = NULL; - //extract data from the pool, ip is the key + // extract data from the pool, ip is the key if (plist == NULL) if (service_pop3_init(ip, sp, options, miscptr, fp, port, hostname) != 0) hydra_child_exit(2); @@ -433,10 +424,9 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; - while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); @@ -448,11 +438,11 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (buf == NULL || buf[0] != '+') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); hydra_child_exit(2); @@ -470,11 +460,13 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI #ifdef LIBOPENSSL if (!p->disable_tls) { - /* check for STARTTLS, if available we may have access to more basic auth methods */ + /* check for STARTTLS, if available we may have access to more basic + * auth methods */ hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); buf = hydra_receive_line(sock); if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock, hostname) == -1)) { @@ -491,15 +483,15 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_pop3(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -512,8 +504,7 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } - -int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t myport = PORT_POP3, mysslport = PORT_POP3_SSL; char *ptr = NULL; int32_t sock = -1; @@ -537,11 +528,11 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t)getpid()); return -1; } buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (buf == NULL || buf[0] != '+') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); return -1; @@ -575,7 +566,7 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis int32_t i; for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { p.disable_tls = 0; @@ -584,13 +575,15 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis #ifdef LIBOPENSSL if (!p.disable_tls) { - /* check for STARTTLS, if available we may have access to more basic auth methods */ + /* check for STARTTLS, if available we may have access to more basic auth + * methods */ if (strstr(buf, "STLS") != NULL) { hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); free(buf); buf = hydra_receive_line(sock); if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock, hostname) == -1)) { @@ -616,16 +609,16 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis } } } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not " + "supported by the server\n"); } #endif if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) { - //we don't care if the server is not receiving the quit msg + // we don't care if the server is not receiving the quit msg } hydra_disconnect(sock); - if (verbose) hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); @@ -648,7 +641,8 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis which are supported. */ - /* which mean threre will *always* have a space before the LOGIN auth keyword */ + /* which mean threre will *always* have a space before the LOGIN auth keyword + */ if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { p.pop3_auth_mechanism = AUTH_NTLM; } @@ -688,12 +682,10 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis #else p.pop3_auth_mechanism = AUTH_CLEAR; #endif - } free(buf); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - if (strstr(miscptr, "CLEAR")) p.pop3_auth_mechanism = AUTH_CLEAR; @@ -722,7 +714,6 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis if (strstr(miscptr, "NTLM")) p.pop3_auth_mechanism = AUTH_NTLM; - } if (verbose) { @@ -765,7 +756,6 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis case AUTH_NTLM: hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n"); break; - } } @@ -777,8 +767,11 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_pop3(const char* service) { +void usage_pop3(const char *service) { printf("Module pop3 is optionally taking one authentication type of:\n" " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" + "Additionally TLS encryption via STLS can be enforced with the TLS " + "option.\n\n" + "Example: pop3://target/TLS:PLAIN\n"); } diff --git a/hydra-postgres.c b/hydra-postgres.c index 0be1363..7f958f7 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -1,26 +1,24 @@ /* - * PostgresSQL Support - by Diaul (at) devilopers.org + * PostgresSQL Support - by Diaul (at) devilopers.org + * * - * * 110425 no obvious memleaks found */ #include "hydra-mod.h" #ifndef LIBPOSTGRES -void dummy_postgres() { - printf("\n"); -} +void dummy_postgres() { printf("\n"); } #else -#include "libpq-fe.h" // Postgres connection functions +#include "libpq-fe.h" // Postgres connection functions #include #define DEFAULT_DB "template1" extern char *HYDRA_EXIT; -int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char database[256]; @@ -42,7 +40,6 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, * Building the connection string */ - snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass); if (verbose) @@ -65,7 +62,7 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, return 1; } -void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; @@ -74,12 +71,11 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(275); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -92,14 +88,15 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_postgres(sock, ip, port, options, miscptr, fp); break; @@ -118,13 +115,13 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr #endif -int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -132,6 +129,7 @@ int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char return 0; } -void usage_postgres(const char* service) { - printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); +void usage_postgres(const char *service) { + printf("Module postgres is optionally taking the database to attack, default " + "is \"template1\"\n\n"); } diff --git a/hydra-radmin2.c b/hydra-radmin2.c index e72c838..8c417d3 100644 --- a/hydra-radmin2.c +++ b/hydra-radmin2.c @@ -7,42 +7,42 @@ extern char *HYDRA_EXIT; -//RAdmin 2.x +// RAdmin 2.x struct rmessage { - uint8_t magic; //Indicates version, probably? - uint32_t length; //Total message size of data. - uint32_t checksum; //Checksum from type to end of data. - uint8_t type; //Command type, table below. - unsigned char data[32]; //data to be sent. + uint8_t magic; // Indicates version, probably? + uint32_t length; // Total message size of data. + uint32_t checksum; // Checksum from type to end of data. + uint8_t type; // Command type, table below. + unsigned char data[32]; // data to be sent. }; /* * Usage: sum = checksum(message); - * Function: Returns a 4 byte little endian sum of the messages typecode+data. This data is zero padded for alignment. - * Example message (big endian): - * [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)]) - * Sum: is 0f43d461 (big endian) + * Function: Returns a 4 byte little endian sum of the messages typecode+data. + * This data is zero padded for alignment. Example message (big endian): + * [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9 + * 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)]) Sum: is 0f43d461 (big endian) */ uint32_t checksum(struct rmessage *msg) { int32_t blen; uint8_t *stream; uint32_t sum; - blen = msg->length; //Get the real length. + blen = msg->length; // Get the real length. blen += (4 - (blen % 4)); - //Allocate a worksapce. + // Allocate a worksapce. stream = calloc(blen, sizeof(uint8_t)); memcpy(stream, &msg->type, sizeof(uint8_t)); - memcpy(stream+1, msg->data, blen-1); + memcpy(stream + 1, msg->data, blen - 1); sum = 0; - for(blen -= sizeof(uint32_t); blen > 0; blen -= sizeof(uint32_t)) { + for (blen -= sizeof(uint32_t); blen > 0; blen -= sizeof(uint32_t)) { sum += *(uint32_t *)(stream + blen); } sum += *(uint32_t *)stream; - //Free the workspace. + // Free the workspace. free(stream); return sum; @@ -50,7 +50,8 @@ uint32_t checksum(struct rmessage *msg) { /* * Usage: challenge_request(message); - * Function: Modifies message to reflect a request for a challenge. Updates the checksum as appropriate. + * Function: Modifies message to reflect a request for a challenge. Updates the + * checksum as appropriate. */ void challenge_request(struct rmessage *msg) { msg->magic = 0x01; @@ -61,7 +62,8 @@ void challenge_request(struct rmessage *msg) { /* * Usage: challenge_request(message); - * Function: Modifies message to reflect a response to a challenge. Updates the checksum as appropriate. + * Function: Modifies message to reflect a response to a challenge. Updates the + * checksum as appropriate. */ void challenge_response(struct rmessage *msg, unsigned char *solution) { msg->magic = 0x01; @@ -72,46 +74,47 @@ void challenge_response(struct rmessage *msg, unsigned char *solution) { } /* - * Usage: buffer = message2buffer(message); send(buffer, message->length + 10); free(buffer) - * Function: Allocates a buffer for transmission and fills the buffer with message data such that it is ready to transmit. + * Usage: buffer = message2buffer(message); send(buffer, message->length + 10); + * free(buffer) Function: Allocates a buffer for transmission and fills the + * buffer with message data such that it is ready to transmit. */ -//TODO: conver to a sendMessage() function? +// TODO: conver to a sendMessage() function? char *message2buffer(struct rmessage *msg) { char *data; - if(msg == NULL) { + if (msg == NULL) { hydra_report(stderr, "rmessage is null\n"); hydra_child_exit(0); return NULL; } - switch(msg->type) { - case 0x1b: //Challenge request - data = (char *)calloc (10, sizeof(char)); - if(data == NULL) { - hydra_report(stderr, "calloc failure\n"); - hydra_child_exit(0); - } - memcpy(data, &msg->magic, sizeof(char)); - *((int32_t *)(data+1)) = htonl(msg->length); - *((int32_t *)(data+5)) = htonl(msg->checksum); - memcpy((data+9), &msg->type, sizeof(char)); - break; - case 0x09: - data = (char *)calloc (42, sizeof(char)); - if(data == NULL) { - hydra_report(stderr, "calloc failure\n"); - hydra_child_exit(0); - } - memcpy(data, &msg->magic, sizeof(char)); - *((int32_t *)(data+1)) = htonl(msg->length); - *((int32_t *)(data+5)) = htonl(msg->checksum); - memcpy((data+9), &msg->type, sizeof(char)); - memcpy((data+10), msg->data, sizeof(char) * 32); - break; - default: - hydra_report(stderr, "unknown rmessage type\n"); + switch (msg->type) { + case 0x1b: // Challenge request + data = (char *)calloc(10, sizeof(char)); + if (data == NULL) { + hydra_report(stderr, "calloc failure\n"); hydra_child_exit(0); - return NULL; + } + memcpy(data, &msg->magic, sizeof(char)); + *((int32_t *)(data + 1)) = htonl(msg->length); + *((int32_t *)(data + 5)) = htonl(msg->checksum); + memcpy((data + 9), &msg->type, sizeof(char)); + break; + case 0x09: + data = (char *)calloc(42, sizeof(char)); + if (data == NULL) { + hydra_report(stderr, "calloc failure\n"); + hydra_child_exit(0); + } + memcpy(data, &msg->magic, sizeof(char)); + *((int32_t *)(data + 1)) = htonl(msg->length); + *((int32_t *)(data + 5)) = htonl(msg->checksum); + memcpy((data + 9), &msg->type, sizeof(char)); + memcpy((data + 10), msg->data, sizeof(char) * 32); + break; + default: + hydra_report(stderr, "unknown rmessage type\n"); + hydra_child_exit(0); + return NULL; } return data; } @@ -119,12 +122,12 @@ char *message2buffer(struct rmessage *msg) { struct rmessage *buffer2message(char *buffer) { struct rmessage *msg; msg = calloc(1, sizeof(struct rmessage)); - if(msg == NULL) { + if (msg == NULL) { hydra_report(stderr, "calloc failure\n"); hydra_child_exit(0); } - //Start parsing... + // Start parsing... msg->magic = buffer[0]; buffer += sizeof(char); msg->length = ntohl(*((uint32_t *)(buffer))); @@ -134,41 +137,38 @@ struct rmessage *buffer2message(char *buffer) { msg->type = buffer[0]; buffer += sizeof(char); - //Verify known fields... - if(msg->magic != 0x01) { + // Verify known fields... + if (msg->magic != 0x01) { hydra_report(stderr, "Bad magic\n"); hydra_child_exit(0); return NULL; } - switch(msg->type) { - case 0x1b: - if(msg->length != 0x21) { - hydra_report(stderr, "Bad length...%08x\n", msg->length); - hydra_child_exit(0); - return NULL; - } - memcpy(msg->data, buffer, 32); - break; - case 0x0a: - //Win! - case 0x0b: - //Lose! - break; - default: - hydra_report(stderr, "unknown rmessage type"); + switch (msg->type) { + case 0x1b: + if (msg->length != 0x21) { + hydra_report(stderr, "Bad length...%08x\n", msg->length); hydra_child_exit(0); return NULL; + } + memcpy(msg->data, buffer, 32); + break; + case 0x0a: + // Win! + case 0x0b: + // Lose! + break; + default: + hydra_report(stderr, "unknown rmessage type"); + hydra_child_exit(0); + return NULL; } return msg; } +int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { return 0; } -int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - return 0; -} - -void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { #ifdef HAVE_GCRYPT int32_t sock = -1; int32_t index; @@ -185,7 +185,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, gcry_cipher_hd_t cipher; gcry_md_hd_t md; - if(port != 0) { + if (port != 0) { myport = port; } @@ -193,14 +193,13 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, memset(buffer, 0x00, sizeof(buffer)); - //Phone the mother ship + // Phone the mother ship hydra_register_socket(sp); - if( memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { return; } - while(1) { - + while (1) { /* Typical conversation goes as follows... 0) connect to server 1) request challenge @@ -210,7 +209,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, */ // 0) Connect to the server sock = hydra_connect_tcp(ip, myport); - if(sock < 0) { + if (sock < 0) { hydra_report(stderr, "Error: Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -220,140 +219,164 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, challenge_request(msg); request = message2buffer(msg); hydra_send(sock, request, 10, 0); - free(msg); + free(msg); free(request); - //2) receive response (working) + // 2) receive response (working) index = 0; - while(index < 42) { //We're always expecting back a 42 byte buffer from a challenge request. - switch(hydra_data_ready(sock)) { - case -1: - hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + while (index < 42) { // We're always expecting back a 42 byte buffer from a + // challenge request. + switch (hydra_data_ready(sock)) { + case -1: + hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + hydra_child_exit(1); + break; + case 0: + // keep waiting... + break; + default: + bytecount = hydra_recv(sock, buffer + index, 42 - index); + if (bytecount < 0) { + hydra_report(stderr, + "Error: Child with pid %d terminating, receive " + "error\nerror:\t%s\n", + (int32_t)getpid(), strerror(errno)); hydra_child_exit(1); - break; - case 0: - //keep waiting... - break; - default: - bytecount = hydra_recv(sock, buffer+index, 42 - index); - if(bytecount < 0) { - hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); - hydra_child_exit(1); - } - index += bytecount; + } + index += bytecount; } } - //3) Send challenge solution. + // 3) Send challenge solution. - // Get a password to work with. - memset(password, 0x00, sizeof(password)); - memset(encrypted, 0x00, sizeof(encrypted)); + // Get a password to work with. + memset(password, 0x00, sizeof(password)); + memset(encrypted, 0x00, sizeof(encrypted)); hydra_get_next_pair(); - strncpy(password, hydra_get_next_password(), sizeof(password)-1); + strncpy(password, hydra_get_next_password(), sizeof(password) - 1); - //MD5 the password to generate the password key, this is used with twofish below. + // MD5 the password to generate the password key, this is used with twofish + // below. err = gcry_md_open(&md, GCRY_MD_MD5, 0); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_md_open error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_md_open error " + "(%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } gcry_md_reset(md); gcry_md_write(md, password, 100); - if(gcry_md_read(md, 0) == NULL) { + if (gcry_md_read(md, 0) == NULL) { hydra_report(stderr, "Error: Child with pid %d terminating, gcry_md_read error (%08x)\n", (int32_t)getpid(), index); hydra_child_exit(1); } memcpy(rawkey, gcry_md_read(md, 0), 16); gcry_md_close(md); - //3.a) generate a new message from the buffer + // 3.a) generate a new message from the buffer msg = buffer2message(buffer); - //3.b) encrypt data received using pkey & known IV - err= gcry_cipher_open(&cipher, GCRY_CIPHER_TWOFISH128, GCRY_CIPHER_MODE_CBC, 0); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_open error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + // 3.b) encrypt data received using pkey & known IV + err = gcry_cipher_open(&cipher, GCRY_CIPHER_TWOFISH128, GCRY_CIPHER_MODE_CBC, 0); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_open " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } err = gcry_cipher_setiv(cipher, IV, 16); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_setiv error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_setiv " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } err = gcry_cipher_setkey(cipher, rawkey, 16); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_setkey error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_setkey " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } err = gcry_cipher_encrypt(cipher, encrypted, 32, msg->data, 32); - if(err) { - hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_encrypt error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_encrypt " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); hydra_child_exit(1); } gcry_cipher_close(cipher); - //3.c) half sum - this is the solution to the challenge. - for(index=0; index < 16; index++) { - *(encrypted+index) += *(encrypted+index+16); + // 3.c) half sum - this is the solution to the challenge. + for (index = 0; index < 16; index++) { + *(encrypted + index) += *(encrypted + index + 16); } - memset((encrypted+16), 0x00, 16); + memset((encrypted + 16), 0x00, 16); - //3.d) send half sum + // 3.d) send half sum challenge_response(msg, encrypted); request = message2buffer(msg); hydra_send(sock, request, 42, 0); free(msg); free(request); - //4) receive auth success/failure + // 4) receive auth success/failure index = 0; - while(index < 10) { //We're always expecting back a 42 byte buffer from a challenge request. - switch(hydra_data_ready(sock)) { - case -1: - hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + while (index < 10) { // We're always expecting back a 42 byte buffer from a + // challenge request. + switch (hydra_data_ready(sock)) { + case -1: + hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + hydra_child_exit(1); + break; + case 0: + // keep waiting... + break; + default: + bytecount = hydra_recv(sock, buffer + index, 10 - index); + if (bytecount < 0) { + hydra_report(stderr, + "Error: Child with pid %d terminating, receive " + "error\nerror:\t%s\n", + (int32_t)getpid(), strerror(errno)); hydra_child_exit(1); - break; - case 0: - //keep waiting... - break; - default: - bytecount = hydra_recv(sock, buffer+index, 10 - index); - if(bytecount < 0) { - hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); - hydra_child_exit(1); - } - index += bytecount; + } + index += bytecount; } } msg = buffer2message(buffer); - switch(msg->type) { - case 0x0a: - hydra_completed_pair_found(); - break; - case 0x0b: - hydra_completed_pair(); - hydra_disconnect(sock); - break; - default: - hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid()); - hydra_child_exit(2); + switch (msg->type) { + case 0x0a: + hydra_completed_pair_found(); + break; + case 0x0b: + hydra_completed_pair(); + hydra_disconnect(sock); + break; + default: + hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid()); + hydra_child_exit(2); } } #endif } -int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rdp.c b/hydra-rdp.c index 9b15fed..bd333ce 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -1,6 +1,6 @@ /* This module is using freerdp2 lib - + Tested on: - Windows 7 pro SP1 - Windows 10 pro build 1809 @@ -11,13 +11,11 @@ extern char *HYDRA_EXIT; #ifndef LIBFREERDP2 -void dummy_rdp() { - printf("\n"); -} +void dummy_rdp() { printf("\n"); } #else #include -freerdp * instance = 0; +freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; @@ -34,7 +32,7 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa } /* Client program */ -int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char server[64]; @@ -56,39 +54,44 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, } login_result = rdp_connect(server, port, domain, login, pass); - switch(login_result){ - case 0: - // login success - hydra_report_found_host(port, ip, "rdp", fp); - hydra_completed_pair_found(); - break; - case 0x00020009: - case 0x00020014: - case 0x00020015: - // login failure - hydra_completed_pair(); - break; - case 0x0002000d: - hydra_report(stderr, "[%d][rdp] account on %s might be valid but account not active for remote desktop: login: %s password: %s, continuing attacking the account.\n", port, hydra_address2string_beautiful(ip), login, pass); - hydra_completed_pair(); - break; - case 0x00020006: - case 0x00020008: - case 0x0002000c: - // cannot establish rdp connection, either the port is not opened or it's not rdp - return 3; - default: - if (verbose) { - hydra_report(stderr, "[ERROR] freerdp: %s (0x%.8x)\n", freerdp_get_last_error_string(login_result), login_result); - } - return login_result; + switch (login_result) { + case 0: + // login success + hydra_report_found_host(port, ip, "rdp", fp); + hydra_completed_pair_found(); + break; + case 0x00020009: + case 0x00020014: + case 0x00020015: + // login failure + hydra_completed_pair(); + break; + case 0x0002000d: + hydra_report(stderr, + "[%d][rdp] account on %s might be valid but account not " + "active for remote desktop: login: %s password: %s, " + "continuing attacking the account.\n", + port, hydra_address2string_beautiful(ip), login, pass); + hydra_completed_pair(); + break; + case 0x00020006: + case 0x00020008: + case 0x0002000c: + // cannot establish rdp connection, either the port is not opened or it's + // not rdp + return 3; + default: + if (verbose) { + hydra_report(stderr, "[ERROR] freerdp: %s (0x%.8x)\n", freerdp_get_last_error_string(login_result), login_result); + } + return login_result; } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } -void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1; int32_t myport = PORT_RDP; @@ -101,15 +104,15 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL while (1) { next_run = 0; switch (run) { - case 1: /* run the cracking function */ + case 1: /* run the cracking function */ next_run = start_rdp(ip, myport, options, miscptr, fp); break; - case 2: /* clean exit */ + case 2: /* clean exit */ freerdp_disconnect(instance); freerdp_free(instance); hydra_child_exit(0); return; - case 3: /* connection error case */ + case 3: /* connection error case */ hydra_report(stderr, "[ERROR] freerdp: %s\n", "The connection failed to establish."); freerdp_free(instance); hydra_child_exit(1); @@ -121,20 +124,20 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here // Disable freerdp output - wLog* root = WLog_GetRoot(); - WLog_SetStringLogLevel(root, "OFF"); + wLog *root = WLog_GetRoot(); + WLog_SetStringLogLevel(root, "OFF"); // Init freerdp instance instance = freerdp_new(); @@ -145,7 +148,9 @@ int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_rdp(const char* service) { - printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); +void usage_rdp(const char *service) { + printf("Module rdp is optionally taking the windows domain name.\n" + "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p " + "doe\n\n"); } #endif diff --git a/hydra-redis.c b/hydra-redis.c index c230453..179007c 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *pass, buffer[510]; char *empty = ""; @@ -51,7 +51,7 @@ int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, int32_t tls) { +void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; @@ -61,7 +61,7 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -77,21 +77,21 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } usleepn(250); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_redis(sock, ip, port, options, miscptr, fp); break; - case 3: /* error exit */ + case 3: /* error exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); break; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -104,32 +104,32 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp } } -void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { - service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0); -} +void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0); } -/* -* Initial password authentication test and response test for the redis server, -* added by Petar Kaleychev -* The service_redis_init function is generating ping request as redis-cli (command line interface). -* You can use redis-cli to connect with Redis. After start of the redis-server in another terminal the following: -* % ./redis-cli -* redis> ping -* when the server does not require password, leads to: -* PONG -* when the server requires password, leads to: -* (error) NOAUTH Authentication required. -* or -* (error) ERR operation not permitted (for older redis versions) -* That is used for initial password authentication and redis server response tests in service_redis_init -*/ -int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +/* + * Initial password authentication test and response test for the redis server, + * added by Petar Kaleychev + * The service_redis_init function is generating ping request as redis-cli + * (command line interface). You can use redis-cli to connect with Redis. After + * start of the redis-server in another terminal the following: % ./redis-cli + * redis> ping + * when the server does not require password, leads to: + * PONG + * when the server requires password, leads to: + * (error) NOAUTH Authentication required. + * or + * (error) ERR operation not permitted (for older redis versions) + * That is used for initial password authentication and redis server response + * tests in service_redis_init + */ +int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // return codes: // 0 - when the server is redis and it requires password - // n - when the server is not redis or when the server does not require password + // n - when the server is not redis or when the server does not require + // password int32_t sock = -1; int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; @@ -148,7 +148,8 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi port = mysslport; } if (verbose) - printf("[VERBOSE] Initial redis password authentication test and response test ...\n"); + printf("[VERBOSE] Initial redis password authentication test and response " + "test ...\n"); if (sock < 0) { hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport); return 3; @@ -156,10 +157,10 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi // generating ping request as redis-cli if (debug) printf("[DEBUG] buffer = %s\n", buffer); - // [debug mode]: buffer is: - // *1 - // $4 - // ping + // [debug mode]: buffer is: + // *1 + // $4 + // ping if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { return 2; } diff --git a/hydra-rexec.c b/hydra-rexec.c index 4783bcc..3571527 100644 --- a/hydra-rexec.c +++ b/hydra-rexec.c @@ -6,7 +6,7 @@ extern char *HYDRA_EXIT; -int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; int32_t ret; @@ -44,7 +44,7 @@ int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; @@ -54,33 +54,33 @@ void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, F while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_rexec(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -88,19 +88,18 @@ void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, F default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); - } run = next_run; } } -int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rlogin.c b/hydra-rlogin.c index 36556b5..f9dc694 100644 --- a/hydra-rlogin.c +++ b/hydra-rlogin.c @@ -8,12 +8,11 @@ client have to use port from 512 -> 1023 or server is denying the connection no memleaks found on 110425 */ - #define TERM "vt100/9600" extern char *HYDRA_EXIT; -int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; int32_t ret; @@ -78,7 +77,8 @@ int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, c hydra_completed_pair(); } } else { - /* if password is asked a second time, it means the pass we provided is wrong */ + /* if password is asked a second time, it means the pass we provided is + * wrong */ hydra_completed_pair(); } @@ -87,7 +87,7 @@ int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } -void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; @@ -98,35 +98,35 @@ void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - /* 512 -> 1023 */ - hydra_set_srcport(1023); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + /* 512 -> 1023 */ + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_rlogin(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -139,13 +139,13 @@ void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rpcap.c b/hydra-rpcap.c index ff15956..700d0cc 100644 --- a/hydra-rpcap.c +++ b/hydra-rpcap.c @@ -6,7 +6,7 @@ extern char *HYDRA_EXIT; char *buf; -int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024]; @@ -21,7 +21,8 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch char bfr4[] = " "; bfr4[0] = strlen(login) + strlen(pass) + 8; char bfr5[] = "\x00"; - char bfr6[] = "\x01"; // x01 - when a password is required, x00 - when no need of password + char bfr6[] = "\x01"; // x01 - when a password is required, x00 - when no need + // of password char bfr7[] = "\x00\x00\x00"; char bfr8[] = " "; bfr8[0] = strlen(login); @@ -57,13 +58,12 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch return 3; return 1; } -/* - if (strstr(buf, "Logon failure") == NULL) { - hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n", buf); - free(buf); - return 4; - } -*/ + /* + if (strstr(buf, "Logon failure") == NULL) { + hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n", + buf); free(buf); return 4; + } + */ free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -72,7 +72,7 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch return 2; } -void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL; @@ -81,10 +81,10 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); - //usleep(300000); + // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -99,15 +99,15 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_rpcap(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -120,7 +120,7 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F } } -int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, performed once only. // return codes: // 0 - rpcap with authentication diff --git a/hydra-rsh.c b/hydra-rsh.c index 0ec7b2a..6bb3cac 100644 --- a/hydra-rsh.c +++ b/hydra-rsh.c @@ -12,7 +12,7 @@ no memleaks found on 110425 extern char *HYDRA_EXIT; -int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, buffer[300] = "", buffer2[100], *bptr = buffer2; int32_t ret; @@ -39,8 +39,8 @@ int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) buffer[ret] = 0; else /* 0x00 is sent but hydra_recv transformed it */ - if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) - buffer[ret] = 0; + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) + buffer[ret] = 0; #ifdef HAVE_PCRE if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { #else @@ -57,7 +57,7 @@ int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } -void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_RSH, mysslport = PORT_RSH_SSL; @@ -68,34 +68,34 @@ void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - hydra_set_srcport(1023); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleepn(275); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_rsh(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -108,13 +108,13 @@ void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 018f432..5eb4166 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -6,17 +6,16 @@ // // -#include #include "hydra-mod.h" -#include #include "sasl.h" +#include +#include extern char *HYDRA_EXIT; char packet[500]; char packet2[500]; int32_t is_Unauthorized(char *s) { - if (strstr(s, "401 Unauthorized") != NULL) { return 1; } else { @@ -25,7 +24,6 @@ int32_t is_Unauthorized(char *s) { } int32_t is_NotFound(char *s) { - if (strstr(s, "404 Stream Not Found") != NULL) { return 1; } else { @@ -34,7 +32,6 @@ int32_t is_NotFound(char *s) { } int32_t is_Authorized(char *s) { - if (strstr(s, "200 OK") != NULL) { return 1; } else { @@ -43,7 +40,6 @@ int32_t is_Authorized(char *s) { } int32_t use_Basic_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Basic") != NULL) { return 1; } else { @@ -52,7 +48,6 @@ int32_t use_Basic_Auth(char *s) { } int32_t use_Digest_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Digest") != NULL) { return 1; } else { @@ -60,8 +55,6 @@ int32_t use_Digest_Auth(char *s) { } } - - void create_core_packet(int32_t control, char *ip, int32_t port) { char *target = hydra_address2string(ip); @@ -75,7 +68,7 @@ void create_core_packet(int32_t control, char *ip, int32_t port) { } } } -int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1030], buffer2[500]; char *lresp; @@ -109,22 +102,19 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } return 1; } else { - create_core_packet(1, ip, port); if (use_Basic_Auth(lresp) == 1) { - free(lresp); sprintf(buffer2, "%.249s:%.249s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2); if (debug) { hydra_report(stderr, "C:%s\n", buffer); } - } - else { + } else { if (use_Digest_Auth(lresp) == 1) { char *dbuf = NULL; char aux[500] = ""; @@ -136,7 +126,8 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); #else - hydra_report(stderr, "[ERROR] Digest auth required but compiled without OpenSSL/MD5 support\n"); + hydra_report(stderr, "[ERROR] Digest auth required but compiled " + "without OpenSSL/MD5 support\n"); return 3; #endif @@ -163,7 +154,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha lresp = NULL; lresp = hydra_receive_line(s); - + if (lresp == NULL) { hydra_report(stderr, "[ERROR] no server reply\n"); return 1; @@ -177,7 +168,6 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 3; } return 1; - } free(lresp); hydra_completed_pair(); @@ -186,13 +176,13 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; -//not rechead + // not rechead return 2; } -void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - int32_t myport = PORT_RTSP/*, mysslport = PORT_RTSP_SSL*/; + int32_t myport = PORT_RTSP /*, mysslport = PORT_RTSP_SSL*/; hydra_register_socket(sp); @@ -200,9 +190,8 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -215,16 +204,16 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_rtsp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -238,7 +227,7 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. diff --git a/hydra-s7-300.c b/hydra-s7-300.c index 31b11aa..9f7f3a3 100644 --- a/hydra-s7-300.c +++ b/hydra-s7-300.c @@ -1,4 +1,5 @@ -// submitted by Alexander Timorin and Sergey Gordeychik +// submitted by Alexander Timorin and Sergey +// Gordeychik #include "hydra-mod.h" @@ -6,16 +7,24 @@ extern char *HYDRA_EXIT; -unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a"; +unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" + "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" + "\x01\x0a"; -unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0"; +unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" + "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" + "\x01\x00\x01\x01\xe0"; -unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04"; +unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" + "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" + "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" + "\x32\x00\x04"; -unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; +unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" + "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" + "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; - -int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[1024]; char context[S7PASSLEN + 1]; @@ -45,7 +54,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c } // send p_cotp and check first 2 bytes of answer - if (hydra_send(s, (char *) p_cotp, 22, 0) < 0) + if (hydra_send(s, (char *)p_cotp, 22, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); @@ -57,7 +66,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c return 3; // send p_s7_negotiate_pdu and check first 2 bytes of answer - if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0) + if (hydra_send(s, (char *)p_s7_negotiate_pdu, 25, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); @@ -69,7 +78,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c return 3; // send p_s7_read_szl and check first 2 bytes of answer - if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0) + if (hydra_send(s, (char *)p_s7_read_szl, 33, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); @@ -108,7 +117,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c } if (buffer[27] == '\xd6' && buffer[28] == '\x05') { - //hydra_report_found_host(port, ip, "s7-300", fp); + // hydra_report_found_host(port, ip, "s7-300", fp); hydra_completed_pair_found(); hydra_report(stderr, "[INFO] No password protection enabled\n"); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -124,7 +133,7 @@ int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } -void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t s7port = PORT_S7_300; @@ -136,21 +145,21 @@ void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ sock = hydra_connect_tcp(ip, s7port); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp); sock = hydra_disconnect(sock); break; - case 2: /* clean exit */ + case 2: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -163,13 +172,13 @@ void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // 1 skip target without generating an error @@ -211,7 +220,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m } // send p_cotp and check first 2 bytes of answer - if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) { + if (hydra_send(sock, (char *)p_cotp, 22, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service\n"); return 3; } @@ -226,7 +235,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m return 3; } // send p_s7_negotiate_pdu and check first 2 bytes of answer - if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) { + if (hydra_send(sock, (char *)p_s7_negotiate_pdu, 25, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (2)\n"); return 3; } @@ -241,7 +250,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m return 3; } // send p_s7_read_szl and check first 2 bytes of answer - if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) { + if (hydra_send(sock, (char *)p_s7_read_szl, 33, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (3)\n"); return 3; } @@ -276,7 +285,8 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m // 0xd602 - wrong password if (ret > 30) { if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) { - hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n"); + hydra_report(stderr, "[INFO] No password protection enabled, no password " + "tests are necessary!\n"); return 1; } } @@ -286,6 +296,7 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m return 0; } -void usage_s7_300(const char* service) { - printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); +void usage_s7_300(const char *service) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a " + "password or no authentication, so just use the -p or -P option.\n\n"); } diff --git a/hydra-sapr3.c b/hydra-sapr3.c index c3b729d..26024da 100644 --- a/hydra-sapr3.c +++ b/hydra-sapr3.c @@ -1,25 +1,23 @@ #include "hydra-mod.h" // checked for memleaks on 110425, none found #ifndef LIBSAPR3 -void dummy_sapr3() { - printf("\n"); -} +void dummy_sapr3() { printf("\n"); } #else -#include #include +#include /* temporary workaround fix */ const int32_t *__ctype_tolower; const int32_t *__ctype_toupper; const int32_t *__ctype_b; -extern void flood(); /* for -lm */ +extern void flood(); /* for -lm */ extern char *HYDRA_EXIT; RFC_ERROR_INFO_EX error_info; -int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { RFC_HANDLE handle; char *empty = ""; char *login, *pass, buffer[1024]; @@ -28,7 +26,8 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch int32_t sysnr = port % 100; char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0"; -// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y"; + // char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y + // ABAP_DEBUG=Y"; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -37,36 +36,37 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch if (strlen(login) > 0) for (i = 0; i < strlen(login); i++) - login[i] = (char) toupper(login[i]); + login[i] = (char)toupper(login[i]); if (strlen(pass) > 0) for (i = 0; i < strlen(pass); i++) - pass[i] = (char) toupper(pass[i]); + pass[i] = (char)toupper(pass[i]); memset(buffer, 0, sizeof(buffer)); memset(&error_info, 0, sizeof(error_info)); -//strcpy(buf, "mvse001"); + // strcpy(buf, "mvse001"); snprintf(buffer, sizeof(buffer), "ASHOST=%s SYSNR=%02d CLIENT=%03d USER=\"%s\" PASSWD=\"%s\" LANG=DE %s", hydra_address2string(ip), sysnr, atoi(miscptr), login, pass, opts); -/* - USER=SAPCPIC PASSWORD=admin - USER=SAP* PASSWORD=PASS + /* + USER=SAPCPIC PASSWORD=admin + USER=SAP* PASSWORD=PASS - ## do we need these options? - SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N + ## do we need these options? + SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N - ASHOST= // IP - SYSNR= // port - 3200, scale 2 - CLIENT= // miscptr, scale 2 - ABAP_DEBUG=0 - USER= - PASSWD= - LANG=DE -*/ -//printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); + ASHOST= // IP + SYSNR= // port - 3200, scale 2 + CLIENT= // miscptr, scale 2 + ABAP_DEBUG=0 + USER= + PASSWD= + LANG=DE + */ + // printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); handle = RfcOpenEx(buffer, &error_info); -//printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message); + // printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, + // error_info.message); if (handle <= RFC_HANDLE_NULL) return 3; @@ -89,7 +89,7 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -97,12 +97,12 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_sapr3(sock, ip, port, options, miscptr, fp); break; case 2: hydra_child_exit(0); - case 3: /* clean exit */ + case 3: /* clean exit */ fprintf(stderr, "[ERROR] could not connect to target port %d\n", port); hydra_child_exit(1); case 4: @@ -117,13 +117,13 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F #endif -int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -131,6 +131,4 @@ int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *mi return 0; } -void usage_sapr3(const char* service) { - printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); -} +void usage_sapr3(const char *service) { printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); } diff --git a/hydra-sip.c b/hydra-sip.c index 22de26c..eab654e 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -1,4 +1,4 @@ -/* simple sip digest auth (md5) module 2009/02/19 +/* simple sip digest auth (md5) module 2009/02/19 * written by gh0st 2005 * modified by Jean-Baptiste Aviat - should * work now, but only with -T 1 @@ -10,13 +10,11 @@ #ifndef LIBOPENSSL #include -void dummy_sip() { - printf("\n"); -} +void dummy_sip() { printf("\n"); } #else -#include #include "sasl.h" +#include extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -25,8 +23,7 @@ char *get_iface_ip(uint64_t ip); int32_t cseq; extern char *HYDRA_EXIT; - -#define SIP_MAX_BUF 1024 +#define SIP_MAX_BUF 1024 void empty_register(char *buf, char *host, char *lhost, int32_t port, int32_t lport, char *user) { memset(buf, 0, SIP_MAX_BUF); @@ -50,7 +47,7 @@ int32_t get_sip_code(char *buf) { return code; } -int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE *fp) { char *login, *pass, *host, buffer[SIP_MAX_BUF]; int32_t i; char buf[SIP_MAX_BUF]; @@ -74,14 +71,16 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u } int32_t has_sip_cred = 0; - int32_t try = 0; + int32_t try + = 0; /* We have to check many times because server may begin to send "100 Trying" * before "401 Unauthorized" */ while (try < 2 && !has_sip_cred) { - try++; + try + ++; if (hydra_data_ready_timed(s, 3, 0) > 0) { - i = hydra_recv(s, (char *) buf, sizeof(buf) - 1); + i = hydra_recv(s, (char *)buf, sizeof(buf) - 1); if (i > 0) buf[i] = '\0'; if (strncmp(buf, "SIP/2.0 404", 11) == 0) { @@ -94,17 +93,21 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u // if we already tried to connect, exit if (external_ip_addr[0]) { - hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n"); + hydra_report(stdout, "[ERROR] Get error code 606 : session is not " + "acceptable by the server\n"); return 2; } if (verbose) - hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n" - "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n"); - /* - SIP/2.0 606 Not Acceptable - Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 - */ + hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not " + "acceptable by the server,\n" + "maybe it's an addressing issue as you are " + "using NAT, trying to reconnect\n" + "using addr from the server reply\n"); + /* + SIP/2.0 606 Not Acceptable + Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 + */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "Via: SIP.*received=")) { ptr = strstr(buf, "received="); @@ -143,7 +146,11 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u "Via: SIP/2.0/UDP %s:%i\n" "From: \n" "To: \n" - "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); + "Call-ID: 1337@%s\n" + "CSeq: %i REGISTER\n" + "Authorization: Digest %s\n" + "Content-Length: 0\n\n", + host, lip, lport, login, host, login, host, host, cseq, buffer2); cseq++; if (debug) @@ -151,15 +158,17 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; } - try = 0; + try + = 0; int32_t has_resp = 0; int32_t sip_code = 0; while (try < 2 && !has_resp) { - try++; + try + ++; if (hydra_data_ready_timed(s, 5, 0) > 0) { memset(buf, 0, sizeof(buf)); - if ((i = hydra_recv(s, (char *) buf, sizeof(buf) - 1)) >= 0) + if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0) buf[i] = 0; if (debug) hydra_report(stderr, "[INFO] S: %s\n", buf); @@ -182,17 +191,18 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u return 1; } -void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_SIP, mysslport = PORT_SIP_SSL; - char *lip = get_iface_ip((int32_t) *(&ip[1])); + char *lip = get_iface_ip((int32_t) * (&ip[1])); hydra_register_socket(sp); // FIXME IPV6 if (ip[0] != 4) { - fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n"); + fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are " + "appreciated.\n"); hydra_child_exit(2); } @@ -224,7 +234,7 @@ void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); free(lip); hydra_child_exit(1); } @@ -263,7 +273,7 @@ char *get_iface_ip(uint64_t ip) { tparamet.sin_port = htons(2000); tparamet.sin_addr.s_addr = ip; - if (connect(sfd, (const struct sockaddr *) &tparamet, sizeof(struct sockaddr_in))) { + if (connect(sfd, (const struct sockaddr *)&tparamet, sizeof(struct sockaddr_in))) { perror("connect"); close(sfd); return NULL; @@ -271,7 +281,7 @@ char *get_iface_ip(uint64_t ip) { struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in)); int32_t size = sizeof(struct sockaddr_in); - if (getsockname(sfd, (void *) local, (socklen_t *) & size)) { + if (getsockname(sfd, (void *)local, (socklen_t *)&size)) { perror("getsockname"); close(sfd); free(local); @@ -281,7 +291,7 @@ char *get_iface_ip(uint64_t ip) { char buff[32]; - if (!inet_ntop(AF_INET, (void *) &local->sin_addr, buff, 32)) { + if (!inet_ntop(AF_INET, (void *)&local->sin_addr, buff, 32)) { perror("inet_ntop"); free(local); return NULL; @@ -295,13 +305,13 @@ char *get_iface_ip(uint64_t ip) { #endif -int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-smb.c b/hydra-smb.c index c46fd0f..20fd1cf 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1,17 +1,14 @@ #include "hydra-mod.h" #ifndef LIBOPENSSL -void dummy_smb() { - printf("\n"); -} +void dummy_smb() { printf("\n"); } #else -#include -#include #include "hmacmd5.h" #include "sasl.h" +#include +#include // FIXME XXX BUG: several malloc()s without return code checking - /* http://technet.microsoft.com/en-us/library/cc960646.aspx @@ -41,10 +38,10 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx Based on code from: SMB Auditing Tool [Copyright (C) Patrik Karlsson 2001] This code allows Hydra to directly test NTLM hashes against - a Windows. This may be useful for an auditor who has aquired - a sam._ or pwdump file and would like to quickly determine - which are valid entries. This module can also be used to test - SMB passwords against devices that do not allow clear text + a Windows. This may be useful for an auditor who has aquired + a sam._ or pwdump file and would like to quickly determine + which are valid entries. This module can also be used to test + SMB passwords against devices that do not allow clear text LanMan passwords. The "-m 'METHOD'" option is required for this module. The @@ -54,23 +51,23 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx Local == Check local account. Domain == Check credentials against this hosts primary domain controller via this host. - Hash == Use a NTLM hash rather than a password. - Machine == Use the Machine's NetBIOS name as the password. + Hash == Use a NTLM hash rather than a password. + Machine == Use the Machine's NetBIOS name as the password. NTLMV2, NTLM, LMV2, LM == set the dialect Be careful of mass domain account lockout with this. For - example, assume you are checking several accounts against + example, assume you are checking several accounts against many domain workstations. If you are not using the 'L' - options and these accounts do not exist locally on the + options and these accounts do not exist locally on the workstations, each workstation will in turn check their - respective domain controller. This could cause a bunch of - lockouts. Of course, it'd look like the workstations, not + respective domain controller. This could cause a bunch of + lockouts. Of course, it'd look like the workstations, not you, were doing it. ;) **FYI, this code is unable to test accounts on default XP hosts which are not part of a domain and do not have normal file sharing enabled. Default XP does not allow shares and - returns STATUS_LOGON_FAILED for both valid and invalid + returns STATUS_LOGON_FAILED for both valid and invalid credentials. XP with simple sharing enabled returns SUCCESS for both valid and invalid credentials. If anyone knows a way to test in these configurations... @@ -80,29 +77,25 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx #define WIN2000_NATIVEMODE 1 #define WIN_NETBIOSMODE 2 - #define PLAINTEXT 10 #define ENCRYPTED 11 - #ifndef CHAR_BIT #define CHAR_BIT 8 #endif #ifndef TIME_T_MIN -#define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \ - : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1)) +#define TIME_T_MIN ((time_t)0 < (time_t)-1 ? (time_t)0 : ~(time_t)0 << (sizeof(time_t) * CHAR_BIT - 1)) #endif #ifndef TIME_T_MAX -#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) +#define TIME_T_MAX (~(time_t)0 - TIME_T_MIN) #endif -#define IVAL_NC(buf,pos) (*(uint32_t *)((char *)(buf) + (pos))) /* Non const version of above. */ -#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((uint32_t)(val)) +#define IVAL_NC(buf, pos) (*(uint32_t *)((char *)(buf) + (pos))) /* Non const version of above. */ +#define SIVAL(buf, pos, val) IVAL_NC(buf, pos) = ((uint32_t)(val)) #define TIME_FIXUP_CONSTANT_INT 11644473600LL - extern char *HYDRA_EXIT; static unsigned char challenge[8]; static unsigned char workgroup[16]; @@ -113,43 +106,43 @@ int32_t hashFlag, accntFlag, protoFlag; int32_t smb_auth_mechanism = AUTH_NTLM; int32_t security_mode = ENCRYPTED; -static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize) -{ - int32_t i=0,j=0; +static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize) { + int32_t i = 0, j = 0; uint64_t ch; if (debug) { - hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); - hydra_dump_asciihex(in, insize); + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); + hydra_dump_asciihex(in, insize); } - for (i = 0; i < insize; i++) { - if (in[i] < 128) { // one byte - out[j] = in[i]; - out[j+1] = 0; - j=j+2; - } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes - out[j+1] = 0x07 & (in[i] >> 2); - out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i+1]); - j=j+2; - i=i+1; - } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes - out[j] = (0xc0 & (in[i+1] << 6)) | (0x3f & in[i+2]); - out[j+1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i+1] >> 2)); - j=j+2; - i=i+2; - } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes - ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i+1]) << 12) + ((0x3f & in[i+2]) << 6) + (0x3f & in[i+3])- 0x10000; - out[j] = (ch >> 10) & 0xff; - out[j+1] = 0xd8 | ((ch >> 18) & 0xff); - out[j+2] = ch & 0xff; - out[j+3] = 0xdc | ((ch >> 8) & 0x3 ); - j=j+4; - i=i+3; - } - if ( j-2 > outsize) break; + for (i = 0; i < insize; i++) { + if (in[i] < 128) { // one byte + out[j] = in[i]; + out[j + 1] = 0; + j = j + 2; + } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes + out[j + 1] = 0x07 & (in[i] >> 2); + out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i + 1]); + j = j + 2; + i = i + 1; + } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes + out[j] = (0xc0 & (in[i + 1] << 6)) | (0x3f & in[i + 2]); + out[j + 1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i + 1] >> 2)); + j = j + 2; + i = i + 2; + } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes + ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i + 1]) << 12) + ((0x3f & in[i + 2]) << 6) + (0x3f & in[i + 3]) - 0x10000; + out[j] = (ch >> 10) & 0xff; + out[j + 1] = 0xd8 | ((ch >> 18) & 0xff); + out[j + 2] = ch & 0xff; + out[j + 3] = 0xdc | ((ch >> 8) & 0x3); + j = j + 4; + i = i + 3; + } + if (j - 2 > outsize) + break; } if (debug) { - hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); - hydra_dump_asciihex(out,j); + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); + hydra_dump_asciihex(out, j); } return j; } @@ -157,8 +150,8 @@ static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out static unsigned char Get7Bits(unsigned char *input, int32_t startBit) { register uint32_t word; - word = (unsigned) input[startBit / 8] << 8; - word |= (unsigned) input[startBit / 8 + 1]; + word = (unsigned)input[startBit / 8] << 8; + word |= (unsigned)input[startBit / 8 + 1]; word >>= 15 - (startBit % 8 + 7); @@ -176,7 +169,7 @@ static void MakeKey(unsigned char *key, unsigned char *DES_key) { DES_key[6] = Get7Bits(key, 42); DES_key[7] = Get7Bits(key, 49); - DES_set_odd_parity((DES_cblock *) DES_key); + DES_set_odd_parity((DES_cblock *)DES_key); } /* Do the DesEncryption */ @@ -186,7 +179,7 @@ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) MakeKey(key, DES_key); DES_set_key(&DES_key, &key_schedule); - DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cipher, &key_schedule, 1); + DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, &key_schedule, 1); } /* @@ -198,7 +191,7 @@ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) challenge = the challenge recieved from the server */ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { - static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; unsigned char password[14 + 1]; unsigned char lm_hash[21]; unsigned char lm_response[24]; @@ -237,25 +230,25 @@ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *chall for (i = 0; i < 16; i++) { HexValue = 0x0; for (j = 0; j < 2; j++) { - HexChar = (char) p[2 * i + j]; + HexChar = (char)p[2 * i + j]; if (HexChar > 0x39) - HexChar = HexChar | 0x20; /* convert upper case to lower */ + HexChar = HexChar | 0x20; /* convert upper case to lower */ - if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ - ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ hydra_report(stderr, "[ERROR] Invalid char (%c) for hash.\n", HexChar); HexChar = 0x30; } HexChar -= 0x30; - if (HexChar > 0x09) /* HexChar is "a" - "f" */ + if (HexChar > 0x09) /* HexChar is "a" - "f" */ HexChar -= 0x27; - HexValue = (HexValue << 4) | (char) HexChar; + HexValue = (HexValue << 4) | (char)HexChar; } - lm_hash[i] = (unsigned char) HexValue; + lm_hash[i] = (unsigned char)HexValue; } } } else { @@ -263,15 +256,15 @@ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *chall if (hashFlag == 2) { for (i = 0; i < 16; i++) { if (machine_name[i] > 0x39) - machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ pass = machine_name; } } /* convert lower case characters to upper case */ - strncpy((char *) password, (char *) pass, 14); + strncpy((char *)password, (char *)pass, 14); for (i = 0; i < 14; i++) { - if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ + if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ password[i] -= 0x20; } @@ -280,7 +273,7 @@ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *chall DesEncrypt(magic, &password[7], &lm_hash[8]); } - /* + /* NULL-pad 16-byte LM hash to 21-bytes Split resultant value into three 7-byte thirds DES-encrypt challenge using each third as a key @@ -295,15 +288,14 @@ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *chall return 0; } - /* MakeNTLM - Function: Create a NTLM hash from the password + Function: Create a NTLM hash from the password */ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { MD4_CTX md4Context; - unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ - unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ + unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ int32_t i = 0, j = 0; int32_t mdlen; unsigned char *p = NULL; @@ -312,7 +304,8 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { /* Use NTLM Hash instead of password */ if (hashFlag == 1) { - /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ + /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: + */ p = pass; while ((*p != '\0') && (i < 1)) { if (*p == ':') @@ -328,13 +321,13 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { for (i = 0; i < 16; i++) { HexValue = 0x0; for (j = 0; j < 2; j++) { - HexChar = (char) p[2 * i + j]; + HexChar = (char)p[2 * i + j]; if (HexChar > 0x39) - HexChar = HexChar | 0x20; /* convert upper case to lower */ + HexChar = HexChar | 0x20; /* convert upper case to lower */ - if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ - ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ /* * fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); * hydra_child_exit(0); @@ -343,19 +336,19 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { } HexChar -= 0x30; - if (HexChar > 0x09) /* HexChar is "a" - "f" */ + if (HexChar > 0x09) /* HexChar is "a" - "f" */ HexChar -= 0x27; - HexValue = (HexValue << 4) | (char) HexChar; + HexValue = (HexValue << 4) | (char)HexChar; } - hash[i] = (unsigned char) HexValue; + hash[i] = (unsigned char)HexValue; } } else { /* Password == Machine Name */ if (hashFlag == 2) { for (i = 0; i < 16; i++) { if (machine_name[i] > 0x39) - machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ pass = machine_name; } } @@ -363,13 +356,13 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { /* Initialize the Unicode version of the secret (== password). */ /* This implicitly supports most UTF8 characters. */ - j = UTF8_UTF16LE(pass, strlen((char *) pass), unicodePassword, sizeof(unicodePassword)); + j = UTF8_UTF16LE(pass, strlen((char *)pass), unicodePassword, sizeof(unicodePassword)); - mdlen = j; /* length in bytes */ + mdlen = j; /* length in bytes */ MD4_Init(&md4Context); MD4_Update(&md4Context, unicodePassword, mdlen); - MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ + MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ } memcpy(ntlmhash, hash, 16); @@ -379,9 +372,9 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { /* HashLMv2 - This function implements the LMv2 response algorithm. The LMv2 response is used to - provide pass-through authentication compatibility with older servers. The response - is based on the NTLM password hash and is exactly 24 bytes. + This function implements the LMv2 response algorithm. The LMv2 response is + used to provide pass-through authentication compatibility with older servers. + The response is based on the NTLM password hash and is exactly 24 bytes. The below code is based heavily on the following resources: @@ -397,7 +390,7 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char HMACMD5Context ctx; unsigned char kr_buf[16]; int32_t ret, i; - unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; memset(ntlm_hash, 0, 16); memset(lmv2_response, 0, 24); @@ -406,52 +399,54 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char /* --- HMAC #1 Caculations --- */ /* Calculate and set NTLM password hash */ - ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *)szPassword); if (ret == -1) return -1; /* - The Unicode uppercase username is concatenated with the Unicode authentication target - (the domain or server name specified in the Target Name field of the Type 3 message). - Note that this calculation always uses the Unicode representation, even if OEM encoding - has been negotiated; also note that the username is converted to uppercase, while the - authentication target is case-sensitive and must match the case presented in the Target + The Unicode uppercase username is concatenated with the Unicode + authentication target (the domain or server name specified in the Target + Name field of the Type 3 message). Note that this calculation always uses + the Unicode representation, even if OEM encoding has been negotiated; also + note that the username is converted to uppercase, while the authentication + target is case-sensitive and must match the case presented in the Target Name field. - The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to - this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the - NTLMv2 hash. + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) + is applied to this value using the 16-byte NTLM hash as the key. This + results in a 16-byte value - the NTLMv2 hash. */ /* Initialize the Unicode version of the username and target. */ /* This implicitly supports 8-bit ISO8859/1 characters. */ /* convert lower case characters to upper case */ bzero(unicodeUsername, sizeof(unicodeUsername)); - for (i = 0; i < strlen((char *) szLogin); i++) { - if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ - unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + for (i = 0; i < strlen((char *)szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char)szLogin[i] - 0x20; else - unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + unicodeUsername[i * 2] = (unsigned char)szLogin[i]; } bzero(unicodeTarget, sizeof(unicodeTarget)); - for (i = 0; i < strlen((char *) workgroup); i++) - unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + for (i = 0; i < strlen((char *)workgroup); i++) + unicodeTarget[i * 2] = (unsigned char)workgroup[i]; hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); - hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); - hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx); + hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx); hmac_md5_final(kr_buf, &ctx); /* --- HMAC #2 Calculations --- */ /* - The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 - message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash - (calculated above) as the key. This results in a 16-byte output value. + The challenge from the Type 2 message is concatenated with our fixed client + nonce. The HMAC-MD5 message authentication code algorithm is applied to + this value using the 16-byte NTLMv2 hash (calculated above) as the key. + This results in a 16-byte output value. */ hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); - hmac_md5_update((const unsigned char *) challenge, 8, &ctx); + hmac_md5_update((const unsigned char *)challenge, 8, &ctx); hmac_md5_update(client_challenge, 8, &ctx); hmac_md5_final(lmv2_response, &ctx); @@ -468,12 +463,13 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char /* HashNTLMv2 - This function implements the NTLMv2 response algorithm. Support for this algorithm - was added with Microsoft Windows with NT 4.0 SP4. It should be noted that code doesn't - currently work with Microsoft Vista. While NTLMv2 authentication with Samba and Windows - 2003 functions as expected, Vista systems respond with the oh-so-helpful - "INVALID_PARAMETER" error code. LMv2-only authentication appears to work against Vista - in cases where LM and NTLM are refused. + This function implements the NTLMv2 response algorithm. Support for this + algorithm was added with Microsoft Windows with NT 4.0 SP4. It should be noted + that code doesn't currently work with Microsoft Vista. While NTLMv2 + authentication with Samba and Windows 2003 functions as expected, Vista + systems respond with the oh-so-helpful "INVALID_PARAMETER" error code. + LMv2-only authentication appears to work against Vista in cases where LM and + NTLM are refused. The below code is based heavily on the following two resources: @@ -482,7 +478,7 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char NTLMv2 network authentication is required when attempting to authenticated to a system which has the following policy enforced: - + GPO: "Network Security: LAN Manager authentication level" Setting: "Send NTLMv2 response only\refuse LM & NTLM" */ @@ -494,30 +490,25 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha HMACMD5Context ctx; unsigned char kr_buf[16]; int32_t ret, i, iTargetLen; - unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; /* -- Example NTLMv2 Response Data -- - [0] HMAC: (16 bytes) + [0] HMAC: (16 bytes) [16] Header: Blob Signature [01 01 00 00] (4 bytes) [20] Reserved: [00 00 00 00] (4 bytes) - [24] Time: Little-endian, 64-bit signed value representing the number of - tenths of a microsecond since January 1, 1601. (8 bytes) - [32] Client Nonce: (8 bytes) - [40] Unknown: 00 00 00 00 (4 bytes) - [44] Target Information (from the Type 2 message) - NetBIOS domain/workgroup: - Type: domain 02 00 (2 bytes) - Length: 12 00 (2 bytes) - Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes) - End-of-list: 00 00 00 00 (4 bytes) + [24] Time: Little-endian, 64-bit signed value representing the number + of tenths of a microsecond since January 1, 1601. (8 bytes) [32] Client + Nonce: (8 bytes) [40] Unknown: 00 00 00 00 (4 bytes) [44] Target + Information (from the Type 2 message) NetBIOS domain/workgroup: Type: + domain 02 00 (2 bytes) Length: 12 00 (2 bytes) Name: WORKGROUP [NULL + spacing -> 57 00 4f 00 ...] (18 bytes) End-of-list: 00 00 00 00 (4 bytes) Termination: 00 00 00 00 (4 bytes) */ - - iTargetLen = 2 * strlen((char *) workgroup); + iTargetLen = 2 * strlen((char *)workgroup); memset(ntlm_hash, 0, 16); memset(ntlmv2_response, 0, 56 + 20 * 2 + 256 * 2); @@ -526,69 +517,70 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha /* --- HMAC #1 Caculations --- */ /* Calculate and set NTLM password hash */ - ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *)szPassword); if (ret == -1) return -1; /* - The Unicode uppercase username is concatenated with the Unicode authentication target - (the domain or server name specified in the Target Name field of the Type 3 message). - Note that this calculation always uses the Unicode representation, even if OEM encoding - has been negotiated; also note that the username is converted to uppercase, while the - authentication target is case-sensitive and must match the case presented in the Target + The Unicode uppercase username is concatenated with the Unicode + authentication target (the domain or server name specified in the Target + Name field of the Type 3 message). Note that this calculation always uses + the Unicode representation, even if OEM encoding has been negotiated; also + note that the username is converted to uppercase, while the authentication + target is case-sensitive and must match the case presented in the Target Name field. - The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to - this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the - NTLMv2 hash. + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) + is applied to this value using the 16-byte NTLM hash as the key. This + results in a 16-byte value - the NTLMv2 hash. */ /* Initialize the Unicode version of the username and target. */ /* This implicitly supports 8-bit ISO8859/1 characters. */ /* convert lower case characters to upper case */ bzero(unicodeUsername, sizeof(unicodeUsername)); - for (i = 0; i < strlen((char *) szLogin); i++) { - if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ - unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + for (i = 0; i < strlen((char *)szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char)szLogin[i] - 0x20; else - unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + unicodeUsername[i * 2] = (unsigned char)szLogin[i]; } bzero(unicodeTarget, sizeof(unicodeTarget)); - for (i = 0; i < strlen((char *) workgroup); i++) - unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + for (i = 0; i < strlen((char *)workgroup); i++) + unicodeTarget[i * 2] = (unsigned char)workgroup[i]; hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); - hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); - hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx); + hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx); hmac_md5_final(kr_buf, &ctx); /* --- Blob Construction --- */ - memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ + memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ memset(ntlmv2_response + 18, 0, 2); - memset(ntlmv2_response + 20, 0, 4); /* Reserved */ + memset(ntlmv2_response + 20, 0, 4); /* Reserved */ /* Time -- Take a Unix time and convert to an NT TIME structure: - Little-endian, 64-bit signed value representing the number of tenths of a + Little-endian, 64-bit signed value representing the number of tenths of a microsecond since January 1, 1601. */ struct timespec ts; unsigned long long nt; - ts.tv_sec = (time_t) time(NULL); + ts.tv_sec = (time_t)time(NULL); ts.tv_nsec = 0; if (ts.tv_sec == 0) nt = 0; else if (ts.tv_sec == TIME_T_MAX) nt = 0x7fffffffffffffffLL; - else if (ts.tv_sec == (time_t) - 1) - nt = (unsigned long) -1; + else if (ts.tv_sec == (time_t)-1) + nt = (unsigned long)-1; else { nt = ts.tv_sec; nt += TIME_FIXUP_CONSTANT_INT; - nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ + nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ } SIVAL(ntlmv2_response + 24, 0, nt & 0xFFFFFFFF); @@ -596,8 +588,8 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha /* End time calculation */ /* Set client challenge - using a non-random value in this case. */ - memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ - memset(ntlmv2_response + 40, 0, 4); /* Unknown */ + memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ + memset(ntlmv2_response + 40, 0, 4); /* Unknown */ /* Target Information Block */ /* @@ -606,26 +598,28 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha 0x0300 Fully-qualified DNS host name 0x0400 DNS domain name - TODO: Need to rework negotiation code to correctly extract target information + TODO: Need to rework negotiation code to correctly extract target + information */ - memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ + memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ memset(ntlmv2_response + 45, 0x00, 1); - memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ + memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ memset(ntlmv2_response + 47, 0x00, 1); /* Name of domain or workgroup */ - for (i = 0; i < strlen((char *) workgroup); i++) - ntlmv2_response[48 + i * 2] = (unsigned char) workgroup[i]; + for (i = 0; i < strlen((char *)workgroup); i++) + ntlmv2_response[48 + i * 2] = (unsigned char)workgroup[i]; - memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ + memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ /* --- HMAC #2 Caculations --- */ /* - The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message - authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash - (calculated above) as the key. This results in a 16-byte output value. + The challenge from the Type 2 message is concatenated with the blob. The + HMAC-MD5 message authentication code algorithm is applied to this value + using the 16-byte NTLMv2 hash (calculated above) as the key. This results + in a 16-byte output value. */ hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); @@ -652,11 +646,11 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha */ int32_t HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { int32_t ret; - unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char p21[21]; unsigned char ntlm_response[24]; - ret = MakeNTLM((unsigned char *) &hash, (unsigned char *) pass); + ret = MakeNTLM((unsigned char *)&hash, (unsigned char *)pass); if (ret == -1) hydra_child_exit(0); @@ -678,9 +672,9 @@ int32_t HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *c Returns: TRUE on success else FALSE. */ int32_t NBSSessionRequest(int32_t s) { - char nb_name[32]; /* netbiosname */ - char nb_local[32]; /* netbios localredirector */ - unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 }; + char nb_name[32]; /* netbiosname */ + char nb_local[32]; /* netbios localredirector */ + unsigned char rqbuf[7] = {0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20}; char *buf; unsigned char rbuf[400]; int32_t k; @@ -692,31 +686,30 @@ int32_t NBSSessionRequest(int32_t s) { /* convert computer name to netbios name */ memset(nb_name, 0, 32); memset(nb_local, 0, 32); - memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ - memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ + memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ + memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ - if ((buf = (char *) malloc(100)) == NULL) + if ((buf = (char *)malloc(100)) == NULL) return -1; memset(buf, 0, 100); - memcpy(buf, (char *) rqbuf, 5); + memcpy(buf, (char *)rqbuf, 5); memcpy(buf + 5, nb_name, 32); - memcpy(buf + 37, (char *) rqbuf + 5, 2); + memcpy(buf + 37, (char *)rqbuf + 5, 2); memcpy(buf + 39, nb_local, 32); - memcpy(buf + 71, (char *) rqbuf + 5, 1); + memcpy(buf + 71, (char *)rqbuf + 5, 1); hydra_send(s, buf, 72, 0); free(buf); memset(rbuf, 0, 400); - k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + k = hydra_recv(s, (char *)rbuf, sizeof(rbuf)); if (k > 0 && (rbuf[0] == 0x82)) - return 0; /* success */ + return 0; /* success */ else - return -1; /* failed */ + return -1; /* failed */ } - /* SMBNegProt Function: Negotiate protocol with server ... @@ -728,61 +721,39 @@ int32_t NBSSessionRequest(int32_t s) { */ int32_t SMBNegProt(int32_t s) { unsigned char buf[] = { - 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, - 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, - 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, - 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, - 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, - 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, - 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, - 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, - 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, - 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, - 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, - 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, - 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, - 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, - 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, - 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, - 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, - 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, - 0x32, 0x00 + 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d, + 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, + 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 -/* -0x02, - 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, - 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, - 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, - 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, - 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, - 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, - 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, - 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, - 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, - 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53, - 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, - 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, - 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, - 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 -*/ + /* + 0x02, + 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, + 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, + 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, + 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, + 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, + 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, + 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, + 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, + 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, + 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53, + 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, + 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, + 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, + 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 + */ }; unsigned char rbuf[400]; unsigned char sess_key[2]; - unsigned char userid[2] = { 0xCD, 0xEF }; + unsigned char userid[2] = {0xCD, 0xEF}; int32_t i = 0, j = 0, k; int32_t iLength = 194; int32_t iResponseOffset = 73; - memset((char *) rbuf, 0, 400); + memset((char *)rbuf, 0, 400); /* set session key */ sess_key[1] = getpid() / 100; @@ -793,24 +764,24 @@ int32_t SMBNegProt(int32_t s) { if (smb_auth_mechanism == AUTH_LM) { if (verbose) hydra_report(stderr, "[VERBOSE] Setting Negotiate Protocol Response for LM.\n"); - buf[3] = 0xA3; // Set message length - buf[37] = 0x80; // Set byte count for dialects + buf[3] = 0xA3; // Set message length + buf[37] = 0x80; // Set byte count for dialects iLength = 167; iResponseOffset = 65; } - - hydra_send(s, (char *) buf, iLength, 0); - k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + hydra_send(s, (char *)buf, iLength, 0); + k = hydra_recv(s, (char *)rbuf, sizeof(rbuf)); if (k == 0) return 3; /* retrieve the security mode */ /* - [0] Mode: (0) ? (1) USER security mode - [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response - [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED - [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED + [0] Mode: (0) ? (1) USER security + mode [1] Password: (0) PLAINTEXT password (1) ENCRYPTED + password. Use challenge/response [2] Signatures: (0) Security signatures + NOT enabled (1) ENABLED [3] Sig Req: (0) Security signatures NOT + required (1) REQUIRED SAMBA: 0x01 (default) WinXP: 0x0F (default) @@ -818,25 +789,28 @@ int32_t SMBNegProt(int32_t s) { */ switch (rbuf[39]) { case 0x01: - //real plaintext should be used with LM auth + // real plaintext should be used with LM auth if (verbose) hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n"); security_mode = PLAINTEXT; if (hashFlag == 1) { if (verbose) - hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n"); + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH " + "password mode not supported for this configuration.\n"); return 3; } if (hashFlag == 2) { if (verbose) - hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n"); + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE " + "password mode not supported for this configuration.\n"); return 3; } break; case 0x03: if (verbose) - hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n"); + hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password " + "without security signatures.\n"); security_mode = ENCRYPTED; break; case 0x07: @@ -847,20 +821,23 @@ int32_t SMBNegProt(int32_t s) { break; default: if (verbose) - hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]); + hydra_report(stderr, + "[VERBOSE] Unknown security mode request: %2.2X. Proceeding " + "using ENCRYPTED password mode.\n", + rbuf[39]); security_mode = ENCRYPTED; break; } /* Retrieve the challenge */ - memcpy(challenge, (char *) rbuf + iResponseOffset, sizeof(challenge)); + memcpy(challenge, (char *)rbuf + iResponseOffset, sizeof(challenge)); /* Find the primary domain/workgroup name */ memset(workgroup, 0, 16); memset(machine_name, 0, 16); - //seems using LM only the domain is returned not the server - //and the domain is not padded with null chars + // seems using LM only the domain is returned not the server + // and the domain is not padded with null chars if (smb_auth_mechanism == AUTH_LM) { while ((rbuf[iResponseOffset + 8 + i] != 0) && (i < 16)) { workgroup[i] = rbuf[iResponseOffset + 8 + i]; @@ -882,12 +859,10 @@ int32_t SMBNegProt(int32_t s) { hydra_report(stderr, "[VERBOSE] Server machine name: %s\n", machine_name); hydra_report(stderr, "[VERBOSE] Server primary domain: %s\n", workgroup); } - //success + // success return 2; } - - /* SMBSessionSetup Function: Send username + response to the challenge from @@ -900,7 +875,7 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * unsigned char *NTLMv2hash = NULL; unsigned char *NTLMhash = NULL; unsigned char *LMhash = NULL; -// unsigned char unicodeLogin[32 * 2]; + // unsigned char unicodeLogin[32 * 2]; int32_t j; char bufReceive[512]; int32_t nReceiveBufferSize = 0; @@ -908,37 +883,58 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * int32_t iByteCount = 0, iOffset = 0; if (accntFlag == 0) { - strcpy((char *) workgroup, "localhost"); + strcpy((char *)workgroup, "localhost"); } else if (accntFlag == 2) { memset(workgroup, 0, 16); } - //domain flag is not needed here, it will be auto set, - //below it's domain specified on cmd line + // domain flag is not needed here, it will be auto set, + // below it's domain specified on cmd line else if (accntFlag == 4) { - strncpy((char *) workgroup, (char *) domain, 16); + strncpy((char *)workgroup, (char *)domain, 16); } /* NetBIOS Session Service */ unsigned char szNBSS[4] = { - 0x00, /* Message Type: Session Message */ - 0x00, 0x00, 0x85 /* Length -- MUST SET */ + 0x00, /* Message Type: Session Message */ + 0x00, 0x00, 0x85 /* Length -- MUST SET */ }; /* SMB Header */ unsigned char szSMB[32] = { - 0xff, 0x53, 0x4d, 0x42, /* Server Component */ - 0x73, /* SMB Command: Session Setup AndX */ - 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */ - 0x08, /* Flags */ - 0x01, 0xc0, /* Flags2 */ /* add Unicode */ - 0x00, 0x00, /* Process ID High */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */ - 0x00, 0x00, /* Reserved */ - 0x00, 0x00, /* Tree ID */ - 0x13, 0x37, /* Process ID */ - 0x00, 0x00, /* User ID */ - 0x01, 0x00 /* Multiplx ID */ + 0xff, + 0x53, + 0x4d, + 0x42, /* Server Component */ + 0x73, /* SMB Command: Session Setup AndX */ + 0x00, + 0x00, + 0x00, + 0x00, /* NT Status: STATUS_SUCCESS */ + 0x08, /* Flags */ + 0x01, + 0xc0, + /* Flags2 */ /* add Unicode */ + 0x00, + 0x00, /* Process ID High */ + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, /* Signature */ + 0x00, + 0x00, /* Reserved */ + 0x00, + 0x00, /* Tree ID */ + 0x13, + 0x37, /* Process ID */ + 0x00, + 0x00, /* User ID */ + 0x01, + 0x00 /* Multiplx ID */ }; memset(buf, 0, 512); @@ -952,31 +948,31 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * hydra_report(stderr, "[VERBOSE] Attempting LM password authentication.\n"); unsigned char szSessionRequest[23] = { - 0x0a, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LAN Manager Password Hash Length */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ - iByteCount = 24; /* Start with length of LM hash */ + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LM hash */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 23); /* Calculate and set LAN Manager password hash */ - if ((LMhash = (unsigned char *) malloc(24)) == NULL) + if ((LMhash = (unsigned char *)malloc(24)) == NULL) return -1; memset(LMhash, 0, 24); - ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge); + ret = HashLM(&LMhash, (unsigned char *)szPassword, (unsigned char *)challenge); if (ret == -1) { free(LMhash); return -1; @@ -990,34 +986,52 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * hydra_report(stderr, "[VERBOSE] Attempting NTLM password authentication.\n"); unsigned char szSessionRequest[29] = { - 0x0d, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LAN Manager Password Hash Length */ - 0x18, 0x00, /* NT LAN Manager Password Hash Length */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, + 0x00, /* AndXOffset */ + 0xff, + 0xff, /* Max Buffer */ + 0x02, + 0x00, /* Max Mpx Count */ + 0x3c, + 0x7d, /* VC Number */ + 0x00, + 0x00, + 0x00, + 0x00, /* Session Key */ + 0x18, + 0x00, /* LAN Manager Password Hash Length */ + 0x18, + 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, + 0x00, + 0x00, + 0x00, /* Reserved */ + 0x5c, + 0x00, + 0x00, + 0x00, + /* Capabilities */ /* Add Unicode */ + 0x49, + 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ - iByteCount = 48; /* Start with length of NTLM and LM hashes */ + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 48; /* Start with length of NTLM and LM hashes */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set NTLM password hash */ - if ((NTLMhash = (unsigned char *) malloc(24)) == NULL) + if ((NTLMhash = (unsigned char *)malloc(24)) == NULL) return -1; memset(NTLMhash, 0, 24); - /* We don't need to actually calculated a LM hash for this mode, only NTLM */ - ret = HashNTLM(&NTLMhash, (unsigned char *) szPassword, (unsigned char *) challenge, miscptr); + /* We don't need to actually calculated a LM hash for this mode, only NTLM + */ + ret = HashNTLM(&NTLMhash, (unsigned char *)szPassword, (unsigned char *)challenge, miscptr); if (ret == -1) return -1; @@ -1028,33 +1042,33 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * hydra_report(stderr, "[VERBOSE] Attempting LMv2 password authentication.\n"); unsigned char szSessionRequest[29] = { - 0x0d, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LAN Manager Password Hash Length */ - 0x00, 0x00, /* NT LAN Manager Password Hash Length */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x50, 0x00, 0x00, 0x00, /* Capabilities */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ - iByteCount = 24; /* Start with length of LMv2 response */ + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LMv2 response */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set LMv2 response hash */ - if ((LMv2hash = (unsigned char *) malloc(24)) == NULL) + if ((LMv2hash = (unsigned char *)malloc(24)) == NULL) return -1; memset(LMv2hash, 0, 24); - ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + ret = HashLMv2(&LMv2hash, (unsigned char *)szLogin, (unsigned char *)szPassword); if (ret == -1) { free(LMv2hash); return -1; @@ -1067,28 +1081,28 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * hydra_report(stderr, "[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n"); unsigned char szSessionRequest[29] = { - 0x0d, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LMv2 Response Hash Length */ - 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x50, 0x00, 0x00, 0x00, /* Capabilities */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LMv2 Response Hash Length */ + 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set LMv2 response hash */ - ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + ret = HashLMv2(&LMv2hash, (unsigned char *)szLogin, (unsigned char *)szPassword); if (ret == -1) return -1; @@ -1096,7 +1110,7 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * free(LMv2hash); /* Calculate and set NTLMv2 response hash */ - ret = HashNTLMv2(&NTLMv2hash, &iByteCount, (unsigned char *) szLogin, (unsigned char *) szPassword); + ret = HashNTLMv2(&NTLMv2hash, &iByteCount, (unsigned char *)szLogin, (unsigned char *)szPassword); if (ret == -1) return -1; @@ -1108,71 +1122,75 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * memcpy(buf + iOffset + 24, NTLMv2hash, iByteCount); free(NTLMv2hash); - iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ + iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ } } else if (security_mode == PLAINTEXT) { if (verbose) hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n"); unsigned char szSessionRequest[23] = { - 0x0a, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x00, 0x00, /* Password Length -- MUST SET */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x00, 0x00, /* Password Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 23); /* Calculate and set password length */ - /* Samba appears to append NULL characters equal to the password length plus 2 */ - //iByteCount = 2 * strlen(szPassword) + 2; + /* Samba appears to append NULL characters equal to the password length plus + * 2 */ + // iByteCount = 2 * strlen(szPassword) + 2; iByteCount = strlen(szPassword) + 1; buf[iOffset - 8] = (iByteCount) % 256; buf[iOffset - 7] = (iByteCount) / 256; /* set ANSI password */ /* - Depending on the SAMBA server configuration, multiple passwords may be successful - when dealing with mixed-case values. The SAMBA parameter "password level" appears - to determine how many characters within a password are tested by the server both - upper and lower case. For example, assume a SAMBA account has a password of "Fred" - and the server is configured with "password level = 2". Medusa sends the password - "FRED". The SAMBA server will brute-force test this value for us with values - like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting - is "password level = 0". This results in only two attempts to being made by the - remote server; the password as is and the password in all-lower case. + Depending on the SAMBA server configuration, multiple passwords may be + successful when dealing with mixed-case values. The SAMBA parameter + "password level" appears to determine how many characters within a + password are tested by the server both upper and lower case. For example, + assume a SAMBA account has a password of "Fred" and the server is + configured with "password level = 2". Medusa sends the password "FRED". + The SAMBA server will brute-force test this value for us with values + like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default + setting is "password level = 0". This results in only two attempts to + being made by the remote server; the password as is and the password in + all-lower case. */ - strncpy((char *) (buf + iOffset), szPassword, 256); + strncpy((char *)(buf + iOffset), szPassword, 256); } else { - hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n"); + hydra_report(stderr, "[ERROR] Security_mode was not properly set. This " + "should not happen.\n"); return -1; } /* Set account and workgroup values */ - j = UTF8_UTF16LE((unsigned char *) szLogin, strlen(szLogin), buf + iOffset + iByteCount+1, 2*strlen(szLogin)); - iByteCount += j +3; /* NULL pad account name */ - j = UTF8_UTF16LE(workgroup, strlen((char *) workgroup), buf+iOffset+iByteCount, 2*strlen((char *) workgroup)); - iByteCount += j+2; // NULL pad workgroup name + j = UTF8_UTF16LE((unsigned char *)szLogin, strlen(szLogin), buf + iOffset + iByteCount + 1, 2 * strlen(szLogin)); + iByteCount += j + 3; /* NULL pad account name */ + j = UTF8_UTF16LE(workgroup, strlen((char *)workgroup), buf + iOffset + iByteCount, 2 * strlen((char *)workgroup)); + iByteCount += j + 2; // NULL pad workgroup name /* Set native OS and LAN Manager values */ char *szOSName = "Unix"; - j = UTF8_UTF16LE((unsigned char *) szOSName, strlen(szOSName), buf+iOffset+iByteCount, 2*sizeof(szOSName)); - iByteCount += j+2; // NULL terminated + j = UTF8_UTF16LE((unsigned char *)szOSName, strlen(szOSName), buf + iOffset + iByteCount, 2 * sizeof(szOSName)); + iByteCount += j + 2; // NULL terminated char *szLANMANName = "Samba"; - j = UTF8_UTF16LE((unsigned char *) szLANMANName, strlen(szLANMANName), buf+iOffset+iByteCount, 2*sizeof(szLANMANName)); - iByteCount += j+2; // NULL terminated + j = UTF8_UTF16LE((unsigned char *)szLANMANName, strlen(szLANMANName), buf + iOffset + iByteCount, 2 * sizeof(szLANMANName)); + iByteCount += j + 2; // NULL terminated /* Set the header length */ buf[2] = (iOffset - 4 + iByteCount) / 256; @@ -1186,7 +1204,7 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * if (verbose) hydra_report(stderr, "[VERBOSE] Set byte count: %2.2X\n", buf[57]); - hydra_send(s, (char *) buf, iOffset + iByteCount, 0); + hydra_send(s, (char *)buf, iOffset + iByteCount, 0); nReceiveBufferSize = hydra_recv(s, bufReceive, sizeof(bufReceive)); if (/*(bufReceive == NULL) ||*/ (nReceiveBufferSize == 0)) @@ -1197,7 +1215,7 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char * return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF)); } -int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; int32_t SMBerr, SMBaction; @@ -1217,75 +1235,99 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr); if (SMBSessionRet == -1) return 3; - SMBerr = (unsigned long) SMBSessionRet & 0x00FFFFFF; - SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24; + SMBerr = (unsigned long)SMBSessionRet & 0x00FFFFFF; + SMBaction = ((unsigned long)SMBSessionRet & 0xFF000000) >> 24; if (verbose) - hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (uint32_t) SMBSessionRet, SMBerr, SMBaction); + hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (uint32_t)SMBSessionRet, SMBerr, SMBaction); /* some error code are available here: http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx */ - if (SMBerr == 0x000000) { /* success */ - if (SMBaction == 0x01) { /* invalid account - anonymous connection */ - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login); + if (SMBerr == 0x000000) { /* success */ + if (SMBaction == 0x01) { /* invalid account - anonymous connection */ + fprintf(stderr, + "[%d][smb] Host: %s Account: %s Error: Invalid account " + "(Anonymous success)\n", + port, ipaddr_str, login); hydra_completed_pair_skip(); - } else { /* valid account */ + } else { /* valid account */ hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) { - hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n"); + hydra_report(stderr, "[ERROR] Invalid parameter status received, either " + "the account or the method used are not valid\n"); hydra_completed_pair_skip(); - } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, GPO Disabling Remote Connections Using NULL Passwords\n", port, ipaddr_str, login); + } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote + Connections Using NULL Passwords */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, GPO Disabling " + "Remote Connections Using NULL Passwords\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, GPO Deny access to this computer from the network\n", port, ipaddr_str, login); + } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this + computer from the network" */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, GPO Deny " + "access to this computer from the network\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if (SMBerr == 0x000193) { /* Valid password, account expired */ + } else if (SMBerr == 0x000193) { /* Valid password, account expired */ hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, password expired and must be changed on next logon\n", port, ipaddr_str, login); + } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, password " + "expired and must be changed on next logon\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, but logon hours invalid\n", port, ipaddr_str, login); + } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, but logon " + "hours invalid\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); + } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Error: Incorrect password or " + "account disabled\n", + port, ipaddr_str, login); if ((miscptr) && (strstr(miscptr, "LM"))) hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); hydra_completed_pair_skip(); - } else if (SMBerr == 0x000024) { /* change password on next login [success] */ + } else if (SMBerr == 0x000024) { /* change password on next login [success] */ hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); hydra_completed_pair_found(); - } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ + } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ hydra_completed_pair(); - } else if (SMBerr == 0x000071) { /* password expired */ + } else if (SMBerr == 0x000071) { /* password expired */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); - } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled *//* BF0002 on w2k */ + } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); - } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ + } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_LOCKED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); - } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ + } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ if (verbose) - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login); + fprintf(stderr, + "[%d][smb] Host: %s Account: %s Error: " + "NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", + port, ipaddr_str, login); hydra_completed_pair(); - } else { /* failed */ + } else { /* failed */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Unknown Error: %6.6X\n", port, ipaddr_str, login, SMBerr); hydra_completed_pair(); @@ -1297,30 +1339,30 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } -void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - //default is both (local and domain) checks and normal passwd - accntFlag = 2; //BOTH - hashFlag = 0; //PASS + // default is both (local and domain) checks and normal passwd + accntFlag = 2; // BOTH + hashFlag = 0; // PASS smb_auth_mechanism = AUTH_NTLM; if (miscptr) { - //check group + // check group strupper(miscptr); if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) { char *tmpdom; int32_t err = 0; - accntFlag = 4; //OTHER DOMAIN + accntFlag = 4; // OTHER DOMAIN tmpdom = strstr(miscptr, "OTHER_DOMAIN:"); tmpdom = tmpdom + strlen("OTHER_DOMAIN:"); if (tmpdom) { - //split the string after the domain if there are other values + // split the string after the domain if there are other values strtok(tmpdom, " "); if (tmpdom) { - strncpy((char *) domain, (char *) tmpdom, sizeof(domain) - 1); + strncpy((char *)domain, (char *)tmpdom, sizeof(domain) - 1); domain[sizeof(domain) - 1] = 0; } else { err = 1; @@ -1335,17 +1377,17 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL accntFlag = 2; } } else if (strstr(miscptr, "LOCAL") != NULL) { - accntFlag = 0; //LOCAL + accntFlag = 0; // LOCAL } else if (strstr(miscptr, "DOMAIN") != NULL) { - accntFlag = 1; //DOMAIN + accntFlag = 1; // DOMAIN } - //check pass + // check pass if (strstr(miscptr, "HASH") != NULL) { hashFlag = 1; } else if (strstr(miscptr, "MACHINE") != NULL) { hashFlag = 2; } - //check auth + // check auth if (strstr(miscptr, "NTLMV2") != NULL) { smb_auth_mechanism = AUTH_NTLMv2; } else if (strstr(miscptr, "NTLM") != NULL) { @@ -1366,10 +1408,10 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; for (;;) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if (port != 0) { sock = hydra_connect_tcp(ip, port); @@ -1388,14 +1430,16 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL port = PORT_SMBNT; protoFlag = WIN2000_NATIVEMODE; } else { - hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n"); + hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. " + "Attempting WIN_NETBIOS mode.\n"); port = PORT_SMB; protoFlag = WIN_NETBIOSMODE; sock = hydra_connect_tcp(ip, PORT_SMB); } } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } if (NBSSessionRequest(sock) < 0) { @@ -1404,10 +1448,10 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } next_run = SMBNegProt(sock); break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_smb(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -1421,51 +1465,27 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } #endif -int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here time_t ctime; int ready = 0, sock = hydra_connect_tcp(ip, port); - unsigned char buf[] = { - 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, - 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02, - 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, - 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, - 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, - 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, - 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, - 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, - 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, - 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, - 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, - 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, - 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, - 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, - 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, - 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, - 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, - 0x32, 0x00 }; + unsigned char buf[] = {0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d, + 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, + 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00}; - if (sock < 0) { fprintf(stderr, "[ERROR] could not connect to target smb://%s:%d/\n", hostname, port); return -1; } - + if (send(sock, buf, sizeof(buf), 0) < 0) { fprintf(stderr, "[ERROR] unable to send to target smb://%s:%d/\n", hostname, port); return -1; @@ -1475,34 +1495,38 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc do { usleepn(300); } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL)); - + if (ready <= 0) { fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port); return -1; } - + if ((ready = recv(sock, buf, sizeof(buf), 0)) < 40) { fprintf(stderr, "[ERROR] invalid reply from target smb://%s:%d/\n", hostname, port); return -1; } close(sock); - + if (buf[37] == buf[38] && buf[38] == 0xff) { fprintf(stderr, "[ERROR] target smb://%s:%d/ does not support SMBv1\n", hostname, port); return -1; } - + if ((buf[15] & 16) == 16) { - fprintf(stderr, "[ERROR] target smb://%s:%d/ requires signing which we do not support\n", hostname, port); + fprintf(stderr, + "[ERROR] target smb://%s:%d/ requires signing which we do not " + "support\n", + hostname, port); return -1; } - + return 0; } -void usage_smb(const char* service) { - printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" +void usage_smb(const char *service) { + printf("Module smb default value is set to test both local and domain account, " + "using a simple password with NTLM dialect.\n" "Note: you can set the group type using LOCAL or DOMAIN keyword\n" " or other_domain:{value} to specify a trusted domain.\n" " you can set the password type using HASH or MACHINE keyword\n" @@ -1510,6 +1534,9 @@ void usage_smb(const char* service) { " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" "Example: \n" " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" - " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); + " hydra smb://microsoft.com -l admin -p " + "D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m " + "\"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m " + "\"other_domain:SECONDDOMAIN\"\n\n"); } diff --git a/hydra-smb2.c b/hydra-smb2.c index f42f074..c603d63 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -21,47 +21,41 @@ #include "hydra-mod.h" -#include -#include -#include #include #include +#include +#include +#include extern char *HYDRA_EXIT; typedef struct creds { - const char* workgroup; - const char* user; - const char* pass; + const char *workgroup; + const char *user; + const char *pass; } creds_t; - const char default_workgroup[] = "WORKGROUP"; bool use_nt_hash = false; -const char* workgroup = default_workgroup; -const char* netbios_name = NULL; +const char *workgroup = default_workgroup; +const char *netbios_name = NULL; -#define EXIT_PROTOCOL_ERROR hydra_child_exit(2) -#define EXIT_CONNECTION_ERROR hydra_child_exit(1) -#define EXIT_NORMAL hydra_child_exit(0) +#define EXIT_PROTOCOL_ERROR hydra_child_exit(2) +#define EXIT_CONNECTION_ERROR hydra_child_exit(1) +#define EXIT_NORMAL hydra_child_exit(0) -void smb2_auth_provider(SMBCCTX *c, - const char *srv, - const char *shr, - char *wg, int wglen, - char *un, int unlen, - char *pw, int pwlen) { - creds_t* cr = (creds_t*)smbc_getOptionUserData(c); +void smb2_auth_provider(SMBCCTX *c, const char *srv, const char *shr, char *wg, int wglen, char *un, int unlen, char *pw, int pwlen) { + creds_t *cr = (creds_t *)smbc_getOptionUserData(c); strncpy(wg, cr->workgroup, wglen); strncpy(un, cr->user, unlen); strncpy(pw, cr->pass, pwlen); - wg[wglen-1] = 0; - un[unlen-1] = 0; - pw[pwlen-1] = 0; + wg[wglen - 1] = 0; + un[unlen - 1] = 0; + pw[pwlen - 1] = 0; } -bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) { - SMBCCTX* ctx = smbc_new_context(); +bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { + SMBCCTX *ctx = smbc_new_context(); if (ctx == NULL) { hydra_report(stderr, "[ERROR] failed to create context\n"); EXIT_PROTOCOL_ERROR; @@ -76,7 +70,7 @@ bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) { smbc_setOptionNoAutoAnonymousLogin(ctx, false); smbc_setOptionUseNTHash(ctx, use_nt_hash); if (netbios_name) { - smbc_setNetbiosName(ctx, (char*)netbios_name); + smbc_setNetbiosName(ctx, (char *)netbios_name); } ctx = smbc_init_context(ctx); @@ -88,12 +82,9 @@ bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) { char uri[2048]; snprintf(uri, sizeof(uri) - 1, "smb://%s/IPC$", server); - uri[sizeof(uri)-1] = 0; + uri[sizeof(uri) - 1] = 0; if (verbose) { - printf("[INFO] Connecting to: %s with %s\\%s%%%s\n", - uri, cr->workgroup, - cr->user, - cr->pass); + printf("[INFO] Connecting to: %s with %s\\%s%%%s\n", uri, cr->workgroup, cr->user, cr->pass); } SMBCFILE *fd = smbc_getFunctionOpendir(ctx)(ctx, uri); if (fd) { @@ -162,13 +153,7 @@ bool smb2_run_test(creds_t* cr, const char* server, uint16_t port) { return false; } -void service_smb2(char *ip, - int32_t sp, - unsigned char options, - char *miscptr, - FILE * fp, - int32_t port, - char *hostname) { +void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { hydra_register_socket(sp); while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) { char *login, *pass; @@ -177,9 +162,9 @@ void service_smb2(char *ip, pass = hydra_get_next_password(); creds_t cr = { - .user = login, - .pass = pass, - .workgroup = workgroup, + .user = login, + .pass = pass, + .workgroup = workgroup, }; if (smb2_run_test(&cr, hydra_address2string(ip), port & 0xffff)) { @@ -199,24 +184,18 @@ const char tkn_netbios[] = "netbios:{"; #define CMP(s1, s2) (strncmp(s1, s2, sizeof(s1) - 1) == 0) -int32_t service_smb2_init(char *ip, - int32_t sp, - unsigned char options, - char *miscptr, - FILE * fp, - int32_t port, - char *hostname) { +int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { if (!miscptr) return 0; - while(*miscptr) { + while (*miscptr) { if (isspace(*miscptr)) { miscptr++; continue; } if (CMP(tkn_workgroup, miscptr)) { miscptr += sizeof(tkn_workgroup) - 1; - char* p = strchr(miscptr, '}'); + char *p = strchr(miscptr, '}'); if (p == NULL) { hydra_report(stderr, "[ERROR] missing closing brace in workgroup\n"); return -1; @@ -231,7 +210,7 @@ int32_t service_smb2_init(char *ip, } if (CMP(tkn_netbios, miscptr)) { miscptr += sizeof(tkn_netbios) - 1; - char* p = strchr(miscptr, '}'); + char *p = strchr(miscptr, '}'); if (p == NULL) { hydra_report(stderr, "[ERROR] missing closing brace in netbios name\n"); return -1; @@ -268,7 +247,7 @@ int32_t service_smb2_init(char *ip, return 0; } -void usage_smb2(const char* service) { +void usage_smb2(const char *service) { puts("Module is a thin wrapper over the Samba client library (libsmbclient).\n" "Thus, is capable of negotiating v1, v2 and v3 of the protocol.\n" "\n" @@ -296,9 +275,10 @@ void usage_smb2(const char* service) { "\n" "Examples: \n" " hydra smb2://abc.com -l admin -p xxx -m workgroup:{OFFICE}\n" - " hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m 'workgroup:{OFFICE} nthash:true'\n" - " hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n" - ); + " hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m " + "'workgroup:{OFFICE} nthash:true'\n" + " hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 " + "'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n"); } #endif // LIBSMBCLIENT diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c index c26ac63..ddc0355 100644 --- a/hydra-smtp-enum.c +++ b/hydra-smtp-enum.c @@ -24,7 +24,7 @@ int32_t tosent = 0; int32_t smtp_enum_cmd = VRFY; -int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[500]; @@ -55,7 +55,7 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options return (1); if (debug) hydra_report(stderr, "DEBUG S: %s", buf); - /* good return values are something like 25x */ + /* good return values are something like 25x */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "^25\\d\\s")) { #else @@ -103,7 +103,7 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options return (1); if (debug) hydra_report(stderr, "DEBUG S: %s", buf); - /* good return values are something like 25x */ + /* good return values are something like 25x */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "^25\\d\\s")) { #else @@ -119,21 +119,25 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options err = strstr(buf, "Error"); if (err || tosent || strncmp(buf, "50", 2) == 0) { // we should report command not identified by the server - //502 5.5.2 Error: command not recognized -//#ifdef HAVE_PCRE -// if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) { -//#else -// if ((debug || strstr(buf, "command") != NULL) && err) { -//#endif -// hydra_report(stderr, "Server %s", err); -// } + // 502 5.5.2 Error: command not recognized + //#ifdef HAVE_PCRE + // if ((debug || hydra_string_match(buf, + // "\\scommand\\snot\\srecognized")) && err) { + //#else + // if ((debug || strstr(buf, "command") != NULL) && err) { + //#endif + // hydra_report(stderr, "Server %s", err); + // } if (strncmp(buf, "500 ", 4) == 0) { - hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf); + hydra_report(stderr, + "[ERROR] command is disabled on the server (choose " + "different method): %s", + buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); - //503 5.5.1 Error: nested MAIL command + // 503 5.5.1 Error: nested MAIL command strncpy(buffer, "RSET\r\n", sizeof(buffer)); free(buf); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -150,7 +154,7 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options return 2; } -void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, i = 0; int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL; char *buffer = "HELO hydra\r\n"; @@ -160,7 +164,7 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -175,7 +179,7 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } /* receive initial header */ @@ -185,17 +189,17 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt hydra_report(stderr, "Warning: SMTP does not allow connecting: %s\n", buf); hydra_child_exit(2); } -// while (strstr(buf, "220 ") == NULL) { -// free(buf); -// buf = hydra_receive_line(sock); -// } + // while (strstr(buf, "220 ") == NULL) { + // free(buf); + // buf = hydra_receive_line(sock); + // } -// if (buf[0] != '2') { + // if (buf[0] != '2') { if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { free(buf); hydra_child_exit(2); } -// } + // } free(buf); if ((buf = hydra_receive_line(sock)) == NULL) @@ -207,7 +211,7 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strncmp(miscptr, "EXPN", 4) == 0) smtp_enum_cmd = EXPN; @@ -232,10 +236,10 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_smtp_enum(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -249,13 +253,13 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt } } -int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -263,9 +267,11 @@ int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char return 0; } -void usage_smtp_enum(const char* service) { +void usage_smtp_enum(const char *service) { printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" - "login parameter is used as username and password parameter as the domain name\n" - "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); + "login parameter is used as username and password parameter as the " + "domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" + "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); } diff --git a/hydra-smtp.c b/hydra-smtp.c index b27ec0f..97b2bab 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -14,7 +14,7 @@ char *smtp_read_server_capacity(int32_t sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { - if (isdigit((int32_t) buf[0]) && buf[3] == ' ') + if (isdigit((int32_t)buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') @@ -27,7 +27,7 @@ char *smtp_read_server_capacity(int32_t sock) { if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; - if (isdigit((int32_t) *ptr) && *(ptr + 3) == ' ') + if (isdigit((int32_t)*ptr) && *(ptr + 3) == ' ') resp = 1; } } @@ -36,7 +36,7 @@ char *smtp_read_server_capacity(int32_t sock) { return buf; } -int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf; @@ -52,7 +52,6 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha } switch (smtp_auth_mechanism) { - case AUTH_PLAIN: sprintf(buffer, "AUTH PLAIN\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -77,105 +76,102 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha break; #ifdef LIBOPENSSL - case AUTH_CRAMMD5:{ - int32_t rc = 0; - char *preplogin; + case AUTH_CRAMMD5: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } - - sprintf(buffer, "AUTH CRAM-MD5\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, "334") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); - - sprintf(buffer, "%s %.250s", preplogin, buffer2); - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - - char tmp_buffer[sizeof(buffer)]; - sprintf(tmp_buffer, "%.250s\r\n", buffer); - strcpy(buffer, tmp_buffer); - - free(preplogin); + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "AUTH DIGEST-MD5\r\n"); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, "334") == NULL) { - hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", buffer); - - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; + // get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + + free(preplogin); + } break; + + case AUTH_DIGESTMD5: { + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); + if (fooptr == NULL) + return 3; + + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //send auth and receive challenge - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - sprintf(buffer, "AUTH NTLM %s\r\n", buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, "334") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } - //recover challenge - from64tobits((char *) buf1, buf + 4); - free(buf); - - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "%s\r\n", buf1); + // send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + sprintf(buffer, "AUTH NTLM %s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + // recover challenge + from64tobits((char *)buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, "%s\r\n", buf1); + } break; default: /* by default trying AUTH LOGIN */ @@ -188,13 +184,16 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha /* 504 5.7.4 Unrecognized authentication type */ if (strstr(buf, "334") == NULL) { - hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or server is not using auth: %s\n", buf); + hydra_report(stderr, + "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or " + "server is not using auth: %s\n", + buf); free(buf); return 3; } free(buf); sprintf(buffer2, "%.250s", login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -210,7 +209,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); sprintf(buffer2, "%.250s", pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); } @@ -224,7 +223,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (smtp_auth_mechanism == AUTH_DIGESTMD5) { if (strstr(buf, "334") != NULL && strlen(buf) >= 8) { memset(buffer2, 0, sizeof(buffer2)); - from64tobits((char *) buffer2, buf + 4); + from64tobits((char *)buffer2, buf + 4); if (strstr(buffer2, "rspauth=") != NULL) { hydra_report_found_host(port, ip, "smtp", fp); hydra_completed_pair_found(); @@ -254,7 +253,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 2; } -void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, i = 0; int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; char *buf; @@ -266,7 +265,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -282,7 +281,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -310,7 +309,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int32_t) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { disable_tls = 0; @@ -325,7 +324,8 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI free(buf); buf = hydra_receive_line(sock); if (buf[0] != '2') { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock, hostname) == -1)) { @@ -346,9 +346,11 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI hydra_child_exit(2); } } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it " + "is not supported by the server\n"); } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is " + "not supported by the server\n"); } #endif @@ -380,9 +382,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI smtp_auth_mechanism = AUTH_PLAIN; } - if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - if (strstr(miscptr, "LOGIN")) smtp_auth_mechanism = AUTH_LOGIN; @@ -399,7 +399,6 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if (strstr(miscptr, "NTLM")) smtp_auth_mechanism = AUTH_NTLM; - } if (verbose) { @@ -426,10 +425,10 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_smtp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -443,13 +442,13 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -457,8 +456,10 @@ int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_smtp(const char* service) { +void usage_smtp(const char *service) { printf("Module smtp is optionally taking one authentication type of:\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" - "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); + "Additionally TLS encryption via STARTTLS can be enforced with the " + "TLS option.\n\n" + "Example: smtp://target/TLS:PLAIN\n"); } diff --git a/hydra-snmp.c b/hydra-snmp.c index a9adb17..415ceb8 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -1,10 +1,10 @@ #include "hydra-mod.h" #ifdef LIBOPENSSL +#include +#include #include #include #include -#include -#include #endif extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -15,31 +15,13 @@ extern int32_t child_head_no; char snmpv3buf[1024], *snmpv3info = NULL; int32_t snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; -unsigned char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, - 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, - 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, - 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, - 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, - 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, - 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, - 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00 -}; +unsigned char snmpv3_init[] = {0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00}; -unsigned char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, - 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, - 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03 -}; +unsigned char snmpv3_get1[] = {0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03}; -unsigned char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, - 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, - 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, - 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, - 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, - 0x00 -}; +unsigned char snmpv3_get2[] = {0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, 0x00}; -unsigned char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 }; +unsigned char snmpv3_nouser[] = {0x04, 0x00, 0x04, 0x00, 0x04, 0x00}; struct SNMPV1_A { char ID; @@ -49,13 +31,11 @@ struct SNMPV1_A { char comlen; }; -struct SNMPV1_A snmpv1_a = { - .ID = '\x30', - .len = '\x00', - .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ - .comid = '\x04', - .comlen = '\x00' -}; +struct SNMPV1_A snmpv1_a = {.ID = '\x30', + .len = '\x00', + .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ + .comid = '\x04', + .comlen = '\x00'}; struct SNMPV1_R { unsigned char type[2]; @@ -67,12 +47,14 @@ struct SNMPV1_R { unsigned char object[11]; unsigned char value[3]; } snmpv1_r = { - .type = "\xa0\x1b", /* GET */ - .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */ - .errstat = "\x02\x01\x00", /* no error */ - .errind = "\x02\x01\x00", /* error index 0 */ - .objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ - .value = "\x05\x00" /* we just read, so value = 0 */ + .type = "\xa0\x1b", /* GET */ + .identid = "\x02\x04", + .ident = "\x1a\x5e\x97\x00", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x0d", + .object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ + .value = "\x05\x00" /* we just read, so value = 0 */ }; struct SNMPV1_W { @@ -85,20 +67,22 @@ struct SNMPV1_W { unsigned char object[12]; unsigned char value[8]; } snmpv1_w = { - .type = "\xa3\x21", /* SET */ - .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */ - .errstat = "\x02\x01\x00", /* no error */ - .errind = "\x02\x01\x00", /* error index 0 */ - .objectid = "\x30\x13", /* string */ - .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */ + .type = "\xa3\x21", /* SET */ + .identid = "\x02\x04", + .ident = "\x1a\x5e\x97\x22", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x13", /* string */ + .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00", + .value = "\x04\x05Hydra" /* writing hydra :-) */ }; #ifdef LIBOPENSSL -void password_to_key_md5(u_char * password, /* IN */ - u_int passwordlen, /* IN */ - u_char * engineID, /* IN - pointer to snmpEngineID */ - u_int engineLength, /* IN - length of snmpEngineID */ - u_char * key) { /* OUT - pointer to caller 16-octet buffer */ +void password_to_key_md5(u_char *password, /* IN */ + u_int passwordlen, /* IN */ + u_char *engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char *key) { /* OUT - pointer to caller 16-octet buffer */ MD5_CTX MD; u_char *cp, password_buf[80], *mypass = password, bpass[17]; u_long password_index = 0, count = 0, i, mylen, myelen = engineLength; @@ -121,7 +105,7 @@ void password_to_key_md5(u_char * password, /* IN */ if (myelen > 32) myelen = 32; - MD5_Init(&MD); /* initialize MD5 */ + MD5_Init(&MD); /* initialize MD5 */ /* Use while loop until we've done 1 Megabyte */ while (count < 1048576) { cp = password_buf; @@ -133,7 +117,7 @@ void password_to_key_md5(u_char * password, /* IN */ MD5_Update(&MD, password_buf, 64); count += 64; } - MD5_Final(key, &MD); /* tell MD5 we're done */ + MD5_Final(key, &MD); /* tell MD5 we're done */ /* Now localize the key with the engineID and pass */ /* through MD5 to produce final key */ /* May want to ensure that engineLength <= 32, */ @@ -147,11 +131,11 @@ void password_to_key_md5(u_char * password, /* IN */ return; } -void password_to_key_sha(u_char * password, /* IN */ - u_int passwordlen, /* IN */ - u_char * engineID, /* IN - pointer to snmpEngineID */ - u_int engineLength, /* IN - length of snmpEngineID */ - u_char * key) { /* OUT - pointer to caller 20-octet buffer */ +void password_to_key_sha(u_char *password, /* IN */ + u_int passwordlen, /* IN */ + u_char *engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char *key) { /* OUT - pointer to caller 20-octet buffer */ SHA_CTX SH; u_char *cp, password_buf[80], *mypass = password, bpass[17]; u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; @@ -169,7 +153,7 @@ void password_to_key_sha(u_char * password, /* IN */ if (myelen > 32) myelen = 32; - SHA1_Init(&SH); /* initialize SHA */ + SHA1_Init(&SH); /* initialize SHA */ /* Use while loop until we've done 1 Megabyte */ while (count < 1048576) { cp = password_buf; @@ -181,7 +165,7 @@ void password_to_key_sha(u_char * password, /* IN */ SHA1_Update(&SH, password_buf, 64); count += 64; } - SHA1_Final(key, &SH); /* tell SHA we're done */ + SHA1_Final(key, &SH); /* tell SHA we're done */ /* Now localize the key with the engineID and pass */ /* through SHA to produce final key */ /* May want to ensure that engineLength <= 32, */ @@ -196,7 +180,7 @@ void password_to_key_sha(u_char * password, /* IN */ } #endif -int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = ""; int32_t i, j, k, size, off = 0, off2 = 0; unsigned char initVect[8], privacy_params[8]; @@ -223,7 +207,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha size = sizeof(snmpv1_w); } - snmpv1_a.comlen = (char) strlen(pass); + snmpv1_a.comlen = (char)strlen(pass); snmpv1_a.len = snmpv1_a.comlen + size + sizeof(snmpv1_a) - 3; i = sizeof(snmpv1_a); @@ -238,7 +222,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha memcpy(buffer + i, &snmpv1_w, size); i += sizeof(snmpv1_w); } - } else { // snmpv3 + } else { // snmpv3 if (enctype == 0) { memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1)); i = sizeof(snmpv3_get1); @@ -277,7 +261,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (enctype == 0) buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1]; i += snmpv3infolen; -//printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]); + // printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), + // buffer[1]); buffer[i] = 0x04; buffer[i + 1] = strlen(login); @@ -301,7 +286,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha i += 2; } else { buffer[i + 1] = 8; - memcpy(buffer + i + 2, salt, 8); // uninitialized and we don't care + memcpy(buffer + i + 2, salt, 8); // uninitialized and we don't care i += 10; } @@ -314,49 +299,49 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL -/* -//PrivDES::encrypt(const unsigned char *key, -// const uint32_t key_len, -// const unsigned char *buffer, -// const uint32_t buffer_len, -// unsigned char *out_buffer, -// uint32_t *out_buffer_len, -// unsigned char *privacy_params, -// uint32_t *privacy_params_len, -// const unsigned long engine_boots, -// const unsigned long engine_time) -// last 8 bytes of key are used as base for initialization vector */ + /* + //PrivDES::encrypt(const unsigned char *key, + // const uint32_t key_len, + // const unsigned char *buffer, + // const uint32_t buffer_len, + // unsigned char *out_buffer, + // uint32_t *out_buffer_len, + // unsigned char *privacy_params, + // uint32_t *privacy_params_len, + // const unsigned long engine_boots, + // const unsigned long engine_time) + // last 8 bytes of key are used as base for initialization vector */ k = 0; - memcpy((char *) initVect, key + 8, 8); + memcpy((char *)initVect, key + 8, 8); // put salt in privacy_params j = htonl(engine_boots); - memcpy(privacy_params, (char *) &j, 4); - memcpy(privacy_params + 4, salt, 4); // ??? correct? - // xor initVect with salt + memcpy(privacy_params, (char *)&j, 4); + memcpy(privacy_params + 4, salt, 4); // ??? correct? + // xor initVect with salt for (i = 0; i < 8; i++) initVect[i] ^= privacy_params[i]; - DES_key_sched((const_DES_cblock *) key, &symcbc); - DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (const_DES_cblock *) (initVect), DES_ENCRYPT); + DES_key_sched((const_DES_cblock *)key, &symcbc); + DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (const_DES_cblock *)(initVect), DES_ENCRYPT); #endif -/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) { - DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (const_DES_cblock*)(initVect), DES_ENCRYPT); - } - // last part of buffer - if (buffer_len % 8) { - unsigned char tmp_buf[8]; - unsigned char *tmp_buf_ptr = tmp_buf; - int32_t start = buffer_len - (buffer_len % 8); - memset(tmp_buf, 0, 8); - for (uint32_t l = start; l < buffer_len; l++) - *tmp_buf_ptr++ = buffer[l]; - DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, (const_DES_cblock*)(initVect), DES_ENCRYPT); - *out_buffer_len = buffer_len + 8 - (buffer_len % 8); - } else - *out_buffer_len = buffer_len; -*/ - //dummy + /* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) { + DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, + (const_DES_cblock*)(initVect), DES_ENCRYPT); + } + // last part of buffer + if (buffer_len % 8) { + unsigned char tmp_buf[8]; + unsigned char *tmp_buf_ptr = tmp_buf; + int32_t start = buffer_len - (buffer_len % 8); + memset(tmp_buf, 0, 8); + for (uint32_t l = start; l < buffer_len; l++) + *tmp_buf_ptr++ = buffer[l]; + DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, + (const_DES_cblock*)(initVect), DES_ENCRYPT); *out_buffer_len = + buffer_len + 8 - (buffer_len % 8); } else *out_buffer_len = buffer_len; + */ + // dummy k = ((sizeof(snmpv3_get2) - 2) / 8); if ((sizeof(snmpv3_get2) - 2) % 8 != 0) k++; @@ -364,13 +349,13 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha i += k * 8 + 2; } - i++; // just to conform with the snmpv1/2 code + i++; // just to conform with the snmpv1/2 code #ifdef LIBOPENSSL if (hashtype == 1) { - HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL); + HMAC((EVP_MD *)EVP_md5(), key, 16, buffer, i - 1, hash, NULL); memcpy(buffer + off, hash, 12); } else if (hashtype == 2) { - HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); + HMAC((EVP_MD *)EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); memcpy(buffer + off, hash, 12); } #endif @@ -384,19 +369,19 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha } while (hydra_data_ready_timed(s, 1, 0) <= 0 && j < 3); if (hydra_data_ready_timed(s, 5, 0) > 0) { - i = hydra_recv(s, (char *) buf, sizeof(buf)); + i = hydra_recv(s, (char *)buf, sizeof(buf)); if (snmpversion < 3) { /* stolen from ADMsnmp... :P */ for (j = 0; j < i; j++) { if (buf[j] == '\x04') { /* community name */ for (j = j + buf[j + 1]; j + 2 < i; j++) { - if (buf[j] == '\xa2') { /* PDU Response */ + if (buf[j] == '\xa2') { /* PDU Response */ for (; j + 2 < i; j++) { if (buf[j] == '\x02') { /* ID */ for (j = j + (buf[j + 1]); j + 2 < i; j++) { if (buf[j] == '\x02') { - if (buf[j + 1] == '\x01') { /* good ! */ + if (buf[j + 1] == '\x01') { /* good ! */ hydra_report_found_host(port, ip, "snmp", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -411,7 +396,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha } } } - } else { // snmpv3 reply + } else { // snmpv3 reply off = 0; if (buf[0] == 0x30) { if (buf[4] == 0x03 && buf[5] == 0x30) @@ -453,7 +438,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; - } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist + } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, + sizeof(snmpv3_nouser)) >= 0) { // user does not exist if (verbose) printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); @@ -470,7 +456,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 1; } -void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, i = 0; int32_t myport = PORT_SNMP; char *lptr; @@ -519,7 +505,7 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI hydra_register_socket(sp); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -528,7 +514,7 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI while (snmpv3info == NULL && next_run < 3) { hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0); if (hydra_data_ready_timed(sock, 5, 0) > 0) { - if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) { + if ((i = hydra_recv(sock, (char *)snmpv3buf, sizeof(snmpv3buf))) > 30) { if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30) { snmpv3info = snmpv3buf + 7 + snmpv3buf[6]; snmpv3infolen = snmpv3info[3] + 4; @@ -538,8 +524,9 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI if (debug) hydra_dump_asciihex(snmpv3info, snmpv3infolen); if (snmpv3info[10] == 3 && child_head_no == 0) - printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13], - (unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]); + printf("[INFO] Remote device MAC address is " + "%02x:%02x:%02x:%02x:%02x:%02x\n", + (unsigned char)snmpv3info[12], (unsigned char)snmpv3info[13], (unsigned char)snmpv3info[14], (unsigned char)snmpv3info[15], (unsigned char)snmpv3info[16], (unsigned char)snmpv3info[12]); } } } @@ -557,10 +544,10 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_snmp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -573,13 +560,13 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } } -int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -587,20 +574,22 @@ int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_snmp(const char* service) { +void usage_snmp(const char *service) { printf("Module snmp is optionally taking the following parameters:\n" " READ perform read requests (default)\n" " WRITE perform write requests\n" " 1 use SNMP version 1 (default)\n" " 2 use SNMP version 2\n" " 3 use SNMP version 3\n" - " Note that SNMP version 3 usually uses both login and passwords!\n" + " Note that SNMP version 3 usually uses both login and " + "passwords!\n" " SNMP version 3 has the following optional sub parameters:\n" " MD5 use MD5 authentication (default)\n" " SHA use SHA authentication\n" " DES use DES encryption\n" " AES use AES encryption\n" - " if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n" + " if no -p/-P parameter is given, SNMPv3 noauth is performed, " + "which\n" " only requires a password (or username) not both.\n" "To combine the options, use colons (\":\"), e.g.:\n" " hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n" diff --git a/hydra-socks5.c b/hydra-socks5.c index 6781916..aef0a68 100644 --- a/hydra-socks5.c +++ b/hydra-socks5.c @@ -14,7 +14,7 @@ unsigned char *buf; int32_t fail_cnt; -int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300]; int32_t pport, fud = 0; @@ -28,7 +28,7 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c if (hydra_send(s, buffer, 4, 0) < 0) { return 1; } - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) { + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) { fail_cnt++; if (fail_cnt >= 10) return 5; @@ -57,16 +57,16 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c } free(buf); -/* RFC 1929 - For username/password authentication the client's authentication request is - field 1: version number, 1 byte (must be 0x01) -*/ - snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + /* RFC 1929 + For username/password authentication the client's authentication request is + field 1: version number, 1 byte (must be 0x01) + */ + snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char)strlen(login), login, (char)strlen(pass), pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return (1); if (buf[1] != 255) { @@ -84,7 +84,7 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c memcpy(buffer + 8, &pport, 2); hydra_send(s, buffer, 10, 0); } - if ((buf = (unsigned char *) hydra_receive_line(s)) != NULL) { + if ((buf = (unsigned char *)hydra_receive_line(s)) != NULL) { if (buf[1] == 0 || buf[1] == 32) { hydra_report_found_host(port, ip, "socks5", fp); hydra_completed_pair_found(); @@ -104,7 +104,7 @@ int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, c return 2; } -void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL; @@ -116,10 +116,10 @@ void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -133,25 +133,25 @@ void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_socks5(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; - case 5: /* clean exit, server may blocking connections */ + case 5: /* clean exit, server may blocking connections */ hydra_report(stderr, "[ERROR] Server may blocking connections\n"); if (sock >= 0) sock = hydra_disconnect(sock); @@ -165,13 +165,13 @@ void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-ssh.c b/hydra-ssh.c index 1ca2815..ef4a691 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -8,9 +8,7 @@ have to add option -DWITH_SSH1=On in the cmake #include "hydra-mod.h" #ifndef LIBSSH -void dummy_ssh() { - printf("\n"); -} +void dummy_ssh() { printf("\n"); } #else #include @@ -23,7 +21,7 @@ extern hydra_option hydra_options; extern char *HYDRA_EXIT; int32_t new_session = 1; -int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, keep_login[300]; int32_t auth_state = 0, rc = 0, i = 0; @@ -49,7 +47,7 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { - //if the connection was drop, exit and let hydra main handle it + // if the connection was drop, exit and let hydra main handle it if (verbose) hydra_report(stderr, "[ERROR] could not connect to target port %d: %s\n", port, ssh_get_error(session)); return 3; @@ -110,7 +108,7 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } -void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -118,7 +116,7 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_ssh(sock, ip, port, options, miscptr, fp); break; case 2: @@ -158,16 +156,16 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL #endif // -// dirty workaround here: miscptr is the ptr to the logins, and the first one is used -// to test if password authentication is enabled!! +// dirty workaround here: miscptr is the ptr to the logins, and the first one is +// used to test if password authentication is enabled!! // -int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // 1 skip target without generating an error @@ -176,9 +174,11 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc #ifdef LIBSSH int32_t rc, method; ssh_session session = ssh_new(); - + if (verbose || debug) - printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port); + printf("[INFO] Testing if password authentication is supported by " + "ssh://%s@%s:%d\n", + miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); if (miscptr == NULL) @@ -191,26 +191,35 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc if (ssh_connect(session) != 0) { fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session)); return 2; - } + } rc = ssh_userauth_none(session, NULL); - method = ssh_userauth_list(session, NULL); + method = ssh_userauth_list(session, NULL); ssh_disconnect(session); ssh_finalize(); ssh_free(session); - if (debug) printf("[DEBUG] SSH method check: %08x\n", method); + if (debug) + printf("[DEBUG] SSH method check: %08x\n", method); if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) { if (verbose || debug) - printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string_beautiful(ip), port); + printf("[INFO] Successful, password authentication is supported by " + "ssh://%s:%d\n", + hydra_address2string_beautiful(ip), port); return 0; } else if (method == 0) { if (verbose || debug) - fprintf(stderr, "[WARNING] invalid SSH method reply from ssh://%s:%d, continuing anyway ... (check for empty password!)\n", hydra_address2string_beautiful(ip), port); + fprintf(stderr, + "[WARNING] invalid SSH method reply from ssh://%s:%d, continuing " + "anyway ... (check for empty password!)\n", + hydra_address2string_beautiful(ip), port); return 0; } - fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication (method reply %d).\n", hydra_address2string_beautiful(ip), port, method); + fprintf(stderr, + "[ERROR] target ssh://%s:%d/ does not support password " + "authentication (method reply %d).\n", + hydra_address2string_beautiful(ip), port, method); return 1; #else return 0; diff --git a/hydra-sshkey.c b/hydra-sshkey.c index 7a51389..113d6de 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -1,16 +1,14 @@ /* libssh is available at http://www.libssh.org - current version is 0.4.8 + current version is 0.4.8 If you want support for ssh v1 protocol, you have to add option -DWITH_SSH1=On in the cmake */ #include "hydra-mod.h" #ifndef LIBSSH -void dummy_sshkey() { - printf("\n"); -} +void dummy_sshkey() { printf("\n"); } #else #include @@ -21,7 +19,7 @@ extern ssh_session session; extern char *HYDRA_EXIT; extern int32_t new_session; -int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *key, keep_login[300]; int32_t auth_state = 0, rc = 0; @@ -46,7 +44,7 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, c ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { - //if the connection was drop, exit and let hydra main handle it + // if the connection was drop, exit and let hydra main handle it if (verbose) hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); return 3; @@ -108,7 +106,7 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } -void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); @@ -116,7 +114,7 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_sshkey(sock, ip, port, options, miscptr, fp); break; case 2: @@ -154,13 +152,13 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, #endif #endif -int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -168,9 +166,11 @@ int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *m return 0; } -void usage_sshkey(const char* service) { - printf("Module sshkey does not provide additional options, although the semantic for\n" +void usage_sshkey(const char *service) { + printf("Module sshkey does not provide additional options, although the " + "semantic for\n" "options -p and -P is changed:\n" " -p expects a path to an unencrypted private key in PEM format.\n" - " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); + " -P expects a filename containing a list of path to some unencrypted\n" + " private keys in PEM format.\n\n"); } diff --git a/hydra-svn.c b/hydra-svn.c index 91d8503..063f12c 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -1,5 +1,5 @@ -//This plugin was written by -//checked for memleaks on 110425, none found +// This plugin was written by +// checked for memleaks on 110425, none found #ifdef LIBSVN @@ -10,12 +10,12 @@ #include #endif -#include #include #include -#include #include #include +#include +#include #if SVN_VER_MINOR > 7 #include #endif @@ -25,9 +25,7 @@ #include "hydra-mod.h" #ifndef LIBSVN -void dummy_svn() { - printf("\n"); -} +void dummy_svn() { printf("\n"); } #else extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); @@ -36,11 +34,9 @@ extern char *HYDRA_EXIT; #define DEFAULT_BRANCH "trunk" -static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) { - return SVN_NO_ERROR; -} +static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t *dirent, const svn_lock_t *lock, const char *abs_path, apr_pool_t *pool) { return SVN_NO_ERROR; } -static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t * pool) { +static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t **cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t *pool) { char *empty = ""; char *login, *pass; svn_auth_cred_simple_t *ret = apr_pcalloc(pool, sizeof(*ret)); @@ -57,13 +53,13 @@ static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, vo return SVN_NO_ERROR; } -int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { - //int32_t ipv6 = 0; +int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + // int32_t ipv6 = 0; char URL[1024]; char URLBRANCH[256]; - #if SVN_VER_MINOR > 7 +#if SVN_VER_MINOR > 7 const char *canonical; - #endif +#endif apr_pool_t *pool; svn_error_t *err; svn_opt_revision_t revision; @@ -80,7 +76,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS) return 4; - //if (ip[0] == 16) + // if (ip[0] == 16) // ipv6 = 1; pool = svn_pool_create(NULL); @@ -96,7 +92,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char if ((err = svn_client_create_context2(&ctx, NULL, pool))) { #else if ((err = svn_client_create_context(&ctx, pool))) { -#endif +#endif svn_pool_destroy(pool); svn_handle_error2(err, stderr, FALSE, "hydra: "); return 4; @@ -110,7 +106,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *)); - svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ + svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ 0, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; @@ -120,29 +116,29 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char revision.kind = svn_opt_revision_head; snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string_beautiful(ip), port, URLBRANCH); dirents = SVN_DIRENT_KIND; - #if SVN_VER_MINOR > 9 +#if SVN_VER_MINOR > 9 canonical = svn_uri_canonicalize(URL, pool); - err = svn_client_list4(canonical, &revision, &revision, NULL, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t) print_dirdummy, NULL, ctx, pool); - #elif SVN_VER_MINOR > 7 + err = svn_client_list4(canonical, &revision, &revision, NULL, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool); +#elif SVN_VER_MINOR > 7 canonical = svn_uri_canonicalize(URL, pool); - err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t) print_dirdummy, NULL, ctx, pool); - #else - err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); - #endif + err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool); +#else +err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); +#endif svn_pool_destroy(pool); if (err) { if (debug || (verbose && (err->apr_err != 170001 && err->apr_err != 170013))) hydra_report(stderr, "[ERROR] Access refused (error code %d) , message: %s\n", err->apr_err, err->message); - //Username not found 170001 ": Username not found" - //Password incorrect 170001 ": Password incorrect" + // Username not found 170001 ": Username not found" + // Password incorrect 170001 ": Password incorrect" if (err->apr_err != 170001 && err->apr_err != 170013) { - return 4; //error + return 4; // error } else { if (strstr(err->message, "Username not found")) { - //if (verbose) - //printf("[INFO] user %s does not exist, skipping\n", login); + // if (verbose) + // printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; @@ -162,7 +158,7 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char return 3; } -void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_SVN, mysslport = PORT_SVN_SSL; @@ -173,11 +169,11 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -191,7 +187,7 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -207,7 +203,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; default: if (!verbose) - hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose " + "option for more details\n"); hydra_child_exit(0); } run = next_run; @@ -216,13 +213,13 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL #endif -int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -238,6 +235,7 @@ int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *misc return 0; } -void usage_svn(const char* service) { - printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); +void usage_svn(const char *service) { + printf("Module svn is optionally taking the repository name to attack, " + "default is \"trunk\"\n\n"); } diff --git a/hydra-teamspeak.c b/hydra-teamspeak.c index 78510e6..d0d17c2 100644 --- a/hydra-teamspeak.c +++ b/hydra-teamspeak.c @@ -37,7 +37,7 @@ extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; -int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char buf[100]; @@ -53,21 +53,21 @@ int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options memcpy(&teamspeak.header, "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00", 16); teamspeak.clientlen = 9; - strcpy((char *) &teamspeak.client, "TeamSpeak"); + strcpy((char *)&teamspeak.client, "TeamSpeak"); teamspeak.oslen = 11; - strcpy((char *) &teamspeak.os, "Linux 2.6.9"); + strcpy((char *)&teamspeak.os, "Linux 2.6.9"); memcpy(&teamspeak.misc, "\x02\x00\x00\x00\x20\x00\x3c\x00\x01\x02", 10); teamspeak.userlen = strlen(login); - strncpy((char *) &teamspeak.user, login, 29); + strncpy((char *)&teamspeak.user, login, 29); teamspeak.passlen = strlen(pass); - strncpy((char *) &teamspeak.pass, pass, 29); + strncpy((char *)&teamspeak.pass, pass, 29); teamspeak.loginlen = 0; - strcpy((char *) &teamspeak.login, ""); + strcpy((char *)&teamspeak.login, ""); #ifdef HAVE_ZLIB teamspeak.crc = crc32(0L, (const Bytef *)&teamspeak, sizeof(struct team_speak)); @@ -75,22 +75,22 @@ int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options teamspeak.crc = crc32(&teamspeak, sizeof(struct team_speak)); #endif - if (hydra_send(s, (char *) &teamspeak, sizeof(struct team_speak), 0) < 0) { + if (hydra_send(s, (char *)&teamspeak, sizeof(struct team_speak), 0) < 0) { return 3; } if (hydra_data_ready_timed(s, 5, 0) > 0) { - hydra_recv(s, (char *) buf, sizeof(buf)); + hydra_recv(s, (char *)buf, sizeof(buf)); if (buf[0x58] == 1) { hydra_report_found_host(port, ip, "teamspeak", fp); hydra_completed_pair_found(); } if (buf[0x4B] != 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } } else { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -101,7 +101,7 @@ int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options return 1; } -void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_TEAMSPEAK; @@ -112,23 +112,23 @@ void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscpt while (1) { switch (run) { - case 1: /* connect and service init function */ -// if (sock >= 0) -// sock = hydra_disconnect(sock); -// usleepn(300); + case 1: /* connect and service init function */ + // if (sock >= 0) + // sock = hydra_disconnect(sock); + // usleepn(300); if (sock < 0) { if (port != 0) myport = port; sock = hydra_connect_udp(ip, myport); port = myport; if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } } next_run = start_teamspeak(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -141,13 +141,13 @@ void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscpt } } -int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-telnet.c b/hydra-telnet.c index b938271..762ade1 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -5,7 +5,7 @@ extern char *HYDRA_EXIT; char *buf; int32_t no_line_mode; -int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300]; int32_t i = 0; @@ -44,7 +44,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c return 3; return 1; } - (void) make_to_lower(buf); + (void)make_to_lower(buf); if (hydra_strcasestr(buf, "asswor") != NULL || hydra_strcasestr(buf, "asscode") != NULL || hydra_strcasestr(buf, "ennwort") != NULL) i = 1; @@ -76,10 +76,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c /*win7 answering with do terminal type = 0xfd 0x18 */ while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && - strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && - (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || - index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); @@ -96,7 +93,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c return 2; } -void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1, fck; int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; @@ -110,10 +107,10 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, int32_t old_waittime = waittime; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); no_line_mode = 0; first = 0; if ((options & OPTION_SSL) == 0) { @@ -128,13 +125,13 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } - if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ + if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); hydra_child_exit(2); -// hydra_child_exit(2); + // hydra_child_exit(2); } if (hydra_strcasestr(buf, "ress ENTER") != NULL) { hydra_send(sock, "\r\n", 2, 0); @@ -150,7 +147,7 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, hydra_report(stdout, "DEBUG: waittime set to %d\n", waittime); } do { - unsigned char *buf2 = (unsigned char *) buf; + unsigned char *buf2 = (unsigned char *)buf; while (*buf2 == IAC) { if (first == 0) { @@ -175,23 +172,23 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, buf2 = buf2 + 3; } - if (buf2 != (unsigned char *) buf) { + if (buf2 != (unsigned char *)buf) { free(buf); buf = hydra_receive_line(sock); } else { buf[0] = 0; } - if (buf != NULL && buf[0] != 0 && (unsigned char) buf[0] != IAC) + if (buf != NULL && buf[0] != 0 && (unsigned char)buf[0] != IAC) make_to_lower(buf); - } while (buf != NULL && (unsigned char) buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL); + } while (buf != NULL && (unsigned char)buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL); free(buf); waittime = old_waittime; next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_telnet(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -204,13 +201,13 @@ void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -218,7 +215,9 @@ int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *m return 0; } -void usage_telnet(const char* service) { +void usage_telnet(const char *service) { printf("Module telnet is optionally taking the string which is displayed after\n" - "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); + "a successful login (case insensitive), use if the default in the " + "telnet\n" + "module produces too many false positives\n\n"); } diff --git a/hydra-time.c b/hydra-time.c index bbd068d..393377a 100644 --- a/hydra-time.c +++ b/hydra-time.c @@ -2,30 +2,23 @@ #ifndef _WIN32 #include -int32_t sleepn(time_t seconds) -{ - struct timespec ts; - ts.tv_sec = seconds; - ts.tv_nsec = 0; - return nanosleep(&ts, NULL); +int32_t sleepn(time_t seconds) { + struct timespec ts; + ts.tv_sec = seconds; + ts.tv_nsec = 0; + return nanosleep(&ts, NULL); } int32_t usleepn(uint64_t milisec) { - struct timespec ts; - ts.tv_sec = milisec / 1000; - ts.tv_nsec = (milisec % 1000) * 1000000L; - return nanosleep(&ts, NULL); + struct timespec ts; + ts.tv_sec = milisec / 1000; + ts.tv_nsec = (milisec % 1000) * 1000000L; + return nanosleep(&ts, NULL); } #else #include -int32_t sleepn(uint32_t seconds) -{ - return SleepEx(milisec*1000,TRUE); -} +int32_t sleepn(uint32_t seconds) { return SleepEx(milisec * 1000, TRUE); } -int32_t usleepn(uint32_t milisec) -{ - return SleepEx(milisec,TRUE); -} +int32_t usleepn(uint32_t milisec) { return SleepEx(milisec, TRUE); } #endif diff --git a/hydra-vmauthd.c b/hydra-vmauthd.c index 06f656f..7f66f5a 100644 --- a/hydra-vmauthd.c +++ b/hydra-vmauthd.c @@ -1,16 +1,15 @@ -//This plugin was written by david@ +// This plugin was written by david@ // -//This plugin is written for VMware Authentication Daemon +// This plugin is written for VMware Authentication Daemon // #include "hydra-mod.h" - extern char *HYDRA_EXIT; char *buf; -int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[300]; @@ -45,9 +44,9 @@ int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, if ((buf = hydra_receive_line(s)) == NULL) return (1); -//fprintf(stderr, "%s\n", buf); -//230 User test logged in. -//530 Login incorrect. + // fprintf(stderr, "%s\n", buf); + // 230 User test logged in. + // 530 Login incorrect. if (strncmp(buf, "230 ", 4) == 0) { hydra_report_found_host(port, ip, "vmauthd", fp); @@ -65,7 +64,7 @@ int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, return 2; } -void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL; @@ -74,10 +73,10 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleepn(300); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -92,14 +91,15 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); -//fprintf(stderr, "%s\n",buf); -//220 VMware Authentication Daemon Version 1.00 -//220 VMware Authentication Daemon Version 1.10: SSL Required -//220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , + // fprintf(stderr, "%s\n",buf); + // 220 VMware Authentication Daemon Version 1.00 + // 220 VMware Authentication Daemon Version 1.10: SSL Required + // 220 VMware Authentication Daemon Version 1.10: SSL Required, + // ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) { /* check the first line */ @@ -108,14 +108,17 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, hydra_child_exit(2); } if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) { - hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf); + hydra_report(stderr, + "[ERROR] this vmware authd protocol is not supported, " + "please report: %s\n", + buf); free(buf); hydra_child_exit(2); } - //by default this service is waiting for ssl connections + // by default this service is waiting for ssl connections if (strstr(buf, "SSL Required") != NULL) { if ((options & OPTION_SSL) == 0) { - //reconnecting using SSL + // reconnecting using SSL if (hydra_connect_to_ssl(sock, hostname) == -1) { free(buf); hydra_report(stderr, "[ERROR] Can't use SSL\n"); @@ -127,10 +130,10 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_vmauthd(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -143,13 +146,13 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, } } -int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-vnc.c b/hydra-vnc.c index 95a12d8..aeecd59 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -5,14 +5,14 @@ * */ -#include "hydra-mod.h" #include "d3des.h" +#include "hydra-mod.h" #define CHALLENGESIZE 16 -//for RFB 003.003 & 003.005 +// for RFB 003.003 & 003.005 #define RFB33 1 -//for RFB 3.7 and onwards +// for RFB 3.7 and onwards #define RFB37 2 int32_t vnc_client_version = RFB33; @@ -44,7 +44,7 @@ void vncEncryptBytes(unsigned char *bytes, char *passwd) { } } -int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass; unsigned char buf2[CHALLENGESIZE + 4]; @@ -57,22 +57,22 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char if (vnc_client_version == RFB37) { int32_t i; - //fprintf(stderr,"number of security types supported: %d\n", buf2[0]); + // fprintf(stderr,"number of security types supported: %d\n", buf2[0]); if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) { hydra_report(stderr, "[ERROR] VNC server connection failed\n"); hydra_child_exit(0); } for (i = 1; i <= buf2[0]; i++) { - //fprintf(stderr,"sec type %u\n",buf2[i]); - //check if weak security types are available + // fprintf(stderr,"sec type %u\n",buf2[i]); + // check if weak security types are available if (buf2[i] <= 0x2) { buf2[3] = buf2[i]; break; } } } - //supported security type + // supported security type switch (buf2[3]) { case 0x0: hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf2[3]); @@ -87,24 +87,24 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_child_exit(2); break; case 0x2: - //VNC security type supported is the only type supported for now + // VNC security type supported is the only type supported for now if (vnc_client_version == RFB37) { sprintf(buf, "%c", 0x2); if (hydra_send(s, buf, strlen(buf), 0) < 0) { return 1; } - //get authentication challenge from server + // get authentication challenge from server if (recv(s, buf2, CHALLENGESIZE, 0) == -1) return 1; - //send response + // send response vncEncryptBytes(buf2, pass); - if (hydra_send(s, (char *) buf2, CHALLENGESIZE, 0) < 0) { + if (hydra_send(s, (char *)buf2, CHALLENGESIZE, 0) < 0) { return 1; } } else { - //in old proto, challenge is following the security type - vncEncryptBytes((unsigned char *) buf2 + 4, pass); - if (hydra_send(s, (char *) buf2 + 4, CHALLENGESIZE, 0) < 0) { + // in old proto, challenge is following the security type + vncEncryptBytes((unsigned char *)buf2 + 4, pass); + if (hydra_send(s, (char *)buf2 + 4, CHALLENGESIZE, 0) < 0) { return 1; } } @@ -114,7 +114,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_child_exit(2); } - //check security result value + // check security result value recv(s, buf, 4, 0); if (buf == NULL) return 1; @@ -142,10 +142,10 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char return 1; } - return 1; /* never reached */ + return 1; /* never reached */ } -void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_VNC, mysslport = PORT_VNC_SSL; @@ -154,7 +154,7 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -169,26 +169,28 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } usleepn(300); buf = hydra_receive_line(sock); - if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ + if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } - if (strstr(buf, " security failures") != NULL) { /* check the first line */ + if (strstr(buf, " security failures") != NULL) { /* check the first line */ /* - VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts. - The IP address is initially blocked for ten seconds, - but this doubles for each unsuccessful attempt thereafter. - A successful connection from an IP address resets the blacklist timeout. - This is built in to VNC Server and does not rely on operating system support. + VNC has a 'blacklisting' scheme that blocks an IP address after five + unsuccessful connection attempts. The IP address is initially blocked + for ten seconds, but this doubles for each unsuccessful attempt + thereafter. A successful connection from an IP address resets the + blacklist timeout. This is built in to VNC Server and does not rely + on operating system support. */ failed_auth++; - hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n"); + hydra_report(stderr, "VNC server reported too many authentication " + "failures, have to wait some seconds ...\n"); sleep(12 * failed_auth); free(buf); next_run = 1; @@ -197,12 +199,13 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL if (verbose) hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf); if (((strstr(buf, "RFB 005.000") != NULL) || (strstr(buf, "RFB 004") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { - //using proto version 003.007 to talk to server 005.xxx and 004.xxx same for 3.7 and 3.8 + // using proto version 003.007 to talk to server 005.xxx and 004.xxx + // same for 3.7 and 3.8 vnc_client_version = RFB37; free(buf); buf = strdup("RFB 003.007\n"); } else { - //for RFB 3.3 and fake 3.5 + // for RFB 3.3 and fake 3.5 vnc_client_version = RFB33; free(buf); buf = strdup("RFB 003.003\n"); @@ -210,10 +213,10 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL hydra_send(sock, buf, strlen(buf), 0); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_vnc(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -231,13 +234,13 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL } } -int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-xmpp.c b/hydra-xmpp.c index 6f6b3cb..aa4ea2f 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -9,9 +9,10 @@ static char *domain = NULL; int32_t xmpp_auth_mechanism = AUTH_ERROR; char *JABBER_CLIENT_INIT_STR = ""; +char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' " + "version='1.0'>"; -int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500]; char *AUTH_STR = " 0) && (chglen < sizeof(buffer2))) { - strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); - buffer2[chglen] = '\0'; - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buffer2); - if (strstr(buffer, "assword") != NULL) { - strncpy(buffer2, pass, sizeof(buffer2) - 1); - buffer2[sizeof(buffer2) - 1] = '\0'; - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - } - } else { - hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); - free(buf); - return 1; - } - } - } - } - break; -#ifdef LIBOPENSSL - case AUTH_PLAIN:{ - memset(buffer2, 0, sizeof(buffer)); - sasl_plain(buffer2, login, pass); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer); - - } - break; - case AUTH_CRAMMD5:{ - int32_t rc = 0; - char *preplogin; - - memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); - - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - free(buf); - return 3; - } - - sprintf(buffer, "%.200s %.250s", preplogin, buffer2); - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer); - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); - strncpy(buffer, buffer2, sizeof(buffer) - 1); - buffer[sizeof(buffer) - 1] = '\0'; - free(preplogin); - } - break; - case AUTH_DIGESTMD5:{ - memset(buffer2, 0, sizeof(buffer2)); - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); - if (fooptr == NULL) { - free(buf); - return 3; - } - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - } - break; - case AUTH_SCRAMSHA1:{ - /*client-first-message */ - char clientfirstmessagebare[200]; - char *preplogin; - int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - - if (rc) { - free(buf); - return 3; - } - - snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); - free(preplogin); - sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - - free(buf); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + free(buf); return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; - + /* server now would ask for the password */ if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { - char serverfirstmessage[200]; char *ptr = strstr(buf, CHALLENGE_STR); if (!ptr) @@ -206,36 +106,132 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha if ((chglen > 0) && (chglen < sizeof(buffer2))) { strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); buffer2[chglen] = '\0'; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buffer2); + if (strstr(buffer, "assword") != NULL) { + strncpy(buffer2, pass, sizeof(buffer2) - 1); + buffer2[sizeof(buffer2) - 1] = '\0'; + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } } else { hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); free(buf); return 1; } + } + } + } break; +#ifdef LIBOPENSSL + case AUTH_PLAIN: { + memset(buffer2, 0, sizeof(buffer)); + sasl_plain(buffer2, login, pass); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer); - /*server-first-message */ - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buffer2); - strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); - serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + } break; + case AUTH_CRAMMD5: { + int32_t rc = 0; + char *preplogin; - memset(buffer2, 0, sizeof(buffer2)); - fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { - hydra_report(stderr, "[ERROR] Can't compute client response\n"); - free(buf); - return 1; - } - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + free(buf); + return 3; + } + + sprintf(buffer, "%.200s %.250s", preplogin, buffer2); + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer); + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); + strncpy(buffer, buffer2, sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + free(preplogin); + } break; + case AUTH_DIGESTMD5: { + memset(buffer2, 0, sizeof(buffer2)); + fooptr = buffer2; + sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); + if (fooptr == NULL) { + free(buf); + return 3; + } + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } break; + case AUTH_SCRAMSHA1: { + /*client-first-message */ + char clientfirstmessagebare[200]; + char *preplogin; + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + free(buf); + return 3; + } + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + + free(buf); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + + if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { + char serverfirstmessage[200]; + char *ptr = strstr(buf, CHALLENGE_STR); + + if (!ptr) + ptr = strstr(buf, CHALLENGE_STR2); + char *ptr_end = strstr(ptr, CHALLENGE_END_STR); + int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + + if ((chglen > 0) && (chglen < sizeof(buffer2))) { + strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); + buffer2[chglen] = '\0'; } else { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); free(buf); return 1; } + + /*server-first-message */ + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buffer2); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + + memset(buffer2, 0, sizeof(buffer2)); + fooptr = buffer2; + sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (fooptr == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + free(buf); + return 1; + } + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } else { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; } - break; + } break; #endif ptr = 0; } @@ -249,8 +245,9 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (buf == NULL) return 1; - //we test the challenge tag as digest-md5 when connected is sending "rspauth" value - //so if we are receiving a second challenge we assume the auth is good + // we test the challenge tag as digest-md5 when connected is sending + // "rspauth" value so if we are receiving a second challenge we assume the + // auth is good if ((strstr(buf, "= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -325,7 +324,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } memset(buffer, 0, sizeof(buffer)); @@ -333,7 +332,7 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { hydra_child_exit(1); } - //some server is longer to answer + // some server is longer to answer usleepn(300); do { if ((buf = hydra_receive_line(sock)) == NULL) { @@ -351,7 +350,11 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha if (strstr(buf, "= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -485,13 +488,13 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha } } -int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { +int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -499,8 +502,9 @@ int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *mis return 0; } -void usage_xmpp(const char* service) { +void usage_xmpp(const char *service) { printf("Module xmpp is optionally taking one authentication type of:\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" - "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); + "Note, the target passed should be a fdqn as the value is used in the " + "Jabber init request, example: hermes.jabber.org\n\n"); } diff --git a/hydra.c b/hydra.c index 28365f8..0ea27cc 100644 --- a/hydra.c +++ b/hydra.c @@ -3,7 +3,8 @@ * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. - * Don't use in military or secret service organizations, or for illegal purposes. + * Don't use in military or secret service organizations, or for illegal + * purposes. * * License: GNU AFFERO GENERAL PUBLIC LICENSE v3.0, see LICENSE file */ @@ -15,216 +16,220 @@ #include #endif -void usage_oracle(const char* service); -void usage_oracle_listener(const char* service); -void usage_cvs(const char* service); -void usage_xmpp(const char* service); -void usage_pop3(const char* service); -void usage_rdp(const char* service); -void usage_s7_300(const char* service); -void usage_nntp(const char* service); -void usage_imap(const char* service); -void usage_smtp_enum(const char* service); -void usage_smtp(const char* service); -void usage_svn(const char* service); -void usage_ncp(const char* service); -void usage_firebird(const char* service); -void usage_mysql(const char* service); -void usage_mongodb(const char* service); -void usage_irc(const char* service); -void usage_postgres(const char* service); -void usage_telnet(const char* service); -void usage_sapr3(const char* service); -void usage_sshkey(const char* service); -void usage_cisco_enable(const char* service); -void usage_cisco(const char* service); -void usage_ldap(const char* service); -void usage_smb(const char* service); -void usage_http_form(const char* service); -void usage_http_proxy(const char* service); -void usage_http_proxy_urlenum(const char* service); -void usage_snmp(const char* service); -void usage_http(const char* service); -void usage_smb2(const char* service); +void usage_oracle(const char *service); +void usage_oracle_listener(const char *service); +void usage_cvs(const char *service); +void usage_xmpp(const char *service); +void usage_pop3(const char *service); +void usage_rdp(const char *service); +void usage_s7_300(const char *service); +void usage_nntp(const char *service); +void usage_imap(const char *service); +void usage_smtp_enum(const char *service); +void usage_smtp(const char *service); +void usage_svn(const char *service); +void usage_ncp(const char *service); +void usage_firebird(const char *service); +void usage_mysql(const char *service); +void usage_mongodb(const char *service); +void usage_irc(const char *service); +void usage_postgres(const char *service); +void usage_telnet(const char *service); +void usage_sapr3(const char *service); +void usage_sshkey(const char *service); +void usage_cisco_enable(const char *service); +void usage_cisco(const char *service); +void usage_ldap(const char *service); +void usage_smb(const char *service); +void usage_http_form(const char *service); +void usage_http_proxy(const char *service); +void usage_http_proxy_urlenum(const char *service); +void usage_snmp(const char *service); +void usage_http(const char *service); +void usage_smb2(const char *service); - -extern void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); // ADD NEW SERVICES HERE #if defined(LIBSMBCLIENT) -extern int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef HAVE_MATH_H -extern void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBPOSTGRES -extern void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBOPENSSL -extern void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBFREERDP2 -extern void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBSAPR3 -extern void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBFIREBIRD -extern void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBAFP -extern void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBNCP -extern void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBSSH -extern void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBSVN -extern void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBORACLE -extern void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef HAVE_GCRYPT -extern void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBMCACHED -extern void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBMONGODB -extern void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif -extern int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); +extern int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); // ADD NEW SERVICES HERE -char *SERVICES = - "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; +char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " + "http[s]-{head|get|post} http[s]-{get|post}-form http-proxy " + "http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] " + "memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid " + "pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap " + "rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh " + "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; -#define MAXBUF 520 -#define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) -#define MAXTASKS 64 -#define MAXSERVERS 16 -#define MAXFAIL 3 -#define MAXENDWAIT 20 -#define WAITTIME 32 -#define TASKS 16 -#define SKIPLOGIN 256 -#define USLEEP_LOOP 10 -#define MAX_LINES 50000000 // 50 millions, do not put more than 65millions -#define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions +#define MAXBUF 520 +#define MAXLINESIZE ((MAXBUF / 2) - 4) +#define MAXTASKS 64 +#define MAXSERVERS 16 +#define MAXFAIL 3 +#define MAXENDWAIT 20 +#define WAITTIME 32 +#define TASKS 16 +#define SKIPLOGIN 256 +#define USLEEP_LOOP 10 +#define MAX_LINES 50000000 // 50 millions, do not put more than 65millions +#define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions #define RESTOREFILE "./hydra.restore" -#define PROGRAM "Hydra" -#define VERSION "v9.1-dev" -#define AUTHOR "van Hauser/THC" -#define EMAIL "" -#define AUTHOR2 "David Maciejak" -#define EMAIL2 "" -#define RESOURCE "https://github.com/vanhauser-thc/thc-hydra" +#define PROGRAM "Hydra" +#define VERSION "v9.1-dev" +#define AUTHOR "van Hauser/THC" +#define EMAIL "" +#define AUTHOR2 "David Maciejak" +#define EMAIL2 "" +#define RESOURCE "https://github.com/vanhauser-thc/thc-hydra" extern char *hydra_strcasestr(const char *haystack, const char *needle); extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize); @@ -239,18 +244,9 @@ extern int32_t old_ssl; void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail); // some enum definitions -typedef enum { - HEAD_DISABLED = -1, - HEAD_UNUSED = 0, - HEAD_ACTIVE = 1 -} head_state_t; +typedef enum { HEAD_DISABLED = -1, HEAD_UNUSED = 0, HEAD_ACTIVE = 1 } head_state_t; -typedef enum { - TARGET_ACTIVE = 0, - TARGET_FINISHED = 1, - TARGET_ERROR = 2, - TARGET_UNRESOLVED = 3 -} target_state_t; +typedef enum { TARGET_ACTIVE = 0, TARGET_FINISHED = 1, TARGET_ERROR = 2, TARGET_UNRESOLVED = 3 } target_state_t; // some structure definitions typedef struct { @@ -290,7 +286,7 @@ typedef struct { } hydra_target; typedef struct { - int32_t active; // active tasks of hydra_options.max_use + int32_t active; // active tasks of hydra_options.max_use int32_t targets; int32_t finished; int32_t exit; @@ -355,133 +351,136 @@ int32_t snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" -typedef void (*service_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -typedef int32_t (*service_init_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname); -typedef void (*service_usage_t)(const char* service); +typedef void (*service_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +typedef int32_t (*service_init_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +typedef void (*service_usage_t)(const char *service); -#define SERVICE2(name, func) { name, service_##func##_init, service_##func, NULL } -#define SERVICE(name) { #name, service_##name##_init, service_##name, NULL } -#define SERVICE3(name, func) { name, service_##func##_init, service_##func, usage_##func } +#define SERVICE2(name, func) \ + { name, service_##func##_init, service_##func, NULL } +#define SERVICE(name) \ + { #name, service_##name##_init, service_##name, NULL } +#define SERVICE3(name, func) \ + { name, service_##func##_init, service_##func, usage_##func } static const struct { - const char* name; + const char *name; service_init_t init; service_t exec; service_usage_t usage; -} services[] = { - SERVICE(adam6500), +} services[] = {SERVICE(adam6500), #ifdef LIBAFP - SERVICE(afp), + SERVICE(afp), #endif - SERVICE(asterisk), - SERVICE3("cisco", cisco), - SERVICE3("cisco-enable", cisco_enable), - SERVICE3("cvs", cvs), + SERVICE(asterisk), + SERVICE3("cisco", cisco), + SERVICE3("cisco-enable", cisco_enable), + SERVICE3("cvs", cvs), #ifdef LIBFIREBIRD - SERVICE3("firebird", firebird), + SERVICE3("firebird", firebird), #endif - SERVICE(ftp), - { "ftps", service_ftp_init, service_ftps, NULL }, - { "http-get", service_http_init, service_http_get, usage_http }, - { "http-get-form", service_http_form_init, service_http_get_form, usage_http_form }, - { "http-head", service_http_init, service_http_head, NULL }, - { "http-form", service_http_form_init, NULL, usage_http_form }, - { "http-post", NULL, service_http_post, usage_http }, - { "http-post-form", service_http_form_init, service_http_post_form, usage_http_form }, - SERVICE3("http-proxy", http_proxy), - SERVICE3("http-proxy-urlenum", http_proxy_urlenum), - SERVICE(icq), - SERVICE3("imap", imap), - SERVICE3("irc", irc), - { "ldap", service_ldap_init, service_ldap2, usage_ldap }, - { "ldap2", service_ldap_init, service_ldap2, usage_ldap }, - { "ldap3", service_ldap_init, service_ldap3, usage_ldap }, - { "ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap }, - { "ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap }, + SERVICE(ftp), + {"ftps", service_ftp_init, service_ftps, NULL}, + {"http-get", service_http_init, service_http_get, usage_http}, + {"http-get-form", service_http_form_init, service_http_get_form, usage_http_form}, + {"http-head", service_http_init, service_http_head, NULL}, + {"http-form", service_http_form_init, NULL, usage_http_form}, + {"http-post", NULL, service_http_post, usage_http}, + {"http-post-form", service_http_form_init, service_http_post_form, usage_http_form}, + SERVICE3("http-proxy", http_proxy), + SERVICE3("http-proxy-urlenum", http_proxy_urlenum), + SERVICE(icq), + SERVICE3("imap", imap), + SERVICE3("irc", irc), + {"ldap", service_ldap_init, service_ldap2, usage_ldap}, + {"ldap2", service_ldap_init, service_ldap2, usage_ldap}, + {"ldap3", service_ldap_init, service_ldap3, usage_ldap}, + {"ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap}, + {"ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap}, #ifdef LIBMCACHED - {"memcached", service_mcached_init, service_mcached, NULL}, + {"memcached", service_mcached_init, service_mcached, NULL}, #endif - SERVICE(mssql), + SERVICE(mssql), #ifdef LIBMONGODB -SERVICE3("mongodb", mongodb), + SERVICE3("mongodb", mongodb), #endif #ifdef HAVE_MATH_H - SERVICE3("mysql", mysql), + SERVICE3("mysql", mysql), #endif #ifdef LIBNCP - SERVICE3("ncp", ncp), + SERVICE3("ncp", ncp), #endif - SERVICE3("nntp", nntp), + SERVICE3("nntp", nntp), #ifdef LIBORACLE - SERVICE3("oracle", oracle), + SERVICE3("oracle", oracle), #endif #ifdef LIBOPENSSL - SERVICE3("oracle-listener", oracle_listener), - SERVICE2("oracle-sid", oracle_sid), + SERVICE3("oracle-listener", oracle_listener), + SERVICE2("oracle-sid", oracle_sid), #endif - SERVICE(pcanywhere), - SERVICE(pcnfs), - SERVICE3("pop3", pop3), + SERVICE(pcanywhere), + SERVICE(pcnfs), + SERVICE3("pop3", pop3), #ifdef LIBPOSTGRES - SERVICE3("postgres", postgres), + SERVICE3("postgres", postgres), #endif - SERVICE(redis), - SERVICE(rexec), + SERVICE(redis), + SERVICE(rexec), #ifdef LIBFREERDP2 - SERVICE3("rdp", rdp), + SERVICE3("rdp", rdp), #endif - SERVICE(rlogin), - SERVICE(rsh), - SERVICE(rtsp), - SERVICE(rpcap), - SERVICE3("s7-300", s7_300), + SERVICE(rlogin), + SERVICE(rsh), + SERVICE(rtsp), + SERVICE(rpcap), + SERVICE3("s7-300", s7_300), #ifdef LIBSAPR3 - SERVICE3("sarp3", sapr3), + SERVICE3("sarp3", sapr3), #endif #ifdef LIBOPENSSL - SERVICE(sip), - SERVICE3("smbnt", smb), - SERVICE3("smb", smb), + SERVICE(sip), + SERVICE3("smbnt", smb), + SERVICE3("smb", smb), #endif #if defined(LIBSMBCLIENT) - SERVICE3("smb2", smb2), + SERVICE3("smb2", smb2), #endif - SERVICE3("smtp", smtp), - SERVICE3("smtp-enum", smtp_enum), - SERVICE3("snmp", snmp), - SERVICE(socks5), + SERVICE3("smtp", smtp), + SERVICE3("smtp-enum", smtp_enum), + SERVICE3("snmp", snmp), + SERVICE(socks5), #ifdef LIBSSH - { "ssh", NULL, service_ssh, NULL }, - SERVICE3("sshkey", sshkey), + {"ssh", NULL, service_ssh, NULL}, + SERVICE3("sshkey", sshkey), #endif #ifdef LIBSVN - SERVICE3("svn", svn), + SERVICE3("svn", svn), #endif - SERVICE(teamspeak), - SERVICE3("telnet", telnet), - SERVICE(vmauthd), - SERVICE(vnc), + SERVICE(teamspeak), + SERVICE3("telnet", telnet), + SERVICE(vmauthd), + SERVICE(vnc), #ifdef HAVE_GCRYPT - SERVICE(radmin2), + SERVICE(radmin2), #endif - { "xmpp", service_xmpp_init, NULL, usage_xmpp } -}; - + {"xmpp", service_xmpp_init, NULL, usage_xmpp}}; #define PRINT_NORMAL(ext, text, ...) printf(text, ##__VA_ARGS__) -#define PRINT_EXTEND(ext, text, ...) do { \ - if (ext) \ - printf(text, ##__VA_ARGS__); \ - } while(0) +#define PRINT_EXTEND(ext, text, ...) \ + do { \ + if (ext) \ + printf(text, ##__VA_ARGS__); \ + } while (0) - -int32_t /*inline*/ check_flag(int32_t value, int32_t flag) { // inline does not compile with debug +int32_t /*inline*/ +check_flag(int32_t value, int32_t flag) { // inline does not compile with debug return (value & flag) == flag; } void help(int32_t ext) { - PRINT_NORMAL(ext, "Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" - " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" + PRINT_NORMAL(ext, "Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | " + "[-C FILE]] [-e nsr]" + " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W " + "TIME] [-f] [-s PORT]" #ifdef HAVE_MATH_H " [-x MIN:MAX:CHARSET]" #endif @@ -494,56 +493,82 @@ void help(int32_t ext) { #ifdef LIBOPENSSL " -S perform an SSL connect\n" #endif - " -s PORT if the service is on a different default port, define it here\n"); - PRINT_NORMAL(ext, " -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n" - " -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); + " -s PORT if the service is on a different default port, define it " + "here\n"); + PRINT_NORMAL(ext, " -l LOGIN or -L FILE login with LOGIN name, or load " + "several logins from FILE\n" + " -p PASS or -P FILE try password PASS, or load several " + "passwords from FILE\n"); PRINT_EXTEND(ext, #ifdef HAVE_MATH_H - " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" - " -y disable use of symbols in bruteforce, see above\n" - " -r rainy mode for password generation (-x)\n" + " -x MIN:MAX:CHARSET password bruteforce generation, type " + "\"-x -h\" to get help\n" + " -y disable use of symbols in bruteforce, see above\n" + " -r rainy mode for password generation (-x)\n" #endif - " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" - " -u loop around users, not passwords (effective! implied with -x)\n"); - PRINT_NORMAL(ext, " -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n" - " -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); + " -e nsr try \"n\" null password, \"s\" login as pass " + "and/or \"r\" reversed login\n" + " -u loop around users, not passwords (effective! " + "implied with -x)\n"); + PRINT_NORMAL(ext, " -C FILE colon separated \"login:pass\" format, " + "instead of -L/-P options\n" + " -M FILE list of servers to attack, one entry per " + "line, ':' to specify port\n"); PRINT_EXTEND(ext, " -o FILE write found login/password pairs to FILE instead of stdout\n" - " -b FORMAT specify the format for the -o FILE: text(default), json, jsonv1\n" - " -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); - PRINT_NORMAL(ext, " -t TASKS run TASKS number of connects in parallel per target (default: %d)\n", TASKS); - PRINT_EXTEND(ext, " -T TASKS run TASKS connects in parallel overall (for -M, default: %d)\n" - " -w / -W TIME wait time for a response (%d) / between connects per thread (%d)\n" + " -b FORMAT specify the format for the -o FILE: text(default), json, " + "jsonv1\n" + " -f / -F exit when a login/pass pair is found (-M: -f per host, -F " + "global)\n"); + PRINT_NORMAL(ext, + " -t TASKS run TASKS number of connects in parallel per " + "target (default: %d)\n", + TASKS); + PRINT_EXTEND(ext, + " -T TASKS run TASKS connects in parallel overall (for -M, default: " + "%d)\n" + " -w / -W TIME wait time for a response (%d) / between connects per " + "thread (%d)\n" #ifdef MSG_PEEK - " -c TIME wait time per login attempt over all threads (enforces -t 1)\n" + " -c TIME wait time per login attempt over all threads (enforces -t " + "1)\n" #endif - " -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n" - " -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n" - " -O use old SSL v2 and v3\n" - " -K do not redo failed attempts (good for -M mass scanning)\n" - " -q do not print messages about connection errors\n", - MAXTASKS, WAITTIME, conwait - ); + " -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also " + "in -M)\n" + " -v / -V / -d verbose mode / show login+pass for each attempt / debug " + "mode \n" + " -O use old SSL v2 and v3\n" + " -K do not redo failed attempts (good for -M mass scanning)\n" + " -q do not print messages about connection errors\n", + MAXTASKS, WAITTIME, conwait); PRINT_NORMAL(ext, " -U service module usage details\n" - " -m OPT options specific for a module, see -U output for information\n" + " -m OPT options specific for a module, see -U output for " + "information\n" " -h more command line options (COMPLETE HELP)\n" - " server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n" + " server the target: DNS, IP or 192.168.0.0/24 (this OR the -M " + "option)\n" " service the service to crack (see below for supported protocols)\n" - " OPT some service modules support additional input (-U for module help)\n"); - PRINT_NORMAL(ext, "\nSupported services: %s\n" - "\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\n" - "v3.0. The newest version is always available at %s\n" - "Don't use in military or secret service organizations, or for illegal purposes.\n", - SERVICES, PROGRAM, RESOURCE - ); + " OPT some service modules support additional input (-U for " + "module help)\n"); + PRINT_NORMAL(ext, + "\nSupported services: %s\n" + "\n%s is a tool to guess/crack valid login/password pairs. " + "Licensed under AGPL\n" + "v3.0. The newest version is always available at %s\n" + "Don't use in military or secret service organizations, or for " + "illegal purposes.\n", + SERVICES, PROGRAM, RESOURCE); if (ext && strlen(unsupported) > 0) { if (unsupported[strlen(unsupported) - 1] == ' ') unsupported[strlen(unsupported) - 1] = 0; printf("These services were not compiled in: %s.\n", unsupported); } - PRINT_EXTEND(ext, "\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.\n" - "E.g. %% export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// connect://)\n" - " %% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 entries)\n" + PRINT_EXTEND(ext, "\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy " + "setup.\n" + "E.g. %% export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// " + "connect://)\n" + " %% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 " + "entries)\n" " %% export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080\n" " %% export HYDRA_PROXY_HTTP=proxylist.txt (up to 64 entries)\n"); PRINT_NORMAL(ext, "\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); @@ -559,18 +584,26 @@ void help_bfg() { " -x MIN:MAX:CHARSET\n\n" " MIN is the minimum number of characters in the password\n" " MAX is the maximum number of characters in the password\n" - " CHARSET is a specification of the characters to use in the generation\n" + " CHARSET is a specification of the characters to use in the " + "generation\n" " valid CHARSET values are: 'a' for lowercase letters,\n" - " 'A' for uppercase letters, '1' for numbers, and for all others,\n" + " 'A' for uppercase letters, '1' for numbers, and for all " + "others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n\n" "Examples:\n" - " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" - " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" - " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" - " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n" - " -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and 1 only\n" - "\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); + " -x 3:5:a generate passwords from length 3 to 5 with all " + "lowercase letters\n" + " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase " + "and numbers\n" + " -x 1:3:/ generate passwords from length 1 to 3 containing only " + "slashes\n" + " -x 5:5:/%%,.- generate passwords with length 5 which consists " + "only of /%%,.-\n" + " -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and " + "1 only\n" + "\nThe bruteforce mode was made by Jan Dlabal, " + "http://houbysoft.com/bfg/\n"); exit(-1); } @@ -581,14 +614,17 @@ void module_usage() { exit(0); } - printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); + printf("\nHelp for module " + "%s:\n================================================================" + "============\n", + hydra_options.service); for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { - if (strcmp(hydra_options.service, services[i].name) == 0) { - if (services[i].usage) { - services[i].usage(hydra_options.service); - exit(0); - } + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].usage) { + services[i].usage(hydra_options.service); + exit(0); } + } } printf("The Module %s does not need or support optional parameters\n", hydra_options.service); @@ -603,34 +639,20 @@ void hydra_debug(int32_t force, char *string) { if (!debug && !force) return; - printf("[DEBUG] Code: %s Time: %" hPRIu64 "\n", string, (uint64_t) time(NULL)); - printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", - hydra_options.mode, hydra_options.ssl, hydra_options.restore, - hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, - hydra_options.try_null_password, hydra_options.try_password_same_as_login, - hydra_options.try_password_reverse_login, hydra_options.exit_found, - STR_NULL(hydra_options.miscptr), hydra_options.service); + printf("[DEBUG] Code: %s Time: %" hPRIu64 "\n", string, (uint64_t)time(NULL)); + printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks " + "%d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s " + "service %s\n", + hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, STR_NULL(hydra_options.miscptr), hydra_options.service); - printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %" hPRIu64 " todo %" hPRIu64 " sent %" hPRIu64 " found %" hPRIu64 " countlogin %" hPRIu64 " sizelogin %" hPRIu64 " countpass %" hPRIu64 " sizepass %" hPRIu64 "\n", - hydra_brains.active, hydra_brains.targets, hydra_brains.finished, - hydra_brains.todo_all + total_redo_count, hydra_brains.todo, - hydra_brains.sent, hydra_brains.found, - (uint64_t) hydra_brains.countlogin, - (uint64_t) hydra_brains.sizelogin, - (uint64_t) hydra_brains.countpass, - (uint64_t) hydra_brains.sizepass); + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %" hPRIu64 " todo %" hPRIu64 " sent %" hPRIu64 " found %" hPRIu64 " countlogin %" hPRIu64 " sizelogin %" hPRIu64 " countpass %" hPRIu64 " sizepass %" hPRIu64 "\n", hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all + total_redo_count, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, (uint64_t)hydra_brains.countlogin, (uint64_t)hydra_brains.sizelogin, (uint64_t)hydra_brains.countpass, + (uint64_t)hydra_brains.sizepass); for (i = 0; i < hydra_brains.targets; i++) { - hydra_target* target = hydra_targets[i]; - printf - ("[DEBUG] Target %d - target %s ip %s login_no %" hPRIu64 " pass_no %" hPRIu64 " sent %" hPRIu64 " pass_state %d redo_state %d (%d redos) use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", - i, STR_NULL(target->target), hydra_address2string_beautiful(target->ip), - target->login_no, target->pass_no, target->sent, - target->pass_state, target->redo_state, target->redo, - target->use_count, target->failed, target->done, - target->fail_count, - STR_NULL(target->login_ptr), - STR_NULL(target->pass_ptr)); + hydra_target *target = hydra_targets[i]; + printf("[DEBUG] Target %d - target %s ip %s login_no %" hPRIu64 " pass_no %" hPRIu64 " sent %" hPRIu64 " pass_state %d redo_state %d (%d redos) use_count %d failed %d " + " done %d fail_count %d login_ptr %s pass_ptr %s\n", + i, STR_NULL(target->target), hydra_address2string_beautiful(target->ip), target->login_no, target->pass_no, target->sent, target->pass_state, target->redo_state, target->redo, target->use_count, target->failed, target->done, target->fail_count, STR_NULL(target->login_ptr), STR_NULL(target->pass_ptr)); } if (hydra_heads == NULL) @@ -638,12 +660,9 @@ void hydra_debug(int32_t force, char *string) { for (i = 0; i < hydra_options.max_use; i++) { if (hydra_heads[i]->active >= HEAD_UNUSED) { - printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", - i, (int32_t) hydra_heads[i]->pid, - hydra_heads[i]->active, - hydra_heads[i]->redo, - STR_NULL(hydra_heads[i]->current_login_ptr), - STR_NULL(hydra_heads[i]->current_pass_ptr)); + printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr " + "%s current_pass_ptr %s\n", + i, (int32_t)hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, STR_NULL(hydra_heads[i]->current_login_ptr), STR_NULL(hydra_heads[i]->current_pass_ptr)); if (hydra_heads[i]->active == HEAD_UNUSED) inactive++; else @@ -661,7 +680,7 @@ void bail(char *text) { void hydra_restore_write(int32_t print_msg) { FILE *f; hydra_brain brain; - char mynull[4] = { 0, 0, 0, 0 }, buf[4]; + char mynull[4] = {0, 0, 0, 0}, buf[4]; int32_t i = 0, j = 0; hydra_head hh; @@ -688,7 +707,7 @@ void hydra_restore_write(int32_t print_msg) { buf[0] = VERSION[1]; buf[1] = VERSION[3]; buf[2] = sizeof(int32_t) % 256; - buf[3] = sizeof(hydra_target*) % 256; + buf[3] = sizeof(hydra_target *) % 256; fwrite(buf, 1, 4, f); memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); brain.targets = i; @@ -713,8 +732,7 @@ void hydra_restore_write(int32_t print_msg) { for (j = 0; j < hydra_brains.targets; j++) if (hydra_targets[j]->done != TARGET_FINISHED) { fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); - fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int32_t) (hydra_targets[j]->login_ptr - login_ptr), - (int32_t) (hydra_targets[j]->pass_ptr - pass_ptr)); + fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int32_t)(hydra_targets[j]->login_ptr - login_ptr), (int32_t)(hydra_targets[j]->pass_ptr - pass_ptr)); fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); if (hydra_targets[j]->redo) for (i = 0; i < hydra_targets[j]->redo; i++) @@ -724,21 +742,21 @@ void hydra_restore_write(int32_t print_msg) { fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); } for (j = 0; j < hydra_options.max_use; j++) { - memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); + memcpy((char *)&hh, hydra_heads[j], sizeof(hydra_head)); if (j == 0 && debug) { printf("[DEBUG] sizeof hydra_head: %lu\n", sizeof(hydra_head)); printf("[DEBUG] memcmp: %d\n", memcmp(hydra_heads[j], &hh, sizeof(hydra_head))); } - hh.active = 0; // re-enable disabled heads - if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) - || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { + hh.active = 0; // re-enable disabled heads + if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { hh.redo = 1; if (print_msg && debug) - printf("[DEBUG] we will redo the following combination: target %s child %d login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, - j, hh.current_login_ptr, hh.current_pass_ptr); + printf("[DEBUG] we will redo the following combination: target %s " + "child %d login \"%s\" pass \"%s\"\n", + hydra_targets[hh.target_no]->target, j, hh.current_login_ptr, hh.current_pass_ptr); } - fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); - if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) + fck = fwrite((char *)&hh, sizeof(hydra_head), 1, f); + if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */) fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); else fprintf(f, "\n\n"); @@ -749,7 +767,8 @@ void hydra_restore_write(int32_t print_msg) { if (debug) printf("[DEBUG] done writing session file\n"); if (print_msg) - printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); + printf("The session file ./hydra.restore was written. Type \"hydra -R\" to " + "resume session.\n"); hydra_debug(0, "hydra_restore_write()"); } @@ -774,7 +793,7 @@ void hydra_restore_read() { exit(-1); } - if ((fck = (int32_t) fread(buf, 1, 4, f)) != 4) { + if ((fck = (int32_t)fread(buf, 1, 4, f)) != 4) { fprintf(stderr, "[ERROR] invalid restore file (platform)\n"); exit(-1); } @@ -783,14 +802,18 @@ void hydra_restore_read() { exit(-1); } if (buf[0] != VERSION[1] || buf[1] != VERSION[3]) - fprintf(stderr, "[WARNING] restore file was created by version %c.%c, this is version %s\n", buf[0], buf[2], VERSION); - if (buf[2] != sizeof(int32_t) % 256 || buf[3] != sizeof(hydra_head*) % 256) { - fprintf(stderr, "[ERROR] restore file was created on a different, incompatible processor platform!\n"); + fprintf(stderr, + "[WARNING] restore file was created by version %c.%c, this is " + "version %s\n", + buf[0], buf[2], VERSION); + if (buf[2] != sizeof(int32_t) % 256 || buf[3] != sizeof(hydra_head *) % 256) { + fprintf(stderr, "[ERROR] restore file was created on a different, " + "incompatible processor platform!\n"); exit(-1); } - fck = (int32_t) fread(&bf_options, sizeof(bf_options), 1, f); - fck = (int32_t) fread(mynull, sizeof(mynull), 1, f); + fck = (int32_t)fread(&bf_options, sizeof(bf_options), 1, f); + fck = (int32_t)fread(mynull, sizeof(mynull), 1, f); if (debug) printf("[DEBUG] reading restore file: Step 1 complete\n"); if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { @@ -803,9 +826,9 @@ void hydra_restore_read() { if (debug) printf("[DEBUG] reading restore file: Step 2 complete\n"); - fck = (int32_t) fread(&hydra_brains, sizeof(hydra_brain), 1, f); + fck = (int32_t)fread(&hydra_brains, sizeof(hydra_brain), 1, f); hydra_brains.ofp = stdout; - fck = (int32_t) fread(&hydra_options, sizeof(hydra_option), 1, f); + fck = (int32_t)fread(&hydra_options, sizeof(hydra_option), 1, f); hydra_options.restore = 1; verbose = hydra_options.verbose; debug = hydra_options.debug; @@ -858,23 +881,23 @@ void hydra_restore_read() { printf("[DEBUG] reading restore file: Step 8 complete\n"); login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); - fck = (int32_t) fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); + fck = (int32_t)fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); - if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode + if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); - fck = (int32_t) fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); - } else { // colonfile mode - hydra_options.colonfile = empty_login; // dummy + fck = (int32_t)fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); + } else { // colonfile mode + hydra_options.colonfile = empty_login; // dummy pass_ptr = csv_ptr = login_ptr; } if (debug) printf("[DEBUG] reading restore file: Step 10 complete\n"); - hydra_targets = (hydra_target **) malloc((hydra_brains.targets + 3) * sizeof(hydra_target*)); + hydra_targets = (hydra_target **)malloc((hydra_brains.targets + 3) * sizeof(hydra_target *)); for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); - fck = (int32_t) fread(hydra_targets[j], sizeof(hydra_target), 1, f); + fck = (int32_t)fread(hydra_targets[j], sizeof(hydra_target), 1, f); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; @@ -884,7 +907,7 @@ void hydra_restore_read() { hydra_targets[j]->login_ptr = login_ptr + atoi(out); sck = fgets(out, sizeof(out), f); hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); - sck = fgets(out, sizeof(out), f); // target login_ptr, ignord + sck = fgets(out, sizeof(out), f); // target login_ptr, ignord sck = fgets(out, sizeof(out), f); if (hydra_options.bfg) { if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -893,7 +916,8 @@ void hydra_restore_read() { strcpy(hydra_targets[j]->pass_ptr, out); } if (hydra_targets[j]->redo > 0) { - if (debug) printf("[DEBUG] target %d redo %d\n", j, hydra_targets[j]->redo); + if (debug) + printf("[DEBUG] target %d redo %d\n", j, hydra_targets[j]->redo); for (i = 0; i < hydra_targets[j]->redo; i++) { sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -923,15 +947,16 @@ void hydra_restore_read() { } if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); - hydra_heads = malloc(sizeof(hydra_head*) * hydra_options.max_use); + hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); - fck = (int32_t) fread(hydra_heads[j], sizeof(hydra_head), 1, f); + fck = (int32_t)fread(hydra_heads[j], sizeof(hydra_head), 1, f); hydra_heads[j]->sp[0] = -1; hydra_heads[j]->sp[1] = -1; sck = fgets(out, sizeof(out), f); if (hydra_heads[j]->redo) { - if (debug) printf("[DEBUG] head %d redo\n", j); + if (debug) + printf("[DEBUG] head %d redo\n", j); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); @@ -985,8 +1010,8 @@ void killed_childs(int32_t signo) { } void killed_childs_report(int32_t signo) { - //if (debug) - printf("[ERROR] children crashed! (%d)\n", child_head_no); + // if (debug) + printf("[ERROR] children crashed! (%d)\n", child_head_no); fck = write(child_socket, "E", 1); _exit(-1); } @@ -1009,7 +1034,7 @@ void kill_children(int32_t signo) { exit(0); } -uint64_t countlines(FILE * fd, int32_t colonmode) { +uint64_t countlines(FILE *fd, int32_t colonmode) { size_t clines = 0; char *buf = malloc(MAXLINESIZE); int32_t only_one_empty_line = 0; @@ -1051,12 +1076,12 @@ uint64_t countlines(FILE * fd, int32_t colonmode) { return clines; } -void fill_mem(char *ptr, FILE * fd, int32_t colonmode) { +void fill_mem(char *ptr, FILE *fd, int32_t colonmode) { char tmp[MAXBUF + 4] = "", *ptr2; uint32_t len; int32_t only_one_empty_line = 0; -int read_flag = 0; + int read_flag = 0; #ifdef HAVE_ZLIB gzFile fp = gzdopen(fileno(fd), "r"); @@ -1081,7 +1106,10 @@ int read_flag = 0; } if (colonmode) { if ((ptr2 = index(tmp, ':')) == NULL) { - fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); + fprintf(stderr, + "[ERROR] invalid line in colon file (-C), missing colon " + "in line: %s\n", + tmp); exit(-1); } else { *ptr2 = 0; @@ -1112,23 +1140,23 @@ char *hydra_build_time() { time(&epoch); the_time = localtime(&epoch); strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); - return (char *) &datetime; + return (char *)&datetime; } void hydra_service_init(int32_t target_no) { int32_t x = 99; int32_t i; - hydra_target* t = hydra_targets[target_no]; - char* miscptr = hydra_options.miscptr; - FILE* ofp = hydra_brains.ofp; + hydra_target *t = hydra_targets[target_no]; + char *miscptr = hydra_options.miscptr; + FILE *ofp = hydra_brains.ofp; for (i = 0; x == 99 && i < sizeof(services) / sizeof(services[0]); i++) { - if (strcmp(hydra_options.service, services[i].name) == 0) { - if (services[i].init) { - x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target); - break; - } + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].init) { + x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target); + break; } + } } // dirty workaround here: @@ -1148,7 +1176,10 @@ void hydra_service_init(int32_t target_no) { if (hydra_options.outfile_format == FORMAT_JSONV1) { char json_error[120]; snprintf(json_error, sizeof(json_error), "[ERROR] unexpected result connecting to target %s port %d", hydra_address2string_beautiful(t->ip), t->port); - fprintf(hydra_brains.ofp, "\n\t],\n\"success\": false,\n\"errormessages\": [ \"%s\" ],\n\"quantityfound\": %" hPRIu64 " }\n", json_error, hydra_brains.found); + fprintf(hydra_brains.ofp, + "\n\t],\n\"success\": false,\n\"errormessages\": [ \"%s\" " + "],\n\"quantityfound\": %" hPRIu64 " }\n", + json_error, hydra_brains.found); } fclose(hydra_brains.ofp); } @@ -1173,7 +1204,7 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { child_head_no = head_no; - if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD + if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD // set new signals for child process_restore = 0; child_socket = hydra_heads[head_no]->sp[1]; @@ -1204,24 +1235,25 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { if (debug) printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); - hydra_target* t = hydra_targets[target_no]; + hydra_target *t = hydra_targets[target_no]; int32_t sp = hydra_heads[head_no]->sp[1]; - char* miscptr = hydra_options.miscptr; - FILE* ofp = hydra_brains.ofp; - hydra_target* head_target = hydra_targets[hydra_heads[head_no]->target_no]; + char *miscptr = hydra_options.miscptr; + FILE *ofp = hydra_brains.ofp; + hydra_target *head_target = hydra_targets[hydra_heads[head_no]->target_no]; for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { - if (strcmp(hydra_options.service, services[i].name) == 0) { - if (services[i].exec) { - services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target); - // just in case a module returns (which it shouldnt) we let it exit here - exit(-1); - } + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].exec) { + services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target); + // just in case a module returns (which it shouldnt) we let it exit + // here + exit(-1); } + } } // FIXME: dirty workaround here if (strcmp(hydra_options.service, "xmpp") == 0) { - service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); + service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); } // just in case a module returns (which it shouldnt) we let it exit here @@ -1229,8 +1261,11 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { } else { child_head_no = -1; if (hydra_heads[head_no]->pid > 0) { - fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that - (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); + fck = write(hydra_heads[head_no]->sp[1], "n", + 1); // yes, a small "n" - this way we can distinguish later + // if the client successfully tested a pair and is + // requesting a new one or the mother did that + (void)fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); if (hydra_heads[head_no]->redo != 1) hydra_heads[head_no]->target_no = target_no; hydra_heads[head_no]->active = HEAD_ACTIVE; @@ -1258,76 +1293,74 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { int32_t hydra_lookup_port(char *service) { int32_t i = 0, port = -2; - hydra_portlist hydra_portlists[] = { - {"ftp", PORT_FTP, PORT_FTP_SSL}, - {"ftps", PORT_FTP, PORT_FTP_SSL}, - {"http-head", PORT_HTTP, PORT_HTTP_SSL}, - {"http-post", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-head", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"icq", PORT_ICQ, PORT_ICQ_SSL}, - {"imap", PORT_IMAP, PORT_IMAP_SSL}, - {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, - {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, - {"memcached", PORT_MCACHED, PORT_MCACHED_SSL}, - {"mongodb", PORT_MONGODB, PORT_MONGODB}, - {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, - {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, - {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, - {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, - {"nntp", PORT_NNTP, PORT_NNTP_SSL}, - {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, - {"pop3", PORT_POP3, PORT_POP3_SSL}, - {"redis", PORT_REDIS, PORT_REDIS_SSL}, - {"rexec", PORT_REXEC, PORT_REXEC_SSL}, - {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, - {"rsh", PORT_RSH, PORT_RSH_SSL}, - {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, - {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, - {"smb2", PORT_SMBNT, PORT_SMBNT_SSL}, - {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, - {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, - {"ssh", PORT_SSH, PORT_SSH_SSL}, - {"sshkey", PORT_SSH, PORT_SSH_SSL}, - {"telnet", PORT_TELNET, PORT_TELNET_SSL}, - {"adam6500", PORT_ADAM6500, PORT_ADAM6500_SSL}, - {"cisco", PORT_TELNET, PORT_TELNET_SSL}, - {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, - {"vnc", PORT_VNC, PORT_VNC_SSL}, - {"snmp", PORT_SNMP, PORT_SNMP_SSL}, - {"cvs", PORT_CVS, PORT_CVS_SSL}, - {"svn", PORT_SVN, PORT_SVN_SSL}, - {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, - {"afp", PORT_AFP, PORT_AFP_SSL}, - {"ncp", PORT_NCP, PORT_NCP_SSL}, - {"smtp", PORT_SMTP, PORT_SMTP_SSL}, - {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, - {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, - {"sip", PORT_SIP, PORT_SIP_SSL}, - {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, - {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, - {"irc", PORT_IRC, PORT_IRC_SSL}, - {"rdp", PORT_RDP, PORT_RDP_SSL}, - {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, - {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, - {"rtsp", PORT_RTSP, PORT_RTSP_SSL}, - {"rpcap", PORT_RPCAP, PORT_RPCAP_SSL}, - {"radmin2", PORT_RADMIN2, PORT_RADMIN2}, - // ADD NEW SERVICES HERE - add new port numbers to hydra.h - {"", PORT_NOPORT, PORT_NOPORT} - }; + hydra_portlist hydra_portlists[] = {{"ftp", PORT_FTP, PORT_FTP_SSL}, + {"ftps", PORT_FTP, PORT_FTP_SSL}, + {"http-head", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-head", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"icq", PORT_ICQ, PORT_ICQ_SSL}, + {"imap", PORT_IMAP, PORT_IMAP_SSL}, + {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, + {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, + {"memcached", PORT_MCACHED, PORT_MCACHED_SSL}, + {"mongodb", PORT_MONGODB, PORT_MONGODB}, + {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, + {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, + {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, + {"nntp", PORT_NNTP, PORT_NNTP_SSL}, + {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, + {"pop3", PORT_POP3, PORT_POP3_SSL}, + {"redis", PORT_REDIS, PORT_REDIS_SSL}, + {"rexec", PORT_REXEC, PORT_REXEC_SSL}, + {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, + {"rsh", PORT_RSH, PORT_RSH_SSL}, + {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, + {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smb2", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, + {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, + {"ssh", PORT_SSH, PORT_SSH_SSL}, + {"sshkey", PORT_SSH, PORT_SSH_SSL}, + {"telnet", PORT_TELNET, PORT_TELNET_SSL}, + {"adam6500", PORT_ADAM6500, PORT_ADAM6500_SSL}, + {"cisco", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, + {"vnc", PORT_VNC, PORT_VNC_SSL}, + {"snmp", PORT_SNMP, PORT_SNMP_SSL}, + {"cvs", PORT_CVS, PORT_CVS_SSL}, + {"svn", PORT_SVN, PORT_SVN_SSL}, + {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, + {"afp", PORT_AFP, PORT_AFP_SSL}, + {"ncp", PORT_NCP, PORT_NCP_SSL}, + {"smtp", PORT_SMTP, PORT_SMTP_SSL}, + {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, + {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, + {"sip", PORT_SIP, PORT_SIP_SSL}, + {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, + {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, + {"irc", PORT_IRC, PORT_IRC_SSL}, + {"rdp", PORT_RDP, PORT_RDP_SSL}, + {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, + {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, + {"rtsp", PORT_RTSP, PORT_RTSP_SSL}, + {"rpcap", PORT_RPCAP, PORT_RPCAP_SSL}, + {"radmin2", PORT_RADMIN2, PORT_RADMIN2}, + // ADD NEW SERVICES HERE - add new port numbers to hydra.h + {"", PORT_NOPORT, PORT_NOPORT}}; while (strlen(hydra_portlists[i].name) > 0 && port == -2) { if (strcmp(service, hydra_portlists[i].name) == 0) { @@ -1379,14 +1412,14 @@ void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) { if (hydra_heads[head_no]->pid > 0 && killit) kill(hydra_heads[head_no]->pid, SIGKILL); hydra_heads[head_no]->pid = -1; - if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 - && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { + if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { free(hydra_heads[head_no]->current_pass_ptr); hydra_heads[head_no]->current_pass_ptr = empty_login; // hydra_bfg_remove(head_no); - // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; + // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = + // NULL; } - (void) wait3(NULL, WNOHANG, NULL); + (void)wait3(NULL, WNOHANG, NULL); } void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { @@ -1396,11 +1429,11 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { return; if (hydra_targets[target_no]->ok) { - const int32_t tasks = hydra_options.tasks; - const int32_t success = tasks - hydra_targets[target_no]->failed; - const int32_t t = tasks < 5 ? 6 - tasks : 1; - const int32_t s = success < 5 ? 6 - success : 1; - maxfail = MAXFAIL + t + s + 2; + const int32_t tasks = hydra_options.tasks; + const int32_t success = tasks - hydra_targets[target_no]->failed; + const int32_t t = tasks < 5 ? 6 - tasks : 1; + const int32_t s = success < 5 ? 6 - success : 1; + maxfail = MAXFAIL + t + s + 2; } hydra_targets[target_no]->fail_count++; @@ -1413,18 +1446,15 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { k++; if (k <= 1) { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == TARGET_ACTIVE - && hydra_options.skip_redo == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; hydra_targets[target_no]->redo++; total_redo_count++; if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + printf("[DEBUG] - will be retried at the end: ip %s - login %s - " + "pass %s - child %d\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } @@ -1435,29 +1465,27 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { else hydra_targets[target_no]->done = TARGET_UNRESOLVED; // mark target as done by unable to connect hydra_brains.finished++; - fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + fprintf(stderr, + "[ERROR] Too many connect errors to target, disabling " + "%s://%s%s%s:%d\n", + hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); } if (hydra_brains.targets > hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else hydra_kill_head(head_no, 1, 2); - } // we keep the last one alive as long as it make sense + } // we keep the last one alive as long as it make sense } else { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == TARGET_ACTIVE - && hydra_options.skip_redo == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; hydra_targets[target_no]->redo++; total_redo_count++; if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + printf("[DEBUG] - will be retried at the end: ip %s - login %s - " + "pass %s - child %d\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } @@ -1500,28 +1528,28 @@ char *hydra_reverse_login(int32_t head_no, char *login) { start = hydra_heads[head_no]->reverse; pos = start + j; - while(start < --pos) { - switch( (*pos & 0xF0) >> 4 ) { + while (start < --pos) { + switch ((*pos & 0xF0) >> 4) { case 0xF: /* U+010000-U+10FFFF: four bytes. */ keep = *pos; - *pos = *(pos-3); - *(pos-3) = keep; - keep = *(pos-1); - *(pos-1) = *(pos-2); - *(pos-2) = keep; + *pos = *(pos - 3); + *(pos - 3) = keep; + keep = *(pos - 1); + *(pos - 1) = *(pos - 2); + *(pos - 2) = keep; pos -= 3; break; case 0xE: /* U+000800-U+00FFFF: three bytes. */ keep = *pos; - *pos = *(pos-2); - *(pos-2) = keep; + *pos = *(pos - 2); + *(pos - 2) = keep; pos -= 2; break; case 0xC: /* fall-through */ case 0xD: /* U+000080-U+0007FF: two bytes. */ keep = *pos; - *pos = *(pos-1); - *(pos-1) = keep; + *pos = *(pos - 1); + *(pos - 1) = keep; pos--; break; } @@ -1546,22 +1574,25 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) - printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + printf("[STATUS] attack finished for %s (waiting for children to " + "complete tests)\n", + hydra_targets[target_no]->target); } return -1; } } if (debug) - printf - ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %" hPRIu64 "/%" hPRIu64 ", passcnt %" hPRIu64 "/%" hPRIu64 ", loop_cnt %d\n", - target_no, head_no, hydra_targets[target_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, - hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); + printf("[DEBUG] send_next_pair_init target %d, head %d, redo %d, " + "redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass " + "%s, tlogin %s, tpass %s, logincnt %" hPRIu64 "/%" hPRIu64 ", passcnt %" hPRIu64 "/%" hPRIu64 ", loop_cnt %d\n", + target_no, head_no, hydra_targets[target_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { if (debug) - printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %" hPRIu64 ", todo %" hPRIu64 ")\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); + printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt " + "%d, sent %" hPRIu64 ", todo %" hPRIu64 ")\n", + loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); return -1; } @@ -1571,9 +1602,9 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { snpdone = 1; } else { if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) - printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %" hPRIu64 " of %" hPRIu64 "\n", - hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); + printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - " + "%" hPRIu64 " of %" hPRIu64 "\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); hydra_heads[head_no]->redo = 0; if (hydra_targets[target_no]->redo_state > 0) { if (hydra_targets[target_no]->redo_state <= hydra_targets[target_no]->redo) { @@ -1587,17 +1618,19 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) - printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + printf("[STATUS] attack finished for %s (waiting for children to " + "complete tests)\n", + hydra_targets[target_no]->target); } loop_cnt = 0; return -1; } - } else { // normale state, no redo + } else { // normale state, no redo if (hydra_targets[target_no]->done != TARGET_ACTIVE) { loop_cnt = 0; - return -1; // head will be disabled by main while() + return -1; // head will be disabled by main while() } - if (hydra_options.loop_mode == 0) { // one user after another + if (hydra_options.loop_mode == 0) { // one user after another if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { // as we loop password in mode == 0 we set the current login first hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; @@ -1611,7 +1644,8 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->pass_state++; } if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + // small check that there is a login name (could also be emtpy) and + // if we already tried empty password it would be a double if (hydra_options.try_null_password) { if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { hydra_heads[head_no]->current_pass_ptr = empty_login; @@ -1625,11 +1659,10 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->pass_state++; } if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + // small check that there is a login name (could also be emtpy) and + // if we already tried empty password it would be a double if (hydra_options.try_password_reverse_login) { - if ((hydra_options.try_password_same_as_login == 0 - || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) - && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { + if ((hydra_options.try_password_same_as_login == 0 || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); snpdone = 1; } else { @@ -1642,35 +1675,31 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { } // now we handle the -C -l/-L -p/-P data if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { - if (check_flag(hydra_options.mode, MODE_COLON_FILE)) { // colon mode + if (check_flag(hydra_options.mode, MODE_COLON_FILE)) { // colon mode hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; hydra_targets[target_no]->login_no++; snpdone = 1; hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; - //hydra_targets[target_no]->login_ptr++; + // hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; - //hydra_targets[target_no]->pass_ptr++; + // hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) hydra_targets[target_no]->pass_ptr++; hydra_targets[target_no]->pass_ptr++; if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) hydra_targets[target_no]->pass_state = 0; - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (-C)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } - } else { // standard -l -L -p -P mode + } else { // standard -l -L -p -P mode hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; hydra_targets[target_no]->pass_no++; // double check @@ -1692,22 +1721,18 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->pass_ptr++; hydra_targets[target_no]->pass_ptr++; } - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (-Pp)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } snpdone = 1; } } } - } else { // loop_mode == 1 + } else { // loop_mode == 1 if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; if (hydra_targets[target_no]->pass_state == 0) { @@ -1726,9 +1751,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { else hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); } else { - if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 - && hydra_heads[head_no]->current_pass_ptr != NULL && - strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) + if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 && hydra_heads[head_no]->current_pass_ptr != NULL && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) free(hydra_heads[head_no]->current_pass_ptr); hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); } @@ -1759,7 +1782,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif - } else { // -p -P mode + } else { // -p -P mode hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) hydra_targets[target_no]->pass_ptr++; @@ -1778,14 +1801,12 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->login_ptr++; } if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { - if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) - || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { + if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (1)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } } @@ -1793,16 +1814,16 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { } if (debug) - printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); + printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, " + "cpass %s, tlogin %s, tpass %s, redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); // no pair? then we go for redo state if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { if (debug) printf("[DEBUG] Entering redo_state\n"); hydra_targets[target_no]->redo_state++; - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } @@ -1813,11 +1834,13 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) - printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + printf("[STATUS] attack finished for %s (waiting for children to " + "complete tests)\n", + hydra_targets[target_no]->target); } } if (hydra_brains.targets > hydra_brains.finished) - hydra_kill_head(head_no, 1, 0); // otherwise done in main while loop + hydra_kill_head(head_no, 1, 0); // otherwise done in main while loop } else { if (hydra_targets[target_no]->skipcnt > 0) { snpj = 0; @@ -1849,7 +1872,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; } - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } @@ -1868,22 +1891,22 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_brains.sent++; hydra_targets[target_no]->sent++; } else if (debug) - printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, snp_is_redo); - //hydra_dump_data(snpbuf, snpbuflen, "SENT"); + printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, " + "cpass %s, tlogin %s, tpass %s, is_redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, snp_is_redo); + // hydra_dump_data(snpbuf, snpbuflen, "SENT"); fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); if (fck < snpbuflen) { if (verbose) fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); hydra_increase_fail_count(target_no, head_no); loop_cnt = 0; - return 0; // not prevent disabling it, if its needed its already done in the above line + return 0; // not prevent disabling it, if its needed its already done in + // the above line } if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", - hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, - hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, hydra_targets[target_no]->redo); + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, + hydra_targets[target_no]->redo); } loop_cnt = 0; return 0; @@ -1949,7 +1972,8 @@ int32_t hydra_check_for_exit_condition() { if (hydra_heads[i]->active >= HEAD_UNUSED) k = 1; if (k == 0) { - fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); + fprintf(stderr, "[ERROR] all children were disabled due too many " + "connection errors\n"); return -1; } } @@ -1974,7 +1998,7 @@ void process_proxy_line(int32_t type, char *string) { struct addrinfo hints, *res, *p; struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - + if (string == NULL || string[0] == 0 || string[0] == '#') return; while (*string == ' ' || *string == '\t') @@ -2002,7 +2026,10 @@ void process_proxy_line(int32_t type, char *string) { *sep = 0; target_string = sep + 1; if (index(auth_string, ':') == NULL) { - fprintf(stderr, "[WARNING] %s has an invalid authentication definition %s, must be in the format login:pass, entry ignored\n", target_string, auth_string); + fprintf(stderr, + "[WARNING] %s has an invalid authentication definition %s, must " + "be in the format login:pass, entry ignored\n", + target_string, auth_string); return; } } @@ -2021,19 +2048,28 @@ void process_proxy_line(int32_t type, char *string) { return; } } else { - fprintf(stderr, "[WARNING] %s has not port definition which is required, entry ignored\n", target_string); + fprintf(stderr, + "[WARNING] %s has not port definition which is required, entry " + "ignored\n", + target_string); return; } if (use_proxy == 1 && strcmp(type_string, "http") != 0) { - fprintf(stderr, "[WARNING] %s:// is an invalid type, must be http:// if you use HYDRA_PROXY_HTTP, entry ignored\n", type_string); + fprintf(stderr, + "[WARNING] %s:// is an invalid type, must be http:// if you use " + "HYDRA_PROXY_HTTP, entry ignored\n", + type_string); return; } if (use_proxy == 2 && strcmp(type_string, "connect") != 0 && strcmp(type_string, "socks4") != 0 && strcmp(type_string, "socks5") != 0) { - fprintf(stderr, "[WARNING] %s:// is an invalid type, must be connect://, socks4:// or socks5:// if you use HYDRA_PROXY, entry ignored\n", type_string); + fprintf(stderr, + "[WARNING] %s:// is an invalid type, must be connect://, socks4:// " + "or socks5:// if you use HYDRA_PROXY, entry ignored\n", + type_string); return; } - + memset(&hints, 0, sizeof hints); if (getaddrinfo(target_string, NULL, &hints, &res) != 0) { fprintf(stderr, "[ERROR] could not resolve proxy target %s, entry ignored\n", target_string); @@ -2043,13 +2079,13 @@ void process_proxy_line(int32_t type, char *string) { for (p = res; p != NULL; p = p->ai_next) { #ifdef AF_INET6 if (p->ai_family == AF_INET6) { - if (ipv6 == NULL || memcmp((char *) &ipv6->sin6_addr, fe80, 2) == 0) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; + if (ipv6 == NULL || memcmp((char *)&ipv6->sin6_addr, fe80, 2) == 0) + ipv6 = (struct sockaddr_in6 *)p->ai_addr; } else #endif - if (p->ai_family == AF_INET) { + if (p->ai_family == AF_INET) { if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; + ipv4 = (struct sockaddr_in *)p->ai_addr; } } freeaddrinfo(res); @@ -2058,18 +2094,22 @@ void process_proxy_line(int32_t type, char *string) { #ifdef AF_INET6 if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { if (memcmp(proxy_string_ip[proxy_count] + 1, fe80, 2) == 0 && device_string == NULL) { - fprintf(stderr, "[WARNING] The proxy address %s is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0, entry ignored\n", target_string); + fprintf(stderr, + "[WARNING] The proxy address %s is a link local address, link " + "local addresses require the interface being defined like this: " + "fe80::1%%eth0, entry ignored\n", + target_string); return; } proxy_string_ip[proxy_count][0] = 16; - memcpy(proxy_string_ip[proxy_count] + 1, (char *) &ipv6->sin6_addr, 16); + memcpy(proxy_string_ip[proxy_count] + 1, (char *)&ipv6->sin6_addr, 16); if (device_string != NULL && strlen(device_string) <= 16) strcpy(proxy_string_ip[proxy_count] + 17, device_string); } else #endif - if (ipv4 != NULL) { + if (ipv4 != NULL) { proxy_string_ip[proxy_count][0] = 4; - memcpy(proxy_string_ip[proxy_count] + 1, (char *) &ipv4->sin_addr, 4); + memcpy(proxy_string_ip[proxy_count] + 1, (char *)&ipv4->sin_addr, 4); } else { fprintf(stderr, "[WARNING] Could not resolve proxy address: %s, entry ignored\n", target_string); return; @@ -2081,12 +2121,12 @@ void process_proxy_line(int32_t type, char *string) { } strcpy(proxy_authentication[proxy_count], auth_string); if (strncmp(type_string, "socks", 5) != 0) // so it is web - hydra_tobase64((unsigned char *) proxy_authentication[proxy_count], strlen(proxy_authentication[proxy_count]), strlen(auth_string) * 2 + 8); + hydra_tobase64((unsigned char *)proxy_authentication[proxy_count], strlen(proxy_authentication[proxy_count]), strlen(auth_string) * 2 + 8); } else proxy_authentication[proxy_count] = NULL; strcpy(proxy_string_type[proxy_count], type_string); proxy_string_port[proxy_count] = port; - + if (debug) printf("[DEBUG] count %d type %s target %s port %d auth %s\n", proxy_count, proxy_string_type[proxy_count], target_string, proxy_string_port[proxy_count], proxy_authentication[proxy_count]); proxy_count++; @@ -2110,7 +2150,9 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2020 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); + printf("%s %s (c) 2020 by %s & %s - Please do not use in military or secret " + "service organizations, or for illegal purposes.\n\n", + PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP SERVICES = hydra_string_replace(SERVICES, "afp ", ""); strcat(unsupported, "afp "); @@ -2210,8 +2252,8 @@ int main(int argc, char *argv[]) { strcat(unsupported, "regex support "); #endif - (void) setvbuf(stdout, NULL, _IONBF, 0); - (void) setvbuf(stderr, NULL, _IONBF, 0); + (void)setvbuf(stdout, NULL, _IONBF, 0); + (void)setvbuf(stderr, NULL, _IONBF, 0); // set defaults memset(&hydra_options, 0, sizeof(hydra_options)); memset(&hydra_brains, 0, sizeof(hydra_brains)); @@ -2298,7 +2340,10 @@ int main(int argc, char *argv[]) { hydra_options.mode = hydra_options.mode | MODE_PASSWORD_SAME; break; default: - fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); + fprintf(stderr, + "[ERROR] unknown mode %c for option -e, only supporting " + "\"n\", \"s\" and \"r\"\n", + optarg[i]); exit(-1); } i++; @@ -2336,12 +2381,12 @@ int main(int argc, char *argv[]) { break; case 'b': outfile_format_tmp = optarg; - if (strcasecmp(outfile_format_tmp,"text") == 0) - hydra_options.outfile_format = FORMAT_PLAIN_TEXT; - else if (strcasecmp(outfile_format_tmp,"json") == 0) // latest json formatting. - hydra_options.outfile_format = FORMAT_JSONV1; - else if (strcasecmp(outfile_format_tmp,"jsonv1") == 0) - hydra_options.outfile_format = FORMAT_JSONV1; + if (strcasecmp(outfile_format_tmp, "text") == 0) + hydra_options.outfile_format = FORMAT_PLAIN_TEXT; + else if (strcasecmp(outfile_format_tmp, "json") == 0) // latest json formatting. + hydra_options.outfile_format = FORMAT_JSONV1; + else if (strcasecmp(outfile_format_tmp, "jsonv1") == 0) + hydra_options.outfile_format = FORMAT_JSONV1; else { fprintf(stderr, "[ERROR] Output file format must be (text, json, jsonv1)\n"); exit(-1); @@ -2364,7 +2409,8 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); exit(-1); } else if (waittime < 5) - fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); + fprintf(stderr, "[WARNING] the waittime you set is low, this can " + "result in errornous results\n"); break; case 'W': hydra_options.conwait = conwait = atoi(optarg); @@ -2378,14 +2424,16 @@ int main(int argc, char *argv[]) { if (hydra_options.time_next_attempt < 0) { fprintf(stderr, "[ERROR] -c option value can not be negative\n"); exit(-1); - } + } #else - fprintf(stderr, "[WARNING] -c option can not be used as your operating system is missing the MSG_PEEK feature\n"); + fprintf(stderr, "[WARNING] -c option can not be used as your operating " + "system is missing the MSG_PEEK feature\n"); #endif break; case 'S': #ifndef LIBOPENSSL - fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); + fprintf(stderr, "[WARNING] hydra was compiled without SSL support. " + "Install openssl and recompile! Option ignored...\n"); hydra_options.ssl = 0; break; #else @@ -2403,7 +2451,8 @@ int main(int argc, char *argv[]) { break; case 'x': #ifndef HAVE_MATH_H - fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); + fprintf(stderr, "[ERROR] -x option is not available as math.h was not " + "found at compile time\n"); exit(-1); #else if (strcmp(optarg, "-h") == 0) @@ -2427,12 +2476,12 @@ int main(int argc, char *argv[]) { hydra_options.tasks = 1; } - //check if output is redirected from the shell or in a file + // check if output is redirected from the shell or in a file if (colored_output && !isatty(fileno(stdout))) colored_output = 0; #ifdef LIBNCURSES - //then check if the term is color enabled using ncurses lib + // then check if the term is color enabled using ncurses lib if (colored_output) { if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { colored_output = 0; @@ -2442,8 +2491,8 @@ int main(int argc, char *argv[]) { } } #else - //don't want border line effect so disabling color output - //if we are not sure about the term + // don't want border line effect so disabling color output + // if we are not sure about the term colored_output = 0; #endif @@ -2452,7 +2501,7 @@ int main(int argc, char *argv[]) { if (hydra_options.restore && argc > 2 + debug + verbose) fprintf(stderr, "[WARNING] options after -R are now honored (since v8.6)\n"); -// bail("no option may be supplied together with -R"); + // bail("no option may be supplied together with -R"); printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (debug) { @@ -2462,41 +2511,49 @@ int main(int argc, char *argv[]) { printf("\n"); } if (hydra_options.tasks > 1 && hydra_options.time_next_attempt) - fprintf(stderr, "[WARNING] when using the -c option, you should also set the task per target to one (-t 1)\n"); + fprintf(stderr, "[WARNING] when using the -c option, you should also set " + "the task per target to one (-t 1)\n"); if (hydra_options.login != NULL && hydra_options.loginfile != NULL) bail("You can only use -L OR -l, not both\n"); if (hydra_options.pass != NULL && hydra_options.passfile != NULL) bail("You can only use -P OR -p, not both\n"); if (hydra_options.outfile_format != FORMAT_PLAIN_TEXT && hydra_options.outfile_ptr == NULL) - fprintf(stderr, "[WARNING] output file format specified (-b) - but no output file (-o)\n"); - + fprintf(stderr, "[WARNING] output file format specified (-b) - but no " + "output file (-o)\n"); + if (hydra_options.restore) { -// hydra_restore_read(); + // hydra_restore_read(); // stuff we have to copy from the non-restore part if (strncmp(hydra_options.service, "http-", 5) == 0) { if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get/http-post!"); + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service " + "http-head/http-get/http-post!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } } - } else { // normal mode, aka non-restore mode + } else { // normal mode, aka non-restore mode if (hydra_options.colonfile) - hydra_options.loop_mode = 0; // just to be sure + hydra_options.loop_mode = 0; // just to be sure if (hydra_options.infile_ptr != NULL) { if (optind + 2 < argc) - bail("The -M FILE option can not be used together with a host on the commandline"); + bail("The -M FILE option can not be used together with a host on the " + "commandline"); if (optind + 1 > argc) bail("You need to define a service to attack"); if (optind + 2 == argc) - fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); + fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on " + "the commandline. Lets hope you did everything right!\n"); hydra_options.server = NULL; hydra_options.service = argv[optind]; if (optind + 2 == argc) hydra_options.miscptr = argv[optind + 1]; } else if (optind + 2 != argc && optind + 3 != argc && optind < argc) { - // check if targetdef follow syntax ://[:][/] or it's a syntax error + // check if targetdef follow syntax + // ://[:][/] or it's a + // syntax error char *targetdef = strdup(argv[optind]); char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; cmdlinetarget = argv[optind]; @@ -2531,7 +2588,8 @@ int main(int argc, char *argv[]) { *param_pos++ = 0; if (port_pos != NULL && index(port_pos, ':') != NULL) { if (prefer_ipv6) - bail("Illegal IPv6 target definition must be written within '[' ']'"); + bail("Illegal IPv6 target definition must be written within '[' " + "']'"); else bail("Illegal port definition"); } @@ -2547,12 +2605,13 @@ int main(int argc, char *argv[]) { *--param_pos = '/'; hydra_options.miscptr = strdup(param_pos); } - //printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); + // printf("target: %s service: %s port: %s opt: %s\n", target_pos, + // hydra_options.service, port_pos, param_pos); if (debug) printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%u misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); } else { - hydra_options.server = NULL; - hydra_options.service = NULL; + hydra_options.server = NULL; + hydra_options.service = NULL; if (modusage) { hydra_options.service = targetdef; @@ -2561,12 +2620,16 @@ int main(int argc, char *argv[]) { } } else { if (modusage && argv[optind] == NULL) { - printf("[ERROR] you must supply a service name after the -U help switch\n"); + printf("[ERROR] you must supply a service name after the -U help " + "switch\n"); exit(-1); } if (argv[optind] == NULL || strstr(argv[optind], "://") != NULL) { printf("[ERROR] Invalid target definition!\n"); - printf("[ERROR] Either you use \"www.example.com module [optional-module-parameters]\" *or* you use the \"module://www.example.com/optional-module-parameters\" syntax!\n"); + printf("[ERROR] Either you use \"www.example.com module " + "[optional-module-parameters]\" *or* you use the " + "\"module://www.example.com/optional-module-parameters\" " + "syntax!\n"); exit(-1); } hydra_options.server = argv[optind]; @@ -2577,31 +2640,30 @@ int main(int argc, char *argv[]) { } if (getenv("HYDRA_PROXY_CONNECT")) - fprintf(stderr, "[WARNING] The environment variable HYDRA_PROXY_CONNECT is not used! Use HYDRA_PROXY instead!\n"); + fprintf(stderr, "[WARNING] The environment variable HYDRA_PROXY_CONNECT " + "is not used! Use HYDRA_PROXY instead!\n"); // wrong option use patch - if (hydra_options.ssl && ( ((strcmp(hydra_options.service, "smtp") == 0 || strcmp(hydra_options.service, "smtp-enum") == 0) && hydra_options.port != 465) || \ - (strcmp(hydra_options.service, "pop3") == 0 && hydra_options.port != 995) || \ - (strcmp(hydra_options.service, "imap") == 0 && hydra_options.port != 993) - )) - fprintf(stderr, "[WARNING] you want to access SMTP/POP3/IMAP with SSL. Are you sure you want to use direct SSL (-S) instead of STARTTLS (-m TLS)?\n"); + if (hydra_options.ssl && (((strcmp(hydra_options.service, "smtp") == 0 || strcmp(hydra_options.service, "smtp-enum") == 0) && hydra_options.port != 465) || (strcmp(hydra_options.service, "pop3") == 0 && hydra_options.port != 995) || (strcmp(hydra_options.service, "imap") == 0 && hydra_options.port != 993))) + fprintf(stderr, "[WARNING] you want to access SMTP/POP3/IMAP with SSL. Are you sure " + "you want to use direct SSL (-S) instead of STARTTLS (-m TLS)?\n"); if (strcmp(hydra_options.service, "http") == 0 || strcmp(hydra_options.service, "https") == 0) { - fprintf(stderr, "[ERROR] There is no service \"%s\", most likely you mean one of the many web modules, e.g. http-get or http-form-post. Read it up!\n", hydra_options.service); + fprintf(stderr, + "[ERROR] There is no service \"%s\", most likely you mean one of the " + "many web modules, e.g. http-get or http-form-post. Read it up!\n", + hydra_options.service); exit(-1); } - if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 - || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { + if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { hydra_options.ssl = 1; hydra_options.service[strlen(hydra_options.service) - 1] = 0; } if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { - if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || - strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || - strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || - strcmp(hydra_options.service, "sapr3") == 0 || strcmp(hydra_options.service, "memcached") == 0 || strcmp(hydra_options.service, "mongodb") == 0) { + if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || strcmp(hydra_options.service, "sapr3") == 0 || + strcmp(hydra_options.service, "memcached") == 0 || strcmp(hydra_options.service, "mongodb") == 0) { fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); proxy_string = NULL; } @@ -2609,9 +2671,9 @@ int main(int argc, char *argv[]) { /* here start the services */ - if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 - || strcmp(hydra_options.service, "https") == 0) { - fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); + if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 || strcmp(hydra_options.service, "https") == 0) { + fprintf(stderr, "[WARNING] The service http has been replaced with http-head and " + "http-get, using by default GET method. Same for https.\n"); if (strcmp(hydra_options.service, "http") == 0) { hydra_options.service = malloc(strlen("http-get") + 1); strcpy(hydra_options.service, "http-get"); @@ -2633,7 +2695,8 @@ int main(int argc, char *argv[]) { if (modusage == 1) { if (hydra_options.service == NULL) { - printf("[ERROR] you must supply a service name after the -U help switch\n"); + printf("[ERROR] you must supply a service name after the -U help " + "switch\n"); exit(-1); } module_usage(); @@ -2641,21 +2704,25 @@ int main(int argc, char *argv[]) { i = 0; if (strcmp(hydra_options.service, "telnet") == 0) { - fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); + fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if " + "possible better choose FTP, SSH, etc. if available\n"); i = 1; } if (strcmp(hydra_options.service, "ftp") == 0) i = 1; if (strcmp(hydra_options.service, "ftps") == 0) { - fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); + fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to " + "use direct SSL ftp, use -S and the ftp module instead.\n"); i = 1; } if (strcmp(hydra_options.service, "pop3") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + fprintf(stderr, "[INFO] several providers have implemented cracking protection, " + "check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "imap") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + fprintf(stderr, "[INFO] several providers have implemented cracking protection, " + "check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "redis") == 0) @@ -2675,7 +2742,9 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "socks5") == 0) i = 1; if (strcmp(hydra_options.service, "icq") == 0) { - fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); + fprintf(stderr, "[WARNING] The icq module is not working with the modern " + "protocol version! (somebody else will need to fix this " + "as I don't care for icq)\n"); i = 1; } if (strcmp(hydra_options.service, "memcached") == 0) @@ -2687,7 +2756,7 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "mongodb") == 0) #ifdef LIBMONGODB - { + { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) fprintf(stderr, "[INFO] The mongodb db wasn't passed so using admin by default\n"); @@ -2699,7 +2768,8 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "mysql") == 0) { i = 1; if (hydra_options.tasks > 4) { - fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not " + "like many parallel connections)\n"); hydra_options.tasks = 4; } } @@ -2763,18 +2833,21 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "cvs") == 0) { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); + fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using " + "/root by default\n"); } } if (strcmp(hydra_options.service, "svn") == 0) { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); + fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using " + "/trunk by default\n"); } } if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { if (hydra_options.tasks > 8) - fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n"); + fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel " + "tasks, it is recommended to reduce the tasks: use -t 4\n"); #ifdef LIBSSH i = 1; #else @@ -2782,7 +2855,8 @@ int main(int argc, char *argv[]) { #endif } if (strcmp(hydra_options.service, "smtp") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + fprintf(stderr, "[INFO] several providers have implemented cracking protection, " + "check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "smtp-enum") == 0) @@ -2791,25 +2865,26 @@ int main(int argc, char *argv[]) { i = 1; if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not " + "like parallel connections)\n"); hydra_options.tasks = 1; } if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) - fprintf(stderr, "[WARNING] potential windows domain specification found in login. You must use the -m option to pass a domain.\n"); + fprintf(stderr, "[WARNING] potential windows domain specification found in " + "login. You must use the -m option to pass a domain.\n"); i = 1; } if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { #ifdef LIBOPENSSL if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not " + "like parallel connections)\n"); hydra_options.tasks = 1; } i = 1; #endif } - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || - (strcmp(hydra_options.service, "sip") == 0) || - (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { #ifndef LIBOPENSSL bail("Compiled without OPENSSL support, module not available!"); #endif @@ -2818,22 +2893,17 @@ int main(int argc, char *argv[]) { #if !defined(LIBSMBCLIENT) bail("Compiled without LIBSMBCLIENT support, module not available!"); #else - if (hydra_options.login != NULL && - (index(hydra_options.login, '\\') != NULL || - index(hydra_options.login, '/') != NULL)) - fprintf(stderr, - "[WARNING] potential windows domain specification found in " - "login. You must use the -m option to pass a domain.\n"); - if (hydra_options.miscptr == NULL || \ - (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, - "[WARNING] Workgroup was not specified, using \"WORKGROUP\"\n"); + if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + fprintf(stderr, "[WARNING] potential windows domain specification found in " + "login. You must use the -m option to pass a domain.\n"); + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[WARNING] Workgroup was not specified, using \"WORKGROUP\"\n"); } i = 1; #endif } - if (strcmp(hydra_options.service, "rdp") == 0){ + if (strcmp(hydra_options.service, "rdp") == 0) { #ifndef LIBFREERDP2 bail("Compiled without FREERDP2 support, module not available!"); #endif @@ -2841,17 +2911,21 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "pcnfs") == 0) { i = 1; if (port == 0) - bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); + bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" " + "and look for the pcnfs v2 UDP port)"); } if (strcmp(hydra_options.service, "sapr3") == 0) { #ifdef LIBSAPR3 i = 1; if (port == PORT_SAPR3) - bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); + bail("You must set the port for sapr3 with -s , it should lie " + "between 3200 and 3699."); if (port < 3200 || port > 3699) - fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); + fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - " + "please ensure it is ok!\n"); if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) - bail("You must set the client ID (0-999) as an additional option or via -m"); + bail("You must set the client ID (0-999) as an additional option or " + "via -m"); #else bail("Compiled without LIBSAPR3 support, module not available!"); #endif @@ -2859,13 +2933,17 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "cisco") == 0) { i = 2; if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); + fprintf(stderr, "[WARNING] you should set the number of parallel task " + "to 4 for cisco services.\n"); } if (strcmp(hydra_options.service, "adam6500") == 0) { i = 2; - fprintf(stderr, "[WARNING] the module adam6500 is work in progress! please submit a pcap of a successful login as well as false positives to vh@thc.org\n"); + fprintf(stderr, "[WARNING] the module adam6500 is work in progress! " + "please submit a pcap of a successful login as well as " + "false positives to vh@thc.org\n"); if (hydra_options.tasks > 1) - fprintf(stderr, "[WARNING] reset the number of parallel task to 1 for adam6500 modbus authentication\n"); + fprintf(stderr, "[WARNING] reset the number of parallel task to 1 for " + "adam6500 modbus authentication\n"); hydra_options.tasks = 1; } if (strncmp(hydra_options.service, "snmpv", 5) == 0) { @@ -2923,30 +3001,37 @@ int main(int argc, char *argv[]) { } i = 2; if ((j & 3) < 3 && j > 2) - fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); + fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and " + "encryption, ignored\n"); if ((j & 3) == 3) { - fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); + fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own " + "risk and report problems\n"); if (j >= 16) - bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); - if (hydra_options.colonfile == NULL - && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { + bail("The SNMPv3 module so far only support authentication " + "(md5/sha), not yet encryption\n"); + if (hydra_options.colonfile == NULL && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { if (j > 3) { - fprintf(stderr, "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); + fprintf(stderr, "[ERROR] you specified SNMPv3, defined hashing/encryption but " + "only gave one of login or password list. Either supply both " + "logins and passwords (this is what is usually used in " + "SNMPv3), or remove the hashing/encryption option (unusual)\n"); exit(-1); } - fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); + fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, " + "NoAuthNoPriv is assumed. This is an unusual case, " + "you should know what you are doing\n"); tmpptr = malloc(strlen(hydra_options.miscptr) + 8); strcpy(tmpptr, hydra_options.miscptr); strcat(tmpptr, ":"); strcat(tmpptr, "PLAIN"); hydra_options.miscptr = tmpptr; } else { - i = 1; // snmpv3 with login+pass mode + i = 1; // snmpv3 with login+pass mode #ifndef LIBOPENSSL - bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); + bail("hydra was not compiled with OPENSSL support, snmpv3 can only " + "be used on NoAuthNoPriv mode (only logins, no passwords)!"); #endif - printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", - (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); + printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); } } } @@ -2963,15 +3048,16 @@ int main(int argc, char *argv[]) { } } if (strcmp(hydra_options.service, "ldap") == 0) { - bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); + bail("Please select ldap2 or ldap3 for simple authentication or " + "ldap3-crammd5 or ldap3-digestmd5\n"); } if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { i = 1; - if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) - || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) + if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) bail("you may only use one of -l, -L or -m\n"); if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); + fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN " + "of null (use -m, -l or -L to define DNs)\n"); if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { i = 2; } @@ -2989,26 +3075,30 @@ int main(int argc, char *argv[]) { i = 1; if (strcmp(hydra_options.service, "s7-300") == 0) { if (hydra_options.tasks > 8) { - fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not " + "like more connections)\n"); hydra_options.tasks = 8; } i = 2; } if (strcmp(hydra_options.service, "cisco-enable") == 0) { if (hydra_options.login != NULL || hydra_options.loginfile != NULL) - i = 1; // login will be the initial Username: login, or line Password: + i = 1; // login will be the initial Username: login, or line Password: else i = 2; if (hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); + fprintf(stderr, "[WARNING] You did not supply the initial support to " + "the Cisco via -l, assuming direct console access\n"); if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); + fprintf(stderr, "[WARNING] you should set the number of parallel task " + "to 4 for cisco enable services.\n"); } if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { i = 4; hydra_options.pass = empty_login; if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); + fprintf(stderr, "[WARNING] You did not supply proxy credentials via " + "the optional parameter\n"); } if (hydra_options.bfg || hydra_options.passfile != NULL) bail("the http-proxy-urlenum does not need the -p/-P or -x option"); @@ -3016,7 +3106,8 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "vnc") == 0) { i = 2; if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); + fprintf(stderr, "[WARNING] you should set the number of parallel task " + "to 4 for vnc services.\n"); } if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0 || strcmp(hydra_options.service, "https-post") == 0) { #ifdef LIBOPENSSL @@ -3024,11 +3115,10 @@ int main(int argc, char *argv[]) { hydra_options.ssl = 1; if (strcmp(hydra_options.service, "https-head") == 0) strcpy(hydra_options.service, "http-head"); + else if (strcmp(hydra_options.service, "https-post") == 0) + strcpy(hydra_options.service, "http-post"); else - if (strcmp(hydra_options.service, "https-post") == 0) - strcpy(hydra_options.service, "http-post"); - else - strcpy(hydra_options.service, "http-get"); + strcpy(hydra_options.service, "http-get"); #else bail("Compiled without SSL support, module not available"); #endif @@ -3036,29 +3126,34 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0 || strcmp(hydra_options.service, "http-post") == 0) { i = 1; if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + fprintf(stderr, "[WARNING] You must supply the web page as an " + "additional option or via -m, default path set to /\n"); hydra_options.miscptr = malloc(2); hydra_options.miscptr = "/"; } if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + bail("The web page you supplied must start with a \"/\", \"http://\" " + "or \"https://\", e.g. \"/protected/login\""); if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service http-head/http-get!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } if (strcmp(hydra_options.service, "http-head") == 0) - fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); + fprintf(stderr, "[WARNING] http-head auth does not work with every " + "server, better use http-get\n"); } - if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 - || strcmp(hydra_options.service, "https-post-form") == 0) { - char bufferurl[6096+24], *url, *variables, *cond, *optional1; //6096 comes from issue 192 on github. Extra 24 bytes for null padding. + if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 || strcmp(hydra_options.service, "https-post-form") == 0) { + char bufferurl[6096 + 24], *url, *variables, *cond, + *optional1; // 6096 comes from issue 192 on github. Extra 24 bytes for + // null padding. if (strncmp(hydra_options.service, "http-", 5) == 0) { i = 1; - } else { // https + } else { // https #ifdef LIBOPENSSL i = 1; hydra_options.ssl = 1; @@ -3071,23 +3166,28 @@ int main(int argc, char *argv[]) { #endif } if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + fprintf(stderr, "[WARNING] You must supply the web page as an " + "additional option or via -m, default path set to /\n"); hydra_options.miscptr = malloc(2); hydra_options.miscptr = "/"; } - //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + // if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, + // "://") == NULL) + // bail("The web page you supplied must start with a \"/\", \"http://\" + // or \"https://\", e.g. \"/protected/login\""); if (hydra_options.miscptr[0] != '/') bail("optional parameter must start with a '/' slash!\n"); if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service http-head/http-get!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } if (strstr(hydra_options.miscptr, "\\:") != NULL) { - fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); + fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module " + "option, no parameter verification is performed.\n"); } else { sprintf(bufferurl, "%.6000s", hydra_options.miscptr); url = strtok(bufferurl, ":"); @@ -3095,11 +3195,17 @@ int main(int argc, char *argv[]) { cond = strtok(NULL, ":"); optional1 = strtok(NULL, "\n"); if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL && strstr(variables, "^USER64^") == NULL && strstr(variables, "^PASS64^") == NULL)) { - fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n", STR_NULL(variables)); + fprintf(stderr, + "[ERROR] the variables argument needs at least the strings " + "^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n", + STR_NULL(variables)); exit(-1); } if ((url == NULL) || (cond == NULL)) { - fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); + fprintf(stderr, + "[ERROR] Wrong syntax, requires three arguments separated by " + "a colon which may not be null: %s\n", + bufferurl); exit(-1); } while ((optional1 = strtok(NULL, ":")) != NULL) { @@ -3108,17 +3214,23 @@ int main(int argc, char *argv[]) { exit(-1); } switch (optional1[0]) { - case 'C': // fall through + case 'C': // fall through case 'c': if (optional1[1] != '=' || optional1[2] != '/') { - fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); + fprintf(stderr, + "[ERROR] Wrong syntax of parameter C, must look like " + "'C=/url/of/page', not http:// etc.: %s\n", + optional1); exit(-1); } break; - case 'H': // fall through + case 'H': // fall through case 'h': if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { - fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); + fprintf(stderr, + "[ERROR] Wrong syntax of parameter H, must look like " + "'H=X-My-Header: MyValue', no http:// : %s\n", + optional1); exit(-1); } break; @@ -3135,21 +3247,26 @@ int main(int argc, char *argv[]) { i = 1; if (strcmp(hydra_options.service, "rdp") == 0) { if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); + fprintf(stderr, "[WARNING] rdp servers often don't like many connections, use -t 1 " + "or -t 4 to reduce the number of parallel connections and -W 1 or " + "-W 3 to wait between connection to allow the server to recover\n"); if (hydra_options.tasks > 4) { - fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); - hydra_options.tasks = 4; + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not " + "like many parallel connections)\n"); + hydra_options.tasks = 4; } if (conwait == 0) - hydra_options.conwait = conwait = 1; - printf("[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n"); + hydra_options.conwait = conwait = 1; + printf("[WARNING] the rdp module is experimental. Please test, report - " + "and if possible, fix.\n"); i = 1; } if (strcmp(hydra_options.service, "radmin2") == 0) { #ifdef HAVE_GCRYPT i = 1; #else - bail("hydra was not compiled with gcrypt support, radmin2 module not available"); + bail("hydra was not compiled with gcrypt support, radmin2 module not " + "available"); #endif } @@ -3161,24 +3278,30 @@ int main(int argc, char *argv[]) { } if (port < 1 || port > 65535) { if ((port = hydra_lookup_port(hydra_options.service)) < 1) { - fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n"); + fprintf(stderr, "[ERROR] No valid port set or no default port " + "available. Use the -s Option.\n"); exit(-1); } hydra_options.port = port; } if (hydra_options.ssl == 0 && hydra_options.port == 443) - fprintf(stderr, "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); + fprintf(stderr, "[WARNING] you specified port 443 for attacking a http " + "service, however did not specify the -S ssl switch nor " + "used https-..., therefore using plain HTTP\n"); if (hydra_options.loop_mode && hydra_options.colonfile != NULL) - bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); + bail("The loop mode option (-u) works with all modes - except colon " + "files (-C)\n"); if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) - fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); + fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only " + "with the http-head/http-get module, ignored...\n"); if (i == 2) { - if (hydra_options.colonfile != NULL - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) - bail - ("The redis, adam6500, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); + if (hydra_options.colonfile != NULL || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) + bail("The redis, adam6500, cisco, oracle-listener, s7-300, snmp and " + "vnc modules are only using the -p or -P option, not login (-l, " + "-L) or colon file (-C).\nUse the telnet module for cisco using " + "\"Username:\" authentication.\n"); if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { hydra_options.pass = hydra_options.login; hydra_options.passfile = hydra_options.loginfile; @@ -3187,9 +3310,9 @@ int main(int argc, char *argv[]) { hydra_options.loginfile = NULL; } if (i == 3) { - if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) - bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); + if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) + bail("The rsh, oracle-sid login is neither using the -p, -P or -x " + "options nor colon file (-C)\n"); if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { hydra_options.login = hydra_options.pass; hydra_options.loginfile = hydra_options.passfile; @@ -3200,23 +3323,23 @@ int main(int argc, char *argv[]) { if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) bail("I need at least either the -l or -L option to know the login"); if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) - bail("I need at least either the -p, -P or -x option to have a password to try"); + bail("I need at least either the -p, -P or -x option to have a password " + "to try"); if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) bail("I need at least either the -l, -L or -C option to know the login"); - if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) - || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) + if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); - if ((hydra_options.bfg) - && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) - || (hydra_options.colonfile != NULL))) - bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); - if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 - && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { - // test if the service is smtp-enum as it could be used either with a login+pass or only a login + if ((hydra_options.bfg) && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) || (hydra_options.colonfile != NULL))) + bail("The -x (password bruteforce generation option) doesn't work with " + "-p/P, -C or -e!\n"); + if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { + // test if the service is smtp-enum as it could be used either with a + // login+pass or only a login if (strstr(hydra_options.service, "smtp-enum") != NULL) hydra_options.pass = empty_login; else - bail("I need at least the -e, -p, -P or -x option to have some passwords!"); + bail("I need at least the -e, -p, -P or -x option to have some " + "passwords!"); } if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); @@ -3227,16 +3350,10 @@ int main(int argc, char *argv[]) { hydra_options.max_use = MAXTASKS; } // script kiddie patch - if (hydra_options.server != NULL && ( - hydra_strcasestr(hydra_options.server, ".outlook.com") != NULL || - hydra_strcasestr(hydra_options.server, ".hotmail.com") != NULL || - hydra_strcasestr(hydra_options.server, ".yahoo.") != NULL || - hydra_strcasestr(hydra_options.server, ".gmx.") != NULL || - hydra_strcasestr(hydra_options.server, ".web.de") != NULL || - hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || - hydra_strcasestr(hydra_options.server, "googlemail.") != NULL - )) { - fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); + if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, ".outlook.com") != NULL || hydra_strcasestr(hydra_options.server, ".hotmail.com") != NULL || hydra_strcasestr(hydra_options.server, ".yahoo.") != NULL || hydra_strcasestr(hydra_options.server, ".gmx.") != NULL || hydra_strcasestr(hydra_options.server, ".web.de") != NULL || hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) { + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and " + "hydra detection and sends false positives. You are not " + "doing anything illegal right?!\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); } @@ -3257,7 +3374,10 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %" hPRIu64 " bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizelogin); + fprintf(stderr, + "[ERROR] Maximum size of the login file is %d, this file has " + "%" hPRIu64 " bytes.\n", + MAX_BYTES, (uint64_t)hydra_brains.sizelogin); exit(-1); } login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); @@ -3282,11 +3402,17 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.countpass > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %" hPRIu64 " entries.\n", MAX_LINES, hydra_brains.countpass); + fprintf(stderr, + "[ERROR] Maximum number of passwords is %d, this file has " + "%" hPRIu64 " entries.\n", + MAX_LINES, hydra_brains.countpass); exit(-1); } if (hydra_brains.sizepass > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %" hPRIu64 " bytes.\n", MAX_BYTES, (uint64_t) hydra_brains.sizepass); + fprintf(stderr, + "[ERROR] Maximum size of the password file is %d, this file " + "has %" hPRIu64 " bytes.\n", + MAX_BYTES, (uint64_t)hydra_brains.sizepass); exit(-1); } pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); @@ -3303,7 +3429,7 @@ int main(int argc, char *argv[]) { if (hydra_options.bfg) { #ifdef HAVE_MATH_H if (bf_init(bf_options.arg)) - exit(-1); // error description is handled by bf_init + exit(-1); // error description is handled by bf_init pass_ptr = bf_next(hydra_options.rainy); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; @@ -3329,11 +3455,17 @@ int main(int argc, char *argv[]) { exit(-1); } if (hydra_brains.countlogin > MAX_LINES / 2) { - fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %" hPRIu64 " entries.\n", MAX_LINES / 2, hydra_brains.countlogin); + fprintf(stderr, + "[ERROR] Maximum number of colon file entries is %d, this file " + "has %" hPRIu64 " entries.\n", + MAX_LINES / 2, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES / 2) { - fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %" hPRIu64 " bytes.\n", MAX_BYTES / 2, (uint64_t) hydra_brains.sizelogin); + fprintf(stderr, + "[ERROR] Maximum size of the colon file is %d, this file has " + "%" hPRIu64 " bytes.\n", + MAX_BYTES / 2, (uint64_t)hydra_brains.sizelogin); exit(-1); } csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); @@ -3341,8 +3473,10 @@ int main(int argc, char *argv[]) { bail("Could not allocate enough memory for colon file data"); memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); fill_mem(csv_ptr, cfp, 1); - //printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); - //hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); + // printf("count: %d, size: %d\n", hydra_brains.countlogin, + // hydra_brains.sizelogin); hydra_dump_data(csv_ptr, + // hydra_brains.sizelogin + // + hydra_brains.countlogin + 8, "colon data"); hydra_brains.countpass = 1; pass_ptr = login_ptr = csv_ptr; while (*pass_ptr != 0) @@ -3357,7 +3491,13 @@ int main(int argc, char *argv[]) { } free(memcheck); if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { - fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, %s\n", ignore_restore == 1 ? "ignored ..." : "you have 10 seconds to abort... (use option -I to skip waiting)", RESTOREFILE); + fprintf(stderr, + "[WARNING] Restorefile (%s) from a previous session found, to " + "prevent overwriting, %s\n", + ignore_restore == 1 ? "ignored ..." + : "you have 10 seconds to abort... (use " + "option -I to skip waiting)", + RESTOREFILE); if (ignore_restore != 1) sleep(10); fclose(rfp); @@ -3373,17 +3513,24 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] File for targets is empty: %s\n", hydra_options.infile_ptr); exit(-1); } - // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); - hydra_targets = malloc(sizeof(hydra_target*) * (countservers + 2) + 8); + // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not + // working correctly at the moment for target lists > 60!\n"); + hydra_targets = malloc(sizeof(hydra_target *) * (countservers + 2) + 8); if (hydra_targets == NULL) bail("Could not allocate enough memory for target data"); sizeinfile = size_of_data; if (countinfile > MAX_LINES / 1000) { - fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int32_t) countinfile); + fprintf(stderr, + "[ERROR] Maximum number of target file entries is %d, this " + "file has %d entries.\n", + MAX_LINES / 1000, (int32_t)countinfile); exit(-1); } if (sizeinfile > MAX_BYTES / 1000) { - fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int32_t) sizeinfile); + fprintf(stderr, + "[ERROR] Maximum size of the server file is %d, this file has " + "%d bytes.\n", + MAX_BYTES / 1000, (int32_t)sizeinfile); exit(-1); } if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) @@ -3421,72 +3568,75 @@ int main(int argc, char *argv[]) { fprintf(stderr, "Error: no target server given, nor -M option used\n"); exit(-1); } else if (index(hydra_options.server, '/') != NULL) { - if (cmdlinetarget == NULL) - bail("You seem to mix up \"service://target:port/options\" syntax with \"target service options\" syntax. Read the README on how to use hydra correctly!"); - if (strstr(cmdlinetarget, "://") != NULL) { - tmpptr = index(hydra_options.server, '/'); - if (tmpptr != NULL) - *tmpptr = 0; - countservers = hydra_brains.targets = 1; - hydra_targets = malloc(sizeof(hydra_target*) * 4); - hydra_targets[0] = malloc(sizeof(hydra_target)); - memset(hydra_targets[0], 0, sizeof(hydra_target)); - hydra_targets[0]->target = servers_ptr = hydra_options.server; - hydra_targets[0]->port = hydra_options.port; - sizeservers = strlen(hydra_options.server) + 1; - } else { - /* CIDR notation on command line, e.g. 192.168.0.0/24 */ - uint32_t four_from, four_to, addr_cur, addr_cur2, k, l; - in_addr_t addr4; - struct sockaddr_in target; + if (cmdlinetarget == NULL) + bail("You seem to mix up \"service://target:port/options\" syntax with " + "\"target service options\" syntax. Read the README on how to use " + "hydra correctly!"); + if (strstr(cmdlinetarget, "://") != NULL) { + tmpptr = index(hydra_options.server, '/'); + if (tmpptr != NULL) + *tmpptr = 0; + countservers = hydra_brains.targets = 1; + hydra_targets = malloc(sizeof(hydra_target *) * 4); + hydra_targets[0] = malloc(sizeof(hydra_target)); + memset(hydra_targets[0], 0, sizeof(hydra_target)); + hydra_targets[0]->target = servers_ptr = hydra_options.server; + hydra_targets[0]->port = hydra_options.port; + sizeservers = strlen(hydra_options.server) + 1; + } else { + /* CIDR notation on command line, e.g. 192.168.0.0/24 */ + uint32_t four_from, four_to, addr_cur, addr_cur2, k, l; + in_addr_t addr4; + struct sockaddr_in target; - hydra_options.cidr = 1; - do_retry = 0; - if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { - fprintf(stderr, "Error: can not allocate memory\n"); - exit(-1); + hydra_options.cidr = 1; + do_retry = 0; + if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { + fprintf(stderr, "Error: can not allocate memory\n"); + exit(-1); + } + strcpy(tmpptr, hydra_options.server); + tmpptr2 = index(tmpptr, '/'); + *tmpptr2++ = 0; + if ((k = atoi(tmpptr2)) < 16 || k > 31) { + fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); + exit(-1); + } + if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { + fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); + exit(-1); + } + free(tmpptr); + l = 1 << (32 - k); + l--; + four_to = (addr4 | l); + l = 0xffffffff - l; + four_from = (addr4 & l); + l = 1 << (32 - k); + hydra_brains.targets = countservers = l; + hydra_targets = (hydra_target **)malloc(sizeof(hydra_target *) * (l + 2) + 8); + if (hydra_targets == NULL) + bail("Could not allocate enough memory for target data"); + i = 0; + addr_cur = four_from; + while (addr_cur <= four_to && i < l) { + hydra_targets[i] = malloc(sizeof(hydra_target)); + memset(hydra_targets[i], 0, sizeof(hydra_target)); + addr_cur2 = htonl(addr_cur); + memcpy(&target.sin_addr.s_addr, (char *)&addr_cur2, 4); + hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr)target.sin_addr)); + hydra_targets[i]->port = hydra_options.port; + addr_cur++; + i++; + } + if (verbose) + printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); + printf("[WARNING] The CIDR attack mode is still beta. Please report " + "issues.\n"); } - strcpy(tmpptr, hydra_options.server); - tmpptr2 = index(tmpptr, '/'); - *tmpptr2++ = 0; - if ((k = atoi(tmpptr2)) < 16 || k > 31) { - fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); - exit(-1); - } - if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { - fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); - exit(-1); - } - free(tmpptr); - l = 1 << (32 - k); - l--; - four_to = (addr4 | l); - l = 0xffffffff - l; - four_from = (addr4 & l); - l = 1 << (32 - k); - hydra_brains.targets = countservers = l; - hydra_targets = (hydra_target**)malloc(sizeof(hydra_target*) * (l + 2) + 8); - if (hydra_targets == NULL) - bail("Could not allocate enough memory for target data"); - i = 0; - addr_cur = four_from; - while (addr_cur <= four_to && i < l) { - hydra_targets[i] = malloc(sizeof(hydra_target)); - memset(hydra_targets[i], 0, sizeof(hydra_target)); - addr_cur2 = htonl(addr_cur); - memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4); - hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); - hydra_targets[i]->port = hydra_options.port; - addr_cur++; - i++; - } - if (verbose) - printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); - printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); - } - } else { // standard: single target on command line + } else { // standard: single target on command line countservers = hydra_brains.targets = 1; - hydra_targets = malloc(sizeof(hydra_target*) * 4); + hydra_targets = malloc(sizeof(hydra_target *) * 4); hydra_targets[0] = malloc(sizeof(hydra_target)); memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; @@ -3508,7 +3658,7 @@ int main(int argc, char *argv[]) { hydra_targets[i]->pass_state = 3; } } - } // END OF restore == 0 + } // END OF restore == 0 // PROXY PROCESSING if (getenv("HYDRA_PROXY") && use_proxy == 0) { @@ -3520,13 +3670,18 @@ int main(int argc, char *argv[]) { if (use_proxy == 2) proxy_string = getenv("HYDRA_PROXY"); if (use_proxy && getenv("HYDRA_PROXY_AUTH") != NULL) - fprintf(stderr, "[WARNING] environment variable HYDRA_PROXY_AUTH is deprecated, use authentication in the HYDRA_PROXY definitions, e.g. type://auth@target:port\n"); + fprintf(stderr, "[WARNING] environment variable HYDRA_PROXY_AUTH is " + "deprecated, use authentication in the HYDRA_PROXY " + "definitions, e.g. type://auth@target:port\n"); if (use_proxy && proxy_string != NULL) { if (strstr(proxy_string, "://") != NULL) { process_proxy_line(use_proxy, proxy_string); } else { if ((proxyfp = fopen(proxy_string, "r")) == NULL) { - fprintf(stderr, "[ERROR] proxy definition %s is neither of the kind type://auth@target:port nor a file containing proxy entries!\n", proxy_string); + fprintf(stderr, + "[ERROR] proxy definition %s is neither of the kind " + "type://auth@target:port nor a file containing proxy entries!\n", + proxy_string); exit(-1); } while (fgets(buf, sizeof(buf), proxyfp) != NULL) @@ -3556,12 +3711,14 @@ int main(int argc, char *argv[]) { bail("No login/password combination given!"); if (hydra_brains.todo < hydra_options.tasks) { if (verbose && hydra_options.tasks != TASKS) - printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %" hPRIu64 "\n", hydra_brains.todo); + printf("[VERBOSE] More tasks defined than login/pass pairs exist. " + "Tasks reduced to %" hPRIu64 "\n", + hydra_brains.todo); hydra_options.tasks = hydra_brains.todo; } } - if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T + if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; if (hydra_options.max_use > MAXTASKS) @@ -3570,10 +3727,13 @@ int main(int argc, char *argv[]) { if ((hydra_options.tasks == TASKS || hydra_options.tasks <= 8) && hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) hydra_options.tasks = 1; - //fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks); + // fprintf(stderr, "[WARNING] More tasks defined per server than allowed for + // maximal connections. Tasks per server reduced to %d.\n", + // hydra_options.tasks); } else { if (hydra_options.tasks > MAXTASKS) { - //fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); + // fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", + // MAXTASKS); hydra_options.tasks = MAXTASKS; } } @@ -3591,16 +3751,10 @@ int main(int argc, char *argv[]) { if (hydra_options.ssl) options = options | OPTION_SSL; - printf("[DATA] max %d task%s per %d server%s, overall %d task%s, %" hPRIu64 " login tr", - hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", - hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", - hydra_options.max_use, hydra_options.max_use == 1 ? "" : "s", - hydra_brains.todo); + printf("[DATA] max %d task%s per %d server%s, overall %d task%s, %" hPRIu64 " login tr", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_options.max_use == 1 ? "" : "s", hydra_brains.todo); printf("%s", hydra_brains.todo == 1 ? "y" : "ies"); if (hydra_options.colonfile == NULL) { - printf(" (l:%" hPRIu64 "/p:%" hPRIu64 "), ~%" hPRIu64 " tr", - (uint64_t) hydra_brains.countlogin, (uint64_t) hydra_brains.countpass, - math2); + printf(" (l:%" hPRIu64 "/p:%" hPRIu64 "), ~%" hPRIu64 " tr", (uint64_t)hydra_brains.countlogin, (uint64_t)hydra_brains.countpass, math2); } else { printf(", ~%" hPRIu64 " tr", math2); } @@ -3610,7 +3764,7 @@ int main(int argc, char *argv[]) { if (hydra_brains.targets == 1) { if (index(hydra_targets[0]->target, ':') == NULL) { printf("[DATA] attacking %s%s://%s:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target); - printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); + printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); } else { printf("[DATA] attacking %s%s://[%s]:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target); printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); @@ -3619,14 +3773,16 @@ int main(int argc, char *argv[]) { printf("[DATA] attacking %s%s://(%d targets):", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_brains.targets); printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); } - //service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); -// if (hydra_options.miscptr != NULL && hydra_options.miscptr[0] != 0) -// printf("[DATA] with additional data %s\n", hydra_options.miscptr); + // service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl + // == 1 ? " with SSL" : ""); + // if (hydra_options.miscptr != NULL && hydra_options.miscptr[0] != 0) + // printf("[DATA] with additional data %s\n", hydra_options.miscptr); if (hydra_options.outfile_ptr != NULL) { - char outfile_open_type[] = "a+"; //Default open in a+ mode + char outfile_open_type[] = "a+"; // Default open in a+ mode if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.restore != 1) { - outfile_open_type[0] = 'w'; //Creat new outfile, if using JSON output and not using -R. The open mode should be "w+". + outfile_open_type[0] = 'w'; // Creat new outfile, if using JSON output and + // not using -R. The open mode should be "w+". } if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, outfile_open_type)) == NULL) { perror("[ERROR] Error creating outputfile"); @@ -3634,22 +3790,22 @@ int main(int argc, char *argv[]) { } if (hydra_options.outfile_format == FORMAT_JSONV1) { if (hydra_options.restore != 1) { // No JSON head while using -R - fprintf(hydra_brains.ofp, "{ \"generator\": {\n" - "\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n" - "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": \"1.00\",\n" - "\t\"commandline\": \"%s", - PROGRAM, VERSION, hydra_build_time(), - hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + fprintf(hydra_brains.ofp, + "{ \"generator\": {\n" + "\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n" + "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": " + "\"1.00\",\n" + "\t\"commandline\": \"%s", + PROGRAM, VERSION, hydra_build_time(), hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); for (i = 1; i < argc; i++) { - char *t = hydra_string_replace(argv[i],"\"","\\\""); + char *t = hydra_string_replace(argv[i], "\"", "\\\""); fprintf(hydra_brains.ofp, " %s", t); free(t); } fprintf(hydra_brains.ofp, "\"\n\t},\n\"results\": ["); } } else { // else default is plain text aka == 0 - fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), - hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); for (i = 1; i < argc; i++) fprintf(hydra_brains.ofp, " %s", argv[i]); fprintf(hydra_brains.ofp, ")\n"); @@ -3698,30 +3854,36 @@ int main(int argc, char *argv[]) { #ifdef AF_INET6 if (p->ai_family == AF_INET6) { if (ipv6 == NULL) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; + ipv6 = (struct sockaddr_in6 *)p->ai_addr; } else #endif - if (p->ai_family == AF_INET) { + if (p->ai_family == AF_INET) { if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; + ipv4 = (struct sockaddr_in *)p->ai_addr; } } #ifdef AF_INET6 if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { // IPV6 FIXME if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { - fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", + fprintf(stderr, + "[ERROR] Target %s resolves to an IPv6 address, however " + "module %s does not support this. Maybe try \"-4\" option. " + "Sending in patches helps.\n", hydra_targets[i]->target, hydra_options.service); hydra_targets[i]->done = TARGET_UNRESOLVED; hydra_brains.finished++; } else { hydra_targets[i]->ip[0] = 16; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); + memcpy(&hydra_targets[i]->ip[1], (char *)&ipv6->sin6_addr, 16); if (device != NULL && strlen(device) <= 16) strcpy(&hydra_targets[i]->ip[17], device); if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { if (device == NULL) { - fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", + fprintf(stderr, + "[ERROR] The target %s address is a link local address, " + "link local addresses require the interface being " + "defined like this: fe80::1%%eth0\n", hydra_targets[i]->target); exit(-1); } @@ -3729,9 +3891,9 @@ int main(int argc, char *argv[]) { } } else #endif - if (ipv4 != NULL) { + if (ipv4 != NULL) { hydra_targets[i]->ip[0] = 4; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); + memcpy(&hydra_targets[i]->ip[1], (char *)&ipv4->sin_addr, 4); } else { if (verbose) printf("[failed for %s] ", hydra_targets[i]->target); @@ -3745,7 +3907,8 @@ int main(int argc, char *argv[]) { // restore device information if present if (device != NULL) { *(device - 1) = '%'; - fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 link local addresses, e.g. SSH does not\n"); + fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 " + "link local addresses, e.g. SSH does not\n"); } } if (verbose) @@ -3755,12 +3918,16 @@ int main(int argc, char *argv[]) { #ifndef SO_BINDTODEVICE if (device != NULL) { - fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); + fprintf(stderr, + "[ERROR] your operating system does not support SO_BINDTODEVICE or " + "IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the " + "interface %s!\n", + device); } #endif if (hydra_options.restore == 0) { - hydra_heads = malloc(sizeof(hydra_head*) * hydra_options.max_use); + hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); target_no = 0; for (i = 0; i < hydra_options.max_use; i++) { hydra_heads[i] = malloc(sizeof(hydra_head)); @@ -3770,7 +3937,8 @@ int main(int argc, char *argv[]) { // here we call the init function of the relevant service module // should we do the init centrally or should each child do that? // that depends largely on the number of targets and maximum tasks - // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) + // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && + // hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) for (i = 0; i < hydra_brains.targets; i++) hydra_service_init(i); @@ -3779,11 +3947,12 @@ int main(int argc, char *argv[]) { fflush(stderr); fflush(hydra_brains.ofp); - #if OPENSSL_VERSION_NUMBER >= 0x10100000L if (hydra_options.ssl) { fprintf(stderr, "[WARNING] *****************************************************\n"); - fprintf(stderr, "[WARNING] OPENSSL v1.1 development changes are active - modules SMB, SNMP, RDP, ORACLE LISTENER and SSL in general might not work properly! Please test and report to vh@thc.org.\n"); + fprintf(stderr, "[WARNING] OPENSSL v1.1 development changes are active - modules " + "SMB, SNMP, RDP, ORACLE LISTENER and SSL in general might not work " + "properly! Please test and report to vh@thc.org.\n"); fprintf(stderr, "[WARNING] *****************************************************\n"); } #endif @@ -3791,7 +3960,8 @@ int main(int argc, char *argv[]) { hydra_debug(0, "attack"); process_restore = 1; - // this is the big function which starts the attacking children, feeds login/password pairs, etc.! + // this is the big function which starts the attacking children, feeds + // login/password pairs, etc.! while (exit_condition == 0) { memset(&fdreadheads, 0, sizeof(fdreadheads)); max_fd = 0; @@ -3825,10 +3995,12 @@ int main(int argc, char *argv[]) { printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); if (hydra_heads[head_no]->target_no < 0) { if (debug) - printf("[DEBUG] hydra_select_target() reports no more targets left\n"); + printf("[DEBUG] hydra_select_target() reports no more targets " + "left\n"); hydra_kill_head(head_no, 0, 3); } else - hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 + hydra_spawn_head(head_no, + hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 } break; case HEAD_ACTIVE: @@ -3836,7 +4008,7 @@ int main(int argc, char *argv[]) { do_switch = 1; if (hydra_options.time_next_attempt > 0) { if (last_attempt + hydra_options.time_next_attempt >= time(NULL)) { - if (recv(hydra_heads[head_no]->sp[0], &rc, 1, MSG_PEEK) == 1 && (rc == 'N' || rc == 'n')) + if (recv(hydra_heads[head_no]->sp[0], &rc, 1, MSG_PEEK) == 1 && (rc == 'N' || rc == 'n')) do_switch = 0; } else last_attempt = time(NULL); @@ -3850,86 +4022,81 @@ int main(int argc, char *argv[]) { printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); switch (rc) { // Valid Results: - // n - mother says to itself that child requests next login/password pair - // N - child requests next login/password pair - // Q - child reports that it is quitting - // C - child reports connect error (and is quitting) - // E - child reports protocol error (and is quitting) - // f - child reports that the username does not exist - // F - child reports that it found a valid login/password pair - // and requests next pair. Sends login/pw pair with next msg! - case 'N': // head wants next pair + // n - mother says to itself that child requests next + // login/password pair N - child requests next login/password + // pair Q - child reports that it is quitting C - child reports + // connect error (and is quitting) E - child reports protocol + // error (and is quitting) f - child reports that the username + // does not exist F - child reports that it found a valid + // login/password pair + // and requests next pair. Sends login/pw pair with next + // msg! + case 'N': // head wants next pair hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; // no break here - case 'n': // mother sends this to itself initially + case 'n': // mother sends this to itself initially loop_cnt = 0; if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) hydra_kill_head(head_no, 1, 0); break; - - case 'F': // valid password found + + case 'F': // valid password found hydra_brains.found++; if (colored_output) { if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target); + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, - hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, - hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", - hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: " + "\e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } else { if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target); + printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); else - printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else - printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { - fprintf(hydra_brains.ofp, "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": \"%s\", \"login\": \"%s\", \"password\": \"%s\"}", - hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding - hydra_targets[hydra_heads[head_no]->target_no]->port, - hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target !=NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", - hydra_heads[head_no]->current_login_ptr !=NULL ? hydra_string_replace(hydra_heads[head_no]->current_login_ptr,"\"","\\\"") : "", - hydra_heads[head_no]->current_pass_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_pass_ptr,"\"","\\\"") : "" - ); + fprintf(hydra_brains.ofp, + "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": " + "\"%s\", \"login\": \"%s\", \"password\": \"%s\"}", + hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target != NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", hydra_heads[head_no]->current_login_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_login_ptr, "\"", "\\\"") : "", hydra_heads[head_no]->current_pass_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_pass_ptr, "\"", "\\\"") : ""); fflush(hydra_brains.ofp); - } else if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { // else output format == 0 aka text + } else if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { // else output format == 0 aka text if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target); + fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); fflush(hydra_brains.ofp); } - if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found + if (hydra_options.exit_found) { // option set says quit target after on + // valid login/pass pair is found if (hydra_targets[hydra_heads[head_no]->target_no]->done == TARGET_ACTIVE) { - hydra_targets[hydra_heads[head_no]->target_no]->done = TARGET_FINISHED; // mark target as done + hydra_targets[hydra_heads[head_no]->target_no]->done = TARGET_FINISHED; // mark target as done hydra_brains.finished++; printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); } @@ -3938,7 +4105,7 @@ int main(int argc, char *argv[]) { if (hydra_targets[j]->done == TARGET_ACTIVE) { hydra_targets[j]->done = TARGET_FINISHED; hydra_brains.finished++; - } + } } for (j = 0; j < hydra_options.max_use; j++) if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { @@ -3950,7 +4117,7 @@ int main(int argc, char *argv[]) { continue; } // fall through - case 'f': // username identified as invalid + case 'f': // username identified as invalid hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; @@ -3959,34 +4126,40 @@ int main(int argc, char *argv[]) { hydra_skip_user(hydra_heads[head_no]->target_no, buf); fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack break; - + // we do not make a difference between 'C' and 'E' results - yet - case 'E': // head reports protocol error - case 'C': // head reports connect error + case 'E': // head reports protocol error + case 'C': // head reports connect error fck = write(hydra_heads[head_no]->sp[0], "Q", 1); if (debug) { - printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %" hPRIu64 " of %" hPRIu64 "\n", - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass " + "\"%s\" - child %d - %" hPRIu64 " of %" hPRIu64 "\n", + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); } hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); break; - case 'Q': // head reports its quitting + case 'Q': // head reports its quitting fck = write(hydra_heads[head_no]->sp[0], "Q", 1); if (debug) printf("[DEBUG] child %d reported it quit\n", head_no); hydra_kill_head(head_no, 1, 0); break; - + default: - fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); + fprintf(stderr, + "[ERROR] child %d sent nonsense data, killing and " + "restarting it!\n", + head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } // end switch - } // readres + } // readres if (readres == -1) { if (verbose) - fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); + fprintf(stderr, + "[WARNING] child %d seems to have died, restarting " + "(this only happens if a module is bad) ... \n", + head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } // end do_switch @@ -3996,11 +4169,15 @@ int main(int argc, char *argv[]) { if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { if (kill(hydra_heads[head_no]->pid, 0) < 0) { if (verbose) - fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); + fprintf(stderr, + "[WARNING] child %d seems to be dead, restarting it " + "...\n", + head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } - // if we do not get to hear anything for a longer time assume its dead + // if we do not get to hear anything for a longer time assume its + // dead if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { if (verbose) fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); @@ -4014,10 +4191,11 @@ int main(int argc, char *argv[]) { hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } - //if (debug) printf("DEBUG: bug hunt: %lu %lu\n", hydra_brains.todo_all, hydra_brains.sent); + // if (debug) printf("DEBUG: bug hunt: %lu %lu\n", hydra_brains.todo_all, + // hydra_brains.sent); usleepn(USLEEP_LOOP); - (void) wait3(NULL, WNOHANG, NULL); + (void)wait3(NULL, WNOHANG, NULL); // write restore file and report status if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { hydra_restore_write(0); @@ -4044,15 +4222,14 @@ int main(int argc, char *argv[]) { for (j = 0; j < hydra_options.max_use; j++) if (hydra_heads[j]->active >= HEAD_UNUSED) k++; - printf("[STATUS] %.2f tries/min, %" hPRIu64 " tries in %02" hPRIu64 ":%02" hPRIu64 "h, %" hPRIu64 " to do in %02" hPRIu64 ":%02" hPRIu64 "h, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min - hydra_brains.sent, // tries - (uint64_t) ((elapsed_status - starttime) / 3600), // hours - (uint64_t) (((elapsed_status - starttime) % 3600) / 60), // minutes - (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent != 0 ? (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent : 1, // left todo - (uint64_t) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) / 3600, // hours - (((uint64_t) (((double) (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) % 3600) / 60) + 1, // min + printf("[STATUS] %.2f tries/min, %" hPRIu64 " tries in %02" hPRIu64 ":%02" hPRIu64 "h, %" hPRIu64 " to do in %02" hPRIu64 ":%02" hPRIu64 "h, %d active\n", + (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + hydra_brains.sent, // tries + (uint64_t)((elapsed_status - starttime) / 3600), // hours + (uint64_t)(((elapsed_status - starttime) % 3600) / 60), // minutes + (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent != 0 ? (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent : 1, // left todo + (uint64_t)(((double)(hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double)hydra_brains.sent / (elapsed_status - starttime))) / 3600, // hours + (((uint64_t)(((double)(hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double)hydra_brains.sent / (elapsed_status - starttime))) % 3600) / 60) + 1, // min k); hydra_debug(0, "STATUS"); } @@ -4089,9 +4266,7 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); } - printf("%d of %d target%s%scompleted, %" hPRIu64 " valid password", - hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", - hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found); + printf("%d of %d target%s%scompleted, %" hPRIu64 " valid password", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found); printf("%s", hydra_brains.found < 2 ? "" : "s"); printf(" found\n"); @@ -4106,10 +4281,14 @@ int main(int argc, char *argv[]) { unlink(RESTOREFILE); } else { if (hydra_options.cidr == 0 && k == 0) { - printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); + printf("[INFO] Writing restore file because %d server scan%s could not " + "be completed\n", + j + error, j + error == 1 ? "" : "s"); hydra_restore_write(1); } else if (k > 0) { - printf("[WARNING] Writing restore file because %d final worker threads did not complete until end.\n", k); + printf("[WARNING] Writing restore file because %d final worker threads " + "did not complete until end.\n", + k); hydra_restore_write(1); } } @@ -4119,49 +4298,51 @@ int main(int argc, char *argv[]) { for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i]->active == HEAD_ACTIVE && hydra_heads[i]->pid > 0) hydra_kill_head(i, 1, 3); - (void) wait3(NULL, WNOHANG, NULL); + (void)wait3(NULL, WNOHANG, NULL); -#define STRMAX (10*1024) - char json_error[STRMAX+2], tmp_str[STRMAX+2]; - memset(json_error, 0, STRMAX+2); - memset(tmp_str, 0, STRMAX+2); +#define STRMAX (10 * 1024) + char json_error[STRMAX + 2], tmp_str[STRMAX + 2]; + memset(json_error, 0, STRMAX + 2); + memset(tmp_str, 0, STRMAX + 2); if (error) { snprintf(tmp_str, STRMAX, "[ERROR] %d target%s disabled because of too many errors", error, error == 1 ? " was" : "s were"); fprintf(stderr, "%s\n", tmp_str); - strncat(json_error,"\"",STRMAX); - strncat(json_error,tmp_str,STRMAX); - strncat(json_error,"\"",STRMAX); + strncat(json_error, "\"", STRMAX); + strncat(json_error, tmp_str, STRMAX); + strncat(json_error, "\"", STRMAX); error = 1; } if (k) { snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not resolve or could not be connected", k, k == 1 ? "" : "s"); fprintf(stderr, "%s\n", tmp_str); if (*json_error) { - strncat(json_error,", ", STRMAX); + strncat(json_error, ", ", STRMAX); } - strncat(json_error,"\"",STRMAX); - strncat(json_error,tmp_str,STRMAX); - strncat(json_error,"\"",STRMAX); + strncat(json_error, "\"", STRMAX); + strncat(json_error, tmp_str, STRMAX); + strncat(json_error, "\"", STRMAX); error = 1; } if (error) { snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not complete", j, j < 1 ? "" : "s"); fprintf(stderr, "%s\n", tmp_str); if (*json_error) { - strncat(json_error,", ", STRMAX); + strncat(json_error, ", ", STRMAX); } - strncat(json_error,"\"",STRMAX); - strncat(json_error,tmp_str,STRMAX); - strncat(json_error,"\"",STRMAX); + strncat(json_error, "\"", STRMAX); + strncat(json_error, tmp_str, STRMAX); + strncat(json_error, "\"", STRMAX); error = 1; } // yeah we did it printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { if (hydra_options.outfile_format == FORMAT_JSONV1) { - fprintf(hydra_brains.ofp, "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s ],\n\"quantityfound\": %" hPRIu64 " }\n", + fprintf(hydra_brains.ofp, + "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s " + "],\n\"quantityfound\": %" hPRIu64 " }\n", (error ? "false" : "true"), json_error, hydra_brains.found); - } + } fclose(hydra_brains.ofp); } diff --git a/hydra.h b/hydra.h index dc158ec..53b52d5 100644 --- a/hydra.h +++ b/hydra.h @@ -2,200 +2,186 @@ #include #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) || defined(__APPLE__) - #include +#include #else - #include +#include #endif #if defined(_INTTYPES_H) || defined(__CLANG_INTTYPES_H) - #define hPRIu64 PRIu64 +#define hPRIu64 PRIu64 #else - #define hPRIu64 "lu" +#define hPRIu64 "lu" #endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include +#include +#include +#include #include #include -#include -#include -#include +#include +#include +#include +#include +#include #include +#include +#include +#include +#include #include -#include +#include +#include #ifdef HAVE_OPENSSL - #define HYDRA_SSL +#define HYDRA_SSL #endif #ifdef HAVE_SSL - #ifndef HYDRA_SSL - #define HYDRA_SSL - #endif +#ifndef HYDRA_SSL +#define HYDRA_SSL +#endif #endif #ifdef LIBSSH - #include +#include #endif #ifdef HAVE_ZLIB - #include +#include #endif #define OPTION_SSL 1 #ifdef LIBOPENSSL - #ifndef NO_RSA_LEGACY - #if OPENSSL_VERSION_NUMBER >= 0x10100000L - #define NO_RSA_LEGACY - #endif - #endif +#ifndef NO_RSA_LEGACY +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#define NO_RSA_LEGACY +#endif +#endif #endif -#define PORT_NOPORT -1 -#define PORT_FTP 21 -#define PORT_FTP_SSL 990 -#define PORT_TELNET 23 -#define PORT_TELNET_SSL 992 -#define PORT_HTTP 80 -#define PORT_HTTP_SSL 443 +#define PORT_NOPORT -1 +#define PORT_FTP 21 +#define PORT_FTP_SSL 990 +#define PORT_TELNET 23 +#define PORT_TELNET_SSL 992 +#define PORT_HTTP 80 +#define PORT_HTTP_SSL 443 #define PORT_HTTP_PROXY 3128 #define PORT_HTTP_PROXY_SSL 3128 -#define PORT_POP3 110 -#define PORT_POP3_SSL 995 -#define PORT_NNTP 119 -#define PORT_NNTP_SSL 563 -#define PORT_SMB 139 -#define PORT_SMB_SSL 139 -#define PORT_SMBNT 445 -#define PORT_SMBNT_SSL 445 -#define PORT_IMAP 143 -#define PORT_IMAP_SSL 993 -#define PORT_LDAP 389 -#define PORT_LDAP_SSL 636 -#define PORT_REXEC 512 -#define PORT_REXEC_SSL 512 -#define PORT_RLOGIN 513 -#define PORT_RLOGIN_SSL 513 -#define PORT_RSH 514 -#define PORT_RSH_SSL 514 -#define PORT_SOCKS5 1080 +#define PORT_POP3 110 +#define PORT_POP3_SSL 995 +#define PORT_NNTP 119 +#define PORT_NNTP_SSL 563 +#define PORT_SMB 139 +#define PORT_SMB_SSL 139 +#define PORT_SMBNT 445 +#define PORT_SMBNT_SSL 445 +#define PORT_IMAP 143 +#define PORT_IMAP_SSL 993 +#define PORT_LDAP 389 +#define PORT_LDAP_SSL 636 +#define PORT_REXEC 512 +#define PORT_REXEC_SSL 512 +#define PORT_RLOGIN 513 +#define PORT_RLOGIN_SSL 513 +#define PORT_RSH 514 +#define PORT_RSH_SSL 514 +#define PORT_SOCKS5 1080 #define PORT_SOCKS5_SSL 1080 -#define PORT_ICQ 4000 -#define PORT_ICQ_SSL -1 -#define PORT_VNC 5900 -#define PORT_VNC_SSL 5901 -#define PORT_PCNFS 0 -#define PORT_PCNFS_SSL -1 -#define PORT_MYSQL 3306 -#define PORT_MYSQL_SSL 3306 -#define PORT_MSSQL 1433 -#define PORT_MSSQL_SSL 1433 -#define PORT_POSTGRES 5432 +#define PORT_ICQ 4000 +#define PORT_ICQ_SSL -1 +#define PORT_VNC 5900 +#define PORT_VNC_SSL 5901 +#define PORT_PCNFS 0 +#define PORT_PCNFS_SSL -1 +#define PORT_MYSQL 3306 +#define PORT_MYSQL_SSL 3306 +#define PORT_MSSQL 1433 +#define PORT_MSSQL_SSL 1433 +#define PORT_POSTGRES 5432 #define PORT_POSTGRES_SSL 5432 -#define PORT_ORACLE 1521 +#define PORT_ORACLE 1521 #define PORT_ORACLE_SSL 1521 #define PORT_PCANYWHERE 5631 #define PORT_PCANYWHERE_SSL 5631 -#define PORT_ADAM6500 502 -#define PORT_ADAM6500_SSL 502 -#define PORT_SAPR3 -1 -#define PORT_SAPR3_SSL -1 -#define PORT_SSH 22 -#define PORT_SSH_SSL 22 -#define PORT_SNMP 161 -#define PORT_SNMP_SSL 1993 -#define PORT_CVS 2401 -#define PORT_CVS_SSL 2401 -#define PORT_FIREBIRD 3050 +#define PORT_ADAM6500 502 +#define PORT_ADAM6500_SSL 502 +#define PORT_SAPR3 -1 +#define PORT_SAPR3_SSL -1 +#define PORT_SSH 22 +#define PORT_SSH_SSL 22 +#define PORT_SNMP 161 +#define PORT_SNMP_SSL 1993 +#define PORT_CVS 2401 +#define PORT_CVS_SSL 2401 +#define PORT_FIREBIRD 3050 #define PORT_FIREBIRD_SSL 3050 -#define PORT_AFP 548 -#define PORT_AFP_SSL 548 -#define PORT_NCP 524 -#define PORT_NCP_SSL 524 -#define PORT_SVN 3690 -#define PORT_SVN_SSL 3690 -#define PORT_SMTP 25 +#define PORT_AFP 548 +#define PORT_AFP_SSL 548 +#define PORT_NCP 524 +#define PORT_NCP_SSL 524 +#define PORT_SVN 3690 +#define PORT_SVN_SSL 3690 +#define PORT_SMTP 25 #define PORT_SMTP_SSL 465 -#define PORT_TEAMSPEAK 8767 +#define PORT_TEAMSPEAK 8767 #define PORT_TEAMSPEAK_SSL 8767 -#define PORT_SIP 5060 -#define PORT_SIP_SSL 5061 -#define PORT_VMAUTHD 902 -#define PORT_VMAUTHD_SSL 902 -#define PORT_XMPP 5222 -#define PORT_XMPP_SSL 5223 -#define PORT_IRC 6667 -#define PORT_IRC_SSL 6697 -#define PORT_RDP 3389 -#define PORT_RDP_SSL 3389 -#define PORT_ASTERISK 5038 -#define PORT_ASTERISK_SSL 5038 -#define PORT_S7_300 102 -#define PORT_S7_300_SSL 102 -#define PORT_REDIS 6379 -#define PORT_REDIS_SSL 6379 -#define PORT_RTSP 554 -#define PORT_RTSP_SSL 554 -#define PORT_RPCAP 2002 -#define PORT_RPCAP_SSL 2002 -#define PORT_RADMIN2 4899 -#define PORT_MCACHED 11211 -#define PORT_MCACHED_SSL 11211 -#define PORT_MONGODB 27017 +#define PORT_SIP 5060 +#define PORT_SIP_SSL 5061 +#define PORT_VMAUTHD 902 +#define PORT_VMAUTHD_SSL 902 +#define PORT_XMPP 5222 +#define PORT_XMPP_SSL 5223 +#define PORT_IRC 6667 +#define PORT_IRC_SSL 6697 +#define PORT_RDP 3389 +#define PORT_RDP_SSL 3389 +#define PORT_ASTERISK 5038 +#define PORT_ASTERISK_SSL 5038 +#define PORT_S7_300 102 +#define PORT_S7_300_SSL 102 +#define PORT_REDIS 6379 +#define PORT_REDIS_SSL 6379 +#define PORT_RTSP 554 +#define PORT_RTSP_SSL 554 +#define PORT_RPCAP 2002 +#define PORT_RPCAP_SSL 2002 +#define PORT_RADMIN2 4899 +#define PORT_MCACHED 11211 +#define PORT_MCACHED_SSL 11211 +#define PORT_MONGODB 27017 #define False 0 -#define True 1 +#define True 1 #ifndef INET_ADDRSTRLEN - #define INET_ADDRSTRLEN 16 +#define INET_ADDRSTRLEN 16 #endif #define MAX_PROXY_COUNT 64 #ifndef _WIN32 - int32_t sleepn(time_t seconds); - int32_t usleepn(uint64_t useconds); +int32_t sleepn(time_t seconds); +int32_t usleepn(uint64_t useconds); #else - int32_t sleepn(uint32_t seconds); - int32_t usleepn(uint32_t useconds); +int32_t sleepn(uint32_t seconds); +int32_t usleepn(uint32_t useconds); #endif -typedef enum { - MODE_PASSWORD_LIST = 1, - MODE_LOGIN_LIST = 2, - MODE_PASSWORD_BRUTE = 4, - MODE_PASSWORD_REVERSE = 8, - MODE_PASSWORD_NULL = 16, - MODE_PASSWORD_SAME = 32, - MODE_COLON_FILE = 64 -} hydra_mode_t; +typedef enum { MODE_PASSWORD_LIST = 1, MODE_LOGIN_LIST = 2, MODE_PASSWORD_BRUTE = 4, MODE_PASSWORD_REVERSE = 8, MODE_PASSWORD_NULL = 16, MODE_PASSWORD_SAME = 32, MODE_COLON_FILE = 64 } hydra_mode_t; -typedef enum { - FORMAT_PLAIN_TEXT, - FORMAT_JSONV1, - FORMAT_JSONV2, - FORMAT_XMLV1 -} output_format_t; +typedef enum { FORMAT_PLAIN_TEXT, FORMAT_JSONV1, FORMAT_JSONV2, FORMAT_XMLV1 } output_format_t; typedef struct { hydra_mode_t mode; - int32_t loop_mode; // valid modes: 0 = password, 1 = user + int32_t loop_mode; // valid modes: 0 = password, 1 = user int32_t ssl; int32_t restore; - int32_t debug; // is external - for restore - int32_t verbose; // is external - for restore + int32_t debug; // is external - for restore + int32_t verbose; // is external - for restore int32_t showAttempt; int32_t tasks; int32_t try_null_password; @@ -213,9 +199,9 @@ typedef struct { char *outfile_ptr; char *infile_ptr; char *colonfile; - int32_t waittime; // is external - for restore - int32_t conwait; // is external - for restore - uint32_t port; // is external - for restore + int32_t waittime; // is external - for restore + int32_t conwait; // is external - for restore + uint32_t port; // is external - for restore char *miscptr; char *server; char *service; diff --git a/libpq-fe.h b/libpq-fe.h index d7cce84..28bf70d 100644 --- a/libpq-fe.h +++ b/libpq-fe.h @@ -35,81 +35,81 @@ extern "C" { /* Application-visible enum types */ - typedef enum { - /* - * Although it is okay to add to this list, values which become unused - * should never be removed, nor should constants be redefined - that - * would break compatibility with existing code. - */ - CONNECTION_OK, - CONNECTION_BAD, - /* Non-blocking mode only below here */ +typedef enum { + /* + * Although it is okay to add to this list, values which become unused + * should never be removed, nor should constants be redefined - that + * would break compatibility with existing code. + */ + CONNECTION_OK, + CONNECTION_BAD, + /* Non-blocking mode only below here */ - /* - * The existence of these should never be relied upon - they should - * only be used for user feedback or similar purposes. - */ - CONNECTION_STARTED, /* Waiting for connection to be made. */ - CONNECTION_MADE, /* Connection OK; waiting to send. */ - CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the - * postmaster. */ - CONNECTION_AUTH_OK, /* Received authentication; waiting for + /* + * The existence of these should never be relied upon - they should + * only be used for user feedback or similar purposes. + */ + CONNECTION_STARTED, /* Waiting for connection to be made. */ + CONNECTION_MADE, /* Connection OK; waiting to send. */ + CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the + * postmaster. */ + CONNECTION_AUTH_OK, /* Received authentication; waiting for * backend startup. */ - CONNECTION_SETENV, /* Negotiating environment. */ - CONNECTION_SSL_STARTUP, /* Negotiating SSL. */ - CONNECTION_NEEDED /* Internal state: connect() needed */ - } ConnStatusType; + CONNECTION_SETENV, /* Negotiating environment. */ + CONNECTION_SSL_STARTUP, /* Negotiating SSL. */ + CONNECTION_NEEDED /* Internal state: connect() needed */ +} ConnStatusType; - typedef enum { - PGRES_POLLING_FAILED = 0, - PGRES_POLLING_READING, /* These two indicate that one may */ - PGRES_POLLING_WRITING, /* use select before polling again. */ - PGRES_POLLING_OK, - PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards - * compatibility */ - } PostgresPollingStatusType; +typedef enum { + PGRES_POLLING_FAILED = 0, + PGRES_POLLING_READING, /* These two indicate that one may */ + PGRES_POLLING_WRITING, /* use select before polling again. */ + PGRES_POLLING_OK, + PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards + * compatibility */ +} PostgresPollingStatusType; - typedef enum { - PGRES_EMPTY_QUERY = 0, /* empty query string was executed */ - PGRES_COMMAND_OK, /* a query command that doesn't return - * anything was executed properly by the - * backend */ - PGRES_TUPLES_OK, /* a query command that returns tuples was - * executed properly by the backend, - * PGresult contains the result tuples */ - PGRES_COPY_OUT, /* Copy Out data transfer in progress */ - PGRES_COPY_IN, /* Copy In data transfer in progress */ - PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from - * the backend */ - PGRES_NONFATAL_ERROR, /* notice or warning message */ - PGRES_FATAL_ERROR /* query failed */ - } ExecStatusType; +typedef enum { + PGRES_EMPTY_QUERY = 0, /* empty query string was executed */ + PGRES_COMMAND_OK, /* a query command that doesn't return + * anything was executed properly by the + * backend */ + PGRES_TUPLES_OK, /* a query command that returns tuples was + * executed properly by the backend, + * PGresult contains the result tuples */ + PGRES_COPY_OUT, /* Copy Out data transfer in progress */ + PGRES_COPY_IN, /* Copy In data transfer in progress */ + PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from + * the backend */ + PGRES_NONFATAL_ERROR, /* notice or warning message */ + PGRES_FATAL_ERROR /* query failed */ +} ExecStatusType; - typedef enum { - PQTRANS_IDLE, /* connection idle */ - PQTRANS_ACTIVE, /* command in progress */ - PQTRANS_INTRANS, /* idle, within transaction block */ - PQTRANS_INERROR, /* idle, within failed transaction */ - PQTRANS_UNKNOWN /* cannot determine status */ - } PGTransactionStatusType; +typedef enum { + PQTRANS_IDLE, /* connection idle */ + PQTRANS_ACTIVE, /* command in progress */ + PQTRANS_INTRANS, /* idle, within transaction block */ + PQTRANS_INERROR, /* idle, within failed transaction */ + PQTRANS_UNKNOWN /* cannot determine status */ +} PGTransactionStatusType; - typedef enum { - PQERRORS_TERSE, /* single-line error messages */ - PQERRORS_DEFAULT, /* recommended style */ - PQERRORS_VERBOSE /* all the facts, ma'am */ - } PGVerbosity; +typedef enum { + PQERRORS_TERSE, /* single-line error messages */ + PQERRORS_DEFAULT, /* recommended style */ + PQERRORS_VERBOSE /* all the facts, ma'am */ +} PGVerbosity; /* PGconn encapsulates a connection to the backend. * The contents of this struct are not supposed to be known to applications. */ - typedef struct pg_conn PGconn; +typedef struct pg_conn PGconn; /* PGresult encapsulates the result of a query (or more precisely, of a single * SQL command --- a query string given to PQsendQuery can contain multiple * commands and thus return multiple PGresult objects). * The contents of this struct are not supposed to be known to applications. */ - typedef struct pg_result PGresult; +typedef struct pg_result PGresult; /* PGnotify represents the occurrence of a NOTIFY message. * Ideally this would be an opaque typedef, but it's so simple that it's @@ -117,33 +117,33 @@ extern "C" { * NOTE: in Postgres 6.4 and later, the be_pid is the notifying backend's, * whereas in earlier versions it was always your own backend's PID. */ - typedef struct pgNotify { - char *relname; /* notification condition name */ - int32_t be_pid; /* process ID of server process */ - char *extra; /* notification parameter */ - } PGnotify; +typedef struct pgNotify { + char *relname; /* notification condition name */ + int32_t be_pid; /* process ID of server process */ + char *extra; /* notification parameter */ +} PGnotify; /* Function types for notice-handling callbacks */ - typedef void (*PQnoticeReceiver) (void *arg, const PGresult * res); - typedef void (*PQnoticeProcessor) (void *arg, const char *message); +typedef void (*PQnoticeReceiver)(void *arg, const PGresult *res); +typedef void (*PQnoticeProcessor)(void *arg, const char *message); /* Print options for PQprint() */ - typedef char pqbool; +typedef char pqbool; - typedef struct _PQprintOpt { - pqbool header; /* print output field headings and row - * count */ - pqbool align; /* fill align the fields */ - pqbool standard; /* old brain dead format */ - pqbool html3; /* output html tables */ - pqbool expanded; /* expand tables */ - pqbool pager; /* use pager for output if needed */ - char *fieldSep; /* field separator */ - char *tableOpt; /* insert to HTML */ - char *caption; /* HTML
*/ - char **fieldName; /* null terminated array of repalcement - * field names */ - } PQprintOpt; +typedef struct _PQprintOpt { + pqbool header; /* print output field headings and row + * count */ + pqbool align; /* fill align the fields */ + pqbool standard; /* old brain dead format */ + pqbool html3; /* output html tables */ + pqbool expanded; /* expand tables */ + pqbool pager; /* use pager for output if needed */ + char *fieldSep; /* field separator */ + char *tableOpt; /* insert to HTML */ + char *caption; /* HTML
*/ + char **fieldName; /* null terminated array of repalcement + * field names */ +} PQprintOpt; /* ---------------- * Structure for the conninfo parameter definitions returned by PQconndefaults @@ -153,32 +153,32 @@ extern "C" { * will release both the val strings and the PQconninfoOption array itself. * ---------------- */ - typedef struct _PQconninfoOption { - char *keyword; /* The keyword of the option */ - char *envvar; /* Fallback environment variable name */ - char *compiled; /* Fallback compiled in default value */ - char *val; /* Option's current value, or NULL */ - char *label; /* Label for field in connect dialog */ - char *dispchar; /* Character to display for this field in - * a connect dialog. Values are: "" - * Display entered value as is "*" - * Password field - hide value "D" Debug - * option - don't show by default */ - int32_t dispsize; /* Field size in characters for dialog */ - } PQconninfoOption; +typedef struct _PQconninfoOption { + char *keyword; /* The keyword of the option */ + char *envvar; /* Fallback environment variable name */ + char *compiled; /* Fallback compiled in default value */ + char *val; /* Option's current value, or NULL */ + char *label; /* Label for field in connect dialog */ + char *dispchar; /* Character to display for this field in + * a connect dialog. Values are: "" + * Display entered value as is "*" + * Password field - hide value "D" Debug + * option - don't show by default */ + int32_t dispsize; /* Field size in characters for dialog */ +} PQconninfoOption; /* ---------------- * PQArgBlock -- structure for PQfn() arguments * ---------------- */ - typedef struct { - int32_t len; - int32_t isint; - union { - int32_t *ptr; /* can't use void (dec compiler barfs) */ - int32_t integer; - } u; - } PQArgBlock; +typedef struct { + int32_t len; + int32_t isint; + union { + int32_t *ptr; /* can't use void (dec compiler barfs) */ + int32_t integer; + } u; +} PQArgBlock; /* ---------------- * Exported functions of libpq @@ -190,24 +190,23 @@ extern "C" { /* make a new client connection to the backend */ /* Asynchronous (non-blocking) */ - extern PGconn *PQconnectStart(const char *conninfo); - extern PostgresPollingStatusType PQconnectPoll(PGconn * conn); +extern PGconn *PQconnectStart(const char *conninfo); +extern PostgresPollingStatusType PQconnectPoll(PGconn *conn); /* Synchronous (blocking) */ - extern PGconn *PQconnectdb(const char *conninfo); - extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd); +extern PGconn *PQconnectdb(const char *conninfo); +extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd); -#define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME) \ - PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL) +#define PQsetdb(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME) PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL) /* close the current connection and free the PGconn data structure */ - extern void PQfinish(PGconn * conn); +extern void PQfinish(PGconn *conn); /* get info about connection options known to PQconnectdb */ - extern PQconninfoOption *PQconndefaults(void); +extern PQconninfoOption *PQconndefaults(void); /* free the data structure returned by PQconndefaults() */ - extern void PQconninfoFree(PQconninfoOption * connOptions); +extern void PQconninfoFree(PQconninfoOption *connOptions); /* * close the current connection and restablish a new one with the same @@ -215,130 +214,124 @@ extern "C" { */ /* Asynchronous (non-blocking) */ - extern int32_t PQresetStart(PGconn * conn); - extern PostgresPollingStatusType PQresetPoll(PGconn * conn); +extern int32_t PQresetStart(PGconn *conn); +extern PostgresPollingStatusType PQresetPoll(PGconn *conn); /* Synchronous (blocking) */ - extern void PQreset(PGconn * conn); +extern void PQreset(PGconn *conn); /* issue a cancel request */ - extern int32_t PQrequestCancel(PGconn * conn); +extern int32_t PQrequestCancel(PGconn *conn); /* Accessor functions for PGconn objects */ - extern char *PQdb(const PGconn * conn); - extern char *PQuser(const PGconn * conn); - extern char *PQpass(const PGconn * conn); - extern char *PQhost(const PGconn * conn); - extern char *PQport(const PGconn * conn); - extern char *PQtty(const PGconn * conn); - extern char *PQoptions(const PGconn * conn); - extern ConnStatusType PQstatus(const PGconn * conn); - extern PGTransactionStatusType PQtransactionStatus(const PGconn * conn); - extern const char *PQparameterStatus(const PGconn * conn, const char *paramName); - extern int32_t PQprotocolVersion(const PGconn * conn); - extern char *PQerrorMessage(const PGconn * conn); - extern int32_t PQsocket(const PGconn * conn); - extern int32_t PQbackendPID(const PGconn * conn); - extern int32_t PQclientEncoding(const PGconn * conn); - extern int32_t PQsetClientEncoding(PGconn * conn, const char *encoding); +extern char *PQdb(const PGconn *conn); +extern char *PQuser(const PGconn *conn); +extern char *PQpass(const PGconn *conn); +extern char *PQhost(const PGconn *conn); +extern char *PQport(const PGconn *conn); +extern char *PQtty(const PGconn *conn); +extern char *PQoptions(const PGconn *conn); +extern ConnStatusType PQstatus(const PGconn *conn); +extern PGTransactionStatusType PQtransactionStatus(const PGconn *conn); +extern const char *PQparameterStatus(const PGconn *conn, const char *paramName); +extern int32_t PQprotocolVersion(const PGconn *conn); +extern char *PQerrorMessage(const PGconn *conn); +extern int32_t PQsocket(const PGconn *conn); +extern int32_t PQbackendPID(const PGconn *conn); +extern int32_t PQclientEncoding(const PGconn *conn); +extern int32_t PQsetClientEncoding(PGconn *conn, const char *encoding); #ifdef USE_SSL /* Get the SSL structure associated with a connection */ - extern SSL *PQgetssl(PGconn * conn); +extern SSL *PQgetssl(PGconn *conn); #endif /* Set verbosity for PQerrorMessage and PQresultErrorMessage */ - extern PGVerbosity PQsetErrorVerbosity(PGconn * conn, PGVerbosity verbosity); +extern PGVerbosity PQsetErrorVerbosity(PGconn *conn, PGVerbosity verbosity); /* Enable/disable tracing */ - extern void PQtrace(PGconn * conn, FILE * debug_port); - extern void PQuntrace(PGconn * conn); +extern void PQtrace(PGconn *conn, FILE *debug_port); +extern void PQuntrace(PGconn *conn); /* Override default notice handling routines */ - extern PQnoticeReceiver PQsetNoticeReceiver(PGconn * conn, PQnoticeReceiver proc, void *arg); - extern PQnoticeProcessor PQsetNoticeProcessor(PGconn * conn, PQnoticeProcessor proc, void *arg); +extern PQnoticeReceiver PQsetNoticeReceiver(PGconn *conn, PQnoticeReceiver proc, void *arg); +extern PQnoticeProcessor PQsetNoticeProcessor(PGconn *conn, PQnoticeProcessor proc, void *arg); /* === in fe-exec.c === */ /* Simple synchronous query */ - extern PGresult *PQexec(PGconn * conn, const char *query); - extern PGresult *PQexecParams(PGconn * conn, - const char *command, - int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); - extern PGresult *PQexecPrepared(PGconn * conn, - const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern PGresult *PQexec(PGconn *conn, const char *query); +extern PGresult *PQexecParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern PGresult *PQexecPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); /* Interface for multiple-result or asynchronous queries */ - extern int32_t PQsendQuery(PGconn * conn, const char *query); - extern int32_t PQsendQueryParams(PGconn * conn, - const char *command, - int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); - extern int32_t PQsendQueryPrepared(PGconn * conn, - const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); - extern PGresult *PQgetResult(PGconn * conn); +extern int32_t PQsendQuery(PGconn *conn, const char *query); +extern int32_t PQsendQueryParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern int32_t PQsendQueryPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern PGresult *PQgetResult(PGconn *conn); /* Routines for managing an asynchronous query */ - extern int32_t PQisBusy(PGconn * conn); - extern int32_t PQconsumeInput(PGconn * conn); +extern int32_t PQisBusy(PGconn *conn); +extern int32_t PQconsumeInput(PGconn *conn); /* LISTEN/NOTIFY support */ - extern PGnotify *PQnotifies(PGconn * conn); +extern PGnotify *PQnotifies(PGconn *conn); /* Routines for copy in/out */ - extern int32_t PQputCopyData(PGconn * conn, const char *buffer, int32_t nbytes); - extern int32_t PQputCopyEnd(PGconn * conn, const char *errormsg); - extern int32_t PQgetCopyData(PGconn * conn, char **buffer, int32_t async); +extern int32_t PQputCopyData(PGconn *conn, const char *buffer, int32_t nbytes); +extern int32_t PQputCopyEnd(PGconn *conn, const char *errormsg); +extern int32_t PQgetCopyData(PGconn *conn, char **buffer, int32_t async); /* Deprecated routines for copy in/out */ - extern int32_t PQgetline(PGconn * conn, char *string, int32_t length); - extern int32_t PQputline(PGconn * conn, const char *string); - extern int32_t PQgetlineAsync(PGconn * conn, char *buffer, int32_t bufsize); - extern int32_t PQputnbytes(PGconn * conn, const char *buffer, int32_t nbytes); - extern int32_t PQendcopy(PGconn * conn); +extern int32_t PQgetline(PGconn *conn, char *string, int32_t length); +extern int32_t PQputline(PGconn *conn, const char *string); +extern int32_t PQgetlineAsync(PGconn *conn, char *buffer, int32_t bufsize); +extern int32_t PQputnbytes(PGconn *conn, const char *buffer, int32_t nbytes); +extern int32_t PQendcopy(PGconn *conn); /* Set blocking/nonblocking connection to the backend */ - extern int32_t PQsetnonblocking(PGconn * conn, int32_t arg); - extern int32_t PQisnonblocking(const PGconn * conn); +extern int32_t PQsetnonblocking(PGconn *conn, int32_t arg); +extern int32_t PQisnonblocking(const PGconn *conn); /* Force the write buffer to be written (or at least try) */ - extern int32_t PQflush(PGconn * conn); +extern int32_t PQflush(PGconn *conn); /* * "Fast path" interface --- not really recommended for application * use */ - extern PGresult *PQfn(PGconn * conn, int32_t fnid, int32_t *result_buf, int32_t *result_len, int32_t result_is_int, const PQArgBlock * args, int32_t nargs); +extern PGresult *PQfn(PGconn *conn, int32_t fnid, int32_t *result_buf, int32_t *result_len, int32_t result_is_int, const PQArgBlock *args, int32_t nargs); /* Accessor functions for PGresult objects */ - extern ExecStatusType PQresultStatus(const PGresult * res); - extern char *PQresStatus(ExecStatusType status); - extern char *PQresultErrorMessage(const PGresult * res); - extern char *PQresultErrorField(const PGresult * res, int32_t fieldcode); - extern int32_t PQntuples(const PGresult * res); - extern int32_t PQnfields(const PGresult * res); - extern int32_t PQbinaryTuples(const PGresult * res); - extern char *PQfname(const PGresult * res, int32_t field_num); - extern int32_t PQfnumber(const PGresult * res, const char *field_name); - extern Oid PQftable(const PGresult * res, int32_t field_num); - extern int32_t PQftablecol(const PGresult * res, int32_t field_num); - extern int32_t PQfformat(const PGresult * res, int32_t field_num); - extern Oid PQftype(const PGresult * res, int32_t field_num); - extern int32_t PQfsize(const PGresult * res, int32_t field_num); - extern int32_t PQfmod(const PGresult * res, int32_t field_num); - extern char *PQcmdStatus(PGresult * res); - extern char *PQoidStatus(const PGresult * res); /* old and ugly */ - extern Oid PQoidValue(const PGresult * res); /* new and improved */ - extern char *PQcmdTuples(PGresult * res); - extern char *PQgetvalue(const PGresult * res, int32_t tup_num, int32_t field_num); - extern int32_t PQgetlength(const PGresult * res, int32_t tup_num, int32_t field_num); - extern int32_t PQgetisnull(const PGresult * res, int32_t tup_num, int32_t field_num); +extern ExecStatusType PQresultStatus(const PGresult *res); +extern char *PQresStatus(ExecStatusType status); +extern char *PQresultErrorMessage(const PGresult *res); +extern char *PQresultErrorField(const PGresult *res, int32_t fieldcode); +extern int32_t PQntuples(const PGresult *res); +extern int32_t PQnfields(const PGresult *res); +extern int32_t PQbinaryTuples(const PGresult *res); +extern char *PQfname(const PGresult *res, int32_t field_num); +extern int32_t PQfnumber(const PGresult *res, const char *field_name); +extern Oid PQftable(const PGresult *res, int32_t field_num); +extern int32_t PQftablecol(const PGresult *res, int32_t field_num); +extern int32_t PQfformat(const PGresult *res, int32_t field_num); +extern Oid PQftype(const PGresult *res, int32_t field_num); +extern int32_t PQfsize(const PGresult *res, int32_t field_num); +extern int32_t PQfmod(const PGresult *res, int32_t field_num); +extern char *PQcmdStatus(PGresult *res); +extern char *PQoidStatus(const PGresult *res); /* old and ugly */ +extern Oid PQoidValue(const PGresult *res); /* new and improved */ +extern char *PQcmdTuples(PGresult *res); +extern char *PQgetvalue(const PGresult *res, int32_t tup_num, int32_t field_num); +extern int32_t PQgetlength(const PGresult *res, int32_t tup_num, int32_t field_num); +extern int32_t PQgetisnull(const PGresult *res, int32_t tup_num, int32_t field_num); /* Delete a PGresult */ - extern void PQclear(PGresult * res); +extern void PQclear(PGresult *res); /* For freeing other alloc'd results, such as PGnotify structs */ - extern void PQfreemem(void *ptr); +extern void PQfreemem(void *ptr); /* Exists for backward compatibility. bjm 2003-03-24 */ #define PQfreeNotify(ptr) PQfreemem(ptr) @@ -348,63 +341,56 @@ extern "C" { * useful). If conn is not NULL and status indicates an error, the * conn's errorMessage is copied. */ - extern PGresult *PQmakeEmptyPGresult(PGconn * conn, ExecStatusType status); - +extern PGresult *PQmakeEmptyPGresult(PGconn *conn, ExecStatusType status); /* Quoting strings before inclusion in queries. */ - extern size_t PQescapeString(char *to, const char *from, size_t length); - extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t * bytealen); - extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t * retbuflen); - - +extern size_t PQescapeString(char *to, const char *from, size_t length); +extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t *bytealen); +extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t *retbuflen); /* === in fe-print.c === */ - extern void - PQprint(FILE * fout, /* output stream */ - const PGresult * res, const PQprintOpt * ps); /* option structure */ +extern void PQprint(FILE *fout, /* output stream */ + const PGresult *res, const PQprintOpt *ps); /* option structure */ /* * really old printing routines */ - extern void - PQdisplayTuples(const PGresult * res, FILE * fp, /* where to send the output */ - int32_t fillAlign, /* pad the fields with spaces */ - const char *fieldSep, /* field separator */ - int32_t printHeader, /* display headers? */ - int32_t quiet); - - extern void - PQprintTuples(const PGresult * res, FILE * fout, /* output stream */ - int32_t printAttName, /* print attribute names */ - int32_t terseOutput, /* delimiter bars */ - int32_t width); /* width of column, if 0, use variable - * width */ +extern void PQdisplayTuples(const PGresult *res, FILE *fp, /* where to send the output */ + int32_t fillAlign, /* pad the fields with spaces */ + const char *fieldSep, /* field separator */ + int32_t printHeader, /* display headers? */ + int32_t quiet); +extern void PQprintTuples(const PGresult *res, FILE *fout, /* output stream */ + int32_t printAttName, /* print attribute names */ + int32_t terseOutput, /* delimiter bars */ + int32_t width); /* width of column, if 0, use variable + * width */ /* === in fe-lobj.c === */ /* Large-object access routines */ - extern int32_t lo_open(PGconn * conn, Oid lobjId, int32_t mode); - extern int32_t lo_close(PGconn * conn, int32_t fd); - extern int32_t lo_read(PGconn * conn, int32_t fd, char *buf, size_t len); - extern int32_t lo_write(PGconn * conn, int32_t fd, char *buf, size_t len); - extern int32_t lo_lseek(PGconn * conn, int32_t fd, int32_t offset, int32_t whence); - extern Oid lo_creat(PGconn * conn, int32_t mode); - extern int32_t lo_tell(PGconn * conn, int32_t fd); - extern int32_t lo_unlink(PGconn * conn, Oid lobjId); - extern Oid lo_import(PGconn * conn, const char *filename); - extern int32_t lo_export(PGconn * conn, Oid lobjId, const char *filename); +extern int32_t lo_open(PGconn *conn, Oid lobjId, int32_t mode); +extern int32_t lo_close(PGconn *conn, int32_t fd); +extern int32_t lo_read(PGconn *conn, int32_t fd, char *buf, size_t len); +extern int32_t lo_write(PGconn *conn, int32_t fd, char *buf, size_t len); +extern int32_t lo_lseek(PGconn *conn, int32_t fd, int32_t offset, int32_t whence); +extern Oid lo_creat(PGconn *conn, int32_t mode); +extern int32_t lo_tell(PGconn *conn, int32_t fd); +extern int32_t lo_unlink(PGconn *conn, Oid lobjId); +extern Oid lo_import(PGconn *conn, const char *filename); +extern int32_t lo_export(PGconn *conn, Oid lobjId, const char *filename); /* === in fe-misc.c === */ /* Determine length of multibyte encoded char at *s */ - extern int32_t PQmblen(const unsigned char *s, int32_t encoding); +extern int32_t PQmblen(const unsigned char *s, int32_t encoding); /* Get encoding id from environment variable PGCLIENTENCODING */ - extern int32_t PQenv2encoding(void); +extern int32_t PQenv2encoding(void); #ifdef __cplusplus } #endif -#endif /* LIBPQ_FE_H */ +#endif /* LIBPQ_FE_H */ diff --git a/ntlm.c b/ntlm.c index 00df4c8..c8c01ab 100644 --- a/ntlm.c +++ b/ntlm.c @@ -2,10 +2,10 @@ Single file NTLM system to create and parse authentication messages. http://www.reversing.org - ilo-- ilo@reversing.org + ilo-- ilo@reversing.org - I did copy&paste&modify several files to leave independent NTLM code - that compile in cygwin/linux environment. Most of the code was ripped + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped from Samba implementation so I left the Copying statement. Samba core code was left unmodified from 1.9 version. @@ -19,41 +19,40 @@ SMB parameters and setup Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include #ifdef WIN32 #else #include #endif -#include -#include -#include -#include -#include #include "ntlm.h" - +#include +#include +#include +#include /* Byte order macros */ #ifndef _BYTEORDER_H #define _BYTEORDER_H /* - This file implements macros for machine independent short and + This file implements macros for machine independent short and int32_t manipulation Here is a description of this file that I emailed to the samba list once: @@ -62,7 +61,7 @@ Here is a description of this file that I emailed to the samba list once: > looked at it, and I would have thought that you might make a distinction > between LE and BE machines, but you only seem to distinguish between 386 > and all other architectures. -> +> > Can you give me a clue? sure. @@ -126,33 +125,87 @@ it also defines lots of intermediate macros, just ignore those :-) /* some switch macros that do both store and read to and from SMB buffers */ -#define RW_PCVAL(read,inbuf,outbuf,len) \ - { if (read) { PCVAL (inbuf,0,outbuf,len); } \ - else { PSCVAL(inbuf,0,outbuf,len); } } +#define RW_PCVAL(read, inbuf, outbuf, len) \ + { \ + if (read) { \ + PCVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSCVAL(inbuf, 0, outbuf, len); \ + } \ + } -#define RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ - { if (read) { if (big_endian) { RPIVAL(inbuf,0,outbuf,len); } else { PIVAL(inbuf,0,outbuf,len); } } \ - else { if (big_endian) { RPSIVAL(inbuf,0,outbuf,len); } else { PSIVAL(inbuf,0,outbuf,len); } } } +#define RW_PIVAL(read, big_endian, inbuf, outbuf, len) \ + { \ + if (read) { \ + if (big_endian) { \ + RPIVAL(inbuf, 0, outbuf, len); \ + } else { \ + PIVAL(inbuf, 0, outbuf, len); \ + } \ + } else { \ + if (big_endian) { \ + RPSIVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSIVAL(inbuf, 0, outbuf, len); \ + } \ + } \ + } -#define RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ - { if (read) { if (big_endian) { RPSVAL(inbuf,0,outbuf,len); } else { PSVAL(inbuf,0,outbuf,len); } } \ - else { if (big_endian) { RPSSVAL(inbuf,0,outbuf,len); } else { PSSVAL(inbuf,0,outbuf,len); } } } +#define RW_PSVAL(read, big_endian, inbuf, outbuf, len) \ + { \ + if (read) { \ + if (big_endian) { \ + RPSVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSVAL(inbuf, 0, outbuf, len); \ + } \ + } else { \ + if (big_endian) { \ + RPSSVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSSVAL(inbuf, 0, outbuf, len); \ + } \ + } \ + } -#define RW_CVAL(read, inbuf, outbuf, offset) \ - { if (read) { (outbuf) = CVAL (inbuf,offset); } \ - else { SCVAL(inbuf,offset,outbuf); } } +#define RW_CVAL(read, inbuf, outbuf, offset) \ + { \ + if (read) { \ + (outbuf) = CVAL(inbuf, offset); \ + } else { \ + SCVAL(inbuf, offset, outbuf); \ + } \ + } -#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ - { if (read) { (outbuf) = ((big_endian) ? RIVAL(inbuf,offset) : IVAL (inbuf,offset)); } \ - else { if (big_endian) { RSIVAL(inbuf,offset,outbuf); } else { SIVAL(inbuf,offset,outbuf); } } } +#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ + { \ + if (read) { \ + (outbuf) = ((big_endian) ? RIVAL(inbuf, offset) : IVAL(inbuf, offset)); \ + } else { \ + if (big_endian) { \ + RSIVAL(inbuf, offset, outbuf); \ + } else { \ + SIVAL(inbuf, offset, outbuf); \ + } \ + } \ + } -#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ - { if (read) { (outbuf) = ((big_endian) ? RSVAL(inbuf,offset) : SVAL (inbuf,offset)); } \ - else { if (big_endian) { RSSVAL(inbuf,offset,outbuf); } else { SSVAL(inbuf,offset,outbuf); } } } +#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ + { \ + if (read) { \ + (outbuf) = ((big_endian) ? RSVAL(inbuf, offset) : SVAL(inbuf, offset)); \ + } else { \ + if (big_endian) { \ + RSSVAL(inbuf, offset, outbuf); \ + } else { \ + SSVAL(inbuf, offset, outbuf); \ + } \ + } \ + } #undef CAREFUL_ALIGNMENT -/* we know that the 386 can handle misalignment and has the "right" +/* we know that the 386 can handle misalignment and has the "right" byteorder */ #ifdef __i386__ #define CAREFUL_ALIGNMENT 0 @@ -162,23 +215,22 @@ it also defines lots of intermediate macros, just ignore those :-) #define CAREFUL_ALIGNMENT 1 #endif -#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) -#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) -#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) - +#define CVAL(buf, pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf, pos) ((unsigned)CVAL(buf, pos)) +#define SCVAL(buf, pos, val) (CVAL(buf, pos) = (val)) #if CAREFUL_ALIGNMENT -#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) -#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) -#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) -#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) -#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) -#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) -#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) -#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) -#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) -#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) +#define SVAL(buf, pos) (PVAL(buf, pos) | PVAL(buf, (pos) + 1) << 8) +#define IVAL(buf, pos) (SVAL(buf, pos) | SVAL(buf, (pos) + 2) << 16) +#define SSVALX(buf, pos, val) (CVAL(buf, pos) = (val)&0xFF, CVAL(buf, pos + 1) = (val) >> 8) +#define SIVALX(buf, pos, val) (SSVALX(buf, pos, val & 0xFFFF), SSVALX(buf, pos + 2, val >> 16)) +#define SVALS(buf, pos) ((int16)SVAL(buf, pos)) +#define IVALS(buf, pos) ((int32)IVAL(buf, pos)) +#define SSVAL(buf, pos, val) SSVALX((buf), (pos), ((uint16)(val))) +#define SIVAL(buf, pos, val) SIVALX((buf), (pos), ((uint32)(val))) +#define SSVALS(buf, pos, val) SSVALX((buf), (pos), ((int16)(val))) +#define SIVALS(buf, pos, val) SIVALX((buf), (pos), ((int32)(val))) #else /* CAREFUL_ALIGNMENT */ @@ -187,147 +239,171 @@ it also defines lots of intermediate macros, just ignore those :-) /* WARNING: This section is dependent on the length of int16 and int32 - being correct + being correct */ /* get single value from an SMB buffer */ -#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) -#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) -#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) -#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) +#define SVAL(buf, pos) (*(uint16 *)((char *)(buf) + (pos))) +#define IVAL(buf, pos) (*(uint32 *)((char *)(buf) + (pos))) +#define SVALS(buf, pos) (*(int16 *)((char *)(buf) + (pos))) +#define IVALS(buf, pos) (*(int32 *)((char *)(buf) + (pos))) /* store single value in an SMB buffer */ -#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) -#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) -#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) -#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) +#define SSVAL(buf, pos, val) SVAL(buf, pos) = ((uint16)(val)) +#define SIVAL(buf, pos, val) IVAL(buf, pos) = ((uint32)(val)) +#define SSVALS(buf, pos, val) SVALS(buf, pos) = ((int16)(val)) +#define SIVALS(buf, pos, val) IVALS(buf, pos) = ((int32)(val)) #endif /* CAREFUL_ALIGNMENT */ /* macros for reading / writing arrays */ -#define SMBMACRO(macro,buf,pos,val,len,size) \ -{ int32_t l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } +#define SMBMACRO(macro, buf, pos, val, len, size) \ + { \ + int32_t l; \ + for (l = 0; l < (len); l++) \ + (val)[l] = macro((buf), (pos) + (size)*l); \ + } -#define SSMBMACRO(macro,buf,pos,val,len,size) \ -{ int32_t l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } +#define SSMBMACRO(macro, buf, pos, val, len, size) \ + { \ + int32_t l; \ + for (l = 0; l < (len); l++) \ + macro((buf), (pos) + (size)*l, (val)[l]); \ + } /* reads multiple data from an SMB buffer */ -#define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) -#define PSVAL(buf,pos,val,len) SMBMACRO(SVAL,buf,pos,val,len,2) -#define PIVAL(buf,pos,val,len) SMBMACRO(IVAL,buf,pos,val,len,4) -#define PCVALS(buf,pos,val,len) SMBMACRO(CVALS,buf,pos,val,len,1) -#define PSVALS(buf,pos,val,len) SMBMACRO(SVALS,buf,pos,val,len,2) -#define PIVALS(buf,pos,val,len) SMBMACRO(IVALS,buf,pos,val,len,4) +#define PCVAL(buf, pos, val, len) SMBMACRO(CVAL, buf, pos, val, len, 1) +#define PSVAL(buf, pos, val, len) SMBMACRO(SVAL, buf, pos, val, len, 2) +#define PIVAL(buf, pos, val, len) SMBMACRO(IVAL, buf, pos, val, len, 4) +#define PCVALS(buf, pos, val, len) SMBMACRO(CVALS, buf, pos, val, len, 1) +#define PSVALS(buf, pos, val, len) SMBMACRO(SVALS, buf, pos, val, len, 2) +#define PIVALS(buf, pos, val, len) SMBMACRO(IVALS, buf, pos, val, len, 4) /* stores multiple data in an SMB buffer */ -#define PSCVAL(buf,pos,val,len) SSMBMACRO(SCVAL,buf,pos,val,len,1) -#define PSSVAL(buf,pos,val,len) SSMBMACRO(SSVAL,buf,pos,val,len,2) -#define PSIVAL(buf,pos,val,len) SSMBMACRO(SIVAL,buf,pos,val,len,4) -#define PSCVALS(buf,pos,val,len) SSMBMACRO(SCVALS,buf,pos,val,len,1) -#define PSSVALS(buf,pos,val,len) SSMBMACRO(SSVALS,buf,pos,val,len,2) -#define PSIVALS(buf,pos,val,len) SSMBMACRO(SIVALS,buf,pos,val,len,4) - +#define PSCVAL(buf, pos, val, len) SSMBMACRO(SCVAL, buf, pos, val, len, 1) +#define PSSVAL(buf, pos, val, len) SSMBMACRO(SSVAL, buf, pos, val, len, 2) +#define PSIVAL(buf, pos, val, len) SSMBMACRO(SIVAL, buf, pos, val, len, 4) +#define PSCVALS(buf, pos, val, len) SSMBMACRO(SCVALS, buf, pos, val, len, 1) +#define PSSVALS(buf, pos, val, len) SSMBMACRO(SSVALS, buf, pos, val, len, 2) +#define PSIVALS(buf, pos, val, len) SSMBMACRO(SIVALS, buf, pos, val, len, 4) /* now the reverse routines - these are used in nmb packets (mostly) */ -#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) -#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) +#define SREV(x) ((((x)&0xFF) << 8) | (((x) >> 8) & 0xFF)) +#define IREV(x) ((SREV(x) << 16) | (SREV((x) >> 16))) -#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) -#define RSVALS(buf,pos) SREV(SVALS(buf,pos)) -#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) -#define RIVALS(buf,pos) IREV(IVALS(buf,pos)) -#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) -#define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) -#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) -#define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) +#define RSVAL(buf, pos) SREV(SVAL(buf, pos)) +#define RSVALS(buf, pos) SREV(SVALS(buf, pos)) +#define RIVAL(buf, pos) IREV(IVAL(buf, pos)) +#define RIVALS(buf, pos) IREV(IVALS(buf, pos)) +#define RSSVAL(buf, pos, val) SSVAL(buf, pos, SREV(val)) +#define RSSVALS(buf, pos, val) SSVALS(buf, pos, SREV(val)) +#define RSIVAL(buf, pos, val) SIVAL(buf, pos, IREV(val)) +#define RSIVALS(buf, pos, val) SIVALS(buf, pos, IREV(val)) /* reads multiple data from an SMB buffer (big-endian) */ -#define RPSVAL(buf,pos,val,len) SMBMACRO(RSVAL,buf,pos,val,len,2) -#define RPIVAL(buf,pos,val,len) SMBMACRO(RIVAL,buf,pos,val,len,4) -#define RPSVALS(buf,pos,val,len) SMBMACRO(RSVALS,buf,pos,val,len,2) -#define RPIVALS(buf,pos,val,len) SMBMACRO(RIVALS,buf,pos,val,len,4) +#define RPSVAL(buf, pos, val, len) SMBMACRO(RSVAL, buf, pos, val, len, 2) +#define RPIVAL(buf, pos, val, len) SMBMACRO(RIVAL, buf, pos, val, len, 4) +#define RPSVALS(buf, pos, val, len) SMBMACRO(RSVALS, buf, pos, val, len, 2) +#define RPIVALS(buf, pos, val, len) SMBMACRO(RIVALS, buf, pos, val, len, 4) /* stores multiple data in an SMB buffer (big-endian) */ -#define RPSSVAL(buf,pos,val,len) SSMBMACRO(RSSVAL,buf,pos,val,len,2) -#define RPSIVAL(buf,pos,val,len) SSMBMACRO(RSIVAL,buf,pos,val,len,4) -#define RPSSVALS(buf,pos,val,len) SSMBMACRO(RSSVALS,buf,pos,val,len,2) -#define RPSIVALS(buf,pos,val,len) SSMBMACRO(RSIVALS,buf,pos,val,len,4) +#define RPSSVAL(buf, pos, val, len) SSMBMACRO(RSSVAL, buf, pos, val, len, 2) +#define RPSIVAL(buf, pos, val, len) SSMBMACRO(RSIVAL, buf, pos, val, len, 4) +#define RPSSVALS(buf, pos, val, len) SSMBMACRO(RSSVALS, buf, pos, val, len, 2) +#define RPSIVALS(buf, pos, val, len) SSMBMACRO(RSIVALS, buf, pos, val, len, 4) -#define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ - { RW_PCVAL(read,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ - tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ - { int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } +#define DBG_RW_PCVAL(charmode, string, depth, base, read, inbuf, outbuf, len) \ + { \ + RW_PCVAL(read, inbuf, outbuf, len) \ + DEBUG(5, ("%s%04x %s: ", tab_depth(depth), base, string)); \ + if (charmode) \ + print_asc(5, (unsigned char *)(outbuf), (len)); \ + else { \ + int32_t idx; \ + for (idx = 0; idx < len; idx++) { \ + DEBUG(5, ("%02x ", (outbuf)[idx])); \ + } \ + } \ + DEBUG(5, ("\n")); \ + } -#define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ - { RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ - tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ - { int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } +#define DBG_RW_PSVAL(charmode, string, depth, base, read, big_endian, inbuf, outbuf, len) \ + { \ + RW_PSVAL(read, big_endian, inbuf, outbuf, len) \ + DEBUG(5, ("%s%04x %s: ", tab_depth(depth), base, string)); \ + if (charmode) \ + print_asc(5, (unsigned char *)(outbuf), 2 * (len)); \ + else { \ + int32_t idx; \ + for (idx = 0; idx < len; idx++) { \ + DEBUG(5, ("%04x ", (outbuf)[idx])); \ + } \ + } \ + DEBUG(5, ("\n")); \ + } -#define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ - { RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ - tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ - { int32_t idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } +#define DBG_RW_PIVAL(charmode, string, depth, base, read, big_endian, inbuf, outbuf, len) \ + { \ + RW_PIVAL(read, big_endian, inbuf, outbuf, len) \ + DEBUG(5, ("%s%04x %s: ", tab_depth(depth), base, string)); \ + if (charmode) \ + print_asc(5, (unsigned char *)(outbuf), 4 * (len)); \ + else { \ + int32_t idx; \ + for (idx = 0; idx < len; idx++) { \ + DEBUG(5, ("%08x ", (outbuf)[idx])); \ + } \ + } \ + DEBUG(5, ("\n")); \ + } -#define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ - { RW_CVAL(read,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %02x\n", \ - tab_depth(depth), base, string, outbuf)); } +#define DBG_RW_CVAL(string, depth, base, read, inbuf, outbuf) \ + { \ + RW_CVAL(read, inbuf, outbuf, 0) \ + DEBUG(5, ("%s%04x %s: %02x\n", tab_depth(depth), base, string, outbuf)); \ + } -#define DBG_RW_SVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ - { RW_SVAL(read,big_endian,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %04x\n", \ - tab_depth(depth), base, string, outbuf)); } +#define DBG_RW_SVAL(string, depth, base, read, big_endian, inbuf, outbuf) \ + { \ + RW_SVAL(read, big_endian, inbuf, outbuf, 0) \ + DEBUG(5, ("%s%04x %s: %04x\n", tab_depth(depth), base, string, outbuf)); \ + } -#define DBG_RW_IVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ - { RW_IVAL(read,big_endian,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %08x\n", \ - tab_depth(depth), base, string, outbuf)); } +#define DBG_RW_IVAL(string, depth, base, read, big_endian, inbuf, outbuf) \ + { \ + RW_IVAL(read, big_endian, inbuf, outbuf, 0) \ + DEBUG(5, ("%s%04x %s: %08x\n", tab_depth(depth), base, string, outbuf)); \ + } #endif /* _BYTEORDER_H */ - /* Samba MD4 implementation */ -/* NOTE: This code makes no attempt to be fast! +/* NOTE: This code makes no attempt to be fast! It assumes that a int32_t is at least 32 bits long */ static uint32 A, B, C, D; -static uint32 F(uint32 X, uint32 Y, uint32 Z) { - return (X & Y) | ((~X) & Z); -} +static uint32 F(uint32 X, uint32 Y, uint32 Z) { return (X & Y) | ((~X) & Z); } -static uint32 G(uint32 X, uint32 Y, uint32 Z) { - return (X & Y) | (X & Z) | (Y & Z); -} +static uint32 G(uint32 X, uint32 Y, uint32 Z) { return (X & Y) | (X & Z) | (Y & Z); } -static uint32 H(uint32 X, uint32 Y, uint32 Z) { - return X ^ Y ^ Z; -} +static uint32 H(uint32 X, uint32 Y, uint32 Z) { return X ^ Y ^ Z; } static uint32 lshift(uint32 x, int32_t s) { x &= 0xFFFFFFFF; return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); } -#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) -#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) -#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) +#define ROUND1(a, b, c, d, k, s) a = lshift(a + F(b, c, d) + X[k], s) +#define ROUND2(a, b, c, d, k, s) a = lshift(a + G(b, c, d) + X[k] + (uint32)0x5A827999, s) +#define ROUND3(a, b, c, d, k, s) a = lshift(a + H(b, c, d) + X[k] + (uint32)0x6ED9EBA1, s) /* this applies md4 to 64 byte chunks */ -static void mdfour64(uint32 * M) { +static void mdfour64(uint32 *M) { int32_t j; uint32 AA, BB, CC, DD; uint32 X[16]; @@ -405,7 +481,7 @@ static void mdfour64(uint32 * M) { X[j] = 0; } -static void copy64(uint32 * M, unsigned char *in) { +static void copy64(uint32 *M, unsigned char *in) { int32_t i; for (i = 0; i < 16; i++) @@ -471,113 +547,37 @@ void mdfour(unsigned char *out, unsigned char *in, int32_t n) { #define uchar unsigned char #define int16 signed short -static uchar perm1[56] = { 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; +static uchar perm1[56] = {57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4}; -static uchar perm2[48] = { 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; +static uchar perm2[48] = {14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32}; -static uchar perm3[64] = { 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 -}; +static uchar perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7}; -static uchar perm4[48] = { 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 -}; +static uchar perm4[48] = {32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1}; -static uchar perm5[32] = { 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 -}; +static uchar perm5[32] = {16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25}; +static uchar perm6[64] = {40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25}; -static uchar perm6[64] = { 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 -}; +static uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}; +static uchar sbox[8][4][16] = {{{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, -static uchar sc[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; + {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, -static uchar sbox[8][4][16] = { - {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, - {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, - {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, - {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, + {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, - {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, - {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, - {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, - {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, + {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, - {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, - {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, - {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, - {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, + {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, - {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, - {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, - {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, - {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, + {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, - {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, - {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, - {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, - {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, + {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, - {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, - {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, - {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, - {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, + {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}}; - {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, - {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, - {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, - {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, - - {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, - {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, - {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, - {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}} -}; - -static void permute(char *out, char *in, uchar * p, int32_t n) { +static void permute(char *out, char *in, uchar *p, int32_t n) { int32_t i; for (i = 0; i < n; i++) @@ -601,14 +601,15 @@ static void concat(char *out, char *in1, char *in2, int32_t l1, int32_t l2) { *out++ = *in2++; } -void xor(char *out, char *in1, char *in2, int32_t n) { - int32_t i; +void xor + (char *out, char *in1, char *in2, int32_t n) { + int32_t i; - for (i = 0; i < n; i++) - out[i] = in1[i] ^ in2[i]; -} + for (i = 0; i < n; i++) + out[i] = in1[i] ^ in2[i]; + } -static void dohash(char *out, char *in, char *key, int32_t forw) { + static void dohash(char *out, char *in, char *key, int32_t forw) { int32_t i, j, k; char pk1[56]; char c[28]; @@ -703,7 +704,6 @@ static void str_to_key(unsigned char *str, unsigned char *key) { } } - static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int32_t forw) { int32_t i; char outb[64]; @@ -732,7 +732,7 @@ static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, i } void E_P16(unsigned char *p14, unsigned char *p16) { - unsigned char sp8[8] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; smbhash(p16, sp8, p14, 1); smbhash(p16 + 8, sp8, p14 + 7, 1); } @@ -785,7 +785,7 @@ void SamOEMhash(unsigned char *data, unsigned char *key, int32_t val) { int32_t ind; for (ind = 0; ind < 256; ind++) { - s_box[ind] = (unsigned char) ind; + s_box[ind] = (unsigned char)ind; } for (ind = 0; ind < 256; ind++) { @@ -815,7 +815,6 @@ void SamOEMhash(unsigned char *data, unsigned char *key, int32_t val) { /* Samba encryption implementation*/ - /**************************************************************************** Like strncpy but always null terminates. Make sure there is room! The variable n should always be one less than the available size. @@ -830,21 +829,19 @@ char *StrnCpy(char *dest, const char *src, size_t n) { *dest = 0; return (dest); } - while (n-- && (*d++ = *src++)); + while (n-- && (*d++ = *src++)) + ; *d = 0; return (dest); } -size_t skip_multibyte_char(char c) { - return 0; -} - +size_t skip_multibyte_char(char c) { return 0; } /******************************************************************* safe string copy into a known length string. maxlength does not include the terminating zero. ********************************************************************/ -#define DEBUG(a,b) ; +#define DEBUG(a, b) ; char *safe_strcpy(char *dest, const char *src, size_t maxlength) { size_t len; @@ -861,7 +858,7 @@ char *safe_strcpy(char *dest, const char *src, size_t maxlength) { len = strlen(src); if (len > maxlength) { - DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int32_t) (len - maxlength), src)); + DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int32_t)(len - maxlength), src)); len = maxlength; } @@ -870,7 +867,6 @@ char *safe_strcpy(char *dest, const char *src, size_t maxlength) { return dest; } - void strupper(char *s) { while (*s) { { @@ -879,44 +875,44 @@ void strupper(char *s) { if (skip != 0) s += skip; else { - if (islower((int32_t) *s)) - *s = toupper((int32_t) *s); + if (islower((int32_t)*s)) + *s = toupper((int32_t)*s); s++; } } } } -extern void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]); +extern void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]); /* This implements the X/Open SMB password encryption - It takes a password, a 8 byte "crypt key" and puts 24 bytes of - encrypted password into p24 + It takes a password, a 8 byte "crypt key" and puts 24 bytes of + encrypted password into p24 */ -void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) { +void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p14[15], p21[21]; memset(p21, '\0', 21); memset(p14, '\0', 14); - StrnCpy((char *) p14, (char *) passwd, 14); + StrnCpy((char *)p14, (char *)passwd, 14); - strupper((char *) p14); + strupper((char *)p14); E_P16(p14, p21); SMBOWFencrypt(p21, c8, p24); #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBencrypt: lm#, challenge, response\n")); - dump_data(100, (char *) p21, 16); - dump_data(100, (char *) c8, 8); - dump_data(100, (char *) p24, 24); + dump_data(100, (char *)p21, 16); + dump_data(100, (char *)c8, 8); + dump_data(100, (char *)p24, 24); #endif } /* Routines for Windows NT MD4 Hash functions. */ -static int32_t _my_wcslen(int16 * str) { +static int32_t _my_wcslen(int16 *str) { int32_t len = 0; while (*str++ != 0) @@ -926,12 +922,12 @@ static int32_t _my_wcslen(int16 * str) { /* * Convert a string into an NT UNICODE string. - * Note that regardless of processor type + * Note that regardless of processor type * this must be in intel (little-endian) * format. */ -static int32_t _my_mbstowcs(int16 * dst, uchar * src, int32_t len) { +static int32_t _my_mbstowcs(int16 *dst, uchar *src, int32_t len) { int32_t i; int16 val; @@ -946,25 +942,25 @@ static int32_t _my_mbstowcs(int16 * dst, uchar * src, int32_t len) { return i; } -/* +/* * Creates the MD4 Hash of the users password in NT UNICODE. */ -void E_md4hash(uchar * passwd, uchar * p16) { +void E_md4hash(uchar *passwd, uchar *p16) { int32_t len; int16 wpwd[129]; /* Password cannot be longer than 128 characters */ - len = strlen((char *) passwd); + len = strlen((char *)passwd); if (len > 128) len = 128; /* Password must be converted to NT unicode */ _my_mbstowcs(wpwd, passwd, len); - wpwd[len] = 0; /* Ensure string is null terminated */ + wpwd[len] = 0; /* Ensure string is null terminated */ /* Calculate length in bytes */ len = _my_wcslen(wpwd) * sizeof(int16); - mdfour(p16, (unsigned char *) wpwd, len); + mdfour(p16, (unsigned char *)wpwd, len); } /* Does both the NT and LM owfs of a user's password */ @@ -976,12 +972,12 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { /* Calculate the MD4 hash (NT compatible) of the password */ memset(nt_p16, '\0', 16); - E_md4hash((uchar *) passwd, nt_p16); + E_md4hash((uchar *)passwd, nt_p16); #ifdef DEBUG_PASSWORD DEBUG(100, ("nt_lm_owf_gen: pwd, nt#\n")); dump_data(120, passwd, strlen(passwd)); - dump_data(100, (char *) nt_p16, 16); + dump_data(100, (char *)nt_p16, 16); #endif /* Mangle the passwords into Lanman format */ @@ -991,19 +987,19 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { /* Calculate the SMB (lanman) hash functions of the password */ memset(p16, '\0', 16); - E_P16((uchar *) passwd, (uchar *) p16); + E_P16((uchar *)passwd, (uchar *)p16); #ifdef DEBUG_PASSWORD DEBUG(100, ("nt_lm_owf_gen: pwd, lm#\n")); dump_data(120, passwd, strlen(passwd)); - dump_data(100, (char *) p16, 16); + dump_data(100, (char *)p16, 16); #endif /* clear out local copy of user's password (just being paranoid). */ memset(passwd, '\0', sizeof(passwd)); } /* Does the des encryption from the NT or LM MD4 hash. */ -void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]) { +void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]) { uchar p21[21]; memset(p21, '\0', 21); @@ -1013,7 +1009,7 @@ void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]) { } /* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */ -void NTLMSSPOWFencrypt(uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) { +void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]) { uchar p21[21]; memset(p21, '\0', 21); @@ -1023,16 +1019,15 @@ void NTLMSSPOWFencrypt(uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) { E_P24(p21, ntlmchalresp, p24); #ifdef DEBUG_PASSWORD DEBUG(100, ("NTLMSSPOWFencrypt: p21, c8, p24\n")); - dump_data(100, (char *) p21, 21); - dump_data(100, (char *) ntlmchalresp, 8); - dump_data(100, (char *) p24, 24); + dump_data(100, (char *)p21, 21); + dump_data(100, (char *)ntlmchalresp, 8); + dump_data(100, (char *)p24, 24); #endif } - /* Does the NT MD4 hash then des encryption. */ -void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { +void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p21[21]; memset(p21, '\0', 21); @@ -1042,9 +1037,9 @@ void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBNTencrypt: nt#, challenge, response\n")); - dump_data(100, (char *) p21, 16); - dump_data(100, (char *) c8, 8); - dump_data(100, (char *) p24, 24); + dump_data(100, (char *)p21, 16); + dump_data(100, (char *)c8, 8); + dump_data(100, (char *)p24, 24); #endif } @@ -1083,7 +1078,8 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[ #endif -/* libtnlm copyrigth was left here, anyway the interface was slightly modified */ +/* libtnlm copyrigth was left here, anyway the interface was slightly modified + */ /* included libntlm-3.2.9 (c) even if this code is based in 2.1 version*/ @@ -1113,58 +1109,49 @@ Contributed LGPL versions of some of the GPL'd Samba files. * in the structures probably needs to be designed */ -#define AddBytes(ptr, header, buf, count) \ -{ \ -if (buf != NULL && count != 0) \ - { \ - SSVAL(&ptr->header.len,0,count); \ - SSVAL(&ptr->header.maxlen,0,count); \ - SIVAL(&ptr->header.offset,0,((ptr->buffer - ((uint8*)ptr)) + ptr->bufIndex)); \ - memcpy(ptr->buffer+ptr->bufIndex, buf, count); \ - ptr->bufIndex += count; \ - } \ -else \ - { \ - ptr->header.len = \ - ptr->header.maxlen = 0; \ - SIVAL(&ptr->header.offset,0,ptr->bufIndex); \ - } \ -} +#define AddBytes(ptr, header, buf, count) \ + { \ + if (buf != NULL && count != 0) { \ + SSVAL(&ptr->header.len, 0, count); \ + SSVAL(&ptr->header.maxlen, 0, count); \ + SIVAL(&ptr->header.offset, 0, ((ptr->buffer - ((uint8 *)ptr)) + ptr->bufIndex)); \ + memcpy(ptr->buffer + ptr->bufIndex, buf, count); \ + ptr->bufIndex += count; \ + } else { \ + ptr->header.len = ptr->header.maxlen = 0; \ + SIVAL(&ptr->header.offset, 0, ptr->bufIndex); \ + } \ + } -#define AddString(ptr, header, string) \ -{ \ -char *p = string; \ -int32_t len = 0; \ -if (p) len = strlen(p); \ -AddBytes(ptr, header, ((unsigned char*)p), len); \ -} +#define AddString(ptr, header, string) \ + { \ + char *p = string; \ + int32_t len = 0; \ + if (p) \ + len = strlen(p); \ + AddBytes(ptr, header, ((unsigned char *)p), len); \ + } -#define AddUnicodeString(ptr, header, string) \ -{ \ -char *p = string; \ -unsigned char *b = NULL; \ -int32_t len = 0; \ -if (p) \ - { \ - len = strlen(p); \ - b = strToUnicode(p); \ - } \ -AddBytes(ptr, header, b, len*2); \ -} +#define AddUnicodeString(ptr, header, string) \ + { \ + char *p = string; \ + unsigned char *b = NULL; \ + int32_t len = 0; \ + if (p) { \ + len = strlen(p); \ + b = strToUnicode(p); \ + } \ + AddBytes(ptr, header, b, len * 2); \ + } +#define GetUnicodeString(structPtr, header) unicodeToString(((char *)structPtr) + IVAL(&structPtr->header.offset, 0), SVAL(&structPtr->header.len, 0) / 2) +#define GetString(structPtr, header) toString((((char *)structPtr) + IVAL(&structPtr->header.offset, 0)), SVAL(&structPtr->header.len, 0)) +#define DumpBuffer(fp, structPtr, header) dumpRaw(fp, ((unsigned char *)structPtr) + IVAL(&structPtr->header.offset, 0), SVAL(&structPtr->header.len, 0)) -#define GetUnicodeString(structPtr, header) \ -unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) -#define GetString(structPtr, header) \ -toString((((char *)structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) -#define DumpBuffer(fp, structPtr, header) \ -dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) - - -static void dumpRaw(FILE * fp, unsigned char *buf, size_t len) { +static void dumpRaw(FILE *fp, unsigned char *buf, size_t len) { int32_t i; - for (i = 0; i < (int32_t) len; ++i) + for (i = 0; i < (int32_t)len; ++i) fprintf(fp, "%02x ", buf[i]); fprintf(fp, "\n"); @@ -1176,7 +1163,7 @@ static char *unicodeToString(char *p, size_t len) { assert(len + 1 < sizeof buf); - for (i = 0; i < (int32_t) len; ++i) { + for (i = 0; i < (int32_t)len; ++i) { buf[i] = *p & 0x7f; p += 2; } @@ -1210,12 +1197,11 @@ static unsigned char *toString(char *p, size_t len) { return buf; } +void buildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain) { + char *h = NULL; // strdup(host); + char *p = NULL; // strchr(h,'@'); -void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain) { - char *h = NULL; //strdup(host); - char *p = NULL; //strchr(h,'@'); - -//TODO: review default flags + // TODO: review default flags if (host == NULL) host = ""; @@ -1230,7 +1216,7 @@ void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, cha *p = '\0'; } if (flags == 0) - flags = 0x0000b207; /* Lowest security options to avoid negotiation */ + flags = 0x0000b207; /* Lowest security options to avoid negotiation */ request->bufIndex = 0; memcpy(request->ident, "NTLMSSP\0\0\0", 8); SIVAL(&request->msgType, 0, 1); @@ -1243,7 +1229,7 @@ void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, cha free(h); } -void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) { +void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domainname, char *host) { uint8 lmRespData[24]; uint8 ntRespData[24]; char *u = strdup(user); @@ -1264,8 +1250,8 @@ void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * *p = '\0'; } - SMBencrypt((unsigned char *) password, challenge->challengeData, lmRespData); - SMBNTencrypt((unsigned char *) password, challenge->challengeData, ntRespData); + SMBencrypt((unsigned char *)password, challenge->challengeData, lmRespData); + SMBNTencrypt((unsigned char *)password, challenge->challengeData, ntRespData); response->bufIndex = 0; memcpy(response->ident, "NTLMSSP\0\0\0", 8); @@ -1284,7 +1270,7 @@ void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * AddString(response, sessionKey, NULL); if (flags != 0) - challenge->flags = flags; /* Overide flags! */ + challenge->flags = flags; /* Overide flags! */ response->flags = challenge->flags; if (w) @@ -1295,16 +1281,12 @@ void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * free(u); } - - - - // info functions -void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); -void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); -void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); +void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request); +void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge); +void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response); -void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request) { +void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request) { fprintf(fp, "NTLM Request:\n"); fprintf(fp, " Ident = %s\n", request->ident); fprintf(fp, " mType = %u\n", IVAL(&request->msgType, 0)); @@ -1313,7 +1295,7 @@ void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request) { fprintf(fp, " Domain = %s\n", GetString(request, domain)); } -void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge) { +void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge) { fprintf(fp, "NTLM Challenge:\n"); fprintf(fp, " Ident = %s\n", challenge->ident); fprintf(fp, " mType = %u\n", IVAL(&challenge->msgType, 0)); @@ -1324,7 +1306,7 @@ void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge) { fprintf(fp, " Incomplete!! parse optional parameters\n"); } -void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { +void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response) { fprintf(fp, "NTLM Response:\n"); fprintf(fp, " Ident = %s\n", response->ident); fprintf(fp, " mType = %u\n", IVAL(&response->msgType, 0)); @@ -1340,12 +1322,6 @@ void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { fprintf(fp, " Flags = %08x\n", IVAL(&response->flags, 0)); } - - - - - - /* * base64.c -- base-64 conversion routines. * @@ -1360,22 +1336,13 @@ void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { * This code borrowed from fetchmail sources */ - static const char base64digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -#define BAD -1 -static const char base64val[] = { - BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, - BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, - BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 62, BAD, BAD, BAD, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, - BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, BAD, BAD, BAD, BAD, BAD, - BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, BAD, BAD, BAD, BAD, BAD -}; +#define BAD -1 +static const char base64val[] = {BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 62, BAD, BAD, BAD, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, + BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, BAD, BAD, BAD, BAD, BAD, BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, BAD, BAD, BAD, BAD, BAD}; -#define DECODE64(c) (isascii(c) ? base64val[c] : BAD) +#define DECODE64(c) (isascii(c) ? base64val[c] : BAD) void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen) diff --git a/ntlm.h b/ntlm.h index 85f8f7f..3150536 100644 --- a/ntlm.h +++ b/ntlm.h @@ -2,75 +2,78 @@ Single file NTLM system to create and parse authentication messages. http://www.reversing.org - ilo-- ilo@reversing.org + ilo-- ilo@reversing.org - I did copy&paste&modify several files to leave independent NTLM code - that compile in cygwin/linux environment. Most of the code was ripped + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped from Samba implementation so I left the Copying statement. Samba core code was left unmodified from 1.9 version. Also libntlm was ripped but rewrote, due to fixed and useless interface. Copyright and licensing information is in ntlm.c file. - NTLM Interface, just two functions: + NTLM Interface, just two functions: - void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); - if flags is 0 minimun security level is selected, otherwise new value superseeds. - host and domain are optional, they may be NULLed. + void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, + char *domain); if flags is 0 minimun security level is selected, otherwise + new value superseeds. host and domain are optional, they may be NULLed. - void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host); + void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse + *response, long flags, char *user, char *password, char *domain, char *host); Given a challenge, generates a response for that user/passwd/host/domain. - flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication + flags, host, and domain superseeds given by server. Leave 0 and NULL for + server authentication - This is an usage sample: + This is an usage sample: - ... - //beware of fixed sized buffer, asserts may fail, don't use long strings :) - //Yes, I Know, year 2k6 and still with this shit.. - unsigned char buf[4096]; - unsigned char buf2[4096]; + ... + //beware of fixed sized buffer, asserts may fail, don't use long + strings :) + //Yes, I Know, year 2k6 and still with this shit.. + unsigned char buf[4096]; + unsigned char buf2[4096]; - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL); - to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2)); - send_to_server(buf); + //send auth request: let the server send it's own hostname and + domainname buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2)); + send_to_server(buf); - //receive challenge - receive_from_server(buf); + //receive challenge + receive_from_server(buf); - //build response with hostname and domainname from server - buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL); - to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2)); - send_to_server(buf); + //build response with hostname and domainname from server + buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2)); + send_to_server(buf); - //get reply and Check if ok - ... + //get reply and Check if ok + ... included bonus!!: Base64 code int32_t from64tobits(char *out, const char *in); - void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen); + void to64frombits(unsigned char *out, const unsigned char *in, int32_t + inlen); - You don't need to read the rest of the file. + You don't need to read the rest of the file. */ - -/* +/* * These structures are byte-order dependant, and should not * be manipulated except by the use of the routines provided */ #ifdef __sun - #include +#include #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) - #include +#include #else - #include +#include #endif typedef unsigned short uint16; @@ -105,7 +108,6 @@ typedef struct { uint32 bufIndex; } tSmbNtlmAuthChallenge; - typedef struct { char ident[8]; uint32 msgType; @@ -120,34 +122,33 @@ typedef struct { uint32 bufIndex; } tSmbNtlmAuthResponse; - -extern void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); +extern void buildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); /* reversing interface */ /* ntlm functions */ -void BuildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); +void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); -// if flags is 0 minimun security level is selected, otherwise new value superseeds. -// host and domain are optional, they may be NULLed. +// if flags is 0 minimun security level is selected, otherwise new value +// superseeds. host and domain are optional, they may be NULLed. +void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host); -void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domain, char *host); - -//Given a challenge, generates a response for that user/passwd/host/domain. -//flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication +// Given a challenge, generates a response for that user/passwd/host/domain. +// flags, host, and domain superseeds given by server. Leave 0 and NULL for +// server authentication /* Base64 code*/ int32_t from64tobits(char *out, const char *in); void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen); -void xor(char *out, char *in1, char *in2, int32_t n); +void xor (char *out, char *in1, char *in2, int32_t n); // info functions -void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); -void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); -void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); +void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request); +void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge); +void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response); void strupper(char *s); -#define SmbLength(ptr) (((ptr)->buffer - (uint8*)(ptr)) + (ptr)->bufIndex) +#define SmbLength(ptr) (((ptr)->buffer - (uint8 *)(ptr)) + (ptr)->bufIndex) diff --git a/performance.h b/performance.h index 10759f8..8fcced9 100644 --- a/performance.h +++ b/performance.h @@ -1,13 +1,13 @@ -#include -#include #include +#include +#include #include #include #include -#include +#include /* handles select errors */ -int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) { +int32_t my_select(int32_t fd, fd_set *fdread, fd_set *fdwrite, fd_set *fdex, long sec, long usec) { int32_t ret_val; struct timeval stv; fd_set *fdr2, *fdw2, *fde2; @@ -18,10 +18,12 @@ int32_t my_select(int32_t fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, fde2 = fdex; stv.tv_sec = sec; stv.tv_usec = usec; - if (debug > 1) printf("before select\n"); + if (debug > 1) + printf("before select\n"); ret_val = select(fd, fdr2, fdw2, fde2, &stv); - if (debug > 1) printf("after select\n"); - /* XXX select() sometimes returns errno=EINTR (signal found) */ + if (debug > 1) + printf("after select\n"); + /* XXX select() sometimes returns errno=EINTR (signal found) */ } while (ret_val == -1 && errno == EINTR); return ret_val; @@ -43,7 +45,7 @@ ssize_t read_safe(int32_t fd, void *buffer, size_t len) { tv.tv_sec = 0; tv.tv_usec = 250000; ret = select(fd + 1, &fr, 0, 0, &tv); - /* XXX select() sometimes return errno=EINTR (signal found) */ + /* XXX select() sometimes return errno=EINTR (signal found) */ } while (ret == -1 && errno == EINTR); if (ret < 0) { @@ -55,7 +57,7 @@ ssize_t read_safe(int32_t fd, void *buffer, size_t len) { } if (ret > 0) { - while ((r = read(fd, (char*) ((char*)buffer + total), toread))) { + while ((r = read(fd, (char *)((char *)buffer + total), toread))) { if (r == -1) { if (errno == EAGAIN) break; diff --git a/postgres_ext.h b/postgres_ext.h index 16ceadd..e5791d1 100644 --- a/postgres_ext.h +++ b/postgres_ext.h @@ -4,8 +4,9 @@ * postgres_ext.h * * This file contains declarations of things that are visible everywhere - * in PostgreSQL *and* are visible to clients of frontend interface libraries. - * For example, the Oid type is part of the API of libpq and other libraries. + * in PostgreSQL *and* are visible to clients of frontend interface + *libraries. For example, the Oid type is part of the API of libpq and other + *libraries. * * Declarations which are specific to a particular interface should * go in the header file for that interface (such as libpq-fe.h). This @@ -30,16 +31,15 @@ typedef uint32_t Oid; #ifdef __cplusplus -#define InvalidOid (Oid(0)) +#define InvalidOid (Oid(0)) #else -#define InvalidOid ((Oid) 0) +#define InvalidOid ((Oid)0) #endif -#define OID_MAX UINT_MAX +#define OID_MAX UINT_MAX /* you will need to include to use the above #define */ - /* * NAMEDATALEN is the max length for system identifiers (e.g. table names, * attribute names, function names, etc). It must be a multiple of @@ -49,21 +49,20 @@ typedef uint32_t Oid; */ #define NAMEDATALEN 64 - /* * Identifiers of error message fields. Kept here to keep common * between frontend and backend, and also to export them to libpq * applications. */ -#define PG_DIAG_SEVERITY 'S' -#define PG_DIAG_SQLSTATE 'C' -#define PG_DIAG_MESSAGE_PRIMARY 'M' -#define PG_DIAG_MESSAGE_DETAIL 'D' -#define PG_DIAG_MESSAGE_HINT 'H' +#define PG_DIAG_SEVERITY 'S' +#define PG_DIAG_SQLSTATE 'C' +#define PG_DIAG_MESSAGE_PRIMARY 'M' +#define PG_DIAG_MESSAGE_DETAIL 'D' +#define PG_DIAG_MESSAGE_HINT 'H' #define PG_DIAG_STATEMENT_POSITION 'P' -#define PG_DIAG_CONTEXT 'W' -#define PG_DIAG_SOURCE_FILE 'F' -#define PG_DIAG_SOURCE_LINE 'L' -#define PG_DIAG_SOURCE_FUNCTION 'R' +#define PG_DIAG_CONTEXT 'W' +#define PG_DIAG_SOURCE_FILE 'F' +#define PG_DIAG_SOURCE_LINE 'L' +#define PG_DIAG_SOURCE_FUNCTION 'R' #endif diff --git a/pw-inspector.c b/pw-inspector.c index 11afdc5..ffe93ac 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -1,38 +1,46 @@ -#include -#include -#include -#include #include #include +#include +#include +#include +#include -#define PROGRAM "PW-Inspector" -#define VERSION "v0.2" -#define EMAIL "vh@thc.org" -#define WEB "https://github.com/vanhauser-thc/thc-hydra" +#define PROGRAM "PW-Inspector" +#define VERSION "v0.2" +#define EMAIL "vh@thc.org" +#define WEB "https://github.com/vanhauser-thc/thc-hydra" -#define MAXLENGTH 256 +#define MAXLENGTH 256 char *prg; void help() { printf("%s %s (c) 2005 by van Hauser / THC %s [%s]\n\n", PROGRAM, VERSION, EMAIL, WEB); - printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -s\n\n", prg); + printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] " + "-l -u -n -p -s\n\n", + prg); printf("Options:\n"); printf(" -i FILE file to read passwords from (default: stdin)\n"); printf(" -o FILE file to write valid passwords to (default: stdout)\n"); printf(" -m MINLEN minimum length of a valid password\n"); printf(" -M MAXLEN maximum length of a valid password\n"); - printf(" -c MINSETS the minimum number of sets required (default: all given)\n"); + printf(" -c MINSETS the minimum number of sets required (default: all " + "given)\n"); printf("Sets:\n"); printf(" -l lowcase characters (a,b,c,d, etc.)\n"); printf(" -u upcase characters (A,B,C,D, etc.)\n"); printf(" -n numbers (1,2,3,4, etc.)\n"); - printf(" -p printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)\n"); - printf(" -s special characters - all others not within the sets above\n"); + printf(" -p printable characters (which are not -l/-n/-p, e.g. " + "$,!,/,(,*, etc.)\n"); + printf(" -s special characters - all others not within the sets " + "above\n"); printf("\n%s reads passwords in and prints those which meet the requirements.\n", PROGRAM); - printf("The return code is the number of valid passwords found, 0 if none was found.\n"); - printf("Use for security: check passwords, if 0 is returned, reject password choice.\n"); - printf("Use for hacking: trim your dictionary file to the pw requirements of the target.\n"); + printf("The return code is the number of valid passwords found, 0 if none " + "was found.\n"); + printf("Use for security: check passwords, if 0 is returned, reject password " + "choice.\n"); + printf("Use for hacking: trim your dictionary file to the pw requirements of " + "the target.\n"); printf("Usage only allowed for legal purposes.\n"); exit(-1); } @@ -137,7 +145,7 @@ int main(int argc, char *argv[]) { if (set_print) { j = 0; for (k = 0; k < strlen(buf); k++) - if (isprint((int32_t) buf[k]) != 0 && isalnum((int32_t) buf[k]) == 0) + if (isprint((int32_t)buf[k]) != 0 && isalnum((int32_t)buf[k]) == 0) j = 1; if (j) i++; @@ -145,7 +153,7 @@ int main(int argc, char *argv[]) { if (set_other) { j = 0; for (k = 0; k < strlen(buf); k++) - if (isprint((int32_t) buf[k]) == 0 && isalnum((int32_t) buf[k]) == 0) + if (isprint((int32_t)buf[k]) == 0 && isalnum((int32_t)buf[k]) == 0) j = 1; if (j) i++; @@ -156,7 +164,8 @@ int main(int argc, char *argv[]) { count++; } } - /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, minlen, maxlen, strlen(buf)); */ + /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, + * minlen, maxlen, strlen(buf)); */ } fclose(in); fclose(out); diff --git a/sasl.c b/sasl.c index ba08978..7470743 100644 --- a/sasl.c +++ b/sasl.c @@ -87,7 +87,7 @@ void sasl_plain(char *result, char *login, char *pass) { strcpy(result, preplogin); strcpy(result + strlen(preplogin) + 1, preplogin); strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); - hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); + hydra_tobase64((unsigned char *)result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); } free(preplogin); free(preppasswd); @@ -128,8 +128,8 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe } for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; @@ -182,8 +182,8 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) { memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe } for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; @@ -236,8 +236,8 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) { memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe } for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; @@ -285,10 +285,12 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * result = NULL; return; } -//DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess -//DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess -//warning some not well configured xmpp server is sending no realm -//DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess + // DEBUG S: + // nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess + // DEBUG S: + // nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess + // warning some not well configured xmpp server is sending no realm + // DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess pbuffer = buffer; do { currentpos++; @@ -309,7 +311,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } pbuffer++; } while ((pbuffer[0] > 31) && (ind < array_size)); -//save the latest one + // save the latest one if (ind < array_size) { array[ind] = malloc(currentpos + 1); strncpy(array[ind], buffer + lastpos, currentpos); @@ -317,18 +319,18 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * ind++; } for (i = 0; i < ind; i++) { -//removing space chars between comma separated value if any + // removing space chars between comma separated value if any while ((array[i] != NULL) && (array[i][0] == ' ')) { char *tmp = strdup(array[i]); - //memset(array[i], 0, sizeof(array[i])); + // memset(array[i], 0, sizeof(array[i])); strcpy(array[i], tmp + 1); free(tmp); } if (strstr(array[i], "nonce=") != NULL) { -//check if it contains double-quote + // check if it contains double-quote if (strstr(array[i], "\"") != NULL) { -//assume last char is also a double-quote + // assume last char is also a double-quote int32_t nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { @@ -351,7 +353,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } if (strstr(array[i], "realm=") != NULL) { if (strstr(array[i], "\"") != NULL) { -//assume last char is also a double-quote + // assume last char is also a double-quote int32_t realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { @@ -373,12 +375,11 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } } if (strstr(array[i], "qop=") != NULL) { - -/* -The value "auth" indicates authentication; the value "auth-int32_t" indicates -authentication with integrity protection; the value "auth-conf" -indicates authentication with integrity protection and encryption. -*/ + /* + The value "auth" indicates authentication; the value "auth-int32_t" + indicates authentication with integrity protection; the value "auth-conf" + indicates authentication with integrity protection and encryption. + */ auth_find = 1; if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { int32_t j; @@ -386,14 +387,15 @@ indicates authentication with integrity protection and encryption. for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); + hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only " + "authentication is not supported by server\n"); result = NULL; return; } } if (strstr(array[i], "algorithm=") != NULL) { if (strstr(array[i], "\"") != NULL) { -//assume last char is also a double-quote + // assume last char is also a double-quote int32_t algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { @@ -405,7 +407,8 @@ indicates authentication with integrity protection and encryption. for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); + hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could " + "not be extracted\n"); result = NULL; return; } @@ -428,24 +431,25 @@ indicates authentication with integrity protection and encryption. array[i] = NULL; } if (!strlen(algo)) { -//assuming by default algo is MD5 + // assuming by default algo is MD5 memset(algo, 0, sizeof(algo)); strcpy(algo, "MD5"); } -//xmpp case, some xmpp server is not sending the realm so we have to set it up + // xmpp case, some xmpp server is not sending the realm so we have to set it + // up if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) snprintf(realm, sizeof(realm), "%s", miscptr); -//compute ha1 -//support for algo = MD5 + // compute ha1 + // support for algo = MD5 snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); -//for MD5-sess + // for MD5-sess if (strstr(algo, "5-sess") != NULL) { - buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*! + buffer[0] = 0; // memset(buffer, 0, sizeof(buffer)); => buffer is char*! -/* per RFC 2617 Errata ID 1649 */ + /* per RFC 2617 Errata ID 1649 */ if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { memset(buffer3, 0, sizeof(buffer3)); pbuffer = buffer3; @@ -468,24 +472,24 @@ indicates authentication with integrity protection and encryption. sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } -//compute ha2 -//proxy case + // compute ha2 + // proxy case if (strstr(type, "proxy") != NULL) sprintf(buffer, "%s:%s", "HEAD", miscptr); else -//http case - if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) + // http case + if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) sprintf(buffer, "%s:%s", type, miscptr); else -//sip case - if (strstr(type, "sip") != NULL) + // sip case + if (strstr(type, "sip") != NULL) sprintf(buffer, "REGISTER:%s:%s", type, miscptr); else -//others - if (strstr(type, "rtsp") != NULL) + // others + if (strstr(type, "rtsp") != NULL) sprintf(buffer, "DESCRIBE:%s://%s:%i", type, webtarget, port); else -//others + // others sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); MD5_Init(&md5c); @@ -496,7 +500,7 @@ indicates authentication with integrity protection and encryption. sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } -//compute response + // compute response if (!auth_find) snprintf(buffer, 500, "%s:%s", nonce, buffer2); else @@ -511,35 +515,58 @@ indicates authentication with integrity protection and encryption. sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } -//create the auth response + // create the auth response if (strstr(type, "proxy") != NULL) { snprintf(result, 500, - "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", " + "realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", " + "nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); } else { - if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || - (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { - snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, - nonce, algo, type, realm, buffer); + if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { + snprintf(result, 500, + "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=" + "00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", + preplogin, realm, nonce, algo, type, realm, buffer); } else { if (strstr(type, "sip") != NULL) { - snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); + snprintf(result, 500, + "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\"," + "response=%s", + preplogin, realm, nonce, type, realm, buffer); } else { if (strstr(type, "rtsp") != NULL) { - snprintf(result, 500, "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s://%s:%i\", response=\"%s\"\r\n", preplogin, realm, nonce, type, webtarget, port, buffer); + snprintf(result, 500, + "username=\"%s\", realm=\"%s\", nonce=\"%s\", " + "uri=\"%s://%s:%i\", response=\"%s\"\r\n", + preplogin, realm, nonce, type, webtarget, port, buffer); } else { if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) snprintf(result, 500, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: " + "Digest username=\"%s\", realm=\"%s\", response=\"%s\", " + "nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, " + "qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: " + "keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) snprintf(result, 500, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: " + "Digest username=\"%s\", realm=\"%s\", response=\"%s\", " + "nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, " + "qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); else snprintf(result, 500, - "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest " + "username=\"%s\", realm=\"%s\", response=\"%s\", " + "nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, " + "qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); } } @@ -579,10 +606,10 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha return; } -/*client-final-message */ + /*client-final-message */ if (debug) hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); -//r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 + // r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 if (strstr(serverfirstmessage, "r=") == NULL) { hydra_report(stderr, "Error: Can't understand server message\n"); free(preppasswd); @@ -592,7 +619,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); buffer[sizeof(buffer) - 1] = '\0'; nonce = strtok(buffer, ","); -//continue to search from the previous successful call + // continue to search from the previous successful call salt = strtok(NULL, ","); ic = strtok(NULL, ","); iter = atoi(ic + 2); @@ -611,7 +638,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha return; } if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) -//s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= + // s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= strcpy(buffer, salt + 2); else { hydra_report(stderr, "Error: Could not identify server salt value\n"); @@ -620,9 +647,9 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha return; } -/* SaltedPassword := Hi(Normalize(password), salt, i) */ - saltlen = from64tobits((char *) salt, buffer); - if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { + /* SaltedPassword := Hi(Normalize(password), salt, i) */ + saltlen = from64tobits((char *)salt, buffer); + if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *)salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); free(preppasswd); result = NULL; @@ -631,18 +658,18 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha /* ClientKey := HMAC(SaltedPassword, "Client Key") */ #define CLIENT_KEY "Client Key" - HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); + HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *)CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); -/* StoredKey := H(ClientKey) */ - SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); + /* StoredKey := H(ClientKey) */ + SHA1((const unsigned char *)ClientKey, SHA_DIGEST_LENGTH, StoredKey); -/* ClientSignature := HMAC(StoredKey, AuthMessage) */ + /* ClientSignature := HMAC(StoredKey, AuthMessage) */ snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); - HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); + HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *)AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); -/* ClientProof := ClientKey XOR ClientSignature */ - xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); - to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); + /* ClientProof := ClientKey XOR ClientSignature */ + xor(ClientProof, (char *)ClientKey, (char *)ClientSignature, 20); + to64frombits(clientproof_b64, (const unsigned char *)ClientProof, 20); snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); if (debug) hydra_report(stderr, "DEBUG C: %s\n", result); diff --git a/sasl.h b/sasl.h index 459a5ab..01da091 100644 --- a/sasl.h +++ b/sasl.h @@ -1,8 +1,8 @@ +#include "hydra-mod.h" +#include "ntlm.h" #include #include -#include "ntlm.h" -#include "hydra-mod.h" #define AUTH_ERROR -1 #define AUTH_CLEAR 0 @@ -28,10 +28,7 @@ #endif #endif -typedef enum { - SASL_ALLOW_UNASSIGNED = 1 -} sasl_saslprep_flags; - +typedef enum { SASL_ALLOW_UNASSIGNED = 1 } sasl_saslprep_flags; int32_t print_hex(unsigned char *buf, int32_t len); @@ -39,9 +36,9 @@ void sasl_plain(char *result, char *login, char *pass); int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #ifdef LIBOPENSSL +#include #include #include -#include void sasl_cram_md5(char *result, char *pass, char *challenge); void sasl_cram_sha1(char *result, char *pass, char *challenge); From 0b093e67c4094616e96625dafb7423866dddc6c6 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 17 Feb 2020 09:44:26 +0100 Subject: [PATCH 077/332] remove carriage returns in lines (pw-inspector) --- pw-inspector.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pw-inspector.c b/pw-inspector.c index ffe93ac..2f53e05 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -130,6 +130,8 @@ int main(int argc, char *argv[]) { continue; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; if (strlen(buf) >= minlen && strlen(buf) <= maxlen) { i = 0; if (countsets > 0) { From 5b6fc88428102ca5aa68f15660c747d07cc944f9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 17 Feb 2020 10:39:17 +0100 Subject: [PATCH 078/332] fixed crash in rtsp module --- CHANGES | 1 + hydra-http-proxy-urlenum.c | 6 ++-- hydra-http-proxy.c | 6 ++-- hydra-http.c | 6 ++-- hydra-imap.c | 22 ++++++++------ hydra-ldap.c | 10 +++---- hydra-nntp.c | 12 ++++---- hydra-pop3.c | 18 +++++++----- hydra-rtsp.c | 7 ++--- hydra-sip.c | 5 ++-- hydra-smtp.c | 12 ++++---- hydra-xmpp.c | 16 +++++----- sasl.c | 60 +++++++++++++++++++++----------------- sasl.h | 12 ++++---- 14 files changed, 107 insertions(+), 86 deletions(-) diff --git a/CHANGES b/CHANGES index 3979a1d..9b7c11f 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ Changelog for hydra Release 9.1-dev * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) +* rtsp: fixed crash in MD5 auth * svn: updated to support past and new API * http module now supports F=/S= string matching conditions (thanks to poucz@github) * changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ... diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 2f00ae5..434b4e4 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -170,7 +170,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha } else { #ifdef LIBOPENSSL if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { - char *pbuffer; + char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); @@ -178,8 +178,8 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha buffer[sizeof(buffer) - 1] = '\0'; pbuffer = buffer2; - sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header); - if (pbuffer == NULL) + result = sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (result == NULL) return 3; if (debug) diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 0e07d9b..fa5638c 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -179,7 +179,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } else { #ifdef LIBOPENSSL if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { - char *pbuffer; + char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); @@ -188,8 +188,8 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option pbuffer = NULL; fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (result == NULL) return 3; if (debug) diff --git a/hydra-http.c b/hydra-http.c index a1868bf..a269e71 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -76,15 +76,15 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL case AUTH_DIGESTMD5: { - char *pbuffer; + char *pbuffer, *result; pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1); buffer[buffer_size - 1] = '\0'; fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); - if (fooptr == NULL) { + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); + if (result == NULL) { free(buffer); free(header); return 3; diff --git a/hydra-imap.c b/hydra-imap.c index b93fc6e..20d1ea1 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -41,7 +41,7 @@ char *imap_read_server_capacity(int32_t sock) { } int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = ""; + char *empty = "", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -104,7 +104,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer2, 0, sizeof(buffer2)); - sasl_plain(buffer2, login, pass); + result = sasl_plain(buffer2, login, pass); + if (result == NULL) return 3; sprintf(buffer, "%.250s\r\n", buffer2); break; @@ -161,15 +162,18 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (imap_auth_mechanism) { case AUTH_CRAMMD5: { - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA1: { - sasl_cram_sha1(buffer2, pass, buffer); + result = sasl_cram_sha1(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA256: { - sasl_cram_sha256(buffer2, pass, buffer); + result = sasl_cram_sha256(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; } @@ -202,8 +206,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); + if (result == NULL) return 3; if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer2); @@ -262,8 +266,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer2, 0, sizeof(buffer2)); fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { + result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (result == NULL) { hydra_report(stderr, "[ERROR] Can't compute client response\n"); return 1; } diff --git a/hydra-ldap.c b/hydra-ldap.c index 4f79365..9e6f9cd 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -8,7 +8,7 @@ int32_t counter; int32_t tls_required = 0; int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char version, int32_t auth_method) { - char *empty = ""; + char *empty = "", *result = NULL; char *login = "", *pass, *fooptr = ""; unsigned char buffer[512]; int32_t length = 0; @@ -123,8 +123,8 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha ptr = strstr((char *)buf, "<"); fooptr = buf2; - sasl_cram_md5(fooptr, pass, ptr); - if (fooptr == NULL) + result = sasl_cram_md5(fooptr, pass, ptr); + if (result == NULL) return 1; counter++; if (strstr(miscptr, "^USER^") != NULL) { @@ -180,8 +180,8 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha } fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); - if (fooptr == NULL) { + result = sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); + if (result == NULL) { free(buf); return 3; } diff --git a/hydra-nntp.c b/hydra-nntp.c index c3622c2..c06a7ac 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -48,7 +48,7 @@ char *nntp_read_server_capacity(int32_t sock) { } int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = "\"\""; + char *empty = "\"\"", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr; int32_t i = 1; @@ -112,7 +112,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); + result = sasl_plain(buffer, login, pass); + if (result == NULL) return 3; char tmp_buffer[sizeof(buffer)]; sprintf(tmp_buffer, "%.250s\r\n", buffer); @@ -147,7 +148,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); @@ -178,8 +180,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); + if (result == NULL) return 3; if (debug) diff --git a/hydra-pop3.c b/hydra-pop3.c index 78f29bc..2b453c1 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -118,7 +118,7 @@ char *pop3_read_server_capacity(int32_t sock) { } int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = "\"\""; + char *empty = "\"\"", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -202,7 +202,8 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); + result = sasl_plain(buffer, login, pass); + if (result == NULL) return 3; char tmp_buffer[sizeof(buffer)]; sprintf(tmp_buffer, "%.250s\r\n", buffer); @@ -263,15 +264,18 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (p->pop3_auth_mechanism) { case AUTH_CRAMMD5: { - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA1: { - sasl_cram_sha1(buffer2, pass, buffer); + result = sasl_cram_sha1(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA256: { - sasl_cram_sha256(buffer2, pass, buffer); + result = sasl_cram_sha256(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; } @@ -304,8 +308,8 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha hydra_report(stderr, "[DEBUG] S: %s\n", buffer); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); + if (result == NULL) return 3; if (debug) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 5eb4166..1bc6f4d 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -116,22 +116,21 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } } else { if (use_Digest_Auth(lresp) == 1) { - char *dbuf = NULL; - char aux[500] = ""; + char aux[500] = "", dbuf[500] = "", *result = NULL; char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); aux[sizeof(aux) - 1] = '\0'; free(lresp); #ifdef LIBOPENSSL - sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); + result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); #else hydra_report(stderr, "[ERROR] Digest auth required but compiled " "without OpenSSL/MD5 support\n"); return 3; #endif - if (dbuf == NULL) { + if (result == NULL) { hydra_report(stderr, "[ERROR] digest generation failed\n"); return 3; } diff --git a/hydra-sip.c b/hydra-sip.c index eab654e..954d03c 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -48,7 +48,7 @@ int32_t get_sip_code(char *buf) { } int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE *fp) { - char *login, *pass, *host, buffer[SIP_MAX_BUF]; + char *login, *pass, *host, buffer[SIP_MAX_BUF], *result = NULL; int32_t i; char buf[SIP_MAX_BUF]; @@ -138,7 +138,8 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u hydra_report(stderr, "[INFO] S: %s\n", buf); char buffer2[512]; - sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); + result = sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); + if (result == NULL) return 3; memset(buffer, 0, SIP_MAX_BUF); snprintf(buffer, SIP_MAX_BUF, diff --git a/hydra-smtp.c b/hydra-smtp.c index 97b2bab..f6f1ac2 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -37,7 +37,7 @@ char *smtp_read_server_capacity(int32_t sock) { } int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = ""; + char *empty = "", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf; if (strlen(login = hydra_get_next_login()) == 0) @@ -67,7 +67,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); + result = sasl_plain(buffer, login, pass); + if (result == NULL) return 3; char tmp_buffer[sizeof(buffer)]; sprintf(tmp_buffer, "%.250s\r\n", buffer); @@ -102,7 +103,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); @@ -135,8 +137,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); + if (result == NULL) return 3; if (debug) diff --git a/hydra-xmpp.c b/hydra-xmpp.c index aa4ea2f..dd7c2f9 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -13,7 +13,7 @@ char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http:/ "version='1.0'>"; int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = "\"\""; + char *empty = "\"\"", *result = NULL; char *login, *pass, buffer[500], buffer2[500]; char *AUTH_STR = ""; @@ -125,7 +125,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL case AUTH_PLAIN: { memset(buffer2, 0, sizeof(buffer)); - sasl_plain(buffer2, login, pass); + result = sasl_plain(buffer2, login, pass); + if (result == NULL) return 3; sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer); @@ -136,7 +137,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha char *preplogin; memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { @@ -156,8 +158,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha case AUTH_DIGESTMD5: { memset(buffer2, 0, sizeof(buffer2)); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); - if (fooptr == NULL) { + result = sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); + if (result == NULL) { free(buf); return 3; } @@ -217,8 +219,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer2, 0, sizeof(buffer2)); fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { + result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (result == NULL) { hydra_report(stderr, "[ERROR] Can't compute client response\n"); free(buf); return 1; diff --git a/sasl.c b/sasl.c index 7470743..1a421b1 100644 --- a/sasl.c +++ b/sasl.c @@ -68,20 +68,20 @@ sasl_plain computes the plain authentication from strings login and password and stored the value in variable result the first parameter result must be able to hold at least 255 bytes! */ -void sasl_plain(char *result, char *login, char *pass) { +char *sasl_plain(char *result, char *login, char *pass) { char *preplogin; char *preppasswd; int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { result = NULL; - return; + return result; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { free(preplogin); result = NULL; - return; + return result; } if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { strcpy(result, preplogin); @@ -91,6 +91,7 @@ void sasl_plain(char *result, char *login, char *pass) { } free(preplogin); free(preppasswd); + return result; } #ifdef LIBOPENSSL @@ -102,7 +103,7 @@ and the challenge sent by the server, and stored the value in variable result the parameter result must be able to hold at least 100 bytes! */ -void sasl_cram_md5(char *result, char *pass, char *challenge) { +char *sasl_cram_md5(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char md5_raw[MD5_DIGEST_LENGTH]; @@ -112,12 +113,12 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { if (challenge == NULL) { result = NULL; - return; + return result; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); @@ -148,6 +149,7 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { result += 2; } free(preppasswd); + return result; } /* @@ -156,7 +158,7 @@ and the challenge sent by the server, and stored the value in variable result the parameter result must be able to hold at least 100 bytes! */ -void sasl_cram_sha1(char *result, char *pass, char *challenge) { +char *sasl_cram_sha1(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char sha1_raw[SHA_DIGEST_LENGTH]; @@ -166,12 +168,12 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) { if (challenge == NULL) { result = NULL; - return; + return result; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); @@ -202,6 +204,7 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) { result += 2; } free(preppasswd); + return result; } /* @@ -210,7 +213,7 @@ and the challenge sent by the server, and stored the value in variable result the parameter result must be able to hold at least 100 bytes! */ -void sasl_cram_sha256(char *result, char *pass, char *challenge) { +char *sasl_cram_sha256(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; @@ -220,14 +223,14 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) { if (challenge == NULL) { result = NULL; - return; + return result; } memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } if (strlen(preppasswd) >= 64) { SHA256_Init(&sha256c); @@ -256,13 +259,14 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) { result += 2; } free(preppasswd); + return result; } /* RFC 2831: Using Digest Authentication as a SASL Mechanism the parameter result must be able to hold at least 500 bytes!! */ -void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header) { +char *sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header) { char *pbuffer = NULL; int32_t array_size = 10; unsigned char response[MD5_DIGEST_LENGTH]; @@ -277,13 +281,13 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * memset(realm, 0, sizeof(realm)); if (rc) { result = NULL; - return; + return result; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { free(preplogin); result = NULL; - return; + return result; } // DEBUG S: // nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess @@ -344,7 +348,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); result = NULL; - return; + return result; } } else { strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); @@ -367,7 +371,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * free(array[i]); hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); result = NULL; - return; + return result; } } else { strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); @@ -390,7 +394,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only " "authentication is not supported by server\n"); result = NULL; - return; + return result; } } if (strstr(array[i], "algorithm=") != NULL) { @@ -410,7 +414,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could " "not be extracted\n"); result = NULL; - return; + return result; } } else { strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); @@ -424,7 +428,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); result = NULL; - return; + return result; } } free(array[i]); @@ -575,6 +579,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } free(preplogin); free(preppasswd); + return result; } /* @@ -584,7 +589,7 @@ I want to thx Simon Josefsson for his public server test, and my girlfriend that let me work on that 2 whole nights ;) clientfirstmessagebare must be at least 500 bytes in size! */ -void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { +char *sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { int32_t saltlen = 0; int32_t iter = 4096; char *salt, *nonce, *ic; @@ -603,7 +608,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha if (rc) { result = NULL; - return; + return result; } /*client-final-message */ @@ -614,7 +619,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Can't understand server message\n"); free(preppasswd); result = NULL; - return; + return result; } strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); buffer[sizeof(buffer) - 1] = '\0'; @@ -627,7 +632,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Can't understand server response\n"); free(preppasswd); result = NULL; - return; + return result; } if ((nonce != NULL) && (strlen(nonce) > 2)) snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); @@ -635,7 +640,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Could not identify server nonce value\n"); free(preppasswd); result = NULL; - return; + return result; } if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) // s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= @@ -644,7 +649,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Could not identify server salt value\n"); free(preppasswd); result = NULL; - return; + return result; } /* SaltedPassword := Hi(Normalize(password), salt, i) */ @@ -653,7 +658,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); free(preppasswd); result = NULL; - return; + return result; } /* ClientKey := HMAC(SaltedPassword, "Client Key") */ @@ -674,5 +679,6 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha if (debug) hydra_report(stderr, "DEBUG C: %s\n", result); free(preppasswd); + return result; } #endif diff --git a/sasl.h b/sasl.h index 01da091..e42299f 100644 --- a/sasl.h +++ b/sasl.h @@ -32,7 +32,7 @@ typedef enum { SASL_ALLOW_UNASSIGNED = 1 } sasl_saslprep_flags; int32_t print_hex(unsigned char *buf, int32_t len); -void sasl_plain(char *result, char *login, char *pass); +char* sasl_plain(char *result, char *login, char *pass); int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #ifdef LIBOPENSSL @@ -40,9 +40,9 @@ int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #include #include -void sasl_cram_md5(char *result, char *pass, char *challenge); -void sasl_cram_sha1(char *result, char *pass, char *challenge); -void sasl_cram_sha256(char *result, char *pass, char *challenge); -void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header); -void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); +char* sasl_cram_md5(char *result, char *pass, char *challenge); +char* sasl_cram_sha1(char *result, char *pass, char *challenge); +char* sasl_cram_sha256(char *result, char *pass, char *challenge); +char* sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header); +char* sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); #endif From 90bbde1be8f951e42c049765049ea8f490b0c1b7 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 17 Feb 2020 11:16:51 +0100 Subject: [PATCH 079/332] clarify license --- README.md | 3 +++ hydra-imap.c | 12 ++++++++---- hydra-nntp.c | 6 ++++-- hydra-pop3.c | 12 ++++++++---- hydra-sip.c | 3 ++- hydra-smtp.c | 6 ++++-- hydra-xmpp.c | 6 ++++-- hydra.c | 17 +++++++++-------- sasl.h | 12 ++++++------ 9 files changed, 48 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index f2edcfb..fa214d9 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,9 @@ Please do not use in military or secret service organizations, or for illegal purposes. + (This is the wish of the author and non-binding. Many people working + in these organizations do not care for laws and ethics anyways. + You are not one of the "good" ones if you ignore this.) diff --git a/hydra-imap.c b/hydra-imap.c index 20d1ea1..f84e9fb 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -105,7 +105,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer2, 0, sizeof(buffer2)); result = sasl_plain(buffer2, login, pass); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%.250s\r\n", buffer2); break; @@ -163,17 +164,20 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (imap_auth_mechanism) { case AUTH_CRAMMD5: { result = sasl_cram_md5(buffer2, pass, buffer); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA1: { result = sasl_cram_sha1(buffer2, pass, buffer); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA256: { result = sasl_cram_sha256(buffer2, pass, buffer); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; } diff --git a/hydra-nntp.c b/hydra-nntp.c index c06a7ac..8531356 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -113,7 +113,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer, 0, sizeof(buffer)); result = sasl_plain(buffer, login, pass); - if (result == NULL) return 3; + if (result == NULL) + return 3; char tmp_buffer[sizeof(buffer)]; sprintf(tmp_buffer, "%.250s\r\n", buffer); @@ -149,7 +150,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer2, 0, sizeof(buffer2)); result = sasl_cram_md5(buffer2, pass, buffer); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); diff --git a/hydra-pop3.c b/hydra-pop3.c index 2b453c1..acd6c2e 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -203,7 +203,8 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer, 0, sizeof(buffer)); result = sasl_plain(buffer, login, pass); - if (result == NULL) return 3; + if (result == NULL) + return 3; char tmp_buffer[sizeof(buffer)]; sprintf(tmp_buffer, "%.250s\r\n", buffer); @@ -265,17 +266,20 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (p->pop3_auth_mechanism) { case AUTH_CRAMMD5: { result = sasl_cram_md5(buffer2, pass, buffer); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA1: { result = sasl_cram_sha1(buffer2, pass, buffer); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA256: { result = sasl_cram_sha256(buffer2, pass, buffer); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; } diff --git a/hydra-sip.c b/hydra-sip.c index 954d03c..6be4d93 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -139,7 +139,8 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u char buffer2[512]; result = sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); - if (result == NULL) return 3; + if (result == NULL) + return 3; memset(buffer, 0, SIP_MAX_BUF); snprintf(buffer, SIP_MAX_BUF, diff --git a/hydra-smtp.c b/hydra-smtp.c index f6f1ac2..dc6e54a 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -68,7 +68,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer, 0, sizeof(buffer)); result = sasl_plain(buffer, login, pass); - if (result == NULL) return 3; + if (result == NULL) + return 3; char tmp_buffer[sizeof(buffer)]; sprintf(tmp_buffer, "%.250s\r\n", buffer); @@ -104,7 +105,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer2, 0, sizeof(buffer2)); result = sasl_cram_md5(buffer2, pass, buffer); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); diff --git a/hydra-xmpp.c b/hydra-xmpp.c index dd7c2f9..fe0a2f0 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -126,7 +126,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha case AUTH_PLAIN: { memset(buffer2, 0, sizeof(buffer)); result = sasl_plain(buffer2, login, pass); - if (result == NULL) return 3; + if (result == NULL) + return 3; sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer); @@ -138,7 +139,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer2, 0, sizeof(buffer2)); result = sasl_cram_md5(buffer2, pass, buffer); - if (result == NULL) return 3; + if (result == NULL) + return 3; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { diff --git a/hydra.c b/hydra.c index 0ea27cc..6952542 100644 --- a/hydra.c +++ b/hydra.c @@ -3,8 +3,9 @@ * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. - * Don't use in military or secret service organizations, or for illegal - * purposes. + * Please don't use in military or secret service organizations, or for illegal + * purposes. This is a wish and is non-binding. + * If you ignore this be sure you are not a good person though. * * License: GNU AFFERO GENERAL PUBLIC LICENSE v3.0, see LICENSE file */ @@ -551,11 +552,11 @@ void help(int32_t ext) { "module help)\n"); PRINT_NORMAL(ext, "\nSupported services: %s\n" - "\n%s is a tool to guess/crack valid login/password pairs. " - "Licensed under AGPL\n" - "v3.0. The newest version is always available at %s\n" - "Don't use in military or secret service organizations, or for " - "illegal purposes.\n", + "\n%s is a tool to guess/crack valid login/password pairs.\n" + "Licensed under AGPL v3.0. The newest version is always available at;\n%s\n" + "Please don't use in military or secret service organizations, or for illegal\n" + "purposes. (This is a wish and non-binding - most such people do not care about\n" + "laws and ethics anyway - and tell themselves they are one of the good ones.)\n", SERVICES, PROGRAM, RESOURCE); if (ext && strlen(unsupported) > 0) { @@ -2151,7 +2152,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in *ipv4 = NULL; printf("%s %s (c) 2020 by %s & %s - Please do not use in military or secret " - "service organizations, or for illegal purposes.\n\n", + "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP SERVICES = hydra_string_replace(SERVICES, "afp ", ""); diff --git a/sasl.h b/sasl.h index e42299f..4e12e31 100644 --- a/sasl.h +++ b/sasl.h @@ -32,7 +32,7 @@ typedef enum { SASL_ALLOW_UNASSIGNED = 1 } sasl_saslprep_flags; int32_t print_hex(unsigned char *buf, int32_t len); -char* sasl_plain(char *result, char *login, char *pass); +char *sasl_plain(char *result, char *login, char *pass); int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #ifdef LIBOPENSSL @@ -40,9 +40,9 @@ int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #include #include -char* sasl_cram_md5(char *result, char *pass, char *challenge); -char* sasl_cram_sha1(char *result, char *pass, char *challenge); -char* sasl_cram_sha256(char *result, char *pass, char *challenge); -char* sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header); -char* sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); +char *sasl_cram_md5(char *result, char *pass, char *challenge); +char *sasl_cram_sha1(char *result, char *pass, char *challenge); +char *sasl_cram_sha256(char *result, char *pass, char *challenge); +char *sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header); +char *sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); #endif From 4fd33e8ca277e02ff2c3c1cc8ecd6075a98fafa1 Mon Sep 17 00:00:00 2001 From: xambroz Date: Tue, 3 Mar 2020 17:37:12 +0100 Subject: [PATCH 080/332] Consider the /usr/include/firebird/ path for fb For example on the Fedora 31 the path for the firebird include ibase.h is /usr/include/firebird/ibase. This patch should also consider the firebird subdirectory inside the regular include directory. --- configure | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure b/configure index 9cec404..4c4079d 100755 --- a/configure +++ b/configure @@ -627,6 +627,9 @@ for i in $INCDIRS ; do if [ -f "$i/ibase.h" ]; then FIREBIRD_IPATH="$i" fi + if [ -f "$i/firebird/ibase.h" ]; then + FIREBIRD_IPATH="$i/firebird" + fi fi done if [ "X" != "X$DEBUG" ]; then From b0fc44daa2639cfe8ea26f20a72e2aa547826aba Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 10 Mar 2020 09:53:27 +0100 Subject: [PATCH 081/332] update todo and bfg too many entries message --- TODO | 5 +++++ bfg.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/TODO b/TODO index 8d798f6..06bf3f9 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,9 @@ +./configure: + - add test for -march=native + +--- this is old --- + Prio 1: * add cookie support to hydra-http.c * hydra-smb more than 1 connection? diff --git a/bfg.c b/bfg.c index 3479268..88580fe 100644 --- a/bfg.c +++ b/bfg.c @@ -191,7 +191,7 @@ uint64_t bf_get_pcount() { count += (pow((double)bf_options.crs_len, (double)i)); if (count >= 0xffffffff) { fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) " - "generates more than 4 billion passwords\n"); + "generates more than 4 billion passwords - this is not a bug in the program, it is just not feasible to try so many attempts. Try a calculator how long that would take. duh.\n"); exit(-1); } From 88637abe26e1b5cced945038c831a7cad654ea4a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 1 Apr 2020 12:26:28 +0200 Subject: [PATCH 082/332] fix typo --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 6952542..05e7450 100644 --- a/hydra.c +++ b/hydra.c @@ -3353,7 +3353,7 @@ int main(int argc, char *argv[]) { // script kiddie patch if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, ".outlook.com") != NULL || hydra_strcasestr(hydra_options.server, ".hotmail.com") != NULL || hydra_strcasestr(hydra_options.server, ".yahoo.") != NULL || hydra_strcasestr(hydra_options.server, ".gmx.") != NULL || hydra_strcasestr(hydra_options.server, ".web.de") != NULL || hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) { fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and " - "hydra detection and sends false positives. You are not " + "hydra detection and send false positives. You are not " "doing anything illegal right?!\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); From 7b053d71649b0abd358eb599b3b4b27f6d7ab7d6 Mon Sep 17 00:00:00 2001 From: GitAntoinee Date: Wed, 1 Apr 2020 15:52:47 +0200 Subject: [PATCH 083/332] Add optional option to skip pre-request --- hydra-http-form.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index 324fe6a..efe81ff 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -434,6 +434,16 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":")); miscptr = ptr; break; + case 'g': // fall through + case 'G': + ptr = miscptr + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + getcookie = 0; + miscptr = ptr; + break; case 'h': // add a new header at the end ptr = miscptr + 2; From bea3cf2bd13dd2fcf9116b4cb411c332f2e2f1cc Mon Sep 17 00:00:00 2001 From: GitAntoinee Date: Wed, 1 Apr 2020 15:58:00 +0200 Subject: [PATCH 084/332] Update help --- hydra-http-form.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index efe81ff..722a24a 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1439,6 +1439,7 @@ void usage_http_form(const char *service) { "The following parameters are optional:\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" + " (g|G)=optional to skip pre-request\n" " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each " "request\n" " ^USER[64]^ and ^PASS[64]^ can also be put into these " From 47f24cb2560631d2eceabaf4394ecf26743ceee1 Mon Sep 17 00:00:00 2001 From: Antoine <52006497+GitAntoinee@users.noreply.github.com> Date: Wed, 1 Apr 2020 17:37:44 +0200 Subject: [PATCH 085/332] Update help --- hydra-http-form.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 722a24a..e851d97 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1439,7 +1439,7 @@ void usage_http_form(const char *service) { "The following parameters are optional:\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" - " (g|G)=optional to skip pre-request\n" + " (g|G)= skip pre-requests - only use this when no pre-cookies are required\n" " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each " "request\n" " ^USER[64]^ and ^PASS[64]^ can also be put into these " From f0424742e36bb6ef6ab96371c5082b7185d1c591 Mon Sep 17 00:00:00 2001 From: GitAntoinee Date: Wed, 1 Apr 2020 21:10:48 +0200 Subject: [PATCH 086/332] Fix indentation in help --- hydra-http-form.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 722a24a..eb5a4ce 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1439,7 +1439,7 @@ void usage_http_form(const char *service) { "The following parameters are optional:\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" - " (g|G)=optional to skip pre-request\n" + " (g|G)= skip pre-requests - only use this when no pre-cookies are required\n" " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each " "request\n" " ^USER[64]^ and ^PASS[64]^ can also be put into these " From 4e45f85fbbfd2dda8da663beae603308751a0b03 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Wed, 8 Apr 2020 21:32:48 +0100 Subject: [PATCH 087/332] improved compatibility when null sessions fail --- hydra-smb2.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hydra-smb2.c b/hydra-smb2.c index c603d63..a09490d 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -131,6 +131,14 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { smbc_free_context(ctx, 1); return true; break; + case EPERM: + // Probably this means access denied inspite of mention above + // about being related to wrong workgroup. I have observed + // libsmbclient emitting this when connecting to a vanilla install + // of Windows 2019 server (non-domain) with wrong credentials. It + // appears related to a fallback null session being rejected after + // the library tries with provided credentials. If the null + // session is accepted, EACCES is returned. case EACCES: // 100% access denied break; From dea22d3e7e0af96cceda8c530b790d7e19a8b432 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 25 Apr 2020 18:03:24 +0200 Subject: [PATCH 088/332] tiny fix --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 05e7450..5e1dd87 100644 --- a/hydra.c +++ b/hydra.c @@ -237,7 +237,7 @@ extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize); extern char *hydra_string_replace(const char *string, const char *substr, const char *replacement); extern char *hydra_address2string(char *address); extern char *hydra_address2string_beautiful(char *address); -extern int32_t colored_output; +extern uint32_t colored_output; extern char quiet; extern int32_t do_retry; extern int32_t old_ssl; From e2dc1d51095d407580e6a0dfca7e7aa9fd7cb423 Mon Sep 17 00:00:00 2001 From: maaaaz Date: Sun, 26 Apr 2020 06:44:12 -0400 Subject: [PATCH 089/332] libfreerdp2 and libwinpr2 fix in configure --- configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 4c4079d..70bb5f2 100755 --- a/configure +++ b/configure @@ -1025,7 +1025,7 @@ echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*. for i in $LIBDIRS ; do if [ "X" = "X$FREERDP2_PATH" ]; then - if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" ]; then + if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" -o -f "$i/libfreerdp2.dll.a" ]; then FREERDP2_PATH="$i" fi fi @@ -1056,7 +1056,7 @@ echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*. fi fi if [ "X" = "X$WINPR2_PATH" ]; then - TMP_LIB=`/bin/ls $i/winpr.dll* 2> /dev/null | grep winpr` + TMP_LIB=`/bin/ls $i/libwinpr2.dll.a 2> /dev/null | grep winpr` if [ -n "$TMP_LIB" ]; then WINPR2_PATH="$i" fi From 8f459806252395669c667a8ea62404abab65bbd6 Mon Sep 17 00:00:00 2001 From: maaaaz Date: Sun, 26 Apr 2020 09:52:11 -0400 Subject: [PATCH 090/332] oracle on cygwin support --- configure | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/configure b/configure index 70bb5f2..37a8f07 100755 --- a/configure +++ b/configure @@ -864,7 +864,7 @@ if [ "$SSH_IPATH" = "/usr/include" ]; then SSH_IPATH="" fi -echo "Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so) ..." +echo "Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so / liboci.a and oci.dll) ..." #assume if we find oci.h other headers should also be in that dir #for libs we will test the 2 if [ "X" != "X$WORACLE_PATH" ]; then @@ -894,6 +894,11 @@ for i in $LIBDIRS ; do ORACLE_PATH="$i" fi fi + if [ "X" = "X$ORACLE_PATH" ]; then + if [ -f "$i/liboci.a" -a -f "$i/oci.dll" ]; then + ORACLE_PATH="$i" + fi + fi if [ "X" = "X$ORACLE_PATH" ]; then TMP_LIB=`/bin/ls $i/libocci.so.* 2> /dev/null | grep occi.` if [ -n "$TMP_LIB" ]; then @@ -907,23 +912,17 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$ORACLE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libocci.dll* 2> /dev/null | grep occi.` + TMP_LIB=`/bin/ls $i/oci.dll* 2> /dev/null | grep occi.` if [ -n "$TMP_LIB" ]; then ORACLE_PATH="$i" fi - if [ "X" != "X$ORACLE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libclntsh.dll* 2> /dev/null | grep clntsh.` - if [ -z "$TMP_LIB" ]; then - ORACLE_PATH="" - fi - fi fi done if [ "X" != "X$DEBUG" ]; then echo DEBUG: ORACLE_PATH=$ORACLE_PATH/libocci fi -#check for Kernel Asynchronous I/O (AIO) lib support -if [ "X" != "X$ORACLE_PATH" ]; then +#check for Kernel Asynchronous I/O (AIO) lib support, no need on Cygwin +if [ "X" != "X$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then LIBAIO="" for i in $LIBDIRS ; do if [ "X" = "X$LIBAIO" ]; then @@ -951,10 +950,8 @@ if [ "X" != "X$DEBUG" ]; then fi for i in $INCDIRS ; do - if [ "X" != "X$ORACLE_PATH" ]; then - if [ -f "$i/oci.h" ]; then - ORACLE_IPATH="$i" - fi + if [ -f "$i/oci.h" ]; then + ORACLE_IPATH="$i" fi done if [ "X" != "X$DEBUG" ]; then @@ -1542,9 +1539,12 @@ fi if [ -n "$NCP_PATH" ]; then XLIBS="$XLIBS -lncp" fi -if [ -n "$ORACLE_PATH" ]; then +if [ -n "$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then XLIBS="$XLIBS -locci -lclntsh" fi +if [ -n "$ORACLE_PATH" -a "$SYSO" = "Cygwin" ]; then + XLIBS="$XLIBS -loci" +fi if [ -n "$FIREBIRD_PATH" ]; then XLIBS="$XLIBS -lfbclient" fi From dac0c18f75f5789c294e0b57456668ac28c3c5dd Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Thu, 14 May 2020 09:56:18 +0100 Subject: [PATCH 091/332] fix http-proxy to handle multiline buffer data --- hydra-http-proxy.c | 59 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 18 deletions(-) diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index fa5638c..1d3caaa 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -10,7 +10,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option char *login, *pass, buffer[500], buffer2[500]; char url[210], host[60]; char *header = ""; /* XXX TODO */ - char *ptr, *fooptr; + char *ptr, *fooptr, *auth_hdr; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -50,24 +50,32 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option return 3; } - if (debug) - hydra_report(stderr, "S:%s\n", http_proxy_buf); + if (debug) { + hydra_report(stderr, + "S:%-.*s\n", + (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), + http_proxy_buf); + } - free(http_proxy_buf); - http_proxy_buf = hydra_receive_line(s); - while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) { + while (http_proxy_buf != NULL && + (auth_hdr = hydra_strcasestr(http_proxy_buf, + "Proxy-Authenticate:")) == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } - if (http_proxy_buf == NULL) { + if (auth_hdr == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n"); return 3; } - if (debug) - hydra_report(stderr, "S:%s\n", http_proxy_buf); + if (debug) { + hydra_report(stderr, + "S:%-.*s\n", + (int)(strchr(auth_hdr, '\r') - auth_hdr), + auth_hdr); + } // after the first query we should have been disconnected from web server s = hydra_disconnect(s); @@ -78,8 +86,9 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } } - if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) { + if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Basic") != NULL) { http_proxy_auth_mechanism = AUTH_BASIC; + auth_hdr = NULL; sprintf(buffer2, "%.50s:%.50s", login, pass); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, @@ -105,15 +114,20 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option return 3; } - if (debug) - hydra_report(stderr, "S:%s\n", http_proxy_buf); + if (debug) { + hydra_report(stderr, + "S:%-.*s\n", + (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), + http_proxy_buf); + } } else { - if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) { + if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: NTLM") != NULL) { unsigned char buf1[4096]; unsigned char buf2[4096]; char *pos = NULL; http_proxy_auth_mechanism = AUTH_NTLM; + auth_hdr = NULL; // send auth and receive challenge // send auth request: let the server send it's own hostname and domainname buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); @@ -178,10 +192,11 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option return 3; } else { #ifdef LIBOPENSSL - if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { + if (hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Digest") != NULL) { char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; + auth_hdr == NULL; pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); buffer[sizeof(buffer) - 1] = '\0'; @@ -204,8 +219,12 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option http_proxy_buf = hydra_receive_line(s); } - if (debug && http_proxy_buf != NULL) - hydra_report(stderr, "S:%s\n", http_proxy_buf); + if (debug && http_proxy_buf != NULL) { + hydra_report(stderr, + "S:%-.*s\n", + (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), + http_proxy_buf); + } if (http_proxy_buf == NULL) return 3; @@ -213,9 +232,13 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } else #endif { - if (http_proxy_buf != NULL) { + if (auth_hdr != NULL) { // buf[strlen(http_proxy_buf) - 1] = '\0'; - hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf); + hydra_report(stderr, + "Unsupported Auth type:\n%-.*s\n", + (int)(strchr(http_proxy_buf, '\r') - auth_hdr), + auth_hdr); + auth_hdr = NULL; free(http_proxy_buf); http_proxy_buf = NULL; } else { From 99d8ef8f3c907499497c9477866b6e3cd1d47307 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Thu, 14 May 2020 10:18:20 +0100 Subject: [PATCH 092/332] fix -Wformat-overflow= warnings in sprintf --- hydra-http-proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 1d3caaa..17bf02a 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -7,7 +7,7 @@ char *http_proxy_buf = NULL; int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; - char *login, *pass, buffer[500], buffer2[500]; + char *login, *pass, buffer[5000], buffer2[4500]; char url[210], host[60]; char *header = ""; /* XXX TODO */ char *ptr, *fooptr, *auth_hdr; From a40bfb1e54fce6d1a9f5b0fb4ae4e1366d0d6fc2 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Thu, 14 May 2020 10:58:14 +0100 Subject: [PATCH 093/332] add 404 to http-proxy as a success condition --- hydra-http-proxy.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 17bf02a..14bfaf5 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -250,7 +250,11 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } ptr = ((char *)index(http_proxy_buf, ' ')) + 1; - if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { + if (*ptr == '2' || + (*ptr == '3' && *(ptr + 2) == '1') || + (*ptr == '3' && *(ptr + 2) == '2') || + (*ptr == '4' && *(ptr + 2) == '4') + ) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); free(http_proxy_buf); From 167a1c53e8af94c8ea39927736ed1f4d3d32145d Mon Sep 17 00:00:00 2001 From: TenGbps <30792994+TenGbps@users.noreply.github.com> Date: Thu, 21 May 2020 17:46:26 +0200 Subject: [PATCH 094/332] Update sasl.c Some this the realm are long, if is too long is getting a #392 --- sasl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sasl.c b/sasl.c index 1a421b1..8e4cf50 100644 --- a/sasl.c +++ b/sasl.c @@ -271,7 +271,7 @@ char *sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char int32_t array_size = 10; unsigned char response[MD5_DIGEST_LENGTH]; char *array[array_size]; - char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; + char buffer2[500], buffer3[500], nonce[200], realm[200], algo[20]; int32_t i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; MD5_CTX md5c; char *preplogin; From c426452772b06ce57e5b58080a01b1bb717b84f5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 21 May 2020 22:43:13 +0200 Subject: [PATCH 095/332] fuck backward compatability - snprintf for the win --- sasl.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sasl.c b/sasl.c index 8e4cf50..4fbad43 100644 --- a/sasl.c +++ b/sasl.c @@ -461,10 +461,10 @@ char *sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } - sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); + snprintf(buffer, 500, "%s:%s:%s", buffer3, nonce, "hydra"); } else { memcpy(buffer, response, sizeof(response)); - sprintf(buffer + sizeof(response), ":%s:%s", nonce, "hydra"); + snprintf(buffer + sizeof(response), 50 - sizeof(response), ":%s:%s", nonce, "hydra"); } MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); @@ -479,22 +479,22 @@ char *sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char // compute ha2 // proxy case if (strstr(type, "proxy") != NULL) - sprintf(buffer, "%s:%s", "HEAD", miscptr); + snprintf(buffer, 500, "%s:%s", "HEAD", miscptr); else // http case if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) - sprintf(buffer, "%s:%s", type, miscptr); + snprintf(buffer, 500, "%s:%s", type, miscptr); else // sip case if (strstr(type, "sip") != NULL) - sprintf(buffer, "REGISTER:%s:%s", type, miscptr); + snprintf(buffer, 500, "REGISTER:%s:%s", type, miscptr); else // others if (strstr(type, "rtsp") != NULL) - sprintf(buffer, "DESCRIBE:%s://%s:%i", type, webtarget, port); + snprintf(buffer, 500, "DESCRIBE:%s://%s:%i", type, webtarget, port); else // others - sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); + snprintf(buffer, 500, "AUTHENTICATE:%s/%s", type, realm); MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); From 1ed690983678626dc85f11d70181eeda16a01ba3 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 28 May 2020 22:38:52 +0200 Subject: [PATCH 096/332] more buffer --- Makefile | 97 +++++++++++++++++++++++++++++++++++++++++++++- hydra-http-proxy.c | 4 +- 2 files changed, 97 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 372e67e..ee6dd85c 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,98 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBNCURSES -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DLIBMCACHED -DLIBMONGODB -DLIBBSON -DLIBFREERDP2 -DLIBWINPR2 -DLIBSMBCLIENT -DHAVE_MATH_H -DHAVE_SYS_PARAM_H +XLIBS= -lz -lcurses -lssl -lfbclient -lidn -lpcre -lmysqlclient -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -lmongoc-1.0 -lbson-1.0 -lfreerdp2 -lwinpr2 -lsmbclient +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu +XIPATHS= -I/usr/include/mysql -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached-1.0 -I/usr/include/libmongoc-1.0 -I/usr/include/libbson-1.0 -I/usr/include/freerdp2 -I/usr/include/winpr2 -I/usr/include/samba-4.0 +PREFIX=/usr/local +XHYDRA_SUPPORT=xhydra +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro + +# +# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC +# +WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations +WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align +CFLAGS ?= -march=native -flto +OPTS=-I. -O3 $(CFLAGS) -fcommon +# -Wall -g -pedantic +LIBS=-lm +DESTDIR ?= +BINDIR = /bin +MANDIR = /man/man1/ +DATADIR = /etc + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile + diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 14bfaf5..757a3fe 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -8,7 +8,7 @@ char *http_proxy_buf = NULL; int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; char *login, *pass, buffer[5000], buffer2[4500]; - char url[210], host[60]; + char url[510], host[60]; char *header = ""; /* XXX TODO */ char *ptr, *fooptr, *auth_hdr; @@ -21,7 +21,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option strcpy(url, "http://www.microsoft.com/"); strcpy(host, "Host: www.microsoft.com\r\n"); } else { - sprintf(url, "%.200s", miscptr); + sprintf(url, "%.500s", miscptr); ptr = strstr(miscptr, "://"); // :// check is in hydra.c sprintf(host, "Host: %.50s", ptr + 3); if ((ptr = index(host, '/')) != NULL) From 8b603b82a2ab94fefe5a6247a9ccb4945d6bd859 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 28 May 2020 22:39:13 +0200 Subject: [PATCH 097/332] fix makefile --- Makefile | 97 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 95 deletions(-) diff --git a/Makefile b/Makefile index ee6dd85c..372e67e 100644 --- a/Makefile +++ b/Makefile @@ -1,98 +1,5 @@ -STRIP=strip -XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBNCURSES -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DLIBMCACHED -DLIBMONGODB -DLIBBSON -DLIBFREERDP2 -DLIBWINPR2 -DLIBSMBCLIENT -DHAVE_MATH_H -DHAVE_SYS_PARAM_H -XLIBS= -lz -lcurses -lssl -lfbclient -lidn -lpcre -lmysqlclient -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -lmongoc-1.0 -lbson-1.0 -lfreerdp2 -lwinpr2 -lsmbclient -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu -XIPATHS= -I/usr/include/mysql -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached-1.0 -I/usr/include/libmongoc-1.0 -I/usr/include/libbson-1.0 -I/usr/include/freerdp2 -I/usr/include/winpr2 -I/usr/include/samba-4.0 -PREFIX=/usr/local -XHYDRA_SUPPORT=xhydra -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro - -# -# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC -# -WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations -WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align -CFLAGS ?= -march=native -flto -OPTS=-I. -O3 $(CFLAGS) -fcommon -# -Wall -g -pedantic -LIBS=-lm -DESTDIR ?= -BINDIR = /bin -MANDIR = /man/man1/ -DATADIR = /etc - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ - hydra-smb2.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ - hydra-smb2.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile - From a88198051bbc710bac0ad1a04ce3ee3a72c72772 Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Fri, 5 Jun 2020 17:28:49 -0400 Subject: [PATCH 098/332] add support for freerdp3" Added support for freerdp module 3, this is the newest module from freerdp --- configure | 98 ++++++++++++++++++++++++++--------------------------- hydra-rdp.c | 2 +- hydra.c | 10 +++--- 3 files changed, 55 insertions(+), 55 deletions(-) diff --git a/configure b/configure index 37a8f07..7849a7d 100755 --- a/configure +++ b/configure @@ -70,8 +70,8 @@ NSL_PATH="" SOCKET_PATH="" MANDIR="" XHYDRA_SUPPORT="" -FREERDP2_PATH="" -WINPR2_PATH="" +FREERDP3_PATH="" +WINPR3_PATH="" SMBC_PATH="" SMBC_IPATH="" @@ -1018,76 +1018,76 @@ fi fi -echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*.h) ..." +echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*.h) ..." for i in $LIBDIRS ; do - if [ "X" = "X$FREERDP2_PATH" ]; then - if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" -o -f "$i/libfreerdp2.dll.a" ]; then - FREERDP2_PATH="$i" + if [ "X" = "X$FREERDP3_PATH" ]; then + if [ -f "$i/libfreerdp3.so" -o -f "$i/libfreerdp3.dylib" -o -f "$i/libfreerdp3.a" -o -f "$i/libfreerdp3.dll.a" ]; then + FREERDP3_PATH="$i" fi fi - if [ "X" = "X$FREERDP2_PATH" ]; then - TMP_LIB=`/bin/ls $i/libfreerdp2*.so* 2> /dev/null | grep libfreerdp2` + if [ "X" = "X$FREERDP3_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfreerdp3*.so* 2> /dev/null | grep libfreerdp3` if [ -n "$TMP_LIB" ]; then - FREERDP2_PATH="$i" + FREERDP3_PATH="$i" fi fi done - FREERDP2_IPATH= + FREERDP3_IPATH= for i in $INCDIRS ; do - if [ "X" = "X$FREERDP2_IPATH" ]; then + if [ "X" = "X$FREERDP3_IPATH" ]; then if [ -f "$i/freerdp/freerdp.h" ]; then - FREERDP2_IPATH="$i/freerdp2" + FREERDP3_IPATH="$i/freerdp3" fi - if [ -f "$i/freerdp2/freerdp/freerdp.h" ]; then - FREERDP2_IPATH="$i/freerdp2" + if [ -f "$i/freerdp3/freerdp/freerdp.h" ]; then + FREERDP3_IPATH="$i/freerdp3" fi fi done for i in $LIBDIRS ; do - if [ "X" = "X$WINPR2_PATH" ]; then - if [ -f "$i/libwinpr2.so" -o -f "$i/libwinpr2.dylib" -o -f "$i/libwinpr2.a" ]; then - WINPR2_PATH="$i" + if [ "X" = "X$WINPR3_PATH" ]; then + if [ -f "$i/libwinpr3.so" -o -f "$i/libwinpr3.dylib" -o -f "$i/libwinpr3.a" ]; then + WINPR3_PATH="$i" fi fi - if [ "X" = "X$WINPR2_PATH" ]; then - TMP_LIB=`/bin/ls $i/libwinpr2.dll.a 2> /dev/null | grep winpr` + if [ "X" = "X$WINPR3_PATH" ]; then + TMP_LIB=`/bin/ls $i/libwinpr3.dll.a 2> /dev/null | grep winpr` if [ -n "$TMP_LIB" ]; then - WINPR2_PATH="$i" + WINPR3_PATH="$i" fi fi done - WINPR2_IPATH= + WINPR3_IPATH= for i in $INCDIRS ; do - if [ "X" = "X$WINPR2_IPATH" ]; then + if [ "X" = "X$WINPR3_IPATH" ]; then if [ -f "$i/winpr.h" ]; then - WINPR2_IPATH="$i" + WINPR3_IPATH="$i" fi - if [ -f "$i/winpr2/winpr/winpr.h" ]; then - WINPR2_IPATH="$i/winpr2" + if [ -f "$i/winpr3/winpr/winpr.h" ]; then + WINPR3_IPATH="$i/winpr3" fi fi done if [ "X" != "X$DEBUG" ]; then - echo DEBUG: FREERDP2_PATH=$FREERDP2_PATH/ - echo DEBUG: FREERDP2_IPATH=$FREERDP2_IPATH/ - echo DEBUG: WINPR2_PATH=$WINPR2_PATH/ - echo DEBUG: WINPR2_IPATH=$WINPR2_IPATH/ + echo DEBUG: FREERDP3_PATH=$FREERDP3_PATH/ + echo DEBUG: FREERDP3_IPATH=$FREERDP3_IPATH/ + echo DEBUG: WINPR3_PATH=$WINPR3_PATH/ + echo DEBUG: WINPR3_IPATH=$WINPR3_IPATH/ fi - if [ -n "$FREERDP2_PATH" -a -n "$FREERDP2_IPATH" -a -n "$WINPR2_PATH" -a -n "$WINPR2_IPATH" ]; then + if [ -n "$FREERDP3_PATH" -a -n "$FREERDP3_IPATH" -a -n "$WINPR3_PATH" -a -n "$WINPR3_IPATH" ]; then echo " ... found" fi - if [ "X" = "X$FREERDP2_PATH" -o "X" = "X$FREERDP2_IPATH" -o "X" = "X$WINPR2_PATH" -o "X" = "X$WINPR2_IPATH" ]; then + if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then echo " ... NOT found, module rdp disabled" - FREERDP2_PATH="" - FREERDP2_IPATH="" - WINPR2_PATH="" - WINPR2_IPATH="" + FREERDP3_PATH="" + FREERDP3_IPATH="" + WINPR3_PATH="" + WINPR3_IPATH="" fi echo "Checking for Mongodb (libmongoc-1.0.so, mongoc.h, libbson-1.0.so, bson.h) ..." @@ -1340,8 +1340,8 @@ if [ -n "$FIREBIRD_PATH" -o \ -n "$MYSQL_PATH" -o \ -n "$MCACHED_PATH" -o \ -n "$MONGOD_PATH" -o \ - -n "$FREERDP2_PATH" -o \ - -n "$WINPR2_PATH" -o \ + -n "$FREERDP3_PATH" -o \ + -n "$WINPR3_PATH" -o \ -n "$SMBC_PATH" \ ]; then if [ "$SYSS" = "Darwin" ] && [ ! -d "/lib" ]; then @@ -1425,11 +1425,11 @@ fi if [ -n "$BSON_PATH" ]; then XDEFINES="$XDEFINES -DLIBBSON" fi -if [ -n "$FREERDP2_PATH" ]; then - XDEFINES="$XDEFINES -DLIBFREERDP2" +if [ -n "$FREERDP3_PATH" ]; then + XDEFINES="$XDEFINES -DLIBFREERDP3" fi -if [ -n "$WINPR2_PATH" ]; then - XDEFINES="$XDEFINES -DLIBWINPR2" +if [ -n "$WINPR3_PATH" ]; then + XDEFINES="$XDEFINES -DLIBWINPR3" fi if [ -n "$SMBC_PATH" ]; then XDEFINES="$XDEFINES -DLIBSMBCLIENT" @@ -1457,8 +1457,8 @@ for i in $SSL_PATH \ $MCACHED_PATH \ $MONGODB_PATH \ $BSON_PATH \ - $FREERDP2_PATH \ - $WINPR2_PATH \ + $FREERDP3_PATH \ + $WINPR3_PATH \ $SMBC_PATH; do if [ "$OLDPATH" = "$i" ]; then OLDPATH="$i" @@ -1518,8 +1518,8 @@ fi if [ -n "$MONGODB_IPATH" ]; then XIPATHS="$XIPATHS -I$MONGODB_IPATH -I$BSON_IPATH" fi -if [ -n "$FREERDP2_IPATH" ]; then - XIPATHS="$XIPATHS -I$FREERDP2_IPATH -I$WINPR2_IPATH" +if [ -n "$FREERDP3_IPATH" ]; then + XIPATHS="$XIPATHS -I$FREERDP3_IPATH -I$WINPR3_IPATH" fi if [ -n "$SMBC_IPATH" ]; then XIPATHS="$XIPATHS -I$SMBC_IPATH" @@ -1599,11 +1599,11 @@ fi if [ -n "$BSON_PATH" ]; then XLIBS="$XLIBS -lbson-1.0" fi -if [ -n "$FREERDP2_PATH" ]; then - XLIBS="$XLIBS -lfreerdp2" +if [ -n "$FREERDP3_PATH" ]; then + XLIBS="$XLIBS -lfreerdp3" fi -if [ -n "$WINPR2_PATH" ]; then - XLIBS="$XLIBS -lwinpr2" +if [ -n "$WINPR3_PATH" ]; then + XLIBS="$XLIBS -lwinpr3" fi if [ -n "$SMBC_PATH" ]; then XLIBS="$XLIBS -lsmbclient" diff --git a/hydra-rdp.c b/hydra-rdp.c index bd333ce..25528e0 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -10,7 +10,7 @@ #include "hydra-mod.h" extern char *HYDRA_EXIT; -#ifndef LIBFREERDP2 +#ifndef LIBFREERDP3 void dummy_rdp() { printf("\n"); } #else diff --git a/hydra.c b/hydra.c index 5e1dd87..29f2097 100644 --- a/hydra.c +++ b/hydra.c @@ -117,7 +117,7 @@ extern int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char optio extern void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif -#ifdef LIBFREERDP2 +#ifdef LIBFREERDP3 extern void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif @@ -426,7 +426,7 @@ static const struct { #endif SERVICE(redis), SERVICE(rexec), -#ifdef LIBFREERDP2 +#ifdef LIBFREERDP3 SERVICE3("rdp", rdp), #endif SERVICE(rlogin), @@ -2237,7 +2237,7 @@ int main(int argc, char *argv[]) { strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif -#ifndef LIBFREERDP2 +#ifndef LIBFREERDP3 // for rdp SERVICES = hydra_string_replace(SERVICES, " rdp", ""); #endif @@ -2905,8 +2905,8 @@ int main(int argc, char *argv[]) { } if (strcmp(hydra_options.service, "rdp") == 0) { -#ifndef LIBFREERDP2 - bail("Compiled without FREERDP2 support, module not available!"); +#ifndef LIBFREERDP3 + bail("Compiled without FREERDP3 support, module not available!"); #endif } if (strcmp(hydra_options.service, "pcnfs") == 0) { From b0c1a9d1deaf522063564b3e3540a20035ce6510 Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Mon, 8 Jun 2020 09:24:16 -0400 Subject: [PATCH 099/332] Updated version of freerdp lib supported to 3.0 --- hydra-rdp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index 25528e0..89245f3 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -1,5 +1,5 @@ /* - This module is using freerdp2 lib + This module is using freerdp3 lib Tested on: - Windows 7 pro SP1 From 09a247412bb1ad6853038462285b6b3e090dcb96 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 10 Jun 2020 10:17:40 +0200 Subject: [PATCH 100/332] compiler option change --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 49e8476..9d349c2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3,7 +3,7 @@ # WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align -CFLAGS ?= -march=native -flto +CFLAGS ?= -g OPTS=-I. -O3 $(CFLAGS) -fcommon # -Wall -g -pedantic LIBS=-lm From bc6e8aec416ac29bd9ff23fd7486576f4cec44c0 Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Fri, 12 Jun 2020 11:19:01 -0400 Subject: [PATCH 101/332] Adding support to check for freerdp2 and freerdp3 Adding logic to check for freerdp2 first and if not the rdp module will check for freerdp3 to support the rdp module --- configure | 90 +++++++++++++++++++++++++++++++++++++++++++++++++---- hydra-rdp.c | 2 +- hydra.c | 11 ++++--- 3 files changed, 92 insertions(+), 11 deletions(-) diff --git a/configure b/configure index 7849a7d..add5ca6 100755 --- a/configure +++ b/configure @@ -70,6 +70,8 @@ NSL_PATH="" SOCKET_PATH="" MANDIR="" XHYDRA_SUPPORT="" +FREERDP2_PATH="" +WINPR2_PATH="" FREERDP3_PATH="" WINPR3_PATH="" SMBC_PATH="" @@ -1017,16 +1019,92 @@ fi MCACHED_IPATH="" fi +echo "Checking for Freerdp..." +echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*.h) ..." + +#Checking Freerdp2 + + for i in $LIBDIRS ; do + if [ "X" = "X$FREERDP2_PATH" ]; then + if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" -o -f "$i/libfreerdp2.dll.a" ]; then + FREERDP2_PATH="$i" + fi + fi + if [ "X" = "X$FREERDP2_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfreerdp2*.so* 2> /dev/null | grep libfreerdp2` + if [ -n "$TMP_LIB" ]; then + FREERDP2_PATH="$i" + fi + fi + done + + FREERDP2_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$FREERDP2_IPATH" ]; then + if [ -f "$i/freerdp/freerdp.h" ]; then + FREERDP2_IPATH="$i/freerdp2" + fi + if [ -f "$i/freerdp2/freerdp/freerdp.h" ]; then + FREERDP2_IPATH="$i/freerdp2" + fi + fi + done + + for i in $LIBDIRS ; do + if [ "X" = "X$WINPR2_PATH" ]; then + if [ -f "$i/libwinpr2.so" -o -f "$i/libwinpr2.dylib" -o -f "$i/libwinpr2.a" ]; then + WINPR2_PATH="$i" + fi + fi + if [ "X" = "X$WINPR2_PATH" ]; then + TMP_LIB=`/bin/ls $i/libwinpr2.dll.a 2> /dev/null | grep winpr` + if [ -n "$TMP_LIB" ]; then + WINPR2_PATH="$i" + fi + fi + done + + WINPR2_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$WINPR2_IPATH" ]; then + if [ -f "$i/winpr.h" ]; then + WINPR2_IPATH="$i" + fi + if [ -f "$i/winpr2/winpr/winpr.h" ]; then + WINPR2_IPATH="$i/winpr2" + fi + fi + done + +if [ "X" != "X$DEBUG" ]; then + echo DEBUG: FREERDP2_PATH=$FREERDP2_PATH/ + echo DEBUG: FREERDP2_IPATH=$FREERDP2_IPATH/ + echo DEBUG: WINPR2_PATH=$WINPR2_PATH/ + echo DEBUG: WINPR2_IPATH=$WINPR2_IPATH/ +fi + + if [ -n "$FREERDP2_PATH" -a -n "$FREERDP2_IPATH" -a -n "$WINPR2_PATH" -a -n "$WINPR2_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$FREERDP2_PATH" -o "X" = "X$FREERDP2_IPATH" -o "X" = "X$WINPR2_PATH" -o "X" = "X$WINPR2_IPATH" ]; then + echo " ... NOT found, checking freerdp3 module next..." + FREERDP2_PATH="" + FREERDP2_IPATH="" + WINPR2_PATH="" + WINPR2_IPATH="" + fi + +#Checking Freerdp3 echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*.h) ..." for i in $LIBDIRS ; do - if [ "X" = "X$FREERDP3_PATH" ]; then + if [ "X" = "X$FREERDP2_PATH" && "X" = "X$FREERDP3_PATH" ]; then if [ -f "$i/libfreerdp3.so" -o -f "$i/libfreerdp3.dylib" -o -f "$i/libfreerdp3.a" -o -f "$i/libfreerdp3.dll.a" ]; then FREERDP3_PATH="$i" fi fi - if [ "X" = "X$FREERDP3_PATH" ]; then + if [ "X" = "X$FREERDP2_PATH" && "X" = "X$FREERDP3_PATH" ]; then TMP_LIB=`/bin/ls $i/libfreerdp3*.so* 2> /dev/null | grep libfreerdp3` if [ -n "$TMP_LIB" ]; then FREERDP3_PATH="$i" @@ -1036,7 +1114,7 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. FREERDP3_IPATH= for i in $INCDIRS ; do - if [ "X" = "X$FREERDP3_IPATH" ]; then + if [ "X" = "X$FREERDP2_IPATH" && "X" = "X$FREERDP3_IPATH" ]; then if [ -f "$i/freerdp/freerdp.h" ]; then FREERDP3_IPATH="$i/freerdp3" fi @@ -1047,12 +1125,12 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. done for i in $LIBDIRS ; do - if [ "X" = "X$WINPR3_PATH" ]; then + if [ "X" = "X$WINPR2_PATH" && "X" = "X$WINPR3_PATH" ]; then if [ -f "$i/libwinpr3.so" -o -f "$i/libwinpr3.dylib" -o -f "$i/libwinpr3.a" ]; then WINPR3_PATH="$i" fi fi - if [ "X" = "X$WINPR3_PATH" ]; then + if [ "X" = "X$WINPR2_PATH" && "X" = "X$WINPR3_PATH" ]; then TMP_LIB=`/bin/ls $i/libwinpr3.dll.a 2> /dev/null | grep winpr` if [ -n "$TMP_LIB" ]; then WINPR3_PATH="$i" @@ -1062,7 +1140,7 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. WINPR3_IPATH= for i in $INCDIRS ; do - if [ "X" = "X$WINPR3_IPATH" ]; then + if [ "X" = "X$WINPR2_IPATH" && "X" = "X$WINPR3_IPATH" ]; then if [ -f "$i/winpr.h" ]; then WINPR3_IPATH="$i" fi diff --git a/hydra-rdp.c b/hydra-rdp.c index 89245f3..282846d 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -10,7 +10,7 @@ #include "hydra-mod.h" extern char *HYDRA_EXIT; -#ifndef LIBFREERDP3 +#if !defined(LIBFREERDP2) || (LIBFREERDP3) void dummy_rdp() { printf("\n"); } #else diff --git a/hydra.c b/hydra.c index 29f2097..9d1ba88 100644 --- a/hydra.c +++ b/hydra.c @@ -117,7 +117,7 @@ extern int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char optio extern void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif -#ifdef LIBFREERDP3 +#if defined(LIBFREERDP2) || (LIBFREERDP3) extern void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif @@ -426,7 +426,7 @@ static const struct { #endif SERVICE(redis), SERVICE(rexec), -#ifdef LIBFREERDP3 +#if defined(LIBFREERDP2) || (LIBFREERDP3) SERVICE3("rdp", rdp), #endif SERVICE(rlogin), @@ -2237,7 +2237,7 @@ int main(int argc, char *argv[]) { strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif -#ifndef LIBFREERDP3 +#if !defined(LIBFREERDP2) || (LIBFREERDP3) // for rdp SERVICES = hydra_string_replace(SERVICES, " rdp", ""); #endif @@ -2905,7 +2905,10 @@ int main(int argc, char *argv[]) { } if (strcmp(hydra_options.service, "rdp") == 0) { -#ifndef LIBFREERDP3 +#if !defined(LIBFREERDP2)|| (LIBFREERDP3) + if(!LIBFREERDP2) + bail("Compiled without FREERDP2 support, module not available!"); + else bail("Compiled without FREERDP3 support, module not available!"); #endif } From fdc460c7fb6e03f0aeb33fd123c5658312552e85 Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Fri, 12 Jun 2020 11:32:25 -0400 Subject: [PATCH 102/332] Fixing logic issue with hydra.c file Did not do proper check for freerdp2 or freerdp3 modules --- hydra.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/hydra.c b/hydra.c index 9d1ba88..db7837d 100644 --- a/hydra.c +++ b/hydra.c @@ -2906,10 +2906,7 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "rdp") == 0) { #if !defined(LIBFREERDP2)|| (LIBFREERDP3) - if(!LIBFREERDP2) - bail("Compiled without FREERDP2 support, module not available!"); - else - bail("Compiled without FREERDP3 support, module not available!"); + bail("Compiled without FREERDP2 or FREERDP3 support, modules not available!"); #endif } if (strcmp(hydra_options.service, "pcnfs") == 0) { From 70fb9e4fa57fd054efd7728b58800f7786f805da Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Fri, 12 Jun 2020 12:11:03 -0400 Subject: [PATCH 103/332] Fixing logic that checks for rdp libraries Fixed logic inside of configure to properly check for freedrdp2 if not found check for freerdp3, if found to skip freerdp3 --- configure | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/configure b/configure index add5ca6..7950afe 100755 --- a/configure +++ b/configure @@ -1019,11 +1019,8 @@ fi MCACHED_IPATH="" fi -echo "Checking for Freerdp..." echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*.h) ..." -#Checking Freerdp2 - for i in $LIBDIRS ; do if [ "X" = "X$FREERDP2_PATH" ]; then if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" -o -f "$i/libfreerdp2.dll.a" ]; then @@ -1094,17 +1091,15 @@ fi WINPR2_IPATH="" fi -#Checking Freerdp3 - echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*.h) ..." for i in $LIBDIRS ; do - if [ "X" = "X$FREERDP2_PATH" && "X" = "X$FREERDP3_PATH" ]; then + if [ "X" = "X$FREERDP2_PATH" ] && [ "X" = "X$FREERDP3_PATH" ]; then if [ -f "$i/libfreerdp3.so" -o -f "$i/libfreerdp3.dylib" -o -f "$i/libfreerdp3.a" -o -f "$i/libfreerdp3.dll.a" ]; then FREERDP3_PATH="$i" fi fi - if [ "X" = "X$FREERDP2_PATH" && "X" = "X$FREERDP3_PATH" ]; then + if [ "X" = "X$FREERDP2_PATH" ] && [ "X" = "X$FREERDP3_PATH" ]; then TMP_LIB=`/bin/ls $i/libfreerdp3*.so* 2> /dev/null | grep libfreerdp3` if [ -n "$TMP_LIB" ]; then FREERDP3_PATH="$i" @@ -1114,7 +1109,7 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. FREERDP3_IPATH= for i in $INCDIRS ; do - if [ "X" = "X$FREERDP2_IPATH" && "X" = "X$FREERDP3_IPATH" ]; then + if [ "X" = "X$FREERDP2_IPATH" ] && [ "X" = "X$FREERDP3_IPATH" ]; then if [ -f "$i/freerdp/freerdp.h" ]; then FREERDP3_IPATH="$i/freerdp3" fi @@ -1125,12 +1120,12 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. done for i in $LIBDIRS ; do - if [ "X" = "X$WINPR2_PATH" && "X" = "X$WINPR3_PATH" ]; then + if [ "X" = "X$WINPR2_PATH" ] && [ "X" = "X$WINPR3_PATH" ]; then if [ -f "$i/libwinpr3.so" -o -f "$i/libwinpr3.dylib" -o -f "$i/libwinpr3.a" ]; then WINPR3_PATH="$i" fi fi - if [ "X" = "X$WINPR2_PATH" && "X" = "X$WINPR3_PATH" ]; then + if [ "X" = "X$WINPR2_PATH" ] && [ "X" = "X$WINPR3_PATH" ]; then TMP_LIB=`/bin/ls $i/libwinpr3.dll.a 2> /dev/null | grep winpr` if [ -n "$TMP_LIB" ]; then WINPR3_PATH="$i" @@ -1140,7 +1135,7 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. WINPR3_IPATH= for i in $INCDIRS ; do - if [ "X" = "X$WINPR2_IPATH" && "X" = "X$WINPR3_IPATH" ]; then + if [ "X" = "X$WINPR2_IPATH" ] && [ "X" = "X$WINPR3_IPATH" ]; then if [ -f "$i/winpr.h" ]; then WINPR3_IPATH="$i" fi From 9c300ea820946e706a70f6994245a8485dedea72 Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Mon, 15 Jun 2020 15:51:22 -0400 Subject: [PATCH 104/332] Refactoring libfreerdp Removing double entry of libfreerdp in hydra.c and hydra-rdp.c --- hydra-rdp.c | 2 +- hydra.c | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index 282846d..6a000a4 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -10,7 +10,7 @@ #include "hydra-mod.h" extern char *HYDRA_EXIT; -#if !defined(LIBFREERDP2) || (LIBFREERDP3) +#ifndef LIBFREERDP void dummy_rdp() { printf("\n"); } #else diff --git a/hydra.c b/hydra.c index db7837d..aa7f9ee 100644 --- a/hydra.c +++ b/hydra.c @@ -117,7 +117,7 @@ extern int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char optio extern void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif -#if defined(LIBFREERDP2) || (LIBFREERDP3) +#ifdef LIBFREERDP extern void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif @@ -426,7 +426,7 @@ static const struct { #endif SERVICE(redis), SERVICE(rexec), -#if defined(LIBFREERDP2) || (LIBFREERDP3) +#ifdef LIBFREERDP SERVICE3("rdp", rdp), #endif SERVICE(rlogin), @@ -2237,7 +2237,7 @@ int main(int argc, char *argv[]) { strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif -#if !defined(LIBFREERDP2) || (LIBFREERDP3) +#ifndef LIBFREERDP // for rdp SERVICES = hydra_string_replace(SERVICES, " rdp", ""); #endif @@ -2905,8 +2905,8 @@ int main(int argc, char *argv[]) { } if (strcmp(hydra_options.service, "rdp") == 0) { -#if !defined(LIBFREERDP2)|| (LIBFREERDP3) - bail("Compiled without FREERDP2 or FREERDP3 support, modules not available!"); +#ifndef LIBFREERDP + bail("Compiled without FREERDP support, modules not available!"); #endif } if (strcmp(hydra_options.service, "pcnfs") == 0) { From 54dd5667ff72d76d770dbc65472850fb090efb14 Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Tue, 16 Jun 2020 09:53:24 -0400 Subject: [PATCH 105/332] Fixing XDEFINES Trying to fix defines for freerdp --- configure | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/configure b/configure index 7950afe..5e58161 100755 --- a/configure +++ b/configure @@ -1413,6 +1413,8 @@ if [ -n "$FIREBIRD_PATH" -o \ -n "$MYSQL_PATH" -o \ -n "$MCACHED_PATH" -o \ -n "$MONGOD_PATH" -o \ + -n "$FREERDP2_PATH" -o \ + -n "$WINPR2_PATH" -o \ -n "$FREERDP3_PATH" -o \ -n "$WINPR3_PATH" -o \ -n "$SMBC_PATH" \ @@ -1498,8 +1500,14 @@ fi if [ -n "$BSON_PATH" ]; then XDEFINES="$XDEFINES -DLIBBSON" fi +if [ -n "$FREERDP2_PATH" ]; then + XDEFINES="$XDEFINES -DLIBFREERDP" +fi +if [ -n "$WINPR2_PATH" ]; then + XDEFINES="$XDEFINES -DLIBWINPR2" +fi if [ -n "$FREERDP3_PATH" ]; then - XDEFINES="$XDEFINES -DLIBFREERDP3" + XDEFINES="$XDEFINES -DLIBFREERDP" fi if [ -n "$WINPR3_PATH" ]; then XDEFINES="$XDEFINES -DLIBWINPR3" @@ -1530,6 +1538,8 @@ for i in $SSL_PATH \ $MCACHED_PATH \ $MONGODB_PATH \ $BSON_PATH \ + $FREERDP2_PATH \ + $WINPR2_PATH \ $FREERDP3_PATH \ $WINPR3_PATH \ $SMBC_PATH; do @@ -1591,6 +1601,9 @@ fi if [ -n "$MONGODB_IPATH" ]; then XIPATHS="$XIPATHS -I$MONGODB_IPATH -I$BSON_IPATH" fi +if [ -n "$FREERDP3_IPATH" ]; then + XIPATHS="$XIPATHS -I$FREERDP2_IPATH -I$WINPR2_IPATH" +fi if [ -n "$FREERDP3_IPATH" ]; then XIPATHS="$XIPATHS -I$FREERDP3_IPATH -I$WINPR3_IPATH" fi @@ -1672,6 +1685,12 @@ fi if [ -n "$BSON_PATH" ]; then XLIBS="$XLIBS -lbson-1.0" fi +if [ -n "$FREERDP3_PATH" ]; then + XLIBS="$XLIBS -lfreerdp2" +fi +if [ -n "$WINPR3_PATH" ]; then + XLIBS="$XLIBS -lwinpr2" +fi if [ -n "$FREERDP3_PATH" ]; then XLIBS="$XLIBS -lfreerdp3" fi From f5b3fe77d386c5f323e2ec6bbf77cf5960730fda Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Tue, 16 Jun 2020 09:56:11 -0400 Subject: [PATCH 106/332] Fixing typo on xlibs path --- configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 5e58161..67b968c 100755 --- a/configure +++ b/configure @@ -1685,10 +1685,10 @@ fi if [ -n "$BSON_PATH" ]; then XLIBS="$XLIBS -lbson-1.0" fi -if [ -n "$FREERDP3_PATH" ]; then +if [ -n "$FREERDP2_PATH" ]; then XLIBS="$XLIBS -lfreerdp2" fi -if [ -n "$WINPR3_PATH" ]; then +if [ -n "$WINPR2_PATH" ]; then XLIBS="$XLIBS -lwinpr2" fi if [ -n "$FREERDP3_PATH" ]; then From 435ed442897879ffcaa32baad44e3049ff418a18 Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Tue, 16 Jun 2020 10:19:16 -0400 Subject: [PATCH 107/332] Adding step to makefile to fix Lib Symlinks --- Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index 49e8476..111cd88 100644 --- a/Makefile.am +++ b/Makefile.am @@ -78,6 +78,7 @@ install: strip -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -ldconfig clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile From 11a96e5d32eaa974b164aa80f15e775e47a851b0 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Thu, 25 Jun 2020 20:21:16 +0100 Subject: [PATCH 108/332] oracle: add success condition and fix skipped tries --- hydra-oracle.c | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/hydra-oracle.c b/hydra-oracle.c index e132b81..5f1788e 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -19,6 +19,7 @@ void dummy_oracle() { printf("\n"); } #include #include +#include extern char *HYDRA_EXIT; @@ -84,7 +85,9 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c return 4; } + bool success = true; if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *)login, strlen(login), (const OraText *)pass, strlen(pass), (const OraText *)buffer, strlen(buffer))) { + success = false; OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); // database: oracle_error: ORA-01017: invalid username/password; logon // denied database: oracle_error: ORA-12514: TNS:listener does not currently @@ -107,31 +110,26 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c return 3; return 2; } - - if (o_error) { - OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR); + // ORA-28002: the password will expire within 7 days + if (strstr((const char *)o_errormsg, "ORA-28002") != NULL) { + hydra_report(stderr, "[INFO] ORACLE account %s password will expire soon.\n", login); + success = true; } + } - hydra_completed_pair(); - // by default, set in sqlnet.ora, the trace file is generated in pwd to log - // any errors happening, as we don't care, we are deleting the file set - // these parameters to not generate the file LOG_DIRECTORY_CLIENT = - // /dev/null LOG_FILE_CLIENT = /dev/null - - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 3; - return 2; - } else { + if (success) { OCILogoff(o_servicecontext, o_error); - if (o_error) { - OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR); - } hydra_report_found_host(port, ip, "oracle", fp); hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + if (o_error) { + OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; - return 1; + return success ? 1 : 2; } void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { @@ -167,11 +165,15 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, break; case 2: next_run = start_oracle(sock, ip, port, options, miscptr, fp); - hydra_child_exit(0); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); + + // by default, set in sqlnet.ora, the trace file is generated in pwd to log + // any errors happening, as we don't care, we are deleting the file set + // these parameters to not generate the file LOG_DIRECTORY_CLIENT = + // /dev/null LOG_FILE_CLIENT = /dev/null unlink("sqlnet.log"); hydra_child_exit(0); return; From 62f06dce245d8df65e9a41c398f91224d0b073d1 Mon Sep 17 00:00:00 2001 From: Jonathan Hodgson Date: Fri, 26 Jun 2020 11:49:18 +0100 Subject: [PATCH 109/332] Usage: Fix help for https-post-form and https-get-form Fixes issue #530 --- hydra.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hydra.c b/hydra.c index 5e1dd87..2883b2f 100644 --- a/hydra.c +++ b/hydra.c @@ -619,6 +619,10 @@ void module_usage() { "%s:\n================================================================" "============\n", hydra_options.service); + if (strcmp(hydra_options.service, "https-post-form") == 0) + strcpy(hydra_options.service, "http-post-form"); + else if (strcmp(hydra_options.service, "https-get-form") == 0) + strcpy(hydra_options.service, "http-get-form"); for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { if (strcmp(hydra_options.service, services[i].name) == 0) { if (services[i].usage) { From 5ec8a3e5e9fcdd6b2389f00665d2d9a2115ac7c8 Mon Sep 17 00:00:00 2001 From: Jonathan Hodgson Date: Fri, 26 Jun 2020 15:31:20 +0100 Subject: [PATCH 110/332] Makes change work on any sting starting with https As per suggestion, the code now remvoes the 's' on any module starting with https- --- hydra.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/hydra.c b/hydra.c index 2883b2f..3eaefcc 100644 --- a/hydra.c +++ b/hydra.c @@ -619,10 +619,8 @@ void module_usage() { "%s:\n================================================================" "============\n", hydra_options.service); - if (strcmp(hydra_options.service, "https-post-form") == 0) - strcpy(hydra_options.service, "http-post-form"); - else if (strcmp(hydra_options.service, "https-get-form") == 0) - strcpy(hydra_options.service, "http-get-form"); + if (strncmp(hydra_options.service, "https-", 6) == 0 ) + memmove(hydra_options.service + 4, hydra_options.service + 5, strlen(hydra_options.service) - 4); for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { if (strcmp(hydra_options.service, services[i].name) == 0) { if (services[i].usage) { From fc196d7fc26469fd3b297abca23399727b0f4962 Mon Sep 17 00:00:00 2001 From: Henry Robalino Date: Tue, 7 Jul 2020 11:25:09 -0400 Subject: [PATCH 111/332] Updating freerdp logic to check v3 first Updating the logic here to check for freerdpv3 first and if found do not check for freerdpv2. Also fixed paths for freerdpv2 paths. Updated bash "or" to use "||" and "and" to use "&&" conditionals with proper POSIX specifications. --- configure | 298 +++++++++++++++++++++++++++--------------------------- 1 file changed, 150 insertions(+), 148 deletions(-) diff --git a/configure b/configure index 67b968c..709fb30 100755 --- a/configure +++ b/configure @@ -3,7 +3,7 @@ # uname -s = Linux | OpenBSD | FreeBSD | Darwin # uname -m = i636 or x86_64 -if [ "$1" = "-h" -o "$1" = "--help" ]; then +if [ "$1" = "-h" || "$1" = "--help" ]; then echo Options: echo " --prefix=path path to install hydra and its datafiles to" echo " --fhs install according to the File System Hierarchy Standard" @@ -198,7 +198,7 @@ else /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib do if [ "X" = "X$SSL_PATH" ]; then - if [ -f "$i/libssl.so" -o -f "$i/libssl.dylib" -o -f "$i/libssl.a" ]; then + if [ -f "$i/libssl.so" || -f "$i/libssl.dylib" || -f "$i/libssl.a" ]; then SSL_PATH="$i" fi fi @@ -209,7 +209,7 @@ else fi fi if [ "X" = "X$CRYPTO_PATH" ]; then - if [ -f "$i/libcrypto.so" -o -f "$i/libcrypto.dylib" -o -f "$i/libcrypto.a" ]; then + if [ -f "$i/libcrypto.so" || -f "$i/libcrypto.dylib" || -f "$i/libcrypto.a" ]; then CRYPTO_PATH="$i" fi fi @@ -251,11 +251,11 @@ if [ "X" = "X$SSL_IPATH" ]; then SSL_PATH="" CRYPTO_PATH="" fi -if [ -n "$SSL_PATH" -a "X" = "X$SSLNEW" ]; then +if [ -n "$SSL_PATH" && "X" = "X$SSLNEW" ]; then echo " ... found but OLD" echo "NOTE: your OpenSSL package is outdated, update it!" fi -if [ -n "$SSL_PATH" -a '!' "X" = "X$SSLNEW" ]; then +if [ -n "$SSL_PATH" && '!' "X" = "X$SSLNEW" ]; then echo " ... found" fi if [ "X" = "X$SSL_PATH" ]; then @@ -268,7 +268,7 @@ fi echo "Checking for gcrypt (libgcrypt.so, gpg-error.h) ..." for i in $LIBDIRS ; do - if [ -f "$i/libgcrypt.so" -o -f "$i/libgcrypt.dylib" -o -f "$i/libgcrypt.a" -o -f "$i/libgcrypt.dll.a" -o -f "$i/libgcrypt.la" ]; then + if [ -f "$i/libgcrypt.so" || -f "$i/libgcrypt.dylib" || -f "$i/libgcrypt.a" || -f "$i/libgcrypt.dll.a" || -f "$i/libgcrypt.la" ]; then HAVE_GCRYPT="y" fi done @@ -286,7 +286,7 @@ for i in $INCDIRS ; do fi done -if [ -n "$HAVE_GCRYPT" -a "X" != "X$GPGERROR_IPATH" ]; then +if [ -n "$HAVE_GCRYPT" && "X" != "X$GPGERROR_IPATH" ]; then echo " ... found" else echo " ... gcrypt not found, radmin2 module disabled" @@ -296,7 +296,7 @@ fi echo "Checking for idn (libidn.so) ..." for i in $LIBDIRS ; do if [ "X" = "X$IDN_PATH" ]; then - if [ -f "$i/libidn.so" -o -f "$i/libidn.dylib" -o -f "$i/libidn.a" -o -f "$i/libidn.dll.a" -o -f "$i/libidn.la" ]; then + if [ -f "$i/libidn.so" || -f "$i/libidn.dylib" || -f "$i/libidn.a" || -f "$i/libidn.dll.a" || -f "$i/libidn.la" ]; then IDN_PATH="$i" fi fi @@ -324,11 +324,11 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: IDN_IPATH=$IDN_IPATH/stringprep.h echo DEBUG: PR29_IPATH=$PR29_IPATH/pr29.h fi -if [ -n "$IDN_PATH" -a -n "$IDN_IPATH" ]; then +if [ -n "$IDN_PATH" && -n "$IDN_IPATH" ]; then echo " ... found" fi #pr29 is optional -if [ "X" = "X$IDN_PATH" -o "X" = "X$IDN_IPATH" ]; then +if [ "X" = "X$IDN_PATH" || "X" = "X$IDN_IPATH" ]; then echo " ... NOT found, unicode logins and passwords will not be supported" IDN_PATH="" IDN_IPATH="" @@ -338,7 +338,7 @@ fi echo "Checking for curses (libcurses.so / term.h) ..." for i in $LIBDIRS; do if [ "X" = "X$CURSES_PATH" ]; then - if [ -f "$i/libcurses.so" -o -f "$i/libcurses.dylib" -o -f "$i/libcurses.a" ]; then + if [ -f "$i/libcurses.so" || -f "$i/libcurses.dylib" || -f "$i/libcurses.a" ]; then CURSES_PATH="$i" fi fi @@ -369,10 +369,10 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: CURSES_PATH=$CURSES_PATH/libcurses echo DEBUG: CURSES_IPATH=$CURSES_IPATH/term.h fi -if [ -n "$CURSES_PATH" -a -n "$CURSES_IPATH" ]; then +if [ -n "$CURSES_PATH" && -n "$CURSES_IPATH" ]; then echo " ... found, color output enabled" fi -if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then +if [ "X" = "X$CURSES_PATH" || "X" = "X$CURSES_IPATH" ]; then echo " ... NOT found, color output disabled" CURSES_PATH="" CURSES_IPATH="" @@ -381,7 +381,7 @@ fi echo "Checking for pcre (libpcre.so, pcre.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$PCRE_PATH" ]; then - if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then + if [ -f "$i/libpcre.so" || -f "$i/libpcre.dylib" || -f "$i/libpcre.a" ]; then PCRE_PATH="$i" fi fi @@ -409,10 +409,10 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: PCRE_PATH=$PCRE_PATH/libpcre echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre.h fi -if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then +if [ -n "$PCRE_PATH" && -n "$PCRE_IPATH" ]; then echo " ... found" fi -if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then +if [ "X" = "X$PCRE_PATH" || "X" = "X$PCRE_IPATH" ]; then echo " ... NOT found, server response checks will be less reliable" PCRE_PATH="" PCRE_IPATH="" @@ -426,7 +426,7 @@ echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." #else for i in $LIBDIRS ; do if [ "X" = "X$POSTGRES_PATH" ]; then - if [ -f "$i/libpq.so" -o -f "$i/libpq.dylib" -o -f "$i/libpq.a" ]; then + if [ -f "$i/libpq.so" || -f "$i/libpq.dylib" || -f "$i/libpq.a" ]; then POSTGRES_PATH="$i" fi fi @@ -464,10 +464,10 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: POSTGRES_PATH=$POSTGRES_PATH/libpq echo DEBUG: POSTGRES_IPATH=$POSTGRES_IPATH/libpq-fe.h fi - if [ -n "$POSTGRES_PATH" -a -n "$POSTGRES_IPATH" ]; then + if [ -n "$POSTGRES_PATH" && -n "$POSTGRES_IPATH" ]; then echo " ... found" fi - if [ "X" = "X$POSTGRES_PATH" -o "X" = "X$POSTGRES_IPATH" ]; then + if [ "X" = "X$POSTGRES_PATH" || "X" = "X$POSTGRES_IPATH" ]; then echo " ... NOT found, module postgres disabled" POSTGRES_PATH="" POSTGRES_IPATH="" @@ -482,7 +482,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.so" -a -f "$i/libaprutil-1.so" ]; then + if [ -f "$i/libapr-1.so" && -f "$i/libaprutil-1.so" ]; then APR_PATH="$i" fi fi @@ -492,7 +492,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.dll.a" -a -f "$i/libaprutil-1.dll.a" ]; then + if [ -f "$i/libapr-1.dll.a" && -f "$i/libaprutil-1.dll.a" ]; then APR_PATH="$i" fi fi @@ -502,7 +502,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.dylib" -a -f "$i/libaprutil-1.dylib" ]; then + if [ -f "$i/libapr-1.dylib" && -f "$i/libaprutil-1.dylib" ]; then APR_PATH="$i" fi fi @@ -512,7 +512,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.a" -a -f "$i/libaprutil-1.a" ]; then + if [ -f "$i/libapr-1.a" && -f "$i/libaprutil-1.a" ]; then APR_PATH="$i" fi fi @@ -522,7 +522,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.0.dylib" -a -f "$i/libaprutil-1.0.dylib" ]; then + if [ -f "$i/libapr-1.0.dylib" && -f "$i/libaprutil-1.0.dylib" ]; then APR_PATH="$i" fi fi @@ -535,7 +535,7 @@ for i in $LIBDIRS ; do if [ "X" = "X$APR_PATH" ]; then TMP_LIB2=`/bin/ls $i/libapr-1*.so* 2> /dev/null | grep libsvn_client.` TMP_LIB3=`/bin/ls $i/libaprutil-1*.so* 2> /dev/null | grep libsvn_client.` - if [ -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then + if [ -n "$TMP_LIB2" && -n "$TMP_LIB3" ]; then APR_PATH="$i" fi fi @@ -548,7 +548,7 @@ for i in $LIBDIRS ; do if [ "X" = "X$APR_PATH" ]; then TMP_LIB2=`/bin/ls $i/libapr-1*.dll* 2> /dev/null | grep libsvn_client.` TMP_LIB3=`/bin/ls $i/libaprutil-1*.dll* 2> /dev/null | grep libsvn_client.` - if [ -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then + if [ -n "$TMP_LIB2" && -n "$TMP_LIB3" ]; then APR_PATH="$i" fi fi @@ -585,7 +585,7 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: APR_IPATH=$APR_IPATH/ fi -if [ "X" = "X$SVN_PATH" -o "X" = "X$SVN_IPATH" -o "X" = "X$APR_IPATH" ]; then +if [ "X" = "X$SVN_PATH" || "X" = "X$SVN_IPATH" || "X" = "X$APR_IPATH" ]; then SVN_PATH="" SVN_IPATH="" APR_IPATH="" @@ -597,17 +597,17 @@ if [ "$APR_IPATH" = "/usr/include" ]; then APR_IPATH="" fi -if [ -n "$SVN_PATH" -a -n "$APR_PATH" ]; then +if [ -n "$SVN_PATH" && -n "$APR_PATH" ]; then echo " ... found" fi -if [ "X" = "X$SVN_PATH" -o "X" = "X$APR_PATH" ]; then +if [ "X" = "X$SVN_PATH" || "X" = "X$APR_PATH" ]; then echo " ... NOT found, module svn disabled" fi echo "Checking for firebird (libfbclient.so) ..." for i in $LIBDIRS ; do if [ "X" = "X$FIREBIRD_PATH" ]; then - if [ -f "$i/libfbclient.so" -o -f "$i/libfbclient.dylib" -o -f "$i/libfbclient.a" ]; then + if [ -f "$i/libfbclient.so" || -f "$i/libfbclient.dylib" || -f "$i/libfbclient.a" ]; then FIREBIRD_PATH="$i" fi fi @@ -638,10 +638,10 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: FIREBIRD_PATH=$FIREBIRD_PATH/libfbclient echo DEBUG: FIREBIRD_IPATH=$FIREBIRD_IPATH/ibase.h fi -if [ -n "$FIREBIRD_PATH" -a -n "$FIREBIRD_IPATH" ]; then +if [ -n "$FIREBIRD_PATH" && -n "$FIREBIRD_IPATH" ]; then echo " ... found" fi -if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then +if [ "X" = "X$FIREBIRD_PATH" || "X" = "X$FIREBIRD_IPATH" ]; then echo " ... NOT found, module firebird disabled" FIREBIRD_PATH="" FIREBIRD_IPATH="" @@ -650,7 +650,7 @@ fi echo "Checking for MYSQL client (libmysqlclient.so, math.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$MYSQL_PATH" ]; then - if [ -f "$i/libmysqlclient.so" -o -f "$i/libmysqlclient.dylib" -o -f "$i/libmysqlclient.a" ]; then + if [ -f "$i/libmysqlclient.so" || -f "$i/libmysqlclient.dylib" || -f "$i/libmysqlclient.a" ]; then MYSQL_PATH="$i" fi fi @@ -686,7 +686,7 @@ fi MATH="" if [ -f "$SDK_PATH/usr/include/math.h" ]; then MATH="-DHAVE_MATH_H" - if [ -n "$MYSQL_PATH" -a -n "$MYSQL_IPATH" -a -n "$MATH" ]; then + if [ -n "$MYSQL_PATH" && -n "$MYSQL_IPATH" && -n "$MATH" ]; then echo " ... found" else echo " ... NOT found, module Mysql will not support version > 4.x" @@ -699,7 +699,7 @@ fi echo "Checking for AFP (libafpclient.so) ..." for i in $LIBDIRS ; do if [ "X" = "X$AFP_PATH" ]; then - if [ -f "$i/libafpclient.so" -o -f "$i/libafpclient.so" -o -f "$i/libafpclient.a" ]; then + if [ -f "$i/libafpclient.so" || -f "$i/libafpclient.so" || -f "$i/libafpclient.a" ]; then AFP_PATH="$i" fi fi @@ -727,10 +727,10 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: AFP_PATH=$AFP_PATH/libafpclient echo DEBUG: AFP_IPATH=$AFP_IPATH/afp.h fi -if [ -n "$AFP_PATH" -a -n "$AFP_IPATH" ]; then +if [ -n "$AFP_PATH" && -n "$AFP_IPATH" ]; then echo " ... found" fi -if [ "X" = "X$AFP_PATH" -o "X" = "X$AFP_IPATH" ]; then +if [ "X" = "X$AFP_PATH" || "X" = "X$AFP_IPATH" ]; then echo " ... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway" AFP_PATH="" AFP_IPATH="" @@ -739,7 +739,7 @@ fi echo "Checking for NCP (libncp.so / nwcalls.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$NCP_PATH" ]; then - if [ -f "$i/libncp.so" -o -f "$i/libncp.dylib" -o -f "$i/libncp.a" ]; then + if [ -f "$i/libncp.so" || -f "$i/libncp.dylib" || -f "$i/libncp.a" ]; then NCP_PATH="$i" fi fi @@ -767,10 +767,10 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: NCP_PATH=$NCP_PATH/libncp echo DEBUG: NCP_IPATH=$NCP_IPATH/ncp/nwcalls.h fi -if [ -n "$NCP_PATH" -a -n "$NCP_IPATH" ]; then +if [ -n "$NCP_PATH" && -n "$NCP_IPATH" ]; then echo " ... found" fi -if [ "X" = "X$NCP_PATH" -o "X" = "X$NCP_IPATH" ]; then +if [ "X" = "X$NCP_PATH" || "X" = "X$NCP_IPATH" ]; then echo " ... NOT found, module NCP disabled" NCP_PATH="" NCP_IPATH="" @@ -779,7 +779,7 @@ fi echo "Checking for SAP/R3 (librfc/saprfc.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$SAPR3_PATH" ]; then - if [ -f "$i/librfc.a" -o -f "$i/librfc.dylib" -o "$i/librfc32.dll" ]; then + if [ -f "$i/librfc.a" || -f "$i/librfc.dylib" || "$i/librfc32.dll" ]; then SAPR3_PATH="$i" fi fi @@ -821,7 +821,7 @@ fi echo "Checking for libssh (libssh/libssh.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$SSH_PATH" ]; then - if [ -f "$i/libssh.so" -o -f "$i/libssh.dylib" -o -f "$i/libssh.a" ]; then + if [ -f "$i/libssh.so" || -f "$i/libssh.dylib" || -f "$i/libssh.a" ]; then SSH_PATH="$i" fi fi @@ -882,22 +882,22 @@ fi for i in $LIBDIRS ; do if [ "X" = "X$ORACLE_PATH" ]; then - if [ -f "$i/libocci.so" -a -f "$i/libclntsh.so" ]; then + if [ -f "$i/libocci.so" && -f "$i/libclntsh.so" ]; then ORACLE_PATH="$i" fi fi if [ "X" = "X$ORACLE_PATH" ]; then - if [ -f "$i/libocci.dylib" -a -f "$i/libclntsh.dylib" ]; then + if [ -f "$i/libocci.dylib" && -f "$i/libclntsh.dylib" ]; then ORACLE_PATH="$i" fi fi if [ "X" = "X$ORACLE_PATH" ]; then - if [ -f "$i/libocci.a" -a -f "$i/libclntsh.a" ]; then + if [ -f "$i/libocci.a" && -f "$i/libclntsh.a" ]; then ORACLE_PATH="$i" fi fi if [ "X" = "X$ORACLE_PATH" ]; then - if [ -f "$i/liboci.a" -a -f "$i/oci.dll" ]; then + if [ -f "$i/liboci.a" && -f "$i/oci.dll" ]; then ORACLE_PATH="$i" fi fi @@ -924,11 +924,11 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: ORACLE_PATH=$ORACLE_PATH/libocci fi #check for Kernel Asynchronous I/O (AIO) lib support, no need on Cygwin -if [ "X" != "X$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then +if [ "X" != "X$ORACLE_PATH" && "$SYSO" != "Cygwin" ]; then LIBAIO="" for i in $LIBDIRS ; do if [ "X" = "X$LIBAIO" ]; then - if [ -f "$i/libaio.so" -o -f "$i/libaio.dylib" -o -f "$i/libaio.a" ]; then + if [ -f "$i/libaio.so" || -f "$i/libaio.dylib" || -f "$i/libaio.a" ]; then LIBAIO="$i" fi fi @@ -959,10 +959,10 @@ done if [ "X" != "X$DEBUG" ]; then echo DEBUG: ORACLE_IPATH=$ORACLE_IPATH/oci.h fi -if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then +if [ -n "$ORACLE_PATH" && -n "$ORACLE_IPATH" ]; then echo " ... found" fi -if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then +if [ "X" = "X$ORACLE_PATH" || "X" = "X$ORACLE_IPATH" ]; then echo " ... NOT found, module Oracle disabled" echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html" ORACLE_PATH="" @@ -973,7 +973,7 @@ echo "Checking for Memcached (libmemcached.so, memcached.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$MCACHED_PATH" ]; then - if [ -f "$i/libmemcached.so" -o -f "$i/libmemcached.dylib" -o -f "$i/libmemcached.a" ]; then + if [ -f "$i/libmemcached.so" || -f "$i/libmemcached.dylib" || -f "$i/libmemcached.a" ]; then MCACHED_PATH="$i" fi fi @@ -1010,96 +1010,24 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: MCACHED_PATH=$MCACHED_PATH/libmemcached echo DEBUG: MCACHED_IPATH=$MCACHED_IPATH/memcached.h fi - if [ -n "$MCACHED_PATH" -a -n "$MCACHED_IPATH" ]; then + if [ -n "$MCACHED_PATH" && -n "$MCACHED_IPATH" ]; then echo " ... found" fi - if [ "X" = "X$MCACHED_PATH" -o "X" = "X$MCACHED_IPATH" ]; then + if [ "X" = "X$MCACHED_PATH" || "X" = "X$MCACHED_IPATH" ]; then echo " ... NOT found, module memcached disabled" MCACHED_PATH="" MCACHED_IPATH="" fi -echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*.h) ..." - - for i in $LIBDIRS ; do - if [ "X" = "X$FREERDP2_PATH" ]; then - if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" -o -f "$i/libfreerdp2.dll.a" ]; then - FREERDP2_PATH="$i" - fi - fi - if [ "X" = "X$FREERDP2_PATH" ]; then - TMP_LIB=`/bin/ls $i/libfreerdp2*.so* 2> /dev/null | grep libfreerdp2` - if [ -n "$TMP_LIB" ]; then - FREERDP2_PATH="$i" - fi - fi - done - - FREERDP2_IPATH= - for i in $INCDIRS ; do - if [ "X" = "X$FREERDP2_IPATH" ]; then - if [ -f "$i/freerdp/freerdp.h" ]; then - FREERDP2_IPATH="$i/freerdp2" - fi - if [ -f "$i/freerdp2/freerdp/freerdp.h" ]; then - FREERDP2_IPATH="$i/freerdp2" - fi - fi - done - - for i in $LIBDIRS ; do - if [ "X" = "X$WINPR2_PATH" ]; then - if [ -f "$i/libwinpr2.so" -o -f "$i/libwinpr2.dylib" -o -f "$i/libwinpr2.a" ]; then - WINPR2_PATH="$i" - fi - fi - if [ "X" = "X$WINPR2_PATH" ]; then - TMP_LIB=`/bin/ls $i/libwinpr2.dll.a 2> /dev/null | grep winpr` - if [ -n "$TMP_LIB" ]; then - WINPR2_PATH="$i" - fi - fi - done - - WINPR2_IPATH= - for i in $INCDIRS ; do - if [ "X" = "X$WINPR2_IPATH" ]; then - if [ -f "$i/winpr.h" ]; then - WINPR2_IPATH="$i" - fi - if [ -f "$i/winpr2/winpr/winpr.h" ]; then - WINPR2_IPATH="$i/winpr2" - fi - fi - done - -if [ "X" != "X$DEBUG" ]; then - echo DEBUG: FREERDP2_PATH=$FREERDP2_PATH/ - echo DEBUG: FREERDP2_IPATH=$FREERDP2_IPATH/ - echo DEBUG: WINPR2_PATH=$WINPR2_PATH/ - echo DEBUG: WINPR2_IPATH=$WINPR2_IPATH/ -fi - - if [ -n "$FREERDP2_PATH" -a -n "$FREERDP2_IPATH" -a -n "$WINPR2_PATH" -a -n "$WINPR2_IPATH" ]; then - echo " ... found" - fi - if [ "X" = "X$FREERDP2_PATH" -o "X" = "X$FREERDP2_IPATH" -o "X" = "X$WINPR2_PATH" -o "X" = "X$WINPR2_IPATH" ]; then - echo " ... NOT found, checking freerdp3 module next..." - FREERDP2_PATH="" - FREERDP2_IPATH="" - WINPR2_PATH="" - WINPR2_IPATH="" - fi - echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*.h) ..." for i in $LIBDIRS ; do - if [ "X" = "X$FREERDP2_PATH" ] && [ "X" = "X$FREERDP3_PATH" ]; then - if [ -f "$i/libfreerdp3.so" -o -f "$i/libfreerdp3.dylib" -o -f "$i/libfreerdp3.a" -o -f "$i/libfreerdp3.dll.a" ]; then + if [ "X" = "X$FREERDP3_PATH" ]; then + if [ -f "$i/libfreerdp3.so" || -f "$i/libfreerdp3.dylib" || -f "$i/libfreerdp3.a" || -f "$i/libfreerdp3.dll.a" ]; then FREERDP3_PATH="$i" fi fi - if [ "X" = "X$FREERDP2_PATH" ] && [ "X" = "X$FREERDP3_PATH" ]; then + if [ "X" = "X$FREERDP3_PATH" ]; then TMP_LIB=`/bin/ls $i/libfreerdp3*.so* 2> /dev/null | grep libfreerdp3` if [ -n "$TMP_LIB" ]; then FREERDP3_PATH="$i" @@ -1109,7 +1037,7 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. FREERDP3_IPATH= for i in $INCDIRS ; do - if [ "X" = "X$FREERDP2_IPATH" ] && [ "X" = "X$FREERDP3_IPATH" ]; then + if [ "X" = "X$FREERDP3_IPATH" ]; then if [ -f "$i/freerdp/freerdp.h" ]; then FREERDP3_IPATH="$i/freerdp3" fi @@ -1120,12 +1048,12 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. done for i in $LIBDIRS ; do - if [ "X" = "X$WINPR2_PATH" ] && [ "X" = "X$WINPR3_PATH" ]; then - if [ -f "$i/libwinpr3.so" -o -f "$i/libwinpr3.dylib" -o -f "$i/libwinpr3.a" ]; then + if [ "X" = "X$WINPR3_PATH" ]; then + if [ -f "$i/libwinpr3.so" || -f "$i/libwinpr3.dylib" || -f "$i/libwinpr3.a" ]; then WINPR3_PATH="$i" fi fi - if [ "X" = "X$WINPR2_PATH" ] && [ "X" = "X$WINPR3_PATH" ]; then + if [ "X" = "X$WINPR3_PATH" ]; then TMP_LIB=`/bin/ls $i/libwinpr3.dll.a 2> /dev/null | grep winpr` if [ -n "$TMP_LIB" ]; then WINPR3_PATH="$i" @@ -1135,7 +1063,7 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. WINPR3_IPATH= for i in $INCDIRS ; do - if [ "X" = "X$WINPR2_IPATH" ] && [ "X" = "X$WINPR3_IPATH" ]; then + if [ "X" = "X$WINPR3_IPATH" ]; then if [ -f "$i/winpr.h" ]; then WINPR3_IPATH="$i" fi @@ -1152,22 +1080,96 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: WINPR3_IPATH=$WINPR3_IPATH/ fi - if [ -n "$FREERDP3_PATH" -a -n "$FREERDP3_IPATH" -a -n "$WINPR3_PATH" -a -n "$WINPR3_IPATH" ]; then + if [ -n "$FREERDP3_PATH" && -n "$FREERDP3_IPATH" && -n "$WINPR3_PATH" && -n "$WINPR3_IPATH" ]; then echo " ... found" fi - if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then - echo " ... NOT found, module rdp disabled" + if [ "X" = "X$FREERDP3_PATH" || "X" = "X$FREERDP3_IPATH" || "X" = "X$WINPR3_PATH" || "X" = "X$WINPR3_IPATH" ]; then + echo " ... NOT found, checking for freerdp2 module next..." FREERDP3_PATH="" FREERDP3_IPATH="" WINPR3_PATH="" WINPR3_IPATH="" fi +if ["X" != "X$FREERDP3_PATH" || "X" != "X$FREERDP3_IPATH" || "X" != "X$WINPR3_PATH" || "X" != "X$WINPR3_IPATH"]; then + echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*.h) ..." + + for i in $LIBDIRS ; do + if [ "X" = "X$FREERDP2_PATH" ]; then + if [ -f "$i/libfreerdp2.so" || -f "$i/libfreerdp2.dylib" || -f "$i/libfreerdp2.a" || -f "$i/libfreerdp2.dll.a" ]; then + FREERDP2_PATH="$i" + fi + fi + if [ "X" = "X$FREERDP2_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfreerdp2*.so* 2> /dev/null | grep libfreerdp2` + if [ -n "$TMP_LIB" ]; then + FREERDP2_PATH="$i" + fi + fi + done + + FREERDP2_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$FREERDP2_IPATH" ]; then + if [ -f "$i/freerdp/freerdp.h" ]; then + FREERDP2_IPATH="$i/freerdp2" + fi + if [ -f "$i/freerdp2/freerdp/freerdp.h" ]; then + FREERDP2_IPATH="$i/freerdp2" + fi + fi + done + + for i in $LIBDIRS ; do + if [ "X" = "X$WINPR2_PATH" ]; then + if [ -f "$i/libwinpr2.so" || -f "$i/libwinpr2.dylib" || -f "$i/libwinpr2.a" ]; then + WINPR2_PATH="$i" + fi + fi + if [ "X" = "X$WINPR2_PATH" ]; then + TMP_LIB=`/bin/ls $i/libwinpr2.dll.a 2> /dev/null | grep winpr` + if [ -n "$TMP_LIB" ]; then + WINPR2_PATH="$i" + fi + fi + done + + WINPR2_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$WINPR2_IPATH" ]; then + if [ -f "$i/winpr.h" ]; then + WINPR2_IPATH="$i" + fi + if [ -f "$i/winpr2/winpr/winpr.h" ]; then + WINPR2_IPATH="$i/winpr2" + fi + fi + done + + if [ "X" != "X$DEBUG" ]; then + echo DEBUG: FREERDP2_PATH=$FREERDP2_PATH/ + echo DEBUG: FREERDP2_IPATH=$FREERDP2_IPATH/ + echo DEBUG: WINPR2_PATH=$WINPR2_PATH/ + echo DEBUG: WINPR2_IPATH=$WINPR2_IPATH/ + fi + + if [ -n "$FREERDP2_PATH" && -n "$FREERDP2_IPATH" && -n "$WINPR2_PATH" && -n "$WINPR2_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$FREERDP2_PATH" || "X" = "X$FREERDP2_IPATH" || "X" = "X$WINPR2_PATH" || "X" = "X$WINPR2_IPATH" ]; then + echo " ... NOT found, module rdp disabled" + FREERDP2_PATH="" + FREERDP2_IPATH="" + WINPR2_PATH="" + WINPR2_IPATH="" + fi +fi + echo "Checking for Mongodb (libmongoc-1.0.so, mongoc.h, libbson-1.0.so, bson.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$MONGODB_PATH" ]; then - if [ -f "$i/libmongoc-1.0.so" -o -f "$i/libmongoc-1.0.dylib" -o -f "$i/libmongoc-1.0.a" ]; then + if [ -f "$i/libmongoc-1.0.so" || -f "$i/libmongoc-1.0.dylib" || -f "$i/libmongoc-1.0.a" ]; then MONGODB_PATH="$i" fi fi @@ -1202,7 +1204,7 @@ echo "Checking for Mongodb (libmongoc-1.0.so, mongoc.h, libbson-1.0.so, bson.h) for i in $LIBDIRS ; do if [ "X" = "X$BSON_PATH" ]; then - if [ -f "$i/libbson-1.0.so" -o -f "$i/libbson-1.0.dylib" -o -f "$i/libbson-1.0.a" ]; then + if [ -f "$i/libbson-1.0.so" || -f "$i/libbson-1.0.dylib" || -f "$i/libbson-1.0.a" ]; then BSON_PATH="$i" fi fi @@ -1242,10 +1244,10 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: BSON_IPATH=$BSON_IPATH/libbson.h fi - if [ -n "$MONGODB_PATH" -a -n "$MONGODB_IPATH" -a -n "$BSON_PATH" -a -n "$BSON_IPATH" ]; then + if [ -n "$MONGODB_PATH" && -n "$MONGODB_IPATH" && -n "$BSON_PATH" && -n "$BSON_IPATH" ]; then echo " ... found" fi - if [ "X" = "X$MONGODB_PATH" -o "X" = "X$MONGODB_IPATH" -o "X" = "X$BSON_PATH" -o "X" = "X$BSON_IPATH" ]; then + if [ "X" = "X$MONGODB_PATH" || "X" = "X$MONGODB_IPATH" || "X" = "X$BSON_PATH" || "X" = "X$BSON_IPATH" ]; then echo " ... NOT found, module mongodb disabled" MONGODB_PATH="" MONGODB_IPATH="" @@ -1257,7 +1259,7 @@ echo "Checking for smbclient (libsmbclient.so, libsmbclient.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$SMBC_PATH" ]; then - if [ -f "$i/libsmbclient.so" -o -f "$i/libsmbclient.dylib" -o -f "$i/libsmbclient.a" ]; then + if [ -f "$i/libsmbclient.so" || -f "$i/libsmbclient.dylib" || -f "$i/libsmbclient.a" ]; then SMBC_PATH="$i" fi fi @@ -1291,10 +1293,10 @@ echo "Checking for smbclient (libsmbclient.so, libsmbclient.h) ..." echo DEBUG: SMBC_PATH=$SMBC_PATH/libsmbclient echo DEBUG: SMBC_IPATH=$SMBC_IPATH/libsmbclient.h fi - if [ -n "$SMBC_PATH" -a -n "$SMBC_IPATH" ]; then + if [ -n "$SMBC_PATH" && -n "$SMBC_IPATH" ]; then echo " ... found" fi - if [ "X" = "X$SMBC_PATH" -o "X" = "X$SMBC_IPATH" ]; then + if [ "X" = "X$SMBC_PATH" || "X" = "X$SMBC_IPATH" ]; then echo " ... NOT found, module smb2 disabled" SMBC_PATH="" SMBC_IPATH="" @@ -1344,7 +1346,7 @@ if [ "$SYSS" = "SunOS" ]; then if [ "X" = "X$RESOLV_PATH" ]; then echo "Resolv library not found, which is needed on Solaris." fi - if [ -n "$RESOLV_PATH" -a -n "$SOCKET_PATH" -a -n "$RESOLV_PATH" ]; then + if [ -n "$RESOLV_PATH" && -n "$SOCKET_PATH" && -n "$RESOLV_PATH" ]; then echo " ... all found" fi echo @@ -1601,7 +1603,7 @@ fi if [ -n "$MONGODB_IPATH" ]; then XIPATHS="$XIPATHS -I$MONGODB_IPATH -I$BSON_IPATH" fi -if [ -n "$FREERDP3_IPATH" ]; then +if [ -n "$FREERDP2_IPATH" ]; then XIPATHS="$XIPATHS -I$FREERDP2_IPATH -I$WINPR2_IPATH" fi if [ -n "$FREERDP3_IPATH" ]; then @@ -1625,10 +1627,10 @@ fi if [ -n "$NCP_PATH" ]; then XLIBS="$XLIBS -lncp" fi -if [ -n "$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then +if [ -n "$ORACLE_PATH" && "$SYSO" != "Cygwin" ]; then XLIBS="$XLIBS -locci -lclntsh" fi -if [ -n "$ORACLE_PATH" -a "$SYSO" = "Cygwin" ]; then +if [ -n "$ORACLE_PATH" && "$SYSO" = "Cygwin" ]; then XLIBS="$XLIBS -loci" fi if [ -n "$FIREBIRD_PATH" ]; then @@ -1708,7 +1710,7 @@ if [ "X" = "X$PREFIX" ]; then PREFIX="/usr/local" fi -if [ "X" = "X$XHYDRA_SUPPORT" -o "Xdisable" = "X$XHYDRA_SUPPORT" ]; then +if [ "X" = "X$XHYDRA_SUPPORT" || "Xdisable" = "X$XHYDRA_SUPPORT" ]; then XHYDRA_SUPPORT="" else XHYDRA_SUPPORT="xhydra" From a73cd388f8891f682e9081f132ea0876e1a0a6ee Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 7 Jul 2020 18:43:53 +0200 Subject: [PATCH 112/332] fix PR --- CHANGES | 9 +- Makefile.am | 1 - configure | 282 ++++++++++++++++++++++++++-------------------------- 3 files changed, 148 insertions(+), 144 deletions(-) diff --git a/CHANGES b/CHANGES index 9b7c11f..74542aa 100644 --- a/CHANGES +++ b/CHANGES @@ -2,11 +2,16 @@ Changelog for hydra ------------------- Release 9.1-dev +* rdb: support for libfreerdp3 (thanks to animetauren) * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) +* oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) * rtsp: fixed crash in MD5 auth * svn: updated to support past and new API -* http module now supports F=/S= string matching conditions (thanks to poucz@github) -* changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ... +* http: now supports F=/S= string matching conditions (thanks to poucz@github) +* http-proxy: buffer fix, 404 success condition (thanks to kazkansouh) +* mysql: changed not to use mysql db as a default. if the user has not access to this db auth fails ... +* sasl: buffer fix (thanks to TenGbps) +* fixed help for https modules (thanks to Jab2870) * added -K command line switch to disable redo attempts (good for mass scanning) * forgot to have the -m option in the hydra help output * gcc-10 support and various cleanups by Jeroen Roovers, thanks! diff --git a/Makefile.am b/Makefile.am index 4f61b28..9d349c2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -78,7 +78,6 @@ install: strip -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) - -ldconfig clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile diff --git a/configure b/configure index 709fb30..19d8516 100755 --- a/configure +++ b/configure @@ -3,7 +3,7 @@ # uname -s = Linux | OpenBSD | FreeBSD | Darwin # uname -m = i636 or x86_64 -if [ "$1" = "-h" || "$1" = "--help" ]; then +if [ "$1" = "-h" -o "$1" = "--help" ]; then echo Options: echo " --prefix=path path to install hydra and its datafiles to" echo " --fhs install according to the File System Hierarchy Standard" @@ -147,7 +147,7 @@ fi # On macOS /usr/include only exists if one has installed the Command Line Tools package. # If this is an Xcode-only system we need to look inside the SDK for headers. SDK_PATH="" -if [ "$SYSS" = "Darwin" ] && [ ! -d "/usr/include" ]; then +if [ "$SYSS" = "Darwin" -a ! -d "/usr/include" ]; then SDK_PATH=`xcrun --show-sdk-path` fi LIBDIRS=`cat /etc/ld.so.conf /etc/ld.so.conf.d/* 2> /dev/null | grep -v '^#' | sort | uniq` @@ -170,7 +170,7 @@ fi STRIP="strip" echo -echo "Checking for zlib (libz.so, zlib.h) ..." +echo "Checking for zlib (libz/zlib.h) ..." for i in $INCDIRS; do if [ -f "$i/zlib.h" ]; then HAVE_ZLIB="y" @@ -178,12 +178,12 @@ for i in $INCDIRS; do done if [ -n "$HAVE_ZLIB" ]; then - echo " ... found" + echo " ... found" else - echo " ... zlib not found, gzip support disabled" + echo " ... zlib not found, gzip support disabled" fi -echo "Checking for openssl (libssl, libcrypto, ssl.h, sha.h) ..." +echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..." if [ "X" != "X$DEBUG" ]; then echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null` echo DEBUG: SSL_INC=$INCDIRS `ls -d /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include 2> /dev/null` @@ -198,7 +198,7 @@ else /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib do if [ "X" = "X$SSL_PATH" ]; then - if [ -f "$i/libssl.so" || -f "$i/libssl.dylib" || -f "$i/libssl.a" ]; then + if [ -f "$i/libssl.so" -o -f "$i/libssl.dylib" -o -f "$i/libssl.a" ]; then SSL_PATH="$i" fi fi @@ -209,7 +209,7 @@ else fi fi if [ "X" = "X$CRYPTO_PATH" ]; then - if [ -f "$i/libcrypto.so" || -f "$i/libcrypto.dylib" || -f "$i/libcrypto.a" ]; then + if [ -f "$i/libcrypto.so" -o -f "$i/libcrypto.dylib" -o -f "$i/libcrypto.a" ]; then CRYPTO_PATH="$i" fi fi @@ -251,24 +251,24 @@ if [ "X" = "X$SSL_IPATH" ]; then SSL_PATH="" CRYPTO_PATH="" fi -if [ -n "$SSL_PATH" && "X" = "X$SSLNEW" ]; then - echo " ... found but OLD" +if [ -n "$SSL_PATH" -a "X" = "X$SSLNEW" ]; then + echo " ... found but OLD" echo "NOTE: your OpenSSL package is outdated, update it!" fi -if [ -n "$SSL_PATH" && '!' "X" = "X$SSLNEW" ]; then - echo " ... found" +if [ -n "$SSL_PATH" -a '!' "X" = "X$SSLNEW" ]; then + echo " ... found" fi if [ "X" = "X$SSL_PATH" ]; then - echo " ... NOT found, SSL support disabled" + echo " ... NOT found, SSL support disabled" echo "Get it from http://www.openssl.org" fi if [ "$SSL_IPATH" = "/usr/include" ]; then SSL_IPATH="" fi -echo "Checking for gcrypt (libgcrypt.so, gpg-error.h) ..." +echo "Checking for gcrypt (libgcrypt/gpg-error.h) ..." for i in $LIBDIRS ; do - if [ -f "$i/libgcrypt.so" || -f "$i/libgcrypt.dylib" || -f "$i/libgcrypt.a" || -f "$i/libgcrypt.dll.a" || -f "$i/libgcrypt.la" ]; then + if [ -f "$i/libgcrypt.so" -o -f "$i/libgcrypt.dylib" -o -f "$i/libgcrypt.a" -o -f "$i/libgcrypt.dll.a" -o -f "$i/libgcrypt.la" ]; then HAVE_GCRYPT="y" fi done @@ -286,17 +286,17 @@ for i in $INCDIRS ; do fi done -if [ -n "$HAVE_GCRYPT" && "X" != "X$GPGERROR_IPATH" ]; then - echo " ... found" +if [ -n "$HAVE_GCRYPT" -a "X" != "X$GPGERROR_IPATH" ]; then + echo " ... found" else - echo " ... gcrypt not found, radmin2 module disabled" + echo " ... gcrypt not found, radmin2 module disabled" HAVE_GCRYPT="" fi -echo "Checking for idn (libidn.so) ..." +echo "Checking for idn (libidn) ..." for i in $LIBDIRS ; do if [ "X" = "X$IDN_PATH" ]; then - if [ -f "$i/libidn.so" || -f "$i/libidn.dylib" || -f "$i/libidn.a" || -f "$i/libidn.dll.a" || -f "$i/libidn.la" ]; then + if [ -f "$i/libidn.so" -o -f "$i/libidn.dylib" -o -f "$i/libidn.a" -o -f "$i/libidn.dll.a" -o -f "$i/libidn.la" ]; then IDN_PATH="$i" fi fi @@ -324,21 +324,21 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: IDN_IPATH=$IDN_IPATH/stringprep.h echo DEBUG: PR29_IPATH=$PR29_IPATH/pr29.h fi -if [ -n "$IDN_PATH" && -n "$IDN_IPATH" ]; then - echo " ... found" +if [ -n "$IDN_PATH" -a -n "$IDN_IPATH" ]; then + echo " ... found" fi #pr29 is optional -if [ "X" = "X$IDN_PATH" || "X" = "X$IDN_IPATH" ]; then - echo " ... NOT found, unicode logins and passwords will not be supported" +if [ "X" = "X$IDN_PATH" -o "X" = "X$IDN_IPATH" ]; then + echo " ... NOT found, unicode logins and passwords will not be supported" IDN_PATH="" IDN_IPATH="" PR29_IPATH="" fi -echo "Checking for curses (libcurses.so / term.h) ..." +echo "Checking for curses (libcurses/term.h) ..." for i in $LIBDIRS; do if [ "X" = "X$CURSES_PATH" ]; then - if [ -f "$i/libcurses.so" || -f "$i/libcurses.dylib" || -f "$i/libcurses.a" ]; then + if [ -f "$i/libcurses.so" -o -f "$i/libcurses.dylib" -o -f "$i/libcurses.a" ]; then CURSES_PATH="$i" fi fi @@ -369,19 +369,19 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: CURSES_PATH=$CURSES_PATH/libcurses echo DEBUG: CURSES_IPATH=$CURSES_IPATH/term.h fi -if [ -n "$CURSES_PATH" && -n "$CURSES_IPATH" ]; then - echo " ... found, color output enabled" +if [ -n "$CURSES_PATH" -a -n "$CURSES_IPATH" ]; then + echo " ... found, color output enabled" fi -if [ "X" = "X$CURSES_PATH" || "X" = "X$CURSES_IPATH" ]; then - echo " ... NOT found, color output disabled" +if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then + echo " ... NOT found, color output disabled" CURSES_PATH="" CURSES_IPATH="" fi -echo "Checking for pcre (libpcre.so, pcre.h) ..." +echo "Checking for pcre (libpcre/pcre.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$PCRE_PATH" ]; then - if [ -f "$i/libpcre.so" || -f "$i/libpcre.dylib" || -f "$i/libpcre.a" ]; then + if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then PCRE_PATH="$i" fi fi @@ -409,16 +409,16 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: PCRE_PATH=$PCRE_PATH/libpcre echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre.h fi -if [ -n "$PCRE_PATH" && -n "$PCRE_IPATH" ]; then - echo " ... found" +if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then + echo " ... found" fi -if [ "X" = "X$PCRE_PATH" || "X" = "X$PCRE_IPATH" ]; then - echo " ... NOT found, server response checks will be less reliable" +if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then + echo " ... NOT found, server response checks will be less reliable" PCRE_PATH="" PCRE_IPATH="" fi -echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." +echo "Checking for Postgres (libpq/libpq-fe.h) ..." #if [ "$SYSO" = "Cygwin" ]; then # echo " ... DISABLED - postgres is buggy in Cygwin at the moment" # POSTGRES_PATH="" @@ -426,7 +426,7 @@ echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." #else for i in $LIBDIRS ; do if [ "X" = "X$POSTGRES_PATH" ]; then - if [ -f "$i/libpq.so" || -f "$i/libpq.dylib" || -f "$i/libpq.a" ]; then + if [ -f "$i/libpq.so" -o -f "$i/libpq.dylib" -o -f "$i/libpq.a" ]; then POSTGRES_PATH="$i" fi fi @@ -464,17 +464,17 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: POSTGRES_PATH=$POSTGRES_PATH/libpq echo DEBUG: POSTGRES_IPATH=$POSTGRES_IPATH/libpq-fe.h fi - if [ -n "$POSTGRES_PATH" && -n "$POSTGRES_IPATH" ]; then - echo " ... found" + if [ -n "$POSTGRES_PATH" -a -n "$POSTGRES_IPATH" ]; then + echo " ... found" fi - if [ "X" = "X$POSTGRES_PATH" || "X" = "X$POSTGRES_IPATH" ]; then - echo " ... NOT found, module postgres disabled" + if [ "X" = "X$POSTGRES_PATH" -o "X" = "X$POSTGRES_IPATH" ]; then + echo " ... NOT found, module postgres disabled" POSTGRES_PATH="" POSTGRES_IPATH="" fi #fi -echo "Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ..." +echo "Checking for SVN (libsvn_client-1/libapr-1/libaprutil-1) ..." for i in $LIBDIRS ; do if [ "X" = "X$SVN_PATH" ]; then if [ -f "$i/libsvn_client-1.so" ]; then @@ -482,7 +482,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.so" && -f "$i/libaprutil-1.so" ]; then + if [ -f "$i/libapr-1.so" -a -f "$i/libaprutil-1.so" ]; then APR_PATH="$i" fi fi @@ -492,7 +492,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.dll.a" && -f "$i/libaprutil-1.dll.a" ]; then + if [ -f "$i/libapr-1.dll.a" -a -f "$i/libaprutil-1.dll.a" ]; then APR_PATH="$i" fi fi @@ -502,7 +502,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.dylib" && -f "$i/libaprutil-1.dylib" ]; then + if [ -f "$i/libapr-1.dylib" -a -f "$i/libaprutil-1.dylib" ]; then APR_PATH="$i" fi fi @@ -512,7 +512,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.a" && -f "$i/libaprutil-1.a" ]; then + if [ -f "$i/libapr-1.a" -a -f "$i/libaprutil-1.a" ]; then APR_PATH="$i" fi fi @@ -522,7 +522,7 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$APR_PATH" ]; then - if [ -f "$i/libapr-1.0.dylib" && -f "$i/libaprutil-1.0.dylib" ]; then + if [ -f "$i/libapr-1.0.dylib" -a -f "$i/libaprutil-1.0.dylib" ]; then APR_PATH="$i" fi fi @@ -535,7 +535,7 @@ for i in $LIBDIRS ; do if [ "X" = "X$APR_PATH" ]; then TMP_LIB2=`/bin/ls $i/libapr-1*.so* 2> /dev/null | grep libsvn_client.` TMP_LIB3=`/bin/ls $i/libaprutil-1*.so* 2> /dev/null | grep libsvn_client.` - if [ -n "$TMP_LIB2" && -n "$TMP_LIB3" ]; then + if [ -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then APR_PATH="$i" fi fi @@ -548,7 +548,7 @@ for i in $LIBDIRS ; do if [ "X" = "X$APR_PATH" ]; then TMP_LIB2=`/bin/ls $i/libapr-1*.dll* 2> /dev/null | grep libsvn_client.` TMP_LIB3=`/bin/ls $i/libaprutil-1*.dll* 2> /dev/null | grep libsvn_client.` - if [ -n "$TMP_LIB2" && -n "$TMP_LIB3" ]; then + if [ -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then APR_PATH="$i" fi fi @@ -585,7 +585,7 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: APR_IPATH=$APR_IPATH/ fi -if [ "X" = "X$SVN_PATH" || "X" = "X$SVN_IPATH" || "X" = "X$APR_IPATH" ]; then +if [ "X" = "X$SVN_PATH" -o "X" = "X$SVN_IPATH" -o "X" = "X$APR_IPATH" ]; then SVN_PATH="" SVN_IPATH="" APR_IPATH="" @@ -597,17 +597,17 @@ if [ "$APR_IPATH" = "/usr/include" ]; then APR_IPATH="" fi -if [ -n "$SVN_PATH" && -n "$APR_PATH" ]; then - echo " ... found" +if [ -n "$SVN_PATH" -a -n "$APR_PATH" ]; then + echo " ... found" fi -if [ "X" = "X$SVN_PATH" || "X" = "X$APR_PATH" ]; then - echo " ... NOT found, module svn disabled" +if [ "X" = "X$SVN_PATH" -o "X" = "X$APR_PATH" ]; then + echo " ... NOT found, module svn disabled" fi -echo "Checking for firebird (libfbclient.so) ..." +echo "Checking for firebird (libfbclient) ..." for i in $LIBDIRS ; do if [ "X" = "X$FIREBIRD_PATH" ]; then - if [ -f "$i/libfbclient.so" || -f "$i/libfbclient.dylib" || -f "$i/libfbclient.a" ]; then + if [ -f "$i/libfbclient.so" -o -f "$i/libfbclient.dylib" -o -f "$i/libfbclient.a" ]; then FIREBIRD_PATH="$i" fi fi @@ -638,19 +638,19 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: FIREBIRD_PATH=$FIREBIRD_PATH/libfbclient echo DEBUG: FIREBIRD_IPATH=$FIREBIRD_IPATH/ibase.h fi -if [ -n "$FIREBIRD_PATH" && -n "$FIREBIRD_IPATH" ]; then - echo " ... found" +if [ -n "$FIREBIRD_PATH" -a -n "$FIREBIRD_IPATH" ]; then + echo " ... found" fi -if [ "X" = "X$FIREBIRD_PATH" || "X" = "X$FIREBIRD_IPATH" ]; then - echo " ... NOT found, module firebird disabled" +if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then + echo " ... NOT found, module firebird disabled" FIREBIRD_PATH="" FIREBIRD_IPATH="" fi -echo "Checking for MYSQL client (libmysqlclient.so, math.h) ..." +echo "Checking for MYSQL client (libmysqlclient/math.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$MYSQL_PATH" ]; then - if [ -f "$i/libmysqlclient.so" || -f "$i/libmysqlclient.dylib" || -f "$i/libmysqlclient.a" ]; then + if [ -f "$i/libmysqlclient.so" -o -f "$i/libmysqlclient.dylib" -o -f "$i/libmysqlclient.a" ]; then MYSQL_PATH="$i" fi fi @@ -686,20 +686,20 @@ fi MATH="" if [ -f "$SDK_PATH/usr/include/math.h" ]; then MATH="-DHAVE_MATH_H" - if [ -n "$MYSQL_PATH" && -n "$MYSQL_IPATH" && -n "$MATH" ]; then - echo " ... found" + if [ -n "$MYSQL_PATH" -a -n "$MYSQL_IPATH" -a -n "$MATH" ]; then + echo " ... found" else - echo " ... NOT found, module Mysql will not support version > 4.x" + echo " ... NOT found, module Mysql will not support version > 4.x" MYSQL_PATH="" MYSQL_IPATH="" fi else echo " ... math.h not found, module Mysql disabled" fi -echo "Checking for AFP (libafpclient.so) ..." +echo "Checking for AFP (libafpclient) ..." for i in $LIBDIRS ; do if [ "X" = "X$AFP_PATH" ]; then - if [ -f "$i/libafpclient.so" || -f "$i/libafpclient.so" || -f "$i/libafpclient.a" ]; then + if [ -f "$i/libafpclient.so" -o -f "$i/libafpclient.so" -o -f "$i/libafpclient.a" ]; then AFP_PATH="$i" fi fi @@ -727,19 +727,19 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: AFP_PATH=$AFP_PATH/libafpclient echo DEBUG: AFP_IPATH=$AFP_IPATH/afp.h fi -if [ -n "$AFP_PATH" && -n "$AFP_IPATH" ]; then - echo " ... found" +if [ -n "$AFP_PATH" -a -n "$AFP_IPATH" ]; then + echo " ... found" fi -if [ "X" = "X$AFP_PATH" || "X" = "X$AFP_IPATH" ]; then - echo " ... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway" +if [ "X" = "X$AFP_PATH" -o "X" = "X$AFP_IPATH" ]; then + echo " ... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway" AFP_PATH="" AFP_IPATH="" fi -echo "Checking for NCP (libncp.so / nwcalls.h) ..." +echo "Checking for NCP (libncp/nwcalls.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$NCP_PATH" ]; then - if [ -f "$i/libncp.so" || -f "$i/libncp.dylib" || -f "$i/libncp.a" ]; then + if [ -f "$i/libncp.so" -o -f "$i/libncp.dylib" -o -f "$i/libncp.a" ]; then NCP_PATH="$i" fi fi @@ -767,11 +767,11 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: NCP_PATH=$NCP_PATH/libncp echo DEBUG: NCP_IPATH=$NCP_IPATH/ncp/nwcalls.h fi -if [ -n "$NCP_PATH" && -n "$NCP_IPATH" ]; then - echo " ... found" +if [ -n "$NCP_PATH" -a -n "$NCP_IPATH" ]; then + echo " ... found" fi -if [ "X" = "X$NCP_PATH" || "X" = "X$NCP_IPATH" ]; then - echo " ... NOT found, module NCP disabled" +if [ "X" = "X$NCP_PATH" -o "X" = "X$NCP_IPATH" ]; then + echo " ... NOT found, module NCP disabled" NCP_PATH="" NCP_IPATH="" fi @@ -779,7 +779,7 @@ fi echo "Checking for SAP/R3 (librfc/saprfc.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$SAPR3_PATH" ]; then - if [ -f "$i/librfc.a" || -f "$i/librfc.dylib" || "$i/librfc32.dll" ]; then + if [ -f "$i/librfc.a" -o -f "$i/librfc.dylib" -o "$i/librfc32.dll" ]; then SAPR3_PATH="$i" fi fi @@ -821,7 +821,7 @@ fi echo "Checking for libssh (libssh/libssh.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$SSH_PATH" ]; then - if [ -f "$i/libssh.so" || -f "$i/libssh.dylib" || -f "$i/libssh.a" ]; then + if [ -f "$i/libssh.so" -o -f "$i/libssh.dylib" -o -f "$i/libssh.a" ]; then SSH_PATH="$i" fi fi @@ -866,7 +866,7 @@ if [ "$SSH_IPATH" = "/usr/include" ]; then SSH_IPATH="" fi -echo "Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so / liboci.a and oci.dll) ..." +echo "Checking for Oracle (libocci/libclntsh/oci.h/libaio/liboci) ..." #assume if we find oci.h other headers should also be in that dir #for libs we will test the 2 if [ "X" != "X$WORACLE_PATH" ]; then @@ -882,22 +882,22 @@ fi for i in $LIBDIRS ; do if [ "X" = "X$ORACLE_PATH" ]; then - if [ -f "$i/libocci.so" && -f "$i/libclntsh.so" ]; then + if [ -f "$i/libocci.so" -a -f "$i/libclntsh.so" ]; then ORACLE_PATH="$i" fi fi if [ "X" = "X$ORACLE_PATH" ]; then - if [ -f "$i/libocci.dylib" && -f "$i/libclntsh.dylib" ]; then + if [ -f "$i/libocci.dylib" -a -f "$i/libclntsh.dylib" ]; then ORACLE_PATH="$i" fi fi if [ "X" = "X$ORACLE_PATH" ]; then - if [ -f "$i/libocci.a" && -f "$i/libclntsh.a" ]; then + if [ -f "$i/libocci.a" -a -f "$i/libclntsh.a" ]; then ORACLE_PATH="$i" fi fi if [ "X" = "X$ORACLE_PATH" ]; then - if [ -f "$i/liboci.a" && -f "$i/oci.dll" ]; then + if [ -f "$i/liboci.a" -a -f "$i/oci.dll" ]; then ORACLE_PATH="$i" fi fi @@ -924,11 +924,11 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: ORACLE_PATH=$ORACLE_PATH/libocci fi #check for Kernel Asynchronous I/O (AIO) lib support, no need on Cygwin -if [ "X" != "X$ORACLE_PATH" && "$SYSO" != "Cygwin" ]; then +if [ "X" != "X$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then LIBAIO="" for i in $LIBDIRS ; do if [ "X" = "X$LIBAIO" ]; then - if [ -f "$i/libaio.so" || -f "$i/libaio.dylib" || -f "$i/libaio.a" ]; then + if [ -f "$i/libaio.so" -o -f "$i/libaio.dylib" -o -f "$i/libaio.a" ]; then LIBAIO="$i" fi fi @@ -959,21 +959,21 @@ done if [ "X" != "X$DEBUG" ]; then echo DEBUG: ORACLE_IPATH=$ORACLE_IPATH/oci.h fi -if [ -n "$ORACLE_PATH" && -n "$ORACLE_IPATH" ]; then - echo " ... found" +if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then + echo " ... found" fi -if [ "X" = "X$ORACLE_PATH" || "X" = "X$ORACLE_IPATH" ]; then - echo " ... NOT found, module Oracle disabled" +if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then + echo " ... NOT found, module Oracle disabled" echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html" ORACLE_PATH="" ORACLE_IPATH="" fi -echo "Checking for Memcached (libmemcached.so, memcached.h) ..." +echo "Checking for Memcached (libmemcached/memcached.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$MCACHED_PATH" ]; then - if [ -f "$i/libmemcached.so" || -f "$i/libmemcached.dylib" || -f "$i/libmemcached.a" ]; then + if [ -f "$i/libmemcached.so" -o -f "$i/libmemcached.dylib" -o -f "$i/libmemcached.a" ]; then MCACHED_PATH="$i" fi fi @@ -1010,20 +1010,20 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: MCACHED_PATH=$MCACHED_PATH/libmemcached echo DEBUG: MCACHED_IPATH=$MCACHED_IPATH/memcached.h fi - if [ -n "$MCACHED_PATH" && -n "$MCACHED_IPATH" ]; then - echo " ... found" + if [ -n "$MCACHED_PATH" -a -n "$MCACHED_IPATH" ]; then + echo " ... found" fi - if [ "X" = "X$MCACHED_PATH" || "X" = "X$MCACHED_IPATH" ]; then - echo " ... NOT found, module memcached disabled" + if [ "X" = "X$MCACHED_PATH" -o "X" = "X$MCACHED_IPATH" ]; then + echo " ... NOT found, module memcached disabled" MCACHED_PATH="" MCACHED_IPATH="" fi -echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*.h) ..." +echo "Checking for Freerdp3 (libfreerdp3/freerdp.h/libwinpr3/winpr.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$FREERDP3_PATH" ]; then - if [ -f "$i/libfreerdp3.so" || -f "$i/libfreerdp3.dylib" || -f "$i/libfreerdp3.a" || -f "$i/libfreerdp3.dll.a" ]; then + if [ -f "$i/libfreerdp3.so" -o -f "$i/libfreerdp3.dylib" -o -f "$i/libfreerdp3.a" -o -f "$i/libfreerdp3.dll.a" ]; then FREERDP3_PATH="$i" fi fi @@ -1049,7 +1049,7 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. for i in $LIBDIRS ; do if [ "X" = "X$WINPR3_PATH" ]; then - if [ -f "$i/libwinpr3.so" || -f "$i/libwinpr3.dylib" || -f "$i/libwinpr3.a" ]; then + if [ -f "$i/libwinpr3.so" -o -f "$i/libwinpr3.dylib" -o -f "$i/libwinpr3.a" ]; then WINPR3_PATH="$i" fi fi @@ -1073,30 +1073,30 @@ echo "Checking for Freerdp3 (libfreerdp3.so, freerdp/*.h, libwinpr3.so, winpr/*. fi done -if [ "X" != "X$DEBUG" ]; then - echo DEBUG: FREERDP3_PATH=$FREERDP3_PATH/ - echo DEBUG: FREERDP3_IPATH=$FREERDP3_IPATH/ - echo DEBUG: WINPR3_PATH=$WINPR3_PATH/ - echo DEBUG: WINPR3_IPATH=$WINPR3_IPATH/ -fi - - if [ -n "$FREERDP3_PATH" && -n "$FREERDP3_IPATH" && -n "$WINPR3_PATH" && -n "$WINPR3_IPATH" ]; then - echo " ... found" + if [ "X" != "X$DEBUG" ]; then + echo DEBUG: FREERDP3_PATH=$FREERDP3_PATH/ + echo DEBUG: FREERDP3_IPATH=$FREERDP3_IPATH/ + echo DEBUG: WINPR3_PATH=$WINPR3_PATH/ + echo DEBUG: WINPR3_IPATH=$WINPR3_IPATH/ fi - if [ "X" = "X$FREERDP3_PATH" || "X" = "X$FREERDP3_IPATH" || "X" = "X$WINPR3_PATH" || "X" = "X$WINPR3_IPATH" ]; then - echo " ... NOT found, checking for freerdp2 module next..." + + if [ -n "$FREERDP3_PATH" -a -n "$FREERDP3_IPATH" -a -n "$WINPR3_PATH" -a -n "$WINPR3_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then + echo " ... NOT found, checking for freerdp2 module next..." FREERDP3_PATH="" FREERDP3_IPATH="" WINPR3_PATH="" WINPR3_IPATH="" fi -if ["X" != "X$FREERDP3_PATH" || "X" != "X$FREERDP3_IPATH" || "X" != "X$WINPR3_PATH" || "X" != "X$WINPR3_IPATH"]; then - echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*.h) ..." + if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then + echo "Checking for Freerdp2 (libfreerdp2/freerdp.h/libwinpr2/winpr.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$FREERDP2_PATH" ]; then - if [ -f "$i/libfreerdp2.so" || -f "$i/libfreerdp2.dylib" || -f "$i/libfreerdp2.a" || -f "$i/libfreerdp2.dll.a" ]; then + if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" -o -f "$i/libfreerdp2.dll.a" ]; then FREERDP2_PATH="$i" fi fi @@ -1122,7 +1122,7 @@ if ["X" != "X$FREERDP3_PATH" || "X" != "X$FREERDP3_IPATH" || "X" != "X$WINPR3_PA for i in $LIBDIRS ; do if [ "X" = "X$WINPR2_PATH" ]; then - if [ -f "$i/libwinpr2.so" || -f "$i/libwinpr2.dylib" || -f "$i/libwinpr2.a" ]; then + if [ -f "$i/libwinpr2.so" -o -f "$i/libwinpr2.dylib" -o -f "$i/libwinpr2.a" ]; then WINPR2_PATH="$i" fi fi @@ -1153,11 +1153,11 @@ if ["X" != "X$FREERDP3_PATH" || "X" != "X$FREERDP3_IPATH" || "X" != "X$WINPR3_PA echo DEBUG: WINPR2_IPATH=$WINPR2_IPATH/ fi - if [ -n "$FREERDP2_PATH" && -n "$FREERDP2_IPATH" && -n "$WINPR2_PATH" && -n "$WINPR2_IPATH" ]; then - echo " ... found" + if [ -n "$FREERDP2_PATH" -a -n "$FREERDP2_IPATH" -a -n "$WINPR2_PATH" -a -n "$WINPR2_IPATH" ]; then + echo " ... found" fi - if [ "X" = "X$FREERDP2_PATH" || "X" = "X$FREERDP2_IPATH" || "X" = "X$WINPR2_PATH" || "X" = "X$WINPR2_IPATH" ]; then - echo " ... NOT found, module rdp disabled" + if [ "X" = "X$FREERDP2_PATH" -o "X" = "X$FREERDP2_IPATH" -o "X" = "X$WINPR2_PATH" -o "X" = "X$WINPR2_IPATH" ]; then + echo " ... NOT found, module rdp disabled" FREERDP2_PATH="" FREERDP2_IPATH="" WINPR2_PATH="" @@ -1165,11 +1165,11 @@ if ["X" != "X$FREERDP3_PATH" || "X" != "X$FREERDP3_IPATH" || "X" != "X$WINPR3_PA fi fi -echo "Checking for Mongodb (libmongoc-1.0.so, mongoc.h, libbson-1.0.so, bson.h) ..." +echo "Checking for Mongodb (libmongoc-1.0/mongoc.h/libbson-1.0/bson.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$MONGODB_PATH" ]; then - if [ -f "$i/libmongoc-1.0.so" || -f "$i/libmongoc-1.0.dylib" || -f "$i/libmongoc-1.0.a" ]; then + if [ -f "$i/libmongoc-1.0.so" -o -f "$i/libmongoc-1.0.dylib" -o -f "$i/libmongoc-1.0.a" ]; then MONGODB_PATH="$i" fi fi @@ -1204,7 +1204,7 @@ echo "Checking for Mongodb (libmongoc-1.0.so, mongoc.h, libbson-1.0.so, bson.h) for i in $LIBDIRS ; do if [ "X" = "X$BSON_PATH" ]; then - if [ -f "$i/libbson-1.0.so" || -f "$i/libbson-1.0.dylib" || -f "$i/libbson-1.0.a" ]; then + if [ -f "$i/libbson-1.0.so" -o -f "$i/libbson-1.0.dylib" -o -f "$i/libbson-1.0.a" ]; then BSON_PATH="$i" fi fi @@ -1244,22 +1244,22 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: BSON_IPATH=$BSON_IPATH/libbson.h fi - if [ -n "$MONGODB_PATH" && -n "$MONGODB_IPATH" && -n "$BSON_PATH" && -n "$BSON_IPATH" ]; then - echo " ... found" + if [ -n "$MONGODB_PATH" -a -n "$MONGODB_IPATH" -a -n "$BSON_PATH" -a -n "$BSON_IPATH" ]; then + echo " ... found" fi - if [ "X" = "X$MONGODB_PATH" || "X" = "X$MONGODB_IPATH" || "X" = "X$BSON_PATH" || "X" = "X$BSON_IPATH" ]; then - echo " ... NOT found, module mongodb disabled" + if [ "X" = "X$MONGODB_PATH" -o "X" = "X$MONGODB_IPATH" -o "X" = "X$BSON_PATH" -o "X" = "X$BSON_IPATH" ]; then + echo " ... NOT found, module mongodb disabled" MONGODB_PATH="" MONGODB_IPATH="" BSON_PATH="" BSON_IPATH="" fi -echo "Checking for smbclient (libsmbclient.so, libsmbclient.h) ..." +echo "Checking for smbclient (libsmbclient/libsmbclient.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$SMBC_PATH" ]; then - if [ -f "$i/libsmbclient.so" || -f "$i/libsmbclient.dylib" || -f "$i/libsmbclient.a" ]; then + if [ -f "$i/libsmbclient.so" -o -f "$i/libsmbclient.dylib" -o -f "$i/libsmbclient.a" ]; then SMBC_PATH="$i" fi fi @@ -1293,18 +1293,18 @@ echo "Checking for smbclient (libsmbclient.so, libsmbclient.h) ..." echo DEBUG: SMBC_PATH=$SMBC_PATH/libsmbclient echo DEBUG: SMBC_IPATH=$SMBC_IPATH/libsmbclient.h fi - if [ -n "$SMBC_PATH" && -n "$SMBC_IPATH" ]; then - echo " ... found" + if [ -n "$SMBC_PATH" -a -n "$SMBC_IPATH" ]; then + echo " ... found" fi - if [ "X" = "X$SMBC_PATH" || "X" = "X$SMBC_IPATH" ]; then - echo " ... NOT found, module smb2 disabled" + if [ "X" = "X$SMBC_PATH" -o "X" = "X$SMBC_IPATH" ]; then + echo " ... NOT found, module smb2 disabled" SMBC_PATH="" SMBC_IPATH="" fi if [ "X" = "X$XHYDRA_SUPPORT" ]; then - echo "Checking for GUI req's (pkg-config, gtk+-2.0) ..." + echo "Checking for GUI req's (pkg-config/gtk+-2.0) ..." XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` if [ "X" = "X$XHYDRA_SUPPORT" ]; then XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` @@ -1312,9 +1312,9 @@ if [ "X" = "X$XHYDRA_SUPPORT" ]; then XHYDRA_SUPPORT="" fi if [ "X" = "X$XHYDRA_SUPPORT" ]; then - echo " ... NOT found, optional anyway" + echo " ... NOT found, optional anyway" else - echo " ... found" + echo " ... found" fi fi @@ -1346,7 +1346,7 @@ if [ "$SYSS" = "SunOS" ]; then if [ "X" = "X$RESOLV_PATH" ]; then echo "Resolv library not found, which is needed on Solaris." fi - if [ -n "$RESOLV_PATH" && -n "$SOCKET_PATH" && -n "$RESOLV_PATH" ]; then + if [ -n "$RESOLV_PATH" -a -n "$SOCKET_PATH" -a -n "$RESOLV_PATH" ]; then echo " ... all found" fi echo @@ -1421,7 +1421,7 @@ if [ -n "$FIREBIRD_PATH" -o \ -n "$WINPR3_PATH" -o \ -n "$SMBC_PATH" \ ]; then - if [ "$SYSS" = "Darwin" ] && [ ! -d "/lib" ]; then + if [ "$SYSS" = "Darwin" -a ! -d "/lib" ]; then #for libraries installed with MacPorts if [ -d "/opt/local/lib" ]; then XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/opt/local/lib" @@ -1627,10 +1627,10 @@ fi if [ -n "$NCP_PATH" ]; then XLIBS="$XLIBS -lncp" fi -if [ -n "$ORACLE_PATH" && "$SYSO" != "Cygwin" ]; then +if [ -n "$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then XLIBS="$XLIBS -locci -lclntsh" fi -if [ -n "$ORACLE_PATH" && "$SYSO" = "Cygwin" ]; then +if [ -n "$ORACLE_PATH" -a "$SYSO" = "Cygwin" ]; then XLIBS="$XLIBS -loci" fi if [ -n "$FIREBIRD_PATH" ]; then @@ -1710,7 +1710,7 @@ if [ "X" = "X$PREFIX" ]; then PREFIX="/usr/local" fi -if [ "X" = "X$XHYDRA_SUPPORT" || "Xdisable" = "X$XHYDRA_SUPPORT" ]; then +if [ "X" = "X$XHYDRA_SUPPORT" -o "Xdisable" = "X$XHYDRA_SUPPORT" ]; then XHYDRA_SUPPORT="" else XHYDRA_SUPPORT="xhydra" @@ -1784,7 +1784,7 @@ if [ "x$WINDRES" = "x" ]; then echo HYDRA_LOGO= >> Makefile echo PWI_LOGO= >> Makefile fi -if [ "$GCCSEC" = "yes" ] && [ "$SYSS" != "SunOS" ] && [ "$SYSS" != "Darwin" ]; then +if [ "$GCCSEC" = "yes" -a "$SYSS" != "SunOS" -a "$SYSS" != "Darwin" ]; then echo "SEC=$GCCSECOPT" >> Makefile else echo "SEC=" >> Makefile From 0a17bf5f53aebb37e9418d933975130656a44c01 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 29 Jul 2020 09:36:37 +0200 Subject: [PATCH 113/332] v9.1 release --- CHANGES | 1 + hydra-gtk/Makefile.in | 2 +- hydra-gtk/configure | 8 ++++---- hydra-gtk/src/Makefile.in | 2 +- hydra.c | 2 +- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 74542aa..8ca1b75 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 9.1-dev +* enable gcc 10 support for xhydra too :) * rdb: support for libfreerdp3 (thanks to animetauren) * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) * oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) diff --git a/hydra-gtk/Makefile.in b/hydra-gtk/Makefile.in index bf5322e..4085f85 100644 --- a/hydra-gtk/Makefile.in +++ b/hydra-gtk/Makefile.in @@ -61,7 +61,7 @@ CC = @CC@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ -PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ +PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition PACKAGE_LIBS = @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ diff --git a/hydra-gtk/configure b/hydra-gtk/configure index 287741e..653ba7d 100755 --- a/hydra-gtk/configure +++ b/hydra-gtk/configure @@ -2233,15 +2233,15 @@ if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then - CFLAGS="-g -O2" + CFLAGS="-g -O2 -fcommon -Wl,--allow-multiple-definition" else - CFLAGS="-g" + CFLAGS="-g -fcommon -Wl,--allow-multiple-definition" fi else if test "$GCC" = yes; then - CFLAGS="-O2" + CFLAGS="-O2 -fcommon -Wl,--allow-multiple-definition" else - CFLAGS= + CFLAGS="-fcommon -Wl,--allow-multiple-definition" fi fi echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 diff --git a/hydra-gtk/src/Makefile.in b/hydra-gtk/src/Makefile.in index a37ab9e..d2ff022 100644 --- a/hydra-gtk/src/Makefile.in +++ b/hydra-gtk/src/Makefile.in @@ -61,7 +61,7 @@ CC = @CC@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ -PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ +PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition PACKAGE_LIBS = @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ diff --git a/hydra.c b/hydra.c index 72e8919..4971317 100644 --- a/hydra.c +++ b/hydra.c @@ -225,7 +225,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.1-dev" +#define VERSION "v9.1" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 79fa70cfdbb179caa35eba5b07619407a68c0bd7 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 2 Aug 2020 07:12:19 +0200 Subject: [PATCH 114/332] fix with gcc10 and overriden CFLAGS --- Makefile.am | 2 +- hydra-gtk/Makefile.in | 3 ++- hydra-gtk/src/Makefile.in | 2 +- hydra-gtk/src/main.c | 5 ++++- hydra-gtk/src/support.h | 6 +++--- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Makefile.am b/Makefile.am index 9d349c2..1c915f1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon +OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition # -Wall -g -pedantic LIBS=-lm DESTDIR ?= diff --git a/hydra-gtk/Makefile.in b/hydra-gtk/Makefile.in index 4085f85..c29f5fa 100644 --- a/hydra-gtk/Makefile.in +++ b/hydra-gtk/Makefile.in @@ -62,7 +62,8 @@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition -PACKAGE_LIBS = @PACKAGE_LIBS@ +PACKAGE_LDFLAGS = -fcommon -Wl,--allow-multiple-definition +PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ diff --git a/hydra-gtk/src/Makefile.in b/hydra-gtk/src/Makefile.in index d2ff022..1ed2b96 100644 --- a/hydra-gtk/src/Makefile.in +++ b/hydra-gtk/src/Makefile.in @@ -62,7 +62,7 @@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition -PACKAGE_LIBS = @PACKAGE_LIBS@ +PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ diff --git a/hydra-gtk/src/main.c b/hydra-gtk/src/main.c index 03c5f21..72d6dd7 100644 --- a/hydra-gtk/src/main.c +++ b/hydra-gtk/src/main.c @@ -18,8 +18,11 @@ char *hydra_path1 = "./hydra"; char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra"; +GtkWidget *wndMain; +char *HYDRA_BIN; +guint message_id; + int main(int argc, char *argv[]) { - extern GtkWidget *wndMain; int i; extern guint message_id; GtkWidget *output; diff --git a/hydra-gtk/src/support.h b/hydra-gtk/src/support.h index bd88545..f1f7bbb 100644 --- a/hydra-gtk/src/support.h +++ b/hydra-gtk/src/support.h @@ -37,6 +37,6 @@ GdkPixbuf *create_pixbuf(const gchar *filename); /* This is used to set ATK action descriptions. */ void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description); -GtkWidget *wndMain; -char *HYDRA_BIN; -guint message_id; +extern GtkWidget *wndMain; +extern char *HYDRA_BIN; +extern guint message_id; From 84e765d3a99d0e9046050822f5e6c7f93245641d Mon Sep 17 00:00:00 2001 From: maaaaz Date: Sun, 16 Aug 2020 04:10:38 -0400 Subject: [PATCH 115/332] msys support --- configure | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configure b/configure index 19d8516..ae81322 100755 --- a/configure +++ b/configure @@ -157,8 +157,8 @@ fi if [ -d "/Library/Developer/CommandLineTools/usr/lib" ]; then LIBDIRS="$LIBDIRS /Library/Developer/CommandLineTools/usr/lib /Library/Developer/CommandLineTools/lib" fi -LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib" -INCDIRS="$SDK_PATH/usr/include /usr/local/include /opt/include /opt/local/include" +LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib /mingw64/lib /mingw64/bin" +INCDIRS="$SDK_PATH/usr/include /usr/local/include /opt/include /opt/local/include /mingw64/include" if [ -n "$PREFIX" ]; then if [ -d "$PREFIX/lib" ]; then LIBDIRS="$LIBDIRS $PREFIX/lib" @@ -445,7 +445,7 @@ echo "Checking for Postgres (libpq/libpq-fe.h) ..." done POSTGRES_IPATH= for i in $INCDIRS \ - /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include + /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include /mingw64/include do if [ "X" = "X$POSTGRES_IPATH" ]; then if [ -f "$i/libpq-fe.h" ]; then @@ -1761,9 +1761,9 @@ cat Makefile.in >> Makefile # ignore errors if this uname call fails ### Current Cygwin is up to speed :-) WINDRES="" -if [ "$SYSO" = "Cygwin" ]; then +if [ "$SYSO" = "Cygwin" -o "$SYSO" = "Msys" ]; then echo - echo "Cygwin detected, if compilation fails just update your installation." + echo "Cygwin/MSYS2 detected, if compilation fails just update your installation." echo WINDRES=`which windres` test -x "$WINDRES" && { From 3742af00bb76fc14c5e53ba6e5c4e832986d4857 Mon Sep 17 00:00:00 2001 From: owein Date: Wed, 9 Sep 2020 18:34:40 +0200 Subject: [PATCH 116/332] rebranded the bruteforce variation method --- Makefile | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- bfg.c | 34 ++++++++++++--------- bfg.h | 4 ++- 3 files changed, 112 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 372e67e..472a20f 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,93 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DLIBOPENSSL -DLIBSSH -DHAVE_ZLIB -DHAVE_MATH_H +XLIBS= -lz -lssl -lssh -lcrypto +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu +XIPATHS= +PREFIX=/usr/local +XHYDRA_SUPPORT= +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro + +# +# Makefile for Hydra - (c) 2001-2019 by van Hauser / THC +# +OPTS=-I. -O3 -march=native -flto +# -Wall -g -pedantic +LIBS=-lm +BINDIR = /bin +MANDIR ?= /man/man1/ +DATADIR ?= /etc +DESTDIR ?= + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile + diff --git a/bfg.c b/bfg.c index 2ff9f9f..aaa1f73 100644 --- a/bfg.c +++ b/bfg.c @@ -52,12 +52,13 @@ static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { - bf_options.rain = 0; + bf_options.rotate = 0; + bf_options.strafe = 0; int32_t i = 0; int32_t crs_len = 0; char flags = 0; char *tmp = strchr(arg, ':'); - + if (!tmp) { fprintf(stderr, "Error: Invalid option format for -x\n"); return 1; @@ -163,10 +164,11 @@ int32_t bf_init(char *arg) { } } } - + bf_options.crs_len = crs_len; bf_options.current = bf_options.from; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + if (debug) printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); @@ -192,10 +194,10 @@ uint64_t bf_get_pcount() { int accu(int value) { - int i = 0; - for(int a=1; a<=value; ++a) + int i = 0, a; + for(a = 1; a <= value; ++a) { - i+=a; + i += a; } return i; } @@ -213,16 +215,18 @@ char *bf_next(_Bool rainy) { if(rainy) { - for (i = 0; i < bf_options.current; i++){ - bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len]; - bf_options.rain += i+1; + #if(mpl < 5) + #define strafeValue i + #else + #define strafeValue (strafe[loop]+i-(i%2)*(1-mpl%2)-1+charcount%2)%mpl + #endif + + for(i=0; i Date: Wed, 9 Sep 2020 18:38:07 +0200 Subject: [PATCH 117/332] help menu ok --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 6c58f58..f60a22d 100644 --- a/hydra.c +++ b/hydra.c @@ -555,7 +555,7 @@ void help_bfg() { " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n" - " -r use a formula to explode the linearity of the generation, without loss.\n\n" + " -r use a method to delinearize the bruteforce.\n\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" From fd8e83d0b1c04da4189a6d2a9f1c00e5206fc64d Mon Sep 17 00:00:00 2001 From: owein Date: Wed, 9 Sep 2020 21:36:30 +0200 Subject: [PATCH 118/332] done --- bfg.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/bfg.c b/bfg.c index aaa1f73..d27669e 100644 --- a/bfg.c +++ b/bfg.c @@ -1,5 +1,6 @@ -/* code original by Jan Dlabal , partially rewritten by vh */ +/* code original by Jan Dlabal , partially rewritten by vh, + rainy tweaks by yvain douard*/ #include #include @@ -192,15 +193,6 @@ uint64_t bf_get_pcount() { return foo; } -int accu(int value) -{ - int i = 0, a; - for(a = 1; a <= value; ++a) - { - i += a; - } - return i; -} char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; @@ -215,18 +207,22 @@ char *bf_next(_Bool rainy) { if(rainy) { - #if(mpl < 5) - #define strafeValue i - #else - #define strafeValue (strafe[loop]+i-(i%2)*(1-mpl%2)-1+charcount%2)%mpl - #endif - + int strafeValue; for(i=0; i 4) { + if(bf_options.current % 2) + strafeValue = (bf_options.strafe+i)%bf_options.current; + else + strafeValue = strafeValue = (i+bf_options.current/2+3)%bf_options.current; + } + else + strafeValue = i; + bf_options.ptr[i] = bf_options.crs[(bf_options.state[strafeValue] + bf_options.rotate) % bf_options.crs_len]; - bf_options.rotate += i%2+1; + bf_options.rotate += 1; bf_options.strafe += 3; } - bf_options.rotate -= accu(bf_options.current); + bf_options.rotate -= bf_options.current - 2 + bf_options.crs_len % 2; } else for (i = 0; i < bf_options.current; i++) @@ -243,6 +239,8 @@ char *bf_next(_Bool rainy) { while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; + bf_options.strafe = 0; + bf_options.rotate = 0; } if (pos < 0) { From a6a87f11f43c7a5207b451363fe81a5310672d15 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 10 Sep 2020 10:57:06 +0200 Subject: [PATCH 119/332] fixed rotation broken due to a typo. --- bfg.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/bfg.c b/bfg.c index d27669e..896b307 100644 --- a/bfg.c +++ b/bfg.c @@ -207,22 +207,26 @@ char *bf_next(_Bool rainy) { if(rainy) { - int strafeValue; + int mpldisp = bf_options.current/2+3; + int mplmod2 = bf_options.current % 2; + int strafeIndex; for(i=0; i 4) { - if(bf_options.current % 2) - strafeValue = (bf_options.strafe+i)%bf_options.current; - else - strafeValue = strafeValue = (i+bf_options.current/2+3)%bf_options.current; - } - else - strafeValue = i; - - bf_options.ptr[i] = bf_options.crs[(bf_options.state[strafeValue] + bf_options.rotate) % bf_options.crs_len]; - bf_options.rotate += 1; + if(mplmod2) strafeIndex = (strafe[loop]+i)%bf_options.current; + else strafeIndex = (i+mpldisp)%bf_options.current; + + bf_options.ptr[i] = bf_options.crs[(bf_options.state[strafeIndex] + bf_options.rotate) % bf_options.crs_len]; + bf_options.rotate += i+1; bf_options.strafe += 3; } - bf_options.rotate -= bf_options.current - 2 + bf_options.crs_len % 2; + #define accu(i) \ + do { \ + int j; \ + for(j=1; j<=i; ++j) k += j; \ + } while(0) + + int k = 0; + accu(mpl); + bf_options.rotate[loop] -= k-4; } else for (i = 0; i < bf_options.current; i++) From 2514335bf98510dfc7bef889c84b467958c1c243 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 10 Sep 2020 12:45:35 +0200 Subject: [PATCH 120/332] clean --- Makefile | 92 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 90 deletions(-) diff --git a/Makefile b/Makefile index 472a20f..372e67e 100644 --- a/Makefile +++ b/Makefile @@ -1,93 +1,5 @@ -STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBSSH -DHAVE_ZLIB -DHAVE_MATH_H -XLIBS= -lz -lssl -lssh -lcrypto -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu -XIPATHS= -PREFIX=/usr/local -XHYDRA_SUPPORT= -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro - -# -# Makefile for Hydra - (c) 2001-2019 by van Hauser / THC -# -OPTS=-I. -O3 -march=native -flto -# -Wall -g -pedantic -LIBS=-lm -BINDIR = /bin -MANDIR ?= /man/man1/ -DATADIR ?= /etc -DESTDIR ?= - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile - From 14ee7f2c830061b4d8307a2b39fcd018e2a031a4 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 10 Sep 2020 13:02:46 +0200 Subject: [PATCH 121/332] typos again, too much copies and pastes... --- bfg.c | 6 +++--- hydra.h | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/bfg.c b/bfg.c index cb0bc05..5e638c3 100644 --- a/bfg.c +++ b/bfg.c @@ -228,7 +228,7 @@ char *bf_next(_Bool rainy) { int mplmod2 = bf_options.current % 2; int strafeIndex; for(i=0; i Date: Fri, 11 Sep 2020 11:59:20 +0200 Subject: [PATCH 122/332] fixed min length --- bfg.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/bfg.c b/bfg.c index 5e638c3..a3a6d68 100644 --- a/bfg.c +++ b/bfg.c @@ -224,16 +224,19 @@ char *bf_next(_Bool rainy) { if(rainy) { - int mpldisp = bf_options.current/2+3; - int mplmod2 = bf_options.current % 2; - int strafeIndex; - for(i=0; i 3) { + for(i=0; i Date: Tue, 29 Sep 2020 21:01:13 +0200 Subject: [PATCH 123/332] update efficient rain option --- bfg.c | 44 +++++++++++++++----------------------------- bfg.h | 3 --- 2 files changed, 15 insertions(+), 32 deletions(-) diff --git a/bfg.c b/bfg.c index a3a6d68..a06a93a 100644 --- a/bfg.c +++ b/bfg.c @@ -60,7 +60,6 @@ static int32_t add_single_char(char ch, char flags, int32_t *crs_len) { // int32_t bf_init(char *arg) { bf_options.rotate = 0; - bf_options.strafe = 0; int32_t i = 0; int32_t crs_len = 0; @@ -224,34 +223,16 @@ char *bf_next(_Bool rainy) { if(rainy) { - //only strafe the index above length 3 - if(bf_options.current > 3) { - for(i=0; i= 0 && (++bf_options.state[bf_options.current-1-pos]) >= bf_options.crs_len) { + bf_options.state[bf_options.current-1-pos] = 0; + pos--; + } + else while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; - bf_options.strafe = 0; - bf_options.rotate = 0; } if (pos < 0) { diff --git a/bfg.h b/bfg.h index 38bbbc2..3ff0710 100644 --- a/bfg.h +++ b/bfg.h @@ -43,10 +43,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - uint64_t rotate; - uint64_t strafe; - } bf_option; extern bf_option bf_options; From 490bd3e7cd38c637972331f2c6f512d7a6f86162 Mon Sep 17 00:00:00 2001 From: owein D Date: Wed, 30 Sep 2020 10:19:10 +0200 Subject: [PATCH 124/332] avoid negative values for the rotation variable --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index a06a93a..2677b47 100644 --- a/bfg.c +++ b/bfg.c @@ -230,7 +230,7 @@ char *bf_next(_Bool rainy) { bf_options.rotate += i+3; } //we don't subtract the same depending on wether the length is odd or even - for(i=1+bf_options.current%2; i<=bf_options.current; ++i) + for(i=1+bf_options.current%2; i Date: Fri, 2 Oct 2020 16:31:10 +0200 Subject: [PATCH 125/332] html_encode the + character --- hydra-http-form.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index eb5a4ce..db1e84e 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -576,6 +576,8 @@ char *html_encode(char *string) { ret = hydra_strrep(ret, "#", "%23"); if (index(ret, '=') != NULL) ret = hydra_strrep(ret, "=", "%3D"); + if (index(ret, '+') != NULL) + ret = hydra_strrep(ret, "+", "%2B"); return ret; } From fc82b52505c66bf5f0bf7490e07710d3042c7a8c Mon Sep 17 00:00:00 2001 From: owein D Date: Mon, 5 Oct 2020 14:37:04 +0200 Subject: [PATCH 126/332] working algo after a change --- bfg.c | 48 ++++++++++++++++++++++++++++-------------------- bfg.h | 1 + 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/bfg.c b/bfg.c index 2677b47..6f9fdc4 100644 --- a/bfg.c +++ b/bfg.c @@ -59,8 +59,6 @@ static int32_t add_single_char(char ch, char flags, int32_t *crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { - bf_options.rotate = 0; - int32_t i = 0; int32_t crs_len = 0; char flags = 0; @@ -176,7 +174,9 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - + bf_options.strafe = 0; + bf_options.rotate = 0; + memset((char *) bf_options.state, 0, sizeof(bf_options.state)); if (debug) @@ -202,14 +202,6 @@ uint64_t bf_get_pcount() { return foo; } -int accu(int value) { - int i = 0, a; - for (a = 1; a <= value; ++a) { - i += a; - } - return i; -} - char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; @@ -223,16 +215,30 @@ char *bf_next(_Bool rainy) { if(rainy) { - //the first character cannot be taken into account - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - for(i=1; i 2) { + if(bf_options.current % 2) { + bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; + bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; + bf_options.ptr[2] = bf_options.crs[bf_options.state[2]]; + + for(i=3; i Date: Mon, 5 Oct 2020 14:45:07 +0200 Subject: [PATCH 127/332] if current < 4 --- bfg.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/bfg.c b/bfg.c index 6f9fdc4..c4838c4 100644 --- a/bfg.c +++ b/bfg.c @@ -215,7 +215,7 @@ char *bf_next(_Bool rainy) { if(rainy) { - if(bf_options.current > 2) { + if(bf_options.current > 3) { if(bf_options.current % 2) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; @@ -226,17 +226,20 @@ char *bf_next(_Bool rainy) { bf_options.rotate ++; } } - } - else { - if(bf_options.current % 2) { - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; - for(i=2; i Date: Thu, 8 Oct 2020 04:10:54 +0200 Subject: [PATCH 128/332] implement rain --- bfg.c | 44 ++++++++++++++------------------------------ bfg.h | 4 ++-- hydra.c | 5 +++-- 3 files changed, 19 insertions(+), 34 deletions(-) diff --git a/bfg.c b/bfg.c index c4838c4..a2bb1f5 100644 --- a/bfg.c +++ b/bfg.c @@ -174,8 +174,8 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - bf_options.strafe = 0; - bf_options.rotate = 0; + bf_options.rain = 0; + bf_options.gcounter = 0; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); @@ -215,33 +215,18 @@ char *bf_next(_Bool rainy) { if(rainy) { - if(bf_options.current > 3) { - if(bf_options.current % 2) { - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; - bf_options.ptr[2] = bf_options.crs[bf_options.state[2]]; - - for(i=3; i Date: Sat, 10 Oct 2020 18:52:04 +0200 Subject: [PATCH 129/332] slight modif that fixes all --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index a2bb1f5..ee70dfa 100644 --- a/bfg.c +++ b/bfg.c @@ -218,7 +218,7 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=2; i Date: Sat, 10 Oct 2020 19:49:02 +0200 Subject: [PATCH 130/332] this should be the last commit --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index ee70dfa..dcab78a 100644 --- a/bfg.c +++ b/bfg.c @@ -218,7 +218,7 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=2; i Date: Fri, 16 Oct 2020 13:49:07 +0200 Subject: [PATCH 131/332] fix http-post-form optional parameter parsing --- CHANGES | 8 +++++++- hydra-http-form.c | 36 +++++++++++++++++++----------------- hydra.c | 2 +- 3 files changed, 27 insertions(+), 19 deletions(-) diff --git a/CHANGES b/CHANGES index 8ca1b75..f537d9b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,14 @@ Changelog for hydra ------------------- -Release 9.1-dev + +Release 9.2-dev +* fix for http-post-form optional parameters * enable gcc 10 support for xhydra too :) +* msys support + + +Release 9.1-dev * rdb: support for libfreerdp3 (thanks to animetauren) * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) * oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) diff --git a/hydra-http-form.c b/hydra-http-form.c index eb5a4ce..92d5a9f 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -400,6 +400,10 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { * Beware of the backslashes (\)! */ while (*miscptr != 0) { + if (strlen(miscptr) < 3 || miscptr[1] != '=') { + hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr); + return 0; + } switch (miscptr[0]) { case 'a': // fall through case 'A': // only for http, not http-form! @@ -504,7 +508,9 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { // Error: abort execution hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (H).\n"); return 0; - // no default + default: + hydra_report(stderr, "[ERROR] no valid optional parameter type given: %c\n", miscptr[0]); + return 0; } } return 1; @@ -1197,7 +1203,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } @@ -1209,7 +1215,7 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } @@ -1224,6 +1230,8 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char // 0 all OK // -1 error, hydra will exit, so print a good error message here + if (initialize(ip, options, miscptr) == NULL) return 1; + return 0; } @@ -1281,22 +1289,16 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr++; if (*ptr != 0) *ptr++ = 0; + cond = ptr; - if ((ptr2 = rindex(ptr, ':')) != NULL) { - cond = ptr2 + 1; - *ptr2 = 0; + if ((ptr2 = index(ptr, ':')) != NULL) { + *ptr2++ = 0; + if (*ptr2) + optional1 = ptr2; + else + optional1 = NULL; } else - cond = ptr; - /* - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - */ - if (ptr == cond) optional1 = NULL; - else - optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { @@ -1332,7 +1334,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { sprintf(cookieurl, "%.1000s", url); // conditions now have to contain F or S to set the fail or success condition - if (*cond != 0 && (strpos(cond, "F=") == 0)) { + if (strpos(cond, "F=") == 0) { success_cond = 0; cond += 2; } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { diff --git a/hydra.c b/hydra.c index 4971317..ac3511e 100644 --- a/hydra.c +++ b/hydra.c @@ -225,7 +225,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.1" +#define VERSION "v9.2-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From be654c6bac504dc4912f087b2025d3596c27f093 Mon Sep 17 00:00:00 2001 From: ddeka2910 <60925700+ddeka2910@users.noreply.github.com> Date: Tue, 20 Oct 2020 21:02:17 +0530 Subject: [PATCH 132/332] As is --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 19f1e15..7985412 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ + language: c sudo: required dist: trusty From 2d0723b281da199bb539064bc8e48e21f13d7c31 Mon Sep 17 00:00:00 2001 From: ddeka2910 <60925700+ddeka2910@users.noreply.github.com> Date: Tue, 20 Oct 2020 21:04:31 +0530 Subject: [PATCH 133/332] Add architecture ppc64le to travis build --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7985412..ad0b541 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,12 @@ - language: c sudo: required dist: trusty os: - linux - osx +arch: + - amd64 + - ppc64le compiler: - clang - gcc From 5e98fe23e79803b6a50898e35e532f0273e4f271 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 22 Oct 2020 02:35:46 +0200 Subject: [PATCH 134/332] see https://github.com/e2002e/zhou --- bfg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index dcab78a..b146bd4 100644 --- a/bfg.c +++ b/bfg.c @@ -218,10 +218,10 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=2; i Date: Mon, 9 Nov 2020 19:25:26 +0100 Subject: [PATCH 135/332] up to last fix --- bfg.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/bfg.c b/bfg.c index b146bd4..8a6428a 100644 --- a/bfg.c +++ b/bfg.c @@ -215,13 +215,13 @@ char *bf_next(_Bool rainy) { if(rainy) { - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - for(i=2; i Date: Mon, 9 Nov 2020 19:41:00 +0100 Subject: [PATCH 136/332] lqst commit --- bfg.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/bfg.c b/bfg.c index 8a6428a..bdb221c 100644 --- a/bfg.c +++ b/bfg.c @@ -237,10 +237,12 @@ char *bf_next(_Bool rainy) { } //we revert the ordering of the bruteforce to fix the first static character - if(rainy) - while (pos >= 0 && (++bf_options.state[bf_options.current-1-pos]) >= bf_options.crs_len) { - bf_options.state[bf_options.current-1-pos] = 0; - pos--; + if(rainy) { + pos = 0; + while (pos < bf_options.current && (++bf_options.state[pos]) >= bf_options.crs_len) { + bf_options.state[pos] = 0; + pos++; + } } else while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { @@ -248,7 +250,7 @@ char *bf_next(_Bool rainy) { pos--; } - if (pos < 0) { + if (pos < 0 || pos >= bf_options.current) { bf_options.current++; bf_options.rain = 0; memset((char *)bf_options.state, 0, sizeof(bf_options.state)); From 1df1d63c4fcc44d0cb1c0384a71120dfb0de3ff1 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Wed, 11 Nov 2020 11:18:04 +0000 Subject: [PATCH 137/332] smb2: fix parsing of miscptr --- hydra-smb2.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/hydra-smb2.c b/hydra-smb2.c index a09490d..7c22bf1 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,8 +126,13 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { + case ENOENT: + // Noticed this when connecting to older samba servers on linux + // where any credentials are accepted. + hydra_report(stderr, "[WARNING] %s might accept any credential\n", server); case EINVAL: // 22 - // probably password ok + // probably password ok, nominal case when connecting to a windows + // smb server with good credentials. smbc_free_context(ctx, 1); return true; break; @@ -147,6 +152,9 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { case ECONNREFUSED: // there are probably more codes that could be added here to // indicate connection errors. + hydra_report(stderr, + "[ERROR] Error %s (%d) while connecting to %s\n", + strerror(errno), errno, server); smbc_free_context(ctx, 1); EXIT_CONNECTION_ERROR; break; @@ -202,6 +210,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis continue; } if (CMP(tkn_workgroup, miscptr)) { + if (workgroup != default_workgroup) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } miscptr += sizeof(tkn_workgroup) - 1; char *p = strchr(miscptr, '}'); if (p == NULL) { @@ -217,6 +230,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis continue; } if (CMP(tkn_netbios, miscptr)) { + if (netbios_name != NULL) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } miscptr += sizeof(tkn_netbios) - 1; char *p = strchr(miscptr, '}'); if (p == NULL) { From 981e19852b5aa6af7de88ddd82c360299c5f8109 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Wed, 11 Nov 2020 15:55:23 +0000 Subject: [PATCH 138/332] www-form: normalise webtarget --- hydra-http-form.c | 73 +++++++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 40 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 88f2e6b..5e9d863 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -78,7 +78,7 @@ int32_t auth_flag = 0; char cookie[4096] = "", cmiscptr[1024]; -int32_t webport, freemischttpform = 0; +int32_t webport; char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "", *url, *variables, *optional1; #define MAX_REDIRECT 8 @@ -1133,9 +1133,6 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt while (1) { if (run == 2) { if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); } } @@ -1157,9 +1154,6 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); } next_run = 2; @@ -1171,30 +1165,19 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(0); break; case 4: /* silent error exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); break; default: - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } - if (freemischttpform) - free(miscptr); } void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { @@ -1240,35 +1223,21 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr_header_node ptr_head = NULL; char *ptr, *ptr2, *proxy_string; +#ifdef AF_INET6 + unsigned char addr6 [sizeof(struct in6_addr)]; +#endif if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; - if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - if (freemischttpform == 0) { - if ((miscptr = malloc(strlen(ptr2) + 1)) != NULL) { - freemischttpform = 1; - strcpy(miscptr, ptr2); - *ptr2 = 0; - } - } - } else - webtarget = NULL; + if (webtarget) { + free(webtarget); + webtarget = NULL; } - if (cmdlinetarget != NULL && webtarget == NULL) + if (cmdlinetarget != NULL) webtarget = cmdlinetarget; - else if (webtarget == NULL && cmdlinetarget == NULL) + else webtarget = hydra_address2string(ip); if (port != 0) webport = port; @@ -1277,6 +1246,29 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { else webport = PORT_HTTP_SSL; + /* normalise the webtarget for ipv6/port number */ + ptr = malloc(strlen(webtarget) + 1 /* null */ + 6 /* :65535 */ +#ifdef AF_INET6 + + 2 /* [] */ +#endif + ); +#ifdef AF_INET6 + /* let libc decide if target is an ipv6 address */ + if (inet_pton(AF_INET6, webtarget, addr6)) { + ptr2 = ptr + sprintf(ptr, "[%s]", webtarget); + } else { +#endif + ptr2 = ptr + sprintf(ptr, "%s", webtarget); +#ifdef AF_INET6 + } +#endif + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || + !(options & OPTION_SSL) && webport != PORT_HTTP) { + sprintf(ptr2, ":%d", webport); + } + webtarget = ptr; + ptr = ptr2 = NULL; + sprintf(bufferurl, "%.6096s", miscptr); url = bufferurl; ptr = url; @@ -1411,6 +1403,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { normal_request = stringify_headers(&ptr_head); } } + return ptr_head; } From 7f19248e3495a60edc2ecd33c1e797f65689ee0e Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Thu, 12 Nov 2020 15:27:08 +0000 Subject: [PATCH 139/332] resolve compiler warnings identified by gcc 9.3.0 --- hydra-http-form.c | 2 +- hydra.c | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 5e9d863..e6074cf 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1039,7 +1039,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } if (strrchr(url, ':') == NULL && port != 80) { - sprintf(str2, "%s:%d", str2, port); + sprintf(str2, "%.2040s:%d", str2, port); } if (verbose) diff --git a/hydra.c b/hydra.c index ac3511e..9efbc05 100644 --- a/hydra.c +++ b/hydra.c @@ -610,10 +610,6 @@ void help_bfg() { void module_usage() { int32_t i; - if (!hydra_options.service) { - printf("The Module %s does not need or support optional parameters\n", hydra_options.service); - exit(0); - } printf("\nHelp for module " "%s:\n================================================================" From 78b3358862da15587bc8c2d75caa4a3030d8bb26 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 12 Nov 2020 17:06:53 +0100 Subject: [PATCH 140/332] profound mangling --- bfg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index bdb221c..80e7392 100644 --- a/bfg.c +++ b/bfg.c @@ -219,9 +219,9 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=1; i Date: Sat, 14 Nov 2020 14:20:00 +0100 Subject: [PATCH 141/332] uptodate with rainycrack --- bfg.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index 80e7392..912b61c 100644 --- a/bfg.c +++ b/bfg.c @@ -202,6 +202,14 @@ uint64_t bf_get_pcount() { return foo; } + +int accu(int x) { + int a = 0, b; + for(b=1; b Date: Fri, 4 Dec 2020 12:50:46 +0100 Subject: [PATCH 142/332] cleanup --- bfg.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/bfg.c b/bfg.c index 912b61c..0d670dd 100644 --- a/bfg.c +++ b/bfg.c @@ -202,14 +202,6 @@ uint64_t bf_get_pcount() { return foo; } - -int accu(int x) { - int a = 0, b; - for(b=1; b Date: Sat, 26 Dec 2020 16:42:57 +0000 Subject: [PATCH 143/332] www: normalise webtarget --- hydra-http.c | 54 ++++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/hydra-http.c b/hydra-http.c index a269e71..c487144 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -10,7 +10,7 @@ char *http_buf = NULL; static char end_condition[END_CONDITION_MAX_LEN]; int end_condition_type = -1; -int32_t webport, freemischttp = 0; +int32_t webport; int32_t http_auth_mechanism = AUTH_UNASSIGNED; int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *type, ptr_header_node ptr_head) { @@ -313,32 +313,16 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; char *ptr, *ptr2; ptr_header_node ptr_head = NULL; +#ifdef AF_INET6 + unsigned char addr6 [sizeof(struct in6_addr)]; +#endif hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; - if ((webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - miscptr = malloc(strlen(ptr2) + 1); - freemischttp = 1; - strcpy(miscptr, ptr2); - *ptr2 = 0; - } else - webtarget = hostname; - } else if (strlen(miscptr) == 0) + if (strlen(miscptr) == 0) miscptr = strdup("/"); - if (webtarget == NULL) - webtarget = hostname; if (port != 0) webport = port; else if ((options & OPTION_SSL) == 0) @@ -346,6 +330,28 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI else webport = mysslport; + /* normalise the webtarget for ipv6/port number */ + webtarget = malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535 */ +#ifdef AF_INET6 + + 2 /* [] */ +#endif + ); +#ifdef AF_INET6 + /* let libc decide if target is an ipv6 address */ + if (inet_pton(AF_INET6, hostname, addr6)) { + ptr = webtarget + sprintf(webtarget, "[%s]", hostname); + } else { +#endif + ptr = webtarget + sprintf(webtarget, "%s", hostname); +#ifdef AF_INET6 + } +#endif + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || + !(options & OPTION_SSL) && webport != PORT_HTTP) { + sprintf(ptr, ":%d", webport); + } + ptr = NULL; + /* Advance to options string */ ptr = miscptr; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) @@ -380,8 +386,6 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI port = mysslport; } if (sock < 0) { - if (freemischttp) - free(miscptr); if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); @@ -395,13 +399,9 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttp) - free(miscptr); hydra_child_exit(0); return; default: - if (freemischttp) - free(miscptr); fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } From 09f6a71e844871c660de6060dd2d2ae0938874ea Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 1 Jan 2021 12:20:49 +0100 Subject: [PATCH 144/332] 2021 --- CHANGES | 2 ++ README.md | 4 ++-- hydra-smb2.c | 2 +- hydra.1 | 2 +- hydra.c | 5 +++-- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index f537d9b..8a36029 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,8 @@ Release 9.2-dev * fix for http-post-form optional parameters * enable gcc 10 support for xhydra too :) * msys support +* fix for rain mode (-r) +* IPv6 support for Host: header for http based modules Release 9.1-dev diff --git a/README.md b/README.md index fa214d9..322da43 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2020 by van Hauser / THC + (c) 2001-2021 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal @@ -382,7 +382,7 @@ Version 1.00 example: "These are very free form" ], "generator": { - "built": "2020-03-01 14:44:22", + "built": "2021-03-01 14:44:22", "commandline": "hydra -b jsonv1 -o results.json ... ...", "jsonoutputversion": "1.00", "server": "127.0.0.1", diff --git a/hydra-smb2.c b/hydra-smb2.c index 7c22bf1..31e211d 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -13,7 +13,7 @@ * along with this program. If not, see . * * - * Copyright (C) 2020 Karim Kanso, all rights reserved. + * Copyright (C) 2021 Karim Kanso, all rights reserved. * kaz 'dot' kanso 'at' g mail 'dot' com */ diff --git a/hydra.1 b/hydra.1 index 912533f..039d55f 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,4 +1,4 @@ -.TH "HYDRA" "1" "01/01/2020" +.TH "HYDRA" "1" "01/01/2021" .SH NAME hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS diff --git a/hydra.c b/hydra.c index 852d0de..3695110 100644 --- a/hydra.c +++ b/hydra.c @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2020 by van Hauser / THC + * hydra (c) 2001-2021 by van Hauser / THC * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. @@ -11,6 +11,7 @@ */ #include "hydra.h" #include "bfg.h" +#include #ifdef LIBNCURSES #include @@ -2151,7 +2152,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2020 by %s & %s - Please do not use in military or secret " + printf("%s %s (c) 2021 by %s & %s - Please do not use in military or secret " "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP From 04076995835e57df234d6a994ec20673878f96a9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 29 Jan 2021 10:23:27 +0100 Subject: [PATCH 145/332] Update issue templates --- .github/ISSUE_TEMPLATE/bug_report.md | 37 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 ++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..78bd469 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,37 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**IMPORTANT** +This is just for reporting *BUGS* not help on how to hack, how to use hydra, command line options or how to get it compiled. Please search for help via search engines. Issues asking for this here will be closed. + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** + * Ensure that you have tested the bug to be present in the current github code. You might be using an outdated version that comes with your Linux distribution! + * You must provide full command line options. + +Steps to reproduce the behavior: +1. ... +2. ... +3. ... + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. +Note that all messages must be in *English*, not in Chinese, Russian, etc. + +**Desktop (please complete the following information):** + - OS: [e.g. Ubuntu 20.04] + - hydra version [e.g. current github state] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..bbcbbe7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. From 51da37bfd87c17e2b246f7a1a003b4b1044954d6 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 29 Jan 2021 10:29:28 +0100 Subject: [PATCH 146/332] Update issue templates --- .github/ISSUE_TEMPLATE/feature_request.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index bbcbbe7..d0c19f8 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -7,6 +7,9 @@ assignees: '' --- +**IMPORTANT** +Please note that hydra is still maintained however not actively developed. If you would like to see specific feature here it it recommended implement it yourself and send a pull request - or look for someone to do that for you :-) + **Is your feature request related to a problem? Please describe.** A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] From ac2fd35b4f3a8965db344b27033a601fca7a7d7d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 19 Feb 2021 09:19:05 +0100 Subject: [PATCH 147/332] allow configure to pick up PKG_CONFIG --- configure | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/configure b/configure index ae81322..139c9bf 100755 --- a/configure +++ b/configure @@ -17,10 +17,12 @@ if [ "$1" = "-h" -o "$1" = "--help" ]; then echo " --help this here" echo echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise. + echo You can also set PKG_CONFIG if necessary. exit 0 fi test -z "$CC" && CC=gcc +test -z "$PKG_CONFIG" && PKG_CONFIG=pkg-config FHS="" SIXFOUR="" @@ -1305,9 +1307,9 @@ echo "Checking for smbclient (libsmbclient/libsmbclient.h) ..." if [ "X" = "X$XHYDRA_SUPPORT" ]; then echo "Checking for GUI req's (pkg-config/gtk+-2.0) ..." - XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` + XHYDRA_SUPPORT=`$PKG_CONFIG --help > /dev/null 2>&1 || echo disabled` if [ "X" = "X$XHYDRA_SUPPORT" ]; then - XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` + XHYDRA_SUPPORT=`$PKG_CONFIG --modversion gtk+-2.0 2> /dev/null` else XHYDRA_SUPPORT="" fi From f423875d900b84673708bbab496593507483760a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 11 Mar 2021 14:00:00 +0100 Subject: [PATCH 148/332] remove rain mode --- bfg.c | 29 +++-------------------------- bfg.h | 4 +--- hydra.c | 7 +++---- hydra.h | 1 - 4 files changed, 7 insertions(+), 34 deletions(-) diff --git a/bfg.c b/bfg.c index 0d670dd..d9667e6 100644 --- a/bfg.c +++ b/bfg.c @@ -1,6 +1,5 @@ -/* code original by Jan Dlabal , partially rewritten by vh, - rainy tweaks by owein */ +/* code original by Jan Dlabal , partially rewritten by vh. */ #include #include @@ -174,8 +173,6 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - bf_options.rain = 0; - bf_options.gcounter = 0; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); @@ -202,7 +199,7 @@ uint64_t bf_get_pcount() { return foo; } -char *bf_next(_Bool rainy) { +char *bf_next() { int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) @@ -213,18 +210,7 @@ char *bf_next(_Bool rainy) { return NULL; } - if(rainy) - { - bf_options.rain = bf_options.gcounter; - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - for(i=1; i= bf_options.crs_len) { - bf_options.state[pos] = 0; - pos++; - } - } - else while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; @@ -252,7 +230,6 @@ char *bf_next(_Bool rainy) { if (pos < 0 || pos >= bf_options.current) { bf_options.current++; - bf_options.rain = 0; memset((char *)bf_options.state, 0, sizeof(bf_options.state)); } diff --git a/bfg.h b/bfg.h index 602cee6..6d11aee 100644 --- a/bfg.h +++ b/bfg.h @@ -43,8 +43,6 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - uint64_t rain; - uint64_t gcounter; } bf_option; extern bf_option bf_options; @@ -52,7 +50,7 @@ extern bf_option bf_options; #ifdef HAVE_MATH_H extern uint64_t bf_get_pcount(); extern int32_t bf_init(char *arg); -extern char *bf_next(_Bool rainy); +extern char *bf_next(); #endif #endif diff --git a/hydra.c b/hydra.c index 3695110..9e1268a 100644 --- a/hydra.c +++ b/hydra.c @@ -1780,7 +1780,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { #ifndef HAVE_MATH_H sleep(1); #else - hydra_targets[target_no]->pass_ptr = bf_next(hydra_options.rainy); + hydra_targets[target_no]->pass_ptr = bf_next(); if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif @@ -2280,7 +2280,6 @@ int main(int argc, char *argv[]) { hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; - hydra_options.rainy = 0; bf_options.disable_symbols = 0; // command line processing @@ -2316,7 +2315,7 @@ int main(int argc, char *argv[]) { hydra_restore_read(); break; case 'r': - hydra_options.rainy = 1; + fprintf(stderr, "Warning: the option -r has been removed.\n"); break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! @@ -3433,7 +3432,7 @@ int main(int argc, char *argv[]) { if (bf_init(bf_options.arg)) exit(-1); // error description is handled by bf_init - pass_ptr = bf_next(hydra_options.rainy); + pass_ptr = bf_next(); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; #else diff --git a/hydra.h b/hydra.h index f0a0253..6698eaf 100644 --- a/hydra.h +++ b/hydra.h @@ -206,7 +206,6 @@ typedef struct { char *server; char *service; char bfg; - int8_t rainy; int32_t skip_redo; } hydra_option; From cedbd0ddb2f035a73bf4bbba8fcf94b68c1039a0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 11 Mar 2021 14:00:40 +0100 Subject: [PATCH 149/332] indent --- bfg.c | 16 ++++++++-------- hydra-http-form.c | 12 ++++++------ hydra-http-proxy.c | 35 +++++++---------------------------- hydra-http.c | 9 ++++----- hydra-oracle.c | 2 +- hydra-smb2.c | 4 +--- hydra.c | 2 +- 7 files changed, 28 insertions(+), 52 deletions(-) diff --git a/bfg.c b/bfg.c index d9667e6..faad45d 100644 --- a/bfg.c +++ b/bfg.c @@ -62,7 +62,7 @@ int32_t bf_init(char *arg) { int32_t crs_len = 0; char flags = 0; char *tmp = strchr(arg, ':'); - + if (!tmp) { fprintf(stderr, "Error: Invalid option format for -x\n"); return 1; @@ -170,12 +170,12 @@ int32_t bf_init(char *arg) { } } } - + bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - memset((char *) bf_options.state, 0, sizeof(bf_options.state)); - + memset((char *)bf_options.state, 0, sizeof(bf_options.state)); + if (debug) printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); @@ -210,9 +210,9 @@ char *bf_next() { return NULL; } - for(i=0; i= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; diff --git a/hydra-http-form.c b/hydra-http-form.c index 4cd2655..3979e74 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1215,7 +1215,8 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char // 0 all OK // -1 error, hydra will exit, so print a good error message here - if (initialize(ip, options, miscptr) == NULL) return 1; + if (initialize(ip, options, miscptr) == NULL) + return 1; return 0; } @@ -1224,7 +1225,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr_header_node ptr_head = NULL; char *ptr, *ptr2, *proxy_string; #ifdef AF_INET6 - unsigned char addr6 [sizeof(struct in6_addr)]; + unsigned char addr6[sizeof(struct in6_addr)]; #endif if (use_proxy > 0 && proxy_count > 0) @@ -1251,7 +1252,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { #ifdef AF_INET6 + 2 /* [] */ #endif - ); + ); #ifdef AF_INET6 /* let libc decide if target is an ipv6 address */ if (inet_pton(AF_INET6, webtarget, addr6)) { @@ -1262,8 +1263,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { #ifdef AF_INET6 } #endif - if (options & OPTION_SSL && webport != PORT_HTTP_SSL || - !(options & OPTION_SSL) && webport != PORT_HTTP) { + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || !(options & OPTION_SSL) && webport != PORT_HTTP) { sprintf(ptr2, ":%d", webport); } webtarget = ptr; @@ -1342,7 +1342,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); - + /* * Parse the user-supplied options. * Beware of the backslashes (\)! diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 757a3fe..3a97da9 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -51,15 +51,10 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (debug) { - hydra_report(stderr, - "S:%-.*s\n", - (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), - http_proxy_buf); + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf); } - while (http_proxy_buf != NULL && - (auth_hdr = hydra_strcasestr(http_proxy_buf, - "Proxy-Authenticate:")) == NULL) { + while (http_proxy_buf != NULL && (auth_hdr = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:")) == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } @@ -71,10 +66,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (debug) { - hydra_report(stderr, - "S:%-.*s\n", - (int)(strchr(auth_hdr, '\r') - auth_hdr), - auth_hdr); + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(auth_hdr, '\r') - auth_hdr), auth_hdr); } // after the first query we should have been disconnected from web server @@ -115,10 +107,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (debug) { - hydra_report(stderr, - "S:%-.*s\n", - (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), - http_proxy_buf); + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf); } } else { if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: NTLM") != NULL) { @@ -220,10 +209,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (debug && http_proxy_buf != NULL) { - hydra_report(stderr, - "S:%-.*s\n", - (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), - http_proxy_buf); + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf); } if (http_proxy_buf == NULL) @@ -234,10 +220,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option { if (auth_hdr != NULL) { // buf[strlen(http_proxy_buf) - 1] = '\0'; - hydra_report(stderr, - "Unsupported Auth type:\n%-.*s\n", - (int)(strchr(http_proxy_buf, '\r') - auth_hdr), - auth_hdr); + hydra_report(stderr, "Unsupported Auth type:\n%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - auth_hdr), auth_hdr); auth_hdr = NULL; free(http_proxy_buf); http_proxy_buf = NULL; @@ -250,11 +233,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } ptr = ((char *)index(http_proxy_buf, ' ')) + 1; - if (*ptr == '2' || - (*ptr == '3' && *(ptr + 2) == '1') || - (*ptr == '3' && *(ptr + 2) == '2') || - (*ptr == '4' && *(ptr + 2) == '4') - ) { + if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2') || (*ptr == '4' && *(ptr + 2) == '4')) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); free(http_proxy_buf); diff --git a/hydra-http.c b/hydra-http.c index c487144..7f1d56d 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -314,7 +314,7 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI char *ptr, *ptr2; ptr_header_node ptr_head = NULL; #ifdef AF_INET6 - unsigned char addr6 [sizeof(struct in6_addr)]; + unsigned char addr6[sizeof(struct in6_addr)]; #endif hydra_register_socket(sp); @@ -333,9 +333,9 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI /* normalise the webtarget for ipv6/port number */ webtarget = malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535 */ #ifdef AF_INET6 - + 2 /* [] */ + + 2 /* [] */ #endif - ); + ); #ifdef AF_INET6 /* let libc decide if target is an ipv6 address */ if (inet_pton(AF_INET6, hostname, addr6)) { @@ -346,8 +346,7 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI #ifdef AF_INET6 } #endif - if (options & OPTION_SSL && webport != PORT_HTTP_SSL || - !(options & OPTION_SSL) && webport != PORT_HTTP) { + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || !(options & OPTION_SSL) && webport != PORT_HTTP) { sprintf(ptr, ":%d", webport); } ptr = NULL; diff --git a/hydra-oracle.c b/hydra-oracle.c index 5f1788e..46deb44 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -18,8 +18,8 @@ void dummy_oracle() { printf("\n"); } #else #include -#include #include +#include extern char *HYDRA_EXIT; diff --git a/hydra-smb2.c b/hydra-smb2.c index 31e211d..275bbae 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -152,9 +152,7 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { case ECONNREFUSED: // there are probably more codes that could be added here to // indicate connection errors. - hydra_report(stderr, - "[ERROR] Error %s (%d) while connecting to %s\n", - strerror(errno), errno, server); + hydra_report(stderr, "[ERROR] Error %s (%d) while connecting to %s\n", strerror(errno), errno, server); smbc_free_context(ctx, 1); EXIT_CONNECTION_ERROR; break; diff --git a/hydra.c b/hydra.c index 9e1268a..145d6d2 100644 --- a/hydra.c +++ b/hydra.c @@ -618,7 +618,7 @@ void module_usage() { "%s:\n================================================================" "============\n", hydra_options.service); - if (strncmp(hydra_options.service, "https-", 6) == 0 ) + if (strncmp(hydra_options.service, "https-", 6) == 0) memmove(hydra_options.service + 4, hydra_options.service + 5, strlen(hydra_options.service) - 4); for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { if (strcmp(hydra_options.service, services[i].name) == 0) { From fe930f4dd17d2949995499ce702e3b48946f7cbb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 15 Mar 2021 18:52:54 +0100 Subject: [PATCH 150/332] hydra 9.2 release --- CHANGES | 6 +++--- hydra.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 8a36029..e895e03 100644 --- a/CHANGES +++ b/CHANGES @@ -2,15 +2,15 @@ Changelog for hydra ------------------- -Release 9.2-dev +Release 9.2 * fix for http-post-form optional parameters * enable gcc 10 support for xhydra too :) * msys support -* fix for rain mode (-r) +* removed rain mode (-r) because of inefficiency * IPv6 support for Host: header for http based modules -Release 9.1-dev +Release 9.1 * rdb: support for libfreerdp3 (thanks to animetauren) * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) * oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) diff --git a/hydra.c b/hydra.c index 145d6d2..1a00976 100644 --- a/hydra.c +++ b/hydra.c @@ -226,7 +226,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.2-dev" +#define VERSION "v9.2" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 2ec0b164ca4126fb523b95004bfd4cafcae1c1e5 Mon Sep 17 00:00:00 2001 From: Ruslan Makhmatkhanov Date: Wed, 17 Mar 2021 13:04:24 +0300 Subject: [PATCH 151/332] fix typo: comparison -> assignment --- hydra-http-proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 3a97da9..9eace98 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -185,7 +185,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; - auth_hdr == NULL; + auth_hdr = NULL; pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); buffer[sizeof(buffer) - 1] = '\0'; From b6dda7da81636f97f475eecfb670995a54048030 Mon Sep 17 00:00:00 2001 From: xambroz <723625+xambroz@users.noreply.github.com> Date: Wed, 24 Mar 2021 03:50:55 +0100 Subject: [PATCH 152/332] Add transparent PNG file to be used as icon Add transparent PNG file to be used as launcher icon. The original JPG is not transparent so it doesn't go well with window theme. --- xhydra.png | Bin 0 -> 218327 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 xhydra.png diff --git a/xhydra.png b/xhydra.png new file mode 100644 index 0000000000000000000000000000000000000000..39f27047961e08c21a6de7984aafae1f5991c703 GIT binary patch literal 218327 zcmYIv1yEeu()HjH+}(o)cXtMN0>Rzg-66OH3-0a&cY?dS4DRmE&%N)x@2{zuGjpoW zw&}gPd-dAkit<22cszIj0DveZDW(hnfPa1k2f#vqUT)pzoOPRc+LK-C1n(dQ3n zLm8kL;NzcHPDgRV=N&kE$sbMtz!&s?-e7>V44luKFwRnP;xH@V@MyTW5&epEpSN(G z#WkEo?QCpJY@Gq3jwS}qCdMRg7S84*Kq)yz^#CMn0DuG_B_^!uzH*xB_S@Jb=|k|K zqsh@lem23$pA><+mo^Zdx}-ZW48CHUj8aTV6;iyrAF$sCUqx*tw64|zD=GiW0L|gr z`Mj#i`NGTBuf3_P{3lpnb`|T+n}7oUy3W=Dq8%uq^T3NlA_|9DmokR$S`rY$wH-Ew zAM4fo8p-(V{G5ICIQcOIq44>yLfL}6Loc3j*@QAT$B%;9EkCT9s z?T&_hVW{K-u93zpaNX@5e*`&9Mli&ul8cINK7Pb})U(RNY|d8;wz^1PBnlQO57R1h zKEjvitLA|o*3CeU?Uw(2K3YYd8_Hjm)+PA>7m6)m{Lr@T^j%>KaN2R83wV8Ln`|YZ z22Q{A^(vHFSbdLsc3NNOZyTVa`p=kC4v&t&^grH^kNJ1wM6(*_clU~O zFWuO?LWnZu?PhaoldiG>p0>WBn<&ztI@2J<<8Y1xhae=LS%^J-G=5^2BU}=vIuB=+ z*3i`QpV1P%6)Ts-A2s6fVMBt!M&QK<|AbakJUl+?FuNJJdpV685KJ+vXOeL0EcG+C zuIC@|gzdfV*{M#78YPaYQB^j#V2>?vvj4zlug`hcQB=ya-Tg75qZ#k%kY~Mij3ADwFa3V5m^9bsq z*@kW@g++B;ya2pkcZflxF&}>;1$tc;b&88K97pUfIzF=Cc0lV$G6y7Q^i0M0e@o#0 zqMu%Jv9N*ThaL;h*A5an38LVC;5b14v&B~huqO4o(aXQrEpB-EU2l9EP!19Cw=^WL z3xr5BvK{f}cdXm1Vz5JVt71QU{h!T0Wz(568zw8a?gl#z_9y-BXOm#zFmfw#m#yH^ zMtiGRN#pIO{dNI0mi&D87;A6T{?BlFftDmxna+8yn=p$O?REb%h(BB>6@T0f=cSYB z*Z01ez4qf){ot>e_5M8#HSPh+?`++E&#Y7Leud?zFYVpTZzH2K~Zv*O=7;2q` z1`oCzg}yN3FX@0#SggKocT9M3jkZ!Osp0MZ$P1XTXuqf>uzz5LBevRmkM8w)v1`R+ zUPZwVRZ%!(;`?twLQ`iE86r(b^V(nx+J@NSZSlye71WrIz%LA&&76d*3+vPGiY=gh2ladPeYE-wk1E{7|7VRiOI{cJU|jcyi#lAI z1UF#Qs_OJ(sto# z$&u|x{v8v{)RkPvhRF>6k!Y92oIQBjq2M%h74C8_LBV!$@Vy7w8{n@_;JK71__|fJ z>M-w>28|UA{JbhmNi$O*A&0^n-WXI zrwGhgwQ>_EgjBXu7Hm}F{o9;Qhd~h2Eix(&ZO&V-;!?{t!i*+}hB-P$6T-qOlYUX2H&SPa&vvJi3z;?l-{4kY&Z zz3v9up%6^v8pL(gmxifl@2!_Vv=I%Qx)aq1iU>dL`fH8~4U7+nf4*;RYXc%Lxpf(~ z=Na}P3H<}LKfDjyks&Uhjr2Y?wzg2UZ%>T&<%7h~T34B(k9<%|f|`xjj8iNXUp_v;`_mc0BdF`mV^q5qTxWk~1(ag~)e&8nej#Xgn;_ zXipPv?K`7aBN4S7J+TVHQ8*vkkEewxxn;YKEs>>i&FS+&yli_l!xS1|wK?$p zET-*I(T(w=dsV6YUiYpZuWoA&bY=Hi3W7It@#l}xHO5#oX+X0FeLm#!W3qQ|B>F_{ z&~DhM6a#kz=+GQxu&IfAq?XORFMf}WDxeX!>J}bdedcY1e#Q(5%lNs^_+tzJxox4ySK;*qSS-hB;oytG88sgd@ zqQ&~1UgL|Lhbmu5>!BWo@eM2_rpBuJWGKPYv3eKw|KIhEvBlZmMZAi1fh0Ecaih&E zZj?J=eoN4~_92E)wCMEyrDn7uJT7`bjcADk7mj>`gp%& z|3(p|9IJ;o!(V$0UUQ;8O@#$_-)5oU7P9;*tDy;m4>eu0GDGsRFbx;+ahc`z%Kzfq^JZeV>L*|eb z|77|jum1}XRP*cg=uQZxQJd)4C*JL3!H{SX@2-@FYCX{Eo*o_DSBaONaoTh8= z@f+GuT>vEsU{yz3VI*WF4Iec-To>&(&9^f$RQwNxj6QH`HcyKQ3eSi6$bvKN-cOEY z^JO*`Hb;l%7krHxw1pftYhew!H&!dFIc@91giQyvd$a|tQyYOw{V}n?m5=Eb9ER>8 zE^DHwiJ+}`Ad$~(p7>jW9!_uA24>@Dhs?{#de+FuiAaQMqtvt z1_Xe?hXg*u2`0%>cmFRKO>zG*8x4HANk{UVH^_L&jUD*%ZNT-XJAwV@h7ohWv(jt(KlBn_VxjdL-+UMJQV*T&=M1LbBP}ABU3oD?sw*!@ev>E zc=a{gW8+5eWo2-%Y$sMw-obk;%l`GsW-rI{hE;)|-|VgR&iZ^cN^?~s zVhX!81&-^@w}+e67aWbqxuIvmNq^XS$ZXxgwO;ry%w+c_QxsNrARape8*}pJ0z6}E1*mipErFh&<1MOlfQfmKrb;~p#66a{R8h4|Zy;>DD zC_7AdIZOoL1RZ$z{eb)^{nC86gDr6J6v_C6(ABopRH^r}&xzE0u+f%~&S5j9T$-1n z=lk?)Vq!uD8U}^}0Rr&;0u=P55xwa1X0+MH?>2?6dns zY89OBMt0E|x4*z7z`#JJiaw?kj`I$HhYvb`$N!gn@sDBB@EOk6@O+GGe+ z4)D56WrH``7}>I|$^EkMGg80}nXhrqXmU?6!`V_TGZM7n6#R1!amL_sR0N>U2xnVx zIM~UPZ^!fX%Z@xuH!Pk;v)$JUZ=__wXh7CQb?Z^1);+H|2;zAs>3@Dj&gd#nJXWyQ z`^m679^|S6a4PPupow{l0Vi^9^v{NbK+|yUrQF@vyG(DJmJSKN$p8KTZ|x3B23^fp z`x=d0_49FTc}xbkfg+yy99&bdL6SvPsOf;`N(=0<{n zE`<;~y=ihamWX^c;Lo7|=l8!*3Kg2Qj>S#wcdDIkckEZ&5vaWXhN+f)*y2J&AC8M|)?o~r#&h&<4IJzx??VQW642wgtA_t(924%=4K`Gj(h z`y(@0n@4Q%%PIz96Vl6WY6>(-4ybW%wrq)+A8hFk+hTA#Ggqb5(b>|?QX$i#zXb5^ zj@z={G-*fz9tCiMD19DUHM^U$;q#6WeB>_83jjvbV-Tp_z;i$FGyK3+;?P5!kDKH2 z2agvmkf%a>iJ|pm829JEU(q*rKk@A$`}MI{XHObRjw+WMxza;cAgGe3ziXwNcSH>b zH(=tsar-HPIqgy2l_M@x$4yn+MAzqs?%0yddf0;HO*kZlcZ%<1QRco7Ly&QTIm5xs zJ)GGbdy;>_LEejT;`swVXJT<9KNMe(C#u6_ESb;FJn)frJJ0K+4-ryWjJ#AYJW4Pu zdIe8L{$9NzCrfw$-u!FumGt@}#B)Qn_Ze?@)v|2Fl_B@1_xx`pgf$`fv7_yMRs5K( z_j*xhiBbe9&Pqd(BGIO$)5oZZ-GpgogiDbwtO6%X89m;{#-Ey4-d3#4pkp`Zv+;Y#!v47~@#5UCk)f_4SB%H6qVp!BgQL^1+8NWf zBRN66IFp0>Dskh&lwd7vGl`LPkOIcak{m(Czm^hXO;zHg^5C*P%Q`p$)yc_iw1X99 zoCMK{aFF|(>wU-jv?y6HT~0bMZA6x(?}SfaaNxjfrzJIL7binXgvCiQG?<_yB&I!P zbNyfkA_IS29A!G}yoN-&zVu%B-YB-u{NIS%w`=@7rcZ#X%8FQ=>(T3x0*ms1wSnLTRiKD@ft|Fa7u+pe3&Pp=nlC+99H z!@80djZpk&Bw_)v-aHYlN$H|1B0Z{Um5-uqGV&rnZ(;}-+L`5otql)yS5oLKpDrgB ze;{+A@wLPZ^R(TNw+^BgeM`fhBDqv?0&kQBANtM$-XJT?KLX?3gkI;3n08Ns>jEAI zI4@Q^VS`u+?V)CIqiyx1_rK%+NFnBV$ba$OXU%Tq)wN)5J*chz)^wW%gU)E)+^Ox4j9JWCG9JftY%#L!qQfZwdG93ngkZKgKB z>E-0Zs1h9a0yO(<=PeL5#OEbK`BviT^PdM!g?m*PQH~WHF|;XjITn6P6@uN7ZG&uL z^YLGFUW}+2?)0izn?X<^M}!kUG}&e|MVShfQ!jiURs|urj!TTTtIGbD24m3PfjoJp zW#<&^tnNM}jBo?R3fg$KCYm*RBt?-sBKNb+!c0z3UkYlpogEW(o0fT=e4_n0?vH0L z-!*R;qd}+*&r-c7E>vVICCvJwyD`A2d8WC?;5-S znf>ndSn$JEmlLm8!S_DU+aYj~kchG2zr*>k&+vPHqDb)NNSFG^N^7?BLZ3-=9eXYr zpvSpXiL;BL+!c?VKq~kH!Lyp7ZEr=C=E$(3K#8aPgcy4uOj-O|I6W{LJX_OXWBv3_ z-=z2Q;vw);=ECbcN;l!_A{!V=(IE2c^pMx`w-D>?k4iHk_g1|u%iHXZBt^4=qI zrJSS!kYC{{pIB$Hs!X^2_`f^jeXIF#JCgfp+-^7qTV_Ib|4*EJ?szISi#kQ7#A>>Z z@oJiA9d2{Ff`--T`D(@k5ot`2zcw|f}%+6!cb`vmT*g^n$U ze*`(TCBzkq)&Z~tlS+WCeAWcYRL)`MZ&(rQk;#{R`bYi$>%S51)@I{%a7D0{bm@Qk9{yX zyC{HdCTrRLkRB&!+>e(Xu-N4+B+V{IeoHkLvZD8Bz-SL20LM?Yht*};>x$+EZ%CGy z6vFAwjO|&GDj9C$m5|+cti)s|-p>jeKs#dOk zt9_#f8f`zDYZ~~%BykG(hw%Hr`bpqT0=N)(8#4Y(y{3kSh9K`MX<}V>g}o{8as7-a zhn(5}W<(P;$hzb3e?xC@Ux$_fG|c&k!Ly;JB7;aY+;?%^Jqghu*@|bJ+1Qn+5UQ4U z8{;KO24J*yfMPa*cga%Xq5%s8X)^hlHs-)D{=vD9Lp?uVkJ}ct$EgIa!rhq%{zJIE zg0_+c*9T5weC1vq{Jc-HVPKxMN|bhsT*(RPr_!Q5Z>@qkZ4`Hn$d2v2e}@V+GymO4 zW&tFK1!M#nif07v;NRAoZPpf(mP{p&UUtNKN35HU|CEN}6XrnTsr(4OkPk7JBbc6l z!BpocMMS#xKC~3B=w3Uz>kQGdeVf(xk7Q^){5YKgJx%y|O)r8Ti_o|IqW(?424Z5q zFt#g#(_!;J?XvRzK+MEUUxAY`&99tZ^V(66?Jh6A!wQnmMdwb?|fgBEQ=Bm>x**jVW95s4X75$jKP&*TF=#&^&BPaZomME z6-RCpKV&dl!X`|1d(`5&8;OGLTK9|}Z@gjcVJKF3_m&qK;hDLfU=(H^Lf8X16{WJ2 z_7g#!0m}Lm402VJZVq@sEbn==w%?n=d(}_x4UYqdgG@Ky!=iNC*0DX>DC$N5$7TQh zYq>i8o

~u8;SN_V?z+tD6(Q9xB^c0&GGLB*17DU#MW$f#0@Y4%feV?iuER-y?a) z`1p7LdL4`-?vj;R@j&BfDn=P3ZrpNF%D%u?SN!AGAPO+)!R*F&NTxA(Fx z;G5q*O~e~S)kbxMD!r;mvGi}rX03c{Qpx&|H<*wtq!b|wJBOWUVKEAqIVB+I@qyzV zfc*N@$#2(sR5S{Sj*59&u>OaZg@>o?0p$15^uVhx=(GJ!g$1tdyvyzV(V6Xf?%O|& zJUAfuA4VtB@E|hYyQe!}TUkriVoQ!Qw(0xj!Cc41U))Uybkb;+Dv#PY<#A zVy+m_mgV2$pb9a;|8&;=aEOkBhYPlu^00O;faby{nNO8?OZ5fQW`4Qb0Xoe|Qf4Cw zZzVl{UD39AYY{-;Jml-QD5~3Fx!2(jMMr_|{>RJXEj@Pov5Ba+oj-X_8%$X2qWw*t zkQ#x(&US(j>~fzUH1*K!_2HIcqCS8&@E;=K3@ujRnd{~B&q3SwDsArK_uatMIREAK zj@Lz?VE!+XYQIJ(x6S;Vwg+i192$fIGVHb^0t+Avw$M+_o@6C?(Ih{yOx`a6F`M89!jx8 z^Nn`rd!AfyU}UHt0r>(Y@f4 z&D`Q}vH)GhxV0ai5Wg%9Zm0K*it&BR!4=-h1jyp;pomP)bChF8bRDQ)yIi{A_y_<1TI$sI3zPF+8FJyTi{{Gmve z+?VXjINL+WW9wBXtZp5b+5OLf;CSq4O1CeLj-fC1SL+8eK>5e z`3T`0r@FmvdFG1ZtB$q^j$Rw_-y+o{fIt<_x2?vkuC88IhjWn62tL=_Wj?j)0BNe3 zrWP-DdwI$e@A&?j6NA}l?tF>H=L6BHMNL`uf5Riq#LFEUk5WoyxnIX|~G9s8X-noK{-I>~nf<@WM+;U}o~_!s*< zPxN)JSYWteQP-^V)3vVrncz9u#H9QF>O7ui#{2RNZT?vkJYQ=$?R+_J^Ld`l_C1{H zMdE-VXs+(q-5!0~7013FR?tQP5&WAe5MoDS)2}pD`)#&&c8*sa_-SJQnzUaBG8!x- z((pA~ekI=nf7D@sKv{wdS~fq_`};1PF9#!rSt+$!$|ife>KN48&*xwArkGFk`k{xf zLA*g#lM7;g=O2CllHxdAYG$Y=83rSPOPBI=J?Xnm;Ugu>#VR#9&Q(K7CXgmARES`S zmyreyljBfd^EfpPoWEqELLV5Ir%M5okJ}RGcuLMrD&zm1{zxkHqbvlOo5q?uf1^5Ezzr4LA9JT zo%2D7Hp$&{oHafDdVDbm*Vf7^9^zh5f45xS_i5zE&A}Y!bwc(lr&-1)22drGnw*{4 z6!TwS_A)lIoOq;?lpI4K^HFpo$MD`aLsWe%-(7@XpfH{-^oOAu@%B&1BrASPz8x;k zc2xM5D*nL0dvl|pGclo3q)d(Vc!N&Ib!C;p(mJSJ@CO~S7jEYs8()iZ;AkPr?yqRF zV9CYJk z>gYZ)n=$$OaHX*cz$l6kh>*eTfLe#g9ezb5tAnzWrA5NUhd+ASA8sx0c3kgrg6~JM zzOMr-P%97hoL6mjKH&u-U!8Fg==8;gzM^H^9*s7iZ&$}zj3gYH=h3H7sygr}e6JPW zgyshmF8r%sDyE1?9UUcFdd<1+W`uC$oaWf_T7S|1fT{LBEr3UVs*`Doz;o`+hTHj| zfTy-c#pC((w1MB~nyRNIl@s;^+2Y2;ey&p1MhzGTlA$!IYrCS8qRVhz|JKfEwq&1M z*grmf04Y2{!Gm@2eevPs0T|SCUti~Z&gXib*>iXZn{|LXr@8zFx$?X9-KrOoJPhZy zYH*5bkqmf_p0tArm&x5kR#NgMaTZSFi2y?;?82y33)V~_#1gRGQYG$_O5h*r8SF`P z8{6Gm-i^~~Kk%|_)`JE;Ai;zaMSWx(dI9n#=M;R+DWBC6mfMXoR%ZGGQ+AAZ0P|%6 z7Ek=Ekg6gA+MF~Z91|wVHbOAGF8Hv?v@+(=kw~@=8h|7vM!H9xarlNd6oUa^H+3f0njKV|&k+6nG8AEg?mbYe4k z^<>c}`|Ad-lq4N8?I@&JsZ5PQ6P1GdEz#X{ooB&@V1F6$jjzL(yq8>DB2)tR1iw2b zI)5I8UM+LP@T*WcrusEpuT%z_75&c64#^mj=;+8Eo%_pC@p`-Xgw!Qpa>qSj<7r}t z+dNz6$a*+I<}oTN`o{VLAlQC1sqND{j=+xxCy;x+`$qxhijeG|z-7t6;mpq``;&N^ zGXb?dby1hC#UUx0HTlWM}sg8 zin!LFDbA>SXOhV(pzuZWi7VJ+H_XQ1f#64f*U{Z1rH((ZiROhxP_L-^ykxv!+c8h4 zXLnWm#nMhmFm%3cSkOG}55ZwDCoI%5r}n>=hXm{*6)Vpsv)#Y0XX~GjSzyof`Fe7~ zmJ!9S_=Cz=n7-@Z9CAVAi!UG}T;GO{SLk-79&jK}3v!KY4uHW2iAF`I&>%*4OM(q# zUXuxLN=q6vhoA?>NiunX3cWYUi*NSHk^Z8Oy4Q*oDi-x|N$A_E!({uc))I8Cio|fg zq2DQ_tizuEH=&4p?|cU>${A`AT_N7^cpZ;<8X+ub1~LWb@cj7biZ5k!8SRAPR%|M1 z0K(EMBf_%cGD!gs%e$Hkw4kZ64BW@!_cZ@Zt+HReONhSzB^v6BZRJvcIQf_^o{D~B zDuloq-^?06;W9Wjtk=$^Nif+_6fD+rzzyo{jguA!nd|Ik$&&DnJMsZA;KfmZ=AsCA zs+Uod;y+JEm%T0~`rXzBgRD672JD#Bl(0n@b{f~y+>A#p)!;+G7j<7cps2E6lau^T zto-^h^|mAEI%_8TvGp9)-V7;KG9KSm+}FW)nN^o01?Hn8$dnT8D#eE-QlzfX^)0{R zqgwCIg;AGP4Q(04x0>ZFg}p0QH4iI|hkqN-tSQlo_Yf%|wG=HgND8QB4jqWRMMS(( z1%0L~Hv6TB=^mzUB$EP7F>>k9rPg@CJxbJx(_5%+NLqCSj@L@s*F8;t%r&WYjPg}0 zx5ESR@~-3)N7Ojfe*WO=Fq^?cW0s$z`8V~g%{S~_aj{{aEjgl~Of4wy$Rt644Imh4 zTI3sWZvYQrsSgQjmh7-??k;Sxf^MrlrPT^=&DWcEkGovACv7XV%#u)IlmE_1Z6s22 zV=BaRl-J2K98+mVnO6m_uBuPwX{X5eE8gK#;2>E%TTfJvjNgv-RtTO2C3wWj_I-Ce zyDM%mOB?P8VQFgm0rDXDTWSc$9%+S0KUqH-%KTe7DI93W%Z}@p`dF4UH^NeR+n*kX zhyjR2SBAa(CpHB2=_(H6bxMrK=f$okE&Y4Ybt_{=lRsv;y5q*r$+p~2VzPRUZc-qg z(f85@G6@AVN$M_yjqR@5lQ&yMoYMdh=@?=2^)QXHBlWCXJNB zk&TU+B|Z}(QX?itA>MZy7)*%~ldSccEVYw`y6YCiwU$?l?-d%Npkp(S{^_6BnaJ7l zE3BV(l##4-riB<0y%4B1xHFG}m-oIwqw`5FGIt99TbJf#h}fG6PQ?m>1}k((d7r?` z_JZcP`Xfh28ZSco)wvlk&b@d;q-lxgPFrc83JJJk3D&={_`Q5~d~Pm!$*8rs79Q+TFHqH-%=Y{6Z87OYUq3E3>&n)Z=aFQ? zxwk1bZ8DcEDruyBXJoYbq83P+6vaZUloHq=-|6;l&4~^Mv13#c%uq-yBye;yZ=~Bp zcOYA=2ro$)jC(d-P$wn5*L_68rpZS>^(!P-set=ul@lZXWp@xEfcX9LXUl2b=sV@2 zPycb!H_e*M+&wz=`UUyjz(wK-cI+%EMMTMG`hqtCX`7Px)Lp${W3;y~ss@ekY1Vr- zBE9T(?ztT7n*RP6WO1^_lAfgF7Qd$jqD9@7zaYw}QnM=KY;Cby{a9j!0twN;GU2FV zRPUSrrX9empw7b7bb{;j*{QsoTWJ++aZXv6Sgibz^A2){>y!5Xltv9+^4XD{V|@wO zOYI!T*@?eLf3`@Z z)rDmkE6@mJ(~*i7#2&K$hSy@&bf^0dtqhPi=LU{qQj_w?A91&R4Zpx*T>L z%zNBxE*Pd(!3+*HF$X1T*@5}W`|DneJDFbJ3RMx;X?oE#&7~-hWD83VI@bFLn__cC zIKm55CZ@v+Livqm28sP%L9$8vLBs-0UQgG1+2x5cHt_DL6lR?l7|9b^(zWnUs)NBd zA=oO2)lMIIu#sWIx(6>IwmiBm$7E;8MUvD% z;UG4q1Nqu$TBCu1Je1GNBq(7GQyWod=B^EXYK#5YNd&hcJm`%m=xqL&E*U}6P+9Jw zj(4$6zCYz;uEg}nA$I^AB8BIlBQGzj^c4;F6_?`t|8~&OCTrGm)L?;%S*uM zgEQ(c7&82(vM|b%6)_!*T;QU=G9_Ec{UEAOmVzA63?$nk9sl8MJtk-LEy_r(gZHA{ zDZ8uxPT;(G=M!T;%%v&NyymjB>@RgQ98bGYpuyx)8KR_eED2#|B@?0CI~DGlLdCxN z!}<2?T3HZ20aO%Dn;-D46if3uV-X1rYSE$;>vr6?+iatz45MQ&=+xi#DScf|$k$#D zfVf`PU$;Wz4<9S;Z*L_P6duIO)vLGLV|^(;(f1#nq^s;F^$%>`j$nM#)~45VvB$v0 zKPU~5d)?kx#cfJ<8(&RuspgGkO(6=#Wo*6YWIwm9fL1G>p>jEyy5#w+gu#j6Fo+fI z9u5#`)E5(0erFcOS(iI4SO$F7sgu6`UV+}8M=VM+cRc%EcbI?%U=Pe8ok75m#M>>E zGp19M_ujKIpD=DY3V7iMWt7%}Spdx*B2Ol|5YbBOLCv}z$N*j%SEU(@A9 zMaeaNeY_ZXJ=PINxlmIboDD||it#ozc~pL5Sn3rv$VR#?Jn~7lgQ3%O9Pf+$ibe6; z{Nl?P>*Vh9N%g^I5VEdXrNr^yR5r5=AC`4`Tm%bjb|7s?jEDhhe!~wTMx2&K!Yb&X z4wHVNlOM740!`x3-8eU|2>z&1fjw`wYH<0{KPHD6RiKDP3wb0A+KJVI*ppGdrdsyj zuoOfAwXEz^-}tkh!Ev`XfzMHC2I4@W0*96k!hobs0CQ*SGJ&Y zQ$korG!JxfS8F8Nfj(JdC=)N=W zlPWKLDH3@4c0rKqUV>Q{Zt_^j`Tetl8ia|v^=({7TFUhNJSvFfKM0Lq&3(*n?6}Oi z2yU9S3K>E+X|poa*7XJ@JtAY(f5)xw*~g>K;OM9byOYeBr~cQE;w2}@k0<#S%FCHEKIyWXget_B|(c|mI00WtTSjL6`C;fHG8Ew2srv-fIARUSC{!W0|F1Jkd*6iDS_4fFLHyGo?42I>uNW32Kmu?HxWmEk{86`@)# zl$IdQ=@w>Tz6vRUU_50+nMXsiLgNGXFuW0i0FgqFjf|)mpJOS~j4vzRTPE9&XNdui zK`W%qLv><=FQ(n9W~Vk9(_6W@JK55FZ^h&3FGq)mVN(A8Fv$Zk;p)T=6e&LY%0&;i zo#jLzC^d~1EM?sD<_q18_lC*9;%}L(v8m&kiqyGT&E|sf!QOZ)X}RU={5-2`ARGFr zX?PtQNg(gc+#FNmBI@Iu=I@1bjazmXp~{YlV9c{4Ax%du*{SljZ|(X9tsL6aWMSdh zwabghfEtgS*n@>i2sBCkHDAUwxStnb!1FJoSk2$NG>sXA3=nwP5OO6tKV`0Ui(?EM z4F}4!x#`MWxv?0y@2$cOyJ$4WmRwrvb|fi|8E}&@Q(Ha4ww-(XuXv0Qbj$ zp9hN!F20lE1YX^?QJ69XK2+!V12h;MrT|@pXcwID80XM0@tXYYp}4B{Eo3C-0lTOQ?x?i_kOa5|VU_4%=_Q z0a*&0zPSDflRXm=7QsL6?w%6P%*?cUetB`Z+U~!K{!hN{V1JqW6JXz6u4jP6d&~58 z7tKkeoRA;y42>ll6rvK}k#f1JWxIc-_ll5(s@q}Bc<3g&SkSUO|94fBG&>{_+1ELx zk;I_SR$XzDtGI_F=FSB~T}rY0N3y@QO{%h^dLM!M_kP7F$K@S z-%XsEl_=S>&`i_bp0=E7-YML-w`38wpQG}@YJ(6ZxV<89p%N#e(W-sXA9o>iv3!XI z2i#c!zrzShC7lt_#4BLK8W?>Dmh02Grh~CS894)?I!elsJr&oV3k#pT- z|4A(7#UO`*&Rb?nT5GWmoDl{UJge3-EP!($Oa1x5RS7m^sxR z4KrYk9q!Rr^Ycu0m*B|OAi3a~8pLKaX+ShtqRFTi}eS7fb zvY#F2oKKq$j={R!%ruA%nVJoCWhZ_4wm0bZ7T)CZPIj-=%z6|SQr&s6vPCA!D6ER4 zNCm5U@|LX#vWR=AjD(^ogC3`#%JW(k;*6cyZmhaB)6D^Wh#RS*Frlgofi3&dv|A$I z>fH<7FXQgZM#8!Y)ov3Y_DLbrDbkXQ_8wlsvMXf_849D=Z;`&#TAA@0?bXRh0eujQ zsxqj8ms$_AF@279B&jl&lvO&jK!-=?sbyt;E}G9NobQ%d<`gYU%Oe3^^rQeZUvPzA zkCv9>1b!{CYNOUDXiM+|6vsum%JlkqlIu!@-{x~LTyXh7lO<;8VJsXC6(|Bp`cWbd ztf{JP<&R<;s?0bh?JWLg2$o5~1s2jS32_vGXrY)AqxiV=cU$2K0`qb!RtEKak_{{q zG{Dor_S6nZjgZU(QFX1`v%>@hftJAunUr_%P4;STmQII%^TJimWCooP17LgJQ5Nrc z=R*$+v9&`$TJzjnR%E;mwuo6d>uEqP6+B z7pifvk~XZl#0Sd=ZS3QF8-tvLL1O5ESTBRx7;X^VYC;Wo}w#YG`4(xqMyT@0NvO zni8+#F``yT{>XBvVdt@SWMt z^7yjmxa}DU2&#c(odtLVZT^mmWbs2{W4^g)QAQM~7GK(jP>RF&axGC&!7G_GkI9q9 zeqGMQEYJ{z%#ie7lUO1o`v<4w(#(s`D4?P->EasJ*T+k12we_QY7JAS(ZJ+mjEV*? zFm>dIG!eSMri~f$>8E&9d51_gD9_KAeRqij$U+jg}IYsrgB{l<1&T*;?zw~4D|DsAxWDkRc1QyZk>1@@ z#IOl#eKF*`ulCYL?k9VMuN8$msz_L$tGRw3E2;^nEb6WaC7`}X-Xhu=6jWEqnx8cUP*Vh94Kv2Zkk ztFf(_ENB$7;o3tC=F1G55yjVM?|#r3(P2sqRPq+Yl@kpvqgSf>F7=2@#rO(dFg{=l z(F0`9QCx{ai<4<=^NxTe-xH8F$hHz~ke;#1qgf3)_)4udh=Z#KB*mdrOi8trc8!y2 zMAI16@IdK9izrk@;@Yd>*I=`v{52-R6L8vsa%}-wph|mW=X=xU1A54M@ZDck*XgGc zbP)C?5C7+QQ6sUlOG{2|Vd2;1+1Y%$?^R)V9jLR@U@)ghZQ~(DW5HVwWQF`naZ`o; z3EMccQi5e?RNA;X%>8=ghwM1^l_s!al)fvP54y&QmGZWcvjYeK_V~sWMln_kl-yLd z?x6-6iOKY#HXPg#IS54txwzFRC)jf{-}0fJEU;PhL^`@u7}Z&j)?4Gk9&huF|Fu1G~En(g9jDA^&eBu=ScD_hf)dTe#fo6Re>L~vKP(d@>V3|A@r zCFdL`yQ`!`yTvuHAG|`HZ~hCicV~y7^|^G6 z)OMb1X>+EStj)AUjn;*-vvC!_h#HxH#6`Z^xR9-2YI-gK8?k`r^ISM`IODW&oEt0hUwQlQa)|JRK(B5%jaY{q`{-V=yAQ>&g$K# zeoC{^D_&FsKh>!R0T;!nwK2cLHsNseB;ASJ1MLt(QJ5oQ!4ONOh0N&#RB2QPFZ;!C z1LK57RfE7w#gL*Y;zs8k(0m6>AdY`vxao>ahq-NzP_e@lpe5qc*@=luQE4&38YRi8 z(uO>bg~`_8DtHf!q|+q-Br608{$gk}Rwgt~7{@^^<1lVtBTn*JOOz@X8%f5Rg#EZb zeq$CQ1Ie<)JIY_lJCP60mZ)V;ryaQiHgiOgqU;#@{`^z0aqVz2qQ-zXW=XyJROg&F zk&R_SdtC&7%ZQ=mPw}lRyo%-&cJ#`!u_WnfkeEF_MtHNiLXf2f;6YmDa|7^rpt^FE zI7>S6Ll$ra_(*bS(zjpy+G8(X50MM%i0BsY z{v5m>CECm%5p8LbEn)%n_#hPNfE4-XVctm45@7DL=^M^_Zk;!oDthOsp9d-ufDA@8 z?(%dX`M$ol{yU6OlfEED`YcBG-0jF7_~3beXWBhOAEQft<`2J zMa~T-r}bwSLx;OV8Wk^-;(nRXs!t~6E;@VNEW4xS<=m@g!Bku}SL54{QkVM4%$V~( z=-=!IvZ*!EWDBb8$e)%g#cs)d3)Qw%sJxW_dEFD2TK~9&1Vp$b*yL!2{N=)kIA4+z zJuw{Tk}hD;Q*(Al7?7c$#f*YAL5&fxciU%cV!}%lhEyoW*|`}T0PDPb(^J03lqMa` z))~zDVn(unIFH(`k*iqN+2?!G*KE8)n(BOJd6?#61p;rkh7sy>5#b8LF9dzgAKnVxR` z?)P~xyj{m6>AmZs?LpuyYgNYcB7{xEKQ3-6NK#2jQL)xPjE9w$HYUc!d7qQq6(|mL zz%clRfl31|{Ut6qSV)8iZdk74Yg2~T2*btm+ts<#xtxeg1nbU^>`6J>bAFfX%#H=m zg+EzTC(|p63Nkjyjr*Etwt)j_5{bt>H_BX^J2Z@qH(zzfqf#jQbCO68h$-0wq`3>6 zLk*9Z`g4c}rIyZ#E_>g}cY{shQYA;MNOsr^RN>?T13_};(wJvpg|f10Y$Pk4e#~rh zrav5B**F@ANlN+Ajy(Ua8T{tLa)es)QKZ=%9#nU@N(bHM6MKLByqGX%*}Zw{S~^i} z0F+3uzb6=d3MW5BZ-V4x6B*o2Ri2;ct*oj(R_<;RhUZp46E|jN(n`f|j{2bYg8)08 zm=n27KDq2x@2m6Aa~3d7QMjzWD_Q()MB$84n)QJeJ8>bb2HTRCb2)gKt`!h^Uk%bo zaT9yS7y_jV6!m zhTqDM=$9KNj2n}c{g6!Mf|Y{_P9fv;-mVufh89fy5>F=id3^4_ao8COeZp!OIr$`szf@u5cMCj_y=zrV33J0^vN#os3Vpdyr>Af_!Pmb zHrm`KDRLU}PW~TF*PvJlv?OCYnb^FsHL>kXY)ow1wkNjDiEZ1?#JI7sd2e^Wq0ebl zS5^P?;ib!hO$ytn;fzGj>u*?0#+~;;s=1@aD2Q3=Qy|YPXGo1QjmK7(r~6t0_~R## z#7$aDY%I|bFj4@DFoYEtA&P~iz83fFzkLfZ-R#6d6I?2~j zn;ft4he~vzUyd$&N;%R=^=bB6kvfoFZw|cF*Xt#-3|%j|1y3YWZUWU@rLOAqJ=YFY z%Z+tbaL>r0xxx9ukiVqD7*b@F04W!(Bfm%>G8lFS0ZcQ95MmL3$1@g zSj0edPuv;7%W%UJ!)nnGw4ng}mu+8JYV3c(001Pa7th=3h6}dqaNKcg5pSCHPazRq z#09G8{Xq+K4bM%J-!TMH$GFaAM(Cs>=8=yiF?@2_&oCii@^s{f#1J&3m+bL!Y{SEX zu9^8LuIh?GP;Hn(==jS&sJ zcSJPicROrgW&eCBet77fBVr)lqKj6A*qfm2{QWJGjPr2=5ClV+sX0zZ;kck&P}!~E zq&x7z$`Z2D&F~(J1rtUWBFBbAWVg7|XbWYH%?&v)X9_*Crq}=cAo$nun#Z9TaLv>H zdP@DzqN-ddy3YasRR;35uhJxer^crimeUnKc)-sHG+wfp8nXLPC|TIk^OgFAM4Flx z1MdmAm!J(~yn`T5x?P+vo@je|dRhyz5v{jkRK6XX$wrV?T3MH6$tF&>DCsVb2*}a9 z_4#;y+23t9>&KyEGj8#N&DXd-eMH6qb;I2@4^NmJ)I0Ej%A zvPw#vYT&M;pd{SjmdS9SM+%|lJDk9KMHK9gelak&7sQsesEYY0CLdi+$nT~~EN^^K zl9D4FB!sR-^~1P>Qj9m%6F9`U*Yg z|DZma$>urzrq#XL9aJU=Q+K{1Oc_fgW;10C8%_a63Ki+*{K}&C^YtRPy6%atD8{ic zD0V!@jeDIi8cXwHb3u)@6*V%|28G1nxYt!B5L<4>!{t7;f*h6P9#RoFRcSvdq!YfR zVFbs0K@*5|wDdHX%w9CP-YbxkI0BJ5 z0lY85f@PPuxh#S6a0>8mJjji{$G-gc!;RR0RC~U-#~eam->;tM%UrGL^eW_ZQRWIBoD|nC;E8`eNGbp-QcOOJBjb>j>b944 zqfCklMlM+T_pG5m&RlQ?7u?!oAehM^dfbfPYx)Bf7&3!yL-My6w@B;1-_hOXW=8+z zC+U9iLV8LH-9=k8j|~a1uwNX#5WoIU+@Ri5Y*09|_C|VU^}zsF9qY|lqkN4*MbbAE5z5=>zofF zb+QD1WNT%8{@y@6%|$MY)owWX@iBI(!wr~|2g1Dy8B2K#NS4)t zkW;@DM|KAlR28DwshHO{Ap9JDg2dH6d+9f|>z!jTv?kH{-f#9rlFp;zhG0UIkRL85 zNU>=J52H13lVYV-t+Vt2rziIvGhu`3Fe#D;$2 z3Y0iI$);=f^}(f#C5kllEkU-ibfri=Yu*T#tK<7T(P0K#bJ+V2$?(2@dwp#Lg0>v@!W0$qEeG+U&7IJB%Gek z%#5f+>&FC+ekJ$Ei)8bij2WY%>QtZ5LM4NJrNkL~sPh}by3p*ALQWXEzn-$o-5t?i z_%?@KUfTIlsq6cgb||0u(}M&X=u_djT^?O{l-@qGR(jm_{bF{^H@C6ktMiz6ECr#A zCYl&eQE;i|dduRDk&Dqi&(#BhM*6tQF}iuft+M;m6ThLJQ0FNp6I z#ps6-KpPBpuNer8Fn;-`J+s$mwKFl5rq|mrhOVUCaPB)NgL9Uw=@ay&hWN1Se%Q%W zrh+W7d4>JFTkK2cc=2&qtO$eSnA>;!!`NsphshU@LkLhP#3t>$`CtYA5>>;SJkM}{ zXtC)MpR4Z$`DH&hedMS%qcSBk0jLI1ZgN^*mi^_#5H?d?IqcMG;NUj*A-qolLZUR$> ztpUfP&xvDH8v1KkXQjUUOVP>`UhL7$g%k;!dQP8LGxu#3YQ&Ri8XbJ!nVc+6}nJRZ@{Ntx(5MB znRaQ0xY0)(uLhZUo8E|b+|Q`hfa?l=*n^EeE=63EiXudi%GdeB)z?t8*cKEKmE$=d z316Ycu+ff-C4Cd-(12J+G<;#@$z%G0fK{X3x%%LGdh37T%pnmHqwDQ=1XsrxGly3C z?;t9}(IxSW#73)awNWk`8=5_Z+3V3Gfz-x00#zwWWLlB{lFQzJ9De?rApP5%75Whs zLW;{Idp2kYxvfYt>LesO-b zr)b8h{piZl-W<`>wI5?{?1MBewT&Io7Jep{0MeHz6D8Dp>#>0C0HkSugN_FfUl0kJ zvc}7b&@?Rfk!c&wfF_3*sYJL<=QN)z|Eg5`DEYrCD(7&(==;bhSN=*1Nof!q=6fg6 z()lDenah^Z-3{8*5=b4Z#@lL(9>@1L$nZgPJ>wjEXTATVg;MLxvaDJL6)H54XjX-0 z7cjM7KfvYtyvDn^J^eRlv-g1U0+f^4{8=S6H|DqmW;R#k1vGI=1JK@o^t+BWjYJ## za6bTx1hyOMPYMr3t~>G5JF_f?iZ2@2G|(BOydLp@CKYS z{LHQ&$T+3PXtkSi+I$&YFfiyFoa?;17>XvE6a9ILCWay=EEh9!Hr4TRqV6kfrHhEg zs4Ga$uf>L>2!Q%0LvfC&(L#$U6cO~tKOiu!unIWyPFB#9p+DfXkB5puurN^OXzw#Ze`RiH#s_NWH-_IXUYsgpV+MQ zp5aHaH~O5Kx`dN4fe>}oDp3?nY+#0LsIJ%3T}tlGFj3C-XuuW2m5(<&-wW@MaKdMx zLisNGP=Wl5Q9_$aNnZ1>R&hi=_Cv|M^YDy`ZiYUTh=J!4PfU4&AwH{?H9S#J$5!YJ ze3@r9sFLW=D?*dJviA0Nz`r{nw6D`AB$mUmoo(%ZW>ax?J?@(BqYt(sOD_eU17{#I zGB3dYY^yu$sr$h0WlZj?_eO8|#ooMpqQO>z2hX=BZhD~WgxKWY=x@xa zoXK?f-wtP4)J?z7Pw9`a0k6A&)Hs5H2r`N5!cxxL2dZUeVqEfQPN@8boHIK86r~L0Nm349>oMLBJ4AUk3}ZYqT9chp#!_Zz05Z{G zMZga!O4dbpq@A~^0q@g}9)qK%xy|b_w44JOm^yyjb!SZ6dD-$dp&;+nf3( zpoPBQ_H=)9=TAtAk=P%DmDg)a@LsMxzd18%eJ;;IWdCsazD^VHaD;(108uJ!zl>k( zt%SN@cZU-FxN&haPOh#_TAyR=x(^@qPS^HZ<%R(GWI@$8a@=y1B4R|bptnG2ub z`FqcO%BHP+EGCeJL@IRQ3Ojy_OJGH6dUl-|cr1{>hr)sHx3+{Hzj=t-?%7gj(#7T& zm2O4I>j>IibvlD58hM^>(}7=+Dd!yahZMEPcffCzu|;GtT6vR1g-&a@FfG>gr4`dK z+K-g_5he!bW&}RB!%~Z)IG)9FG*tN2__G z(``!&W+ieoPA2)z^)h^yYV-9aRiDcES)n#?n0x4xFS~S zV5=$y7Dj>aaq(bkle-(W+P+BX`0n%me0ALX7!()h;BdSv-3}`a-VOle9id2(RYVX* zdOFr@G{x$9K2YIpF~ox}iT>A8t2=UgKslF&EQkk&?)cFo@ZD7pQIE(`B;86b6`c@` zBGXW&>6^&@TexW@Ckl4{A+AUY+Hv&2||jBL9n@?R$#=;&zn^}#}6|}yaf$)%|$&Hti&ix7(F!F zw&oxUlJ#Y}##PeOgjMRB7NJo0k4!xQ2n=oiSxL)mL5_bBC@claVmiKfWwX)35rfSf z`0@6n4*%UR7UI_8UtV@V=CxR?UMw5h(EhdE_(_EzETo9M<&7No@d=Ab$DLDroI8FR z^_$g86>s1yV@^J__X&kM(NQFI+R|ujQWM|(j+^)9!qv9(SSd$fbx4AN8$Q}}_^n%r z8d`~xu5=u2uoyB6IqQV#bl@ZBH6T@a1lC3RdK#GP~OzwyVc;flhd;;L%wg`YeN z$>GRFelXL?4AZzwCh61h7@+Kf0|v;c)NHZ*1iyx_alIg2F{xN_-m z?Yi!;s_jbsk3r=USRU>-$W1%)hxx$WcVjq!v-`APrBor4`JrZKtF1!yHb(fgt}*P_ zUxD8BH+9E>XoqM`rl=oOQ)Z`C5p?OyL9!JQqvXBV(eg|MHL37vvHQX4NzVfdGnx}# zoWjX6y7P??+?!-_4&fxuE{j>OFok(6o%-TX_bAu`@`3vzqZ3peg+x7@TiW0|Lj74M zBr|^Z*};*MwOo?SGo~XmdorbrlxQLtVnt}Mx4sdjEmyw};Jw!Bj2U^5o%dQJ>j!YT zZTb-SIZV;25iOK!f*1ptQA3RUQ49x3lu=$NQm3=}XKK7S?LOWSt+$YI@^zR^@rBnulJpivY4N!?zsL}_%z`#@BRQtL+oM9 ziCsVl*)BjRiU6`zIzPE@E^@Xv&F`MI1;{O^U<)!cXOgIP0ez_DED5_W3NTi{P*Hk7 zS2f+)slmcU{hsde1-W5=@_4m9^raLf5qdol4LW2Q1F&gAL5hqxim0DaS%;e%jOKK{ zU6A6Ok33ItMsKDU^hPe@_y^asH}dmgv!#v2TY7UuT;+Z#Y14$LM~xCCD~Ehlu2fip zDt@D_R3kZjj37*A%YoZ7K6{OoL&4LqQJ7*@%TndH z;LeW^3v)?@g?1q7eRZKf88ldO%gI8Oa^-eCr~{dbPOzAuqTR{2aL-*B;f%ow>I9`C ziD&h%HTlh;R=N(nKle&Hsi&9A;DFTeg4NAC zi;xP;enlR~7wVA0O0~7RZTh~cq!d;r8;QbO`kCnz0yKMU2QFUVj~i^K)>pi1YW!S3 zd{-P`$iR#7OEA#HL5&asB2a7;G}K{{a3yfER`Z!j`^Ahg$W;d`zMG1+cv+3uVAK#U zTvO6$s}yj0i6K>cqS^Y+W_qn((MDoIl4d|dN**$)Hdxz^b6+Hvr$lK=F8kK70$?El zbaXxGoN0&2ucJ~xG)t?v5}>a`K6i-ViFYt37957b0*gV@70T+bop1=~u#~VIVl)xx z%#omId;8C6J1Z+~q)neoKK*@KT7JmhSzzV=qIXy^|B17M(i#Zo1a0Au!~ z&TQIwBehdr-f9c4z63`1^WIZon*Q?|(??ywA2SEZa(R`y|Mn4o@z>r-$Txqypr?j|a zGWvU-yh(-}B}8}(Mw(7@b^-SW3h>NllK9}RM=vd`+Sy~57*kY;R-BhB%qCc_`Y+>$ z%vzljksE(IF7FH}si_F5smB9-Ou9zl_MYGuNQhz;s1lvun=*8PaMt2$*<3`wUkIw8 zj0$b`7J+%^m@kHPlzzgnQr!ucYQF!)IY|5%I%U1h2-0%3<`6jenl2n_{bgj7meLb8Z?S~2sCX1 zj>T@?J^ z+jkU)nxDMOF#$fNL#6Luv@2y5Xa?VC-VREm8PUjiO57$2#9m0!u$;HPlhb+6^6zt1 z3PwzC7-3Ob(E_1E-b=+KOUgY{YY76km2PI)s!CH~;~$GnNEyDDM6)H37ry!0_93B?%>^-3J(WtC&qEw{ z!QNWexvAgDolsHL@Y0%N6u>IC$GaRB3kiY#HMMBR~Ze7jtkxMU{CY9^5%^1sOy!lu%C)b$)zIctm@*J*4q` zgLhvS;_eqDQLtl(J4cEIrF&&e`NwF=Z4H@^%>u`u*&QF&VneP^mmg4XGewudhy3ea z$q=L_iX4r}M&~eSv&G}iBKPB>RKB6K)?GPZ=>L#&bsRhnUijY4bSI6!H>Y^t)YkU^ z2lU}($}CZJ)55CC%r0op>rLm2lHXf%Y)H*xYKgXTVn$2YVn6rljczrxxsvl;D1vS~ zz7|M*BS_`NRH4uV_4hBSCJ(8wstuGUG@4Xo`p1afB~6%=FzgQ2z`$SwnA9j4HVA`; z2Nu{N3}MxWSo)<63qTS`Nj#dgi4R}dmX_n?N^rJSXC!tU30r^4%O46$D`iSESLGua zSEXF%e}c*uuX+|6QTb*88aBaJB5)q+%co@qi_`SPwY9AZlXS1ve*8ZdKyl_dKR4zQ zh}~htEbw+V!u2({#-xZNRmog9@^P*3!G$@QsXz^Q2vMSwiI*(sV#`tC5LGVHoq|qF zaX%i5)HFtqw!Ql^n{o7yTC;|mY~VsEo)Io&bQfCKKQFoOq>SZ-Nm^0VVIB*CQvM+j z)z}4#9M{O&0zUBSlXnaJgZF;XQ#mKdz`mJMpJq-U)m-_6#21v~B~#i#^N0z8(&&5W z#klLLTJMZ7VTp0ondaFuLBoA}7uQtmYzAeof`z1E3&rzuz5@qY$$dM$I#>5@xBt$e zuL4fG75|;7zJ@ivHd#Tw%LD;M9-HZ_YNO4aTISF#1>sIp5GO;rj3D+vIx3~BN~K(j zp(sotZ{REuln#dz&5o~Q*V0dQc^$Uape+9{B^Zz&5J8fK1@Xhqkuy16(NEL*;d2(r z?x}Q?sPY~iLh!@bO$@c@KkLzTgXdbbQ?NB9Jv3iGGfB{*G|ybz>p~&; z-!|;&hZL_hp`kx*+YTweIkQ<0Pg`zwvT;tT2RBKrpHW0cx7UW9hsi3>zq!gtc`cnM z=>5hen2nF{m-)M5(^-FG=4{+&rFdGFL#s=YqlMq1u&L+HkCdw@{|jQ1QWC9+B5S$( zdP<>CyM#$++bm`#K*beN@JkT!z(N%hrWO7r97Q_cVjrW*HW=Ek!4aU$RdB&YQWKg~ zGtqZtyKKEZ4*&KPq=w0-oRN3p)GA;$mMo#I-Mi~SYHF0%uO13Zrp@K>XwvNgw8?Ut zCv|*5n=qR$F0M}L(%n+b6l_BhM#B*RL(-B9!Fs%yMBsD%Qa}3oZ^Qe{I#O_;&}y}D zRILsYPkVdas9o*nu?8cSB6e)8u9|64tjH_Ne^Q77C2M2(@6xH{)=t63KbU=%8vQ(W z3k0A~vy`yYji#kYV!>?U<~OP*AkqmsK0_hFjhwm!G2~AaFHgzsb4&jDxHv>d$e!X| z2D0-y9MNwMZDT!BHW)#&-=G^qeK2W`E;6N|N^)7eI=?-&yoGl%{!o7`h{f|r^e<$Z z|ECiq(*3<5TxyUaN3)PuDu{-MKISVScU8!%HB@0RQ}`-peBpcvjmMz~lq-~8Di=fL z@~QD(XtgXKq^C_cMtXWV+N%!WHgldB(>TsnzuD(rVbvebY~m`@SM#Z+G4$02UwDuN zhuhkRthaCXgqd%)o-Sr~)BWTx1zu%ekxLoyIHc&-1V!|mz4h08uo4bq z=`yYRPCL8ZrMdgj+#?4xQ|WhDH%UA1aOKs_GkaXKt1#7wvvc6#(KtM=z?`iP3DC~B zF5sSo!28M>%zq~vKRVlQ124BAVY6ObEhQUgr`$pQI4zqpkZuLz~`6Hl`y30tOeg(yqPNKB*;QaHV z1{Z>j1dSSr*)y~AM*pkxt|pJq7xOuaf?6o(Y~*HG^{YAt~&Wc=d4A#9_apNeb#qY^ifNY`aM>J zYd>VHR{8Qvi4fY69Ih~Sv&UqxY!Bppf2D`NOA%0D)M`4EVz-|W zrLIULNU9WuCdVAjb2Sw3qiNM`r(51E;vDX%i0ZJ*>8@mgtK?WA73d$_fUG{504_{vqSqfg zJ^j{K>o+x%{*u?+-XG^vwpBtV6xQqva1s_e^=}6$+))kl z1>H_)a1j)i){)ES@ zj_mq1#Z?$Ow>hsYRktSUzg*FI5~hY*?1QgMnt4Kcd4zI!z_olYv8N#bl4AHciJYfG zHk%SmXw-y~2jeW7N9s+me;!YY3c7kFAb-usp~w8QBF{jJ_PnMXV#NV9V)fdaNB`sD zL+2Km(|+yijb!KflE@r*HQ=IqZh#Gs{eTIl)9Fm;k~Dl>$m2J~3jMh20Xv=1)2sE% z_=DJ9SCta{KqBybxIrO--@Z-+r0xAO&F_2|&#vlwbM?GKklT7?R|&m0gZ*vb$M3e| z1C$)08H%|7=Wci>zYN@ra;4CdQAt@UaU?N#nk3WV6tihSEJ|gh*Pa|n%Mq=%N~#qN zGWRE#3k!k^2$$QGHZs@O!-w$igKsG7Lk*0)@R^911;7lA!=kga)dx%*PaUVq>T}D>iQ!;(HAeL?=7)>FTi?&3(wQ4lidM{j0hvq}FrHM(I`H-G^ldUa-dum1sege1+ZsI;Nu(P<_;N6TE|(qh(!_|t zKhmud=Up4(aCLjlAu%tB4v#ZctWcufjCka;8(%5kV9FyIPvq8C)}1woHV8p;g6AlT zL=8kFcyFTT8XU0JZzL;1Z}*2eJ1(aoIgU|pc;lGCKwJh-JP#wd-aqG%olE5L#Q15o zkl8W^f-81F4zJ~Q@>4{OuH?3W)+wqG&j0z^9GYD*aNuJ$EeJdtq_svRyx=4k zWVyyClC$fSp2+k2io&*vZ|~_b;{h#^7qmrbXw!<~+KK)CG2Aafl$TAvCu0m5ijtW> z(~mYAL|TsXV;8n|0!JDyL|2B>7wN#(uKz%g7F3^pk^KMWQzVJ=yEOZJa5!w7*J#qe`-zn<^gv-Bg; zm0(APqEH?^avnk>I+*~&GSiq?eo8-e(3|wg0iiC5J`INW_dy=_Jp-(r_e0>SLmv2u zi+vYH%{d8d+^7@vQ50|MZ*VRKT1;6g;9Ig>>~Qmv!@_#@#d=eM8S>T9169_zTpYh( z5yAN`An=wq*>x^fd>vP@+2Vx2pIFsM^!4?11h}=~+s(Z91j_%irf_p268B!){;B#G zq(aEb=}~87PC%U;EL@cAS?SMzjH73|4^y?}s|oYJ)?1Hrym-*RHFvvE{^mO*gx>D- zK%OTy%BIDFWGo;DvQ+;dMB8esc$9EC1QOxI$jrYc*hcqHd(OBEj~uVRcE{ZWGpxH< zBmj*8!WGCBysQP}kZOGdK=LRlT)wKTEm{P5qr~5O?|#YD7=j5Y<5I=kGEn?}CUTZQ zyGRadE7J%cI8n9)Bq5#T`i$#Wc3V2QHzHdOQh>37ELQKV*6JU6rtzAr6ljUnbM}6Aqn96Btuyrv0^f+7BSGlU_yjJSLPO zB1X7G3@-uQJ3rLBqwxH$jeS4P^?j=m7A2kdR(zkUn@rE*0X(Y-sm(~qF3>v8*E&drx#;nQQ_)y+#LJ5WkW&#RR0Tb%8QjY9z@{uWTXgD$E@eNT%I0^=F ze2n25q772xDrgWI zuoZ#Cdss zylQ*BzCuK9&ss^mb$7{BN}Tji#R}X!Paktwr*7vEh7dJ)JTz|hJX+N7da(g&3v#G_ zfd639s)Fu7jc&_;?1be89q zCy0#>Nt@NPYP2+mD?zIxvDYrOZh4-*sXTHq{Ile5vwif7>pLF zs1-gLSF2ha6~_t*<~@lc^SboNSw2S}V^9TA7h;}nT2A*jlWGg-FqOH}J2a6NkIXX~ zR>Q}zZvWnNQeHeKmL*wc5)Zv;pEsHO3F0usX9Xii-QhXsD4S za5A#F9-!-TsE}fVqFmC2&8E9N08(Kcd>J7E#|s@}!;?QLEUm&?;>C(B+p6oH@RGcl z%7i&sM&U5B?;gh7@S!NtX7IX){^!@Hxtqg@n&^_H=+7iY!mS2#4)4F0D8Xh*duov# z@RKu}3R@bsT>MZmRwpX0ykx-RUT zo7Y|cS*CooB}kc$V%<4E-SclRteAb3w$_!>f@0Jy0F%=tqn$cig_ARv=cdW4NlZX^U zjdL$ylae;MKA*|;m^=(u>$vQBOkxW_3D6M_8&1}#g|aU;z8RGI&_Tw6I$#XLpw@%c zu>2u5y6LpY;`d|u=58i0o9B^}gn2n(vL~z_{kcAb2Qlu@F_opmH-VzS%Idorx$J3u z$db3Aj5e{UXzMGO(@_aW^w0J02_t^B+=x;xy4dR+$R9;dE@+iX z4myrgHvB}-aEDw>mMj`!F&Z2bHAJ0rtx9y{(>iMu6_+ev8WzKs#D%U-=Gz9VakLk+ zPabB5GaD_dEC{GFx{(;kOCg{Fpbx##wXj5fe}0;1htTL+h(n6izdcEKK>Z)H z6oYUshk5K+yruDVzA)ln;6nL<&*8dI0pMYV`%ES`vhGH#|6VW5xV_Md&_-Lf3`C(E zebV(mU(^0}o^Ju$E<*9T-9~mkwsvlY7=7!%8Gi?UdTf82=9kulusHn~eTgeLY!tf9?)@S=45rI35{;uP^gMfTLZk*FB!q!AOE0m~|D=ebHmdA!v^q zU3M6&vLN58YPL@K<6QQOZr2DK@Q`?KiE1pRJya&i4@kH0<=B8UCAEOp4LJ#LLazJ zh0`%(uUm>90yhcYi9a z-QQU8iE{sS@Fz}R2U0GEsQ^+7Z;Xv|k9|2ox_H0Kvm;fbMpNfI)b7z)-FrtaDH zn|0xBg>ca}2<8vPvl%|_d7q5SjnGvMjvr7p9}nQDvemKNV`ElH01em(v7 zi8;l$C*a=~dwneZ&llZJ! z8>c|8t>hLR9@MR;jKrWQ4G#+g*yG2IVjS4AF^KMua1Iad^l)V>{F;r3G)nM6pcorNTiLm{TDDoAq}q8wTGu+0bVo|4|LrM_ARX*Z6T@XB z0T6fE?oZERF(!qad&JH};Y|3a=tfjrR%Ml^H-rfiWG`l7G}JG2nzx>T`?KSx=F@#U zH|aj;Nvh|z_jWlTg*c%iZe?#=Ea$s4p;R7w*hX%D>V3ZQ+5KC~(Iag4qQE~J?uTY* zMXD$#v=}Y0Vs&R{C(ppOSAor3mlZ97kiZw!Z0U}YIY~RYIxSHJ80e&3`A!YA#gDiN z8iQFX!(j!Xpoubc*FN_r!kR0fi@Q#eVxz&vm9%>njP6#jNDS5Zc>+3?{OiRuqWfFN zW1^s_806UszIV$o3|ei$TKiz*)M;FQR^c=TZ>4AeNeI(%(P|gg0)xZZZ(J5f8t)q0 zF9k`zZ?nW54;r3lRkV+UB@HB8|55nm>&;f`a_e`pcPs+3Hz`v(50yJ41z^I`_%@?wir7619QzL zu5_PCnS`WZ@XO04OxzuZe)4;M{B_?C`Q_~T7%yEKJy9T*RahM!9jTaKVEQcvT*)MLS`qMrFr&)8>PfNvo-oAYceyy*gIwjX8(BVGprCN_!D+iii&dl`LK(XY~WU zmGZ!Zd>94-saX?n@r!9gC2-H?+11Wg>R@!psSo!pBTC6}Qigw_L62l`rWc49*U>9u zZ|r@4!1){*QIp`(U^Wmw+0wCp`B0^KbTY(-<%7bq(oBkgo6Ytq$pm3i*g%#$%IL$Q z0j%D-ID6iXp369C$b862+ige@(?8sxn6jX!*x==(VN!2>p9@KtY7h^x$KBo^X8g3D z+cTLy1pZ$NYEBDWb941FoSc947QW9Cru06c6Ec+&hU6>;!nlO+AVq|nmhwMPe_Ip) z?T=@G`yabSo=W|Jw;6$4{cWG8 zohkO$;g#BhTiV(@m;J$x7TdL3A(U|X4h_dIm3Pk@k}R)52MEIup|9UfZG5z5)$Fkc z%CXW%JISasu+8be;Hed*DdsDLxmxG@Rw(cjqD(EIPY9V*U{P;FdYwSrrp#-bl3{ETN&<(A_aJVEPeX*~ zpov7h+ZuU}%QKS|1A(m|NX2y!cGTf=uE^`KFzQ2iQ6ZCS*jOo+rrDFx zrezU{`1w!|)VK&?0_EIFGiMPpC6gwQ=xbB}0dspk=!yfKZy&Q495~bx?s$NLiVxpF zaRZLIW+PD}CwVu~EUzm9R_B3<@AVsWxHNyP@kI?nhzeE3GAh(v>Er!hNx>k>y4v+c z@jS3|31Yw-YFdsn)6=I1u z&tBW;+~pmX3R5cD`2V>8H_yg#?{c*Zhw6HLlWUFGJG@s>!sp1{uVAttG+&>wGlIfsglwvS0UL_${&?J|Z8i9OAF@JFR4~D_;y$~6S@dub)gq0M zB~B`+I50pLFbu5BhlI$B?iQNElKipT#x6^wGIC#!?mogR*M`regLHzAYox6&aPHc4 zr|iXZ$p?<`c)V8Mh3H4Dph}Z*oQO7$Bbk{HH;)-LXdgG?VY zPzb63Qvk@bxYyu4)gpkmXlLlB3MUPf;V1fe3UMTtJ>0YH!zpCo{6+zmEP@hjqKs4X zc@kzHe}62~s$9^-+&V2P*=EoG))Gd%La{#kS$6g zS2IYyIAL4}^$+P_AQ=R1R~Ptj9O#PB)E@&jCJrFmpLjs9#hXw$#KzCy`Gl*>OYX%Q>A56}I~XFkJCH{G-^0ob?R+Lg&<7|st;Ti0;w&W_IaYi$+48tc&S zI|&-cApEke`drjNPx7-1=FZ|zPj|Cm-h!_ke9$3R`hh=U$|>t|G#+;tqIE3&Yu3Yx zSK<_07mKA%9i3Cxx_zET*GCm45*uL<@<)MMWisO1sfo5UCI$QU+A0 zL^A7+k^cfvGPDP?8K#$YACIkANy+y~Wm2Y?CL;4bW(UP;vSD z-_1F1KZwCX(Qwl(zQT&m;)fxt+PaJ;yo%+Jqcn0a~J=SkYxRSD6E-|fT}L$=dkFdoEIPT|s!^=Qb}FsG%J(-$lt zjE0dSL(vZyEDrO`+O@3PzJolhdqv{*QgKpGLEGJup2qjfIN2;(8D>OC+}+niS{NTm6(@-*=|ofn1kBj1ST3S*35m=I zL~Eij;NlYw=h3C>>@~Jtg)uGGzJ3Psux&TY+Rr@i{3+-{8FqFV8EqB8g4xJ?fa>WL zT5J8p6Hm;!_S$RDxccg=@88z}*tg!Y_0f-B#E*V-J6-)f&ZydkPZfrTKBl#8kWCne ze)n;RhI(}9TMcxHQX!&!Ac@B7Hg3`5n#buiudJ!SaRJ#_Cu$bXq3&(-(2k~S#mlH= z8xnN0mHQa6zjR`SDx|RUGa)6?aSL*!Zq_gTn8teLOBu@ zhJ>Xughn_tEc@snLYI8PvX2TvD3uI&DD+La7e)s4QyEZ8K=$?a@Z=MZX+SqNHnMQx z!iS!J{`t$NO`GOlbImnd&OP_s0>Ejfzl#T!{NXLTe))X<)={I!oZH{qbF|hP+WWcn zj^A?FoH=~xn3KtuhtVRoNR4dZ7bp=KaUDCu)s8v%ln{xGzekE7DubIb0o66tut;?N zLsR)0#xYl+m4hZi;t?>+j?NAqTd|b1=T)4F_naf_#p>8ml7I-U;F2>>(Thi;8 zf9U>9ZEi(t$1*GIEIe^Ud@Va-#CzOx>>x(|Z2b2y3<;u;Ao6h?hm`9wu5mPH9`-iQ zIr2~>S>Ao{k#r4q@RhrNO?%G(n>st$*}jvK3eBiUXta=|96=BSoOI}7TqH$DSoL0k zBR%{uPgCO<#??2_GdPG;f{>6|lP2@I_nprHvt}|}$kUijlTNt=zDtC0>}zct&DTHv zk1UuvgQ4LfgZW{kbggu-rRXKqzu`Y9Wx;@vOlYSjO{m6fXi~0$DN5;BjEf-eha56< zG6&9@$P1fxqC7@eI4cp)og{4B1>;8}YjXypamXxq%7>o*B+*a@&w^)G!B9aU&{to5 z^?ipOc38vGrAr5oKmJ4>fBeyX3BbPfzqd{};RJs4quaUZrtcg$sdc}L!!W!gsjz2H zg;S4!x*BxZCy|zs65T(5?&?iWmX6NdqPl}C$25|fGmV=0Ge|eq;rJn)Yqt=sSO&FJ!5gh@OV!@= zUhEnMgm!MN(73jO)d2)ynaKB{93X}Z=-~q73uc~|FF>Ib3$+Lk^!NAcKmYm9rvRsP zc6Rdl&wu_mzze6o!1haGhDpB{Va=(1nblna7Q?R@In zKW5s52^=|N0mJ2jIozdV&2a$j*oxhJEtEjx+90fq{y!cOc_aR#6jHlHluhM?G%kBu z;D}fo-ZcT0k4-q4Ft5Wg<~PIuMnLys+g}#xyoC zYrLh`=?Z>8By)B{{W3DRj$tr3A$LCV06oJ)jLkNh13lR?as9sMK*;<(R3WvwESJ9P zB+fqmD8eW-z6M%W=IdZm4M*_G_HGK1GN7+Gm5Tw`8q-f4!h?MlSwga@+2N! zx{_>-=AB0!#)W5|&V;cos4$D5NKH)*X_=-UAMJ-s7(1G;UGiZLn{^0X`3_u1(?2w1 zmP z>0<7MSfX0T*F6m3rLCwV=h~@^1B>UvGi#uG5L95Sg%{3(WiNvt2!UYh)@>UvxZod; z`Pt9zT(_?Suy6gZt(h}t^4MdKan3pCTzta~*MGgQudgX-*&q2f)X@t~+t3ft(zLCF zP-sWMrmf)n6#vuDpfS8IL3TX_wyz3QtR ze8?d@{KtoXTVLO}uk~MQtW$Gy!bV5hon_wf%Uo=x|3keB)yu=CC5Ch^hek^aBJq3YbV@Ty#?f?J! zMC>)%39mWy4Ju!2MI-^oMM@6`NhB0uxrlbs43|qZWHKDTZ~=$TX+{bM6=W!tL)PtD zPri_6bgqU{6dGWsv>uX8;Dot%| z4cohVXlZQZYnOhM17|P7S1u`$K~X?OmZc&DD$)tkKhknU@Hgj%040-AM54zajT7X% zjyllnCg~z{n2e?Z<#NK?=5qUkPqSmFU_gMnYA?p@Pgg+K0BmSS%$WjygmzuTA#>pA zwdkR|VT{z*!OThU$`&+Q_w@9P`{M)m9|Y`60QRl_`E|`TS98rZ*RpZrM&{0)d+ei+ zKKg^czCIHkT}N=jp{Trh8(-^X2N1#}9bKE8ha`nUXgE?>3`fWg83)u+DW^lcCRami#rv!h$Q{P1&pdcsfm$v=OL zl+0O5mqG|90gP#BxaW@J@#5weQ3~cwnn-Q779DvwB1JhIBAu=ULLBLu>RO}`LJ)-k zX*UfLTs%r)*{ZWj99)EwM5>JIq-<9}B%f~(6&VhP!SNA93>J$lUA~SdmaSm&tR#WfBW})2$do$JrfkPu8bYnlcry3 z{|ccg`aXm{p#oniTLo4+2SNyxRVIuSY}(y}bX`hJj@ zVq60UO`VFbr7u5g7QAV4S=2M0$Bf+*s+gAZWw{CPAs)Z)rovQC2$l?uxU zBxwiIuE(g_9N+%JWgIYN0YR9;5upL%Ti=FI8BB%JW*#4bks;Pq62aQGoAk&JPHKrL zmH5CJ$8yGD3sK4>r`nNb?-~X(GsZS>=)CFt`_n7Yj#II|#$Y-UY@z4C=AG!KQ83E* zHR#$J#DUXc=~_flqg4n~TcM{PvAaivVW9g42JXsab5E9v!#gg&^2>bV>(}o~0QRl_ z{yO{Yv$^J)Yt03f@~F19wkPuWyaJ@INyBl6!y)saSTHSO3vJaRFkcIS*xZKhFm7cc zl}1l%#aX-vr?nY;AL&PgKuSAk72;*nw7&Cb+)UaAe1$59NIx{sZB@LglJErBWG43t zw6s#6CP4^=sZ5nJlAkiBK&dKu&crN48*vqZIhiVIq;$ao&Ftl!1QZ}~u(LRM|r$x(|I5c-i30kRc)?6aVR z##7)25nFb36S{u}m7>L>O8#T&sp>_VeBakc1E; zKcl@g3tmrKK_JZ>-*#6t7|njAfs_H2N)L&|m)h{|6}WE36a;7j;S)wa3Xilf_ov|^ zxaKU84njC6B0MQb*JY5T$hi$@p+HCi9h#QC5X_jkAD=nzTn?VLkb*CP&?r-i*x6B| zkw#a^=2d~x1VCVv|LuLQ?MN@a$wLEaDGc$R6OZA>i_ZqFDV53wx1!B{7TVBAJKZyNjoeslLP z0R~1j)E?+KVtEwl1`#Rr#_imA%g@MVGhBV{xfBCIsFm>su;*1Mz*B++txYs++QG7y zx3cWPXOQEYn7CgHGbW8^!lY5m7(brL&0}dEGm7ShQH-vsA>}B_ei_F}k&+tWgp`8; z0%h>@rE-D(zCrSZVY>SI*xB2|j?Nz1cXzV8tCw9py%b7CqDYbU9BQ*!V;@h5QsCea zq1n~fOIKeXxpafo5~w)s3cDAAs6<4b7dCC+wg>Ju|W zDJM-B*x{CCbi@=utw;6^gq?v)8$7`#z&bX|71b$Fk_^ORO<-`0F%RA>C!v07B(6<` zq!oNp(k9W$j(L<(@e@MCk^vwEk8G(_mDV_9$fZWv5tXUPwF=MzTu1V;v(9AP zsEHK)%C#`p!AT?+6q-mwqy)ZD_y{}yk8`Dp1h9y^NVe-pI>TejUgWZW_4)YOCoylz zc!r8)oCFJO*e8V`nLlk3FK*a^PNymdmu11kMouuXwO{u3x4)gIo_cCu0_q&^QWF@C^tIklHoKZyA{k*Z1MMHPF}yryK<>qd+)_ zP+?enA`yIX;{(LXxk?0q1ED>55TH{SI+9hDi^l;@!l074kpZL0$exu-B_=XTs02`^ zVhdbMg%V+nRYq{5tzw!@%vH>n)*4AyOIvQKi$tvCNouW>_tEqw#|P3ep?C5oaxjnI^R!Ky7>_uaejL(Mhs zdmmvSQErG6nmMvjVH1pPX<=OJ7zWmCf#Cvb`!2R+*R!pm78>htM%9t7%TZIC#m#0& z=d#o{)Z)21ht?_5AijUxqV&qJmKiKbng zBnk{oP{ZKRAlr6#FuAprAPR7$L!`A~HE5020YVhmxMK^S`O)_nE|kc+E<)QtB8+OB zHG#F}FeHj@@eYZT3MnK#y#oY6XlRPcLdp>d-cD!`(xI<^fc|_DGL?$F(nfl-3_uv> zi3Wne0$5**O_(uZJSmx_EXpV(j*io3m9QI77No0{i9<Aj;R0C3Yh81CX z`$~t{BZ<122DGYbwO5UQ92`c~H&9ZFjFR|hLMzZ0CB7K(?B8O1UXu(MiRgQue4eLQ zujjVUeT1VI&1PVD*t||5kV2!BCR3B)($kLM(w8?vy3$$^$=-?#m{tOg18cWIT^2pD z3CbZlh#=Mocx5X(j9^S1Oy3VSwE^gzJ9dBU^wUqvFIn=y7x#4l_O1W)I{w(>c>KvH zxc$x_ic3Fosr&46%eM~>_EkFVQ^zCDJ`pl$2$X60+4-fCkv;Sz+L5re6J||D&X|Y_ zLv!PV_MoPc*xpc@4fjOP#Q;p6KT9KA{A(3#u9{hzCuRk z_c|8HqlG>A;`&BY5$LE={*v*GQ$Z*NXb)rr+uC5oS||)xPP=4eU=C~F_w{{C?q77@ ze)so!p2v(Cv-0nH=b7*P=8f0?>Gac2cb6<#k`TF1JMB~+c;Lae?0OFj8dIinDeAxM zvQK>d)?0765t@y>qoz&WlRnKbkZ3VLXS{HiIlGpP}f+;*w)c(T(iX-{-H+a z3oulG_D&RnLdu~~lR;!_(3!NEb9z>7CFbWTh0{C=-8_aYf*Q*S_oT*g92}u>gppHXgGeAuyi(`{e z5sUr^VI2Nq@Tzt!p&)S?GWb0NLJEe;W&AL(bib%d!q`^07*U$8p#p=&64cfu07nuB z!#5nho5x3{-L3bk2d}}EG}VtX39B;kMClSzq!Bj2Il_SJbev{eilPw0KnyGuQ`&?_ zXb_HJam2FDS_?~yHwuV4mU0$?P=*L?J9W|k=qjB9Y!YtMD`7;HlImqw4TOg-i(otq3#(R(aAi zW-9wM!9Cdhs+F#^?lT#7^$l^(wcqDIuKOeh&YVo4RJIwF!O-Lj0jD24iwP5(*|EC^ z(w_Z!X%7uMVu*1nGJ+R2AZoKvpF^t<5dyO(!9W4Mqtjfo$*s^i0E2@f3>8b3{Bio< zLoC_n1@M32di=>JIPbmZH2wR%|9-jB${!r;GbM}^hy^p?L#Ls$HMRw*QAA0UGyzi~ zw1Wsk#N-y3J=tWcaaNm=sH`MxNKVJ z6YI?jN#scUl*4dsn!ZtKdd6kg*;32)iFNFpP)qOV3j)RH=TBM8)nTjl% zzjAmhOWx7K@Vx~QboIi{ZfF^em^|L_xtkiHp%!W~kaDTw3jq)W0c+R3T>H%%uYV$& ztx-KaJw9;YK?fdq!fm&GHxmc{OE10nExqm+UwkRI-g?VbXPkEWGwD>yNZsTMl$UPc z3pf6VA3pK`DH-BP1EzB@HnI)1^|Vf&6lY%*vy>zhS(;jZ9=)p*UTuR7TjAwbO@*^= z8?4<5>$elF-h`_R88gtvPe8}a4rK$kaBOlYsyef=7NKJ)cebT0Bx|<5iXSS%sAPnC zv;>4Tr7H=K=VUCFLsj`xD3qxD9!I)15g3VI z5W*qUArqU&kj>^OL;=1Q_?7`gtTmzZNWrOi)2VnIW%bj%f58}D5 zRax+ zpL>~4T>E`G2M74_d(Q!tLPg5bpHj@2KOHyi5taiy&*9i(P9TaRHf-2H`(G=wEP#9& z)te`5s>iX1tU;|;ss7o~ja3z}dm?6Y*y*q`V;9d$vAJz0-Tgh(w={qjXjMizd7gY> zDgXAH-_YLKMPu3|v__yvCYtgU#!96!*S1Aus&-*<0F@F`Ntx*D$3teVRbnz@C7hg<>v6^bJt5PwdY6m==9s;z|y{78gWL;?gpUMj*5d_on_ zUntU7D46kut>~3)(`Peja_KbLOokfIC6W?HxVQ=&>7leq41&lqfP|BbO$>e}R#U3# zh9uxhIie#F>Cn#l6+u`c@**5uG%k_yDTjsRTu8Y&i(9Y-h)nyjtw?$3kkvZuNPQDkQnF1Q{H48e0N^oOfvt4x5X3 za+RS6jvoWNyHUG(gbIB6d;6|=`w>T8d&oftvuwrkeF?z6_4?}_r<}q!Z@ivg{o?NS zt2hm=NyAyk!?cN@LL;ZDut;1xdyQ!<(lM=nM& zV;vi5+=7oc9FWTU$g*iUMviII3T1$ZS{tAlfnNdgfXUiD4^kewHV5OdEyTzG0|)c4 zyBj)sAzw7-qtj&PR$m6b_z%=`*L`dL{t~ z{D618>s@@{10Nt?7-seA)qMQ2kJH|^gR{>*i!cn?wrv|qDLQv|5TWSm>>?BSpcZ^o_|4fe=V4>cOsdbyiUsdcs!m^O9QL8@$vJ3n0H`L!FEz27tuuWVwj7TU){76lf31h~ZKrRH15D2AFjwB5F*ge?AL(i|} z`SqJwyR(C#f={vR<3~XSvS>#ut}97-E}5DP_4W0%jvYhGn0h8Rk7B~8dL}e9GA@^9 zOk+KD=@c?lAY7Xi$VBxJD06k-ny>?uy5^k{nJGk^Zna@ z$R8hih%-(*ed+r?@V-MqXr*jv-ZTo%I}uvP7;zgVjqRxvwwf_>PwmBteB91dM$|&t zU@KySktmTnHDBuyg?osRPx+a4xULhqMhWiW`=Ak zrJz1TP?x5lG;Sfl?Jpn(ONouD!e;c5Riuk`!nLSK$HrRW$_VHvFh(fNIcOb+2qN^r z5PJJg*xd`oqCi6!D8isTcEiT?dc(%`+a^z(#HE-0)AXCZ{cmlnURe_?oVS4Yyyrdq z{`bHCU)vXFoNk(!}s5Re~keN1iJj}%i_EFVM@g^*Z#xV)HzKcJZ8+8 zLbf(bDPIIM%ab=PzC zRacoqZE)Bix|K#qOSOzq=sGfhOtk3`#Kyt);wG_E3y_YPJ!^Po^~?OjY42d|)|dI0 zU;K*aURg)h^KfJur7W0E#?_w0wE;_OV+uD46%*rIsS+K19U-J^ zg1@ZjaL8D{A-03odyzawqJ?1C54iB8qqzOSr|?SwcozDvb>b|UbR?BVM-dIRwd6}h zB4yh2LMwYLX%HUh03zQ2O%nsCC}BCcu3*8m35b+8;-gID(c+{fC?UP9>0WvgHt!%x zr(wZVV-OT-Xl#IkX2SF9AXkH!I~BcplK@z;@`aZ8{a*g1EBMAYuiKXZ>|5}Wk9>q5 z|ML&)!l*W=7OlYMx!is4Z~n*k z$C4#WIPJ94#Qpc*pF8oSQ&#-xPfyGbd_PU(!>Uc(@tt3>yQiP8f8;!7kDtK!(et87Gx_r6S8%|>{Sh8CHq=?i zH_(MLQK)bnBf_GTAQX`a9G1Q&laEuQWvu>SX;gToPFEnLBA3pxv8|o&{q7Ik`{?8B z?(Zj8lQzL!X;bwlxGP~`cYJ!{rnhGoZYkC4&3M7)< z{X@L8eWw9|VG~wiB$l<{&4v0@WIijUV7Qc2|8==qhK3EOGwn&58tMpiWT|D6QaFqs z4)D;68+qxO7oe>J(L0O|%6n@vRBm0z1mZm-6#R{={8>d{@6Xc3GsW0IlrDn*Q8MmS#(X>w&?;; z%Fc`{S%iq&f+H+wM+_k=|Bu03bvbArW4bN1HRj)j%SkV!x2MM|6bkPd7#RA8T+VC! z##g?+{a?O)Q}=t{`(Dn3_DU15^Y}nAo)4MvDGI0zCO`pWwk3U1l>dgT3_4abX2S3EvrY3|CyztUWp8m_z z35t6C`t|(&-rur(4la&#>^R=VkMbxTkn(Er zoXiODU-eBMsuH0JQDMaX)Al2iO|xp#cFKK2=KU&Vz|Q3|6wB1*vV7yx^EmCW1uEtJmvCPge&rN18zIxsY-Yj)Qip8bCtqWk^{aY;E%^QZPIWg|d~`t;|Q0 zJfoT}^}o7w)hI#i0VuGq%a08GrYCP6>WF0ih*ir&2m_pq+X^v?IHnJ&YW#z;{ASn4 zyABP()?J2apc1mUa2*$g>OcLo)3@Gt-+gZbIQ!glxc4{r{FmSDJ@@`*^pgKra>q}8 z_S3WC?_G4!CER}d571i6aji}1p3dHaGV>uRgh1D47<1GieDm`c@XU)Fx$~cINS^Q4 zcmJAm&pQ`@pZ@%3Ty)_@guaj7qg^ek{2LGg4wwbgC*tW4M+j0vkP_eujb}O4(tOnR zP*+G(BO0`O93wO+OT!b1n16(}(#9bg*SZ^wgqX+?BcZsJA78u3)~3p`PL!}lkZAgc z%Pd|rhhJWCDZ|CU(A-2UumklqSypatRXWuT#@rGFIBpcnS3JUu)@FiG5fRWkybDmA_1@3%;*-mg z-&0$cqiOUw(%CGI1BKxdQb>k|2N@n7W_WmbFE_{Q-GBn&n9obMjAGoe2XWr1$FZ}k zkF~pc=;|LLEc;|qX zJSH%SnbI21&5(6+q`g`MDF*%B6vF}Pyk@dqZ9;9VP7DDG{vgGu&${zDc#dG(?k=8M zy@@ARZD8Y$PKw1Mxon!F_n*o6Cmz9^{hEoC!gD2UyL))w^*>YW7e43Rc;mP9;>Ab)@%iVUJMl+%-cfbR#Jw6Jm_7+{?1AWs<4oYv!gyBLAf|Oi zu2S3CA88LVrrjr`n@C$~QC;O$1OE1Mj3ga@VG@Z^^^gmozW{zA5nxTUvejFdUMBd2 zs_G*F8wp5D^yINHt^vKfANq%ljIaeXX(16&XoncDC!eaVb6zYq3#ibC zdGxD0VOOUhjEu`1qT#;#?mNJBUHzW-o^{tfzy8gK;^+L@bzkSIE3W)cz12JK{P~hc zAAaa?fZ4NWvwr=0ZomBpagbJy;}n%rqOoz5?(gqMYpoe9i=Ic9a&b>Dt@EbC*ak%R z02)~G-~&klu>ZXIxQ;`R#8`WXX*GgdEn3E)Cyq7pua*jCY*`JMDl#X&nep0l(p2PT zZtYmz^;i!;3fH3c6-qd!dk}%vE>cD)?Ywq&9)n0@8DJ{j@XF4mwbh3=bA8JULEMmR1i4EX#n@5l9h-hKE%JXz?cx4W-uB37*k_XgWCG(bIFEG93$ zp`n3A3l~)$u8=;_XK*Ui#Euo;^H2^y-`LkP~8>u6HGGRmDgvICU>8gey!kBIyTT4V_uB#LpKM0xB+{8yGj_0B?k49*t zC6TR35k(Q@Qb;*6PJe!&nA+ORBR744Ykzbf|MC0_NCaQF3J2hhU9wSEE$ zg(D{E{xtgR^UgY=Wn9bYTeohzG@s9p z%-p3g8ECE+rnSH!b4?363T(A46BRQs^L~+Xjf7>|LpUBuKQXN^Ne=o&OQ0gNa~CBtXrXO(mS zV!;tzg&tHDbvP|dDlLUcFxt8di=bE<@oJ||o4P#;{I6_p+wl{CS#xHyVcnY>4Sn&8 zU*v`xZlJy{_vGNv@G*-QAAb0=&px;G^&WrbJI`ocyMEKkEn7A=M`2`ecaDTP(?Eo< zW-9;_#!sMqhoJ!W5A-v2>U0MCdd=IKGs%30-F*-laGD-J7N#|Wo3b62$aVmXW{~Ls zNL*oE;e<+rcBQaf^rVR&bF^b^`v{>OOgdqup=E_0S4s3lm7t8JdtvkdqSzwZb_imM zcohEudJAPf{hpKf(g)tj;80;i2frqr;_hc&;uGKb1#@RlWbsi4^7GZ}2x4|h3}~$0 z3$N1waCh{f2FvKR8_=sZ*e>5O7xfdVffVnd$`ymCt4=C~6ORw;r z<1a!5Q36sqkI!#t|pC(B;`3cR*#`;aEJ{%x>?=U!Ao1(*wHgY-$0Ra5Llf72m&K@ z>iUPt&*#uCM_3EifjjH$>?9l-j4tpt= zhAo{lKspAX8Fy?X6)_~s{{ty;l))ch4TrMX47+>!K}wn$Y8fn)>~z$4BSdz@f)@;Nl zUx4m@cyWU{D?rblJzMk?`@KWw9UMOJ;F5hEfdALlrI%jJZMXdpfKyLB_0#8`f6lo> zgZaa|J72C2wSr9Ah}ATYhL$nr?_(Pg^);418=rorYS9_b$lazqwCg0THyzKZlG*nj zRleS1&R(4eRLg`WjRKMUUTrHO(U5~sp+i6Mg4g0L%q!zcQ0fs72Lo=bn%k<#gq*rG z4UQiXYHjB6b~QCMF=N{F>A1`d)!Ky9oY~IyJ zQAN~v4z45VFO+z0?Piv)-C|t+>at938pHJQqd8#81ZGcdVZSkTMtk4)@xx&3{Gb(uY?ApP2!DFSjiQ*f07^v+IHu?%mU4K*1<1x*RW?q2lMt6|P$nA!qU z$3t&FV$NiAM-OPt`t|EM{nXQcv*f`gXT4R&=RPICw_tt!+OGj{+igGOny+4cQ6`n{ zedLixZ|LmkKD=BilVF|d>tOy=IQBrqiHF1Shrpq8P4!=&FgdSs2rZ9yb~q z>J9SObt;FXuE?N{jQFq9aEop9;(n^Es%(T9krY&90R-B$x&m=KHqj3dZ&C1%84Yse z->qQG$bYLCt?0%K%xs2_R>DL~`W1Zbimf2LaS& zp*ELvkz_0tttzfN3Zqh22n0$*%x@j$q`3o}yr7Hy8h!c#fgcKrp`;i%D9b(9S|#I# z2x;2>#y-l7Z(^=~g7LJBo}O76NefKU~A2g$tY8+uQH_$1nZUzZbk>ozg)hltY8sB<9FNV9C*l zg-611huYv&8>OU%hY|=U0_h~Q)0_X`6Z^)R~&Q(sfo1TfWBw1$aEPze=a zsz-vRLP;x&j%d&UM52f}(-9}lgT@R(mih=Xw&JxgMnr}u^n-c-&9?z-z98-$gj zI93HDlOe5cdYh$~DPu*Igf5%NSi>Dnpf$%%^7+O&Lwx>>9G4wmWOj$5sA1uhEFV7k zWiC5@3v;_hZO9I!RjSjH0ErX|EeTurVLP{6Tvz0TwHBd4kSXVKC97wpZOhuW{QdAb zHaXE+Ahcv$D_SyXT9b8F0H_pjq+&2%s~Mo9s{;@mdg!5*nf<1hs0PsrA?VvXP`*DAOT4~0voWMnwha{O2+~-WChA&M z(4gd`Sz0zSlx+@2f7)o2()h~5NX=nA?R@t9lljdR@8)|Szku_OnL%wVhNlc#*%q_o zI7FpHN<-1}xOc@m{^ke2p?_qISX59@*)Vr9WyHMIF;NH|SP9=ysm}?4&L#K4zzOxe zthFCXfN>m*wm;I8)IvqL{fSEA7j}t^w#h~`5@G$$e%8Lc16;SdojCC`7v&GDVk(wN zP7JE!Iasj?vSYUErK_aYNAifiL4;$#GsvD63(f|S&*se8XP@1B#~pX@u6Moj%>>|o z;_C6N|vHa<}~ z@UQKtRspgVyNE?$Mmuyj+Ac~d2{7!}+BFAKzRGRs{qK_%{enP2rWTHy1BXwyw?qGd zzz@v-{mH*y-`d)`Y{?m?UjVT1~nP2|$S6=mOFS_Vr zzW@F2uH3S9b4No%!?zlmTPF-!S3L7HfeIKIAEkeIsPe>!i}00ggHCM=ooe(1%UxqM zQo{v@X}+-7r?s(`K-BS@=j!?8@)j;W8s2|$of2J^sYgB$wx=Csz`2V)#K0Uxhd#LY;pNn!qA-j4UUe%2;R668uIg5z0r~A2?Mu#wxTi zmm#IpgqMA3bXQ6AMd%hTx%xv*m2PtPW`Y6tndI-q=4u60|f)EZGjX)xoTv6t80d03ZNKL_t(` z$Rt4N31FmB)m(mijG3r?P@Pm@tVC!mVmAm0Mg=yZ>uiMuhuTq(^&1y}+0)l|#ENI0 zz4fFMPG0uNV-HXGv*(_7Zg*2l^W{~q+U(x7t6}~6^_eey>6%wPU^ja+J=Y6Soy*#wrt#t3POV=*MV3J9pXu7&Omn~LW_wPMPN8)vgX~# zNR(4c!bx)f#u&?9mVD-Pmw8eh9LEYnVMxUyJh!cve_Q$p zqAtZ(FFqYFP&~1HkEM3KY792}UGDaG#tVV9-p%DhuLMCllcuwy1AxVg7ngs-iWRFE z&JN;6BIV0xC|4!=Bj1QEx}v@72uXc1VJGer8i^ugfK*{!N}V53mH-NQ^MXKW#)}2A zg(6LvTHblme7^p^v-$4FFXYnGj-jvB-qLkW$LI+U1}B;rvr$pqcA>ye_KO_VS$}&w_3!4mx3Fbzno{c@H zT(Q7oD>tKE^Xj3oBm-S42#kPa%y!E5-}?$hcy1%?=mRNmf}jM8wI)?Ee2twgwh$2r zN6MBfzxc&Z1HAwJ?|(A^_@8oI`1Xs-w>vvK&8Cf;uIcOF7ed4lB%&~XCi1A+=mm$u z5mTWtWd&@Mwq;K|0Zk3i+-Siij$7Gt-fu);=uSgMiT(3XpExPJh$OxZd>*ucR#(F$5wA)LhK}168 zo}OTnH}Qh2Zb!dTTl&?aV0CMI0yD7UsD%?Mqxl{pSHNU*HW0{?cYwW()(4=YE3&|5 zB1KA6FRX*DsXwN#`Z{#~4I!wg(z3N?NhJVds4OvYSS8{17+X*cpTzUOeS6yKrsrK+zQ12_Ksk*;ez>brq(AI^99L>WaWV2>^YL7 zCPA*~5Oozwy9gD-jVLzs)p6spcJ_?Kh)P38Q<_=b9X#^GK zL6%`Sa=R?FHbrTbFX) z+2@qC@`uN>RTz%3H!K^rwg!fXtQ55NE?t&Yp6Cj=UlpvBwek%e{w8z=w6!7j4LC(j zO)Sa>&pev*PMFK@9(jSA9$!iS@F-8Ld5QNdJO)RAALNNfW2I(2LEr%nwUHQiKfjiL zy#8+bN5{z*eY6lngdiG=kc`J@t4lF&atHIKbuzQ7h3V}rBwUGbLahoFSOBT6rgWOJ zf@DM*p5MHSzL8uA9(c9AsCw_UpjG1th(|5;*BCu>#*D8hr3O~7Ui~klqoW3;V9iz` zjK)mrD0?52O{;{k>#J`c1j_8(wQI`He)_W+z=k&yfWP9SzOkO6fgu*1vhWkjpMCmW zcl`dgc_BMr;z($&hpAmKsSVodG0ho-QkbH(<0TQZRcAC-QCrjcpb6)J@$t`Sx10Ui z)m4(XqErco35dz%VLXos{Ib+QiE?8fs;H<*>w|PD#6%FC+0Uirfa?4WZf%$Ax1#}E0bBO~=-s>fb^zl1 z^Uvk>+wb_3-iCE+*7BbBy_f5L_@m2#%h#@1`}Fo5JC6wsrXU?AqO}Q20VGtGR0gKB zgRc-nInJEpP*eiPkpvD*YgHWH6UReiVh*ln(e3e=WZBD6zHw)SNCc9uVKi6Z>_ZRd z(j_PJ)Y{GXzHf2j6VF8fD3n#VlRA6o5PLyqDg+JBifBFcfj4(ej@d%Z|S8%b+Har05k; z%10GF1_wuQh4pGIvwIGbfR(G}(tR>?+r)wem9|NMV+_Wz20RWDEe!_6@R%VUaryYU zCveWuhj7#5FL2Kbo7md7k69hfctMUtBooStX|xH5xPpBnqkQ4#x6?mVq$wStv%Zen znh4264K=X{t}F3$z^1-^JiTQHLI~1{7+uZv%<61mPEQ+C+gs>rtR*5Nc!9!Ge#q_! zlXw>%eQ^`ox3|l@|AQt0RmGDCH8QkgnLjoumG|6p=czk)^({R6?DNvASFgNw`}Xbj zuC?0)**qLNwY(=<*0RDhWT3tl`iF(@`=o2rpP7BgVRt|D=)=LA3BX_3aq-0$bJI;X zF*GnlLsR2jD_5<2OWyi^TXE6a6k=+-6;GMej%cmJxDq@c6Ny-}j+!_)ZdHa|U7ec) zt9>E%3*7p(2hFk+K$UlTsBC6r$N|a~U@U8;E`>Sxps2(dst)|sM1+!MXo*?yDyd3Y zY0o%s?092>R`GuMlL(RfqKXoswFSW)+67zsESN`@X8u(k1SRK1DsPDh6vlDjkZx$N zhqc=*J*fIn8ksGivjr24MaAaLo4)z{iWP;+mS2+rPWi=xulxZ(1;LNX&xyxvQu)$e zgwb--rcLGpAGq{uKmYl!zW7?+ieLZ7_2t{U_w;^yUw{99mXnf(jO|v`#KNfSTEQe^ z?ERD4sF6G9Ohr*fARX)Umag$Z252LQsThG9L2B@|!|XPfLpv3#dlgYf;Az7llX{px zeG-RHpUhLMH{rUn${A84a0ra91pd;c7k-91qzS4}^)CpmfVFn;gu)n&)|$E*9sKy* z#msN1C+GVJAnHh#u2|2q7dLY1v9q~w!C~}`<+*3e4pgbrBV~A zd&<5J6+k{8E>*+SNmEE?GT~TXuxQZ|T3TD#+t`PQ?#WE)X=UT?er9*J5~u)We5ACt-^M^9662;ds~PkQeCvbf z(A}D$Ig_S7nLxUhzA4MyIfc@Oyyw$DoTYbYlx+he+`Q~X_KxOB#vB&Up2n&3W-_C# z!H%H9F6^Gc0*|eI2^<~nLtz>BszAW1txyU?*>uRTZ*bTLSi1BNU%mJp?^qR!#lN*_ z)5b#p!^?ewqK}z3%VLC#viqMBFrypUKa2*mef!I&ZQimum_P3b@%+jc-jKoSn;3vU z^SJ4zoA}sAKXzGNL;c9$z`$FEhKI|cL{9EP96JYd$W%CDI`lMIGZP~rU2Et2siZ|# zWA@9m#X+L!ezzy^^IvNfY!i(#yRVc~xYBC-4-UcLC?c%LDzj}a*HmiI=L!A=4Vi3m*V#IvP3 zQb;1A0B)X0WR$2JM~DF71V~4qwIuGshmP}!M+Er*a9pOeHj|1ra=}SQQPc)MoZei~ljvw2{Ub$de#U}2RG|0qVLyru*-g#afAsggy{8q@$% zIy5vl^M^Z^a?wQ>F?;rGF1h4lMnkl}@B94bcfV(BJcnaouUAo!^nLZZuY&HLE|IKB z+N@U@9(!sP%h$bx=g9J8%QYI;NQ4v?dY)2q$kOV5=u#N^c z_V$I9aDXy_#U6y~&(n%$x9ntUM=S3;{b-Jw(L+abEy-Afm}3(FM@k$ikkTRQy40nT z%;;)i;o;Ny;NqkB-iI#WUq5&*7au>5+g7aOw5xy2Xf9x5;WJ%jM< zT2RHxcv1V%m_awy0SM3cIpXkn{u>qi-%J2r9z3$MkKNgVy;hB~2)94FmK;lnGlpbQAyC#EzUV>TR`N-@sz@eM?+d|<@or=KmNL1((iod#ZL<m1?Uf=O=;=TlbqHcc zH_Yfn^fZHTFsUS>sUFhFig`o{+$Sdr>`Z9!zmbD*s%G&;ANCDnM#su7d7?ae5KMIV zsiJ_Djdw~)d!gxyvf!XHt3la{S(N2tO_*Kls@L%sQV#qtZxGc((vs|ge6N+qvN ziPk@%%Tn%ugr+8Vfo=P*#!BYlbLqQ0O;#c4)fv2(GYmKjMCm<^gfq@_>aK!X3{&3}IdGxDa;=wO{ zmVdtNoh+U`o1%h1NrZ@?jV2P4?A$lRw{E_lw(d6Gv*>6F$|o=Z4{qIMt#^$DbxyGS zJ;*W=p>n2{hNxB~iaPWkFa-I$wW1E+LA4*QXMZSD{lvbBlHgrBc+{*OKqigWmx5xMwBHsKt+E` zR3!was!K5O3`@^bA@!}KEg*sVcm#yQx*fZTM%=QEvoHc91A0eB85|j>yQv;O2+$IA zC`@F^R6mIn4$@f6NEwi;wFM_ii3$wkd5^uLISy@a;Rhc)hh<;;J1#kK9zVS00iNHu z0}+c_{|WskV5`i;Zv-Nw{o3=cP1Vl($VWf=R)DX6{p)t#E*%kQwKx`w{UQ=^Y=dni zi+*}743B{0qLqS79i&rb$$&3h`MKx8T7tis0Q@%`Z-3jx6!KXT$=bI(`|OI_R;^rh zY#7NTDU0N0&ScEYF3hw}NT)D~gyrz3Q<#Wr(elO$Z-^=&nlNG_r~EHa(h4Chm2Y?q z21l%+g)C8dszhx{igu#f4mVT)EQG$}xjgvA@rOep)=y}VRE&FzTedbpHU%dJ%0195EQXCr168J?v^PYE-o-w67sT~;^dCPbH z`P;QiPCxCBp3&PbyqMK%HkhN1ocr7LYu6ox5XK_UKPnJU=U0JA1xj+hZjL|4G5x^Evp_`{<%(TZ1uA#c3##$UZ&SM!g4bREW+ zM15U-SNQ^sxbzkBXl-=?gjV5rN=y_JoxlbV;a(E5M2rqO_%^v0LLZPtI|SwSfe{8} z46$g0#<9eas}lz1s5eo(*|#jb%d_Kl7+qqUhp2VtktCe%V0wAA4k%~Ux(gILBDng&nt$ZGUuYK)nulw%y zCJ6A49J6Q7=65&W#F=ND*?-Ty_cZ3qp-~7r8ZDYLRRh!8p)O?=)Y7$>SS&>IPi*aL z#fZ8D%xlZ~yPBA?OomflQ?G?N1S`qT!ir4o0&U>F!i6;?hE%V0Wsub+bYs zVo{_~%xrIAc0-1#4Rv&<;v}PS8j^8pgrvrGNQ95e8O2DUh|w;id5^t?JiErn*gQ1G z+I>Up7#$;<4(QnP&z$Mcr% z8*JSz00xJK4DjCeu1W8kJ$Lrv z`|n!%P&5)Hhoy!E3UXeNv*sPi`R{)l*I)59P*xuJxD$@w@xXoezv@Z<-Df|;_rLoC z-v8dqzH{TvzkRy|V~i1|vk}>lLATXgfNEeS(84e-$Or}pv?3k%m|o*E?nBJA&S-%f z#Ss<+Xf$Z0F&YBp;Zr1Te0B{<2%sh=hzf~g48Czm*EH~nb5G{)|MdofXp9QDRPQIW z6DEt*_*0|EBqO#O#~`$|jztSZXbzM2vc#h}-i zliEboR&+Xo5kb|px8Hh0lnt?BMMGUyqoqJ7fv<{?%};pQCRJnI;OaA0g4k%pBrvfE zY}k$jv^L!J%nI zU>t1>t9S0k^E_sCHB;~{FjN?W2yLY8gwB*D%Qe=Dx@=KiRwf0sLgJuAs0`=@_}bt^ zB8Z%CN1w*AUy=J=a~!z&l&Q{+1p!7P7U*3>6bc1)Y}tN*h(n=Z@f~~i^!@!YM;|}w zx#ypLyHW~SD4-hv$kD5J}m0HZ@kFB8~}Kq(ZOfn1Sw`-WKAH^`$q zwzF|yl<}O$nDVTrb|jpgNJx#D~ zC#0gVWiPDSU?o8tY7v=K=o02)B2|h>x-#xC+Ttg~Vbd`Ub+G;=7|#oU-kmR-p@F>* zPM$pZl)-_4^5x=bB zq&8AR*2M9HDB3Xy-%f6g5g0tQal$riK-3f%DEK_PJq>7LP83`x1cz#To#33K=kndw z2k9LewtnhH+ls16lf7(7T}>(VVN!EFfwDUBGGurgX{BLvY7}EUhH?Sly6qvdxja|B z`wZIaGi37xc8z7Zb>j|jWLP=680lAJmy8Mn4wW%hs3IghLu$MjKGcr&bf95;yb?fS z5jb|XO|13~pf|jPkS=EK4CItf^tL_dq6hgR(v#>2h`3v>GxrYky>9#2s#UARk|m4V z$H&6g7f({#)ymmN&Z4`qp6l0a;}`!7xdHsx76`(cP|e|F9Kf|@w`!_6JgW#y%3AjR+~a8n>aZ_ zqP0fKa8yCXtDq#wpp8PB@Ownq&2TDUW+MoMCKHQr%+xOKUA_w9QEMk2vZTx_77hZ<7T+U{ID>exH0J=LN zlSUNw;dwrrU*6V!-$VDir=NOS@MZ$=1|Rc}I+EvCJjY2VpLFSyPdxSQ&6_t@Qos5% zV&)`FTO+h(psNLHQ?_O2I95cXzRhw=_#V5mI9OAOxv7G$m^|yrqG;Z7m$x+Q`iMG+mht z4e=;ne*76k5OD1&M`L6JAsf-cwXvegC`Vv0jv<2B4=ZC?+S(Y90aAH1)_5$MRLiN8 zy7X0-Cdvng zKg*;bok9$a!mP=NbQ(6ijM=<1YzaD$h(julsHwr!ro!7%jO&KU9@gTyt;rfaZQhC4 zwHKq5DCF~c+qP|wQpHLpUtq`B2#1>j-RTy-{gp59q4VBn!JDABZri#J5Dg7=3=UQ( zWbc0WCH(WZzRS12^X*w*`NwPj-{{!rbiimK1v9#A#WAb1s{2zdhGO5(X|Z9>YuHS4 zR5Pkt88M+xkT5m`gu+mSI4Wg|XyxO&Me@ZwKYlb$agT&O001BWNkl3IU;FCQ0%vz3^H-+~uoXc ztQ(;taFq=&1+M@jRmMu)t&mB=OS|C3mk`RgzrMH6GKCs5u)81fMYQ%oyO?OD8#ekn zQUO2qv5(efGMVf8`}f%&bYz$@V+!3(bu_1j8L5huI84w7!x%c!_3RrPW8Zj=j!ZLoFH3+xctuvf zw3DeV^`ujARFzYp6ccp{su>6}G%?d66#dfLY7>+w$y%bMO~xHp(weC$8=skKiS-Gx z;Ro9+Dq=w8{XP1ph1BO?c!rZtJXzfLz`aW@zWCy=KJ?(jA0HUp*8mt+Z4vkiI-4+i z_kn?~uI~5#>kqH{6>#613BVh8G&VPh=T|&ujyQ7u#uZPmn5MNV4X1^e+KK6D!!*>w zj8155wCa71GhsGns)LYtZBfWb5P=5+L(FWbC!KJ4abT2U;FqxiCK9z(MZ~pjN;jn3 zg-B9DNBLMaU!ug%$xi@QIir%{30E zPL8v1N;_jkkDa4=zWwA19@??nGATr8@r45-n5Z34YCrx(fRy3ia~;IwX3XfA#RGIS zLR|u}@+Hi`kR6@)Ss2Y?#DJ}4BM!!OEDf}-7Sc5q2at#$QYp;5S(wfy#EY9T<9S&z zeFzV)$fiAeV6I}!ALG(R3%U72?_%i>e+eLW?AU3Vn(Dv1Z{N^o-}~P8asBoG!GhzD z<2S##kxzg6lV862s;e(67K%NkZO+V|4Bc(WDedTZ1fg}6RD!8c0Ug7`BU9N@XyoFC zRV=6*Kx!x`gDVu$L=b_4kParKdiusE>E_upTI5F$#8}-Mv#OYWsHP~bT&odwjvkRU zoU>pq|M}1}3@I<1l!^WER+U2=2z**v>gZ{0zzYzf1Gq&aMRkY{OI;a zAra*tE;7`_xRnK&31lU>dxpO6nLtn9CkSygex&aSwuXF@k@$d0vR$uG*HZr zTP=-JHs0QX7|X+!ofzeZkTC;U4`~D{75dHxL0O~2L}Ov1p~)8tugfKS;oC0Y)|-Dn zDrKpJ7s6?8;nexFXsL~p_W~MfqP%U^G#=m4%Qv5Sj-%RIIe&ULX(!HzR|pN9j8$&b zww10+P}cCww6NF!9Ri4@z@qD=_17q)eL`=Cns@})aoE;Bz@)|=26N-M61ESHvg+kt zPCa}U^|f)bXmwl}>=#s^y$@<8m&p(`a3>VCt$6&s|=7CtD1t0MG zU;`o0m~;)IDGhrDZSs~#VUC>*FRX{&eHDC#vFr$x)ekV^dDyeBvVqmrVj5}@^=V9f z22MN@)^C9wd&--WFklKE8~X;V^1YGxLBN+U|2R+G`xrwTw%TEmkstolr#|z*4}bWB zJ2UllEPrYlCoeqZ$3OYWPd`?))H56W=S_jm4rEUox*;8c8bi@0Z6wZw@D0Kd zNL89VNsgR0otZstEZ^`_NU1Va60;MpFk`Hp>ij8PwACdU%|lHjq^D|#8iSEVR_+_( zZ*IC9M#i{!;R24F(vI&JiMVl=?doIO-T`nUVeY7GS51rZ=)-R1vLgDkaW|&1)&};# zG8{@Md0!axz*uEefgS6akx>}SQ&NerNtLxgwt65Hu$&>(o{+*OzOU19>&?ICob%2e zzw-}E?G@ZyPpZ9@bB>;cQo`!x>i}sSPMg}viJh(d`^xov_>RXoeOd?SOzokeCV|$5 zLSQujm9$BsV?vJxX$^vu(zp%;%63eo)L|Pw6j>@ya14$#_`XN~NFJ?yg1{qLZ(=?6_q5S-SD>cjxe?Z0JumZuI-!d9L@6M=hyMjj-3#R zgxw5X5m+;ZSFYl!gxd(|(8eI5<Cbu` zM~o>}}JPteLP_Di9THbldCCC5% z)?2S1=--zXr3)*Q6k_%aOj8EY)_|GbWkG(fW7W~r{#xNx!T&V@(LzBSU%}WIGn(p| z-#!W9)XM?*Z$?4AxTojZ%uCU;O5cNzB$o)WljigYxEj3mlK1*3~R_0m>u-@2Xa&p#C@ zBP3&ub_S>gM%o$g!P;XJsY4YmajBatWN11Pn(9~tvLGHw(l@?`&))wmx2#x4B2~jj zjys$y7R+I9F3&fYy~rb5wlm@dA;V5q^w<%987+m085?Fw2MlDbkcaT?ym;O$`#qCZTYx*4ELwQ%9e3S*%9Bq#^)VIr7UJZ%!p!V~u1;ug zLU%XX>n`jN8Bw8umM6W!V1iKjPH0vPPhrJaH#6gd996rQj<`q0Rk#Mm#>d&USM$V6 zF}CcC*bY^s2r3FvS!F?`FcD$tamL!eXklosZQ|_X4(Hi5TTszZ=s@cOakAw~RB*vb zN0BcER(i@fD4}q1@yWAme26bS@FaR?KlSM}?^$#>fe97rjOLaNTPX+`23}p|Wl`GT zO{EJV9Zar(EELgW4zy`XVnIgOPJkC^%-H_={Q=T96^dI&E5>z^oy};WE8_yksp!H7 zL0J;~pj!N|@wnuYOStjI8@cbE`;uiz%%%*-A31}=I$IdY7Q$LyAVh%YNnGjhh2!S2 zZFrR5ZFq@K-TNeyG8yKyW|&={raqY@6>*5W4vqxZSXEPrK}GDiBpR^+-_tHq`(bxL zlqYN27;57&V$mr5BV!n>1E6bM9$&K^q-NgKPJC5D`|pp-o#<5{jaB8;vP90YfKVe1 zIX~c~@o|=K-@`qdw)5!j-K3<%_53PvwXmn5UuA52P$aTVJWZ_90cdY)JL8LAxbl0z z&>#DJx?0+C93hl4nVOoKtw84q$DeTN{SVy#+Y?SWK|J~7lLmNQga4Ze0MOLZEY_}H zXAYk;_g^1=_~B2KDkKAfu2z`djj2z;^e#+K8zL6B!A7faJ}AmrK2BKa1^F*e z&BjSpFZz|%ztYw@ue~0&@4+|@!YHfPfB1~5Bp}3GB@$vSMy_Y?sLv*E+mUpfde|PC6+IXx zM0nc?$MXH(-px=h7h0@RRc%!9a!qD7lc)<35{_L z#bObL$0uGV!{eCR+7K`iUCmoLwk2<8Jixx6e!-Ux_^|U8zP$e-bQRxgyX>D-} zL4X(JafM-|P~iU68)o^2Dpcp8243DvT-!LnC_wa1r z0DajawF0Kp*YbrEj^>N+v(w*p(Ob{HHVHc0pdk%&ry`mgtg5Zn6_Y+kSk$Kj427Kf-GeqUm_Oa>Jik)#H&rw@ z8ER^eje{3Z6OC}$5l0de4n=IRb*dVmDx6ORHXX1Pxs#wJnWipg+h{Lr-$ObU<~@Ua|Gg)YjMou$lc52S zMi>Vnby+Q~S}wFC{4r4+#8{z`((2a$%2I-aAQjQvxOzF4-}MB0_6>06;WPODnWrx_|lWlGB8?%gh417N((zxJ_(kNFN2^sx_-7_4W0a_mCxv7G3}Q+i&|pB9XWY#SV)Gu?qP z0?#OV>KnQ0n$PjU=PrY>oG2Cx2Dp6V#*JkppJ{1;LnmAC;$mua0?GSZqkkUm8t7V__M$kfl(j+1d4{qDR*B@ODu44gjndE_96{YLl ztHE@)Vzh@5QG}6YIp{*5nbpzF;`xVh^ZidDQf`=RyI}>WO5*D{I^Z2=9!Eneg*Fax zH%W~!i8dU;0 zoJSWt#8?h9t;e?aMcDR6Q7jfp^u0=j*gJsfY_lwY(Q(A!2L6}pA zmd*%#6%cqnj<8sQ+E|QxUfjS?{}9I>GKJQe4xU7E{afLa0He`~B);c(1CMI2DXM#GsGNfZccAk&ewhOa$H_mV#mCZv# zE#}Ol?HpdI11rvI8QxM=YFtDwT^BL6ww7@fArVOuag#)a6H@dl++7>ILu_w2>s`BN2j6(~89sjO ze2(kr#K@Y8BAyVT>YqgJCt13GBCvn!(uk6Rmn9DgDM&en?=OFV%a=X^20pRySiW`I zTX39OipmT9!66<^5sAbZ%k9JUhB$9-4@Y&i@QJ%0=Y`$97CEg2;D?CxP>oNzD5LB~ zZscq00=!Ziu$)7L0W=oDG^b(rfW;>u?1)Gkm_OZq)VubgjbdAA4WoO9ShZ~@ z$MwucN(ZS0c|XqwmYl|KKlK6b`Nnl6#~l0O-3UzWgvo7CQv-)}LbApN|I$fnLmW71 z(p>UhAsp9ea>W4<4yjmu_*rWFAi!4{YT}Ldc@dZ0*}#J5N_YoR4f$rGPKB_ob0w@_ zcGyJ6K_iueB*uGAJ&v32eFS4-fMdmm+yGSACie==I$|d8UvfOk_#`7~94Cp;0m+EV z>ODL7-G+^{j{EfW4fCmYoW`uK7KXBUgkxC(w{LjKg1uaMpc`d1t3=vP6?qR`D8T4A zCRem(Sx(fhg;3lk7#V|tKd}QgG>-6!Fu4O(Z??&Ht}yW;OGKfg5$y;V9D~8pu)i(E zz4zSHcGg*Eao1gU{aO3n;?qv$!TTR#<@2i|<-eCnao+LsiN*xkaZ{174y$%YI$&Je zl?gi{<;x`ucnLQ`cb&sz0fIWBG8%ef1V|z%qp)d(AyAN2eyGx??ayU^5Ha#zK%wB_ zl=dJg`NQ)YATS&TBXwbVz}(m8B>P@U+HtBqHz`&gQG=rsWd_%=`ay zjyF2^!~a4hz?m~=^62;K0C z-U!z|zMQt&B%eF(aC}{ZBNLeYXgpHB`fPHde5fcZbcv8c2Fwe8d=JJEiWo=l3{-+2ZfJ9-{9x=Qz;T=xc6 zkxfUjN#5%O5STFj3)u(F^&u6sES7FfP?W&TnF37>rT4`Q4Gmp*%rVD&=Y1DmBCPLu z<#^A#-p&90*-!6!U}@wU|-jY4w+9Df+ho&=rEaP(AUGJyyx9u8KPTC#R%FX#fk2=H|g6;?x@D&hqJ zzET7V0v!+-jZz9fupOh`Y|f(lr3kCZlA~I+K1ImjQ1-(Klq%m{QeRaPyg+dB+}U*W z^gu2M^<=`Y#$a+eI$G-Zw@+R|Q#6Vs!MHb$z{7PV1NkhM-*XS=c6ac^GwW%e)WqMM zbt1W(hcuF?bl5aB%HuoxO3H1op5z&ei!kGPo7DFWLpE<^w2igG6++-Eg&sVJeXsAs z&VJ0KHcU(XfonM;VQMF$w$@(1>&pCbF=g_U9l)O*`~e=k{~@mV@>Q)y5HE{vb~dx* zh?(RIUe(JnR-i~YmH9fMzsG)G1qQ7ZN*PObQHJrrXT&QqQq&9;^NbZdhWvoMwgykG zbco6bE)ruLTopy2QN|#P0mcPKIt+}A^6(2=h$UkznAVN!Ml8loD{u@6*C8H_(NGg* zPIDb+OzPk*(F@9VtB!~Ns}g{Qx<)o`+{m0cbFO%C&5L)eU%w$$ZcKJIBj!#+ zwA91AsmLQ{+6`3MV5K9DRepPRE#|H#5NoztvyW&L>Bj6H=QxPQ4EV|h(^o`~%E~O$ zE5OhYc#2dk%1_QdljdX#zUSE%ne*xnRfghxR+_@8#h$pA;tZl)d&{uKT*LD>A$I z!%RK&FbbknE}DQRH?HANYc_H9aR*YL%;0(T_TDJJr{P`x>q61X-z!X5@q`EXT>j8~ zeEq?vncULMPtQ1x&mV9&u}%_*fU+<#)}qunCmQ?Cq*q5%ZVbpQkrG^S_&$7h!6CF| z(ss>ERF1e78evu4^xI`Rq<1RHghIHT?Rnp^Lf2-!-mg}nlkpF z?|tuk!+!M5zqw`DpU*t~jN-a=>z@(Qeja^!UR<`8-r@j4N49&D6oV2|+DCHv#UF*a z(_o(&#(Ze%c$hX0CXY7z(e_MNZ5;%-l9gS33`Kc7>*OdD2$?prs9IawRb3UAL>cH5 zK~f|P0#GbKsQ`WnN+py0Ooo7{?7c48Rq%=9lC3|=EN#R3kK>3DxmJ#uHx>MX;S%J1 z7%ITv5c6kE8-+3#KOcErAW@44?guIsj;0ncUjj0ucu zZ6J;XN*E3Ogqy;X2?MDU6AP=cVbg@UhwVL8c>~oVPpcRgg<%i~w3IZY61=o|8~=Id zLww@KyZGG`i&0vmL~J)a9J&UF2t%LxR1(*9cw*HCy1V;nXv%QF)GbB2bzjiV4DqAc~0W>yTQagftslcH~(mBNj?NeT9M@16ik3 zYHfh^>+1%}@yT)QS~e)9h@$8pIw$@=GXn6uBt3oIw6(NCXCFbk`*(L>Uy3@&V^zR*FF0Z$4(i;5u?YVMZF1t!g_64agTCAAaGt+@~=f2 zQceQlmN@_JyZF^p&vW3^vHa{k3z*tIg&@`l9a^n#0}MNrRUb1BDUT5xA!$grQH&bs zFK%VQMMZ z8|i55K#&A9u9gf$Mb16yNPhG3au#jaXpw-V8Gn>L1!5!CL#(R%)Ujsu)*bW|hG@@a zOo=KKjudOK}ZmX z;D>A*93WH*C6yVk4cj_YgxckV1NP&;ANU)G&6$ShC1`JGV&=G!oOk?@wB)jAksys( zGs`$RTwUbZtp#Q@yUfqkbIG5c;=uXSIePX)3Soejf{Y{CJlM}2D>mABt*(;)UPbgp z1Nbo_UqTP$jrT?Dpz}q9QkC`Hpja}R5P)=~o<4nsSi5E&K~RFhBCJ@Cm^Tf*&vfW+ zHRrOS&Jf3<0A5;K=8BlRD^?eO``cG9`}C(j&9&EF`<71X@|TtuqQEAjRFYZKr;tjx z1VKc?O;Vp}C+Vb6N)g6I@H4P7u?8uG>%goD=#F-1 z%E5uN5ZM$u)>SvKo+0#KUqo#0V#?&{{MUsa=ji$SGV+`gDFhKDtUReu(AI?T5@yDy zYZ6U)=3j2R90@~t=x0unLx92*A9NU zcsc3%6sJv_h)@#8^N`wF`<6vH?wJL!001BWNkl(zNXNZ5gEWlHB2&)B<_JjtM|6C>if#Tn zD8e|#v1Tu>aP9on>`FTblvaj&5gXR9z!XSnFG127Pj7xFbK70+JnI-fc-KPKcA6r< zE?AlYziTDaa<02sBAY(vho25!0T{koH_$A!*O05kMg-8T(d?YBfzBggHJ<4VF%AfzVaxcqea28u&PNZSGchgbMb)E0@3Kn|2pVTkCTkd0q#Y> zh~kJ+&_gLK5JY*jj%?z0ENQqbifBo`!ZCaJ8XB_o{QRM(x#=&@^7}7-nDMO*c*0?H zV;w(zXc4C#ybn!D2N#Ezw{#;sj|pv!tlr+s^Dl1!5%YmV=i_MC5mL5MM zDYTLORk2N^Rb{Lyj9t~G&j&qx>&X{5dD=MUwzZRUTTogVh)|iNt1W@BoCNo@i(45f zVC;{}-{UzhJ*5FIx#xBsSh1Q9AGjY^z58ey(`^KCY%F7uxHjnvA&vW78MPM@8EcfI zh&4D$0Np?$zoLXTPJ6;(M0N}VrB22-xZHjA0?xnZQJ&en!zw27N?TV^1JUnJ0(-q9 zfHFFwl@Sur8pgE1vLW!KAs-6Yu5>8~1++9GW{yR#*nj|$FBO{R&YQb%$@5E&-IHj@ z!iSCe=j6!~owaK>n7`~B;`T?L2l3kV)C1N@|HD%c%M~ zMl}G0NF5MFc{&RN_$nspcqmK|*A{XPRKTpJ7Op$xB$5fAp&+tFta;f|K_tO7dyqIz zf+x20Fuhsv$dXPT``b$#w9j-7n=!$N+(?CkpsQHq*UQ&Hs^U(|IfF z2*2+V7F|-IhBep2zSE(j4Q7ltkep`(b3_@!S-b-A)KcDm=uzD9jqmcwlio`< zlR;_CfByP_FF&;V_XR!ORM$KM22Atd;bf&7PtAdIMY6I^xNyZFXo2OvZP zLME*qwUuD4$dap95cbN>R|v_@fnNT&YArZ|56_uKG1L|3T2XVAjUKkFo>^_Q^flm# zL4LYq8Ebla`RxAl$t9Z&VP2a=PKCrLYd8R^@;<9>VCBj{pro}!MUe6wx(l6Lc=zo* zuxbNWEjXNOPB@PGbSq(87Cdn*${}&IFivAiRy38QWm*d*aV)&<2#M4h6%`2Mewxxr zk}^SKGQo8V4&$gvV=A_+Em_)OxLAmS zP{a5R#Hd#D6Jo{7t5zQ|d*-ZtU+dY;zn5c-clIh zNsnA2LB{j&c<|9tO|l-;O_+x@594K1#YS4{zGR&c4B_u76n-S68p6D4R`{ zCAISbx)6dNAPQErM`ILxm&wloEC*Sz<>u)~w^wZvQ@&|b6;e{i6dV8A72eENv8_jhY zv~WFnbjI3+E95j;H>K!LUg8EboExFM&=f=>G89^plk1IU`!7E+ilO_|A`<`FP zn3g)mwl{Lc?;hY^e|jfUNb*IWhD?&ih73AZ^bX}&yM719&zXde=J!v(2tmjv7aW4? zc<9(%d4)g?9A6-iHqZ&Xwrb}42IW-3Bzd7FN{EWRv9?A|VH~k$N0&j9gg}=^ zg~QOn|LOJ@d+;AIzloygEo}k3g8;mR$4f80#KDIgy!XOKAG&w@_U#swL@=@yW=@1$ z3g%9N@z#@DDR87g03Kh0+`5bJT=+@OJ^Dm6A;nUOhNeb-cK;t)zitg=Glm<03Ho}k z@kSFMimQYYjgdc%1iCP2VPRt;GP=2epPYCkhmD_(B!iHSowHM!t?hBXZujZS+1(}N z;q_}-zO9?79qk-6x|M<0uHR@?RX5XiVq1ahG)fvau7l62uI*g?=rde?)VrA8)`1c^ z5CKw{?o8SwU%SgM%DMr%>2bT%W#j~##S&aUkj06RYW*-!D&k6y&}*Z=HoiG@42 z?NXuPD+!WG8k!qv%BDygm%yIdwY9x%?dmlzY~QxMOp+FiZb$4r8Jcp){imDcUvZK%201*w z1b6!`e(~k6bKyy+6DhMklBvrwSj_X|yKf^(C9JW8Fyx)ltuU?~VLMsM%3)F<^8s}2 zLi80tDP*8HX4*I&KJQG9ojey;)*~EU4S=d_TPbbluPZlTEKCAcTAAN#2;)4zUA_jQ znA4|E1Sbh`NE}DRQB)1y6}{?;R5}`gtDq1LaLqGInB3OP1@mVUi!82n^TNi$DrZ2~ z!2Y@h;jqn(RzzA+5+&jwAQnCw`c`q$Z|-F6u3m0C=M+xcYd>7Cj!=gnm6_+&YWeSp zGFh41OCt&+L-NJ#^yW8l`|{Yx#u358k&ba&F_Ezd!|jB#=3RugebGIx(DfAzMdNvK7lJkBYBE(=PSRC^4IGL zM73OvO7IeUE)aGPz{8U+xz4LD$zeN4+mf!q$XLpwX#1DRO&3@m# z_In2aqL?p;l`B`gXUwRvWm&?vE%^iZVIa!uzvNQXHRY(!B=BU)c!s_RX4F|M;~V%JP)lT zN$GL_b1RrLdK7z4YUk^BJ_d2X1;-wQ>pFx&TU`MgUn+%PmB5T08ncPy(C-&c$3-@^!j$20mu8FcW~d@wOs$g zayE1hGOfLdOOM)z<0npLQezW!i4=|$l%gW84w=}LLS$@*S&J4ZD;)DGK~-C_q0pp7g8QFe!t={F za><$RX3EGB^cD-oJ6=l?4m`4PE1iYBG0iITbgb=h<=&u%6CecMP=JiBHFxjO@FLOo zp->{!F{ObaGZHYbFh1gtLx1<;3(r@+^|~MZc-VXR z7hkkSa&;LR8?z)Ff#;^HMml>u2ZlSL^{_*3k8%|<({{`wDh*4-_@*ZQkS_uyK6L1z z{Aow4v00ru8r|GzOdn!p-1A%qo?S*;caiJ9@D<)Ydmi0`dE1dl z8k?Hg(%H#(Z~YZPMQFylc~usa=;jwMtm2@ttsF9T3`(YP>>j&vB%Ughx)e$UL~%$Mmx!Vg zaU7%Yjq6sGYme5NwCj=geJ=Xb6SSq1T=$;CXilf;DHhRU2v78q^6JQVb+}H-$fDK~ z3~OSJv@1M9`Q-gBez$BXKY4a38;0_nF>NAO9epJGcZ{Ja)o8ujC9yU{LMgNC7~I6Z zBS-M9BM;>B4?a!_t9!nCa(XjPLVFkim}=BDM6bc(Fj!KT=gwtRAc$bfXhiQ2x~o?J zI$tb4dCA8wIqkV$0Qd z<5~^72ePuQs;+fDwZ-aiCCPH&Qz&he;A%f4t+j=StLtM4Cxes;f~ZI`nXT#kYd=c8 z$6`Z>GG)~2$cH{x-T7zQJ6bsRsJ$upzLm)~|0W0(x2;%Xi~ceurfiYB2lq}Xkg*~? z=o4rSftCNQ{eVg#gb`uEC+x2l09vc)hu8h^`m@h`AGhBAyT5Bpd~VUAM16hzXDgpu zGC^}g9WE}OoBSUWlzz2yGCYu&(TODlhAQBMd9(TCFK%Jkwk=E>*}-WC?8hN9XCg$A zA%6!AsT9}z;R&X+w=ivNE9YMQD-yXBmz;7K4e1QUFv3AmGZeM!ycPwhaR96>SjxAg z80H;G#ned&L8LWF$6>|hU6g{zkTL%sef46Fc{qP{*y%JaDNrvJnG^=r+X zA0QGiYaEOo1u8-XC3II0boCgsk5Y+*bUFWBb6EHGF}2-MVxxuLrkpC@Pp$Iqdt+O6vs$3E-sNaTL)eFjr10_ z;>UUO{>zw0rE)jg{zCP!vU3$@-}whV`R6A&XzWN9o_9JwJn=M+nLLmBWGjL2h_n$l zDZ|O0o1`H#f z5T%*`SqX-E&lQZQ*$Svas}@GJnhe-&4#RbdQ7Rf{`cy3hG;thOYMK~Iy(ljO{_ifnD z`pyBv^U>uE@p8efYU~~=7&5LOlL}(uID$e6T`bjBeGrCd72$XH8h(#`j2K~re*WIc zA7IOtEwaC_e?;Zoc`hxv46c`;%pDaBFSu%pTdm5qQH@@L9n6)_mJqVmIh`ODjBOsl z-jhdj0?}s=yH8gkf6;VIG_!*Zy@02aIgvfH6}Ljz=LXFc@^xo8L_L(0Y1@wvaD&&E38+A*?ZMmAeDpbIP@0-PQP^_hmULLx&?TdFW$b%m|l^>sUGIQHz;ksF3Wf;FwnNbN^R=UhM zR%DV5Bop<-al{u7p3Urz4hWR7rqwlQ<{P;BDXsm;=BP;3DOC&zI*Nj=Gu3f)o*wcRVo8L6W?!gCb&t@~`+e-ocin?trukZ#y8eWM~ z#+*o%YDofCbVZ_cK&VOxsS(;kONA?wG$cpamCtGcBCWh``B!S@z7>mU!1FwI4fXJy z-`~Z!v7Dm#?`&dNf*@4GX1X1W~1^ zLmRTBmR9Y#Mgh^(zGZT zRaf^=$&2Y?p`Pr5ojhiHgVy8bGYjR zr}C@Qj$_}^dl88yLLE`^yU7PT@aZC!MU)<3u(XYQIAFoZkU@V3*ZtuEPWaq4+<5zg zY}ww$Lr*@>x!?FP>vwEIxJJrSD8P|Cv|$TGA5M_x~4q;egps<5L z6)Gebtp|C2+cxf9zlkp#GM^|4=p0;6e|{^2#V$(WAd$A6k(9QY7S;c>w8Aj4kpNX@ zUbrLg^W{hX%9(pj;Oe6fpg#&wDhB0NHV@P=cC6{tr4R&Rk*=XFbmzB_4+ap9&r3U2 z^3i+l<=Vf##HEMt%f08G#SvroCeZaLVc6Z3F1MzVFH12Cs|47XX+vp2LOT59JqIzT zy%|cj`j=P_fj5l(SGN{wzibDBD-q50RMcwh0UfsKP=Qc2V%lhgN$O%?aDbwp{{p~q z#~nB9nfKXe9#1~`^tCN5BW@|DYq|zmc=yA6{kOM}Nq7~aVJstrGT^&ZwOb42F2^w> zJgQ@ZS{Aj|%J4dL8Opb}fr^QBP$}xlr=v^+RXR3ElB#7!OQJX&J_bR*=Fat=x+yby zFz-C+xLkSHAL-lK%^64S%fyjwD6NSt&!yf=@X*FhytKI+67DN5U(JxBrbyEWrO6fz zN)bhYar@j2M$usiaf}KA=&vFGU%c!qGyf6d<8jBH$V<<^Q0VXNsUB4=Xs$~k9oKfw zp1F@ChQsgLbSNAY-f$ZSyPh1^thEj!f$B;VO+F}c^1l0%%cQvKj(g}C8YGT~*tn~Q zi+*w&9V6;kx_%2k_|1bHeaJk1c)`gOeWMB~wIG&NM8P!UqWWbwK(O7uvZz4Cc7pQW zzZFum;$K=zlu&q{!^+KFZ0qa-=atad>+b{fEB}ENRr_Z_1O90_07o5mIQt!PaKl4? ze&FdPFDw~V8N@bZVfGXl)drK>jq6!92br?MpCuxDF1)ysd2M6($wxoI&M4siZEI+9 zGf2myZA1%;US7e!{@0a6ku=h-3Ya_=J*EZnLl6YWM2f>Ej_1_rlR0YKXhznV{pfzb zL`LOtv`@ewo+sF`tDj9>z35nxOQo1Pu8oB26Vp#2Eb-MF?%<~T9ydv%A!BAOiU#!jdJX<}j2uFARtN}Cy)l!7Ss85rC}I$e(^ zJ+vxv>0{4v(cGC#Yp$oe*k{kL?dZxamaeT5#cs21VeLx=jwdPl5#M{}1x}qhfdx~> z(c?$BY$|5HQjySy5=>$U5B$~C0I9SVM~o$*d7^I z0#uB4U6?%){I`pAy z4<zN zK63RBd1&cU_L|hjvh~|py?GbHby)lIR!%x%f4*_hQ$IDOB5Y_{t4c zUFr8k%}A}>2pHXvDo;U|&%4spB|IK{VU5w_NCIzXjxL+30gmI~IL<$`9PmG70Wg35 zzC7~yUnmrdeTx@AUu9u6DEka4AIhM*~ZNbMFI6PjZ%tTg*;n(`ar>qwiX(bE<=GKDC)AlyOj!5S|Fu^BBoI4 zBH<-@bi-D56^nfOfH@45d|Zq{hO$FHsmp49<=L4Wj+58SY7>qmh$6oE*Cl*l=4AHo z7(pS5tR8|9YSG%LbSY(^^F4)PC1Rv>X!MeN`7h7##D*Pw@0dfGIU@+_e9(iWdk82h~zjxtjH#tD1`%*qL_|Mj&B~ZKNtP!Q3gYcbkq(+-*OS45h_O4 zWgwX}*3t4+l2AE!}yV~afbk*7e2V~6oBb7r?G0q>dHU4_~MHZLJUrwJf*o) z%AQy$O(_t;^Gmt>|J=g-@l%;Ns?9Li?KM-vnn#t3k#cSpk|^{^I(2qcuR7;-5csiA z)j6mte;mdIlxVJS9?HR3pzVIY-Ys|wqByXc?WQvmQV{(+V?gfFEONXdWyCXVckUppuSt}u-KvJZ+7yN}%UFx`;~ zz9!1j>{T5Dp>0utz;z{Er4skPuo@B$Z}75(%{MKnJW|x0B0O{FZC~@EAS41CUHvXjGX* zDV3R(5}<+*RD^alj+AWbA7H>Y^EFqn;;?nxIA_r9%{l-1O2) zK7Zieq#cL8*g%~|?58Y_Bg?*6HJyIVAuq3NNy$(UbHfWuxoG|jrnNLMP>Sp%!gK`E zvh3qn*!eH75Q{OLg=8oQ`QpN-Nx3e6{=o4_;gI)3lrGTSzm2BsXk3{<#0po~8~!!U zjFAjAufdZpnN$n?g&k-FhmL9E%$bw;mT|H-}u$9`T1u)g(I~Me#SdtSR%FSp;9`;Iz$oRh=g6=!j{y&BLt3=tnb{x4fj9D?Aen!=it5R zDHKfdCkAP(ZSPpUiGk3^kqKg{UN!j(Ychop&VnW0QRGhCk6a(8c_D)A+)vM|04$G4u?T3?~Q=v};v(Vh6sJs{%DcvN(3or_(jH-~ zNIG>S9W%$&Lg3<(5Bm|S#C^{!<>G68MX6YVmPQK?#U}6y30W614fOQ%nN<|wShqgM z1|%x`OpMAY_AEYe%E|QmC8Tjzpn3tQtX-Br!%|QpmrM?u=bC;-5vvlelc*Fh z0#GU5h|jqW=Fr6jwGMV?&04WvsfBWkGrd#KqeLh#h*Bh!s4O%MdguKo(W zE0f8bH*@-oTQ+UllmlRApQgLt$apzYEMLBS;EHd2ohvT8{O=MYhlUCO=_@Y3;x=GJ zx%o-#KaG!^aTNQFZXu~4<+(WaIu_!H0Y9R6SwsF*~3EcJ7e_?yi0JF!9!j;f9ShUjB z5-lTyHrgc0PVQADR_3Z|F-Qkd@X?Ew^40S{!`vCu$QSag*|weQe|IB)cxWM;c5R0djWo}kz)Abe z;G~(;nAh4tM|~rXlSOGLDP_E-g=J1FZD-E0h0#l_+t$NnH~pSc7$Gug3rT6T^lFsh zY!XbR>`Iw2j*(g!9c!r|mekj$Iqk6hkxmK~M`&Q{V4fh3@e&^6>T^VquFPg7(x{zj ziBq=6)Eb2%={P*TWgEv$8f*3NrPU)aa;nne2S!9V#t}wxH|S@nl<~@L@IH)Uo1f?3E4CctzOF96_Yq* z=1huyp<>}$p5F>#3L{4er0@vhK@@c+848fftc0Q=h)ZOWP3Aq>WGS>DibFil7Ir$O zY+|9cB8ZA4Tq~$=bpw=uK>4KYrbk)PQdH)r+7Q8n{eSGXqc1d`>#)A7i)-%tGY8F| z!GTl9Qwmf?-d8D2+D)=><2Kgy_8U!x3hPk6%EU&Xr6%KR(xE06M&~Oo`l!A^^LgN~ zWXY24b7svx=FmeA`D3Z%d&M|v$R~0HK_FUMnrUrqb^cz-|BN%v6nEZvyBEH?%Wku19MSv!V1}O$5nzLC()MbgH z7(Y_hO51+^w$+a-#jq(O)E<*A9)-f+HV#Mrc7dFt_dkK7M_AAjuF~HISvVpCAHa^wlGZ7Sj8kA!PURLmrYwc zO%YPwpLQIo8s=gc6s(bUC>x<%$0QCs$PeY*@F|R$DfC(dE=~}eb?CR=#Z$op_zQA8=|JmL5`~iTTo^CG=?Yg1s zknU(>V{b3lKk^WV&)f$sd;~GEHXv^KDWyFeuH)cGC1OkLQ(B{>Ld7QGhp|szX=g?L zIgUew)Rdw={J|k3K4jJV4B#Z`54w?|eGWS=a)BuFQK`s`w`>t8aEOVK$^kbvme0z} zmbFF2gkv^al1`fcyyGVHU_T!^<`mLN2R~2-$1po;gmJ`gmaVnul_+n9*7$AgUb2~Q zNEah3b?Xr70M*lvFso>K^w(!Jfhv8;5MS#-EsFiBt zM-ta)`@4?hiIwZ=?Cr0t>gr)8K5qsED6bvqs)V%NU-l9nX|vVyP66;{AN_;<>GRGx zcib(v-nz20tJ6|X5wy3W_n8V4JJ9Wors}d6)2tswPzcZsjuFREpyCj=?qVp4_}q=x z8rZ$1nZ|==an$Uoe0c73jvhae23b!@B&rpj-C0*!5fh?=kdlrnMmWMXD{-DklS`%e zz*qN)7>ODfnyVeRwgk;mZTI}@f!*SPCROVF8|>B@FS-(k=H`f z?S~LYjLX)Mag!9n(9F7o5yCMHYqPZLXpNSFgbPc1dYLhznYM;3K@j1(<_P7XUV zQ3)Ypl$BAIP6B1hOr(-#?;c@|pfoN5t#pM%DkCVICADB;z;4(7-vfjbqSYy*KTFm_HINXxd+T; zPoKZW2^5(?gClWbjUR=m-hpyJ7rtM*dEvrGo)JQD!wtW91+Kel)vCV}H)>y=d+s?V zPo7eD#~rs#srcX2XSm|qpXMXS?1vwusLwW=21b?T#f_!|0$evi(#sldBS!qlxHuLl z1qH&$N9%~B2ggikXTju=4EgZnjvYL_ZVR`qTF->~97m2H$=vo9nlp8zoeZHW+0NKC z%8RzBHx0CPA=I)4ohh&V>0y%8|HF+|vl(E`oDjy}O@Pv|Q7DYyp%>Q?Dp@r+LBGi{ z-|hrN`}?R`U}mxznwy&6DFEK+;~W3+buRnb$tGJ7vVYR*%KipncUjKg6UIu|I8W8YaL12&EZFq zqBa6LLQAxch$xXDB8Yu@@|)cd9@g*dWou^-g+h_A7*N-kWzNKL{O<9^W}fVt z3egpcgyZ08WBTKvZ4NbJH_9==I7S$c5dnVabHc&<@XJqMgb+EDj;)=q2BjzlJ}5D;oD zZQHupvS}-&?g0p+*Ifq>yDj1(+UB{^&TbaJu$sldZ&Ds!doz3OHH}&Gr*P;&`x3Y1 znBURHq=p=W`I2FVOJxmvtevNwqZ{>QZQq;WHUx2rzWfeD478kp3J-Tr`t_BXT_GHY zT&kJ=QYZbf;@#s$F|MVFO?`t#L`p{yVrd0@!fwyV^dwKyQjy9)hJET4;bp|Aq;&W#Ibg}!ou+7=am9F zhX(n#AKk#td><*9pegN<&1CV?E_LZNsbqr2l*fpMda|hm>4Zl^Dv9e^yWxaOI_=^J z2Uj|VaOr^KNE~T|SK>HE3yq2)Mu93&@`n(@K{^Q>$HmiGgyU4!6Qs3gHU2@;$N|TS zZ{6_+DCW8F_yefRxC|5mgfQbK*Q&w&aM7~LIWUE~FQe zN)*=9kZd&XOT|_dR999#RawcgY?qD16A3&C87ECH*@9LPQRL&tMM`mzd{9D*h{H#> zbIkY-x(Y=WZS7*ou5KP!yM^XdiaBjf%pcXvg!+0SVoIS^*(0*!HDR1aE7Q;#Y3|(w ztARWJyOQZyaSfNCWqa;!(l+1$@GC0`Jqf1x+U-r&B%&w~H z|DV0jIk!&Blw^`g?<9mkfKU>uG(|cnC@OZbU=$G)5fSkPc?A^93#izTCLIh_qy|VJ zmGn$9nM|g)Tjt(-%HF>}_PKX%LO{Xyr|9c>o;=TF%Dv~Fv(H{@eb;w=zdW^KBP-T# zrKhcvzSd6Mfebo5WGXu?z_yY5O-I#KA*(78mca1?V#18IL&MMz35Ie;kN#~kUW)8nEkYN)Fk^qyXDaXEwREzwrIVG9Jto?}iql24rbKK2?vifk%t1Y9tB-Ig@Hcr&`LLTKOc7D7HduAgNf+d*wr6GDZM zV(29I#!sS4W+7-u#Hz`;`LG=d$>A$2jhXe7^n!702BoR#9RH% zFzSRGphwri$Pv)hFEpAz-gEc8K*OR%i@4#28%lq=&)$1qvvK|A(?Lzd_X&pb;8^7H zd5TiEN}C5>hjUTJ07vuM<}EzgyoEwM4k~SuKdm7jP+y(I)&YYLS1z=meL4Z zlyGq=V3WjAmBuhg=rZ)i$C6Q=-?W*hUVfSV=FH-xdDF?}Jw!-;b%mxP;;^{6jny69 z;Mhge1w*Kn-kz&}A<%(BxXQH4v>?zvZpP^QYakYjGH3Se#L{KU-ZjA=;EKz?1HkGP zD?gFT=3+(8(_tTZA74J_I7CoIB35mrmUUS*U4+|35Vpt4r+jp%T_p$zu#`Xx3)_hi ziNvW0uTR0xl5&rna5eTa+IV(r&iiqEy&7k(2;2QxTEr&;;%@j*OB;xS=+7`C;^&3R4h&Jsa=lu?W z0L`#3f>)yGh*%^_O?9>UPXh2a9!*V6EMB~r(@#JBo(CR$;Qg-aM~W0aos1i%|Jac* zZ8SO_3E>v8%Raj+8BC)G(&kIIK-7WHEtt>O7al=Le#1~hWL!ufjhbX8lYqz#= z+f%P_&yv;j?$`l4d(eGZ=u3x$z4FClR)Six1`;+TtFanKkQm=UEM{S8jkU{&Ubyju zi`x8kD$?KJUdjH%P6iKeklLye7%H&s?vK6>MgH$DM4=6poR zFBtwDXP$LdMMG`f$G2_Yer5CK&GF`KTkyPqU06E`yuJZC`Ud#@s?FTm;$Mn?z2Cn3aL1kZbOA=L&JAEF2h|A*en4?TU+MsbWs=Y0 z?T|LlH*cjdvKm=kfeMUv1VKQ;j`Gk)j%9=sBky`>ELwVdS=-sey3RhbDk}Et>giq-DD#}vO&`Yv=buJptcFCa z7W@DuWhkXf31%O*^A6jlT9tWll&0uI>VzVY;j@Fl!Y1KV5sy@(0+;@w4)SgaAti~3 z&Ad@{96Y9hl<)Jz=AB&g!Wy)_hEMG?gX1QRMQTkZkVd{+8csmbJ#^DhPC7@UeDI9ZM*ilu+ZR3f;6tYezS1QUcS9}gI~AHnA;ynHI}QZ?@P;Wv z=BE;6!7RM7u8XZTv&W3&yGI<#Nz><%RTi%Ag^R^PO0#sNRP^O~d3Mzb?s#%34?X`X z?C662K}2`DG#XdV1{FeLO98e(xjsR@0Qmx{FN@o{lfG9WF|koM%$g{ingkFS`*F(j zR)j`}n_b=uaNQi~!T`3YF>|-lKxImU6b`oXsEI@j8B3P&W+gZ@HcmXJ=aaDKmkJM+Iz(J zzH|-u{qA8dzWkFMe9&B^tq}zgraNYqzesG9p~*~fL)SPIyfpopc50HNO@}%({}^5l zqGYvfNr{Jt)RIUffs>D*q-I8KHI0cR&8dv(5o#N>|IQGAu(~dp1KEy2qP(EYMGbbH zFevLQmRIT3mB@w>sO|v)=!?Jg^_zj|#aCFq!dSf~6G@pJ%4$>~=uSaX13l?MvO&Ql zPN8&iNvTjl;0CN}YXiqY`2kWpDD8vmbLo-$Gr6*o-a?*4%m}#5oiK{|lSdP=Y*K+o z-sQrG$N&H!07*naR8{QE!(96yR1>ufdW0_Z+jS_nYl{dCRg=i(`bZD;;8Va88aMEX0%y-2&sno3 z@!s}v^HI6mTRMx< zd=o?>4l6fqWy!i0Y{xdmle7TO7-zkse!v?G42?jzehC!l=TVE@k;^%Q*Oug`a=;Pmg`Rx3_n8@#^Ym493|rT08hU&E3yE$4&P?#$zv1-ETzQh{Ld+fp zE0olrY#elDx>wGPe9S;*USvtB0vWPhWre!SHSc02qaNQBXO8mm1I(V zHO+%*P!b{DAxl`7)CWRdf<)VL9u{Cp&7=y4nbl1=(;aduAnW?{ z7hJXvrrD9rvuz;D*8V{{b3^obif!7XDjs1{V=c2QlI-13k8oW+cjIkrZ|$J1zn>|i zMj9#KaHFk=#JTy2d+8hO<5S0y(x!$GnE)s4_s-uBVMXZL1jL|c+-MBG^_ou($ zV59{M`M*d;}zO>S-Nox%kF;; zx_c2`P+|{4_9{H})Z;6K5W$Yl4(K$eF>%VI`-E1>Ll!Q~ zeB|s8HE-L|8oBGPyJl>A_>npJmp0yPA*i3-NZ^K!WwKz%PRc?Guq`MAJ}<9X&;B#_ z3YodP_Q(W+k%^dLQ@a5XDQQn<`RWrd^1_aG)W8s8M-O`K))IMs{P^)QlgXT6SyubP z!w&6kxo!LAZQEMewyl-Q%1SQ2_+q~Gt#1MFX2JiR9L3iJxbn&?xa_jaS-kj>yMene zyy$Bquem!lB&u$8h9 zC{!plY;KU**wVQk5>^E`apIPZEd!Lw(3KfvMaNDy^!2czdytO2M_)FB5`yYTl<6ZX zId1A$7L0A+*^MoDPH{f?omBt3*Aym*V;S(Y=w4>ZO=+xTxAeoT2?)zZD?fBgENT)c z7&QXDHHt_L5%_-X%dae10PKMR~ zT4)+#4h_)}9AHV5GWW;xe0uU8ow+=1sWcn=Q>^dqw=@3{T1I_mI5KnF0IV|S1%jT;~6VlqVhiZY^L1cM;vwZ(Ti5DT=}lqxM$3mAvSE-px3W^{pwN&x~7uPoPQdVM^vFi zBGl|tAyTQ|avAS2P?f1{?*8-g{}!*O)*8o&Qk@t@UuH)c(a^{QXI*nYr`J_8t+twe zH_!6+K5kpJf!~QuoIQIgM~od!PI(Nu${3Al)2|OiIOS!T{*ewnPqY@hl4u!rpVT@a z5sUE3mK{9y+Gea+v~1!=?AF44n~!%$eYqiZ*9 zTHpKXvRCx*Rg*%Gsm0oNFTV4s)A;OhhvND!)9PwCZsKVEXZhQrPUq*3CYjCV8PCxn}?)&Avbhmew z`#gyQ4?IXLUHY;}#1rCx1Lo-szxfS+{__(EA^7T|3%TwFgLY4yK8uQ^tWDs$+T@@@<5<2~%z+>x1>L;^xLyHm zhs8U?qb@?jxavw0ktp3mIaYLcbMF05u(59dgbmF*(HplRvqLD*@mO5gGV-~;zP@__ zZoBOcjz9ib9((Kw0MhC7E`j?0*Kyfp!vZObzH%W~Tyc39(3MVaKM0_XIp2_KRDn+&OS=qURzqGXS z(54nvbao?cn+n@vOjVR=RW(c-JI2T-BWO!yx%}Bzv9Jj&s|?}``2cUb1E9*e6(-Qz zR!M5vjH)VwRMl0$s%A)K(Fe?cNF42ZAhp>91Br;lV9ZE#Y8z-xLqq+QUja(U)-b2*>dw6eU+$B@2tB`DG zRtIS`*kavRsqzpMz%?qnoX<4Xuxh(KMGy&LW@42j6vyxkG{#o_s&j0erCm#RP#@^nZ;W2L~f;DqI z2cNKz?|sE`P7D^kHDdS5oLcM&8`IBcc=kSC0^U7v~_OUHT*p@tC>C%^9 zJ?Nl=#mg_hq+fr1^)8>O82kY?Z`@S+`qWcT<^KEcXH4U`acf^+y?smbHU-G!*lO&g z#FjbY2~B_A#u6G=n+Zp$1%9BYuB^bZBB4*Z>30_aQKV#CMI}`gNmg|BaO$0pv$HR4 z=I=MQA-1)lcl4CxOD)^Fsd?MxnD2hC=3bsght8mNv}frykIV6TuSG?VR>g4IWGu- z7y0)0hg}L!T_Q_jTOsUhnUE=s5R;M?G}R)S+t7bmj+i|e#x#@^^$;eBWo!d9?*KQT zqrHPzG`2Ue4B*EFyV5XCEutTG(gY1Om%K2C76p6;jfb zN#jX@=LVplsk(|U95@T5mGOHJ3Xgn<1_WVuLLjA)Sq(z8!nC76SQ1DQcPh=;WqZ1Vc@L0+QOO9$?LC9rA6~*=R;^{oGr~eKJ3?z;JGVaZ6w{|n z56fnG!C&d$1eEs|kr9Fpx3iOl_6!m6U>XAqRbfr5iY5 z{CLr_efzs=;d3g@{{k3U$EVLej+%-H`GSK}9AOm(jX=k5!ShYVd``(g6hxBa=0Zs|*#*q*0Ixv?8y4d^cBu26ZSKpb%Kf z4mqNsJ*q**2((Yck;G*JNbs2tp2%~*y%(?F#|u36-T&ZE&YyqK@}K_XM{jGK7Um{3*C=$Zt}cXpe_pNK$P7wqUlZ`u(m38Kc08!xwSZ&@USCvSi7bqZ-G)*Ru4VcDA*dDBs;j`lZ$UU~q^(KC_h5jyr@8AGt3hV^Put$%erc zYrA{cnaL6$X-Xtmbih80t4=VsY6MZc3fqnW4oVBM9_Vnwz!)S|GU!SIKg(&;$8yb* zB-{G?dB-9^yCeZ+WHU>a5ejuU{%OW2MO`(zr4u|4ykEziI3yq+;*hV1X}zoVudq|TUvQ==?c!AHy=r))FL&) zK_(!mVjov2zPVsuCRA3DD&#?i!qD152#M6XM8_&=El6ql%c>|c95S)BLTXA*f0nSZ zEgP_i*cD_7X?$G(X(3fWf5Br~V?84pMzDJ8R@U#_$pMolAcf?Xr=KO$Gr-3`a2(YY z5mH${d?yPXD5??>e!Ajy`Ug@F|118kMdq#V!G;~^#u12-^=Ln=FqNi|%OUzQr4H}> z0}sCQ-If4+@2V>=jz(j%a=9E>lF{>K@ZN)Gk;xaRu;K{enD(ajL0AY?w95V83;cVU z(JzvkEg1_HIE(y>qCpSC6}!+zWl>79o<`zx?4%|RZE9r6jt(B#+zJAYoG_aGMvcH% z5;riDEV|q{qHMB5Xe*RKw+Q@zJ6>2t)^m-RRe54qrV#kf5`yA`B!}g~J-teEuBnzu{ue zKYoE3ky8=I)J&u<*+?vwpgI~Q9*dHU#c*VVyjG+=pFz)M$Ssib+)ykh{9xgNEB5|| zdDbdqmIm0iO~*hxr(OPi&iej$x#r$K5UGhV^5FeS=ibt?<@|>qy6v5O%_0^g$EIA~{#41X3Wfa2hJZJ3hwNKP1|X1>*e}i+{b6{d79>Qjt4h2(=s^7J`Htze9m5cVcu-c zoHdbI4K*YqHbcGyQGp5^e5D9bh6Sxn;8G#0DCtzP@WqK27*Yv)n8NEPSGHivE z?eVH?a#WR(#6l}+sdqK;(ORRl#@9X)Njy>$YPB0KhYkewRZ*rjje=~BM_yft6cO47 z2f6>*=V_WShLh({C7W|mA_z4nG>#?d$PV%A@?qha;tp%`q;2&1(6T4k{5t{LU4i!X=aheV}HrDVnrj4b!6pF(pjOH`*rgOsN zu{^S6J6AlvlAW0$Dq|K_NTAlDXjNYJn!+R;QYxA|`*~``CgX~#cIPqZzxg>9yI-54 z--whY<1Dl`)qe;_NK2+>&YHF1-M-)cLlA&hUU^v`a>#=1S6p%BxLvM%!lL591Nq7q z&*Y0I9!5}56kLz`$|h1-j~CZ(p|h`#u2h!1n`gqPQB*n+8tZBqRaZ@QA{l0op$ux6 zh*_mcaKi+*ghFX6gc`z1McPCNcyi4;{(Q${c$>HLN82)+ZEZ#A6uUaRsjIJhTZvLC zm0`q)s$;U*^hH`3b&9&ZM?-a->9rY-nVDiJ5Ja#zdfE_6+9TxMBymfT%jP-vgku=n zFcv=uQ4Vc_QIR}mg^pP#Pae-LudYG39=f#~Uf&d2ml{n>&-13d_`Tv z(9><$l(i#AZJ07?Y@-U?RV!XwF%p3GE~tp2CQV}L;^+9w-c$I@etVJk13cy8Yg0|D z0DKW3(PZ=8__{zthfJD^P?A83l2?MSBtf8#V1doI-X=OlMS;AGtm%tBtKieje%4FVn$S^I2BOb ztOX(2FO)qdUx2pIoiWJ6rk#kr#-VM8Le@q1rAkn4ZEY<}UU@11Zh1ZqU3ds05OcS; zZoj&9#||y9L~?Q?#~-ve5`im1M^IsA_rXRekK%;%F0=L+k(|FSxBFMPE?Smex7eR| zl^YT*i+0pHw3nu2|E-FSqs2r^8b?XLsHi6dlWHpX_M!W+w4#N{P&U8mM>qcXxgY=J#{VDyYd5T`+p=+E1tsxGkag9JKl?=P`T5tm z@RXy-=ksVGiCH6f;DzP<@!2J0b9wfkI*pIMX91sk|M46}oiL5`{%k{X`36c4HCH?`HVZQ!n7Pw3)x~17tP_t=+p^n7RAR9sFBA>*v1sC6XYf zOq%k5>$-pzi4jRg%pObJ(VRTjM~Yf3stI(0`nb(OV*}EGB9%*V;(|l?z%hrT{b=Zi zZESu6{)yDpMBN`3i*7Vf5qdmM;_*9 zKlz`|1Lw~F(8P(84YNjR*s>G)dyxgfpB`JnfbUUI8l^3yGR84Vgz`aJAcRA{Fhq8! z4@+9RW%FSb6#Cwa5U?CwQL(Gjm;PUB8tS)(rbTVFNfLI4tk<`|YwM9Y7oh}d{K%3C zdTVQo{>G)3Pkj8b#az~W6Wdyh=EJO6vo>3nbkPBH^mEsv&+`1H4J0CQEM4@|()h|} zFq`7i!}iCvMHq}RWYW-A!uhhwkY)Qeb!+@ zBEv#c3RC?TT*P1+v0^KzJi4V59Rw7758X9T+Dc~3n7Q$YBaZr~tGRvnBj*C};`2-B z>gze6t-T}c3M!iBPGSFPV~yuYAVNVO5u%EISRm;VQ(cFsVo{e%h_}DQwGJhPwG1g2 zMKUh<+N0p6u`DN)xiHDFC^|waRg&v9WWM4)E=tKk>3LLwY(8M#=mxGlay}!X5pG_w zj#XW~cuM04VSqJl8G@nKL@k?^-hS?QZW*=}iXQETfV?SZXSYngxW>)ZlEaC75g8MN zo*7|c8IlZhxuJd`MD|l;wn9CqIz74aB> z=Ob`PMn`e`Gq2E8ThEtHK9Tnwa3B*#k0Kt6lXT+LB&(S^rioeOCsA8f6)MBMb)QD) zBI*=s1Q7bf3yU57ooskSfX)GK9Es5KL&(4?*n|8p)?WV73o}Zn)eO>$Cara$q{0kqaoOCL;+t1kb&vi<>@_8!#Iwdl4EsI7+Ds*-5xefQq=5Wtm_ zKg(rXZW;}+cJ11qO`0&d571WB1C^RA44B2_>kA)`j0UJePog8KY~dPbN?~k6WL8foIpPLB0q%M z*@u_PLf>HNQ!ZKZ;>Yf|;}70H^Eqg2Y~;4z{hse!dBxEJ=j!xe>K7{T!&|61{Ghos zR3yxVQ*ka{TG-en$?)N2DG*q@sCT}z%Dw&a6%T2>F&OC%G(g- z$kFh58EN;xQsfIRg&^SA$xVD@)?`w-fJe8svc7i!3yCAmxS=HkPSoc5`=4VVohM@3 z;cKgR==oD*wv_#~3JJV2e9(*J(wrA&Qj&NqDgeIsz3>0uP5`dC<{C~s@kD<2+u#0v z#E9C16UhoQzmfN7e)w5FcEL5gwzZvD)FN9LB$XLrXMZ=Zw{2%fPdht%yV$&ACl9{# zGCzLcet!DkpIFghZ@K?>@^7)R?$A=t819MaNkgv#axP}rY7;;cv9X(q|j;#Mzj{iLH(ES{K)REkM=UtDFY#cSkwryDqXuQ6SjB;80 z+)Dhw51GcHJTq3fK^bu(i2aYprA9F5g#t&67?# zV-7{O-nMquuHMAuciv6Zj)xnU$E1cjj+@*VwwnC#TrI#tY0ucY;*?cGVHo)vAY-wI zWJ`w@tV%25b_I?dH5ID_lwwRxCH3`{5RY)nlh4wX8sy~tXOMFh5H>qobpg?i~Ap<2e76h2-48RH8zXaeL{{ZpZa=NMV)a z!uQnwHUanTO$Zj(NJ&ITgs)*aWD5gia($)1Se#-i_GinVyWKemyZ=mS;{_lHQCtmq z4-%0GM~rXexCu?9b3PAm+0LMw#}ZH(bNKU$4cxbM1BqC~AX;HUq~B&TKP(w}zZ(Dm zAOJ~3K~yOoKEYatC88oCEu@sg_TE~RxqT|CDwF>bd+a}?1@Ootj~L?0hV?JUqLKGT zA`w%X`-;tvJjdBz{yt0AZ6g^|eC@3F(^y;2JXDg42U2I#69=@@u-tdJo#_>yxUt_DvMv&&lrR62JAH|N_}Mn$BtrKNu(7+ zS_z_7lBgYHMneV3Xa!LnB?zH3trVGDJF!R=;Fun)CCLo+5@@6FR##I+Ob$QRl${9C3jj`SpI=~KNePy)P1Z_P$_bf!H8uwQ&OgR^z z2>l8$Er<}}jXTwbN2q)df~sVU>5UDbA)U@Jsj-@Ija4YEP{InyZJL;E@t4+4mUs3b zq#Z)hMd!b8b1Ui=sBi)!=fObE+=xuh2rw1H;nohL{+UXbVBCgLBRO!vq5l;4KUryf z?@=u+Eq4zL4#q1`DJT!@OuQlM8lw9}H3x7!0Kjq+(ZTx?03oR=asv@;xa4c!~H*u%K}8>a_$PY8rC zlHZ1?t58xAXdjJFfW%b+jx9NOd>x049m9(DJ~F-{n=f$VLrcuWiWH_*fkX%1I~aj1 zI=5J5Xn^Se#GS}68h~%OLV34@vFv-mJpG>pV7H^DriQ-0zDMn-bG~Cm!h%54`_xiS z|HP&I;<0BLaJxBr&R$%8&WHK#M?b_h=Y52qeCdl^eAd}4oHYw6A@3E8^SIcxx3fE> zrHa-N(ju=0=}EWJKh%k^3fPW71~%{6dkzafbVBKN5A^lZ)HvqX0B3*jL%Y1*LytW8 z*L!v6oPAeufk$eqh}6WfwB*1kNgO+Z6b@2KB9@IUZIrZ;PMi@@K`x)gS3VLOtu^UF zCvm$1X~m4iv9QSIyYW=s3}Xqj7p>*vi5~PTmWjjME>?wp#(_|OPQJ=Wm#5nmueE)5RuY-{_%tXX@-pMLu3XXeb^=h&vEvAu+(dpyrnu>>NQ&C%Z8Iq~j0 ze;@hz?60ez@BQ_gPQUR>0${_Yjknq|+`!hhGPJdYA3ypuB80>hkaK;6uuN4K8sd1; z!?7!fT8VJ&3FEaAl>OLbfh;kROq7+6hH_pQRIII;WS1$L_f@Z z(R#Q8uJvxoU9r#-5--RyklH~Y{1AN&LIkcn^6NeP|BXo_WgGyh1yTuw0x6wvUsokT zC)b6lh~${bO;p(q_bpk&>Xr`Tj%C(KsHiEW{k9Q+(ppw!Z9S!l*bWgpe7)jF3RIW? zXoSE&_>e=c|4#z2+c7XOKs=dXD4qSEL^A%ts_IHnEWLwOTlm`NzQ>oZ{ROLct|MTG zyz7xG6v(NYp@($w+Or$$xU}cWa6<@*Ky7`!oOkt&eCH3h@#KnE=+AZH z;Bdvq&w`ngO3VJa=bt<6;;&uu;XCg9!`uFhPyOYYeTt_QtE)r{o3XVvlNueP{cl6W z0?P`&mJ%s!qK=^8<_L5Fv?N>T0wmE$l^LxPf=rgV>SU%~YiCT=SfRv3Up2xl8+N1%gngV81EbGQ;Q z?V&(xDxy)Mk;vaq{wv!#1ffiIagFW)a}^q>tSHT&x3_n&Wy@AQdFm8aEnoTMr$70z z_agaREE*FSYn##$jYU88gKMv!4shrd7jo~HZqz4!^xUttG&euxtDq>EiEi!Uj^|%w z$>vRHpuWl`Jybv|5i;?M61j>Bs~REA^HXFx54)dggjS)Kyc)iqx~LHVmK0P(6GR*v zX@hM^l931z+X@-r3fqcd+i_I*Kr1voskE`+6_SIdjU~_;p)EWe5Qu=vsKb35T3FN8 ziEu(bgVd$-DjLWXH)t&_B3YNnVBYw{yRLEe+@%~vlPf^)pyAnAl7@!*1i+JzKK2h= z=T~0wT>wUn9JRlVy=v?B7E0m;$vE>rax6Fh{tC`~&jNHl!pO>z?AJJk{Tu6;Q&)v! zNjCPUc)WQh_ibunS!W-fuZT;ZT)vIobPIi%HnLs{B|u__Ntxk(nEM#^;}M|Bc^pgJBMMm}_4nE!dVqyngv4zBq2cmMS9 zPoDRm1Yq|gmmQ+2s*1tE!Mhsj8|IH0GiJDH*WSb3Klm;0`@$96@#51YBNnzL2|@x% z(O9iG@>kTlE-^LBNF-W=3}iU^XFRVxt$20GDt`F=U-6*}ujZ(WujYbZ|B|R9Iro#N zLDVUgd^g_w^UDBEIN^l1_4zv6+x_Be#6~2@doX8G9LEM}3v4GqIstaX!?HBewy}i5 z5{7~7sw_i=E#r4%dlzP z-rm8|Wv`|WK6C*uUj9Rlx#rS~mdO0IJL?l#fD}@|)Ny?BYiIMh_a4B1-TNScZzB}s zJQp9&h){)!ZH|nSOxB{16ze#I2yLj#j9`QqhLxq^5CjCoqYkl1j9dQvB!^yh1v4)A z8v9>zIhWpfH<^3^$8kWLKB_Gwmi7=5QW=-$Uf+iD1+%A&Vd2b)1c5>e)6%hpBwcX% z?`3O@u7VW1x>$#VLbCyw9<2-lD!YaZEG#stZxGCMjIJF~Cr&x#l=IQM2+9+UCOG`? zqx^s5+Wzj9S8>_p-{y?d&zRiV)w$I7{HhX}VazDr_tg*ai~ssO`;VVV!WvC&atzh+ zF;peSQC~Tkrs^@wtgGeFraDfXJemWV>ew-uHkv5T?S~>hf};7ZCY9|7`89T^SrR%0mSFwz%74$W(QsZY zb|VCe($CGB3k|x$_fSG0@JL1@-0|#k*0*+rf>VSot>ISH+in5uB6MWFPC8K%RwPVd z!&zdXO#%?g{zhz*1l{_}U;ifo*wc|pnIN@g%a*0bAAkG__+R}@ixw@~C0+>IMkZqjDVQ_P zBG3ZMQV83{iTX&}$BHO~9bj1wZm5BfbF<`vEb&Mcwv3>ZMr)sJzR!56YuhMlNo5K( zN0WC|S=dqhyC3I&;q!MC=Q>4y2Kt7$>zU;^LK|)Ra5kAxiA;z6z#!b--YnY}rEZ@b zUI&7A<_1{okCx_*6~b4gnfW)}a2y+5l`P%OPk;JTU%l?S8~FWg!=B>n*R6l>h38*t ztgNYCWtlN5p|#d?=IpcWr59h|{9pcb*5)5gtw|F^es{8iV`pBluHf<%d4{v7eUT?V+Je^F8<6{pC|nJ^dfDrX!IE-@fcpzH;H$M%{DoJzL6# zMueC>h4+8)bgui-8H}tRPi3qTOV}a#Tww{Dn4P35KAKV0GpVhdKq6K_Q!K$5drjmU zhwROqx*C49auc6_^f~^xVLN$00Fft^ZKb<^BZEV21VMl!jnIw=t(1e%lijQhF{}Wk zL0cB7p-ysM3QAr8MYMq3`uydIz%D!G9@}ig2{Oa{k>dBXE?Gqj0;174ueWw^^JB}1 zL?gQ;)eNISZ@Y6R!vf4y|3V0=V{zj&T8y4LBpv5+rFWb#VS@Nq*-Pa=^UY5=eik7^5P$G=!eedmya$cxINOGO%%VrN*mbM~ zqxvV5G7|$zk=G2@e^MX|KB8-o;MFy>-}x9c?=*9%67snmPd@eZ#Ls`>f~psufA+6_ zmK$!k!Ss@)A-`EV~cK&LAuoOBRrpAXD%e%6lQJR1l3M zjc$Jf(00RrZLy1G~`O(Ez1N-tuo*a3}>K z0SwTaH*dLi_uu>Kg%>ep%J|Ooz~J1;Q>Q#sTUQ4lRKGCS?8QZA9z`lwAYw_bKKFQj{OE(cuxTs4HWSWLD75yGLgJ|$-Kni~rqG0yljU4i|%joFo;iVs4&#G&$V$*e3bJN$p zz>I0rSoX>?&imOdSkfjR7|zz-FE-I-i~c+E}XmHzAZx7 z0?@Izq1N7i|God;*YxDclW|>_Xe>JA`XByx2S|lR=x7A?o52S@aSA{B>?zbHMpGH7 zC(s@mKiny02+8}ULC%a4zp&leBan{9&`zWMBH-0;de zUTyCu>*pzWJ#=L@(35TzsVSh1~r3 z3lxikOitJdQ#kd2hxV9r34DJCB<=f z-+kBYzxDI{*AM<{VJsG@17j|f7m}K!MLbsYj0&)Xhp@6pnM0yN@>M|pkfL`W8_Ha2 zJm2&yGx;8Toj2-UT4P}$Erl->i*EQmw_SO&VKfVr33;6R@0G8bYych_orzd%+OF<&C&Z#;;TQuopfH)Uogq1C5*pD#BxYD4lx-a(0MZX9=fxw zbf=r?Ol_lUXb0(B7dbae5O@f{v2B`rx;gJhKf(1}?)%n7>_2`yLtdU(G|I;o9>znL zT*ToE7x2V0FYv3UpCu;qXsxk36(%K*Z{A7s;9!}R z>+XSn7#*~fqHZ7`QU^f?KJ*NL>!Lx_)z$g$d++-^fM=h5wGb$O|H|r$?SMG)up_ho zs5RZ(+|1M|Q)k5Yg`cf8Xb*Uf%@U#a? zVOtR@6ZOUbPoHDtmDzG+xg0$mvZB48|h3B5t9Wng*JKy zw=!7hB=8EulD9?iAS9W5AL*fvaLliK5$m@I@a5IMev^dYjnC)qZ2^HmivSxzEb8!! zM_*x8^G+(_kzFABznj7na)X4@2pdKul4cJMO^=L-m@=oIDtSlnp7$Jc@_!P5zwx;0 zs;dB)z1QBnw&KAtY9R!wvzJ$X`v@0&_yQK3_j!KyjU|EbB zyTV7xC>Q_iF7CPRcZhTrfo)_1(8mL}{kyjSjy?8R9(?e@-;AiOGZ)Ksp}(J}S8c(| z`34#kBD8%iN%FrX6lms-4arFf`M+kJS|YCu8R>z{G6sT;n1DS zvwUX{FYWB(#T{KN@91Z3{~&96`bfEoq#Y+_*;uy15+1Ibp>L>-&QuHSgB$6}Y$9Li z;o{%l&bF3zZe6s9{U%N&UC0px5codXg3H8_4gB)+pP;^JG(WumLE1BYSe76evswJ= zdOBLVIroTtnK8PCg71dY=B7J66a?JAej9-jys50a7{26nsRFSg>tBQCy3o~My3T!l z0}uUa@t+@2w@pCnGBkLc^X0z2{gn_B!IOT)K z^38LOLHU|QqycRi;+w6FypK_1EapK0S_D9VqYQFrB*e`&AF<-pRE(rLF^*((JoS|| z95$|jZ!XxM%MRU_o@|Z}-~Sw6cx(yV(ixIbO+MF6cWNX5kG=Db)1#{Q|NESodD`}# zWRq-q=mZja3pFuFlcIpq6cNR8uU#pEf}&Wi0)iCjRRtowm_}%+gcQ>IZnD|->^^;F z&iVau=9y!l~N6&*<8YApv+ zX0_hwrtIAQ7dw5ee=;C;u?Y_x3xt>*%VGYyt=vCjA!Sh~DCqQnPTxP00~GfWtu^Ik z3F3|&GH1XFJcu+RQ-EAHJo9gT_uFf)`0`hFCjcMjShiv*0Lxb_%&c9z_K5rMec-^d zvWkL`0R&Si+>RcWKm06TIsH<`o_-G3J^V+ubabGFAmTU!WhAvm1{txh1;UOnxMCQ$ zedEjg<Fy?<(s2^rt@!TkiFZ4ehS>@)kyf z##7qZ5c?KNS$MugcnOqS3%VXD8?j|MT2>>RM&j`}I#^hqpQqrag4SCgeTtww9^t1C zJk29NzXy^jG!|NT0=OJ_@&EVD|LW&|Ee`w7X#gC0$iaUJBgVEK)~(;l)}Exni4;*I z0lHX9iBdkk@&a_S!IM~0Vo8G|5n3aqB$dlS-V4Ng^oQ>P=z&?KQJ^aX2>FtWG+KgT1d-B2@l80^WdDBJoVBnK0W0i4%?%g&c2N(@&+s>L0O7?p}?5N7Owit z*=%gxLThIyamyl8C~)hG3uqi%!+FO}Ag4T}vhjsR;1jn6GuLfrUR#IZccV?k+n>4? zba;fYNMs9Cr#;*t!gNPNo=%ztFD zIbg;p3Z#fo=2X#CHio*YF+`jMEtM7Ac>F;;eD*QeQt-(~UgVoE&u2?I2eu^VrD*Tj zKxf|u`Z8@K)2(I`6dsl`ju1W=uwXyOWfdr`(W=ON3G9`mfOHN#qaxDW+zi0Y zx8Cxxh^O}dwG&#sdNtqs&iDD;g`Zsn#11~>kefDb+<3|M?b~X?5l}iS+Mb=uH80NP z7kiK6_~Q;|>T$<#&^~)Htf7|Lvhu*$%V?IP4E@W~K3?A8v;z-k!abw-#eIL~!CM}t zcjd-@Gb)HiqZ~7Na^Jc&Yad>{W_4s}^RTU}SFPG*N%+Vkk6d%iF~__;Yu2pCuekiH zOMo4~AbbUR57*Zyr30-9o4f+cjxub_XNWp=Ccr75Ur&gdGw=+mR8ll;F?1{2vWVCY zKY92WZod9@=uQScU%qY`K61v!jq7jY-{YtNau;8CQQ?pG-t$AtvOeYeO4HRXIy-t; zwYh`FstWoFMwdI|d8AyAzJiCV6xq$K0eb{uPJ);np}D+_!43;L;AW#NWBb*5M`S9g_{NwAn>Z+1$ax4-hSI85IL_WP{ z-P%Vo>9oR;QpckZjZ(J9D8`H*&Q)g}&)DV$PQCUnHtt9oK}>DDFjlm6A<)!SRpO&? zeLp;%Ar*0k$ufk{xLyTXXwn6rExkFCxg6`e`$+jdRZfJem_tJ%!VOQ%q@l5nFP=Dw zj#MYJmabuIcb1d(AIIp%!Ps_;s1>IihrNdmMOik!mXyb%{MU<%*tTgKmz;hSBO0m$ zK($GZBGM-9`P?*bsbPND{ku6bkhS&03vU%%>U+T#8Y@u$bn~7O`AKC0;YZQ?hg)yI zZt@Ao47hDK{N#Fs5Zv&S>-oWzKm3<2R5!F z3l;GiW2mD`^Y5bMEV@L`4EvYL8sLi}0^=#Eb%5On8ckM$SlLKiKTmJIgP{qFU!Qm| zmrNMTZHwOJ!Y5~O;Gi1L+jlGnHr1oa(3$B)3M()i(rBp=+C~ax7+N|=&P0D&pV~!3 zZC5Rv{;9C+XPYfbBZlDp#-b4(d}#@KWfWcQgcO2CF*SbO#jUq}(i~#Lx zuq?{!tIRd`gX@R@>7$jAwAMY{;VX?CH7d7t>&Hid-TJ?HQm@W^HT-<*)~zpIblzuY zzqN4wa|cY=|D0{x+KbBS8YM(wdnYU3Sj;oezRWW(yuu6f7O-IRCc3gY?1V!s5}_(u zLBx&|wIf7r3x%X6R>_ou4q)QZ`?58cWy8|-#&aEk=Xtbm+vY{=$nDAAOdYUgsf8Ng-0AZ!bo>KWY<=im_*1;4neER^qK$r#o3dms=v zP83T>q%dnt3K6i9R3Kd}iAHU1n*K7sy!Lk3xQ)O-LmfErAbIAePW!~1IdeMy4XS^x zoBAL5Sr5M8pL*kk$hN{L-}f&~_VfSI>a5D zxErp^vh`ef)^Xf7V-eG5ETE~OmQNkDCwbQ+8nO7*)34Ls(aUE~IDlcbmH0}9rYu?; zFr=$|VooKFU5*er8sZU#R+cfUrjn7>71YEc2uE`NoTa=me{sPqQ>zrOqz7SNho^4`oRo8mA z-hS)1zjFB%%$xsKcx_+#+usKK`>#B*nH+oVyXWuMuiG#Q5W;a_?@@g3@=tQ|q`gUH zGgQPIDUa2d&8TQ=E=nzKLYkY{_1?Ox{~s_8(@4uE;Z!uQH~0VmAOJ~3K~!KlWq7`% zI%aWVOB06+5euH1Ow2i9qpZRWJyxO2nDBYBN{f`#hF3YKAHhJnnCMT+;Chq40dAa+U0A&pvPK4Y(4ZmbZ{50O+3p13pLBfc)YG{4 zp$E4BD<(}m@V^c_`k2QueSN2Qc6XJR?xPUoUHZ0luzBe!7QFO2&p!1$_dN0x_r3fw z&n;faYb%$ruCtBp**<*bQBXb}g5iyWIc4e*l<(2Z+_zVvx=mNGP$)!_y~&eDj~jd4 zoY}L_1GxI?tC=-x)`0Un@4WNI&7C{g%X&h;!U{P2RVR zrMvc#z9f_BprUF7b~IsHOU1<~g^{2SmrhH&Zbv-ciy9F{Fx_WyMPFzbOA27JC@{f4cXOr~7<>Ij2ElVoC1E|`2EBWtT^DvQ%p zo}fM+qb3%i%yDR}s9>)_doixInLTS8*{i;sLx)y#@Zd(CTep>8zOj@|eOb0<(t*^j zdjBZ8>)~M-z@%lNlWD}ZE)&2@(XJF62QZ=n(Vf;EkS_pm&t3OUe{%Yhp+sFKlcTYr z`pcPI?pMC=YXL&r5hh(SjlM{PubpxjCmk@3_1n9-`r#LO^7Umj*46O+vyY~(GLB^l z*0l9<^OJLkmdE+pClANAER;3^TVePW23k^GHi(*dGiA{_1cIEO!B-x(rKxaY3@(rI z(2T`w-P*}92aaR>s3u-rx1B8;+Bkfl(M%dWjHm^PSd=w8I{C^iPx98XHT?F9Gud-+ z1Hb(18_axjIp6rqWTxythLoER7(Nom7PO^ueDk@t$QHXNLWJEE5o|gX?ZC4xwt_OH zu$3w9@@}5)WYQRBYGVFZAF1|0j>*r%Yx2+BI}_^!!n4l>h{T>NxJK z$y|5gG}7rjS_*0t%~--2FhB3_ocEy{Q~eYgi*0s+5dpHWiQDBwohpZ4M0o`AN@FRBmO60c^O3?1oUTQ`O?_9=zx}KK{vbn9>Rf0Y z-tMsTWjl1IbA0KyesmqB$oF;^4U0Y=wXD6J_d zMK+&D=d#93DoBF1ZryUtC7-{vW6`38yGH>3jN>oUp9()8xA%TMzxw%&i-17@C!KU+ z$BQq%oQp=Brh;3rjo^w#D_0k~lEUpul3u-u&CkBZOJF4U;&Dh=P+mc0O%>X*amr#e zR#jj(*W+cgh}N#aj0b1!s?|CYiRcS2yl|ftE0(SYG8Gk7^z|jV;DQUd`|i8HE`<1+ z)>u*B*W@%l6hc7(MPZl=4tQp)HB_RhY?2Ul57g zyt-l?*Ia))nH6gToPwgEzELPoj@hw&a~Hs4k3Gh}<6%kCUXgy(muKC^?abS}olovl zLEiI26-X@wS}LTH_`Zv_BvDyQBw9;4*M*dA+;-Aod~f!A?q9ePoT7EG;3Fvl2b^go z6?FFnvZ$6ZY_UWL2-G4FtWhcqJbI_7_r`)ZE(R6>G&c`p)QFb-H*DN^i|h6n7*aIC zNtd6^%~yVoldispzpYruq2q?}jgt>!&N~~}cVr{Kx%gy8G}V#G`;<9w|Emk>=}mFi zr13OWL`fF{N6dis01QF%zElL&Myv#7kxD~5lNObUX3FD($P~Kh&3EJZDZ0}xYqqrG z+LD@hgintf$*0B+=i9aAeCxI+cxl;24jwgxB^z6LW&UbXnH)D>eg>1rk6_-qR{k<$ zKI8Um<_nW2lFSqk%0_4(goR^C?pU~*u6*7|X9lx>EqoLB1KoLi4Fw+qhbd7%r4(ce zE_C-oZyG>bmL=}I^AG=V>7|!(#~ru-udLfwUU;4pKQZlzSuelb;48qku*MGMhv%I{ zCg|d}GzuuGaK8U&-i$Yb z^R+Cr(%kUKi)`sm5_h6uGVS4-dRBcz=1!PcDlAXoSH_{K8hmYZ5rWQu6yWuvn$wpy zBW9qfsfnh>CUN&&cYJK(r~PpX_P_f1jp65~pMEM&J~_P};H)#xxbn&A(?|K5+S;m` z(>l94MLu6BBECy9VFe!wDM$h&>19j!dR<}MHb_ze)j+JBew5Y^2FsUm#^jD{1`oYjJxl@O$)2wOVXnPhk3s*PY3<%k2ZE8Xv&_?`*=!IVuFMcM=?t;iPgu%k4m-G9IRx)&~5^uMzCUwqL8 z{P7+WH|ETk(d)Va$g?cYIn$1$rKz5L!Qe$~D;92&I!s3Yf!&{hw7SwpYlMC*jIFQM z1~417c^-!hZs6;O?#ls#YRP#X8o#8g9B%d{ zc7Sp0RHghl>=LM5;{pUBwNVR*V)5kb@9^@XwUkGlVAd}T0Fi(OSrjVzu)BYVGF15G zF&I)4bd?ldQ6f2*GzlS$0oxLQR&YU&jfQeHoDk@GD7N<>|IO)%$M~xEYWo4l&;4Y9SJ3Sz3;CF)+ zT`1&PzI?@@*=+Z##~gk5bAOvLC;Xi~_uTW`T|Sk4efWJoi#NFlI#6yOuIk10lcY1f zy!>vIL^O&Qs9XhxnJA&Dh(y@1qnnGbzl)BS=7H-6J}?Lol?SzM-!`+MuAYDQj#?R(Vm2ZRw%*S5X5Ho+ixEMkWQz6SUiEs zgZAQvADmBJEJ8Y0VCsQ;uxe8WkH5Bpm}3V_2aBxlQd1FQXufXoM!%{7pwCX2+?B)fu08Ekp4cA$;&Xl!UlbNn_=3qre!Etl!+lwqz27BJX>A z=ZwR-^Xq5vxl<44i)T;f6DLk$W>1o|QathIDxRFVmQu6qU z^|YmPr7Nz2>nOCrY!zHs+io2HD9taFHioqY*QJoj!IqLUW^F^mS^tx3^z)Z~A^iN0 z_uR+jU%Kq7=Apx<=W^NOik7-%ErU4qnEmlQ6^u4CmW)vJRVYqtO&rs^96NmwzRIo~ z_yU1nqb_RHNsRiV^0Ba}j5lE6(3^89cO>6CasrQ>c^p{qsmEXB#@834(8Mh(u<+F- zleR#uP!_jIVdR;Megk1#*8Sf@KwSvbJQa$BW3ys&D>wi3H4`I)?`fe7-$5JOVf}%o z+Ikn|zcRvcxdPNBAm*5^5~Ws!)S!e2ErylrqPtSztE^eG=E<9Gx~c2q6hG~c`v&mr zb7n4l{%0>h2;tF>3U}}!2S4}b8*jwAySjBsr#bx4!xDS!wdZNw-QC~ZzN3A7Z+8!U zsg!BCi_k#WgnglC8Z-<$0?P9!FRv^#)Hgig`Cd$GJ)-|P%%4C1Q2`J4Yd4r>lk9_R zj+yHsoHTYjzRDt$O~lsBSQq2u<1S&J;e*M$D)fvmN~|WcE?>L(J~lizGjN$Q!?N=} zd;ZZ6J@DXSJMOTfv*X`B0l4cAcRmjMK)?j;`{4QPXzQdslVfzE+_VG(WU?zD7kY7l{LdKgE-7Ht4j+ulPzE>;QDoXk z7Oml&`(9w}{M8I=Zs5Wb4#W+-7zpT?!jh~@_VW1hO@SC=AOTw}9|Jak?#@742RiN` zni|obNu~pkIyvp5c65Mio}t>>8u9MC%T|2;(l2n=9e4gq*XA|XUdgrB{DiyixRc-A zdUMOY_uT*2h4bf)_`@A{CX`ZExEo2ts4*>!9#oI7TqDa2fjN`J3pQybl%c>0t0Z(4 z$RCG(7dy@P{~iY5J^P>Ow+EtWMUbKCIatyTWOoI=0#7T(*H&}aCy(L2WvjXVl?BY* z)Xwjw9l^+efujLSOMGFZxD`e5?x2ekVi1D3D*{eOkt!<%S{Y4`n2eCiYOZ|XC6cKW zjuSx@>4O7Qe@jfRT_s4xC@X{+8Hs?IXmkuTxGp-EGi%E)0ZWVa$EtWeG$`LS7@dq6 zD@B~BXl$r=wzO_#cLMOga6I_Heee0&?{B@;1za$0a@YR&y3}iLynYApfrd2e)^GT` z-#ho*b9wk-qtD*Z)JR!*IcwLfF&X=iT13`IclRJV+F94$!pbg(mYNJo!KVii~4?H;M%B!#BC)fRi-ADh&+sx06 zE0;%WPl|CB6=>hgwPg|HgG3_mRF=-(O+=kIzVDH7QzRlb?YVB;e6S&g@njcm*WzSB z^pgecuS_QbesFKfRR8@0tq^98y?Hw{RHLO8n49dZXcHbGA8_%Kr4_}`s}J3mPal0C zz3CjFa23R&Q7%6AAbxnyGyKQzr!!;8T24QBPoAB>nm@hzHaHe2pHCjPH`DeTO(tDH z*b0=PMoM7}fy(3cM4bdm`TaJNfg0=D^3lFcStQP}`|ZQxcbB8A2+zE>oC^;>o`Rnu z=k}6!(_~Zz<>x7jI-E16k^BDiH?o-==bdsmqZ?~T<#GsNoc)x58q4O+MXO1s(t$}= zu@Vcevy|Yv(AH(f16w-KmE~YX(7tcLT0)S?<)AH0ltoL+h(|8^{3ShKzv8R^l7%>J z+BBYh_F0~O?iuS_U;pOdQ&0Qk@WqSXp8M4=U$N85DK?mdz;S3C)kGp<8zP8h#x0p# z58Yajh}Gd(5hJ@CxS@vab*W1rxL|Xa@3Z;ustYjS){32TTpb!jp%q2x1y5@{A3neD zcqTM9@Qvr@aKimhbJGcjGj;4xli~=ND$iT?WMMx*m z>+reyzUNuBp`EIVIKD1vd<<|De816%5W(8k0bU_U7y{XF?fapfFRo|0cOgBu=zd9< zoOqsV=Km&97iHxM_qY>|-&Pz8?;ZjCA3Lu7@pT{eS1QXAiSM3!{<)|0|KgXv^d*3B z^9MNR%(L{Mrlzlld8p@c+?UQ_>`@1xH?`qqG=E!JMbuKXcKAHKb|T;U%sE6YftCR? zSAmb9A|B((R~K;0Ef2%SR&$Gl5Y0oHHzl(@M+3Vz|DBFlJYGrzTp#jzw)bWbQW%kx zpc*W4r8OEUBzZqWGP{FRJ{fHGiZwlbrm~O*RsMmr#QLH7OB)r?nL^~ff$FEi%oT}5 z5Sgr@bUIFuXoSt!p#5l$n{U4PdVtHm^yM>!GROpkC8o>J$C?YZi!YJ%~&WEQ#*xg{?afIv|8e zC@7zNPcL-#0chK{S+R8avtPgBtJ#0{8a(Zk(@jV6*=IT9j5Dsd`1}ih*4x*+dHPdN z&)u|X^T5o`5>S?amS&odoy0L;JdM+jpG0fAk45br%-h<{#$*a#xn#Xgw)d{0y>BxG zFC7XU>EeGyfdCO0T?z4z+gR^}7x0yfuY%1n=uH^oMW4Qc%K=T*Jaz6=P8&ap|9t*c zel}+jt`AYmC~jyCzVK1nn6sJlRDm=%0qEHdu?~h#=z!KlEWz)ddV}W|t)`};3{|Yw z|IwqUF%SU%C=|l?7AEsyQr~|{VT_6Lo(IVc1O{K--QBO>ci(;Yo_gx3AFJ3YcW)oN zK2ADuN?G&JVb{Fy%yW+cFOMHT_D^%?zBb~v+l=1Mr_VkoOgFE(`fA>ozwmWCP-dee z$%w{E9)0BJocXo$(8)d)t%);tLzKJbjpDkCFJ(kS0@wA;1Ta{0HSq{@S8U*0H{Fk3 zu|B}TC>?d|RCPtwfp5MxzhmOW19sn>osL0629^HD_rX^b3SJ=PU(x{%Bqa%(fkGmr zjkL@Ls5GqV>@f~#B50@nw_ZTIf;DS{M`-UcK*Ayrp;)X)Q~hYmhILyIxeQo#>9u^{ ze3Ys*_pj5ZkD4)K#w{9cI;mw*4%)kge8DsGVl7b0!xoB|V{^@Cj%Tltg98&H4+=hI zu_#|V?J#b<=p?Eu;;2A8M+<=#fps>DM6{Nuoj_^t?^Df+04<@&d3nYT8p2iQoB`=9 z2*Ee*eTc_jpF_fqQXZ>BYr(BAyv`SId4g5z+GuF3=f5tV#@L#2T-P(_iH(KC^EE%7 zyLce}vd9tF1|K2PdGwYpBMD&Ju%;DSccA;yfzQ3B;JLWlyG=z0qPn`e=gf1?+VZbh zgHQeSNv`S6}_zj;@YxwYIemtoX}fu*V2SoH3cRzV}&vbIUil{Wo9X zci;aUQz!1txVj-s9Ma5?iYO~PliayvHP5cy3d$!+ifyU&w58XQbCcM@F}@AK^jd4f zgBMEu(`2lRxkS!Q;VUng-CF@gQ-__dbipHT+1zm4!TkKBLwS73S}uM1Rl40AiAcm~ zn*?g6fx5owbOvVA!c4P_<6n_2fKM!HG5yVVd2H4@RKy)n%2+yU#YaK<4`{vg$9Vak zdESa^?C%f>1V&}h*9zCoBlQp@FI&p$HEXn1QoQxboBZ(N)4217uW|g$ zd0c(_P#Zixv**t=le*bS|+O*J{! z#r6HbD%nB?=cu&877;4r4MuiW$oGx2D(GNqtx4sxd~4cN=C4`HpZ_+Sj=pZryXn{5 zb?_`&8X9d2w$Ns!yFKuz37dt&{T_#N0Hhho$7-fT|sgI9UUEW9(?e@8UM_+*D`bj8@Fs= z+O%muyY;qPzpJ!{zEpoiqG0%74mS!Qe|oHTT9%jrMkS4h!w~8RY2z}b_Y~RoBto2 zt7&{Pg<^-S)PX5F16sH!Y2hj#0h}^^IK!$dx#X!COu6qR9zSOaqpK673hsNVP1TR1 zFSQ?xFwFXnMQxUE+RktOJQL6Jacm2PGBVKrj0Q*e{3=7)mcsliFl;gFy-7gv-RJXp z$Q97Nsp1{hM;>`(*Q1X<`mu|hyAy!-IZi+GjP_SvdfDsh?6QOHBa%!e^&^ixy1yl* z9yM|#Eh9$!=H*vjx&5VCGq)srdVU9d6*SvdY-aVQcJ>@Ti1Q{N#Qvk2nZ0-|rya2m zJ*fghDx|hh0&K1DJdYpV`y_3zyamZru`m;7o_Wq26Zbx_=SSCH%a49|&F-7BtBpvj zfln#W7_$s!T^Ac&MN+6h<745JXiHKcw4^haqrER<1b|e3x|x1&RaFE_$)Ke#Wze3L z#`bq}dtfChcPcpiP_#}5FfhG&I}B}riVB4G(XL;tS`onV<;w?}Rz#vOcn~RDvN@SX zNT`lD_(Bu0BW5nFG$JDT?x&8#wrvWYB9qIKalNofp|OlsLD1?KN>EkNjBUq^bD6;T3{W#>o8?uB#Y0L1*wIZh#w_o~s`qCL*T>K7R#Nmb47Z}Zhh+|azeE82#9mU~$ z4W~Dk#gYLNLknz6)0)n6@7wEe9feSq;rVML(HhJ-5beF_?lju501MJ7bIm%sVS5)k z9!J;Ilj})Aj}i8gQnLTP`=uAXz4)KD?tb};pO*dbnje)98PvS(*=L_El1&95B4sg} z4;;^F=TGId6AxreeGQ;-J&9vg61S^}Maq!M0FZs7@DEy3T{euEU43k0bFB8negSCs%BEgcls%Xn@+%EH4a`@l|o;r65m;UutKK=L$+{(w+!Sh0v ziwIOOwGMa(f^aRx9gEhEZoYHJ^CUAaWf42@Kd{l-MQAGk-hNn*4n3f~A(T1i0g9Y? zFYLYr>O0 z)z;LVkm~DgdC&AnYr49-^}6-z4+E~Sr2G%tb`J48R|6vJyXCs%Ibv6UNnX zKhWJ5!l;&Zr`qs!0U@mLK4>is&@j-BC?f9#hQX0jK7+~MeA zRXGLi1pwQDe0?8@jZf6EXiuj3_TA62VOuAONW=(2YZ0s!i=tq)?uWfGJbkfKvMov- zqab0|MY&+5KzRsda3^6WAeTebS3`BB`G2K|YE9fPN&zc6`+8BE+o3ZFphpZJE_;&6 zYj%oa8jYRLoOSLi3l=Z<3P?+!VQ{Uf`T|MOQs>#lbKTOCE4b8-7{=72 z4?-&+G+9UG4&|Ea>$;XHEuYkj2+G~!yDPJp^~~poXve1W^HcgPb)U^=eO7M^u}#0@9e=s zP!WwXI1wXaTY;;Y!1s07>aQtpCML=ZCL$D2E(9?E03ZNKL_t(63eq6ik9H;vB~27{ z+6_-Hpam+*Vo|0Yus;*Wj-ot~K-M;vfF3ri*}C`cd%t?| z7e3G8g&%E2Kku!1#S6p`qSAO$64&Qeaj#l_8 zN^RLNs^Wu)I&nj*)GFA#jHZDovO1g4k&{~=EJTM0M-AwL>sAJN(z@k8S8I!(N)DTh(tDn9$W`i zRp7Y@1u<l6Pi*9AoG15y1N#2TwYLJN|h4=Fy`^ zvUcry(>-$)L(ZDQ5KB^Ckj#GZ6;xX{GT^#~HIaq|Z!MuGo1r}7&|jj$!_1~FA&E-K zS8jQjuDMGgTR;Kvcp0aha`M{89(&BQV^O?Ze)r9IpJQ|TwtkhUWN2*#W$`GkS3pP+ zXxy7trI|G=g!D^xsX`*8Vp&Hwu5T(Dd;!BJ62@y9#w`bcZ+2jBZXKe_fNXsv54DYoUaIVXJFBQ_1kPU06=U%=6O zj3%AWP$;-ml{Hfx8)WblG7wYJJ8Ag$qu&ik5`*N?1El3p8y`Z2Q%!qj3xmp&{NT`i zSvhVb-OE`VuM z<-9b#x%NQg|GnJ$orTpzal9r1t8FE5?E+=d2)9i;f(xIX!Re2_zzd(7#-Q?YvThbz zL{L(LcF;l*vEZi1W;1u?X5zL(iRxGS8y}|WFIB*>5;Ev&h(K*y4HyR)Orb`&F1jyQ zEbb^tN)zCF5zo zR}T;0^)trQj_2*IYk2APMLak6HP)?LPd=5w_dSM>7|OY)A4gOOG%gaSSWsbW)0(YH z#JK+P7kKNLSD~vrZ2dRXH$3&&V~>5~)KgFW*r7`QCy#G`_dERJ#-HP6bA&)U$ELQX zg7RpbZa>|x-EAs)jRt82bRrRo%6S@A?MQ~6@>=MD0qE~Js)=9|!$ZxYL{b6J8-I$NDV##BAb$no7M^;g-H-_NP9hO>)n8-vgSG~ z2~uNg@F@T`TDp|mQC@4^&O?jW8k~R%IxtFva%O-SD%Ya`|PK?-hwgW-5&n4wCCDIOzPT{PL@3 z(^6MWGTno1C#WxLArY&_S3VX3tz_6{|G-kd+VK2^4_bOeoH#?P#?hVIK{DOS=&Be` zo_PZIy}gF7z3>K~7(0~D?K6(3ou?zUmb6n#b-W4Njt5n`LaAWfP)v+vKsybF*+N_R z_#`u}sG@#`*v058&?G2!(vT{|*a&Utq$o*VdBh_Y51e{5pPT+FUw-a2?mqPh%B%#Q zUqA{ATMBGja@$|u;)%J-NJJwTWJ*xsf8breG!n3MQMgAKu%RL}y9xtwSgk2D_s`}H z_D1QF$y7gKCEr(Md=Ig$D?Fu9qeiiA-MWu$3>CY#k@r7-cEgQ)?+4#yk3IKZ`R?`WAu3>p%>UhU{;9s+AA(mqTaoz^bLX3e}T@sxri3`=clA$+sr&&E@-#C-3_~%f2X1 zGSFR3i2(ek1u7V`3d^jwgdH)brxaUz(=6}k<<-sGSiPf<&Dji%@i>zP*KzpJIwlOR zr!gME^?V9SA*={dr<^jYl9*kFv?GBUoga2KO08FojYVGP+1|T~f|tP(kzh0F@4_Zf zQV>DmY0YPzoW-)%o`Cls%$AGV?v@R0J zz=;!QEnKi*@<*QeI~GTucw+punRAwAGU-vGXbUrP2xoukRIa*U8VScDol6sUs;IAM zAz~X5B^k{64AruzwD-aPwpM=N4?!>{5LgIuewt)v2bp{q>2)5xXpGgA0tRV5m?TY>Zk+Quz+L)2-ns;=TA69pGMe(!SVf z?k<`Y}&=YJqrWKweUnmG75g6IT)Txt5N}IVG+L*a% zJ2N)zVCMQ(o?o|xdD}X0wWcl>p+4>yMOn*Y@%AJSELk0Dl_PdCoDuJX0SI^RV5i^F z+fPlb$d}(a?rYfE4+Bt~!RB({*f4Pq*mn%yKH&haIA9!E*HmxCKU3^37}Z-D=o%2T zm>8?uW)^Zuc0#PFsinaV}}o7>K;RwHmaGyi3F>X=DpCzl7MdCGN3W$x}LC3}f?y!yClY*_=L#ki#T&#Q{+?FaTDn8lS*}3DR ztgqoCT0~b@H=Eb5Tc6JtT8gQk*lQ%0{pV-+&N(Mw2~FN}i8~cERgK1xk-!x%K;Z{U zkg`Yx{SZ8TlSr0~j%;lFNGAMtGny8haP_D z-Q8FFgCC0*FR05E+#teA28|fT0b@rpv?9h{H7)pB(Vfk(E$gzTE5*|7T|B(xO?o}W zr^XHCO9$=A-gVWyzI7WEJVY#JBumxb+2nWGb_`~W8beL9q^U6aa!?%)#|$BLNyvax zy>mM*Kx^+a8b%Cf>Oo`p;sN97%jeOSC^`%W06Kw^M%EW;s$rolq)=fX6v9Vn%Tz`} z8&DXam4#Lw+JcC-X-?R*>`}()dk!JvDi*hO@$}kOzW&_nl*QtlGQOEJ#tvaOE$0BN~b?KRQzt91KT%&_?-PoJsv85aF z9S=)c_`)DHML_#P`Pgkq`nmiDE{Z{SCX*?uChC%KD>`6wGidN2B9Tb?qpq(_8#e0U zBUxRf%81wONl$tkJ=s(s|rReMNJIwv_&%2itFWrBtfIaE>^!NuGUiZFM?;KlpsjZ7DBitEz<%| zYlc@O`0?Zk{Kw00a%@Wza~7}T{+AbE*&?KSY9a{b8@-GVGXl`MlpO~j0msk8y|73cFp z^&?G-_XfdYbs_))l(j9Pz02@~SFATGb(Q6W5~IT41%xjR3t(q}=g>yjdlb$4jpU{& zhZBp4(!8~3fPySZm{PJR4TEu5C>1NuehO@|UlI~n7Av6OyTqJ&$|BXYRLA(l$iaMi z{}Jp_Rl$<&Jv_dABMaM;6g-bI$Dzz|aHJsXrATLcNV(l8<$=s&%Q>WZ=pTOf``! zIx&dKcpa*!Y^MhT{d6dt_aUl(A&^D;-k?1%11a31rLPtS=^u|)k%*L2@bY-R%jx5X z5syUq){J@hzGA|ldK_uv>OAQ}CwVuEWk+$OjT9C_N|Kp2`tt1vDT7Xm2yJ{z#u#EC z7%x->)S**hXlWftIf~*M5E57U?AuraQu4Ex<}rKDa$Hv%5v1ZsLTh6N6xw+2x&sgz zatZp`^@?C+7^lFflvLO@LTL(suQi?yQbeu5EtvP$(*>K`p)!sbJ{a9tZMp+m5>Y;J zPt()UjsNZ%!xj*N9XmR&S-5cFlON~!xmybOLma1`F>SVGJDW8KJf9g)&t%EE4Me14 z3P$DQsY1vw*Md;+rIwW~+Wl><55Y1jdfQ8eGR` z58H>9s(61(fMA}g!(<}#br1e6Qm{;Wmf&9%Y{P*BvNlz?5kWEmRBMH$Eo#e}s7o|c zoftzjI-ELZ2$M&S;)Y`;am&<$Iep9!dU6GxTCVe;{X54xr%AAM|i@+Y2n{E^Q;|NIfA(JZ05oTEN- zJiof^lemQfuB$+M#GE+Q@uq-U8OZbYV=oZi5794q`R@PjG~wEaDjX-V*sYxTZ4X|7%OY_N4iqr-Em?NP$&Y!Xoc_ z6gs*P={yK1OC*?l?9q{rdko#30DQpXh@%eYkp~}NGHm$Ju4079tlGrg&pt!M7J(dw zk0|P^YZ*4jgfI?NRf#w=maXQ&Kfi3M#2}O(cG%(8nsv)xZ64CX-FM%!`(l5<+_;O=E{~&>q7}Am1Qpmdxxd<2a@~dR-SA$@h=ipHs&V#V-`XnSB_CK1i_^ zf&u$s0izL67FeJ?9~Q2HY}N<^iJ;Z#`=Q}am_H03jHoMT)ZQ(eJ8l?xfuM>O!6s!PG*p!h!4fgF_OXQ|>Xeg645BhIg7U;j z8Y+i#;E-m{-eWkI>^G9rMh~GT?(jzI4xU@Rjg=i4q%>#*bI}9C7pcP!q;ZCi2!ZSS z{AkYGc)mtR8M?KZQHD|ci?ye4@}>=}!ob~6lu7xJ3KIZz!U-o{`|i8%UY{@I)`1XZ z73J-p`RwPGe3&&gbM_29<;1CPfLu0n)~xABh6Il@qmP@!bze9QjW$Z%TA-975~;?r zqM$TJf3hS25sD>+z_@<`?pjl-wu|j{0pKCVP~hb$kqSw*Tp2W`aQpDyazNj(KrzZ#jE^K;@bclrRST!TgXFO zchJZ)NkI|cTO7lrQ)zTZ7rNjAl3XUUV#eQQ+^{5V>wwSROtDwWGF%L+q|IsF(G^mk!&%HVH;l#~hF{9G$6ia=X53TvQJNe&o> zr9wE*tW29ytyqi6hb{typ?k!tRb=%R(8k>p;DTJDGgC4;3NW`1J8yvZoVt>pwmeDF zedK)3UNV!0iP8`(i=imR%OL)c^XGJf4>7}#II`i!9VG!C|e)02D1#?u~Ncuc|Pr4Qi@~*#mC36P~ zj?ZsgRjUG_SlQ3siLDqVhz(lkrv4gP)neKEhjFsAEmpY37*D?oP&ROibqW%x(6B;Y z0{-EwmHhRoNAZdqZs+!`d+CTmM^8jyYy%^S?@l=Sp1bdK)?spqs&*%zwoPYC(otBd ziV4;Th9I+UwpK7Uq@zu7^SvAR=1=a!sKk%#RZ9wSh?|h!*Qu>E#ue_r?cH+&f2jyrxey}{3L zefUFH0I+=d3s$9raG5v2E6!d)E(o(ZY*zJJJQdTTBykqcJD=0Zb}={ z$}>N#pHkGdMP6kv$XW?@cocbJ2<^zt*m@nbX?6`}_QT8>oOJBrT(V>?rFz5RnZzK0 z3no@fCQqDp!JD5^Fxuko1HGPpWm-lSO$$|HH0>hX_2e-B@#qF5=e7K^ zmah{BQuTzM{S|)=IEclq2YZ#O*%+n2uLpp`4?kQsY}jyI7)G3R);T)?zV_9xOu0Ps z=g$Y=r7wMHf0WCgJU%|&_}R~H+;i7&f3q;riEZuX&=J9`K3@E`%Q*k|rPLEcDAuz? zESL~W%w%;hdnYzhPilU2?t;GYwL;TY`47Rowpq(P8#9plTpDyB6f1j(wHrrjv5Zw4 zylur|zH`}`eB!r{@coV3K;e7?tnxYqDjPEyYp@b|BQ2Wqb){RNmg!lS&cafdWCGsv z!V(ZEOIxV8;f}R@{<^#T@Jal=<&%eJyD!qL@Ua%9g#NYy1@GDyco3lx&&W!zZIU<~ zfN{PZ+4Azg*=?qTxLQZ=ABC|}w*T*b-}|n3KAfe~3Ba>hH{5W;`Psc>G~d1UXKdQH zm0XZ{m-?w|Dg-A?lq-DaraOr@J(=CQGiJ=V<^TT2zyIS~-u8~^O+AG5xzAtC%{Tpc z-s;tBvU_;RX)8JR=w+1a4Y&KoA4*pI+}(W{ufm8GazV&lL;Hvu+H;~?B4idZpUD~2 z5@oGIa*?|S0-peQK&aic9T^&hNF4Rk13(Ev?1Dj<)6d@>{{oDOUF$TZRJFG6eKm>y z@3ak?9^6yA0_op5nb}rj9cOeD(BHj~Le$x;uElua9fJ^hvlizs#vH(XMdE~!-=z|}ea!9{m`QZTU+_{ql3l@Cijyvx7z7pUC}Cf45-f%L?+ z);csW9|;AUgx-rmykeuJty-tE z*q{+QS4C-UHK)k;^a4*5)8?@n92{KIdTIX8|M~KJUwF=W@jKu7F24HJF9Y!ShD{uM z!ZDv*w`T315A7aWrW4(AbuILEa^_`caLFZSbM)c!>FH{tfuNM7FRz$Yn8jpVW7UqG z-1+1l&Ym}mqh|I{i4$ULPy}e(V5Gc%@Ux%R0$G|juf)9sUhL!wq*Q&l)@$z?ARExXEfXN z6)RSpvTJA;-~9SFrxSobwsrN@S9AGmUd{F2yYBcvskPb|OSvXLyy0fv@RHN%$%VuM z$|i^?jIrc_Z~gFA*t$Ixa}hD-M>}`yxMq4spWRx&e*NsUIP5-gIj=l-CF9ka*YJ1R z>!~PCR?~ZFRlFkLXr<1&-TRS1O*tr^(y4vA;4fLGk(DG41f?7U0K8prIugPiHutaf zR<>zRdKL@}@TV&e$Ix(B`XP+~03ZNKL_t)p5!zYU8pKs-siwP9h!L!^9O#JZ-bNZw z{Co3y`sqQMN}u+1%%Z0-h|$J@@KS)Fa`8LPWdjcJZojDKH}LF+-Z#g0v6f=D-f z{|DOu{_g(I1PJTfF)c0c;iY9O!~MNO;(v--L4 zbr`}4X|l=8#g|&o7=YR;<6(bvY@?# zns&MiR%z-tbW`DGSUU)7Z$kuK+#f- zK3xme1I>KpYOI@a8!W>U+o&hCOs!6NWH07L-s}Fq4=3?JK$dXJ6pou6i>o<_<79S)o{NkR;9`IUn^ftLG^C+vmHM zvM72A3s^CG1@Ag>B`41xQDDfc2xSE$meKMKc8;&7o|HWxusJWc zKC!X((1ZV!7%31)j&gmR(ee;MIyymloQQM2vy%Rvn1(Ubwc$ILp3Nh}`}wccTWF7b zhsh^wmqT_FRr2^#}L^JY`tdTr(;6 zzdcXB(00IF;9x(jusVS_cKDo;2`En0h>}=?PiAeRk%=N~+nxROF~=P9$g5uUD*Jp0 z{?i?R=diB5_WEs$7BBvGE}#2&qtT$Tcbpq<`VE(zcATHDDkM~Blklbgy~80*W7l$Q z@9MUjHa-4%fRBIt_vgt!22lg<4}0r2>zuXbxKp-gyo~M?T={dpB_3j(w0%@z_c8A}OIz zP3RwQpab{5ZA;bJZ2J3>GY}Y^$hLFAy!rpVWy@y%?t#znuP1%a)*7b`A0jlX%*OF8@4WwZst=wTY8-m2%wa=1hO{f%~f6+<2_ZJUR$O&&+ zc^JdBx@Qz)a^|ZF#ot9^;>`yOYPZ57X1$=0{`JCp^zS z$$6@Iu@JXMZ+@_8&Ez7V zhocUIBbUHYO9+o$M(?t@gabW1K0L{Pt$Bi`+9o3aLtD_vto~(0k_Ryuv4|*CN=-b-=a-b*B~4EYD==EzPB|V%N$5qd zYzBB0T$kM%Cz_%jTH)xUkKViLo_k&v$8mqA=iFX^Tn-CnrAaoaG$d&N(^<wD@j_=5^1_9KeCUoxnN?_G}c(HIpujg*#q%=&+qr%8frMzL-Fe(RrcYZR6C5Yyg9 zWFb<5@}!crKgh@ zMO|X2d!Gq-+e}Fxu$8viJxJIBw+((gr4>RW_B&bD1|j?x5GGN8qp5B5E^U(D2qmD zk2=YBABC!H=b~i+XD%M#pYC4A%YOK4t~ljL&Y3reQ3himF)_oXO;j2q^mfgsO|@f5 zaM}zu>v*IWqzUXi;P&%^QZ_J*6^E$R$Gsqs%I*gdakjtynrKN79JNn*)`vA3qXTAj z6u9P+GkD`qe#4xec8=`pp{k7&c1ke|EzeT`Xd8OsfTAPHv1|l0?)4UPoJxd*khs65mD-DqdoRuQ>~HTBPY;k)Un1A1R;9!&g@qNVJJzGxJ_>) zF3GOckln-Bu?d$v1&YL)HSc-Pdx{_V$Vd3>XFvPAI9I1J0MBu4dVIrqD)0j9+VF$_ zy_Jna`{?Uv=g}=YSiOFWbA9vA?TIIzcpJdg|M`vPKXGjY=zIsOHlaK_Pm<+8K++PNpNu)Cd!dO`xsXlv)VIla8@=%sw_+!Oepm!HkQy!aGO znmfSG@e0>(+{$$uc5%=4eQYmHG9JemYl&2VQj*Ez7lgvgPF;ZvEFpZNoD1g@PAit;o%+oK|(iE z_Plea5(sT|=&sbgK7y;YvwGWt4SWI@_$);UdUOnlV>eA19C-Y~mtHgsaPEuFZ5QFr z@v;5$alZjNa|9fdd^0-l`x&ncdG7?T8zCtj)OE#_YIbunz@6{p z2oYLYij4+K`U-sJg(vXYyB=k@S|d=N9xJ}XqimL>BtFTGa9sNvezTU3TyrbcMuS2w zKwH&h-CzhZKFHHg(GJLPm~tzp9Vj3%hGKVH*0s|f-7lFz(bQ3i2pFTO)vFMO=;2Y= zKMG*OFqHGpKmP~aUER{!!DIIbcK0yUot8qFi$>n}u6O?wc-{p6=@GzlTp#}Mhk5af zU(DHOo%7=DPi|iXVD?W?T{w$BJL^Qg{_|gR*DvqIZr=@HyE?mM!^RCKU3~GywauG1 zPjBEeTqm7$k_-(EfpAx;RCMRoteJfLlW*my`7^0E8m=|n;!KuVg-Qy76O>qTp<++D z&PVQi0Hd01e@DBs&wLEfIy`^M;fk~Q-8%t=HaO)d3P&&D11~w551zJ?<$YaD>IR9? z1fsmNogp?*OBys1O=2whK(V-|onvP8a`Zqi^E=xKLSdpFGgPcGTxl>?tr03kqypN* z2<@=|BEHcp(2?t>yD&f?3Vaoxngdz!3V~Vp_047R?R@Vs5U7w!JjuR^&0g|avJpdb zPuyHs8$)j)$1k?+?0j<9{l=J6v#T?!pYGFFa^*Y!guj3J*>rd0sa6|apTi|9#%OY3 zfr0MDbQT8P$Vh3=p?CL?%5)T(;!5I0bDU96Dj{LXMFrZUe(F}3-vJjcn?pIaeEGf& zY#N>5#JMx+&j-}BOR#G3B$dWEiAl%>1ym5CtU`M!W#^tqQ*PQy<}WZ(-o-?D4-$B@ zDDSrDfS`W-W90y@eY2y`91kfJ(19RRv8a0^mKtSMAnkG zmdHAFO|eZZN}AWBgt77@Nh5am;$xdr4+-h&>iPGzYuCI!muvfnMx*XJhl}SrHo*FA zPA>rL$`wbA|IfAGd(UfM`&!nlS@XO(TcyM_C< z?BJmdThV*QvYd9w(j|Ai_dV}PZoc{E>CHQY^}quU*waosZRhUYL!jJFLoWQ?nXDaRKXoHZ=~09cbmrjL z!&rFAa{lMfU&Nb_Swe>qYFZOmoD{2=Or|tFoQ<^@ZAi4H9&7521QA1bAz(>&7sn6u zbJqMB968v-oUSf*7i&B|T4K%qF-nQX29|v2(|e;R)<@Vix|Th~tu&HRLJ2^H80CRo z;M(t^FeKm=0aF=xD~g&avuEsatVuk=UuEVi$_ioxtsL6CGZ*sYM49*f;!#HZXc)BXZx0x*#DlszR0D$?nHjX&*1swoks7AC-j?IGq;@QkT|0KTk zu{ZK(XRRPnLZhB|=7H0qGuF@+^)jdD1r(xwtky2*nikImnjG}j|Ivz>Xz^&U7y=d0 zSC~Uj`%(&Ffj?V5k8fUlDtjiXTz2g(+_iIz!F(G53L}cdXvXTh*g3YI;nEHo)CeW= zltPo~E?|W)2rv?}e{wsMl|2yJZ2zp0Oa#js$?{p33)_~C)l`utunuz}A$8s0b;m4W zs8r*I4Lj(|w`FEPiX2wC0Nc?PQLfhc;5EPE=KD6H0zsuCh~GIkJ9sWVwfI*pl9dW& zAVg8C*BGB1!{qW$+v?9Sxqb|yM5xCxwQ|LoPVE~-jZOmCd_GSu7yb&|XvSr}9zQfX z29qT}4O8;a!;dZixc1s>pI2w=GzQ=~uD8GK?R@iF-zcp-W(AL}UV{OuYqxRLcYn&J zEkiKkWq(D<>eZ{SS-pC7aeCJdaSrGzt(gwlZei(M{^4zxVPhxglWH$1QN9H#erD(o z@Dwno6eEp<8=u(a4k{&HYzHR}WYnR&DQs#Uq)kRGcXM)Y3p}Tvi_SffFJ5{wZIY)P z$4KZANg}So@!WQ8%>k)-vpZqD3ZM9(l^*s5rD$uj%x>?aW)doK%y6y2&e1wy7%|wD zqdg31lMrJQN|ilSYWoRQfv)y`I--6;l_w?j8QVZf=mUe7PF4}x)Y&(&8Bs~56K_)c zWB;8>34w)36cufF&o3XPRGWk_?+^1Jv#v!6QEV72CK%;;;7^x_D=2Kr|X4iS7yTA+~cWnR$3Nbw1zeS~kn;!M8&z!SXjr@!G%$1UZZ zCoZQTikcWg9br|2vC2+L_5E~4y>zzCA|Do9f{AOxmm8yuPVOWz9=vKK3+_s}u}-Gp z4;X8_-arZuI8gP^z3b3A)jUOxNLfC0_DWv;%4P;BQz{;hfVMy$#j4#SY~MQpxuDr9Y^^vBr3K)7<*8zxYq>h@ z_k4Sfzx>k|@!qqJ!T^;xaY4lcvaH}mOT^D&r71^D3pXE!-zKZ%OlG{2zT>KKE&0wU zPfxCmq^pBsJ!XHo%5Gan&~%0lsMV2Epel@%N{ll^KI*1D*GpT}Nf_ikiBB@+L~S)A zrR~&{idVBs+srPIsMLtX8kB?}hOgeYkq3tMB2k+M5e7KgpUO1!XHGaR_7vIwv?12C z=*|n6z57x?Exmm`^>fcY=juwSx-{*>t3`9T{I6clM_>P9I--D5&CPJF62vy8d%N<3 z%;;X|QXgfUxRQ~UaAaDVq=yC$QKW>77!?Y$dJku;+Q~$1hceU5`zkmoJ;VtF_g5vhR?~pv`3}UpxUTA zbcvC~Apo((7kxzLS- z+{`;bjHPa>6zgM@YNOP3g-knFjQeC(dw7M)^!G)Y41!c?&$fOU$*7?z7}JWzC_m~@ z!bq*kE00{n(w=U<@$hE)+uNx$V*cd^_wavie27|-&>l)kutedSV9zf6PfY~Ue<~%E z%4J3-CoxG4)@*^;U~|z^)i+x@FzE;Ygi@vKIQ*H5`6o9Q;w#+9DDTggi2T4#WXAfjRFd-t1x4q@9 z(;Iha>un$xS)jeQlMj91^~~<=h5*`vfVMECGs@AK&(V>~kyDC54A{s8DdQa30$@+6 z%!51jW>PiyL(rPk-R)^Ke_PGYTNVAXz}?bCND{ts!D+nu=tU$t$)s^(bQaL8I2%@M zit`HFb3lt(oOHfxcZOu@#7XY0BmaU9bgbuiE|n}t1tESu58v4dUA z?u;0(mU(FRem3qav%lQHs)V|pWTdo}p^-HVPi$eVyo>SjkQ;Sa>+F=VPDa(Y{zVzI zh0aK^tvJDlZhz46>J=>snwM@PAWWdW7JHty92B{I;Qng`5-1oh!ek{&7am)`E;l|l z)&*FU;&WenH*dZ46s(P%F_HiI01qz2GSI!4p28d;aU%(olUhcTI_x!(_s=4Lxu+ki zbjH88xXw>|u7|$1SyVOTBgMzgTFKQHoy0dE+{BxHyoz#c$SG+8E0r_VQOZYHk<4n? zT8mEiucdROd=+e4lF5uC<0&uJreZ$M6iSRm5uniC!P3p)i*dr=p7a7%4UKZ+V^8qj zZ~TIrAKr{8ji|sYZfciDIQ`S#Z|?KE`)O`&?G{jY-~Ztd;L4AF41l(%y`}5q6ej!n`k6Iz@YfID zcfWbQ9bh_rCY>#V>x5Bac|Ve*MOc7OdF5Zs_kojCH`BN;UJ&Sg>f3+PHBY z-}?5yPjB8cssw^mgk@fe8h`xGa4`3)F+hCTD`8{N&dvKL3*Ac*W847%SJB z4sgCwH>t+G2PZj6_2&FiEY0_kv9)|v=jnFFrk(<>^Pr4!ZFp-Ps@fP2O4Rgp%w?c^ zDayJeAu*bUuF%&QWqxOsnk_RlSz%AD&XeUb1MLO+^8tmNVzM^m+WIQzk5r9#mA-Ul zubdk$Q2^r=!<&A3H|1&qxs;2pJ+Iwi9gMQ%D+yuZ-mCI^k~$tXKX}vK(26BA0Sy7R zY;VcDpjvT4KwVw!^3`iT#`!Njk+I>T3r5N~kfpUGVhL@;K<6Sl^E0#el{)pgF;42* zcL2bTr|057?M;Dz4PD?(brB@RN+`r6XbC9CF_#`bkE34K&0BA}o7aB-PQG-}DJ<)6 zCy5ot8r-Ka**)Yo-ThMuB-R@ywV>@&4Gimzq+Ej_ZI3tE7?RQreFwmSG)%YUHP;uv_(cFVZhE|t9@jG1>jY)M z`ARn&y(v&ipMJ_It2b_3H@$JsxRt5_^%*c90qo0P{bIS|@BfU_c##z|yAb*)C3WhF zW}=?3r(9>-#3c9Zs4_HBrY#CNW>z2PESSlX{%({Ne!6)lHi;n$pQirc>5~9C_(5;6 zu9a+J{$j-o_>&_RGf`?}%mVR;TJ~G4J-}$NHMlfg^bWK;ZC3f|L78F#6viekVrdSE z-r3eqfA<1N)%65IC4{P*j$9{+Nl0{s?tGDIGET8xVzg4FoCs}^akzsZ#8~6H5GZFu zV4HL}BTike8f)Hr`-AKlsUf+bX}Xlk#(H^Vsm6p2jSe769A!(;xPFKOrWuR}a*{C( zOa$!M14B*U_9#;H4fHT)?jRrf^jkUY%#}=zlu!z^ae>L8-RH1|e4&f3j@eifdtoTm z(!w#nQwdTIMZrb{G2S3b9H(FTjzWk~tc_umCG@{?vf5yNPl0Ry^c=3d?Gave!ySC` zykmLA5esM-XC~%s98`9Hq(RnVGyR7t*2}&tkk0zkgi&N_GLvazT2R)h{`u%fdoE&l zvdndNuIJu|H(|RASX(DZ1oJy<_}`x%S?duNso_p~HMC)*I6re@yC@PH#<#HLxwP81JgK`zX_H_5ko+pRqFI#pvPdu@yS@fH! zS&LGtbioA|m6|&z001BWNklldj@}V z^5G;#J7oI-2VzFKno>QCQZJnx~_OiNe45G6cy+TM()NO-uEyk9L1e>?AXz3h|Kjlb{ zICdF}7R+M);@J$&>ZhIyxc%{+v`50>{hjpZ+o>f94Q)ZW;8w4Xvv+a>{T+)5RSs(# zKKut{zRG{7Hb+MpIEbmt=e`QnrK*ZVf|{+~ajag!hn3Ny>>(kaOKcidzqYY^L-0r#UjO0iA1|(HU-KuR&4q{bhRU4t|<&; zyuxRC=4J`8X5aX@>w1(bux*GYQdhom;iWH&fAr()ro64doeSBAI{x_M;~Q_h@kghf zb{hBGbI)`FFuk6-?!R}{oLa3G0@z%H^mJxQSy&4?Ne_Pu@Sb!F_sjyF z-<;Y9hQV0_@`*3JiztdPae@gHfpH~`CGf3nP$q>nY5LmooH{SZSqlc)GG64fcRk8? zAN!5#_{!7T-aNZ^n`k5q`Sc4{GFXTx$JXiCDRt0q7bPuVzx2GeEw-*{HRr)x*7N91 z3N&VB!jk7K}hW_G9+uxWj!pXG4uc>gxomwV0|l z^mi9H>!<~sb;MkboBdjrykG%g6k>IPv4V~hj6mKRPMy=oqkG5r?qfUYiXvXJY$kJi za!&8X3W+2XDq|x8l z1SNT5tTTykw>&_l(clwjtz4A(QZUoSBeiVx(8r7Oh_P6bTS^`)*XU-fs z?d&sG|M2?j;sf8??Afzd1IM_xDe}Mr5A*}i>)=0~06fQ4snmk31=ZJ$Rmwf6;OKvr zDYTgB;Q#yA`LBNwxBd689<*X+Mq$W1-gP-guUJgAUib4;gBCY;4@@e)<8;=QRZeeS zG?eS00~>h6*`kF&N%T1Rt1zR zyO}8O!v+CiDnOIPYwJ1YP83Mc^yNaXUB8ph-SLQ<(_$U>Dpkfy4TMn8NRY(2_$63u zVh|OAHfYfp6oGc1Yi4%`D~?~p87mfW{9$vM)6<1EP_vqPwNBhf#orAC;^7&BR&dh1 zK8~9^gH^kR`PxHI(3i_`!Lr#b=#cg^RNJNAc22?exQ z@3RPXU1PGig;IUgq2+B_ZKv8k3PbEbcvi75uJf9s79kSw!CM|=vfkj+=bhjTl5FfD zjR}GBdJ{|?0azzF(o77@R8~MX22f2c04vb06vM?jpZoa(-1^8Sx^j5}5v+=^HbD>) z5fq7Y&dx?A&-_`MI(~qOVv(`QN!P}29kW>Lp3{lROh(-*pe+wkkWJ(y?E<83mH zh9@Q+aJ5*5q5aw8TCZ2X@x$xC|Lsd&{xWX*@lOsM^Q5s*F2DTpTduqAx<88Zb~*ug zmg}P*`S8r|U3dLUo_J!5JB)kVy?BL5hf0Y3gM^wtn)N5IxV-(5yB_?3C^^9zYtO&v zRQZc{TtXZ>vlNX3Z#i(Ev!)gAO>dR;b3F09c_&+H#qzDy8;NTT$mN&{;Xg2wZv9TPiTi*KmQ_sYM+(}kpRg7pS zC)`;Wpu24@R>v8ZptUh=t+|~L&Qp%K_!lz9IS3emLKO19 zj}P$=w?Ex9;|qP0yhiN+>|*}d(oSU7{zmM`GA!v-1X z?Qs0>*f3J6xWH*Ve_g~m)G61EFrqv#4yv($XkIvf2B*y#;J#hM{9xlwYFcyNqM4jI ze~^w`o^qqX-pNh$w9lrmeIAkI-M!Qr(9#jlQ!;}Vvm`m-kNxEfC7_`zj92zhs_#de z1o4P|t5T;*Ltw=5=S5>B0UHvCP;6*kb;Mi>k>UeCe}H<@;8QO;k-UnCeMct?_P*P4 zAWq@wa0|B8{#Gne7@!T@x@J57aocLP?jNV8Esr8}$%F3{fs@-!te{1qG8WAN`|>-2 zf8f#mrCN=NVu@~BTnDZw8=DOCfQH+SyHb=O^Y(dCz4&h^({Kb-(fuY<2g*Q}l^ ziqo@)ptB=A;T_;63OyiDKf77kAKB{e?&hw$?xb8UU1*H8^B2#NPk;Gc2m!H9Tq_fo zU>PrY>d@|K#qHapVx1$P2$6!JQkkD_*a5karZ@W2uwRt{Z9T=w(iD03EqLF8b^a!n zIb9vR^TZ>auDcOuf$P!D0D+Yzb5J}VTc(1wvU%-+0lP)$$JzC^h@_+mgSAe;Mj0a2 z&Ww(Qh)ui#ViQT2P7>Vy>5LlYUM^v{w4H`d2qeU0T?J1s%Q6?Y?`^q&Tet4zlea%Y z%>se%Fr?-~n5L$JH4r?4=q{GOJ@Tg?vBS#AJ#AX^DQ2MA7)b>t@;RdyH5DC7=UFYFjCmM$tC*{zaj` z&UT9Cz400k7^k%_SO>a9QHeDdFP%sKpGLgn$M>Oln14L~gbahB{E-sal+Y@m62ydF z?aw8@jsoc!Bkr!mcnV=}A!2B<#+QF~A9rooMXU|og;cpwd)z_bl{BrxBX}+DOuQ;Z zJouzGbCnR8GM)&-kXoEDIx$YEQgIb~;2k)p1b+)*h~2pt_769=z0eLF9Y`2rO)@2! zPBjA)ZJ3-aIwP*3y|8yAyPC6R&pJs&^ann81^@JqS3l*^4@CY=so>u`I=eo4XsnO_ zx7V}|z_VOCw(pe5$)dk)72;jXoCKA40~9r-s(aI$-ZZ^&2U#yX?>r_aC#lvdS?9I7^Bh+57rr9=kEne%i0E|Vnb_qsyU^*ndRZT13G&q}< zx~f&Xy|qde-)6Q((bqATAPijqv&|N%YmZ8XIlybgJENZ*`-@wtHYT0zEhcMr7-B>@ zJJ?i@zK|0h-aW!cfAugEN#doHTdUro~(!>}PmAav~Bjf`wJDG3&?ZsSv z=8+8cb|OHn-XO{N`>ob7$|Zd&z4pH9M3 z21a3(a&I#O`vp#r$NOId1WqeJluPPth(Qx7=*>s`YV8i*__d$#^VLsc5b{CL)NM$^ zxis(n6x-1Ii%F4j4?_Tm3Q)BMtlc)H=O$h4 zzWwh!5dtS(jSaj8K%gj&PY@?DH0sD>+p@mb8E2fqrj3t3IDg@Sg9d+q*d%-MZMi!) zZrt!6e=Na&IsteNt5UC$Bsv??W-^v3MJG^@cZl;Kpz!85z4=quTyxFz#vQP_+B&)8 z_S-r2^wUhKRCHj;kGz2uCmv3vTtwmh*nO30TjW2pO4`qzo1Iv}D9uDwbMxk%Gy-wW zuGUt*9Qb8j>pHco&D40(;2a<(ZHw2L-`l~T9krN1LfS-;lK>Ssdsv%-^o;8UDHNiV z^O#ruXbr^E-~8Vji@|uU|7MU74{a2Wj5dCz>!?%~LqbQskIwuItW_;yEcT$I1gEg( zx&forolMmBp*$=?*#I3{uL-ZvMxng`P-hf!_pbfC?WPAAtJIyb$`nULX$3G~O@K52 zNw5-OHS|S_zc_6f|NV{&`SWvLfC``zyC7{b?tOV1ViEV{-i>y@&NdS=KUBby;KY6+ z@CvG!MTg(aLa4XW=0|4W!L|fe|>N>_1KWh31h|W3{5-^ zTDycrLYJ(G>t5i^lG0MuTIK6qH_jL-?_g-`F(;WEh${#LP(tFtnwf|XO%SMiEi=XD z*R%xDYOFbZ&I~?t-m!fBzKvYJeu$o2gc0p5i!mf5p30XdkC7kmYgF?$5{M>J0ppbh zpZwYVyz|=I87pf#^HGZwFIi~+-2;7m@NYhY<^ZOPh!AVd(Ek1Gn;4t&xu%S@l)GcK ze>TkKolfbz8A<&7Hj}DBpee-5uwje?B{( z-0`#@r?Z1`8;9hs3Wes+j7bpL4p9=mV;siV{CBy zuYPs%^sY@^r=Na0t5&U|r>*<^dsp340}7{}y^`0z_2txRbx>hTyL&1+xV6358tD9F zm{0=l*|(oZ_KbLiJmXu$>S+%&(m6IN^R~yP`uBd8tu$5(qd|jD-2MOy`+GR7zni5! z9n9-)qdUrx3mkvFW)d2SA3JC>#X7ht4&?CwO0v4Ywdl%}Uk~z`t+hnb#?0;oo=)ey z*{!uttH_pi5lW3w#!5TfeQFd|G$DpSYmgikP2k5K?V<3)jYE9=_D88E2@*xVOQH^Z z@n#1gNv#9}h!f5^d_M0y;|Pvl*h@nT6O}kKUU51D@)VRs>gix1)9JT1AqsMYDo+#^ z$b|)RK?hM#AP6Fq1c0J5Ka)~*AEWg>Xk8_+0hQR2Q^FU{JC;>PjPsTI)^Y2W-Mr(( zWn8dika{x0&haWUyB5)w@AZkG?*?H!?ybc>8qH*VjPc428gUgRfkU^;R7E=_O$Riiv%rE_og)!tVV5HW%fjySwZC!y_Y= z+ittzWsvbn?#yfY>6wQA(smMSCrQmOViRGRRd$Jy*qL8x}4f3L;b2(}L4CZyWFv!_K^-pr^)?KV0 zDYCy(C6tgk?QL}Cgj^ILR?t>qQZpalkw`n}(%N9nBwwcPoK)K zK3JBcsGBPLicdJ;8&1j1f&ZMXZ&OqV3W4zB&HMQDovSHn15sS?Yv(Z-g%$=)we5Asu3kK-O38U5h zKujU(^U0b<5oPh&UZ3 z#A(|4PRzLrX0fAG=l?#ifpeG6Wv~zu8#e+GtiOiMc75v7*qv8w-CyPtKe?Ch-m{*G zQiJv|@cIHNF2?%b>8_*lGj{PAX|t=OG611?hDv%11j>zMilq|!Mn>GMKQ-I(uPbuE z{gQP~y)NKmTaZ#^>Wz?(V97jKI2$DJiKRuXB2q$9EK%M!;$COnmQ?gdw9)rpcG1P} zTf1R>{JYMf_rL!NuD<&7BLG)@;*;EQ=k0$qXRu6%@@KdH^E=<|`ozaS_Fvn!ZGAa_ zI&2YU`2vU&kkGZN_Km{B8$la8qko1RckJGzuc-0mkZt#>M1xZ3zTf`fV zJ)GAbxsci29Yi8n?YQ2F6)HNW8XIbj2K%aYHjR{6H!{f+#WJO89kG^W{oR~6dj`kM z>St+J8$sl%)I@8qWR{MOnxDy}6`2UiG!+BWz+sG`w_`RldX{427*Wbw5_ntVDRKwR z3QMbm{o_wis*j-p!Dw;qcICiyqCyNYSVdK~pl~`ieaWTp}^jR;(96Y7UPpf}9fS!@zJA`J(p!MEH zVFTw@C?bRbyy}O)Wo9noD;J;SFdcvr4@6Ze6OU>O6a^nNjrba^UdmI)tpjN9fJTgMLTJuSbr$x7l6df4+ z(~e3c*o`~j@h7LYfB<^C;OrCN=%o&boA~=#8`={?W%~}KkzjTV!J4gr*dP$O>}7xQ ziy!^)e=nGhR?`W<|6jZJF@aB63)0hrJ?*F_CshTYHQeE4mM%W* z*AG4NVEQ0ftd(VlE&J`{ z-~1@1e;pu%Pz=}@JKzd#vL)M+Wp%Bj-PQJX_tu#?=ljPwGk5MvPT-g12_`$wvyUIi z+TA;I=g#Nzd4JxeT=s4LJE3LV&(S(ZzUH;}AQn`+-j(DK@3gcCT2HDzpqnv{~PkVp>{ipg@B zk+RRh$yxSI%rICekwUPbG0T$13`<)ZS&+++^*lT&Y;%D%@6oOykO_#?HUYLscq+}J zwv8YZQVM5;BITTZg83!|jhSQ>r3U z%E|*x$`Rj0tZJwYozDND8qnU9;pVH(=DbCnjF&2P1s}J+7eZh{w_=ed!68h#XJ~R> zE1j)t$f^dyFpPcsnd5{Ptv&)_?BFb-XkLTzBsvTkFAgwU8X_>E{fug8^gJrs=dbR0 ziaYiVa_xnidBwU#1cWGZbTqG^G24#s7nv;dGgBNzdd}m(h&USAmrpv33O}3=knm9a;k9#58(% z3<_n;ub+azDmgmZTke~foWA&lFS?RDesu-GM+QcD%@6NGDCt#pd~5zgvKroAmE(2#A%XdOSO zBjSK?!9ZFV8_b8Tkd$6@nQu$kGY|% za|juB+6%4ZZ%Ipz&t7pVr*=0}sJIC~df$wx?@nT*qTZk1m;fOZZP~?iG%iAlEZX?B z6;1r_IR;WU=6Jph(QA;DgFI8kqvR{2?)Q15q`(t~Z$EvA8z0)mrAxZF?xK_EZb(xO zp*hn*u{ukjZ5pASj74nGn-Fu(C6&b2$cSfqy#9K=0r;;wytLXKR>Knv2wEE9tP_zkg_fb6kUR+o2H=^#x`(I)^x|$P`!GHU zVA83SsQUiz^?R~;^Qk=f)m^};Nx*OlZ|9az}h)o$4O>Fla(3Xc-KSRv-gPgV!+A&OgLvEt}(i;y(*Y;$Z1O#aMNX{v9zVhLiA=% zQegaY64Tn81UVB0=FFXdoQs|iAW?+c5F!Y5NHGW)E|wUYtuk5i>Byy7($c`%wnkD) zqP3lVGL5(eQ`4CMkv8-X@Zgb9xL23k;QOLUTHn+C23Ev zYkZn_-LZ{Bg{qtOO?}(y!hw*X)v!m`SZJCAeCCQXc;4bpd>vSFqO=Z#R;&MPQ8Knc zGDe}P;E6QdE$eAax4ImA?OtOfnF|ocJMI&#)&OW52`$7isu688rD~pu(qXFMEZPW^ zft=^DeRz`h{9+rPF?{~2vsu~JNWrh7@a)tnt%b61O`7%oaC9m$r_Z08GAVu=8)|#L zh7f6#W&R6^XB1j!Uh#tmS=HIhS1v!DvOBkLJ=VvU9(;{4JRGBFhDVHk*K@g)$_LkR)l@s;QzmWER67KV8>^;L1 z`(ol=cXyY#;QR~z_@}qs{?%%=(g+|$8Px8*xmQs^KyYSRH}k}5woPj-Q=$0UC@eH&<>@l zh1=R%F{iFZtXu?(7r^&PF{xkaO9u((REo!jC;0MXyQl~fMNY^2^mx)YZha7WH3Wk5 zR(JEIKRk;C=?45TaQgXZ;z>N@h~#wg7-FJv5w^nA_tz%k7H9!Nxquzpkw_`Yr966b zIZkM6Vnb&$#uyGy&vHlKAVY-;LKzk`WJn2#C$nT!mXt`jMkZ=vY}4f7QjCQqS5?Cb zqxrpP?ZjOoz_`d@BP3EN0;5q1^5rUTzjG`5CkyUj9T_MQgH|>(K6(RGO)BYE`Lokk z^JkluTUc6HZN9K5Hb#k>xliH?XZE83L`Yg>Skk_kT)G8AV9kppHjF6o=o0@t^3<9d!(A%2h$~6nQt8avxAK%BhOL|z*+DthNES*Gy^pwkM zpjP~A#0B?zguBOdt?--QJb1_;@LY4Mg}_5%LTftIkV>(xyNOTT`y}VA=wWoG=g*4D z001BWNkl?ylcU<$X5~I3vGI~ngn?$N zP-1v`hMCzC)gZL*SH$j*z8nz{k&yf))=*YT>6%I<5r>B0z<|9nQV36ZU)=V@6Mv(% z{veP>DOlbEs}@^>A8ic-M6rxHGJ?n#Fgy1{Xl+2-+FEZoIyCf!`N}lk0Q{F9Z+Y9B zx#?4XyW_+YPrPJwY;*<27>Z>fCT9_y?N+uT3_^#P#;j$rF7HJw>xFa{0{hTbU2T}5 zF@$eNvo&i^c=yEk#HX(M!zJ}LL*z;_rX$ebn55l+aD%drr$^;pn=y9x?_&szrne!>3GJ<% z*3(Xi=IPN{9_k-sAYY&y&QcA=FeVQ&z(|EBJd`7!X@_t~6rl+jp4m$^m?bK++BHnp zMb}Ql>9n9!uJXn^w(|7AIAkQkq(J!8$pVrD1A)DVji9$N%~?x&c<TD|Ye!v&{D}DVME9C;jcP3IFmp^N ze!~Vp7+kWXa%&yC#!x7P(5!B4;qjpf>kshg0s6-Z$eia2yT+3$<|Ih>dyj1Zl4}TO zN+c2{TfSkkRA6|vNU2h>?~|wOhf=C~4+tp}0ufnvP3+%kckLv|G)zvyll!ALUvzdX z*fu#i`Qq!Y`^X>u>emmv+8CqAWe_VC!HR{oW*37w&<~XWcJ;yZEP!ZfZt>4K_ngn~ z-@pHv`RX*^0Q{F9TONIk4I4JFbLY-)wzsz~4XXZW+89HrEEt`Hl!B%lq*6%jU`#xl z2qv*CvQS_=1!)Dt6Mzu;nSAiZ*S~(pcfR{izcam!3g`C#Zy>%_nzcdJ{YAiCD&TjA=>~vXV$w)5+|1S(}jThC?JIR@4;* z<%o5G2H)A-_BLhM*xAbJ_C~bOJTsc-fg__lIXntFPiLx#)@3R>M9DOsw2i06FgmlB zf4Q1cDIfBi8wX8o$mrSebOI~T02 z6iX)?fxWRuCSY_L{LmJ8Ygq+Tv#@^vQSza!#XdK(X&9XZKR`lyXk;WmJw5$L-5_ z3-nE_ovv#P;cw^Q^r-`;VM zAMPEbG3B$ksYGsDyS$XACE!b2pGlbFdZ6+)E>L&defc#8Xvj5?jav)VPP z)&wMFTYdm|ylm4lK6&XTUbJQ@9jP?Alw@gRj*fJShmMZ%qdon!Wm2qZZA55AVEh`< zPt;KhP{z>Hej*vK8EvY_h}tM>Z?s5ElXWOetdOX~6l~vxhf<1)&NDH4n6biP%KnsH zI0#ikW@JdjoUo3=g3t(*fXi1c#7M!X?t6-CF3ow1yQv0M%jqx)%iM%g!@jr9f;aK9 zqS9-pc~g@?x_=jQ0VCq7&=_gq|JGcZ!I=QmKr6oze|`5;eD0ndJTWj%F_3n6kbu_i z{*ef!QQAuOgbCxxUdGFXr~$BVf|3#`CFMeq(oEhuD~H;e8%g_pO1L&$T5_#OqHH2r z_~TB^B3-r46Ql=~GCcM)6v}`wjg5_R;lhPyfBl=^*alDus;`=wnqCV)b0c!iQcO=L z5F*L}42-~R1-9&n?je2ZDW}QpJGNg9%oqRP;+Q7^{wE!s-Cc~0jB?(&XFvMTLyvDZ z1nIhwq*j9B$aItT;DXJNZnV1hr*^^Mm?KP?FKWzN-u13`@ppgs+>H@_%NzfaFMRoC z`;ZaRgf_@reC>NTu=;r?v7>L4(Mp*k`683EK84W7QS$q2M+?n4MO!NC zqI8;-Xc{*Ny&3EiO2kT!rR%F_K0{p7A)nz9Fk5 zO2BRVNBHc+yXbDo^1d@q;NmM7Hamjkqe@O+J%+lla_{0J+hboyLG<}Pl)#H z?sW()9idSmj7DnB$%{L=?!0xJ(z}3i)h9@*C;$&hLmHl$EbxuT4`Muc{mCm?)z(NQ z2yIxA7OoG{vD_=`wX(QJt*Rb9WTR5&|J%5ap;H+GnaTz;yX2 z+C(@~#0#jQNLq?H;yh-9=n;+dpwcuNH(J||VGyFx{ z`&S}R!k~=R^GjnVd?B0xlOqLU44%8DeyPOF*cjzPnU1!0T5^pxvC&_t$ z+DcWc+Qd=T!~s;H{mg|h8ee5&Ybmr8V{LEaZ%;b=QShWPRag`;v92&4rRz{G`X1-M}m;dzl z;kp=OyyYvF%^W^-BnyZa|Iww~^o0+AUqMRCtPXWR#TX`vCH7Ag*gKhL@8k^6jLk4o zEYqD$b5d6u=PmDIb5AGB8q*+C_@PfOtw`-G-j@(i@8kg2q=MfR}II+AYB61o> zN)$TLXnB-^S;nXLQS>KKDjWZn`bS@aP0H~%3c}e#r=;YD2X^pJPaWZJuh`5>Pgq1T z2%SHUK!w73FgYV0NOA>8@B!=}qGZWPN*JRC(%>11@?ff1<>&hbx#f`q>>rtMk=Dma z7j*F_wTC3BBkjWO8Hp`tq;J$?ru^_*(>Gl!O$2&Y|^GN zn!s4jP1Q+ijWPII*FHnq@@tHVK63^_A9nADJ^iuE_3~vazi{aA!M7z(MM`;x*5(Q& zAl$G5alxsWg*SpcLm1CuC8|e>ZZ5S(ba|@goJ1(TQhh{ z(w@n%dO;IsEm^>2%NFvIbxXNy#X@>o8rVHP#sA%LfZMnCaimyaNlT7(ZH@f$&?q-O zxZOtniiE|2NVwFg$UQ8iy&=aJUvv&9cC=8a`gKWsbufR-9aQ z%`!D2STy0+5yXgB0@7*9qg6#m({j3+m(!SPqcPJ)bEcEVOa~3AR??{~3Md6tgb2BK z*+MQ|(aqMO3BLIF0SvIIyUE(r8s#FC?S$BrN%58K2l(6jc4AV}tt_HlwX`J4Ab>F7 z#O?*W{hYPD=d2SrWpO)xU?{sVmKgp`5d4JG$@^|nT-)Bt#mg5^(E;DvHNY@;T~d*aX@i!wmk^DtUd zDHNC;9-}ZmiC-=`8LdF2QY>g`Mkp1(k210bc0W@Qtpo&~lqiRyC@F2qq_hN7Ej6f= z+h+N&|1j)29KZ4nC!Q$2d&`%v{PNenS-jz|Kfyis+|9e+{qA%2?c4wEVzJOvSLiVGS+QaTSG?c_TzttT7-Km7^wSB$5GobSYzaEDNnije zWx7}_rk=~!W6z#FtY5$WoS~tin~c^-sd(vYE@RWlt0|WQgcPw{%_ip=D#j(~xl}$+ z8CJIESl!ydHS3l!oG z$@^6s9jsG?GIWgmMA%Lw=_6SrOdZT@j>l@B`*(G5xpUnJ6K;0Mcs|uSq_cSi?YUk; zp{?PMBUPnjj#RpVM$rygLtp}m;WSgz2Uy&c<;F`+X6N`c2PR8Q76W=4B~_wGTS?Xv z+`9WH|L1{S=!|C{rVjF!2($^H3=7(_yz`88TzNt-nUo|945eydORY@izt?1Tkx#rq zB6Ub;3`L_cQgZ3icFteY!JP-jc=x|<G0Ay0@P% z+_#eh00Q~xaUu~>bD?M=+)09K!(uko6^w=cq>j#^{YK$>Y_YVwQ z`2FvHpYMPF`||~8z5)2}JwE%noA}g?pLx*-Klt8--g)PZKUc5CNhfXQnrmJn@3`aV@7}d*7oh0qZsGNB zeHo!P7!@EwiE_nX3+p5&qz$7DMTii--9e-90Rlr$V}=i&wU(>bFX7|&KgA9AY_*f9 z%7F1>f)&mf$UX}_2SHYN=Q$g=U~v~yp^xW0@r(?S&NL>T1l=A!@?|%P!Y?E50CDVg zr}oe%mIcOE#!M4o>cg&;F zDMPUmPz?=AdI+u2(od)|!n!123us7;_DQ9iX-{|2kZu9vQKdkBc8Hg+PjT6rEq-57JWPEBLGu2^)NZI0Q z!uT3Xne^y42_8mrSD)l;2tsL-AX7pRI&-R`uJVy{H!?6$q)hnW%YZDBZAT}#>Asz8?HhH(KHC^X1=k3xPC(B|)pLNCb5nNN z0G8-kHJXeBUGXW6jZ&SSwnjQCzVj?he|QMG7m#ktV$urfW05&yjSr+SF~1=+mb-y5 z1lpQUDPxOCV4ckg0Z&S1XY+7)5Oy8H7`r%YX>O6@qr=VHezj#5;45GKdVDHJjt+@R zxnfUBDnxT5Ch#!>BhWV(N&buwLj37#{$%$p-}=Y-!ZW`D_}w`cF6#O8lTSUh4uA!% z(B5KM|G>!TC{t5Y{Nin+}-^{?%zs^#lp{Tx#gB0z3+YR|c!=MMVPUkDcH}{m$1Gd1rAXJq2Z)` zljUJ1XAe8mBRd&~T2nQkwTPRlloCvoE4=exw{d8yP?INW4WXtZo92qui}~0kn|Src zB_IW*swUPCL>vL(IQk;F+7OP*V9%|iaT(oBYiY`KkWy(KIa_ zL0DFQWLjjTdwntC(oWE^vqTaRpw_%a&60k0oaJ( zb<5!XCzwmxiPQj`u@SmEpjv@Pc0#^@QXV}$J>M7{9C+Px^*R`1GVSdh<*BJj1BeT* zIGb;N=dUSN$~7~OIO&fVB8?pPB2ZeoUAblGOPBZuDJj@GJjGw!{xGG$PZ$R!)&Pz` zW&%x5W14SYa}i6Ma#TZ|fRM3dB{2s;H3=PmT(FO))lP&7ibxaSbk!z_49FO&##kTz z7^QGOH#8xhNU^l-6w+Q6?HtpR`2sfkz>)NnN4|8F;hBA|_pve5p(B0aYP%=2-RWw0 z?avRYc0;#p}Cy)ut0TbwM+sg1|RK@j}`a9Fwq87VdpALb+*BpruA> zNq6%anzP-mXy}A3zT0yPMZPk{XmLN%6exy*+xHG~%aey$+??gT=dI(Uu2!bYRkB_a zosG+BNOxLSKqtGCj?X8QV5&UCWd0C7)x=%o?xk1`ntb5R@#&Ao?8G}wBFHByw)TE; zu96xW(~8GOW_k7Z@8>lqui*OUZK4nc&H>a~Alu??CunW#J(@`=GD5IraEh-!et<_0 z4l`A*)*E2C#zW{xO=5qyL|~&v=450G%(YGBh<<7pplvmsSdS@(IxCGRKF;AYT9^ zQi-WIyx|RBdoG^;MVDL%Kx=F3y;Dc=J%Pd0H;i-KDc zFs^X~GWSyBFJbDtf#mB>Y6@$mCUi|et)Va`j3?8smer)Zw2kDA3zCSR^-(&YRDwcv zl(DHpF}Y1k2(@*g6JWz#u+wDLgKO`9nn(L5A?ty!p%ifD@-F`IC1>)!TShi(qdwxQMgV_lKI+|C|oa=Je(V725Ft}@o0v*zjZeeNLNu<36 zcxbL!znFh~>6vsirFrQ;Kf=wA@1rH_5t<_XGut^jvlHJ`5i(^x91Lh>7@O^5bb2qo zyIwI?5?}j-8({Rh9e1Pty^Q`}BnZ{cLfU;_L`W3U-k$>UzUIvCRzCNF)4AozK7M|1 zn6y-`e+?0#QzsZhpcPUm+Or-b`6BQC#SUKky$88#Uq4epXcO_G)sm@IbR%m!et~qk zQ%=fijJqG4Nsp9JE~5_*5F8pr=L@*-0@po?SPe>Az%vJJ1TP>Ovxt;OIhUd+3}qqk zrN9@0P)LmQ&?H~kFDd*HE@qo0HNF-y0S&D;0@aWU7_*-q`8E2f?Ia4fb&t-sxL%q1FTvEg$fi)7J}>Qgj3dFdKTCZ=h#HT64TJy)V}NIci!>gcfIRf zJpAy(&zbY@?Cs&19Xq-B(u@A#@ZlrZ1iqbM|L6@b<`sW*34Tzio6h3`Cu)#uJUvUD z;74fCDU=M+QqU+pc8ulugEO(jjZH~xfx`EB``H`#^UW)mECvxu?jGnhc7L6- zAJi;S6U_D+mC(4tHiyX{&5w}*O!Osnq98?qHc`(|3&&~A_R!Y2+#(Xubr7)?k$sM9 zgOG|+Fw5}N9<;1tQ1*8U_qtsf)IuU*=H;*GRrHL7_YbCLo*Y01+^pKfu&%zb$+u z9QYEwSKU|q%9HP9J$t{-cyO-marAQ&UIG;pu&KM1a-g~8$%DLb?Lso1=K`9XIzcEh z9+WB-zVui>Z@c|*b{rlhP?jxk=D_&z$vBilMz1R(E1Kl)Us!5>rGgk7h5k{flwt@- z$Veh->OqgaN9zkb7$yLLTuGJwdXF(<8q&Ne8O?dPGf(Mqgl zi-^G?#Qq@%_hP!cd&KbYkQ72ZH)AYQqCtl8$6ANa2UxITAz%I84Xj_@O{iI>E&3VJiL%ZE3|osmhHH z?qO^H7_ZyBf>)lr3}po6ARwD=L25-Y7)Qxe+@wU;mxOe)?ri?8?0}?~gE;=#in*53 zxOI*+n85IwA3w^;J*|A=;**)J2BZ|Eq~vJ6#GU&__|~=q93G#7RHhbyAf?L$F*S>V zxy;1KILQ6K$d($dG35%3Pa`I0tYSh*XLBuTTm+IH{1T2Fg&hZKpO>@;r>%!ID_}_% zq8cI{*&%~K8AA$4X_qlzY>1FB8fi3A3WBQ7$k-UgXy<9PGE=)lclQR+w9!#_StFo6rEJy`xQR*s$@nLg%}|bpQY$07*na zR0#9o4}au2ci!)O=X=B-T=e{#jnU6{)sahH^#`1|b}6A&7_I9HS!^5=4_`GBUA$v7 z#zK&;BWOrV9vd0s*L_DJld6gF&0IqlNk=ZryUy8&B8AWbAp$!=C$!(m;vYf5zgg?7 z6H}G0eMN>eqV``wB2XydyB?Po?bFty8gmS>U3@2d%Q1!hruT$ zv-GsAaoZg2h?nNL4$ghQk3E-q9;q;94uT-u+8|mJ7>o5^cXkZzk|b5B}Aqnh8Ki$?|asW;HdZ~rhcJp z`l2ZmF#W@@?+8px*wvEfx%9>ewbJhAD?lOADN8iodB`@_anqi%-`kY6uSy9*B?+aZ zBn(9%CC@3f@C@W2%B%$X~_5+TNPf|QO0^8!^Z$R_>%bx$Ky$288^P7C6Uj3?9 zk8j$z@v_rSJ@u0dy1L-$y%2^Pj9$5NCAZ!7^FIgXi~l?V@Vi_D-_76u{pVP=Xz|r! z6XQQDmdnXSq?`JJxciD8UrUxO;q=o_f7OqF{NsPV@WP9^|NeWQQ|Eo!>8G>x@yAJd zp7EW+p>fS(ZoBhyENW?_;#Zw4OFPq%i0kL}nNGIkW>?FmPMDl{TA`JpQF*-QmydJn z?n5q(OxNGW#zN#&eg5K%4SevN4b1vJMu3XacoRh^Ir+zO%sN(hVqK9WlqEx5WLWoa zjG1ErOTzM3Xt&F^jB!IqgKVX@W0Q+Pb_GV*`$QVg2IDxw+u+1*O2IfnIMXB7C}=m~ zNx~Q{X-=oOW8YC8=%3(SXPiK5P7)Y_2@EJ>f2MTOL=9SMr&KUCGNw=%6CN`?*ANmx zPwNJn(+kihh#BEEkAQmM#1_ubCfs2#B1Dt6p7k-=Eo7!N%5Y&H88lN>&2{(g;?cuL z`OFokamn%?3Zd_0X)@7JnPaZ|Z*m+D?Rhp|0OJCkjB8#68X;0>6fJ4Z7alvnm$n_` z`g1q(<;V7OaC+M2SV&ompw_ZB)w|S5Eslo(*!xL@4k?fZiWSVr1Y)Y-?i1nOe2d>$ zj;X033_?Jt5t+1g&wIMB_SA{`wAN-gYa^Vz)~?iaJ;BiSR|cs~oClD0&81hWGBq?p zaCp#8{yK~?vNyfyO|SaWm%jAR0PlL|+xfe{|A*h`{kZkkTh%+>{*ESuSye7qwoXk> zvTD`po?W|ljlAIvf5}(Aa`SwlnQs7ocaOzAy$lQwarMiu`OwdQcE_86C6!V&g87MJ zP1ETNl}fdL{rU|tpd_UacHK*pZ(-PMoQ&4xF>lx3%~>+ zoeeo|d)39XWztlGa4vpdoBBk8e3+>75fUJxO!pWPr>5hdiwIC}oN_#eK(N|sn|23; zk|mudlT{4_MkBBREZSwwTbDR{K}YlZm?{k-WX8_-&aM{|I`_axeP9t2X`md0v^RKE zLxHc|L?{htg~aN%l|v1LP-tUigAtLED7eP$UreGfVW6XF84H?Lf({*8gR`C$$E&nB zy8|babcN8kARZASTtcB#9@U`0(b;|Y!3>RFikr6`;IohJ;XP-cz-u?Ipz5T4M(enF zi1hL`8o#?Q{*BHcc^A!n-|E*kb}BcKEYhu>tolOZA$eqQlGok-I20?8k_h41Yo<-2 zpgMA<4xIsyYh;rRK!gB9ISW-E#%5r0+9ETass&O-pB-ehVA=~ zIbA@A?hed(n_>OR8lUEPO@MJtkG6b(RIx<$$RG?1!BhJo)HMYqqRU{$-uvG7@|n+k zX1*xQHvs>$j!U2a2i*OOUjp#5m%Z%fyMBHr`NC|>8EeSq#3h&fLE-kF-S%#PHEY(2 zef#!2=l1@ud;J^u`q#d~ilr+r?>lnv&SdMUy%aC=(oH7B*3^P{Jz zsQ21G_7=4dI8RExxqUx>`_R)EJm;BTlTF2jHsvZGyZm%scj8JWDpjNju{I^9#`_nd z=EjRjz|&C_aBYki@l;lm8OB00VUF{hGzmC5=`Lt$jx8EYs9Dgmg7&6m=)e*tE#$9b zCYo_ZD-)%D#tVH`*X|0i?M-UIHcD7~Rv|4(F~qqG>cC=75i}q)B98gh4*8I^pJ}3B zAqgESAhDSU5kEo`(3xGqg4UG?ZP0EPY@DR-c>eu$e`6rYX4Aqs5jrxXy@no`knz$0 z)1?8jUdTNMC-}qzJ2|nZnQPDANOwb)lJDDqA&k8qbp}oLgruG$5uMuv2R+Zk zpIS3uV!lK+t?+}8M+c|*?vBIUwg0G_)+II4OQZ(S$No~l>H3l|i6a0SM7aVpMa=Z9 z)zT|jyV*>Aa}^I4k%~pz*l{s9hIwkQOL2sjmKKc0=`34>Isar>z0AIrsL)3t zKSmP^Vcq{@DsO|!4iDP=5@&3tq$q{joDXcBuLAQ8!2kH;s;jQzr$7Da@AWx;VipG>jODaVu3>8155-BB32vWEvLdH9MX$+yT zGD@M1CAndccxY`f__X8}(c8Ml?u>P z@5LYB?Qeb4HPuR`BVvuOzw`{QJZA$lKd7-V4En7P9X?sYg%e!T8xcZ6w3XFK6R^CYktUU4@5B^4hNt=N*c1n6%A}RYqFkCy-R+#c zu!A)Vax|qpluS_!GyxhRtB6oKjkn_gm;kLjq%%dZ{ZT+pwbIkP%EtEU8b81!A?x32 zws5=;5jtc-V~j$|5QJi;c$Bg7VHAo|;L{;9{KJb*;_n~b&!7Hu3txKCW=`)}K;Bf5 z)F$LOr^uxyI(_FcYl*nflO&?nPDMI|!V>2~n$lVJO-=FnEeE-4&j=M$wYQE^E_V9a zn;#>h={l)&(Q&k|2}9&q9x+=cj0$}O_a`o^iHMfQMF$&&Mq5H(;M;3(WC*tIiN4oJ zPe~nwBBi_+d&)c8?ph=?ORioU;ked`|#)R_~EWW@I%OXsL&R2K@Gw-TGNru@XNzTdFaRpP1zKI z(RfnOl=f&$r|Hb5Y0jj{C_`Eaaw22AFlwOQlh&n4}Gsj#1H-I6HKnv|u1;%CE*r?!gb(-P) zZY89jYEoxJbipM>PF=6bjkZd|dt+Gbc zhj_K5jU&H#iiu*CFFvu0uRV5vs$aD+%En6&R&{MHbzG0 z^T+>$DLuwv!PKkGYm$UaI_lEr6l=JGSv+UKBW0r|>mC16IsiIH+Oo^e= z6cfb?6XlY%p)nFAC2cuLPcF;imK@8P8|iJ%(%q1uHJv7-B!UoM8>+hYoHuS?FXl{> z(V9PoPMw)iJRv(iLtEn#rvwP<^96)P3Xh5|GBUk~P*m}ZEq}rlmbkEn+L`J|cP(u* zQL2WN95gJ2;q*nVJa6d&N;+h$=(Bxff`|I2xVLYZuRqmCQ(ACZcLx`)=;p-UCYCoh z&>$7%076l=)3{3s)G|ZCA4kegJe6_Cw&h}om;m|PtpMU!UpEa40aB!>ge8V&b`$E* zMeJfpbvi%+GlAwWPgzZGW0q@wxr=w6S>cr%ms9fnIFF&u8X$5fF!fbgI^-gX3Kp1{ zu&AU**31hd1{Xhda~VVzNMx0ys4?F z62OroN2pe-_OfJBnC2{`yx3~nB%`a9LQKzM4h~@khGF*+n3yK|2&`JYs@%R{!3B>$ zx@Bnoi8$W?%pd^81)69;K~eA>^81XuJa$nsOMW zVkJpztmP>foW%5xz@ek?%poY3<9GJr3ojmS>S#Xywp)L?Z{3FV?0#lGl;^p2%##4; zkN-#$P}#r#VA?)NQe>Wg9(R8FO)P9{q3ruLH#o=e7D%k;k+zn#IwG6ZpnROP%?L1B z<4KQ@fXlygA4g~M;7Kg0%1u#d2o2p08GiDLi)hPwRJ37E#^7=AX!kl0NM+sV41$?z zg?uGs@Ax#24^8v<&^Y@hOXMqMdRrQ}a7i~8FYDm6g&i!&WeAKW@HL?;{ziy|mAkfk za-r>%>68R3+D}J%Y5PZQ;csc2eX)R}Q@hAlMo=;nYt4c^4302qVsjz1!IL&`zHg?$k9H35<7WmLpDxnd-N>6yUBipl_K@`yg%FepZ9xqc zfvnP?TIp(9Mq|3eH8?d!yCqQ8RyvNzt1^=%UAVMs8-$i+V>$8pp1#tBfy z*+LjtyeD+cpD>n&8S?_%{Uwo9L!YskJbHQ>_3J0mp^ktk@rfHhx$eUs{LmhNkKOQb zI@(*kZ+!jhH*MXv?cD%k#bV4AXCoGMI`m4rcx?#>hM<28`iJ0|J_y5z5+E)-|NIXu zU%vcv|M=~12Nz#@3HRQ8&-?@NIe5%x0n8u2)p6Z*AL9P|AK-!upSR$NC!V@CZX#DM z;WaP6lviB1nb}eq&oR_JDUk*|;~-BZ+-kt008x-n?9ncT-JhEfDIn*0+;?P*?``kH zC`HXa$*mB=5Kjrd`r>n0+ulSmG)QAL&?1=)5ZA**lrP4S6RmA|K!_(5ttrKt_C_vU z+083AEa8tfEaIv)i|J{|@bvgJx9uO|yH6hCp}{HgrI3^-Xi7`cN|F*1+|(|yHnCD# z30P=++8UPAnC-NKVBCs0Hos5|P48v4JcOrGuK0%zQm>`d#iTW3>bV2dWNNWreZqlI zN*Nbn6L}UG%O^0#uppb}vQ=GNvvDbl+MC!nk>|%x9_D-dM({AKY-yx9<+-pVgJ%>~ zU1GXCh96dtDosjymgQ+@;uw92wDel&dXpur{7|`KtbwCbPg4#iK%|@vw5gpx37DRU z00-I_dKyxk+}*+l?%mFY1ud*j4UZcJ{hSX@RJpp_1;vk-vc({i98Y5Qa>k>B?8>&R3Bbq*Mq`GFzNwdf+G=9Y-u^ zqrIWgMo&v@v~CndEd^2v6cQ;RrBYPGfQhMT!s%&vY$v7~8W6(sGUAW__%-MJ-RD00 z)JLwrp8M~+k9+UA8{hX^W@huZjtr03SGK$t)-H#pw3Q7i&vFR%_QR1e#J)qY=Wu)< z84#;iufF?3AHMGWAG!V`C4jzzee(~-c?4ko_@8uib$0C@9UEN>KwA^J^G@MMH@%5j z2}dUL9LX1%DF+mMAJ8VaL!UPmj%Tv{)e{B`aDRIkmTyOleh0Oj0=jI%!0&Y95@f?P^6>xcY$V2tl?AK<~l}d5xrI&ulZ)mdll?>6vMJRu}z0_Rc&^uBy)apL6c5s_yE2PrB3DLlz(*5D1$nn;^=f zA__PzpfWn+I-|~vI)je5z542i<15N2DkyG<$UsmLWDS9YERcQg?sR(JYQOiM^Zs$p zy;ao-s3XpRQzuV9>7}afty@*+w|$qDh5}ffFx`@|apZv^RNtU63mO_bB4B9v6!0(C zU3VQf-BeNKdnvC92B5P3_}2e13*X+mzh}PbA-T}e!e!^2!0fgL4ozlgXlr6teJ$hJ z9EZ|5c8yN*%-{&W7@s7a@ku%k3p?t$YT10wo8LiGRh98WM`3C0C`aRJP5)$`E&bz` zo>mN2QfrjbymrYPE?L}3%J+>i4hmi3313qBM>4$V64bsZ8pmjDD1i~j-Z~L_8hlSg zt@pT;9Me$EqQ+V-L6a-^98TxiHZsY52L`xpOE0sVt9b3=nVdAE8Q)i=e2pT&^YbJU zNrUNE9@+dPQ-vWixd}X#MamcupoJ{60TyK{g-6+vL&2m-inyrm7Zt6cu0hGYmGwr@ zC>(ozJtY|TJYrIFW@j6xbu_d4#0_*4N ztS1L($3@iF+2AkG2M$G>^KOS+>tF~*QKMS)$JQNTnYY_1fa71w=J!;Xl-se zE?>wSC7xuJs9rdWE6zFriDX8y8Yu)b>jGSAEfU?d$49eydM46r8Xo7qef@m&f%Vir z66bvWee^&-#`sVp}=oH&HzT>`6=>Y#;2YDGLInBACUeoKcT4&gyDH>wvzA%_QQrXf5!9JVD?g@QsO!5LTJb(EdUfH&Lzv zW7!17;A5(M6?qVtWans9v~r2tNUTUeEO7CKLWcFG)+ii2WmpQwG$y&>+~fJH6Xx@| z$F}j=`#1CRodbOOWs6xp!+<`Olr}aha{f4d6Qd+!O*Gfcp(fslZ~~MS!*N6mg&^fk zFq+;^t}toZ@zP4`V%qx8MI{uv^g1YmpU@Ja6;oco3GEGBvwSvRT(^rao_8!V5YaeZ z3P?JVy`w3>fl3-x%UZKm=&z*j9c~2Koqz-s#sjWU&MRF;7#U4RDkuYdc3m zJ62aBKnh7Foh36o2G8s^_w#&oDow%j5Kauw_mGZ*(gBVzVo@P5_R!b}g;W}z+-h7# z1zKw@uDRwN-~0BrZ~ki`1lPRd?R@*@??k8fp7*?muYdjP#q+JHMz_?O=dtx5a%2Lv zw-0vp;%HS=*N{aBNjx5B-r_~{4OBq?l@UN?{jXY!7cXWqn_HHioOpI}eB6Y@z7hJt1|wArUP>78nuH^$b{t{|`Z5_F?;GN0+j~gH9j;t5m*YB`a7BRD zF4B=)|M1iNYe}356@Y{+ju)bjbGe?vw7$8OI4<>Cu<;CVw9!`* zR=!qA5XwhL86_487vfHg|J-$mFFn4U{>cpQI%yGaSw5GVgdhln4cun566icyYwF@{ zG$*^LvdK@{8)Y)vN5)GL=m3{ENM(a~h+EJoZK#Y#Y*jkcXApKs5}<_>UO7|YyMm8D zw4Hg4)x2x@d~!Mf4gFJDez>idTQ?uTFZjj)M~0kIInDH`qzf>e)>mo|99~ObAu|Ee zf+Zb0Xpv~k^iafX0yfpxkA7$)YH+0Zm`mppKmHinXUqVtaFlsZM+%XF;&6W-`LPMu zunQ(r0NRbY;=&6qdid_U?>g&kZ@Y$DZu$06Kf_nN@r^(E@sECVIRKq)aOqhvGH&F8 zclN^INZ4aDY=_nsXsUu8z2NyIlgY!Mzu~j5dhZ9{zp=6-zVufG1Xx*r@EREzp{23m zi-Q9LD*!=V4e{lRc*n)3bL^b9h!Is3g~3w&th$<|E#-Wlv{F<#k|izmT(+p2*-drq zA4@Zy&(mC0O>Hd3WTC)U*KK1w>)XoAXv32)@TTSSdEctVOn3z%!x~X+-H$t~Pq{&-SoqJV$3;4NVCLpO3+`oU2*-iB< zX|BPK1e^p?fW)Doa!eG4$>k@R$PF-_>8B9nkVqV1y#uskF&fxTjrqOM;>c1(0NOzd zKN8$o-HEv+_&ym?1540*(`GQC z+M%S3%IGO51m=H75=c-|5Fqdcc*6W&5Q4npke{4HZQg<2*I)j;VlJwy1zA^zZ*6(= zLJ>HUf*&w4FhqWI3^wnEaTEMwF;|>&@+nU(KW^#S-LvNfKls6|&-vOX5>-F$@9&QQ zfFc%$ojtI1pV9XRNG4#;3|Kr5=5<200DU8X#`C;A_ujYW`ggwLoov`pk^8T704nQ$ z#X9rMGsPp1Jfh?ADqSe#%oe%)80M^6%n$$RuV|{R#`isrW|UV9NV=?eil|g*;!@%x z$ao&>4vjFsv4+XK&l`XKuxYJYuo#|VUULmUdBe*|IucI>b{t$j^+(zUrj{i(e__?H zj`BgUHnt_EFlEgHp{L=%M9GMOh}94Z^%y*%9XsIQ$N)!6dQ%y`@$?>+v^MajrQP^U z*GizoYB>CehNefw5kRTi>-4t%^zX~BdD%}T4v0mo+tTAlymWiafE<<(Xuys4MLhKmOc`IQHVN9 zhk)XXBqExq1HKQNx53(HAe}8ctf)z%&pH7)Zw{i`MQU)gKq{ZY!9n~?8lKo_+bHQsbS@6;Ke$YGGXZOADeJ?lOXsmb>RY{%C8L%L$mcYO`^d2^sx+(_qWe)F5T`|i6r^UO1Yef##Bs8m-A zi@Uh=Lq0JKIJs2Q2JMt$oiI|*0lwAnay0;-^Crt!lqgt>l@)m+xD|}cnVwr z+68=sbolHmRsmYzfL{EA(qqg5%!MYs4DC4C&*Infdl0(=DD z-`LA%*Y0FI=P{{#5HX9n5Rvyo>9LMHz777m2+9og69}wqv2?6dv^11KX+^K3#bQ`7 zC?rP7vhOfFwGBol5LTHWddWRs(A|M(;H~`s=ShW7n=-TPMawV`c&*pnnu5Qcx9xMRO1* zEXJMDVxYJ}z`zJ>*lCP^>^gbXs=?mg-v3wG75_4ptXzW1`hDxxTW@7xV4&fVM;-~H z5^eSjT-W7|FJD1kS-@IZjoMMN^setE}k41v$KDJ&^{=^ zD`vN`dUh*$rH@(}PLC3yEldP@qdZ885+0qlq5!40(G)QP#nFK-vyT%L&2n@khpP5H&gXT@l|K#?kVTzOnKKY7Dx92`q= z&7JGnKR!WC+(9aVz(L_h9TOq`wCAG*_Hj)Jb#x3ZB?(vJ`5RmxE&n&vZ9%rO7qpjwz=c8|aNUbBRfiK*VE^${=1P`KM2Od|q8`?b$1qFMslr*I)lgUteEss9UI|K-45)@f_qU zPNw#RrOcc^m+C|uM#m6OZh@z^!c;1{SU^<>iVFGrM~e}8?)+V3cDvu0_Y|GuU#ERl>rA1+gZVagbVc<}@ z*ai;efbHF-HZrS1TX|O%wuGgf!K;#%xGXuEEOSVFF)g8m@ng{14|<_jF#Uc+}^ zcREX3Yq;v?Yq@LpVQNA?eFV&WVUBM=k{WPH#$8Z8ckMpRd+yo52Y>I&x5a}#zKZxGZi|!dj$Ak&`F^sT~3%J?Gvf`tp$uQ+!8 z(iJDH;y1s(PXnBN)+@ws*4)b%zH(#xy!i{i{G%V-z9yH+{&v&m&8wmTmH^rs;kbp! zGgs2Eaw#nf=aM*a8L1PNkjv)a;9>O8MA=nnX>Ju4z53#J{owZ7-uL@no7cShRh5nN zC9*0sz{+~w^{<~aA|hM2Ztv6v>4t7^f|%yo3szI`ed8G~WC<8tDlfC!rD#oD zzV{b{KaqWJ=-*y`I}vsYREdT_N&aEx^bTkrB?1Gd6PiFs939FKQ}hua90%CPf1X+X ziz5RFJKNUdUigOESb$nr^67Jr=ag-S`1k``n8+1)>+-ow6};b5ZU1q{R|u+O4hbo^ zfBz6)dtw*chbJkZ5i$k_VPS7?Dt4{Hv@vw;lSiIYX~Jazin@0QeP{@F_QKF4IE$dM z7TW6V#HpA>YDt;XpH|w82KtBL$(`sz0YKN(CPjOD>&eeP3p;o2TpwN6i8MN$g@Z%r zu~FE05HUDPs9m^h>9WJu{lf=NdEcAgsQ^wr^;FibUCRRxJ*dw+=iJ>N`M`SYT zX8^KA&8YSk^xRHlTO-xY_0%*p;?0`L*xZ@;4Ryqa1_{y`kVl4v$*D+ z;V?CcI8ALGw6%4ROvaee(ec#J?zr>Km7TMa094jr$Xb5Xs)As z!5mgE=^~xan_wq3S{Z20!eI-Fta5{>+FtKrC+AWR0dC==ERgMY*V6WW;VgwakH#e0<$ z#cDs4=Pj{;HTSbYM}raf5ja{Qt-rbw5TJ0Bv=qjp%i3Tzb{s(W51GX6 z83z&xL_-oCcR@M!?1G3%s6_}=1Uw(s?*!^%hXhgf>+Qg zn-`>Wh^&X$ybskkfW1_rySv+a_L*lp|KtCBEqX21u3gK^UiPvttzW>Hgl(xgH`UUTvB-JCSDk&#Ru zgo9Mz;~=bDiJ*wW$6DbQ=kYocBr<>25!-8e!$O2eMIG|-4c{LN_#+x$li?Sq4Z$lX1tY_9lf_YESd66jn2hr8lmAdfN7ah9!rf&kUY}s*o>(*x(9UT#PJ|dk( z_w*YJUeHoFqP@LkS5HsRG2PwWV$-Hg(Yx=w^UhhdZQG6yWipv!FC!jwl^~G5rOidr)HX#xP=WwgTb+I55NXCZjw`8l95xS5aN9FIJh*p= zk#q)P65`T$*$Xd{`7J~CmtXYfXlYpe0V&a`Ec6YV;J>Q}2FA*;CMs-B?CpiB1iHQ& z=Cq@=7rkeqH-h6BP~Y0EkjjP+kqH9Mx%sAVK6&w_m+;G9+{FdwU+~b@XEr|z94i73 zy?KuX;0dHew6?Wu=$f_U%)(>WRPqqyzJKgOjkU z7Y_8p?jA(Ji$cHSI=ubuZ|6HV-$J16xl0MBFNf8~BARN@DzKxXz_=p167Jsszj-n` z+PP<+6Wss6Z(}VjZH$Zzm7dAZfy<_~-*sJ0?Z{L*)dtYrJ%^s21JNHp`2G)k;>-W` zl}{1&JeDtnh21#K4aDl|jD&DoBYu4i@l+lsl|kh5#B&Akd}7M7bE@K~syM2;3ctFV zpgKVz7BeHNpn!T}EBWzp^!NmfP8o5ad>*oSCgqUg`5cmoI9{NpxyzM0(G@lJLk@j;OTNURuEer7A1HPX zjz<)2>AGCHq>F-YC}&~sUf|ltv9!YH2>y|Ts!~OB9Z}>Wlm_m|Y(AZ?PSslQDu4dp#`!CO!A;)nOy&WsTLBBdF;_K*t)mu zWu7x<4&S`#CSG~L1zd9RC0ugJC1F-+1bvbT^r^>!>)K(C3$6ou`r+X%(NSvaYsCEz z{5EEj>#{RwsIO&mDji~Hv;!iMOy;N3skZvsS|(E|dU_7sK>9b!LLrB<1WfIo)jYR(T+wa z7w4&G@kd5s$9~w;cf|X68W%@bcFvd1st5s9)=}3*7rlmEyLNK0r|0^pyL;?B8tRk$ z&1GjXv$c*ufsoot(3;PF=v9vu!!ZFlw4@Ca0**R55K_>eO7r7qdYSM%Pys92nz?4h z0%DFVwv4q2uF^{WmOf7D2%s$CC{vg#nYl+wf2FP4P!PD>cGo}~iXDQYaE&ez%h4qr z=MWh9d&%a1Sv^Ioc`t-4CUOXT9Wc8tNq21(fB(Q1mbTTgtf`)Spdw=?q$D15A<(Ql zG{(mtdWIiuK7faVh)X+;DV0GEQT{=R4)q_|0Wd>uGg3-8h)mW<-`WwE5Q4kz`~~Nn zdoD^VmMmUEYg;S#-m@l30>r>LG}R&6n+&u-NJK6NcRv~m>FC z0_dKJY-&Jw0a}9VIH;N=L0c1kR~xzcU1a8WlbzE|zOx;#p_ZUJVb}^tq^A&phfu;` zGM?FvzHcpT*$F)ZM{QdPA*fDPQ(sq4TWjm#iOI>ED?8{*V^wqjD(k50o_p@*^4DKc zRQ#&1fx0R>S{hk8yB%NIO?z7EU*xP8CDlX;Fs$fPucuMmOfWu_&M}h9Mw|FaT`e>w zT+>oU*tx$(Sp%C=9)CFwp`^QDt8y`2m`H1*GWgxzc@ zX;m5(qO9O_j%u9r2af=xFbMv54Bg%e$IOW^8(M4r`TBohVBj!PNEGnb@4SxpzyH0( z8aS1P-)%(qkDAuM0KH)+>^)@79E50WYWm5Er>s<|iPTX~ipH*Ygm*!tn$9zSUMgL!heS$OAp_+qLMu2aGD9eX`x%-Clcp`$vGc0&jI(=dB&> z9dAAExZ~b>&e`XD6yW;nudi&PFOht`vMTGSt8-RY=1^~66(Cs94RgErtBX$JhHGBK zST>JTfkjW-hIa`tP8`t;)J1%lFc^Tab6^148pn0H?U{Xi=8?_dy3`2G*DgAR(>hzp z`^u`e6-9og(+o>160M5kh;n}dRm6xz$o`O#A0`H+-HB6VMkcQ9h2weiY3&$2B3XuOZ zA8#A}bx|cT?9v#!X2Tq)O(gi*lRLR%dq1~cb_z{ZaguSt?OXf!>f^f@%;e30QkT#x z!`Hv`MT!nPUDV-^#Q=nIR5sICzYDhPhJAg}&0c@m>-f%X-=#L0L?FrM^SthLuj8J3 z?kPUj{F!j&D1j-5&`je6*M*Ax7DMY8d33T5I(YC6%BP@{#O!5 z2$UVKX(bS@LoA!azx^K6-UCJs*c?fB&7R$R?Uh%~zy5Qd3xqhjg3{|Qdo6d|`SZ#K zTIm2()=POE>g@~r;n30m1YEfKIJ`iaib00zb(A*COLX(gDS%<;R$Dy)N^I^G8Z812 zj89p5lBOw9#j=)q0;Qu(UW+2`pfv7>j((w$PpPV3WN=fI^Roe}7$hTY0!0ZSAe`e* zue6QN0ghoY$bxNmV{D8~cf!!(91$S3B<2X>F_&BbBdLJ?be6tMivFnrhbD52=JVtO zpSX;X5E2)VLf~SkX^s{ssVNA73>1zC&>EDGD5Mc$(uOsmMeskE+lz<+A|k(mu&<&G zm{Lln@;TnUav^gXlYC{}4l>H)qrZNZkN;{jgSos>*9+(JrS6BNI{l?zNBr);x|C7< zo7({kx)3e(hOUUT0O3icuvc z1qFc)toUH4RH%zx3@szeV&_FDAf!vi$69M*QgSGj=i0lULMu(*cnT6RGiHf0OYz^c zOWF2!(H2<4?n8)!1LzGq5R<7$8v0ciy^5Q@@lCqBX92Kt$4<^W?_7F%dyA3-QbwPT z&hE~85A__n=#-OBXWf&JJx}nj6RFIU4*x&eZLWIr)vx>6Pk#2Zd_JcnNY&jAr>}sn z&Zq<8D8q_~X$K9sTH_WxgcdliOHf~hUtfo6sH0GuL?^3Ij$_P~gv1RL&fO1^-?I-M z-V|XWO5?@3XP?9U5B#>WQNF}ig#}PqM_mv9?x7ihQl?(6t2IVEE03Y3ri!W5lvV!= zrEqm=54t4yPv196gJ*V3R&Y%n`WK;a7VH7|-QN6_f$s>5>XR)CBmmH!5`zrfGEt z1QOldicVz^CoMs5+6|-Q2m$xrb1#=%atUAi+KrrX#u*&5_!w@z?KZA>!y6bF9JKFA z1)w^+x@F(NgRd1rJa6y^2!sC7f`3O#s~8v=)(<`S;Lq~;oCc(-OTw}Rh_*Jgln51= z^A^g8Y6*dm5`RVuesv8ZHAy_3!^vc*?mdjV|F98BtV*Dgaa1xv5KrJLMK+Toj|_#2 zOt6S0?&|KE>79DYso($Mk8i&d;G&Bz6!+Y-rh@#hbO0*rFJWDF*=5{$=bZp|0T&D5 zpci++%o*JLv8y>}<$N+ZuLycmph5&UMhZ9-+ljf0a0 z(>??)zr6Acj%ltV=LKbn!gQJ+kueY@sQx0=59{3?YV?Q46^J8@g37cCDDkMb2}7t` zfQCRACW5lbPD3I_?^KS@J-Utiw)Np8V!UEr2d8y5aNLY0X4h7ckgiE^5XPeh2$Uia zn#r8c!O0AJCo*gunBs{;L-bAMAn)Ty2e;bgtnLn8zqpGtW;YRcBx%ntj=rP7Z*d4O zMgu_&RgT10nh!m=nP2bd1II14`T>E17G6uD?Y8gm_<9h%_hTMvSk)W&1H_wH2w|M#LN-ApS_EhZfx?lJxNupsZ-DFWeu_hx z0`EC>F`qemDOWA)=A;?TG$j%^LL!7^GnDEe2!WIiwQh`gbv3M-*~EGC+j!Hlb9vSL zcDh^Z$!SPu1GXI+;+MM)@!JCf2m#&o4b;Y@v7QZl5E><9R5KeMz8zD9374JAmt4|l zEb^zu+47_*l#3Nn0_QrCp^VRU|GA#W_6ZFMZa7w$4~G0852{JoOd@<#WR`l{kFslOs<4|dmQDtNje2>EZehR}AXsxLlPZ68QLUTPj=AsjE zg8FK_wnlR8&7`|$GPR(a+{`9|yiX$SlS!wH7}t2lpaUbOigqZumoNXj zOE10j_Vw%6kN>fk{pzc)X3Lf>NB!H0C#%Vgi4Gx?qA@^q%;k3nhxy%seo&gl z?M+;{wA)aULLR>egD^-WF$dy~L)?*6IWBQW;yMyXnvR0Dn)1bDAc~67?~8nY8I7Dn zlXxwJbrmcc(G&#%%x@F%IJtbl7uId(+fVJ~&Bu51rSn&E_UtAS(j^<-_KrT=e0#h!x)+RWktAUFbb#m^!Hs-c9ARUL@!ztEm?d9G*hZ!$;G*!8D z)FyF-V~vnhQSZQ>tH8Q8MkYKZdDRip$p6JS8cu>D#zrv_sCFH;kEHp)Z#MGm;c-aB zis=1NyWb{ONL}*tpBV=rO1~)r7bAUuWEIp`K`I9=^*BiMWGd3hU;Fr4?)cdqWU?8q zzUpcwCMLx8Z94{(G#ix+*@)n<^5mHhUb8w`<^8@-* z1^QBHCJO=M**r1Vp)MYyp(@7A+5~Mi3E~zknDz?zw)#i8NTE^qNbR6RC;@EGx1<#; zLdjxFuQRd80eos)huz~D{_fXX7|rJR;`t}AYDOcz3h-6w2TYW;mrI3-$_(&ySxH{R zQXp_72q}mOP2LMQFje5e1Bbb1#~?cnkI-0C&H0NuxqA65RFZivkt(T6CjuDvod-2IvS3y@RbhRVq8FxREBgv=}Cp73>7QMe8 zv33hOn}OD5L{}TSr5@Lf;U?lZ$IQcDzJz>TH9{+@`-f5YuO&Y;j2;|E3{RnT!E|V< zs?f1Nlp6~zQ2l%%yf2H{I``>@<4{p2daz9WD zbGhuoY&P;rprN6G)Kuyht4>(8@reyjTo3S;x4fC}eec%F?p#R#D(la+KL6Rz)%@^> zKm5VQ&6^D8Xu&MprStjDhcD;EMcpW6j6tN%P}*;F(aAMxI}`HrqslXs z1Qs+_xxD+{r?_XE83A0raxVY(+?9-F^58(N>yRg4)1fKu-rdiA2M#lu&Z0a+$y1K0 z-dqWR?;~AFTe5~Tx|(^}tQO9k(?V;~B~yTc@1u2q6t1BkN^Lm&b`uS4VIyq=2_mo+ zsZ5|%fohpx*Tf|6`o$9zT$i7}_B7g)3Gzx?j`a& zcZi$U?`Qj=3F6f*Z&^N{cbzzwx`ZHC0404>P$Th$zzNxp2EY-GKC~T8{OPgObcci^ z@s*+}5#!O`ajv=NaeUv1Mb$?%93DgNK8((1(c2Hg;ps76BBa)6 zazcn8UY(#iSz})VvwYtto5_&(JtQI~AQ324Hc5#duD%9lwZn`SL{kI0r4j0D&5@MR z$3#dRr3hSs*x!$SW)EV=KAV`^&PH23%pHRnEP6~lg0ZN*i7{0f4(^JA$&4Iz=NB-~D z7amE%fvbP9mZy3~!1uX&)k3~_&I(2gdD2;rHTwp+dE-9%#wTg3tL3!L7FKpPu(Y{> zwz?Xs2+$}rl9V4Xn9A|&@HlJxN7*@&q7X<{cQ$hAqIQn&Xr?yiqO>+be}Kj_vuI`g z1tKhfKq?m{J=2;NJ~83aH_mLW@UYNGEp)SgZ;#Ji7 z(+KS#gr+9uP|%8db`SFHO?%kZGfHby4Ie#yDd*2^MLID86`0P8btN>+3TwZsjc$N= zAu8>NuIZw+N3|1U{oojXeb>{ZRA4!x4hYX2QybK}83DXVQHx;%$BIbdO2~L{a0n(+ zFgSwP-H#rh1mFKt3<=CNa3sXz&|D9*+7K;`P+x6jB&En?MjK$a+4xz>8YvNyo7o{YI%S?l=f7$f}^Iy&tt!&0EkBfD&AK$0O_+ zoPTY zrNEI6t0tTTPzIAK`7Ivu5lf9 zjHh_tJsWVP;OiHi$n1tB8Luc!t0EfK3lo2g+acB>*Njn66zBM893*w|7!&yd_a7MI zdr$9UbN?78ceQcN>Uq4pvy}i%UMZwDU_^~XXrtyRlnfgmFF*od#yW8+*)cZG`|jI9 z??eh@C^Mt1WuRjdg3yQI#kU;^t;+NsqTucr04P%h^h6rQr(j?d4v!+nCXA)9=bJC3 zo;%pP5?mMJF-TTHT`e@#K}#bv)Id!VYHA>vFtpnsKm;1Cl&S8uGNU%nL-;;=cmg(U zhkb`a$SjK%E@0R0-A5MLwMl4iH2ww64e;;=n94zk55@^6oIo;}WOQVNvGH*xCnqUw z)mJC0cV^O=RYHgwwFP5rmscKc5&yLKf3sH_)Y zee54U&JCaa^i05{=`~5j%TD00&R@wtUUfckDaZ!_8wW>Oe|Un4LIJG>&9N9W>ykK* zqBa(zsVdHt=aVZ0NY|mQD#pU*I;y3lpcS64P{MH7wQbwyJ)iS$f5dpatAJy>I%rQg zJhpFuD^|?m>f;tLyRI530=z&FXv^)FAhjSsMW8LynFy<8i6bz&e9|TB2lS0+c%W~X z$9hLt+EmB8R?eZTuA1?JXH^O%N)yQxht*KhaXFOE^47c7lgs;j@3kj0yRn)=!J@{I z#;zEw9PbNKf}*09iipI25N4Jyv_xwehE*J?afC~%;PIOShq?Kwee54i@!Dg%_|WQO zm|0)NMBc|y4hjz`V<@eWLKP{Fe_{flgrZ8unaJmO%Uw^gYa|6R$2iPMX-Dd%Sc_8R z;ESpHH_2DToUj>^z0w%VU)Qh&0u6Z&QW?Z}3O$j6sVt<^=J#FzUco$1*M*pM3rxh2 z)d^Hh5>Z=aG&ic^P*nvn2N@`|uS~`770lxl^5AQeTx2o^n~=>xI*XjjqYfU5l8)D1 z{(8Rp<$vRzHTUq1uYZFLPj5I%)*m+@KgWU5Nl0e^sI5t|f8PNDG?`3>d@e_!P#~2~ z^X#TgJp9;WJo)7MiA9U%J+^t{=ET9?UXnG{okBQEriu!NjupJ(65B>N{l_Dzg2zp0i}XSUHk?-#D*^v+iDUO*sBt!tdylo3Bcp`<{n62_U*RtU(nx=q`` zwUj`RD5T>M1Oc~iKg2J0^>W3rbGUNxOfmrkf$^d*w%QG?PNBH=?hS10ALaHpoW}Cj zIx-$0d^C=Q1}a=!(^h{$Dp~`o69iUq(Q+3wXyJm+Tl|`7p-ZKsmU_%}$oW41vFQN+ zv33`-D#qtuemt*UGLtFKL-^o30j_pRsExMJod$}Wj%X;Q`xRyQP1Wc~!^C*wosaQM z?<6FgGMXmB0p;7*D%55WFG}GeLs!ML*)>HxK&U&VbO|d~7p;mF#t)znm{xY)1aP6k zI#xm~1_>8KXK@X_!w+e$0UQ`cq$be?53+faK;`l}) zg98WllSm}2^0nsS#~q284bhbcK1JqWNtg5E5x`wKR zYe$9xKL|_;tu<0WK`SQHDKeQHst~~bJ~+?|o-SGtTdd8s*IxVWn{U4PT7VCJ@PmB$ z%U`Z+=9L7Xvi{h0;e{6tty#0C6@X)AQ@3;>H~sx(ESlHNw*Fy`o!Lx#!o|}Lo^M*` z5hq_1t6l*JDM>gEF%ghcuyuHx-J>b$<1v=DHPDhsARI+pNCvZ6&iu}A4XsHPnAK3j zcVBZd3!Cd0&-vwhve1!!fGYhtbo>+390x6h&=hnIf#V|raD+>JQZO*(@$HSfNd@qx zWwTjOUq!*TvV}GktK%qcdinrge{?%vy?7NDFY070Q$R=^Q3As-X;Agz1&u_yM6obJ zNQFK7vfqoyEl>ecNE+fXHVjN~!y{YSba0f5m(St@s}|B)o4`{xXjlp3kgqSbB5BHE#|@ez0{^U;?*mgSd_X!qD>2YcoZ^O#I9cS;E3q}Jm+RE%J?J8mM!DTE3c%n zxrv6ldOEwhXliUkYt65I^((&em9H=uDi=-1uWnoW0 z93C_YmN{RIMzl7!OrCP;>Z=?_-t)^}-mOnL^rnsVt#D*Oq-^b3TIcyY7`iY$tqJoL~*{}LoV64$ zFw{XadDnmX-24Si>20M+sZo-^*BYrc$F?=`$^{(^q|$u#vF+?h{+uEKBvJf% zdN)Crj6EWwN*#4Y1cpv4-8j0g%CykyYoVbQ8tP1C-P&MK^YNHTI#lq7LHGZFs!$xI zyFe@kbv1~#2AJ6avuD7(nJ~Kp(b-OQX9qPi+h}TSrnRnthUyw>suILp2iLLYNV;ge zt%ZoxIggeVMl@oZXGuqrh{cG<;^=q`zpe&mG@1KOW&~(_-_u&_(?-WeFKBLTdf7kx z(j#EuZg+bzP*P}-M5iKTtdO;waeym!@0-e=M~zK z(^~4L^3ugDqy!jOln8#V;4if{SOTT3YoWkF;|pz&`zT!3A>{?^9!_!EtX4k1ZacTF z-Nm=BIFsXAYso2PO^SjSSMV>1NzoP3fRyL}t9KCK3Wut=%bLB1`G;RWLwhpLjjvkC z!loKBz6ZiZ;3IKM+#JOb$5FzX&)D%qJT7_LFP`GbgF}c|0(1c_fQb}pDviwLQGv0H7I_bmDWEbL zQx#_mkjWZqVxa(@DrpRqjwyu2Bsdn65I3%j)p2x{t?sMrmy{-{my(3zlB}*K;kr~+ zB}l{#h!1VlI}PnrfU>gNRt8%^xs>Nwz#=0jSuWa%qtKtS&S!GMvmZET7v@4m@)_@y#$oQU>#tlu{ z3~ zqn^pULJIKla9)hAd-h2>IB4agT?b+L_fkoa4uRH8<@3CH!AzF7HSo{BeTFOVSj#8Q zTEayOx&Td}46i_iS`XsL;|T4dMS#?Ty12{NHtgZaeFIP(N8^KxBSHbA==wT;`DI7= z{*&@ZO@O1mS1fi!o4^(cGlg$l+ubsOUZWBT=tw|YGpgW2HVf%2I`5$ygCd?Fu{w_+#}gogWB<1T)s7@)J9w^?#9fzIEKV#Iqbe37=DKD-P?|t1eBato zTbE2}6LLjhK6lo9D@xr%CWwBX>NLay=rG;4=3g2TP6D?nP9~QoCnTJ*6xBBjyL%y> zL1;uKlTrH*?B9L-@)bP$%$6>#^?(o}sObMq4DmUl~QGx_iXFE!F81e3Xd^Jcf37NhSmt0{@Eil8P@VhpvyK~Wj9!}vB)T4F=Ga)%>9Iw6!LwzaotYlx7P6f6Bm#wXzP3^Fw@LGR4(Pe zvoH+-kG`29D~#|Db_Oq`)d3Jp0xQgrLfGSU)t*|7Y*a=Q6|LQrh$_}vj8md03R4_@lEc~vW33-

4d8KB^>|KoW$#oTsWzRNF#S>aPP4 z>p#N+A+J<=`Qa{Q&ruNodzLW>3Zy}cp;qmnTq-j&J4@@7mFQqE>>WY(9Dvz5BfwpE z-a%()*WR-?o%3Sf|Op*vp?oF=qX=`JaeSk`rS5IZk2WK#bA(D3IQ&)TJi z{AMB|*?UV!qlzjL#s)?6vOsO&0u$Z`<2&Jv^U=_)hsOBE-Z9?()U&W9ON<8xCUk3O z6vxM1YB~rsWu+Lhs(w1ICxIHc8KT2qy5Lkk{-Vp-H8I00KX((`j!e@LiI37G6%jHx z@!-gF6Zk?yqZRXx@9v-(Ctj5>JGUlmF`>dOCrQOoe;8aS3-k`!!ddg3;DR-j@AOw~ z*Zvd#J&UnurG)9MV0t>S13i=mdZ`W#(6M5Ou9eH_T0Thk@*#Sb579F?NZ-&9z03OP z9q6aKua}PQPHLSUR4O&1QVCs{}9Qr3xFvS2NJ9i6@`phu_bGR3rc8(-QV5FET(()y<6>3`E~ zKyV5rW9Y5a=!%5iO38Nsiz6{END!wYHZF7Q+3RHyN4}d{vc@V&oBbqngCWfsh;P!! z*7?{!F^W~km$wh|6Ki@od(A2ub4|Zk(yW6a*T8fuiA%D+$@G}h^DkKm1nNn` z6S_M2#EUND!j*me+`r$%cOD!Kl*uVMdz@)IAcDk(vNe2d&mp$#A48%Aq&|}0;ZL*% z!2iv0JqEx*B$VA`UayH}jFlLbA3{@TqQn6v?jiOO_z_fqcYgjx+QJOeJ-2-S|z zBp4&G;g8?)hySv1I-@YAH<)TY3DF8rWC%5g|wd-kZlx?7F>FMfd_XXrc>=zv& zN~8W%-c>^bU*7p=7hV_-6UC`gGZFn&%RseEZ`Fp$ci*%Jf-_*8w1Ww!S!(d8v|$DU z()6><($EjJ^=P(L`L?#vX2Q4kkMZgY*5i^m0~jjvd#H}P62OmGHHZ|N#5h&nb=CR& z%B83AnlIkQKis~XvXM~FHDof$IMl#wGvVLv+0U$tv&_Rh5t+h{BXBr>;}>mnOQ>pF zsA~xypMPcKF)uyQ#(`CM4L9IRKvaL(!0ty^Dm#u-oe))h~E%9Xd@d<%Vj zJp}+L?BunPk&#!=zcQ4_&acyDBRsm$`DzyZF9h$Y^Pd;VsD_3fpT(?1hSi-Nbd@5y zO63KVCb?Hkfk%GKD(g(lOYFKuob$uy8&jshS}Ee2dk!;LEpguR-uBFLZV(}p?>zyc zT2UntLB--!n2B4we)E}pp|Uc*@5mWE*GFV2_jFP&RiILXb2h*QXL@0!ur=L(|Bff$f8X}6_V@Sv z-|=xzU;OG~x4St!< zf37N&jL=bz=&Y5gl%g;}5R~ik3p`~C(>6fJni1hguE~ptA8%498_VanJ;?Jntf6AP zB(NCCAcPg;8<0+v%~R4|2`}@k4yId8Hm@AuL(jdOsixys{`33HCD36@UP4(Csv>;& zjt7D$O~|%L5&bU(M=3JDfmM(b;(AUcmtEFiXfU-JQCFv@7#~^&mu*5$TSbcA4-F6N zrY?*jgNffL#KS~WB*(LfWl6~Z9&@!^fa=q1o4)9w2+VJ7mfTwfxO)eB-!)R zw7(dC>50=UQxF?RPe&PxClE3!K`Bl%bl(Oc>1S@U1nN=IzTt-rMHSy!-4R9Hb$Eg! z^(N0aeF*2I4Oj*hCx-w4AOJ~3K~$8Wf|xueENaJ7I4B5eyncZT{Tt0Brmqt5cUPa! zx}IKs`rp3A-sw7>QAC$5^WFX9+`RXQC;SQB>tNb*?u8xu5P#A8a&p%$H$5Xi+{+x# zma1^83;RX@r^XmcU7b)VL#c|My8*fIOi!W&k~q~}J9jX$RsIjGdDqrSz`v=83O^H$#zQ;Vi^R&lTNJNR7%F3<^28Sk+ zkp%^C5}dywYwgP#0sY@SHE)~F_K}gz`v$p+HT=i@2e@MGa#nSgXe9{}#<8TGDruJ> zP7n~F;xMiRnuJ~m=SR?-mmdC`tIy-*8`tuhFW$cLvlHp)@T5qmEJrRq2l{(ScbgqM zcDTL!_KgT!2ypGS*Ye^QzqkMZg`H%Ugl>J4bA0+x@xg-TKaa&1=@XbAapTmp2nx(4 z%4j2Ibyp2zQ_c9Clg(1@ZHB+}gBg)9=BL?Mk^ql13^f9cIN`>6yQ`6%& z_30^9k=rl4aP#{={E>g?|IBATQviU%P6D5wB;C1RaIrEyJLmhm(v2e@@Mo!i$-4eM zBS>H%%S9Ip8vrv0o<)vI*}!0}>S=6EIsq`>kt=?#UnLX9^X#QwEFOzeK;x{5a(T(kcmH6>E{s4u~pXEj(c@T)fc}D+NS*=bd-F?yuhY zp8Wu)oVLCI0EL~{wrbU?f6cF=IF6a9&-#d5z!}L!-f8VHZSa#Unrth3&hP%$yaL(+ z(vt*7r5w>$EeDBEKOU$-p)M1-Q5Qr+a_VWB>YRC0dzKa9_K|6xvZfE!1ZOlWhn&2= zK>|RqphAqYrn^cQ5uwn=< zJI~(-IG1qGy?0kutzD=4cJJ~IGdi*K^9le^SZ15f+W3X+m)O&M#yKUpc5P8}k$V~$ z2l5c7IOi6h7)Wn>rzLmuN(Rgm%xzi6Zz@*olK=13{MaL;-4j z8P7KiRB)YLh;x|kZn)w?Sl*lMcn9|G(cbQ!I4ZakGch&UfibsGwgWij_uujd1pp}Q#IZNM=}la5#T66T z8i^Bdj`7K9tT8!9t&6Ovqa*LUBySez2R(t5$j85ycNi%fU^R*`37Ek3ol%^UCL401 zG?{eh{Bpy??g0zfPszsnV64$(MMo#1agYY~a$&S$(A4NHfV#!81L_ngpLQ7$V9Z$|qd{NIy z(w;5~0fFxg@Yk($RM1KVV*GT#d1sJQKPbKSmtM2wjcb>oHv!pVk zCVSuculqv;1nu^POg5;QIF@zP0?+|RkitEgGXN?1kvNP9!&5ExPR#_$HC;T~mm&pF z*m0f?c$i-ii^pz5fI6e*W{H|9VxGH@)di1pp}Q#IS*Z zW&R(rg2wDVJV}zoo@B>p=CtRH{c&^(-lzX{Ue93ONiWPCBrai~TJbcy3fb)LJP?uQ z?@fpzW1o zWzV4_v|<-Byy;k6p!$6X;{Evzd6K2wQ?KvG`{onIIHxS@st^T7Z}6|L3roz8NZ{w8 z0)V4S1!35Ys!h8O9HJ(aA5P*}DIKv?p&SW!4UZK~{)L^`xq%%2h?E0YK+=Te1Gvl2 z_Phb0GmY8OzkcEqUttL^hXMc;HqX|sJ;i0$^YjcejTR&0bxcO$6UG8VAAoc1$ln-~ zMfd7FW1cg)p@GzaFX$soH3OW}EOU_352xTkG|xBiC~M4mG>}lBRw`!`4}$o@;7RW3 zd@jU*D2WR9k5BnXN$roWyi{0W$J<4|Fn~#O{owQD*!-YOV_H^>MOH_Fg?rM>>LjsnZz11ujAe{ePeW_ZPRVXww;M>XJR{<*tVTa zJh5%t*2Kodwr!iIpZ8nmU;paWecyG}RaLw8-lb#S(H~{)UPqm=IoOJw-Mt?#n~|>g z={e+XQkj;qy)@^MWK$?0@$5My=n#bhsKpLyppBz3-%GXARa^{%vn`;Bwbg`2fAKgVQmgYpr&)XU=S^nDQS~2-A#i@LSBI)s zYt@^%xOD#a&g8uI@wR)hx^IX$P3%04BHF|g`38)Cz&;Oh;Yx!fxP=`b_+m_&S+in* zJW6VTnbyIKi-Td*Q3VV!nr6*&RJ*6du(pjq);oPsbApg%5NCJ*@}ww4K1f}$CHbA> zbGbYoT7zrv|E4LEpop7mM=jtP(4~Kg7zWe3daVo_3hWkuCXFK}&zQlbJQp5k5w?(& zPMZBh9=W9t^hurq@*b#x5pQ$4>b3pOU)4;Wi26OjZaFzo?`1MU8w^ovKiKRA^2_eh zg`Pa;c)R?Ct(!(|PI8SimK+w>3XCRaxhI*d>f)3nM%%ZKJ2b5&@k#ePR{jqstyqz9 zgixYjzo?Le1cDHgQ3HP9M;OyieijGaL#Ay-zU&fL2ZXrjqFB!J3xotLwsl&XwNT;g z(KlmNT_UvgZ^Ea%r|>-$OK~Z>0XmkUq_SFMpb$`^5;z zq0bcag2sYDjF3dS6{7IQo5Me|b*| zwn@5Vy~Y*ThBx159z2lGm`A$k3$Elb^sjjtumP2e!rzxEfWa1#`)>oG#7^Z z*;$=VFi=d4A4ryr{Qevu`jPRmpKi%gTc2OoFAoV%Y^d*S2-b*6o&2F? zLGEyMIy&~1R3$3#zB=9MU|?`USz1ED^?uR#zh78?UejUceZF)_bVpLxy8`}>D97}Z zIXsz6(d@OP^B4N8Y74x|I9=sp8E(D}!r`bQwb+9S?SmRUAGt`i36|#cMRFYnQp+>>>Eb)qs~B%SrR5RcKQ^CaSTlwEKY(SXCwt@48q=;i@PNv?a{l zov}&e12z@UJJ^qHn1Ri($8^_bBKlb4Rwzq<2J)wtKeJ`(_DlohFdqpqm>A)Iu}ben zWpEAbM~Y5xpY1K6@E$)Rj*bD&hWu65V|X5zgLK4en3WnXgx1&%=KQop{(#XH2v^0Z z?O9O740=ulwvoY%g>aWzlTGkbnOc{NV$$Y(GP!<KV+R+nFbtm zG?^KP8sf4!PENY9NqgT`IX9v_XW8@wb2?d6vk`7J_z-fUKMgsvONvZBL#fI*iYh5~ zK#ep+WduD;^XLqY7+q!ZX{FjJz4q^Ml)!9^HyUy)a+x9Mdf_ap`ik$tih#*k6CA`z z>~tNGtJJIhYsa=~07^UJ+2;P_m0 z{?2D#=igu3+rO{$zYg{N>PLa~=El0U-ut+Y&!PfBjC3*BDuw{xWd5h|M#npo!nQYV zBP+cMJ}do5RSQdv2SR*hyWm6RpZOqe!36NY8I0sM7uWDeHK3)MgSYkekFV33&5up@ z7RTGS!z{j)q0d6sE54uqY)DILU=Bwcs?TLFJbBgH+LtGZ)2qlV_3CY$cMhGj<6 zD6ddIS(;I;fv~HkZ_I;X^9EAT##RfyMUkbxmt<1IgZZKfNACLzb2O~4A>Xu zs_N-l)CDHqCf3n2(x|zX&@-eUM_SCR_4`xt)HU0l{=A5?4oi20zV8i`btSEVt8L(e zh6{0F?g!MXiWdgYFYx9J=fsZXqj5WfKdex~l`x{hskE7BE`T0xmq3hjEXL4|n+eug zE)2dDiD7@E&yEAp)oJUFQ2zX~WI&51UXdeYC6~_VF;`oMiW&Rg7+j7qNR}gZYToe9 z+^{T`I7v0~kEFp=P~32qM6#&q3CC}XY+E!}w^+FXBTY?O=chY62A!?xh$~nU+`BhF+v#JL}8DftSOk+@;Tgs!j0K45uvym zKbgX|gw~JV<5epASOwE=4ktg!SwcYkUpK1~IV?HBd2fZ0uq*X1kjMQFijU3bjW9MH8O3InnJX1oU97@Gxk)q0Q3*x(NWOI$vwMo0PnqPQM?k^M?I zmORUNTBTIe%`8}ksN>g$`~e79eXNp%1lgd8UC`h*WrS8_K+!Q_|E;Aq4Hw_}tC_kS zG=fZ%7ubS8YqDU%%frEq;l$;0{uw&0)9|VJ$H>#=dM(IH^t8_VS&!$fHoseE5;rXE z1(nzJcK5Mm&uwOpYnOA4Y#TV1z0pY%#>aGrFAg4e0(jQjD6{f8t0Bt1pj?`*`t|r6 zytke60KhG8Xi4TzChl<@FkN_;B*%J|%qH(_{9H|FvOz;-ltHd<+zM=K#X^^` zVoWjow4B53YoG<9JN}+0p4wePv~|FsJ+h~(a1fW{MW$6iw%Pla;$f_&9L5ZyC#@m>x-24NA-b{7D3vtATZodzgriB2;0{Ljn;HIs zGVm@HYVX+Ze{ITt7G(Z)7cBu8Hhqu%o#HF}hX{`Y=v6jmbW%r%9>s=hLsaejoDbus zz!t`S^svRi!EnC!@MZUVEJT|7j!a(M!fG#8+a_i6v@*rxnEv_x3-3BuntK6876bqb zaBuq)gxW(v`njaduQ(VGC;%!xEay^uzsCC{#atZF8XhL zDY1I4_pDXZaTTaSn|wOFp#w$ibOq^B7mD<;HGNklGi~J50y6c7Y}NM&s}PRu%QAa{ zvFWKDc9u3ols%J18I{JU9x_ATqK)it>kaN)j@0v@2;$&QD@$nK@;u+o&0||a^a+(_ z$a$l;-8qO#a%xsrO2p$mk@^|A;tF)EyVT(OIcvirsC(3iEGfuCIb zLyFb?+?8)_-iv_D6!*r0Uj-e%?oK^ZXPkTk<6R`c(*JQB`)(W(ll} zw~cq;oK@vRvsSB(u5taQG39qSN8EDVS1S|kTSo`v0RWWLfKhrSof_(4?y$^mSq|0E z%&QQ!sywHsl170?AVYAYa!Rx0Vy*9@y)tcTpJ%D_ zq%y<7ro9K^e52gVAR~|PWo`=tz^d~kHVEQERzro~>ESo1<4MEwqy^%+v2>~L6bF|` zs5#QZpnt-hZ4+nL1ONP%2}U5o=B2N4n$KaoO*5yz^1UZ=6Wy^L*rih9Lt0r@fGK zpLKjQ#OSNk(CcM_sx+Psqi8^1!T3cZiIBo#4Pu#qGK8eu+x>?CeCdxQ99HH{PXt8tl8F#R6Cwv zfF0WyXJDKz&;M^e~;;|0ITyRjrW@bOmXGgDv(zFWH)eND>%ywa`DmHxTXfZWQ zYMg$jZW-L1Y`;_CpY^X1XSP^BUQ#B;kxz@%Lz3&}m-p#!I_I+$CyNaG3+}=6&n_LG zH)J0I(-LiDO1az`^?kJSzRC=8$;jN;;kl@Q5XlNF`sM`FBK~o6VAkx}>^HQOAvm<4*$S;A94v>#=-yjwq0i=YmYlBagh`4f@*Yz98TF;I-#D zzr6lE;xjU!Y6FL*zA~^HjHSm`=RTc7`G$dwR*PMrR(hgq zGhTVm69#--G7C0yi{^Yy*b7JcV5+8N-IGR7^VmXQ)m-(J8&bq5rS1&6f4%R^E`k)+=>um~~tqgce0vmO%t%k{O*tz$|~N}Z1r z>s^{Xemt=k#2Tb-FxdVFb`GHV&9ifZ&V~!%;b(pt6CowN_PDgxAE|ELa+0mx5r)gF z3vK%Etau*}<82d&k^3pd%J)yuaoVnreBGW34wJ6(WH7EJ%7Y(p01kir8ja;^&N?bZ z!{q87It>o~vI<7{+*}!Dnzz~2$)b;U8T;X!QIsB2oQ$mh7pHWjaL*~qKZYydO$Su% z^`GnK$0O_XexraFPNfxr?}8L8M_xaySD4rlD+a{_Kexf=-Np2?-MX3&a4d7P09+An zH~v!kuO}B-d(?kpS=Mom=DVLjxSTlr62ZqOJj{G1DAG#dU^f%I%iuV!C%&w)jed7= zL9S8<_l_F!RlzWx5E1{3Oop0c)1!;vksu+*heQ*98Vr61D-BRkIuj9fmzl;_GJpoB zl%|6TcT5|ck%pIJw!u9y5mPU(j!@Gu3_j#csIrH-btzt@!8r@ekq0=!Gz)y}bAI#m znx^vA12Z#0&r>j?x8X<%y|%CBoX*Y-)da`uhkNVXLJ|`tfivr+iLS-c_%i=`_gpjg zqaQr?L#Xo;(z^#rm2woesIkCa+PEC{?c;aTf}xXUOtGCffjIhpZ#ybx;N(~?OgxVn z>dN1$%)+yRU<|bt5ox6XIL@1! zd^svTv;OHgS8ZNUKz?gjO+)GUqpAiK}byiZ5CT~>;pfgZ!cYxf^G zNJ4g^e&ta8ua+RGu%zK|Bd3%cbH?^VFqx2E14l;@n0x)OnM6`AD7yb1gIAcSi+d}C z!szm>3g;5Pw~zV1H;fTKBJHc|z9+kZ_tfY8!NH&$0G0M=27BT7<-K+@CJh>oryx=A zJ<=H`+3v`q=+XpC&m-;kN4?{pf^Ho7dB5YNXYbUVviS9pqj>qW z8RQ}As`JYt75Z2C6C=X9x_-=6MJF^u61_uZjMLMgEe1e(dingKGOukX|8H3z2Ve#B zo_{eH$%w-#6tol_L)uHgd3~@B6{8qQlFN_faOOZka1OJ_ytR0M3oe)9mbyaR(!1ru43=ClSd5$n51=K+#fa^BX6;mVw zrMG97mzVFKT6-G*7kO?Yy6!Z+XnuQ?b`v!>P>A`%4&(GdAs~+^Dv5)5$cfd4xTI?N zH54}#eg+h9K`KLiTsQ*1eZ90kV9&t>>>H#x?<#m;Y8&Gm&k%eu&# zGJpdR;9-I@_l4{&Dw04{GX)6Rw>>V613|l$gt}b6p-MA`j*q)1*DfC{vaw~m&EbG_ zo?)sA4(p6@$^JPtZXfI-ofSvi1&CuzO`h1QrIp^lXrfaj-r2dkzvV%p?C$GfIh3@-lS(5*t zdsoS%Uq-@k_QYJh%tjVu`Z08A%wo3b663kpfrt3V|K9~bMJS@o0CS7+JgEitswKSw zT;8sRUjoInQ)Jyjw2;3$8qGgGrhDEL{`*so_WC`$ejdY(HMouOpEhTcrq4{W(>ILU ztNmZ6n1_-MP4mMfLd3=>N^$)u@~8mjFlQ*gLd0$iS=IJuBxB-qK_Uf-**kol{ntcSWJ74+RZU4Ey zH41*xYGVaEYy5iGSnE7RZ}uh3OQ%xLY03IUy=Wxg8jl?T6Wb5V`qa23^ z9A)h%UC~T$)Ipl<=S7`2cpd}m1r0;EB@`1uP4ts8lBLMosfh`y-rCQ#+W*T(Umw%o z`2MUMS&lwx9|VNKtC$VeY0sPOff^W@iNiV?-;84b8Cs`XK74NC(ixYr>Fj36F;E5& zG>CtT{jXSRD@JfqQMb|lu)nGc;-LWIWWN^2wm&zw`L2k@F}Gz6V+Za2?m_|(i3r>B zd;E43aHBOTr#v%y`alpTr<|@rnyb!h^3K+A)ExWOdlUvANr>A0A!w7P9%38`8ZIrlByQf8+b;#ePA$fNW2b^c%k}F9a`(S;V;Y z_Mun|CDA6IUFmituG{x~;)y{5Q~cJ~g~B(sKW%O2ol1Wkwin_L<-~>OsJmP3D~ZKf z&_S}k*UUOWda-B^YB2^OEJ0fb><9w~aVgZpRED1z;bW`7)4Z$fcm_*rLnzC{9j6W| ztpuxg(G5k&^{L@q^WRYlyNvyMQFy%<@T1LrohW^VM?{<|xlwDq3Nf4DwA&nWM~a%q z!CBB$>?^+}evSwTcGut$vJ1l=g5xjOK$ke6b8cGcEC?M}d-A8a991-i1qVh6(y=GK z#!p! zm&UgL-$c3T0w_bK;|rwyBn}E{;bHl5C$^JcYzU~{D?dWAGTKn}aa3JaS(HQ!G zg{BO)V0U}(TX!Yau?M5}=vdT;LYxix(<8!+au|*~pGy_J_LR85MU~`f$=vgP`Fhu9 zyBq5mUxC*L;=1e2NbOODd&9!%cFfoJJED<^%$G_~X9gDf4Il<~B87f2)|rd+nC242 zgeL+o;s@Dh0_G1Vc!9b>VM2(CSQtAsjdsSImGR#QB6bbvaD=<{{dLaobjVusL2Q|D z-VK$vW$@HD;C(XeWk~@eFUJvhu9$_O)MGIUfj+f6(hgG|mqz9-M8V}DP)$$5|Bvw{ zT1qgx5MPsL3?;YYSxE2x+wSPii%7I;7eT<0!te3HS#wp@uw}6ydV<4Pujv$B&tpnU zGNW(xojUH%j~g;6X3yyuP2{2XacL~$hV9P*1v`^+7xP--+-N0AU?Z+A}UL<2g9sQyAvgfD>oLI#-z~B1sGVcFSCUqK)=FZ!usEq6m-$=k%Ddo9#9o zt|X=cW^gOecnpcWuPV0gZ$PalTmdV86NaOZOHkm8lHb^Ip7wt!Fl`M^?`AK)`)iB- z%L>ZvB2XM{vprPcE!WF}Skwq4)wR2VEcn|mi$tw*IIub{LeAa4f_`4LqONvpXTbgH z2#f!jZ|k+WB3>^-T(+OC?@S30;8r zhtmP2V;KLtYRPRCyw+G>UPiu8`^dbG;I4q!F1$-O7{-JipHLL{*)82OC ze0{aaWlp`m)xUKEN4Lz4+g}1bL;79swcO_y(ZJ@g!Id;G4CTHE&OsMLEw>}*T<=|0 z{<6Z;h&Vx!<(_@8IAbfbhdEfQY@(JRA|%7y7YuGzmIoyN^m@iFN=NZN`NkWg!Fj2s zGh`X{+sJYu8>YhI4|9l>O2L-J?Io1NYiY-`!#Y@~B#Ghu+2P0Dt2MB34HShuLKRp& z#Q-E>-&$%pYCwg1*h2jPVaI{Xi@0X5TS6Wg!|Qh9-Ck#hPnP!LoLF?g+MIEIJluEY zbmyNHD+FDrjM`xM;QLM+BTxij&BZTCQB z(1Rn=RQfBmJVQn@Ax?Ohm`qZm zNM`n-Y?w}9D{YIC8?eL4fZ(Izd5n_Po@PU#-%q9I+oOe#?$Knql!DNn@ zlzNGo;#l=HiTL(3NVDg62>Q1QS^DVixEQkd(|J>Ris-C>9OkhE?xCB1?>Q0Ivp@g_ zAiAzC73Z~p?v2d^lO)}3crM4eF_3z-9*Tx14kpJykBnb*FbB@?p$G6MA_YM2=TpVY zWWrzsLIFr3DvbIMVxT4W0*YZgbhF)yCb@pdqvA$GPO3$=sYR+)9tzmIMIS6n%5$@H zna%U~!6qm(W%B44Gjov8XwnqJQqUMy!A#%lQk;EQa~=O=WB)T4GiafR0vx7)m9gl5 zYk>MYcu!6G*;REv`g)+-ZD;r%Lj|b%-L|;jy!Skp0P7Xtj$5VvW5u%XopSD5@5V-! zyQ=~h1mC&JN!d*cr`~`JXSHDgj`6}PyNStZ%xh4zba7XHc+36^8-aAqKT9EB;`N6+ zDbT_l*|4#>bi>|og+AT|3422kP7;->9}OX^WM)PjX6y0Pc6d2EQ@hMh@@$e(4f(B! zGRyD|t7E=PkM1+d5n-y9O`xRdFqxUs$e?eAJvd0-qBap;OIqW^lGGKYb@N4w?wWB0X-iq`?h<6q$R0^Rl*io)eH7as}e`>071tGeX)^0V2p7(o(H-*04JxX z++5t;nkE2PUdM|=fp-@ETl-ux8nGVS*1cyCX_Mf|%)HjXGt0`C{_CEwM*@tJOc?nj zi*Qo_8(!%>;>!Ct@@lBXwk0p9yRgGvIUbVbVqN)LTw51NMC_+?pf=><;IfKpJ$95T z4@o3;{;G@YPzAE;?!Hx}=h}8NmQR?zg zI1GUJwjGIvUkXicLn{&p%pc)SEZ{AepOHC6lF9rGhF3)QjK@nQp2W`13aO_~%LqQD z)_;~4rupd_6PvU;0<965L~?Q>sQxq%0a8>67Wsolo#~L}Puu|)Jt}t!03c~33pz!! z(TKL{j11AW^XFdt`tN>C-+w{bze=nBRZ;49?6v*1Hnqw7X>@w+FEbU&JrXS7L-_r0 zW*%_=*iOz)k&=A8ju!&@--4=r4}S)RelB{li#JbXl_JFX;uDz(;)4Icv*-!{tg0D1 zm?}aNRbrkxy6E3mIAkkPmchG4cJ;oi8$M29&(hGaDS=L1MPz9W;od^Gyj8r=f13$K zY_#Hn3+~tNJ`?Wxt=4bIk*MW9WHA1KKSkB=d3$XTpmirSFde1luhER({$9@tf{R9V zWi3AqpamtfU~SI;;J9-2VRD{&oY_(!BW>uhU*2x!Pgmh6kXwinNvZleq^47YqL*05| zDeGjre9=Q|D|A!Jx6 zWU4+pH}{l|b3lY1df!`eog0KorD!p1ix!Bn6q|&XPZhu);7tGWHfhTv8mIpftiMx8 z^l9qKgZ7{{>b_$xzWc=#0ZQcAGpsYWN=3Ot_gR2IPJ~XZ^)8lz8tN(+=4P**OP7r;>AB# z+*^u40So#v!{3C|+yKDRs}gVEPKNV@{IcbOd73qwR z`wTKmgz(X8BqXHLuvwAp90o3D0=jF71tV*WBCSU>&@+drpq#-G7(kiuhOji|rT}cK zEyzqjfG^N+hS$vZe~>4G+j#Y}%g4i_LM0Io+unLlC5FcvIn&HQvGx1Q4PLH-jCM{6 z2bcP`;Z^_NydcQEmV5W|0mSQgSL#yR0Ym&S6&F#V>hD%1fq*rALk$CCh{``0#jRS0TLWmFhj`C*m!oWa7&37Atwv>{D5j(js+BId`K4AkCsgyg z4OJ&)v-K_i>ZVM|DcYo6S=a|f5F0s=i9!!!Q)J5Vd%QF7yRFyE{7lJ3wjfIT3(iiy zvuhGcgw+0b9~+P-3jJq*C-4y)8KW5gFCM%>RP4w8@4(YrsiTt8u6YHoUjrgxhC zo{l>YW4~@tvLAaq)_Gs98GX|6x;;hO)eb-47&P3cH{I2jYXxl2V+eTHiHp$tO6CnV zrDa)#tW}HDM25g83byh~UAP1g0eL^P3lMdpR-n7ieOH_T{*|>~<^LFcPRG0c+bR!g zQI^-7?DlydA5P;=E!e{lxoNu3|F!!l;LO}}KLJoUs0TUw&82m34F|0MM2ABfe9DvZpiflWR#X**R8v8VBLT}hzU=q1G5#0Pr3o!dHVI_9Vs%wiaOd@)^Y5c%W+x9Z9cN@Psn`iI&U! z$C_j3hU}-u=<N92Qf>wJYxpsa-C2iMbyO%-s6H z*oua+k#h3#w>7Oj^G#Zlu0WZ;E=5(mdQIScOM z#a|iWOslfk_Dw6Ciw5T>WZUbU!&uh>qY~F!10&a~fh1LDH8a{Y#?ks&Qb0S-cDL`Y zzfqx`n?WXX(jFB21sOcqb%uERnQ_c2B#{+PW&Go%*PGMY_8a|@d`Fwpongya?vP9V z80T2&_uypFqG^%It6U}NLB=xp%ozyaMOKC+mIs(5%t}$xyuVWS9c@^u6R{cD5`S|u zuO0**Gf4`Iq`!K|Maywwx2+ff&qeQ!$f{Yf)Q`w z88Z`>!fvpE*H;QjOD@^zfuyoXvB<3%k}7xG3Y8H1XeU!Xb*8QEU#tj31r^XhVLVyWjEp zb~ZH&kQIdPc1nKC*m2#>x1E!QFCYV`PTAR$Q>>hw-=4JZI?`++8P5slVV%SdMeT5@ z!O93P#Gq8ED#q0OO^Y(lTTyjIZ@h5#YWvQmXz#dsrkCS9Y{h_oR-zSQ!84+B5jH@Q z!?{+2vl-+5*{0)>c?d6Clq4rQq(PBE-`!;&#AqYX3s%^ewYA;HZeDXFWeruf7PhLk zcYd)~sMKTr9@ac*T66!FHjiF&ENQ+KW*~mmNKDL4Sh}ymMy3^YObb17p!27q5c6?X z>2x5EZ4*EGuRLu!%)W0-Lv-D+<4B(r|L+n0?#_E5eRJydn=~>gwg~v%4|xBO(WyW& zuq5O`ayH6Rix|21iHX-~z3@(|$#_d_es~FrpCZ|r%d(_PxKlsxWm{~wZ{L*Fsx3dy z&h`8TGQW4^cpFu|n*D~gx9%iHh7R3d4^y4yo|XdXPt)H60=`8`|FQTy zc)jK|ZQ9(mwFU&h;c<~U7b4qUe(KEamDX}a_Wa&-PO}^?yR|WSY=d+R>+g_8Aulv^ zTQ!Ob5+@X@?jw((52binX!+cz^Ge&YN2#Q-x0F9pnpM=)}hs7G1;?H+Of(p~M^~p!?YCT)O)A!y=#lTP-7B zTKD$2-kTHuYqia~a-x0UYcdq`yA2^Qh{;N%1eimlt-RXxlRfntcG%ci>U$;Ay z+lp^#p#Jz64yYN_nQ|{r1Tz*!QTh1EdRrD#K6lv1=fLUDZEI@h0lC1-L#cp|5aw`p zH!MeX02}VdKWo1XEWS_tj7doGYIA7#^M&F^eMeyDh~fZa)%jb)B-l>dYejNo5@YJ>daq$IFpGCVPGNFJvqq6sm_4B`Cs>@-i~*$tbtE7h2Dp;LX#`9YfgY1se>HP_$S>tUtmlb*fHCL$-5>I*PsmhWXS*t;@HIRrz~E3jqalE~`S zY;cMx#F0uAIj(7c{@hn{eU_xCu_ddFr5|UVpJ&zeInQy<1#VI)!3G=zNuljKBW1gv z1wQlL!1u0CdqMSdU2{S$e6d(B*>KosNL11IYV#-dEam;c6vLbhE)kb4;E~*Ui>3#7 z%Y2D|udYUGHp4XKS64?HV-Y#u*7|u(ZzhB0p+c!<`F*`QU3WcaNF`G6bsLYwC`a<% z=PMg-a8;0oT>Cxg;`95!msgp;@05_mTVM0R*I}jvMaUfA>cAKXi z@`>175tUFTj#$W$sEj>5FuNhHvF)M#OEwC!J9|g+z5DX+N%!uiHHv3=PJ-bA#b-ppz(6hST zzI&$oeEh`fYJ! zBW=^AjjI%bY0MyIa={sE%eml^#1J*EH~iR9*QDL%0zKX$C|~LYz6H_UcMtRO$Mqvb zmFR$EuD?ci2mfqy3Nx7r4ui+jlZw!fD^q)P{fuGNA*IshV^PhV)2<+eEy7JYgQJA#% zYsmJc^}kt^mZ$Vd3CBc{izScWPGwxrtKuY7QC0K}YzOSmp(uJjhl1JXzxZ?*af~$Ink_ZzwPT zTFUZ|O^}Mk#|`5O7#QTmJHQqwzPso%Jw}Mb&8WpSc*+}6T0jL zORNG;kBfuxvjdaW^B`C?O$Tw=brPpE*J&gWiSKRN@7h|08bEXF9(~S#`)}atWftlB z{PH|A3{VeFmjN*g?p)e*Q;1hfjOu&~$6ruIP@V@?sja8XHzTMdN##-nNA6V|)usJF z1~*&~RsTde?17DOvKxx~x~3@FQOvf);1std93r^IiGK;m4lWRq^B=@%}s_!5JSUu-ZV#jZidT`bWxrs zg9ghm@gJEYDRzVK@G_aU!YND4r0MJs5!>!#=*ee?WRof{1-T;d=B8G^HqCDx3uDx&X6Dzy-w`Dba z_x}24^`Xj3L$1t#!%U%|$MufakJy}E^!{|;b>(Lz4^)P2pV-m-OS``T8F!)t4JR%; zKkTYd;_d0Iw^?!Zvjl0_u)*jsk$(NT8PAeMT0*wo!*Ak3hmAI_z~1J{eH+w}0ii?l z!kf4SrP!m5kCJsM!IKB znib?WcK0LAZ*C4{JihB$v6az=ZrQ|tMqNW(D}#RsrpI-mo`X0Qi?EBM@yOFa5%3&Y z8f$)Jx*6T!go)<266NT|;9!Fef}i{C00khui)vfd^*l{i{bbXaYA9vDdbPPBc zuLVrLK8|+#`U?4`Sr6_C-a=;fwKbP#CFsta9y+CV@Vx8ynqe!$DE+|a*egV1`oXRI zOrJZD&mJmwNWJD-9cYGnIWl{)8l*3xUOI`LlV8uZcXX7w`6SP*mL=BsTh71Wuq`g3u_yh zdUznh+ps{$xegvSNmXYtS7(=GaQ$=1$QJh(j7Pfy4hDC_&Z`n>SDj8C&o2GosX zlHQpr>mSb<6CSZE@1Rl03^ea!ULJ`mHqBlkazojeTq)Q&J*Q zt~|qa{s2Ft-$o_>hO_Fdg5a2)hH6%;g!ILx;+t9o>>r_c;(U+EliB;gHb5O-4$KB3 z#HID{!emjs8LXBUx=YNi3ngDUJ-nIwemcH1KCd1Qy1LLaV8qcPtm9{Aap?5V?hser z_Vk&xv1f+Puu4q2Vb`;8N%(5MpV=c80v`IRO7^|PCY_+J%&B6w(OJx0(F4N^1t={D zr8C^q5t~%ho+KZ&3E!D2fHaoA!h(_naAWVTx(+Bx>0;9Ou!(e^ zQH;_Y-?Pc%Tt8n_1K@*%TIA_EtEl|DAH%EGR`ae2)Q@Fi>i*Y)NATE=2@vj`oyiBy zLz3b2zXp@EwmuJ)5Es|mB1-r^kM&b2K=m_@vL})_u3^}_eW7%I?N^WHQ1k4mC**cQ zEMU*|-7eR8Y#D+#p9^!8f#f^{@7?)ZluW&PZ8T%pnn#ALge^CjD*+#!{3>QB znu>ibmbtz|aZG#!FaX8qL8iDZi)mHFv;L8eN1TngR~d~D4|F{3HT#n3(L zeON5_VQ`8m%RkN?O3-(CoHPC+N}rw=S|NJVEU^UirhJz?e53NPJpWmSf8Jn)-+_)E zcI!y?C$i4bBdA0D66oIT&YUo%dAD2!YOu}c`|x70N*SpP@vV(0xT^J`j1SP)cGBO; z_czWn$98)Z%-b{n5YF3JMoXJs;WQnN!m(Lvq6RSmnc~`q2YO)620Aq}=s1W17o2uR zQ>wLX3H%mp(zyDZ$iLLh1dE>)|8$KQ5T`a9hn~9|EZIXaxi&ZdN-oPlu9bGNTW_)L z`OAO-o`?D_7DXlzHe__*)OK89qs87_7RU&e5HIil%kbggEi% z0--FKC=0rpDGpq%<%bKd^hwB5=Z_-BKB;YFehS$;w>mA^7d{~&q3~C~8;WlS>!gI( zKS~E5h9Qlc=$$SOOes5qj7ylKK`kzSXc19RmYxu9<3rW&Mk{Qa7MC5*(~s{KS*J>d z!{e5PyohgX06&h%%ECF7bFmdvJ3-WkKyyMEJmEAhpp4;jZY`w-xqXhf7_yi{+RwPW z<{+F_*>VsYI$?F8L>j|;$tco@p)bQPu}cXjKdGilQm{boMo|2391p8$jm3ABi_1}^ zp_8yj%?#Gj6sezjrg47_gHmLU>J&+J73MRc!F44Gr#DWi}L+!|dluuCf@V+-X#PJ_?7 zPwvYgqnY7@n9ioyGroKc2$yNhg^0f%NouFM@XBY_T%4qrE)_vP##%nU5>J!RVrv z3LyR?0=*O@;6I|AR=KCP}zs;wrxA<*yxx$X2-Vej&0j^$L!cn z$98h|{k+%tu>QcDwQ7#48a2iv5(Uu-xD>&NFi}GSuR_fWnMdF&a?uM8Ms$D)Xnu;I zC#?ow3G^mX4ZLYL2CsjFX>FdK5atV=j>Mn_o~E9_P8svT?f#W0(MET4nfp_++)+Pg z1Uf7RF1Taa+@vT44OkGCh$m?NbI{9>LhCA6fXak~cRZvu;XWOXl=eXG73e8(^ZlU; zcJlPVan9UY^x-|}K0{3nfTj1j!T)u|zvpD#rf!SX{Yr1ST3b!K%uGd1&DoJHqZ>V- z;=pJdA!5W1HQ@DJ2joX6v)c0LKVGN0%n24H5IaTH6EJl~BFW~NIA9Eih$wJ3A&I7e8kfNz+3mn>H6S`H6&=j>UZ8QM z%V1meqk1nM{a8xwj@@LgFfvL`pF>u&vOmqQFHT9YHAz2MT(9Sl=BoWB=VOR8Tm?TG z!tGDNTyhQ_3Pz{A$=_pHHNFlANKx3Nc^pI}qz38ic3ma??wm?3aw8fK^1y(U=qCoH zV(yHiKevzB`~ZTJY1^Wf)~Kxv0q_dc8w!%hR8o*9X~U=QI}0gMIYtonPA#0jT=laR z+2y{STfX%@@SGgB-ruN@8}6iXE4qtBJ5u#bzKo0tRbF0R>p*Zmj@{?`ekrbL=*x*L z^kQTdc!jBRuB~%E$q1&52*68}zHkr+nb=WM}!U-l(?Mn#lPl zxeOGwR6_0G{4jd&D3#1tOqlv<@*iBBCv zcquBx7dVM`7%_(Zq+bR3gv*a5?H0b!ZOj`JfUGW{MDS5^H1b|1pww}{xT1MwhU%KW zd7cMin6{x4iK}28s!HL@Kg5=HqEJ9|XEUN9LL#vXb(Mvl#pDu4pITC(I<$L5&X8{U zfd7rh&j~(GYbJmd33qlMMeScD58xlpOxFBNc0 z(&}Z13uhG#7PK=@uJP;D;0s)Y=0i~^Nuy6BtrgG=dDbm;4NbH4(YVj27UI6+eFvZW zEO$MxSIS1Ozj(PGACVJbw^D_joqUP2C)b+|04YQeKvqEs(dMba+D9D&i0lm*#50)O z3TXxb)PHYMwO&J^?|k8pg};AWcJ$LGNGs6ZeJM;F**X|%0HZ!E8M0sQRHb#X~EZxO4ATQij#RIWg?7l{!02AF`hWu81-PJSW^KiD!tc@};{ zz6h+va#E6kj2_7Yh5lby&C8-uZV^0T9vngQVX>bwL|Y3(MY`^ZPaNpzCuIt24EdBAE9_PsMrd;5RyA^5Ly4#RJ_-B09- z{_)tY>`(a9K;6HaV*kTiT?Ox_3r$+}fU8}fhm!DuaEQzaDr>ql#v61(EMfW==?%vK zJvQZFBz5jXQEJuC?d6q~w#r8Kk0ZyATk55U$EVn8ee4@DEFv)UF>!`b!)vJWXaPzw z4w^jBvA|e<;~c{GXo(`Hhy4+3VW9Mg`*q#_qI^FfqO_Fi?fsqCe%vunyTRw^BzZh> zp;y?E!Re2>xuWf!u+Xa;RZIJXSmvRG%X7 zsBA&kXdX)diwOgSR>&--r2_`AICcmWW2FI)Q2RJORA3_HO6!AxEf3*){BzHpK`R8)`;ni4sI;IYdoLp8Fcln71Ds*yHfA1eNM#*1r+DDR@|5CKSu^a4QWmJ>DoyU9&UM{1ZTR!)CK5_i!;G9@%L+MM zXPH9X@6)Nzkh9Q#L)^qpGIhlme(YnvAGuaEgU~sO0Ck^@fdSur^8r8Gecw2#%Wc2L z*OD-+0UoxO!onk;ry|g64ZS$l#%5;=XlS#LmrhICAHQu$n$`t_ggG){B|(yeSIl3v zppd5}s+3>)qqu=v<(i)jGT&O3T^sdgZYz8pQ>{`Cu_5W>mLS4ltjRmL2Vgtra z$Q?e3oYns@s?*GR_$j7R%grD?x-38HS~)k$Om*edbs+5eX?XuhC)}5kB@h|UOy@B> z6jCdV-Pv)8thC6Peb6*UJosyw{-2m7DvOY83L{k1)70;L>K`hw;Xx;R-~ba?toW)E zpg9Py&9Rnw>r(zE%vw-91_z`e%Q`X##IV@s)@OYQyw}^MLluE3O{DEATve+Gn?8dD z+AUA6rk3y7QQGHTMp>?q&q$P6SE+oK+0Poi-krqpr)Qp{!{lR!?e16bfP{!4QuG>& zAbeW68-HVXk?@1Ud>>*sNL_*IEvR4_1TlU6oIca>Bx3umPS-~uoO|B6ENtYUb0iso zbnu6M{&?c{xt%oRdory3UXn^J2PRmoO{L*^wXuYBwn+LJ-lXRoXNqZ84O6yIk$GmL z3TTa9PsFg-Ktl+vECZO$H;Gi#Wm)M6E-kBVk(bc{6lcsh9#da&Hp6^pn(4Ozjw;x}%S21l zW<7Jk==cnWT%!C~LiMRx%b96ta1YUZMrf#T578g8;;LPjEVV&_3j`FLi0-hsxQWl^ zfAR#d=y8)xPsiG9Y)}i_{Hv0ygXDSNbUqw-CuT_{+^vfS+NLA|zf?$gtaKn4`Mb}r zHcEPLVPe8Mx%#b}0wRt&B@efWb8!)*$sKlGkjw7CcK>I@ROnA!!38SHzQuCF`GGCAPq3enaB;bLW3YA6u?DugcAQZ&~f}2dhUg$ z@aN~OB?6vV^=Tp#xwwvBB%yBeX=E^YW~CNJ4Z)R<59Ch!xy%#72_v@AyZ!3lXk3}~ zbB(8HV!z=%2E*2mIsf(>;xPZmb3<44tEUy}6dC|B92o&SvW`wZUxTL8_arY!AqG`m z(@ydX3D65ZX)51hHlt>_M&Dh;mg;{a3LibE`I6Z!&u8X%QQ0RD^%0|Oj!o8BpBut4 zr$_!c$pD{TkU!8n>zhNme6zlt>52mBp_r=G7b@mQ|8N;XGaU(2FKv=)VGP`rHM=)mXRhg z;jBWe+@f}csq3p+CW-`ZWx{sU_H&3z?j8f!T+{AH`%t--%ThYUdP|avx#E(W*hbAS(nN; zE`nT{KWw>aO5J!_%S7r-!YjI$K;V!dV!PVeIMs#?GF?5*4)*4@1LADD|*?pCvv|DA34(W`*a2Zn%oP$uz zI7~iETU!d$Xy1dIp<@RR;9t{+c+=`U^E;f#qkiGQpYR}tea2F^)8$O<)7Q5NLByBQ z>5w!%Q>VNVX_W1eI0prA8z0C zxGW2*94Xta&H6m&S*_iYnU?qI`%!+7)-0dJR|A+_W-N(0q_F{U`a@BEhz(d$TJAy^Py= zGKqJ%5Z3y@j$?Q|qFu#y%~*dUrr}63vMt}%F>sd$)hj9M6n8sNwUXycgD@I3w%vAz z{ZHLjeXe(&f#}K`l9R5R*mnfsk-Qu0sqo$?C$Cw+^qkM2UA?LRIT{ z8~j1QZbvZ6z8qT1gJ_f-OuG_@tn}rOX&)eZpmm4ybb5~eYZ&xEw_B{ARVeNN1$Cry z+t1#|oKSoAX6@j(!BQ1*lpCYFe^}DCAYhbk3u6RK{7WRC5+!@vunmmFXl-m00$n$* z|B)~T=YwP|%x(H;GseWd-$-ds2dpsX^X*q_TJI7P93QN#$~m7vy(coU|1M@+*7{7_ zj6injKSz#Hsy)el9DNaRzj8cVTiX0o40u|`U7ab=zJ!vx`mC=9MZJ*nDwLyoCmU>G zUmr+hp_Z`CQpMA&;5}3AUSzzfC`E0QKI-IazAKn{OO?fGrko)-wQ}13FzMpHpe%*gT z-R7eAYXFki>!m=7iTgCUan1IO05`I~xM6M+!qpLrDRcUWdivlr6$Qr%lmb zbvu|@u?AY^KDIB?CBid0hh9_kPK`_=B^VWF3RA1WJ4C9@Z9Z$paiAJDTiAxc1R*0R zoO*y3J9r@gCRh1`AOuEShL{9HUbRja)W|<+nJChd+zv4uC0Qb%6(t7o%9{pB7ex}n zPT}uy&h*xpr;9SBb%5Z8EEx>-#3+5;n~kLzecR^|_kt zc;$2VvtZuW`bzH;KX4K%oaTMq)90ktE2^TeD{f68Y};7>(a_R}FCUeIX*=oM{j-}m|S zzZ`Ob>^KNZeKW;A3&LVEI;CWBx90ACvC3colTpHDh;B!pj z3G`5l3@B+S&3E!A0TwC6s>ATlG-#N}i}PX#6lH@74YGn`cj#DAt8Z)h zi;S(*^}_wx<@&21*j->y68<~{U0J9ALLraIv1VGewMIMovYyL}(RGgp;9cFlD2%%# zpjx8Y5yOQo?8J=-wh1D;v05bfS^7c~bC}lpSx? z5=lo9T%D|sn8PVsg61}f*hPz{AwylA&pS@6>G?2M!)D5KHjh17ik#-qqz;0(+QY31 zDNChfw`!oqh5weL-AnV%N>ShsDYt}4?lT|&fxqthSxxPsNQtCE9amJ?jwU|bN(aXm zeSLEKK_Fy+ng~-TH{}??8Jj7?w;)rI;NBnbq$Y44EsUiGhZH{RsKsP zBq-0AXG4yUJHTyWSTFPhd$rv=qU@*J-SB5p0A zk2&%*z2{q{xXq{7Iz-TH-={T9-ED5tT91>XkBc&4i2}y&D~kiZsIpT!Rs(^Ek2*5^f;>vC#y! za~KFLG*miC}($^pX=fmdg~r&Y`DQA=}djVOG{8It$FwBZ@aIjig=&q zB8Q8RJnK*%N(p0LK-IPfkPqE**m#4Ie)?9-#&B6e#v!eJfEXlX6S6>+Fi>3bAjRFT z@+KXGZhdZc8FSNnt4-O*+~y9IIj%1?3~K}y1pUp_Bpc}V+I_Yt_DEuOJb$`nXT-vL z=YhDBY~~Hh(>@lk+eZFohFGF!TO{1*Kd|n)kfg06ck3hl9iuuKIte({9Z+M&+g# zYKo%GKUB@%VsIlfn#_sbc0ZA;pK=zLZr-&A#o8)geTlbHhp8PcXSxHE4PF<_YKq zZC?FG>KPk`9=?NI)e9*7trgj0VSyC!cIQXW8(rF~Tw$}>K6p~`c{1Dd36H*2f;5#9 zRK)=fNyT@-Blg0XKv)z^F_#-dnOwfwO-;?x>hTG`JV!zfvUsZaNpPgBsmagAk?nJK zT7>;NEBL&bk;;E|jlH)tJC(6W?M)=tX1}$G0T(F45yoo^*W9wtqq6xALPvMm;oOVmmIp{+4F7S*FfPL`QQy`_>OOO|q$F_S&N*_5tnBN0OXbom8BNKwb zE>C5v8B%!qFbKRZBZ3Xu1x zCm`cv7)MSOPhO_q^e^N~c{_Uoi>MS$#)m^CvLUQy2k&cnc;bRpg(MdcEZ$cI>%-%E zL4P}38~rU6wB4-FiksHISno#n3L{Nzko66j2rU82FDc1*YIS_B)o%N0JIVWg%6a~H zs|_El+j5#@+;mw~NXFvJhwy+8i6-T2K&ZN>(K+u(Tr5<8L$8selG z0@33)0#$Z)D@1q!%n%@qzu^P4gaXpSeP)=Z_KZ!}pyb)W^KH(pmtrcKgc@yM7dDiH zUe$Ab?gF4d=paQXk*?ZroAUOSXMI5fko6vCBc*bEtS?#_vli};r+1p{FY)NnAVwP$ zZz(bKVdu4CfSM*_hHiLi-RJ693RaY*WHE<#mIr|BelRT9UH@QmmXycW+sc~mPMdTE z@*z_x1Z|&~pr=l{I0uKrKeq}5Ys(^Pt}*2R<=mECPPa+2!-owQtBDp^6^AIXz4Od( zsTM-ni7K-i41mMmq~F{YvHXl@5gX781T-~+|&DJZE z*L6iGx96nGf8>2OAnZK0=)Fu=X2&0qdMqWW z>=rQ=@){77LB!<|xOFHA(3tBqKcA5sOSxrgciDUSM4ibdmcr=PZA=0uauVoYEYV@m zP~(PPi+rws;7e5GuUsDhe#JT)ZLOK9L6dTeNZP5uG2)HEXzu{@m7)%)I1li}nN9%G z^*!F{n%oz=M+#Y<#=g{oIa@60q1&W5L}7cTG$!3ENS43IYj5wi=TgR#t+AQ;j=K%F zA1C)|zr*nDcY!tzK1Zc5{KKynInzDJx@bpILT`J+rLI|}*Xup!9hmf*%OsRw^z$%N zxk2*Q)L5~o3KTREq8}n>nn2(8o3Yh4NR;ZXLzov&WtBf>yP=#vyv7FS8Wt_c0er`kuQk;mvyCwM{d}h%6 zi^*8B-9i};G4q7ZJDwv-5%^Z0NU&iFp$!s+lZIBI@~8uY-wcKnXtYH4{uzJB&a;=^ zE$G0Bf%sF~1$2y`{J2_LlEBSr#<%jBa(&&F%Fk{U2sp_-t9Vm`#jUi%62dJBCtfaB z#Clf?;`7#P^ZceU`{iI<_?7@h5flaCc+HVUGdI@s4seyjjyz>Q2g^sIXf9E@qdL)rQ18{dvPH z3Pu&PC0hvqfMuu_BcQisf@M4D z->0{__zex(jT*jhf{}ML7nM1|e%%V|4eR%HdiUwtv~7FQa|6w5cP`&|rrHk+qdV@e zx}u0@^Mt>#`Q2>u&OF~D)GHW}kR|*Pid)$4x$WU)wBgG3_M4=&T zxTtV;)pxN;GC*@6x$R@Ke%jXOfs@Nd9!Lo7Vmj@_j-VYnWwb3B`~<=`mB>Dp8G%m* zBF_tB;9Dq}G`@!iGTK5?#yC2a5rE+na{y5UFcxdY0Ial?t!t$Y4gNM)Oy3-AIKa=) z(fq+sNb@4(xihvnA^QPE9w>=B48heMC4#0kf$$*vjcDgmZSrdzIL$`1hbRgT5>fy4 z)$mkGhH+9bRLnRrfdp^XI%@y zM1qYl)eD00Mpv4V(E73HQ^vt3^zt@0D{Ne`Q%Ha{UhlNaI*7nK_arK^?ZrPgI+n1k7X4AUw6c8A z&eYq0ht8)}Hj2|F00ARF-K+&5juo}hl}^S(*d!%qVF}W1Ws-=CK|>vj)zhXq^xu~> z@d(}2wO9I&gI+#th@zpvS-dC%yt!&kBL9oMP$4b;`5#SttKtPM+nFID7O!)7D>(ga zWw9dQ{a%sY2@$LvtOKwInObwpQy0IzM*m8n-bO|RW3dpu1lm-vLSe4&KmnYoq-Q#( z(nP@G0$QpOj~t3Ug4(X!J6#HqiHu`JQ?xKhHXUOfI-o$$lv8C$s@Q74(FY-6a1=+$wgS8OW-ODr@^LP`MpCs4ywXSc?hrEOEC$%%AmJajXB~lSRF0F3 zZ6DJ>mmy96kngXjwh4HAMZU9PR$%!#wF^{JeYrSL66m$`ux!7047qPYQq_#kScbZs zHo~Z_vaGfdkx)Tl>5Y%r#ScbW&Lt)TsLHZxRSs?=|e~jSnC-9=F0v!pY z@bGo*FE6*8)j04dzwsvG|LY{D@_-a|md2?s*mGbTxRCbszB8jcSXo-y;}cwXLm5Ls z0jXwjIq|$ElKnl%RM0J=641VOq4T3yAfjTD#uhQYLBd2dq*&3cy-cH1rPk(4D=Y;K zQIU@t99>8)4K$pbj(TIFG9W9^!fNm9_Fkj;zOgi+%R#JuGD}mXvIIZo?KLG(SZPX> zGxLuEK7E6WYa4XVa!-zjE<$Hq7;FcKao`nnbYu(^6zm+| zcO;G{m+?^NcNh_}ys|2Ax9 zM!&PB$4<;f?%WP2H}>%S{M|A96&3(jaB0TUe{NmU9o^$=RM(pwlbmcp$^C=NH;|Goe&N802-#5afhime9 z90%Kg8^i>bRw?g-aHV`m3N0+Pn3?}jF$XXs#!S>TH4dO7u)uV5gYt+mut>oIR#o(B zC}~VN4Vc1ZN@_~#+Ux0+U+yojf!n8)ky;M)}u_UD!Y20%QqN=2w^Q zvfK?kM{;)F;=e!oZpzGbEoQRg((Iy;V{F%WcviVVhf!1p_dV-9keazj3`ppsw3q^l zNKS@+L5&{=-IDECCu&mW7mUiLz8TbC(|V(EK^#*+QJ0o4E4MWyzwM!Bk|9l_>sS(R z^shci>WpzL%xOv4DPZ1~iwpcyR>K^#jIY#+DL;p}46aYB!<9Y}!52_U9>@A~=o{wD z+c;sS$rWtK@=(%r$boQpZwj9|5F<7Ee3|DH*j*-b0*B!vZh-H^$8&3=@5NYPSBJua zj#xWOU?G@ZjLDNbTD{_*kAg;Cq7(0RxA zc}x3h)MK17?HACN?`vy$X@l7-{Nw3r2g4?neOBOo^d$H5^Fy7hX0)}X*Ehd!XWHD^ zU%L<+5_ODilhEv&#%v{qE;*LyQBbsMY>|ug4G*sObK@Rmb^}`Zg?w}pM1l+z4-Zed z-dM?DHcCRkI!@^7<&bm5=Wh9ame*m!aBjY^RqL@7OsmS zF;@bdMHm2nK>?A;)1wqY+CK@*hV;~^0F;dSWaZY z2W5ee^|h1Sq2Om>kp5=e#kEE&cC}J@E+8YB*>2OhY%sCOcr;|Us~V8kjzpC@a&|gI zjME@PNRMe7L{y9+Kyg)A78|?_)g_vR<|Sgp??48(d=+BXwL9`RVfG**+7Uq(Hjd^O zrlLl+r5dBXD`w;<9|anzP8LaKgbrg+1STt699h;(LCXO9@<#u&58M#0Jb>|Q>K3I+ zvTfOj?>RtIM2gI8{j@S>p7|#gEz1ThJ{Z*nvUGVyesCsHK@5iv&8;88_LBFP2Cg0~HiB<~O}ZVmx(Bbly2r#QPtvkGD6u4w5T$f*EgH&%!5$c!5emw+x;mPoz0Gz6G&0y9 ziPg2Smku_;w=IlwaJfL!1YU}qkz%KWS+S@17W@f0h|mK#$t=`gaOhOAMJ2t71?oxJ znk0EM`LU$Q@@gmwLRl?<%0hypO1{}=$|VCF4G>ye2me7WOM8jJT7Au0Wx~1wK0I=u z3=$)w4Y6JGpe7V-?ks#XC_0*o9Ap5DNAG|fHR~F~Xv1lmb_*__8@3_9Mh?EoeCDle zNBB9MSRtDy5lG@|`x4TUflTF*9!i-;!>1%;H=oJxXnFjcG}M0TA4$_!1+FpqFMm~Oq{JC1m4iTDEBHuJh!upa68Nv3 zQbWN?^mr;HgB^8jkr)>Xys})#QX;&2OhqgTO(mVN%NRgS zkvzAC=>0Y+g^5T~d$4P@rD>>{#{1c<*1G*!<*m56gEiA}k~{tREF8fqN$7c)2>8ux zc*UgMSbPwQolA}VkRWwk6T|~|Kvzr`R#DY(p3i5zMN?EOxCKw*MkW>x6HujG8|@ZE z2BM2m9ssV&00s8xRfI^FCIxnjKNc{KeWBCD(nYC(xAT>RCtqN+h3L$SGd{Q*L0B<$ zWS2Dx5hC}6*VHu+C@67U0wHuJEH1@b+(wv2EYF09I7%NTQ?W+V7$%$V2jjPNTyt8$ z0zr|VrTHjiMhArs$fv1ykIyx_jBkPIWAb45?OuUD9Wa`E39t&NkbC3o%NqOTC`+__i6W+nOs^=TW9N=Zbjl! z$o?gpCxi92%fr+yR^@|lmndCeAV&3Nz*0mD;ufc}7|2AM7-jmc9ZLYMoa$qMKG|_3%=GeMg~i|Aex^+l=~(=DN+-ZGz@*2ug>CdiE|Txy+X!Z z9o8#4(G3Hc-`o3JtNYj;RmwHnXFY@a`*6(N7Lw=WqUkUYns}Sp_UC^&3aC>G*^g_H z?e^G-h(BgM+t<+4M9LjEaeLuJ^=cJyCrV?Wi+$9> zn_0)J{+3q=NC`QVV>MsGXBypwN{<1Qsi+KCX>&we2Xdtc#gBVi?ufrb3d~A*6Roe{ zC>>ZdCQRxmj!Li7?VB|w&~}#+-jyq>ibWHc83J6vtSjvd`)cvpN;4x4cIm<+4$$Hy zBl+wTr!2hR{Su4+W#q$*X#MmTf#VF6E5?>D@)*q@9#|m?^}%A!XaKGep5lk3W|8Ey z?9h>orW<|$iSuuFUE7cGa?IT~WPYFLUC5cA^}ynEpOF|Ii-@$2N&lxj+0N(Jvw7cl zrN05bSpCvyfrDut1fN%~o&;43;8;FzEjjVGj)<;#FDid>UoE`X`(6iUg6!9;VKp5n zytxPfoPZ6~s+xXn3rj$21=gl*urd~;)YmpE+x0l3>?LBm-OqRHcdV}bvj{f{l?rA& zgMi6^S#DXKG^JW`lNHq48!isPW*dkyTm~yFy8|8p8xgKB5mhX*&eKn1{VowrY?rIX zEYA)i(cL9LtXhhoFRe&;Yo(}YJ{T;Qrl=IMz$abxnrinbS)6l&!?{}WRj=v@A1)Ny(GWA`c z`F%z6PbWsl-IXe2f86u?yFRD#x7zcUyac@AE$xf5i1W&y5G`GS%2SbhgXRuCIHs?u z8O^Ax`*N;(P-^Oiw!kY;CDwGYn2q-p)aKrA`w0Q#W}p-i|8)e&0L-6d>!ZwRU;@Id8%`B|xsA{Dsj-)&%GoPMSL*h^>_oigR{gViU-ka* za(lpyfPgeZkV?1D%HzXler%dPZ!eV(N0eV}Ao7bL!H%EB`-vnmLPNHQW5-bbZVy&W zd#|A1AG^?z#x!~aY8>HWHP-fw4oltncqX~U=BFG00Qifksh837w61iD9xoIYZ|IG< z^D?3NoOLMd`{u&suszic8LqVbcdg^H1l#Zdw5+VFY*;IvC!IBxr2+BZxd?WDte8G0 z$BMWsCKVAQDf2p(k_nJCK_#Ri`%g0dsy>Cwu|r!LG`mBk8im;zcXC7FZaF9NS6ibTLQFAhP`r;inn? znYhZ2?`wAF^QUcHt{$)ou(J>>7=0_UkU0r;ksl@KsF)>{G={HaFHM1DS|VpXRHUQ{ z2Hb1YSLW~AJ)biIeZn)FU0o>WY1YU0UX70qaN_;F43a;7-^4aqkL&VgDhspkd7gHs;t}dd&fx1|Q=YQ@$KVSIR zBXHkz-1Ptc#K6EXouMU)zJHxH9G<=Ia)|hw9-PUJ%WKrE2qsRF9l)u(yM~Fzx;^7++}OsxpaHJ^NB4W|kCTOt#8djXE+i5klKArV6p;fTDv zIDa)F&P0Jcz&1nOt5()_IW3to;?4!EycL&nNIR5JG z;r1n{i1B(5ZSb%%5$+Tb>knhTsnjs>FH^o-7xEl~YZ#3oVlXXT(WI6vHCZWaNs8sjsH$XGJvaKcG`%35f@}*ia=;~v79BOQ zNHaDGUM%oc$*#|a?diE$R!$R^4f$Q?a}?EO-*I%DWj>WY5QRzqv>~|g2-5yiHv%kQ zqat?ip{#L|L@d^x^6zZ$yozY(fBaqUe@U#bg6wjwQ$&lBP~kk1_6$@kZen1;m7J{- zNox(w9;SsXHD+_%muR(LlQq+z92psb00aF16@LEuI7#{a`z~15{;&O1AgJjl(o%b( z^zWv#tkSq1Di?caKfl1r@=BKFo*utE0Ai>Z1{NmK%Hr1jSgJ#<3(rfo9Va~uVrsb~ zdBP}LF-cl;pSpY~8_-8!V7ptve^U0$Q}nDM>|kyg@e?&-q$ObjPQ)0gvJ&DpgM_M; zqQ&Rom2jUN|GMpH{{M3UI^SJN{ne_PCO0a3dv9-lz$3HUfA0|zSDhbCrWwo-w(U#+ zYqud_dxgp0`ERD@SHL%q)C)L{2ZFjIs;UOUkJnXgzZ|WMJjBorK8Soz%SYi2qd9qQ zoS1VtsuVWMq)DMr|FBTj&zI|r_ij1nRjIl#j-g;YMetn-I}TTSDo#VhhUQBbIh!15 zoEy*ayCXIA1mR)&#Gkgq6&$!u{;O=&f-NNv4jCr=8Sh>OrqZ?fA4Os^oIZMy9x;{_ zL8&q4?;N!CzTCE3mn_afR$dwg_D_|$+uLVtn@;Q}+0IPQTkh9>JyM-;0ny*q^1Q$9 zQb{l~202P9+@P;P)ST}r(06aiAVbq%JBpox6IKeE?o&_MIOok2aAi01iEllcqXmA? zVH9#%0>)Ii{lDKgfdmy*J-zCvsHk)nM>fD%jLAgtxX$rJ)ZGCz zi<_Z(_+}a?W8e@?uWW1w7u)76S@H)>oY9o8ce$P!(1Bj|=%7lkDW@YMrb;_VXo{!& zwl?sKm(s+-fs#P4??H5HDZyPG)pLe0f=0Q&;mb z{*SXN{_OnHtbAYE7g9ZqbO7W7=qlf5PvHH-E;5aLHd1P=7%QkOT3kj0nr1#rJQ|=rA{y z+rsX>J0)gkLdX`17oJc?e(bo16&a*!k?}1vcWQ72vlkDkShu%{Z$E0%hNjB0p%9Uv z#-7c-fAY;c3?ZG4A3m;z8RJA_F?i&gIh=b6dg(uV?_JY@Fn!rLUbd_>`n)=AYj@Sk zO1SW;TA>o~pz%TFw?VJJH`{CijQDHBQ*#EN-kM9gtgvmjYalE3L|?ljW~1+Dh9Afl zM^D?`CuAbzw2>g0EA#7rO#_EgS%%)Pe*qgC8=xLQRVKnG!5<_jBsefgnTE9ZRyJeh zLVDDmcB`fAHSAQ0%}Yxw&(}89eV>oPdN;54v)(speRda!h&0_qrh_mv6C*UV!}jGN zn*=1Od!N{K6>`0;ZDd=%eBxb&FbweI>A}VO(%%8K*2;z4OTTLeUR=D(N-uNxklZeQ z$VTT^;;A~OjFrLqb8!`kv8vmowUPw>`tHxm^VpBv@z1VJjb`dh2ew0*kOXe>*+*ln zUo-?zsfmlhBv8c;tx zq8>lZsjG>fweumlhg=ePm!s{5BDprVmS4(SR}BvTf@rm~%xfn_ zN~Vm{-8w6$jv|!}b&4o4tuHG22t|Pa&Xic69S8Fkf%txrn zEzbTG>Vzksfm0k{X&Mk12r4LLfIbAawiaQaH(ZO1J0G9UlJ`5pva_GK+>t`P=hZB zZg5r$P%bV53GM3L%CNE#uuLNhj7A~U`{P$-U`)vk@{+rY+wQloa%Zq}{f);rJDk5C zjzZgyd_g0#RA)3G=}^O}mzW2>#kW~h5zKM@uD9lGsmyrtH5 zS8lD)i`r4%|0o&b6Geo(n&1UAx*UIP`z;;o|H=Is(_?%w9-AO7)*q~nL9VY~-=^zO zo8>Nk@6EOyI%7|{;TBv*wBE^rKSoj-B#q;(iy!iqNLVA?XJ7U2*5l&5@3W?>@4wxk z!MgYeS6U~%YeHdu6cOepKeXVEQSz2^Ur}Mcr#yI*aDIK zaNOfKcIgH|m6ee6Y(AWO(QsaDwLW_WfmY7jq`FwKUQU}tveXzo?pX%0<>PO@jbXNv zh`0y>xGrrHl1<1Nt7}xC@jpF~MHe(MSD|Q}iCeAHb*~%@OCGT;Dt+s`f<&x&KKU>% zFJ)4d>&At(u>KW@dG>11@8gKs;^^>@VC(PSlCAZT*Mz)S zQ;Wcf`NqGkq!}S!EUJ2i=y6_M1ts8_8|;Jrt5{|>CKxJI(qK_eDr=(pZ>Bg#+BD)B zCh)+@Z_v>q*YkLV*zaX8nLP0iLbhKI*)`qFB%GxpNZl2cB?S0tX@(=n($ezG+n|{t zQ{Vo=9!KM5w{H&t4eYb;R@5fm$vKlsOsId7MKm z5kF8#ib@USNy*0tGux%k&Q41ysj(zw4b1R8A3FG@8&WD2{6DE1R8 zNYL@&zl*i61sb4d6NpEqf9W~aa&v@)jiq~|1hp0_nnkz}z!zCqWYShbUVOFo`Fj#Jb>!ehI=shfcU$ILl&+;NqAhNmIi95R*7i zsfqRY>~vhJ#UeCsTMzdH!e{EJ&$6ZBU@pYh_c!b9mndsqbp zbp)H>`oiGCl*ezxF22NUJ%qB~>9zLi7BFX%Dfcp>#syJQMG^p3ySs;w=Kcro0uo}{ z3GhBmZ)k?#!Jr`6G@q~i;57gDQBD8HDnsAv=0&CVGx0wEQ>AfJCnh!tJ&a=!M^Fsx zfj@Y|MOmM#pu|bZC6ni%c{{?c_nonS`-LzALgBH5K5mGKU&+Kcf7gV{3B+AK7Qn$3 z)DerR_%>g98*RCnYGx5-r!K*X_(NFBsu1mv+{UxHEM(kY940Gf?%sNB{AX9z2Wt&B zPT}Gr>WCB~R^IJ%VXDggwYHq}(`jh{nwY@%@vmkbh>+8su+1`qf&ZuL@l3}33p{hL z$BhU_64ya$C4=PX5_vDk;Y&fSI=o-}S#w&`;#Z)t zI$(0%?GGiX=g8N z=bMpfYTQw&DvmGeMXr!t&Dp2U6!pSFpyN`3^iL*Lo$6Fj>SrO` z=u}{jIlK(C4h*<&*LMkitf8*a+I(qMGj-@Ig;pL}BJC(-y-AakZb3zk0D+PIa zeR*H!dtYd%;V2Khp0|JDQV(pN)nZk6>e9eOsh*R(E2<$gJn5Sa0+EaZKr?9 zf+B_1$(!gQ5ck8Zh=Cli0aRwZQ~+^paV^lF?rKK4zzeKHqU9 z|M#^xYtETD9YFs+MvI~{P83z0AKbHrG6~o^p3^zAO1T(PQ5JobRf6io`^_zr0gHK1 zowFxt(k_GDUp#^+I}{qD9D}p-bW{Arb~L7MQ&(7xR#Bpbsl!pj^&W%nZbeB&3_h)A zDBU>nE<9uo^e>M?#KeTUP?!+E0AYCO5NaV}(WjC~gajbpsH>=yoI|X5qys2N6xD*E zB=Ho(1N*`Pdu5lpx(@HrzCaESkC38V@C9Dh{w-t}Y{JFhGyLTwL&^50)yZ7J(?XrO%uaS8+ldA0L-a7%6)+&>f{4()q|`$2lP)WK(Q^qi>rtGJP`Vjf18OK*1ITgG5t zu0kl4sE$Tisv7cmg}iFCaVm~Cgj6^yg>L(MyJ(ZuTgZoU%%BKu(hQ!t59~a;usN;c zO#>Rigz351`N`A>QrZziprM4QW=^~ml15EqChCre-HjyG`$II(MXDK@)O|>tXuPr< z(TH-av_U?Gb0tx3dPG<49kRD_&*t50^$uM6Pi~YLMI_65;})yDgaYO7PTiICnwWt-20pr{=I{ zUPD6Aw@)}d;B54)x`@ZlMIV(0v2awdSn#6*vT7~mj?`adrs@0uw2XL3=zS9pW`)9? za)*4>yX}Q-yYCWxyW~4|FE8%Q(gEe=#9ZC@Z{CcAvkAD#UnFHcHd6dw}RtdHA zq}#CX+hCTX_EJumfjvXXzt<_b-`T;8ab$J}V{CLma?Enj{CXtgJJ9=h-!byO@3CG` z9)WQ8gX&TvI}W20OAeV88Y$cd{B9~X|dyd z^z6?WBRIN*dUYODgFPR8Nnkv9em!91rlFO9nvSv4^(@uyQQ*37a|LWgb9K*mSV^t! zp`u2do_psbMc3=O+?KPv%m1DycF1r=Bg2V!M@e4e%QBcUwG=NFm4LwH;wSO|kNMb9 z*T6lVBYrCtq*bQv7LEiicOGxN?}Sc%+2pcANMFV5xNa`Zb{I?jO~kQ>CieJzf0!FDpO)Y6Pa7U~=c2$?!g0;C3fr%l_v1N(9W9ye#-z zEV{qH4_1x~i(GDDX1xqZ4c0dbESfy*J-m&Jq^dU=#SupQg7yWvj+T~|5;~yUtVFq% z79Xi>V}lU2X=e?&}72`Aw5<3df}>*>aPT*76<*_I2zLMpGQrHQ%UMbs<;L zpoJm6+=X1b^FjIx+1J$#KfwI4o^lprR}cx}fDTq9Peh5aKo()cqDX3dLKIOgIWreO zKmSo4$wKQVD5#>M!pH3L@CV`Iwf|jacOXg$kHb1qK;Q-2<<>{TtqNI?P+jGM_5&?u%)P0aLbiLydGDIvjKWH)+XS*Dw|E?M(!kkBv~?@u3Uv zw3;fi4~GM-wGDD4!s(D-NF!bIB*XbadLoS@0~@#q>21^Aj^#TDd^>Gcq9nSCLd^Jn zE=iH#AF9Zc9tY%wJtrvczl~dwq8<|$UJ17@w(&F_xRXobeK`VFctt%{2O)U>wR;cd zX^@X5k@5I5VM{2Z`bX+`#ngnAP^=-HlKE@siOj;BjG1E|aJ%!iZ1WA;H@wz<<)QI3 zFVGMr>~!qj??|t9Z4fNFa91+_JC))up#g6qZ3x5$4Yc``T-pf7puqjPj-TA0-Os0X z8>{O<=I6p_G<{QH-p(e-Y?t$2!o!pcz41 z!w4DBk|w7BM$41Eic|D@rQ!ZN!8v?SFx1aB(RWhZPKRGzNPzl$0Y+P2577ASP7DSI z2Nqqfus(jDqv0^G0eg8G{2d}z3b9?|9GCSs4&ASE)4y-wRnEHh)BQPRRUPSgHf;)P z+LI~(t-pZm;=idzr2%TZl=1b6;hNmd-w4H>?nnt_ojq*S1dxMJV_*u{irfaSPyT)r zcx;}$jsOK0?C3GM>acyiH$bShR#YnMGu1 zGi)`RWDz7vj?{bd>srvJDZ4dup}_~;f3!AfExqSkElSoxi!Cz zRkYmAFxtJIyL_PhMNdSLp>4bnTj7aa(P$4F1XYWT&bt2m!M6+?5>%rq4$4D%)f4vN zH%3-mx_}@PkIA*NX~nV*OHAm)8azU_=*E=s%s&ODq=@_Y_-IH;(Ha-bGGgwE2^uya zrO1_w!`CWYN2;H=Mpzb22mBUg<9?~h&|nglw5$@J9MAfmsf-)`Wu-wX_~v|xU1eT6 zo$WZSlkfTowMI12Wuam>)9DoO_vXaLel}`TzkejDT&)?+*T&~{_47J)lHbJ)7WVwK zJ%X_#we_Oqlx?d%r^@H}r*3+q_inI&)k=L%Tb>nTjVpLTqMuT2_&1a$5<*Pq-0*1Y zY)KFJn_7i^3JE*E2aMDal7w1R%iL?~aRSu04?vLH^WIB9C`mpVobWc&`!)&zl)ZgzL1W{DT8%-FMztPTik2fY0HkuvYu$c_VOpcHz1|F0 z$Qw|L)>J9NMdpN)o`$5w2uejqZ}^t)#8}D^sLv%O%oJM_uA!j;_)lXeNRCDW3mvc$ ziZr-Y&=hN;+gn`bo6Bn?YFsF6zK>VN`OI1*O+foLD?yHiv9~|7NThg=NXCuWo5!)1 z8sxrX?0RFYY!)ZG0&dCE-xr2Hxw)uj)2WU3kw7VZHku!Oe%`mSmTy?>J*cRJyMl|9 zbx%Vnlge3~co#xKDAK<}-PEc%8R7-SlU$qd>fnJyd6AeUuU`NsO(Sy(?hVVA?hvdQKQlfm9koz6>& zn8~`9V(QHY_x4_hr!Wl12NKYO6rpS@X};PT!O=0t04btCq=6uY%GAQf@Nnao#-sDp z+=i@+PiW#1gMT0C(8KS&p!sTdRu+^A&Jz2Enb(n8w zB^V-3uYtJ~0-FE{dN3QSUTcehVD3Q+^J=fx=o25#gJ%T(1ZTe44JMC~-MMcG) zVud{ZxdFpg=kxrQ!W>Tghzii{0)`S~mQBentb%LwtS?Lup9$eC1xh7|5}6fGN6^*q z&>MF)vH>zwSe(ve?r$uY_7X;KO^%MMG&D5Gss2*-et+G3?w;P3-_BZaGo}T#JDlpv=n_`ce+FJV~ zcXMn7ADr|Ry?N-pD5t9fv89zS?GVRLFp{gJmK2UTdMrreR>e) z{YjMJMJnSEaY-@4#4OF-$-ULo)U2#5DOo*qoz!;b7id2fms3&xMM6xQB-(f;)_5UU z8?g1L|MZ?Vd1<*K36flIfxVCxyW$H&xEnGh{z}D1_C3`8J!ZN)ISJ8wwRhR6A%ex@_su8=~CH(U0v_` z(Zaen`1wNU7D=kgLBXW*ttE7O0)t+85t zIEIntt6pOpN2E^HD8aDU^!At)SC={gA#W{DVfkMQ3~A#fjFD&O)BC>BiQ`7(n%^zW z{0e`qj}=m{FC&VIBJn?MeFGq1F&Gq}m$e`ITsD6bXwq{@H_U8m>H;xGGK4V3{Vk8a z8w-)_77O^qq#dVKx*u5%p2z)%_v5Bd9*dx9ZTwsOmj&m`iN`Ej?d#4->@m#x-14-W zoQ(Fj@$uFNt_6?JM-zav>fnYO=U63MQ_sn_;zU7N0MFp%oo5gz_Q~Gf{>l~KMx4{X zFF}I3G+~uIK|d=iM89)!VZnK#)dhWdwxky<(bxbETe zc*1VM0l-_dS-M(vI$fk0t(`;UShKxKlvKhfPSwY8F1%J?fyybaZdczVYt>+GaVH_f zrni$oN95VMr8=C*a!_UasuIKhu-NOD397@kye)oSs;a6dv&(Y5!%ELO?kAT4{@Pwo z+KpUObza;*Ieqn_M{0dExD!JGQ8MfVGd^u)Fb&>KmD-GqKQQ-=&Q=$7J?4Etp=G76 z4{1e!rycChA-BPvdGrRr{M&E!pt;72|4d*~IJO)ncK8{jqOW_PqIFndmy9)w^DI z(`57QfTI}%d~`HlCp4hYv|1dOA3@}4*3GM@%^voiVZNc}#G%!fT7R%4UHPe`49%;# z+Pahtw4Z(NjBR&2*neK9uROdCt(F__U*k;4*VojfeoBE@s`%ELX4~x@qTN1pS?I3Q z+jH{u#rhm6H5R#40hzh#;IoO&T+i*k=bpt0j00IrPeQQ1)BEAjVAM?rkcGDG7lZ7~ zpl+?vHARDylRpyi>29PIN^}O@oN7Ug6*d;e&|Co0*Zawd)=JsdCy;-^$3GMYP?Y67 z(8+6!daaVE%IhzT0juu4y%*FIAb=vPOtV_J+gp-#Hy5>U(< zjfI4h`D|%uxXXmyb$6^}#dh8{rS^@UN0xI}LSL(0@2GivWMZZM?2m)EH_qw0ylT~9 zRfo0s@Af)~p0<))*;Fd6R_UjQpdQ3SxJ_=|Pi^n4>Nih?O@7@uOdw|R7-n=j8T}uc zM655Z-=)HT?x0geeqKy%wmqZ~CAYY&*#6mD!(RD0m%whb@#f%nip`rbY1{VPlP>ML#9R5@6h0LlIYy|FO%rT`3+R4dvYSiIX;HppW7zEX`dXMK?l8r6Z}+Hck+?s06O*pSYvGdZU_6gm1Aq!q5@KM zUJ9D|fmNCa&J=UW@T!@NYqow&#^qbn;ZZD!kagg>Gw^~!mBmU}VK2+8C$kVnFeJF&AQ;wI#;0H9wXtq9zVCEYUdPV0 zEB+5@ICSwa?h};lo7q4-Mht6C-KPb&o*UyH#EH%f2DFY3_3c!y9_HKnofLH20V`O& zL(IKKMt%c3=avk^0gKzSm^HGYab?J`FWxS77L0hl`$|2p?l~ZUR8(aYCdDXQdFQb+o+p3*k0!*|IPaOID3~ zER!--?BLz)_JIGbp~^E#&gYGVvysxaq80hji(!pYLd6Ho%l4DI}wTKEYVs==Pm)Qbq7FLoKV-5;ikV$uq^ zifx~G6Y_fkQG|EqpfQ)Q(Pn6h#*a+Y`(9X^+)=E*J|1-R|Yagq1dZu{P??p`(oQp=kBih($d z{s825pj*%U;TMhf(G<8*#wi~gUb(;4CAKrd+o9?`Z^y#cOb#F3ow^5OS*>7tYfoV# z?GYQgW8AKkfX%j-(t(wh6{W-u!f#OigJh*O8oElxLH@#tiXc|0^K@eE6@~+Ds^5q2 z0G~SrTgUw)v}FbQTWdK++d5?ba|s12;(Bb26jn+~(mOd7m3Svmg2FS?%Yo><7ZjB0INgJ6JO;wp z7``I>PFFuB++b_S+ghO0S95agsh1U?4OWXkm`Ys)Q@|)$<~?#Fg>YSW;HcinXG``h`r?5Gh_q9Uuwm{$8yac?0Q$Sgfk!Q%tGekrrDoiUNcxg8?< zxKbXyIM@thU}c7V(pMzgpfSA8i8Td>wypet*W%*Ud5*Tivze3%OQ-3n4?tC%%xonfwZn+#p7$Y97Zf}Vvs33VA z!hNtCvzQZhcD7a!9H-xcdgBmChKyAhJzsfK|Eha<9Z^by&hJxe`!d}#)cwrmJ#6<4 z7g^*zbTRYkuk$n^k0$jP`S`M|0ZE<76-)OZ1v*7;R^h{kVE_=k|OiS>zfK@iW+c zTh!PDuC7R8K{6u$Vs*B*`G_I(Bjjw-g$vhAh zn*sg&PR_= zPy^QxKA)!?0Z;N>S#rlth`2e9ME$kjUxSfg0-?8_8*m7fk`j|H(|Bw)>IzF7%Np~e z)~6!~qI##S?cj;JOeT2^C4c=|;6%A{b4vMJG0wTKVSbky$1}n6SibkOs^iTs`den? zU)zm00Sdz}kqU-N)VQg%C33?UMEr;OS zhq|9JH&vXyhGFZt`hiMgjF)i&AKO%XVWz_IH0!`_rW*0&-83iSAa?e>{X;(%2@1$C zO4jjWw6H!wGc&VCkm__>w(vicTea)+ap+@eYHD=Uf=I78B2Q63VY8T+3=CJJ z;(yA3>9DwT-9hnYXjc z|6t>FstH(X^lDx_Y-OTDnUnHO!jLmT{%HH-HpzcGCcKKZPE1nj(RW)}>|&Lq;EXQN4>0VHri1fR;1A1r_Wu6ip?dZ<~z`r509{cnXb#`t9e>ydc z>AabtV`ThEp`@XIo6b}cSI$gEU0NX)WkIeJE5ag>VMLl6R`BOx{TW!M1?!bs!@ke~RKe?~n%yrCj^^Q7BFy%Cp~=`;9^T_2 z?2RqKFN~`OG2jJP9&saR%FbBIm_kylxaK!H6_BygBs{BKmwtTb5~@V7u3kC^lfb6? zil)WK7MGFNkO+nkUeh4;+S*!B0%$AMz^)xwH!QUN0QrqY*)WlSUuExaRMS&(4Q+o^ zIRkw`@^}SNx>33{IH&)Z3J1?yze~H>P47sn)y&gHo3BqEKo3x_7M2(RhlAsHIlk+? zJE#aG&2%7eGof%$hCF^Oi_hc!()*D|mg~7M=6wl04015jmew0Gclfim);154 z#;)Ps9!@&h#6RAquhyj@FtlvZcTQ5pN%Yb1p#D%GVL1fAo6}xTq)ME|u@0@bp(jb9 zl~8x%$;3&J6UU9;vpIC3O|J zuAhwUdz$VO>P2rKIUxe50iUyEKKKuw#Xygfxe_{-TlDB-7uI$F21sChSgMr#C+Yd^ zl(A#zDGXiheqe-07$PTFnRXtw+H5u%*%M#)c|;Y5&wQ`G=gt4;Y;SBS3#@w%xf}Hca5jQfI@1JuI>WwMU%_Xr&Blt7&Fj2+F0$V1pgGi!g*3*B~ z#+&%xV;g~kk-QFKRl@rqpV!v1U*%(WQkNI!Ts|vvCE}RaDZJp&prDbn003w=JfUmn zwY?Qyeu@A4_;|`-{mZ<#H2e1ik-!-b-a^IUNm)mjq8Lz-)_Was(VP0v9b^fXSJCFF z%&SvENX|x9Q2=iif_=(d>STZy#K^_C3noby{9#bt&XtFfjFIvOvARk&is6G#>w^6E z19IT-9dV<)_=}D36zL-JKvZ$EyEgVcdyDk3;i`% zQ|j6E&%UqZZ>R;mfKz7@Fa5cJ%+Oze{L(_PeM~Hj)oanmgYk^@h}TbFP{3C5KXn!F z;~XnlG`I6LdX1Vvq7I}2WUV|*6lrT)Xxoce%Yig0A*?~ZVq)hT7T35{J%Kw)PR;#Z z)w=XUxYOBk1K#}!4`≫N)Lm2guLuK(+d>2=oNJ|7K;qxZLk>F*_0gds)|w< zsqQOkts;$#3nn(xrFdhEns(cwp0^Hr-E2ybG6*MiB zKktJWHGBgKzZQF5r9mZ7be+!vh6WNB%IM{fv~WS2K>vG9L0m@}+@N!IW<@O8WMXSg zl!)JzZ36>w7e*ji90E3xZrjt_PvFzaHHcsSmOz}t?H=n2AEPg?rYve^_B<%o?PhVG zerc>6UrTy!#xV3FO=>ZUZtz9C8q-|~1?|6OcB5y-F{S}uGhf85+h`$0DBDSxOCObJ@du4G?D zv93!5(Cb<7CXauR(Q`Xug{!8i7a9XP)_PVmbvK_jJ;2UTME{2YiliW~-(84;@8YT9 zhCTxCR%7zJ9JASo5kuS64)gAy9PFS$&8-rRCc>v4AdM?}tJpmp5AR5aGr_OcAkoUu zFyJ`Hbsrj>PhZhHU}y*)BfY9yf|7X$E`FF?6dE0{snvYq=rXYB^OqSDn?dUgeR1>Z zTV>}(dd#|;*YnJ1hwb5c)4RN2Tn3`j;PFH>OyrCe-i)zNZkI*Z!}q0ic&qlS%(K z0iTzThC1wr(g_Yajik^&Lcz4#%~FceoAkQ5E~Gy^Qu&>}qH4a)7Rh|pB}KmTmxm>O zk%pjT+XC{Yhqq{uhR7CJSZ3eH8$Cf+W>K6)_!vkdcz3pz>=;(#}Qeg?Crxv=0HMN>aI}112k_On8M>!wpV>2Q9n~GCpT=*AXrl#rPga1E~&#NMPkPBDGSED4RtcxD9!5k`&3dgqS)A|LF>N z_du>{LxE&&+dci>;dnML-(x^0dXoCGIt6@}q3>qMjXP=#SYuRZ<6BZiJvuR(h&0r? z7j8tYzGyp7+9&18Lp>H|O43lv{i$V;BDjQ(AhQM9bKY0#G^S)e1pXiO)Yz}lyp{^=W`DmevINw8an8=vRUBOAOBS{}8TJCi_K}Df; ze!%}`4Hx<2!$lm%vpX&q&WV*^-~dp`v1TtmKl~zpaCyH4F0QA&9X`z! z{RS|-PH~w)Xtq2!=XL@7N?9V+6KJf8DQu@8AI8$9XG{zzEg`Fu5OpBno~}j75<8mV zl;{D9{6y=!c-@VFAd=kYbj$A0z8W-1*kcr5#qj8M512&z+j#+4S5WB~G+0znJkA&N zG6nIJ{(7nKRWP19;#)jA1{4zMK@9oWt3#Z@X*?Tx}9r%uN% zNM=`TXB70SW?*64s=T1IE&fAJCcmjgIDt+btMT|p8@$cTz~XvDQAtwUg7sSsq=73_ zIXT2WRA0m`b2)~8SntnH;*5Y67;0WR(?p2 zr%b-8HijB|WkNr?up~5MrH{+)yVztFDs(TU5`6qKWm*ezI=o8n1XRh>@-#p>IUcN~H+fXlIP;LPMH^<3 z&$iS|iT|;CTp1jnk?~VqJ&h;swd*Yi0l@jN)KAu?bJ+s=c>yax@I9j(q_jXEOGKz$ z@!3W_%D5TfwrS4p4JN45My0#H(I@Xu@^`sT>BAGmFLw{SqvQRTw-#11Lhwv4!cQKr z%!$krt9sOti9x7QhT<$3T^Lwcl!Y=G-?u8GPybu@AC-VW5l%v1=>j0m#4d^G7DcRPudaG8yzd(pC!{G8mh*?bXr-8_zALIJ zMWu75Zw%1B<$&ER*z~Tf`pqx@tS?G2GC_8p1UTLc=_7F|i7DwQ2kQGS(Im3q!VVG> zQcP`#=eK+*Cx>qFsKbpQyXJJ}EN$ly^zeACy6pV?;8?@7|M$kwIy;mP7Fu~_L|Try zajoz2amh*z{S90!%o$T4U9FZfQtw=ch{yl)rFR6B8#@@jOHpL0bY|@a_$H)D6(eXn_28946{lHwcu)j#l*>nI$fDrG*uT_9?PNFp>tJV!&rgU~Q za(mHCEea=fk>V;xbl0EViooqo+!0gzmW%HhBAee*4&Do`Nz=!~ zB!3qu97skoxA5z%4RAff0-pI!?od~g#Gi~CjTS@23ZF4}n$wY^(|-HFb726gdi}c; zT=p?zU@)LY7Rr4a5wBgv9x{T%jGO{C@ws; z9K+Tm>_h_*#>r)sdB>rg(SL^g5L*y+5h?Mz9E}X7-fHX&Az=23c*J)7Q)H^X>{v+y#T5fxJi9PDILmvl z!DVZ|p<17(-nolE(1&uLQ~>+4TvB;X8I=kDG9uKuafzly1VU{a%+(^}!;@N?KC5eW zJ_I+ye^8V{2`3JA*cDBY#uDS&we5KW_(U6^(6aE3^=$QH{$?-XL0w*O6sVuATn890fAmg!a z<}#}7`RZMSNon%w<@HjvB!$ck*-9xEHL#HFJwS;_?)amt@dP(r1@(6AFfBQG) z?{Q&9aHpPn%di|h(y-A0C1wH5@9U@PQTXf{w1O{?bB*V#=NlIr>3pYj^B-G%R{3?N%P?iBmc$@5S%0Y`}d z_x6o3RgIQatY(-0jjcd`lBy1zprl<`nj15IfGJw8o$`wcdml)p5&l&bX4iZc-v4@G z)#kcL;N$wZlmFVWcU_=80)dg&r!#AjHHK#!vG*6=EUT)bR{4n3PoJ~L*A#;0rz52b zW%FS&A6M%8vpPBKfCLNNyIr0qL0U2PEmq9$#3RrJj)uBFO)oDf=VxIwor_Y8r#z;X zW%{JHkI$e`-@Hh6lA+?Hi%d>Von{MJy&Z5n`F0;hC!WTQFJ!j;6~}R~bV?w8|pvk&-T8%C%0bjW-dDoR{0cjrZM`R!|s|H%|(P zr0F6M_%ORIlH;-50=W4pp<;D^Tw-+7;Yyl=P7lrx z9zrO3zXa_m<%byjZ7JAq5c*5NLY6FA4QKf#SlC|dh_pE3(edC#jN#+`wxmX?mwr4A z0^0Q*mC;zL9lx(G&>K(Wv*mxwB!qK6QOWhH8zyDz3Q#%)pw05%upMxsmxTgQD~|-P z(VsE1PszhI?BmFecSUFNAho>~J@QsN9?!so9?D$qooRz+0^EeYpboFe2m(H+kDD%= zUZ8M&1&}%#@qDSK?zvjr8<6giSW*i6~p80hWwGHRQ#0-JcgzE+qWev`b4GM z&DBjgYE+SmO*p>y{B~%Ns=2MTI3GnYw5XcQORZhMEr%(~57wC;I?kv?LP;i##jM$* z-=~^s{eST2bg>GCSU})0*p-)IDR&4#kO?o`A+xbdPa+)~fPzOx^)te&3OkH~7~_|3 zeM7@MPVjYq5W+#n%@h&gGPBiyqsHUevklf;M``~qRz=HR%<4>4g+?>Wt+$B@HW!z= zM!I`(77XII5;Mg5IW#e0aERm|UGX)6 zec^DF12wo-Mx$5*Bzl2N$*BfB-YC83-O`iHNYL^9d%l5|{*iEEc~DO6|J!nU?TI<$Z z^dsmQ@*T&oGwWl*CQ&2)KUGwGsi`*Ly; zw82)&;}m(uh{gsljO_%5!v{O^Gj3XDilsi4@vq?_!$P^%v*~E@f!z7}`?VED{qK$0 zW%fCZ-W@1nUB*!i>XKUutRcgchBM+CfRWvnWQw_ZDNf9~fc3g_9$ zpI!2ber}Unt_0n9q9~h54rgrYwjFUZ&2&slm=dFfr815g4HYU)E&u4?fJ(DuR;Vs4 z9FVm?1%SqOlqZdAx9*v_g6aTa)YbV+9NIqi3-@5DaG4;KYyTSngUK1Ev>rq3JIOZ@ zK{|}|iwnZ#rcSRP)cCk*BVRZHhvR?VYw$bgZ?kAO_|3HN0Ov3*w1qy-FPRYUX@j8N z-1pwwD8?qz`49QbPaQF6LNq~S{G?w|gM^Qcjwv(Gg6}o6eE?u#qNJYI6K6>X9Ui?C zms%F)Pm|oIXCEyu+_(K%A>>MX4qP`K$b2Qa5)PW08JT;Z5KH)gh<^JuX0sXcg(}@o zIS?13nRSV99GP4ARSVmESLpLuFbc^@6azNM9#au7B+ENA#jlKHIbb(pWZ%By^7$6% zbD?{Gmgd0ieLX6^qA3rr{4nT_43bz*8)Ax}7UgveD@Deuw9owSxR_32Ap%>Wo8S zd-5x3YBmwdKfybn1sEaY%aY3Gq|&P?y?AdyraFT4keCv{8>8M`kucRn|2Ag>0MK3} zMTL|x8L<#2!bndSD%$OiZweS?GM!~-HCG#L&z&}(m!h^obssSo7Y-p4WR&n!gf@InBxivaWQ#z4F$lf&l?In(b!!6992vN&X1VSFA5H4g ze4Gdt)gC4wOX;9mkwh3`W@M*uVErHbC%i)(tXc9}y5^={OZ-MD;jK&f1< z&c7<2n)X|(I=5TY1>ROW4M%8-JS_*Tdjh{-bbbnT+!aI+Sqsc{d{2{3Ry567QWIYv ztE0x#3K)3_g*DB)yrgrObz*xiAIuR68Lrxd&x8XA(NKhEAmgumy7UGknY_P{MR|f4 zN=a9%+5k1f*R~04K`1Pxi zKT|eFIXk}wdZ0;A2D2WKRo&N{-xRx?ns&xC+7Ve)9?w~bG%D02eWBjPUfD;V{TiK$ zNCOn4Ex)xpBgMq#Y-wS>J0PPE&LN2(#A-m@;NwhdT%$-7B zgQIp!dB%f-bE(_iid<5h~&%nRfiKea=W*5jXv5}f&85YAO1DQEv=6rvEEetHcm z_8mr#tr;JR{hA=cWXBe16)b^s+Z@h*y6|0DyGto)`Z$^gAF{{#WGE9Yh9g@e);q72>HWO`bVQfW>N6Zxo0xQ zS5`p@MUo;-Oi;uG;348<4*2z(8wbmx0UU;A)-+?50cK$?%Y522~@hK6EAX zb$g&rjW{(#+Te9QoT`pz+U=|8o~H_2YOXmwZu;~^e#+2)bSTX7>5Gn%wLV_7Py-(w ztDE$(J}buiD5LXA3*l8g6Kx0=gcg8i=VYN+eYeX^E{qVLAKZ@4*y!{Y78XSAJ1H^a zna&SD#5KoVVXXDqr+32KV{SDx5d;1FIy}Il)8XFjbJ2NuBa&~wK}{QD?)1!pmbYFW zw#0DhiuqnX7Im1A1-f#gUkb*)9X85VDjFC^;K;uIs!l!`SWYM^?n*U;q~q=r zzaL}=e29qW#afzxTFcopkoRLLFT?~CMA;RI%c=(ILG}6K`URK8Xz6OZS8l!DuGcUu ze|U=H_om+o%iL3(@*gJu+HlT2J`8^}WSAhdsL&X(fM8Gl(GTs`;r13(wDo?F(N^s& zOeFfqQ_LEZ1BLDvvZ7j7hI6td)ygZF0 zmHmF{!13VtONi?NE{bnj8Y0A=orDUF7Wu17p&1Y=oP#pRAx9uZ+R9Cw!8+07hcvs% zzwB{G`wO(l6;-sK^?v>wUC?Fxye9~vI`lrLO@8ZbCpx+8*l*NqHtUXh>JER~>3rKU z$?|+DsR7+%A;U&27_MAj1^Y*13!&HIdP9**L7C~Kq^6rs&{Cd%h(Vrd_zKLDGeBlW zQ=E1ku43922VFrd5rQYo)&8N-T3Mg4!VSQR=)W0E zdyOhnv!86&au{b<`RBH;1oez*FL(7WtMqNeDy9w^;f%Bll!r~aMWGnLwN;iss*LQb z2%Y|``gI*RxVZ@T$|Elo>xqR#p|FZfeC#+42Pm#ACy6`rG@D5r4k3D9Cfme!+c^pV zDf!%KK&f?8FfSR{-!%GUIM$WhK&e)DFe%?Ozt@ry+MG%jl=cbGwxC7{-pVT*vR`a* z)0URm;UjizL3>B;qTk8i*-dA&4PTIF;x!Ui*@ReP$?yD)Rz%vIK;FBAR0BmDMPM^F zCQSX`r*-z;9nY#aTH*qFLy-Sn9+KHGrVkIA;@Kf{+u~$Qzp0fI0}j)mYKya#r;ur( zplk)72ijVZ?(+3l`6ccHoTX*EE&{5p7-=&Q$BMD8R8W+zGQ=Zo`B}YQ_&{Rh&9)vp z9gr`4&FwIgXvjvV)=2Um0-1NJ*?hjVO>qP@u7_*=&G|fABbc}sZ<<{taZwpHJaF0o zdH@v}H7E~b1iK#8b4=jWuDUG1&k5Aiu5!oQXUNG6hxZ7^!{xGhVuJJkP?>l*C}z3A za1aTX!}%;{T(fb`O-Bdw#{tY@t{9Stl);oTf{3~QuST5ijGbg(25x95RQ&Unrw*8q zgyQu~30;8^yI4=8hlbt`By`eA5AjSLnV!sy*W~uA9_@kxyQZ3&xa8#D zPB+8oNSk(p$SX;TgGL<@p&f@*0%4yINvhCR8*N;kwwL^7muGro#mv1wrG5f8s;`}( zp=(nizLB%Tnj+Rvvnl6^e;2Z%sBwkLiDx1yh|>aT)p;Q|2Niw;1@@j@-C`UIfqUHn zLqv_;-O)SHlDvc_eZ_H|YMt)m{Q)6J`kxzK&b8|Q0cd{rP>H9$g@w__i**M%?j(kK zXvIDd>?1R`g;3P=`>Jg04guIJD8|l40p;1J=YmILCH|6F;7GeVmpmFz&F5k?ky=?n z7sG1eFf2ug=Faco;=n*s`lTV}q=Fe|>gq7K9qnTw;OWXCE>-sqiop_^S7Fb~jLnKW zl8QY!r$`uXJHLhBffl5XETseNC^A*$;p{JWx@ok-}mh7*aLS{TrgB@=*8?1 z_AQtjj^A{Gek?&grB4&YOghDcQ}EEWQ_Bb;t;Br36R%GsO3qa;yhj&eEiE}bP-%YI zwOgIO&cs;3H;Tp7BJ(OF>`C%Ua0L`7%m?ekpq>n)F%iPA2VDdO(^7ti2|pj=FOK>q z4HiD8GbP1GHwB>Tk)@3RGZwp=b&Udy%@tAA?y3U){ z+%LwP7(Vb+xn^h5*!(0_MSGZP;Z90r8oH)5l%2Q&g@ux`ADt~MXQ1+9nQ*qaDPgh& z5W*6f%hUL0qvXw$R4@0hVeG{$vTXpkLqg7g^8nyDZV~C3f8IF7SLW?^Q^>IXNCM}4g0&iP4-zzOX-k#T- zQqIRL{)7Hp-g$s|mx;EV)1$%CGQ8X(AoKM`!6f6S6hjK#MGaj=4mrF`K&-ygfpZ(= z*V4%J?1k9da52p=7I$zceG-A#uMbfl(TZQM#~h^mTy<*7qb>Q5ns#wbvL$SJ@?{GA zSTs?kX!;Nu3B$R3(dM|ndg)H5%Qq4UEC-}WlN2ff@CQXPkQ{Rx&xPFG$7`S!Vo_y8 zmYYp3uQaj0U8vj6_82)hu<|&cRVNJocZ1l!ISdQvctjB+bNrg8{BT~l{}I9CbfTB3=h_oFSBO2d9 zjG|#CW8{gGX%kHdIp+P@oT)&uq;)^c=aORn3%w4&1)sV`H$_0no4;}mF zPzY5~YIFmtt05kP(inupP#T5Oh}kl5T?lEjG|vYsct0@k!jUb2f{Rh;O;Csms3T`+ z6@(2Wu->ZQL$dwQ*9V#YBNYWoAml(^K~E2~cfjEuQ*|Imyp32aMko||taZ$ZD}TT8 zwI2bTKYI>OKK+!P9M%D_SS*(RKlsF5vsgF(+2Z|4lP0lx^=hO)uZ9dCGI-oclOFx| zS5};vN~MmC2q=wmHBwdrjWtkjA_K||BX|%FnW#ZDVy-M; z(n4Rr_tC!KXS2{Z0Db-DIy(^LAYk_OwFW$NrXT-60(GzxNo7o;;Sqd5k3Mk>TQqo|$sWDZI97m7NII0kBvs7E6IS=U>26Pd)*_g%@5p`?=?ye=3#Ec;fp` z5UM|F=UxsWhr1fgDOevZuJaP&_sTD3u-GIxc+blqvQ1KlI??apT+A@cJ9}54Knbz+$mj z{um1uEa28#Zw27XmtT6zV~_mPM9=do!{O*B)9K!~IRe3nH4;YRF(@sAvY5HJuIW1H zn0$d^GJty9X*jrF>`0g^I0JbT1?cUAbRTs0qWT7Sw*vk0@^aFd{uT9gH9g<`?stDQ zfByWJ>_2I-SS%LHpTMm1=M-=Mer|qlL7-cU%+*S_$E>P#O~| z%Z0j1p`ltBTq_J~6q*{%_3%bvXoJvDBh*$4)p4PsR49oGj()e#_Y1cp(Xfmh*&@J2 zW%duWSS%Kc<-fyicieu={TVZ6G=)N;!Lw)2o-uLa#J*Upq>!io zPDkK-IT;5Y1_X0cc-7R!gh z{Q2{bxi2E2OE10jfk~4lb-Ava01`mbb={ony5cyFXstylB}yw%${2m6RPmy<7RPbK zbzNU6)eCe1iBY3Qb$|XZE?Bz$4}U0ow_~~F!E2nUKmI}`z~>+M`XB7SV|g!Z4uHjC zv3vkby5l@nU;oS>ea%&0{o0K?ckZ0n(befE5()bI`#~!@+Ygh^<|(g?Q(9hz7DYv6 z1=ZEn)YaAX&YL&y#%a^0?R&4!ef6z%&Mhz8J?pK#J4>gxo$=Dz{hNQ@)z|&yHx@j< z=Yj{np`N(x9;@YVu~;k?%ZJ6ux6fSinZN(i(?5La{-zK5v**s8`;N!Xf8c9BKlzT& z{U3l?_g-;P>y77JY5xVw`^B|GV6j*%9~cV(=h{zSaj5O~&)!-Rihi{^6wfxr8-8^5 z#53-`=%n*=f9eM>S+eBa9{x5#P2#gx-Tx@S*oB{A Date: Wed, 24 Mar 2021 03:52:36 +0100 Subject: [PATCH 153/332] Add the desktop launcher file --- xhydra.desktop | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 xhydra.desktop diff --git a/xhydra.desktop b/xhydra.desktop new file mode 100644 index 0000000..69debb5 --- /dev/null +++ b/xhydra.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Name=XHydra +GenericName=Hydra very fast network log-on cracker +Comment=GUI frontend for Hydra network log-on cracker +Version=1.0 +Exec=xhydra +Icon=xhydra +Terminal=false +Type=Application +Categories=System;Security;GTK; From 5c9184061f0c4baca1b3b4123b1ace6ba5d3a3a7 Mon Sep 17 00:00:00 2001 From: xambroz <723625+xambroz@users.noreply.github.com> Date: Wed, 24 Mar 2021 04:20:43 +0100 Subject: [PATCH 154/332] Install the desktop launcher for xhydra --- Makefile.am | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Makefile.am b/Makefile.am index 49e8476..ea7ade7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -11,6 +11,8 @@ DESTDIR ?= BINDIR = /bin MANDIR = /man/man1/ DATADIR = /etc +PIXDIR = /share/pixmaps +APPDIR = /share/applications SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ @@ -78,6 +80,10 @@ install: strip -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) + -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ + -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) + -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile From 0749b9be9f121b092a0ec803f8cd1ff191bd34ea Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Apr 2021 11:35:18 +0200 Subject: [PATCH 155/332] malloc checks for restore --- hydra.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index 1a00976..c996b44 100644 --- a/hydra.c +++ b/hydra.c @@ -226,7 +226,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.2" +#define VERSION "v9.3-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" @@ -807,7 +807,7 @@ void hydra_restore_read() { fprintf(stderr, "[WARNING] restore file was created by version %c.%c, this is " "version %s\n", - buf[0], buf[2], VERSION); + buf[0], buf[1], VERSION); if (buf[2] != sizeof(int32_t) % 256 || buf[3] != sizeof(hydra_head *) % 256) { fprintf(stderr, "[ERROR] restore file was created on a different, " "incompatible processor platform!\n"); @@ -883,11 +883,19 @@ void hydra_restore_read() { printf("[DEBUG] reading restore file: Step 8 complete\n"); login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); + if (!login_ptr) { + fprintf(stderr, "Error: malloc(%u) failed\n", hydra_brains.sizelogin + hydra_brains.countlogin + 8); + exit(-1); + } fck = (int32_t)fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); + if (!pass_ptr) { + fprintf(stderr, "Error: malloc(%u) failed\n", hydra_brains.sizepass + hydra_brains.countpass + 8); + exit(-1); + } fck = (int32_t)fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); } else { // colonfile mode hydra_options.colonfile = empty_login; // dummy @@ -897,8 +905,16 @@ void hydra_restore_read() { printf("[DEBUG] reading restore file: Step 10 complete\n"); hydra_targets = (hydra_target **)malloc((hydra_brains.targets + 3) * sizeof(hydra_target *)); + if (!hydra_targets) { + fprintf(stderr, "Error: malloc(%u) failed\n", (hydra_brains.targets + 3) * sizeof(hydra_target *)); + exit(-1); + } for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); + if (!hydra_targets[j]) { + fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_target)); + exit(-1); + } fck = (int32_t)fread(hydra_targets[j], sizeof(hydra_target), 1, f); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -950,8 +966,16 @@ void hydra_restore_read() { if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); + if (!hydra_heads) { + fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_head *) * hydra_options.max_use); + exit(-1); + } for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); + if (!hydra_heads[j]) { + fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_head)); + exit(-1); + } fck = (int32_t)fread(hydra_heads[j], sizeof(hydra_head), 1, f); hydra_heads[j]->sp[0] = -1; hydra_heads[j]->sp[1] = -1; From 593c5b151a58d089058ea7f21a6478753841f4cc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 09:50:14 +0200 Subject: [PATCH 156/332] fix macos + freerdp --- hydra-mod.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hydra-mod.h b/hydra-mod.h index cb9c342..636efb5 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -67,7 +67,16 @@ char proxy_string_type[MAX_PROXY_COUNT][10]; char *proxy_authentication[MAX_PROXY_COUNT]; char *cmdlinetarget; +#ifndef __APPLE__ typedef int32_t BOOL; +#else /* __APPLE__ */ +/* ensure compatibility with objc libraries */ +#if (TARGET_OS_IPHONE && __LP64__) || TARGET_OS_WATCH +typedef bool BOOL; +#else +typedef signed char BOOL; +#endif +#endif /* __APPLE__ */ #define hydra_report fprintf From e7b3d09d00e42811b91b210ac8da50945d8f6219 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 23 Apr 2021 16:07:50 +0200 Subject: [PATCH 157/332] removed bad entries in dpl --- dpl4hydra_full.csv | 5 ----- dpl4hydra_local.csv | 5 ----- 2 files changed, 10 deletions(-) diff --git a/dpl4hydra_full.csv b/dpl4hydra_full.csv index 032c4c6..281d7b4 100644 --- a/dpl4hydra_full.csv +++ b/dpl4hydra_full.csv @@ -2417,8 +2417,6 @@ draytek,Vigor,all,HTTP,admin,admin,Admin,, dreambox,All models,all versions,http, telnet,root,dreambox,, dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox, drupal.org,Drupal,,administrator,admin,admin,,, -ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!, -ducati,Diavel,,,,Last 4 digits of VIN,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, @@ -3611,7 +3609,6 @@ iso sistemi,winwork,,Admin,,,,, iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, -jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,, janitza,UMG 508,,,Homepage Password,0th,,, @@ -5207,8 +5204,6 @@ oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), -oki,B930n,,,root,(last 4 digits of MAC address),root,, -oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,, oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, diff --git a/dpl4hydra_local.csv b/dpl4hydra_local.csv index 032c4c6..281d7b4 100644 --- a/dpl4hydra_local.csv +++ b/dpl4hydra_local.csv @@ -2417,8 +2417,6 @@ draytek,Vigor,all,HTTP,admin,admin,Admin,, dreambox,All models,all versions,http, telnet,root,dreambox,, dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox, drupal.org,Drupal,,administrator,admin,admin,,, -ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!, -ducati,Diavel,,,,Last 4 digits of VIN,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, @@ -3611,7 +3609,6 @@ iso sistemi,winwork,,Admin,,,,, iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, -jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,, janitza,UMG 508,,,Homepage Password,0th,,, @@ -5207,8 +5204,6 @@ oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), -oki,B930n,,,root,(last 4 digits of MAC address),root,, -oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,, oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, From bd2f949b34c14165f281aa3eee784398fd667b31 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 23 Apr 2021 17:05:58 +0200 Subject: [PATCH 158/332] removed bad entries in dpl --- dpl4hydra_local.csv | 53 --------------------------------------------- 1 file changed, 53 deletions(-) diff --git a/dpl4hydra_local.csv b/dpl4hydra_local.csv index 281d7b4..2f3df58 100644 --- a/dpl4hydra_local.csv +++ b/dpl4hydra_local.csv @@ -3059,7 +3059,6 @@ hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,, -hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,, hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, @@ -3783,7 +3782,6 @@ kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, kyocera,KM-4850W,,,admin,,,, -kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification, kyocera,TASKalfa 250ci,,IP,,admin00,,, kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,, @@ -5185,20 +5183,12 @@ oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, -oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, -oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,, -oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,, oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, -oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC), oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6300,,,root,last six charachter of mac address,root,, oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6500,,,root,(last 6 digits of MAC address),root,, oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, @@ -5206,59 +5196,29 @@ oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, -oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, -oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator, -oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, -oki,C380,,,admin,last 6 characters of the MAC ADRESS,,, -oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,, -oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), -oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C5550 MFP,,http,,*blank*,Admin,, -oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, oki,C5650dn,,,,000000,menu,, oki,C5650n,,,,000000,menu,, -oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, -oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, -oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,C6050dn,,,,000000,menu,, oki,C6050n,,,,000000,menu,, oki,C610,,,admin,aaaaaa,admin,, -oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., -oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol oki,C6150dn,,,,000000,menu,, oki,C6150dtn,,,,000000,menu,, oki,C6150hdn,,,,000000,menu,, oki,C6150n,,,,000000,menu,, oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, oki,C711,,Web,admin,aaaaaa,Admin access,, -oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, -oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present., -oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, -oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,, -oki,C830,all,web,root,last 6 digits of the MAC address,,, -oki,C8800,,Web or Console,root,Last six characters of MAC address,,, oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,C9650,,,,0000,Print statistics,, oki,C9650,,,,aaaaaa,Administration,, -oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,, oki,C9655,,printer menu,,aaaaaa,printer menubutton,, -oki,C9800,,,root,(last 6 digits of MAC address),,, -oki,C9850,,,root,(last 6 digits of MAC address),,, oki,CX1145,,,,123456,,, oki,CX2032 MFP,,http,,*blank*,Admin,, oki,CX2033,,Printer Menu,,,,When asked for password just press OK, oki,CX2633,,Web interface,admin,aaaaaa,admin,, oki,CX2731,,Web interface,admin,aaaaaa,admin,, -oki,CX3641,,,root,(last 6 digits of MAC address),,, oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC), -oki,ES3640,,,root,(last 6 digits of MAC address),,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, oki,ES7120,,Web,root,aaaaaa,Admin,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, @@ -5270,7 +5230,6 @@ oki,MC160,,Op Panel,,000000,Admin,, oki,MC160,,Web,,sysAdmin,Admin,, oki,MC342w,,,admin,aaaaaa,admin,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, -oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,MC361,,Web interface,admin,aaaaaa,admin,, oki,MC560,,Printer Menu,,,,When asked for password just press OK, oki,MC560,,Printer Menu,,,,When asked for password, @@ -5280,19 +5239,10 @@ oki,MC860,,Web interface,admin,aaaaaa,admin,, oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) oki,ML491n,,http://,Admin,OkiLAN,Admin,, oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) -oki,ML8810,,,root,(last 6 digits of MAC address),,, oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,, oki,WebTools,,,Administrator,,,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned. -oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, oki,c5750,n1.02,http://192.168.0.200,,,,, oki,c810,1.0,192.100.185.78,admin,admin,admin,, olegkhabarov,Comfy CMS,,,username,password,,, @@ -10095,7 +10045,6 @@ telus,Telephony and internet services,,,(username),telus12,User,Initial password telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, tenda,W150M,,192.168.1.1,admin,admin,Admin,, -teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, terayon,TeraLink 1000 Controller,,,admin,password,,, @@ -10398,8 +10347,6 @@ unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,, -universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, -universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, From dd8348bcf065c17a7e7339172f28ae2ee673b7ee Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 23 Apr 2021 17:06:18 +0200 Subject: [PATCH 159/332] removed bad entries in dpl --- dpl4hydra_full.csv | 53 ---------------------------------------------- 1 file changed, 53 deletions(-) diff --git a/dpl4hydra_full.csv b/dpl4hydra_full.csv index 281d7b4..2f3df58 100644 --- a/dpl4hydra_full.csv +++ b/dpl4hydra_full.csv @@ -3059,7 +3059,6 @@ hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,, -hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,, hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, @@ -3783,7 +3782,6 @@ kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, kyocera,KM-4850W,,,admin,,,, -kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification, kyocera,TASKalfa 250ci,,IP,,admin00,,, kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,, @@ -5185,20 +5183,12 @@ oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, -oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, -oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,, -oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,, oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, -oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC), oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6300,,,root,last six charachter of mac address,root,, oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6500,,,root,(last 6 digits of MAC address),root,, oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, @@ -5206,59 +5196,29 @@ oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, -oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, -oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator, -oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, -oki,C380,,,admin,last 6 characters of the MAC ADRESS,,, -oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,, -oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), -oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C5550 MFP,,http,,*blank*,Admin,, -oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, oki,C5650dn,,,,000000,menu,, oki,C5650n,,,,000000,menu,, -oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, -oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, -oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,C6050dn,,,,000000,menu,, oki,C6050n,,,,000000,menu,, oki,C610,,,admin,aaaaaa,admin,, -oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., -oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol oki,C6150dn,,,,000000,menu,, oki,C6150dtn,,,,000000,menu,, oki,C6150hdn,,,,000000,menu,, oki,C6150n,,,,000000,menu,, oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, oki,C711,,Web,admin,aaaaaa,Admin access,, -oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, -oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present., -oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, -oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,, -oki,C830,all,web,root,last 6 digits of the MAC address,,, -oki,C8800,,Web or Console,root,Last six characters of MAC address,,, oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,C9650,,,,0000,Print statistics,, oki,C9650,,,,aaaaaa,Administration,, -oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,, oki,C9655,,printer menu,,aaaaaa,printer menubutton,, -oki,C9800,,,root,(last 6 digits of MAC address),,, -oki,C9850,,,root,(last 6 digits of MAC address),,, oki,CX1145,,,,123456,,, oki,CX2032 MFP,,http,,*blank*,Admin,, oki,CX2033,,Printer Menu,,,,When asked for password just press OK, oki,CX2633,,Web interface,admin,aaaaaa,admin,, oki,CX2731,,Web interface,admin,aaaaaa,admin,, -oki,CX3641,,,root,(last 6 digits of MAC address),,, oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC), -oki,ES3640,,,root,(last 6 digits of MAC address),,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, oki,ES7120,,Web,root,aaaaaa,Admin,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, @@ -5270,7 +5230,6 @@ oki,MC160,,Op Panel,,000000,Admin,, oki,MC160,,Web,,sysAdmin,Admin,, oki,MC342w,,,admin,aaaaaa,admin,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, -oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,MC361,,Web interface,admin,aaaaaa,admin,, oki,MC560,,Printer Menu,,,,When asked for password just press OK, oki,MC560,,Printer Menu,,,,When asked for password, @@ -5280,19 +5239,10 @@ oki,MC860,,Web interface,admin,aaaaaa,admin,, oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) oki,ML491n,,http://,Admin,OkiLAN,Admin,, oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) -oki,ML8810,,,root,(last 6 digits of MAC address),,, oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,, oki,WebTools,,,Administrator,,,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned. -oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, oki,c5750,n1.02,http://192.168.0.200,,,,, oki,c810,1.0,192.100.185.78,admin,admin,admin,, olegkhabarov,Comfy CMS,,,username,password,,, @@ -10095,7 +10045,6 @@ telus,Telephony and internet services,,,(username),telus12,User,Initial password telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, tenda,W150M,,192.168.1.1,admin,admin,Admin,, -teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, terayon,TeraLink 1000 Controller,,,admin,password,,, @@ -10398,8 +10347,6 @@ unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,, -universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, -universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, From a2d715b870c358ff035af44612eff318b7ea82de Mon Sep 17 00:00:00 2001 From: Christian Inci Date: Mon, 26 Apr 2021 20:56:22 +0200 Subject: [PATCH 160/332] Fix logic bug I can provide another patch version, which swaps the operands instead. Signed-off-by: Christian Inci --- hydra-smb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-smb.c b/hydra-smb.c index 20fd1cf..6fc5bbd 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1494,7 +1494,7 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc ctime = time(NULL); do { usleepn(300); - } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL)); + } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 >= time(NULL)); if (ready <= 0) { fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port); From c81f0b97e7083552ae2be43dde2ac0efc615773f Mon Sep 17 00:00:00 2001 From: sanmacorz Date: Wed, 12 May 2021 12:22:48 -0500 Subject: [PATCH 161/332] Changed index() to strchr() --- hydra-http-form.c | 20 +++++++++--------- hydra-http-proxy-urlenum.c | 12 +++++------ hydra-http-proxy.c | 8 ++++---- hydra-http.c | 4 ++-- hydra-mod.c | 4 ++-- hydra-telnet.c | 4 ++-- hydra.c | 42 +++++++++++++++++++------------------- 7 files changed, 47 insertions(+), 47 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 3979e74..f675beb 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -572,17 +572,17 @@ char *html_encode(char *string) { if (ret == NULL) return NULL; - if (index(ret, '%') != NULL) + if (strchr(ret, '%') != NULL) ret = hydra_strrep(ret, "%", "%25"); - if (index(ret, ' ') != NULL) + if (strchr(ret, ' ') != NULL) ret = hydra_strrep(ret, " ", "%20"); - if (index(ret, '&') != NULL) + if (strchr(ret, '&') != NULL) ret = hydra_strrep(ret, "&", "%26"); - if (index(ret, '#') != NULL) + if (strchr(ret, '#') != NULL) ret = hydra_strrep(ret, "#", "%23"); - if (index(ret, '=') != NULL) + if (strchr(ret, '=') != NULL) ret = hydra_strrep(ret, "=", "%3D"); - if (index(ret, '+') != NULL) + if (strchr(ret, '+') != NULL) ret = hydra_strrep(ret, "+", "%2B"); return ret; @@ -646,10 +646,10 @@ int32_t analyze_server_response(int32_t s) { } else if (endcookie2 != NULL) *endcookie2 = 0; // is the cookie already there? if yes, remove it! - if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { + if (strchr(startcookie, '=') != NULL && (ptr = strchr(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { strncpy(tmpname, startcookie, sizeof(tmpname) - 2); tmpname[sizeof(tmpname) - 2] = 0; - ptr = index(tmpname, '='); + ptr = strchr(tmpname, '='); *(++ptr) = 0; // is the cookie already in the cookiejar? (so, does it have to be // replaced?) @@ -675,7 +675,7 @@ int32_t analyze_server_response(int32_t s) { strcpy(cookie, tmpcookie); } } - ptr = index(str, '='); + ptr = strchr(str, '='); // only copy the cookie if it has a value (otherwise the server wants to // delete the cookie) if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') { @@ -1286,7 +1286,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { cond = ptr; - if ((ptr2 = index(ptr, ':')) != NULL) { + if ((ptr2 = strchr(ptr, ':')) != NULL) { *ptr2++ = 0; if (*ptr2) optional1 = ptr2; diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 434b4e4..306d755 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -28,17 +28,17 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha ptr++; strncpy(mhost, ptr, sizeof(mhost) - 1); mhost[sizeof(mhost) - 1] = 0; - if ((ptr = index(mhost, '/')) != NULL) + if ((ptr = strchr(mhost, '/')) != NULL) *ptr = 0; - if ((ptr = index(mhost, ']')) != NULL) + if ((ptr = strchr(mhost, ']')) != NULL) *ptr = 0; - else if ((ptr = index(mhost, ':')) != NULL) + else if ((ptr = strchr(mhost, ':')) != NULL) *ptr = 0; - if (miscptr != NULL && index(miscptr, ':') != NULL) { + if (miscptr != NULL && strchr(miscptr, ':') != NULL) { strncpy(mlogin, miscptr, sizeof(mlogin) - 1); mlogin[sizeof(mlogin) - 1] = 0; - ptr = index(mlogin, ':'); + ptr = strchr(mlogin, ':'); *ptr++ = 0; strncpy(mpass, ptr, sizeof(mpass) - 1); mpass[sizeof(mpass) - 1] = 0; @@ -215,7 +215,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha } } // result analysis - ptr = ((char *)index(buf, ' ')) + 1; + ptr = ((char *)strchr(buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { hydra_report_found_host(port, ip, "http-proxy", fp); if (fp != stdout) diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 9eace98..3aeeb41 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -24,9 +24,9 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option sprintf(url, "%.500s", miscptr); ptr = strstr(miscptr, "://"); // :// check is in hydra.c sprintf(host, "Host: %.50s", ptr + 3); - if ((ptr = index(host, '/')) != NULL) + if ((ptr = strchr(host, '/')) != NULL) *ptr = 0; - if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[') + if ((ptr = strchr(host + 6, ':')) != NULL && host[0] != '[') *ptr = 0; strcat(host, "\r\n"); } @@ -232,7 +232,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } } - ptr = ((char *)index(http_proxy_buf, ' ')) + 1; + ptr = ((char *)strchr(http_proxy_buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2') || (*ptr == '4' && *(ptr + 2) == '4')) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); @@ -240,7 +240,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option http_proxy_buf = NULL; } else { if (*ptr != '4') - hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(index(http_proxy_buf, ' ') + 1), login, pass); + hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(strchr(http_proxy_buf, ' ') + 1), login, pass); else if (verbose && *(ptr + 2) == '3') hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); hydra_completed_pair(); diff --git a/hydra-http.c b/hydra-http.c index 7f1d56d..a0769b9 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -208,7 +208,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha complete_line = 0; tmpreplybuf[0] = 0; - while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) { + while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (strchr(http_buf, '\n') == NULL && complete_line == 0))) { if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) { @@ -245,7 +245,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha if (debug) hydra_report(stderr, "S:%s\n", http_buf); - ptr = ((char *)index(http_buf, ' ')); + ptr = ((char *)strchr(http_buf, ' ')); if (ptr != NULL) ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { diff --git a/hydra-mod.c b/hydra-mod.c index 65f7725..befa365 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -295,13 +295,13 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t send(s, buf, strlen(buf), 0); if (debug) { - char *ptr = index(buf, '\r'); + char *ptr = strchr(buf, '\r'); if (ptr != NULL) *ptr = 0; printf("DEBUG_CONNECT_PROXY_SENT: %s\n", buf); } recv(s, buf, 4096, 0); - if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') { + if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = strchr(buf, ' ')) != NULL && *++tmpptr == '2') { if (debug) printf("DEBUG_CONNECT_PROXY_OK\n"); } else { diff --git a/hydra-telnet.c b/hydra-telnet.c index 762ade1..39908f9 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -36,7 +36,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c if ((buf = hydra_receive_line(s)) == NULL) return 1; - if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL) { + if (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '%') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); @@ -76,7 +76,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c /*win7 answering with do terminal type = 0xfd 0x18 */ while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL || strchr(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); diff --git a/hydra.c b/hydra.c index c996b44..06edf87 100644 --- a/hydra.c +++ b/hydra.c @@ -1131,7 +1131,7 @@ void fill_mem(char *ptr, FILE *fd, int32_t colonmode) { tmp[len] = 0; } if (colonmode) { - if ((ptr2 = index(tmp, ':')) == NULL) { + if ((ptr2 = strchr(tmp, ':')) == NULL) { fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon " "in line: %s\n", @@ -1494,7 +1494,7 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { fprintf(stderr, "[ERROR] Too many connect errors to target, disabling " "%s://%s%s%s:%d\n", - hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); } if (hydra_brains.targets > hydra_brains.finished) hydra_kill_head(head_no, 1, 0); @@ -2047,11 +2047,11 @@ void process_proxy_line(int32_t type, char *string) { } *sep = 0; target_string = sep + 3; - if ((sep = index(target_string, '@')) != NULL) { + if ((sep = strchr(target_string, '@')) != NULL) { auth_string = target_string; *sep = 0; target_string = sep + 1; - if (index(auth_string, ':') == NULL) { + if (strchr(auth_string, ':') == NULL) { fprintf(stderr, "[WARNING] %s has an invalid authentication definition %s, must " "be in the format login:pass, entry ignored\n", @@ -2059,14 +2059,14 @@ void process_proxy_line(int32_t type, char *string) { return; } } - if ((sep = index(target_string, ':')) != NULL) { + if ((sep = strchr(target_string, ':')) != NULL) { *sep = 0; port_string = sep + 1; - if ((sep = index(port_string, '%')) != NULL) { + if ((sep = strchr(port_string, '%')) != NULL) { *sep = 0; device_string = sep + 1; } - if ((sep = index(port_string, '/')) != NULL) + if ((sep = strchr(port_string, '/')) != NULL) *sep = 0; port = atoi(port_string); if (port < 1 || port > 65535) { @@ -2595,23 +2595,23 @@ int main(int argc, char *argv[]) { if (*target_pos == '[') { target_pos++; - if ((param_pos = index(target_pos, ']')) == NULL) + if ((param_pos = strchr(target_pos, ']')) == NULL) bail("no closing ']' found in target definition"); *param_pos++ = 0; if (*param_pos == ':') port_pos = ++param_pos; - if ((param_pos = index(param_pos, '/')) != NULL) + if ((param_pos = strchr(param_pos, '/')) != NULL) *param_pos++ = 0; } else { - port_pos = index(target_pos, ':'); - param_pos = index(target_pos, '/'); + port_pos = strchr(target_pos, ':'); + param_pos = strchr(target_pos, '/'); if (port_pos != NULL && param_pos != NULL && port_pos > param_pos) port_pos = NULL; if (port_pos != NULL) *port_pos++ = 0; if (param_pos != NULL) *param_pos++ = 0; - if (port_pos != NULL && index(port_pos, ':') != NULL) { + if (port_pos != NULL && strchr(port_pos, ':') != NULL) { if (prefer_ipv6) bail("Illegal IPv6 target definition must be written within '[' " "']'"); @@ -2894,7 +2894,7 @@ int main(int argc, char *argv[]) { "like parallel connections)\n"); hydra_options.tasks = 1; } - if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + if (hydra_options.login != NULL && (strchr(hydra_options.login, '\\') != NULL || strchr(hydra_options.login, '/') != NULL)) fprintf(stderr, "[WARNING] potential windows domain specification found in " "login. You must use the -m option to pass a domain.\n"); i = 1; @@ -2918,7 +2918,7 @@ int main(int argc, char *argv[]) { #if !defined(LIBSMBCLIENT) bail("Compiled without LIBSMBCLIENT support, module not available!"); #else - if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + if (hydra_options.login != NULL && (strchr(hydra_options.login, '\\') != NULL || strchr(hydra_options.login, '/') != NULL)) fprintf(stderr, "[WARNING] potential windows domain specification found in " "login. You must use the -m option to pass a domain.\n"); if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { @@ -3571,13 +3571,13 @@ int main(int argc, char *argv[]) { if (*tmpptr == '[') { tmpptr++; hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(tmpptr, ']')) != NULL) { + if ((tmpptr2 = strchr(tmpptr, ']')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; } } else hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { + if ((tmpptr2 = strchr(hydra_targets[i]->target, ':')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; hydra_targets[i]->port = atoi(tmpptr2); @@ -3593,13 +3593,13 @@ int main(int argc, char *argv[]) { } else if (hydra_options.server == NULL) { fprintf(stderr, "Error: no target server given, nor -M option used\n"); exit(-1); - } else if (index(hydra_options.server, '/') != NULL) { + } else if (strchr(hydra_options.server, '/') != NULL) { if (cmdlinetarget == NULL) bail("You seem to mix up \"service://target:port/options\" syntax with " "\"target service options\" syntax. Read the README on how to use " "hydra correctly!"); if (strstr(cmdlinetarget, "://") != NULL) { - tmpptr = index(hydra_options.server, '/'); + tmpptr = strchr(hydra_options.server, '/'); if (tmpptr != NULL) *tmpptr = 0; countservers = hydra_brains.targets = 1; @@ -3622,7 +3622,7 @@ int main(int argc, char *argv[]) { exit(-1); } strcpy(tmpptr, hydra_options.server); - tmpptr2 = index(tmpptr, '/'); + tmpptr2 = strchr(tmpptr, '/'); *tmpptr2++ = 0; if ((k = atoi(tmpptr2)) < 16 || k > 31) { fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); @@ -3788,7 +3788,7 @@ int main(int argc, char *argv[]) { printf(" per task\n"); if (hydra_brains.targets == 1) { - if (index(hydra_targets[0]->target, ':') == NULL) { + if (strchr(hydra_targets[0]->target, ':') == NULL) { printf("[DATA] attacking %s%s://%s:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target); printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); } else { @@ -3864,7 +3864,7 @@ int main(int argc, char *argv[]) { #ifdef AF_INET6 ipv6 = NULL; #endif - if ((device = index(hydra_targets[i]->target, '%')) != NULL) + if ((device = strchr(hydra_targets[i]->target, '%')) != NULL) *device++ = 0; if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { if (use_proxy == 0) { From 221876598b2f05da8a7fc17076d231b00d1993b0 Mon Sep 17 00:00:00 2001 From: wj0seph Date: Wed, 19 May 2021 17:59:18 +0800 Subject: [PATCH 162/332] fix: skip user bug username can potentially be identical to the beginning of login_ptr --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 06edf87..9ddcebb 100644 --- a/hydra.c +++ b/hydra.c @@ -1957,7 +1957,7 @@ void hydra_skip_user(int32_t target_no, char *username) { hydra_targets[target_no]->skipcnt++; } if (hydra_options.loop_mode == 0 && !check_flag(hydra_options.mode, MODE_COLON_FILE)) { - if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { + if (strcmp(username, hydra_targets[target_no]->login_ptr) == 0) { if (debug) printf("[DEBUG] skipping username %s\n", username); // increase count From 19432a217360dc6430e8186208d0b228da5f7070 Mon Sep 17 00:00:00 2001 From: ABHacker Official <63346676+abhackerofficial@users.noreply.github.com> Date: Sat, 12 Jun 2021 11:34:57 +0530 Subject: [PATCH 163/332] Fixed data types. --- hydra.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hydra.c b/hydra.c index 9ddcebb..0c889f8 100644 --- a/hydra.c +++ b/hydra.c @@ -884,7 +884,7 @@ void hydra_restore_read() { login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); if (!login_ptr) { - fprintf(stderr, "Error: malloc(%u) failed\n", hydra_brains.sizelogin + hydra_brains.countlogin + 8); + fprintf(stderr, "Error: malloc(%lu) failed\n", hydra_brains.sizelogin + hydra_brains.countlogin + 8); exit(-1); } fck = (int32_t)fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); @@ -893,7 +893,7 @@ void hydra_restore_read() { if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); if (!pass_ptr) { - fprintf(stderr, "Error: malloc(%u) failed\n", hydra_brains.sizepass + hydra_brains.countpass + 8); + fprintf(stderr, "Error: malloc(%lu) failed\n", hydra_brains.sizepass + hydra_brains.countpass + 8); exit(-1); } fck = (int32_t)fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); @@ -906,13 +906,13 @@ void hydra_restore_read() { hydra_targets = (hydra_target **)malloc((hydra_brains.targets + 3) * sizeof(hydra_target *)); if (!hydra_targets) { - fprintf(stderr, "Error: malloc(%u) failed\n", (hydra_brains.targets + 3) * sizeof(hydra_target *)); + fprintf(stderr, "Error: malloc(%lu) failed\n", (hydra_brains.targets + 3) * sizeof(hydra_target *)); exit(-1); } for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); if (!hydra_targets[j]) { - fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_target)); + fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_target)); exit(-1); } fck = (int32_t)fread(hydra_targets[j], sizeof(hydra_target), 1, f); @@ -967,13 +967,13 @@ void hydra_restore_read() { printf("[DEBUG] reading restore file: Step 11 complete\n"); hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); if (!hydra_heads) { - fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_head *) * hydra_options.max_use); + fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_head *) * hydra_options.max_use); exit(-1); } for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); if (!hydra_heads[j]) { - fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_head)); + fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_head)); exit(-1); } fck = (int32_t)fread(hydra_heads[j], sizeof(hydra_head), 1, f); From ef3c334671d94b60bc58d8220d723579f6229e7e Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 02:30:45 -0500 Subject: [PATCH 164/332] Add termux setup file (android) --- setup-termux.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 setup-termux.sh diff --git a/setup-termux.sh b/setup-termux.sh new file mode 100644 index 0000000..38d4db2 --- /dev/null +++ b/setup-termux.sh @@ -0,0 +1,17 @@ +#!/bin/bash +#this script will configure hydra in termux + +TERMUX_PREFIX="/data/data/com.termux/files/usr" + +#required dependencies + +pkg update && pkg upgrade +pkg install -y x11-repo +pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 + +#compile hydra + +./configure --prefix=$TERMUX_PREFIX +make +make install + From f12dc459c1e89aef0538b24f11724bb74752104b Mon Sep 17 00:00:00 2001 From: Yisus7u7 Date: Wed, 16 Jun 2021 03:01:07 -0500 Subject: [PATCH 165/332] Specify in the INSTALL file the steps for Android (termux) --- INSTALL | 18 ++++++++++++++++++ setup-termux.sh | 17 ----------------- 2 files changed, 18 insertions(+), 17 deletions(-) delete mode 100644 setup-termux.sh diff --git a/INSTALL b/INSTALL index 2258405..6bf3de7 100644 --- a/INSTALL +++ b/INSTALL @@ -6,6 +6,24 @@ you run "./configure": Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel + +### Note: + +Due to the Android file system, the installation on it is different, please follow these steps: + +``` +# Necessary dependencies +pkg install -y x11-repo +pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 +# Compiling hydra +./configure --prefix=$PREFIX +make +make install +``` + +To use xhydra, you will need to install a graphical output in termux, you can be guided from [this article](https://wiki.termux.com/wiki/Graphical_Environment) + + For the Oracle login module, install the basic and SDK packages: http://www.oracle.com/technetwork/database/features/instant-client/index.html diff --git a/setup-termux.sh b/setup-termux.sh deleted file mode 100644 index 38d4db2..0000000 --- a/setup-termux.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -#this script will configure hydra in termux - -TERMUX_PREFIX="/data/data/com.termux/files/usr" - -#required dependencies - -pkg update && pkg upgrade -pkg install -y x11-repo -pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 - -#compile hydra - -./configure --prefix=$TERMUX_PREFIX -make -make install - From b7e77d767277453370d39235275d428cfad02c3c Mon Sep 17 00:00:00 2001 From: Yisus7u7 Date: Wed, 16 Jun 2021 03:03:31 -0500 Subject: [PATCH 166/332] Specify in the INSTALL file the steps for Android (termux) --- INSTALL | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 6bf3de7..c679c4f 100644 --- a/INSTALL +++ b/INSTALL @@ -7,11 +7,10 @@ you run "./configure": OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel -### Note: +Note: Due to the Android file system, the installation on it is different, please follow these steps: -``` # Necessary dependencies pkg install -y x11-repo pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 From f1cc9e6cfb290cdb4b7cf50e3bb4951aa05c8c2f Mon Sep 17 00:00:00 2001 From: Yisus7u7 Date: Wed, 16 Jun 2021 03:06:40 -0500 Subject: [PATCH 167/332] Specify in the INSTALL file the steps for Android (termux) --- INSTALL | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index c679c4f..b501691 100644 --- a/INSTALL +++ b/INSTALL @@ -18,9 +18,10 @@ pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 ./configure --prefix=$PREFIX make make install -``` -To use xhydra, you will need to install a graphical output in termux, you can be guided from [this article](https://wiki.termux.com/wiki/Graphical_Environment) +To use xhydra, you will need to install a graphical output in termux, you can be guided from this article: + +https://wiki.termux.com/wiki/Graphical_Environment For the Oracle login module, install the basic and SDK packages: From bc9190d3ddbf03a93042839ecc4b844a297eeb6c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 16 Jun 2021 11:18:12 +0200 Subject: [PATCH 168/332] fix --- INSTALL | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/INSTALL b/INSTALL index b501691..752aa63 100644 --- a/INSTALL +++ b/INSTALL @@ -7,17 +7,16 @@ you run "./configure": OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel -Note: +For Termux/Android you need the following setup: -Due to the Android file system, the installation on it is different, please follow these steps: +Install the necessary dependencies + # pkg install -y x11-repo + # pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 +And then compiling hydra + # ./configure --prefix=$PREFIX + # make + # make install -# Necessary dependencies -pkg install -y x11-repo -pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 -# Compiling hydra -./configure --prefix=$PREFIX -make -make install To use xhydra, you will need to install a graphical output in termux, you can be guided from this article: From acd4bcf1a79bf90042a062b91fe78d2f9fab5a54 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:43:58 -0500 Subject: [PATCH 169/332] Set theme jekyll-theme-hacker --- _config.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 _config.yml diff --git a/_config.yml b/_config.yml new file mode 100644 index 0000000..fc24e7a --- /dev/null +++ b/_config.yml @@ -0,0 +1 @@ +theme: jekyll-theme-hacker \ No newline at end of file From 3450d874200fa4ca6e187fe36b67f38003afe0de Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:46:23 -0500 Subject: [PATCH 170/332] Update _config.yml --- _config.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index fc24e7a..8dd6c5f 100644 --- a/_config.yml +++ b/_config.yml @@ -1 +1,2 @@ -theme: jekyll-theme-hacker \ No newline at end of file +title: "thc-hydra" +theme: jekyll-theme-hacker From 760149340058e91fea0579caea434de3030a80ad Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:50:01 -0500 Subject: [PATCH 171/332] Create index.md --- docs/hydra/index.md | 534 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 534 insertions(+) create mode 100644 docs/hydra/index.md diff --git a/docs/hydra/index.md b/docs/hydra/index.md new file mode 100644 index 0000000..322da43 --- /dev/null +++ b/docs/hydra/index.md @@ -0,0 +1,534 @@ + + H Y D R A + + (c) 2001-2021 by van Hauser / THC + https://github.com/vanhauser-thc/thc-hydra + many modules were written by David (dot) Maciejak @ gmail (dot) com + BFG code by Jan Dlabal + + Licensed under AGPLv3 (see LICENSE file) + + Please do not use in military or secret service organizations, + or for illegal purposes. + (This is the wish of the author and non-binding. Many people working + in these organizations do not care for laws and ethics anyways. + You are not one of the "good" ones if you ignore this.) + + + +INTRODUCTION +------------ +Number one of the biggest security holes are passwords, as every password +security study shows. +This tool is a proof of concept code, to give researchers and security +consultants the possibility to show how easy it would be to gain unauthorized +access from remote to a system. + +THIS TOOL IS FOR LEGAL PURPOSES ONLY! + +There are already several login hacker tools available, however, none does +either support more than one protocol to attack or support parallelized +connects. + +It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, +FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. + +Currently this tool supports the following protocols: + Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, + HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, + HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, + Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, + Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, + SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, + VNC and XMPP. + +However the module engine for new services is very easy so it won't take a +long time until even more services are supported. +Your help in writing, enhancing or fixing modules is highly appreciated!! :-) + + + +WHERE TO GET +------------ +You can always find the newest release/production version of hydra at its +project page at https://github.com/vanhauser-thc/thc-hydra/releases +If you are interested in the current development state, the public development +repository is at Github: + svn co https://github.com/vanhauser-thc/thc-hydra + or + git clone https://github.com/vanhauser-thc/thc-hydra +Use the development version at your own risk. It contains new features and +new bugs. Things might not work! + + + +HOW TO COMPILE +-------------- +To configure, compile and install hydra, just type: + +``` +./configure +make +make install +``` + +If you want the ssh module, you have to setup libssh (not libssh2!) on your +system, get it from http://www.libssh.org, for ssh v1 support you also need +to add "-DWITH_SSH1=On" option in the cmake command line. +IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! + +If you use Ubuntu/Debian, this will install supplementary libraries needed +for a few optional modules (note that some might not be available on your distribution): + +``` +apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ + libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ + firebird-dev libmemcached-dev libgpg-error-dev \ + libgcrypt11-dev libgcrypt20-dev +``` + +This enables all optional modules and features with the exception of Oracle, +SAP R/3, NCP and the apple filing protocol - which you will need to download and +install from the vendor's web sites. + +For all other Linux derivates and BSD based systems, use the system +software installer and look for similarly named libraries like in the +command above. In all other cases, you have to download all source libraries +and compile them manually. + + + +SUPPORTED PLATFORMS +------------------- +- All UNIX platforms (Linux, *BSD, Solaris, etc.) +- MacOS (basically a BSD clone) +- Windows with Cygwin (both IPv4 and IPv6) +- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) + + + +HOW TO USE +---------- +If you just enter `hydra`, you will see a short summary of the important +options available. +Type `./hydra -h` to see all available command line options. + +Note that NO login/password file is included. Generate them yourself. +A default password list is however present, use "dpl4hydra.sh" to generate +a list. + +For Linux users, a GTK GUI is available, try `./xhydra` + +For the command line usage, the syntax is as follows: + For attacking one target or a network, you can use the new "://" style: + hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS + The old mode can be used for these too, and additionally if you want to + specify your targets from a text file, you *must* use this one: + +``` +hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] +``` + +Via the command line options you specify which logins to try, which passwords, +if SSL should be used, how many parallel tasks to use for attacking, etc. + +PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, +http-get or many others are available +TARGET is the target you want to attack +MODULE-OPTIONS are optional values which are special per PROTOCOL module + +FIRST - select your target + you have three options on how to specify the target you want to attack: + 1. a single target on the command line: just put the IP or DNS address in + 2. a network range on the command line: CIDR specification like "192.168.0.0/24" + 3. a list of hosts in a text file: one line per entry (see below) + +SECOND - select your protocol + Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. + Use a port scanner to see which protocols are enabled on the target. + +THIRD - check if the module has optional parameters + hydra -U PROTOCOL + e.g. hydra -U smtp + +FOURTH - the destination port + this is optional, if no port is supplied the default common port for the + PROTOCOL is used. + If you specify SSL to use ("-S" option), the SSL common port is used by default. + + +If you use "://" notation, you must use "[" "]" brackets if you want to supply +IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: + hydra [some command line options] ftp://[192.168.0.0/24]/ + hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM + +Note that everything hydra does is IPv4 only! +If you want to attack IPv6 addresses, you must add the "-6" command line option. +All attacks are then IPv6 only! + +If you want to supply your targets via a text file, you can not use the :// +notation but use the old style and just supply the protocol (and module options): + hydra [some command line options] -M targets.txt ftp +You can also supply the port for each target entry by adding ":" after a +target entry in the file, e.g.: + +``` +foo.bar.com +target.com:21 +unusual.port.com:2121 +default.used.here.com +127.0.0.1 +127.0.0.1:2121 +``` + +Note that if you want to attach IPv6 targets, you must supply the -6 option +and *must* put IPv6 addresses in brackets in the file(!) like this: + +``` +foo.bar.com +target.com:21 +[fe80::1%eth0] +[2001::1] +[2002::2]:8080 +[2a01:24a:133:0:00:123:ff:1a] +``` + +LOGINS AND PASSWORDS +-------------------- +You have many options on how to attack with logins and passwords +With -l for login and -p for password you tell hydra that this is the only +login and/or password to try. +With -L for logins and -P for passwords you supply text files with entries. +e.g.: + +``` +hydra -l admin -p password ftp://localhost/ +hydra -L default_logins.txt -p test ftp://localhost/ +hydra -l admin -P common_passwords.txt ftp://localhost/ +hydra -L logins.txt -P passwords.txt ftp://localhost/ +``` + +Additionally, you can try passwords based on the login via the "-e" option. +The "-e" option has three parameters: + +``` +s - try the login as password +n - try an empty password +r - reverse the login and try it as password +``` + +If you want to, e.g. try "try login as password and "empty password", you +specify "-e sn" on the command line. + +But there are two more modes for trying passwords than -p/-P: +You can use text file which where a login and password pair is separated by a colon, +e.g.: + +``` +admin:password +test:test +foo:bar +``` + +This is a common default account style listing, that is also generated by the +dpl4hydra.sh default account file generator supplied with hydra. +You use such a text file with the -C option - note that in this mode you +can not use -l/-L/-p/-P options (-e nsr however you can). +Example: + +``` +hydra -C default_accounts.txt ftp://localhost/ +``` + +And finally, there is a bruteforce mode with the -x option (which you can not +use with -p/-P/-C): + +``` +-x minimum_length:maximum_length:charset +``` + +the charset definition is `a` for lowercase letters, `A` for uppercase letters, +`1` for numbers and for anything else you supply it is their real representation. +Examples: + +``` +-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters +-x 2:5:/ generate passwords from length 2 to 5 containing only slashes +-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers +``` + +Example: + +``` +hydra -l ftp -x 3:3:a ftp://localhost/ +``` + +SPECIAL OPTIONS FOR MODULES +--------------------------- +Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m +command line option, you can pass one option to a module. +Many modules use this, a few require it! + +To see the special option of a module, type: + + hydra -U + +e.g. + + ./hydra -U http-post-form + +The special options can be passed via the -m parameter, as 3rd command line +option or in the service://target/option format. + +Examples (they are all equal): + +``` +./hydra -l test -p test -m PLAIN 127.0.0.1 imap +./hydra -l test -p test 127.0.0.1 imap PLAIN +./hydra -l test -p test imap://127.0.0.1/PLAIN +``` + +RESTORING AN ABORTED/CRASHED SESSION +------------------------------------ +When hydra is aborted with Control-C, killed or crashes, it leaves a +"hydra.restore" file behind which contains all necessary information to +restore the session. This session file is written every 5 minutes. +NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. +from little endian to big endian, or from Solaris to AIX) + +HOW TO SCAN/CRACK OVER A PROXY +------------------------------ +The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works +just for the http services!). +The following syntax is valid: + +``` +HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" +HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" +HYDRA_PROXY_HTTP="proxylist.txt" +``` + +The last example is a text file containing up to 64 proxies (in the same +format definition as the other examples). + +For all other services, use the HYDRA_PROXY variable to scan/crack. +It uses the same syntax. eg: + +``` +HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port +``` + +for example: + +``` +HYDRA_PROXY=connect://proxy.anonymizer.com:8000 +HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 +HYDRA_PROXY=socksproxylist.txt +``` + +ADDITIONAL HINTS +---------------- +* sort your password files by likelihood and use the -u option to find + passwords much faster! +* uniq your dictionary files! this can save you a lot of time :-) + cat words.txt | sort | uniq > dictionary.txt +* if you know that the target is using a password policy (allowing users + only to choose a password with a minimum length of 6, containing a least one + letter and one number, etc. use the tool pw-inspector which comes along + with the hydra package to reduce the password list: + cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt + + +RESULTS OUTPUT +-------------- + +The results are output to stdio along with the other information. Via the -o +command line option, the results can also be written to a file. Using -b, +the format of the output can be specified. Currently, these are supported: + +* `text` - plain text format +* `jsonv1` - JSON data using version 1.x of the schema (defined below). +* `json` - JSON data using the latest version of the schema, currently there + is only version 1. + +If using JSON output, the results file may not be valid JSON if there are +serious errors in booting Hydra. + + +JSON Schema +----------- +Here is an example of the JSON output. Notes on some of the fields: + +* `errormessages` - an array of zero or more strings that are normally printed + to stderr at the end of the Hydra's run. The text is very free form. +* `success` - indication if Hydra ran correctly without error (**NOT** if + passwords were detected). This parameter is either the JSON value `true` + or `false` depending on completion. +* `quantityfound` - How many username+password combinations discovered. +* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, + 2.03, etc. Hydra will make second tuple of the version to always be two + digits to make it easier for downstream processors (as opposed to v1.1 vs + v1.10). The minor-level versions are additive, so 1.02 will contain more + fields than version 1.00 and will be backward compatible. Version 2.x will + break something from version 1.x output. + +Version 1.00 example: +``` +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2021-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 2, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "host": "127.0.0.1", + "login": "joe@example.com", + "password": "joe", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} +``` + + +SPEED +----- +through the parallelizing feature, this password cracker tool can be very +fast, however it depends on the protocol. The fastest are generally POP3 +and FTP. +Experiment with the task option (-t) to speed things up! The higher - the +faster ;-) (but too high - and it disables the service) + + + +STATISTICS +---------- +Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing +295 entries (294 tries invalid logins, 1 valid). Every test was run three +times (only for "1 task" just once), and the average noted down. + +``` + P A R A L L E L T A S K S +SERVICE 1 4 8 16 32 50 64 100 128 +------- -------------------------------------------------------------------- +telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* +ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 +pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 +imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 +``` + +(*) +Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with +128 tasks, running four times resulted in timings between 28 and 97 seconds! +The reason for this is unknown... + +guesses per task (rounded up): + + 295 74 38 19 10 6 5 3 3 + +guesses possible per connect (depends on the server software and config): + + telnet 4 + ftp 6 + pop3 1 + imap 3 + + + +BUGS & FEATURES +--------------- +Hydra: +Email me or David if you find bugs or if you have written a new module. +vh@thc.org (and put "antispam" in the subject line) + + +You should use PGP to encrypt emails to vh@thc.org : + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v3.3.3 (vh@thc.org) + +mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT +KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ +FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c +vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k +Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p +lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI +zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI +DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf +lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN +DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 +n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB +tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC +F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ +xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH +Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 +qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz +dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp +QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga +V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 +slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl +Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM +0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP +JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs +IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL +CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS +AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ +HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR +2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C +nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc +XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 +Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL +ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V +l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F +n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl +7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb +/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii +tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 +Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR +gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt +x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 +0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS ++C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw +G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA +oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr +rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC +v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 +02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv +s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ +Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK +d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP +gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y +ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP +8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd +X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD +aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN +cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC +Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR +zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni +1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT +zB3yrr+vYBT0uDWmxwPjiJs= +=ytEf +-----END PGP PUBLIC KEY BLOCK----- +``` From 55682bf69aee76a6684cf9d08c1dc957540929eb Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:51:29 -0500 Subject: [PATCH 172/332] Set theme jekyll-theme-modernist --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 8dd6c5f..0400ff8 100644 --- a/_config.yml +++ b/_config.yml @@ -1,2 +1,2 @@ title: "thc-hydra" -theme: jekyll-theme-hacker +theme: jekyll-theme-modernist From 24395ab478c863ca0660aefd3f5004186ade11e0 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:53:17 -0500 Subject: [PATCH 173/332] Set theme jekyll-theme-midnight --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 0400ff8..225f091 100644 --- a/_config.yml +++ b/_config.yml @@ -1,2 +1,2 @@ title: "thc-hydra" -theme: jekyll-theme-modernist +theme: jekyll-theme-midnight From 27cab133fa1119ad1c15c7dd575cf7474c9bbbae Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:56:27 -0500 Subject: [PATCH 174/332] Delete index.md --- docs/hydra/index.md | 534 -------------------------------------------- 1 file changed, 534 deletions(-) delete mode 100644 docs/hydra/index.md diff --git a/docs/hydra/index.md b/docs/hydra/index.md deleted file mode 100644 index 322da43..0000000 --- a/docs/hydra/index.md +++ /dev/null @@ -1,534 +0,0 @@ - - H Y D R A - - (c) 2001-2021 by van Hauser / THC - https://github.com/vanhauser-thc/thc-hydra - many modules were written by David (dot) Maciejak @ gmail (dot) com - BFG code by Jan Dlabal - - Licensed under AGPLv3 (see LICENSE file) - - Please do not use in military or secret service organizations, - or for illegal purposes. - (This is the wish of the author and non-binding. Many people working - in these organizations do not care for laws and ethics anyways. - You are not one of the "good" ones if you ignore this.) - - - -INTRODUCTION ------------- -Number one of the biggest security holes are passwords, as every password -security study shows. -This tool is a proof of concept code, to give researchers and security -consultants the possibility to show how easy it would be to gain unauthorized -access from remote to a system. - -THIS TOOL IS FOR LEGAL PURPOSES ONLY! - -There are already several login hacker tools available, however, none does -either support more than one protocol to attack or support parallelized -connects. - -It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. - -Currently this tool supports the following protocols: - Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, - HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, - HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, - Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, - Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, - SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, - VNC and XMPP. - -However the module engine for new services is very easy so it won't take a -long time until even more services are supported. -Your help in writing, enhancing or fixing modules is highly appreciated!! :-) - - - -WHERE TO GET ------------- -You can always find the newest release/production version of hydra at its -project page at https://github.com/vanhauser-thc/thc-hydra/releases -If you are interested in the current development state, the public development -repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra - or - git clone https://github.com/vanhauser-thc/thc-hydra -Use the development version at your own risk. It contains new features and -new bugs. Things might not work! - - - -HOW TO COMPILE --------------- -To configure, compile and install hydra, just type: - -``` -./configure -make -make install -``` - -If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need -to add "-DWITH_SSH1=On" option in the cmake command line. -IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! - -If you use Ubuntu/Debian, this will install supplementary libraries needed -for a few optional modules (note that some might not be available on your distribution): - -``` -apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ - libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird-dev libmemcached-dev libgpg-error-dev \ - libgcrypt11-dev libgcrypt20-dev -``` - -This enables all optional modules and features with the exception of Oracle, -SAP R/3, NCP and the apple filing protocol - which you will need to download and -install from the vendor's web sites. - -For all other Linux derivates and BSD based systems, use the system -software installer and look for similarly named libraries like in the -command above. In all other cases, you have to download all source libraries -and compile them manually. - - - -SUPPORTED PLATFORMS -------------------- -- All UNIX platforms (Linux, *BSD, Solaris, etc.) -- MacOS (basically a BSD clone) -- Windows with Cygwin (both IPv4 and IPv6) -- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - - - -HOW TO USE ----------- -If you just enter `hydra`, you will see a short summary of the important -options available. -Type `./hydra -h` to see all available command line options. - -Note that NO login/password file is included. Generate them yourself. -A default password list is however present, use "dpl4hydra.sh" to generate -a list. - -For Linux users, a GTK GUI is available, try `./xhydra` - -For the command line usage, the syntax is as follows: - For attacking one target or a network, you can use the new "://" style: - hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS - The old mode can be used for these too, and additionally if you want to - specify your targets from a text file, you *must* use this one: - -``` -hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] -``` - -Via the command line options you specify which logins to try, which passwords, -if SSL should be used, how many parallel tasks to use for attacking, etc. - -PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, -http-get or many others are available -TARGET is the target you want to attack -MODULE-OPTIONS are optional values which are special per PROTOCOL module - -FIRST - select your target - you have three options on how to specify the target you want to attack: - 1. a single target on the command line: just put the IP or DNS address in - 2. a network range on the command line: CIDR specification like "192.168.0.0/24" - 3. a list of hosts in a text file: one line per entry (see below) - -SECOND - select your protocol - Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. - Use a port scanner to see which protocols are enabled on the target. - -THIRD - check if the module has optional parameters - hydra -U PROTOCOL - e.g. hydra -U smtp - -FOURTH - the destination port - this is optional, if no port is supplied the default common port for the - PROTOCOL is used. - If you specify SSL to use ("-S" option), the SSL common port is used by default. - - -If you use "://" notation, you must use "[" "]" brackets if you want to supply -IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: - hydra [some command line options] ftp://[192.168.0.0/24]/ - hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM - -Note that everything hydra does is IPv4 only! -If you want to attack IPv6 addresses, you must add the "-6" command line option. -All attacks are then IPv6 only! - -If you want to supply your targets via a text file, you can not use the :// -notation but use the old style and just supply the protocol (and module options): - hydra [some command line options] -M targets.txt ftp -You can also supply the port for each target entry by adding ":" after a -target entry in the file, e.g.: - -``` -foo.bar.com -target.com:21 -unusual.port.com:2121 -default.used.here.com -127.0.0.1 -127.0.0.1:2121 -``` - -Note that if you want to attach IPv6 targets, you must supply the -6 option -and *must* put IPv6 addresses in brackets in the file(!) like this: - -``` -foo.bar.com -target.com:21 -[fe80::1%eth0] -[2001::1] -[2002::2]:8080 -[2a01:24a:133:0:00:123:ff:1a] -``` - -LOGINS AND PASSWORDS --------------------- -You have many options on how to attack with logins and passwords -With -l for login and -p for password you tell hydra that this is the only -login and/or password to try. -With -L for logins and -P for passwords you supply text files with entries. -e.g.: - -``` -hydra -l admin -p password ftp://localhost/ -hydra -L default_logins.txt -p test ftp://localhost/ -hydra -l admin -P common_passwords.txt ftp://localhost/ -hydra -L logins.txt -P passwords.txt ftp://localhost/ -``` - -Additionally, you can try passwords based on the login via the "-e" option. -The "-e" option has three parameters: - -``` -s - try the login as password -n - try an empty password -r - reverse the login and try it as password -``` - -If you want to, e.g. try "try login as password and "empty password", you -specify "-e sn" on the command line. - -But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is separated by a colon, -e.g.: - -``` -admin:password -test:test -foo:bar -``` - -This is a common default account style listing, that is also generated by the -dpl4hydra.sh default account file generator supplied with hydra. -You use such a text file with the -C option - note that in this mode you -can not use -l/-L/-p/-P options (-e nsr however you can). -Example: - -``` -hydra -C default_accounts.txt ftp://localhost/ -``` - -And finally, there is a bruteforce mode with the -x option (which you can not -use with -p/-P/-C): - -``` --x minimum_length:maximum_length:charset -``` - -the charset definition is `a` for lowercase letters, `A` for uppercase letters, -`1` for numbers and for anything else you supply it is their real representation. -Examples: - -``` --x 1:3:a generate passwords from length 1 to 3 with all lowercase letters --x 2:5:/ generate passwords from length 2 to 5 containing only slashes --x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -``` - -Example: - -``` -hydra -l ftp -x 3:3:a ftp://localhost/ -``` - -SPECIAL OPTIONS FOR MODULES ---------------------------- -Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -command line option, you can pass one option to a module. -Many modules use this, a few require it! - -To see the special option of a module, type: - - hydra -U - -e.g. - - ./hydra -U http-post-form - -The special options can be passed via the -m parameter, as 3rd command line -option or in the service://target/option format. - -Examples (they are all equal): - -``` -./hydra -l test -p test -m PLAIN 127.0.0.1 imap -./hydra -l test -p test 127.0.0.1 imap PLAIN -./hydra -l test -p test imap://127.0.0.1/PLAIN -``` - -RESTORING AN ABORTED/CRASHED SESSION ------------------------------------- -When hydra is aborted with Control-C, killed or crashes, it leaves a -"hydra.restore" file behind which contains all necessary information to -restore the session. This session file is written every 5 minutes. -NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little endian to big endian, or from Solaris to AIX) - -HOW TO SCAN/CRACK OVER A PROXY ------------------------------- -The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works -just for the http services!). -The following syntax is valid: - -``` -HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" -HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" -HYDRA_PROXY_HTTP="proxylist.txt" -``` - -The last example is a text file containing up to 64 proxies (in the same -format definition as the other examples). - -For all other services, use the HYDRA_PROXY variable to scan/crack. -It uses the same syntax. eg: - -``` -HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port -``` - -for example: - -``` -HYDRA_PROXY=connect://proxy.anonymizer.com:8000 -HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 -HYDRA_PROXY=socksproxylist.txt -``` - -ADDITIONAL HINTS ----------------- -* sort your password files by likelihood and use the -u option to find - passwords much faster! -* uniq your dictionary files! this can save you a lot of time :-) - cat words.txt | sort | uniq > dictionary.txt -* if you know that the target is using a password policy (allowing users - only to choose a password with a minimum length of 6, containing a least one - letter and one number, etc. use the tool pw-inspector which comes along - with the hydra package to reduce the password list: - cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt - - -RESULTS OUTPUT --------------- - -The results are output to stdio along with the other information. Via the -o -command line option, the results can also be written to a file. Using -b, -the format of the output can be specified. Currently, these are supported: - -* `text` - plain text format -* `jsonv1` - JSON data using version 1.x of the schema (defined below). -* `json` - JSON data using the latest version of the schema, currently there - is only version 1. - -If using JSON output, the results file may not be valid JSON if there are -serious errors in booting Hydra. - - -JSON Schema ------------ -Here is an example of the JSON output. Notes on some of the fields: - -* `errormessages` - an array of zero or more strings that are normally printed - to stderr at the end of the Hydra's run. The text is very free form. -* `success` - indication if Hydra ran correctly without error (**NOT** if - passwords were detected). This parameter is either the JSON value `true` - or `false` depending on completion. -* `quantityfound` - How many username+password combinations discovered. -* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, - 2.03, etc. Hydra will make second tuple of the version to always be two - digits to make it easier for downstream processors (as opposed to v1.1 vs - v1.10). The minor-level versions are additive, so 1.02 will contain more - fields than version 1.00 and will be backward compatible. Version 2.x will - break something from version 1.x output. - -Version 1.00 example: -``` -{ - "errormessages": [ - "[ERROR] Error Message of Something", - "[ERROR] Another Message", - "These are very free form" - ], - "generator": { - "built": "2021-03-01 14:44:22", - "commandline": "hydra -b jsonv1 -o results.json ... ...", - "jsonoutputversion": "1.00", - "server": "127.0.0.1", - "service": "http-post-form", - "software": "Hydra", - "version": "v8.5" - }, - "quantityfound": 2, - "results": [ - { - "host": "127.0.0.1", - "login": "bill@example.com", - "password": "bill", - "port": 9999, - "service": "http-post-form" - }, - { - "host": "127.0.0.1", - "login": "joe@example.com", - "password": "joe", - "port": 9999, - "service": "http-post-form" - } - ], - "success": false -} -``` - - -SPEED ------ -through the parallelizing feature, this password cracker tool can be very -fast, however it depends on the protocol. The fastest are generally POP3 -and FTP. -Experiment with the task option (-t) to speed things up! The higher - the -faster ;-) (but too high - and it disables the service) - - - -STATISTICS ----------- -Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing -295 entries (294 tries invalid logins, 1 valid). Every test was run three -times (only for "1 task" just once), and the average noted down. - -``` - P A R A L L E L T A S K S -SERVICE 1 4 8 16 32 50 64 100 128 -------- -------------------------------------------------------------------- -telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* -ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 -pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 -imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 -``` - -(*) -Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with -128 tasks, running four times resulted in timings between 28 and 97 seconds! -The reason for this is unknown... - -guesses per task (rounded up): - - 295 74 38 19 10 6 5 3 3 - -guesses possible per connect (depends on the server software and config): - - telnet 4 - ftp 6 - pop3 1 - imap 3 - - - -BUGS & FEATURES ---------------- -Hydra: -Email me or David if you find bugs or if you have written a new module. -vh@thc.org (and put "antispam" in the subject line) - - -You should use PGP to encrypt emails to vh@thc.org : - -``` ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v3.3.3 (vh@thc.org) - -mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT -KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ -FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c -vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k -Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p -lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI -zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI -DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf -lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN -DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 -n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB -tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC -F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ -xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH -Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 -qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz -dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp -QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga -V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 -slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl -Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM -0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP -JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs -IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL -CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS -AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ -HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR -2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C -nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc -XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 -Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL -ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V -l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F -n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl -7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb -/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii -tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 -Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR -gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt -x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 -0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS -+C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw -G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA -oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr -rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC -v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 -02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv -s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ -Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK -d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP -gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y -ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP -8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd -X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD -aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN -cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC -Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR -zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni -1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT -zB3yrr+vYBT0uDWmxwPjiJs= -=ytEf ------END PGP PUBLIC KEY BLOCK----- -``` From 0483351e6a8af1d2520e160bab87705d5c96a541 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 15:44:42 -0500 Subject: [PATCH 175/332] Create index.md --- docs/index.md | 534 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 534 insertions(+) create mode 100644 docs/index.md diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000..322da43 --- /dev/null +++ b/docs/index.md @@ -0,0 +1,534 @@ + + H Y D R A + + (c) 2001-2021 by van Hauser / THC + https://github.com/vanhauser-thc/thc-hydra + many modules were written by David (dot) Maciejak @ gmail (dot) com + BFG code by Jan Dlabal + + Licensed under AGPLv3 (see LICENSE file) + + Please do not use in military or secret service organizations, + or for illegal purposes. + (This is the wish of the author and non-binding. Many people working + in these organizations do not care for laws and ethics anyways. + You are not one of the "good" ones if you ignore this.) + + + +INTRODUCTION +------------ +Number one of the biggest security holes are passwords, as every password +security study shows. +This tool is a proof of concept code, to give researchers and security +consultants the possibility to show how easy it would be to gain unauthorized +access from remote to a system. + +THIS TOOL IS FOR LEGAL PURPOSES ONLY! + +There are already several login hacker tools available, however, none does +either support more than one protocol to attack or support parallelized +connects. + +It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, +FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. + +Currently this tool supports the following protocols: + Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, + HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, + HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, + Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, + Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, + SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, + VNC and XMPP. + +However the module engine for new services is very easy so it won't take a +long time until even more services are supported. +Your help in writing, enhancing or fixing modules is highly appreciated!! :-) + + + +WHERE TO GET +------------ +You can always find the newest release/production version of hydra at its +project page at https://github.com/vanhauser-thc/thc-hydra/releases +If you are interested in the current development state, the public development +repository is at Github: + svn co https://github.com/vanhauser-thc/thc-hydra + or + git clone https://github.com/vanhauser-thc/thc-hydra +Use the development version at your own risk. It contains new features and +new bugs. Things might not work! + + + +HOW TO COMPILE +-------------- +To configure, compile and install hydra, just type: + +``` +./configure +make +make install +``` + +If you want the ssh module, you have to setup libssh (not libssh2!) on your +system, get it from http://www.libssh.org, for ssh v1 support you also need +to add "-DWITH_SSH1=On" option in the cmake command line. +IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! + +If you use Ubuntu/Debian, this will install supplementary libraries needed +for a few optional modules (note that some might not be available on your distribution): + +``` +apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ + libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ + firebird-dev libmemcached-dev libgpg-error-dev \ + libgcrypt11-dev libgcrypt20-dev +``` + +This enables all optional modules and features with the exception of Oracle, +SAP R/3, NCP and the apple filing protocol - which you will need to download and +install from the vendor's web sites. + +For all other Linux derivates and BSD based systems, use the system +software installer and look for similarly named libraries like in the +command above. In all other cases, you have to download all source libraries +and compile them manually. + + + +SUPPORTED PLATFORMS +------------------- +- All UNIX platforms (Linux, *BSD, Solaris, etc.) +- MacOS (basically a BSD clone) +- Windows with Cygwin (both IPv4 and IPv6) +- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) + + + +HOW TO USE +---------- +If you just enter `hydra`, you will see a short summary of the important +options available. +Type `./hydra -h` to see all available command line options. + +Note that NO login/password file is included. Generate them yourself. +A default password list is however present, use "dpl4hydra.sh" to generate +a list. + +For Linux users, a GTK GUI is available, try `./xhydra` + +For the command line usage, the syntax is as follows: + For attacking one target or a network, you can use the new "://" style: + hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS + The old mode can be used for these too, and additionally if you want to + specify your targets from a text file, you *must* use this one: + +``` +hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] +``` + +Via the command line options you specify which logins to try, which passwords, +if SSL should be used, how many parallel tasks to use for attacking, etc. + +PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, +http-get or many others are available +TARGET is the target you want to attack +MODULE-OPTIONS are optional values which are special per PROTOCOL module + +FIRST - select your target + you have three options on how to specify the target you want to attack: + 1. a single target on the command line: just put the IP or DNS address in + 2. a network range on the command line: CIDR specification like "192.168.0.0/24" + 3. a list of hosts in a text file: one line per entry (see below) + +SECOND - select your protocol + Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. + Use a port scanner to see which protocols are enabled on the target. + +THIRD - check if the module has optional parameters + hydra -U PROTOCOL + e.g. hydra -U smtp + +FOURTH - the destination port + this is optional, if no port is supplied the default common port for the + PROTOCOL is used. + If you specify SSL to use ("-S" option), the SSL common port is used by default. + + +If you use "://" notation, you must use "[" "]" brackets if you want to supply +IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: + hydra [some command line options] ftp://[192.168.0.0/24]/ + hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM + +Note that everything hydra does is IPv4 only! +If you want to attack IPv6 addresses, you must add the "-6" command line option. +All attacks are then IPv6 only! + +If you want to supply your targets via a text file, you can not use the :// +notation but use the old style and just supply the protocol (and module options): + hydra [some command line options] -M targets.txt ftp +You can also supply the port for each target entry by adding ":" after a +target entry in the file, e.g.: + +``` +foo.bar.com +target.com:21 +unusual.port.com:2121 +default.used.here.com +127.0.0.1 +127.0.0.1:2121 +``` + +Note that if you want to attach IPv6 targets, you must supply the -6 option +and *must* put IPv6 addresses in brackets in the file(!) like this: + +``` +foo.bar.com +target.com:21 +[fe80::1%eth0] +[2001::1] +[2002::2]:8080 +[2a01:24a:133:0:00:123:ff:1a] +``` + +LOGINS AND PASSWORDS +-------------------- +You have many options on how to attack with logins and passwords +With -l for login and -p for password you tell hydra that this is the only +login and/or password to try. +With -L for logins and -P for passwords you supply text files with entries. +e.g.: + +``` +hydra -l admin -p password ftp://localhost/ +hydra -L default_logins.txt -p test ftp://localhost/ +hydra -l admin -P common_passwords.txt ftp://localhost/ +hydra -L logins.txt -P passwords.txt ftp://localhost/ +``` + +Additionally, you can try passwords based on the login via the "-e" option. +The "-e" option has three parameters: + +``` +s - try the login as password +n - try an empty password +r - reverse the login and try it as password +``` + +If you want to, e.g. try "try login as password and "empty password", you +specify "-e sn" on the command line. + +But there are two more modes for trying passwords than -p/-P: +You can use text file which where a login and password pair is separated by a colon, +e.g.: + +``` +admin:password +test:test +foo:bar +``` + +This is a common default account style listing, that is also generated by the +dpl4hydra.sh default account file generator supplied with hydra. +You use such a text file with the -C option - note that in this mode you +can not use -l/-L/-p/-P options (-e nsr however you can). +Example: + +``` +hydra -C default_accounts.txt ftp://localhost/ +``` + +And finally, there is a bruteforce mode with the -x option (which you can not +use with -p/-P/-C): + +``` +-x minimum_length:maximum_length:charset +``` + +the charset definition is `a` for lowercase letters, `A` for uppercase letters, +`1` for numbers and for anything else you supply it is their real representation. +Examples: + +``` +-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters +-x 2:5:/ generate passwords from length 2 to 5 containing only slashes +-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers +``` + +Example: + +``` +hydra -l ftp -x 3:3:a ftp://localhost/ +``` + +SPECIAL OPTIONS FOR MODULES +--------------------------- +Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m +command line option, you can pass one option to a module. +Many modules use this, a few require it! + +To see the special option of a module, type: + + hydra -U + +e.g. + + ./hydra -U http-post-form + +The special options can be passed via the -m parameter, as 3rd command line +option or in the service://target/option format. + +Examples (they are all equal): + +``` +./hydra -l test -p test -m PLAIN 127.0.0.1 imap +./hydra -l test -p test 127.0.0.1 imap PLAIN +./hydra -l test -p test imap://127.0.0.1/PLAIN +``` + +RESTORING AN ABORTED/CRASHED SESSION +------------------------------------ +When hydra is aborted with Control-C, killed or crashes, it leaves a +"hydra.restore" file behind which contains all necessary information to +restore the session. This session file is written every 5 minutes. +NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. +from little endian to big endian, or from Solaris to AIX) + +HOW TO SCAN/CRACK OVER A PROXY +------------------------------ +The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works +just for the http services!). +The following syntax is valid: + +``` +HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" +HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" +HYDRA_PROXY_HTTP="proxylist.txt" +``` + +The last example is a text file containing up to 64 proxies (in the same +format definition as the other examples). + +For all other services, use the HYDRA_PROXY variable to scan/crack. +It uses the same syntax. eg: + +``` +HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port +``` + +for example: + +``` +HYDRA_PROXY=connect://proxy.anonymizer.com:8000 +HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 +HYDRA_PROXY=socksproxylist.txt +``` + +ADDITIONAL HINTS +---------------- +* sort your password files by likelihood and use the -u option to find + passwords much faster! +* uniq your dictionary files! this can save you a lot of time :-) + cat words.txt | sort | uniq > dictionary.txt +* if you know that the target is using a password policy (allowing users + only to choose a password with a minimum length of 6, containing a least one + letter and one number, etc. use the tool pw-inspector which comes along + with the hydra package to reduce the password list: + cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt + + +RESULTS OUTPUT +-------------- + +The results are output to stdio along with the other information. Via the -o +command line option, the results can also be written to a file. Using -b, +the format of the output can be specified. Currently, these are supported: + +* `text` - plain text format +* `jsonv1` - JSON data using version 1.x of the schema (defined below). +* `json` - JSON data using the latest version of the schema, currently there + is only version 1. + +If using JSON output, the results file may not be valid JSON if there are +serious errors in booting Hydra. + + +JSON Schema +----------- +Here is an example of the JSON output. Notes on some of the fields: + +* `errormessages` - an array of zero or more strings that are normally printed + to stderr at the end of the Hydra's run. The text is very free form. +* `success` - indication if Hydra ran correctly without error (**NOT** if + passwords were detected). This parameter is either the JSON value `true` + or `false` depending on completion. +* `quantityfound` - How many username+password combinations discovered. +* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, + 2.03, etc. Hydra will make second tuple of the version to always be two + digits to make it easier for downstream processors (as opposed to v1.1 vs + v1.10). The minor-level versions are additive, so 1.02 will contain more + fields than version 1.00 and will be backward compatible. Version 2.x will + break something from version 1.x output. + +Version 1.00 example: +``` +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2021-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 2, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "host": "127.0.0.1", + "login": "joe@example.com", + "password": "joe", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} +``` + + +SPEED +----- +through the parallelizing feature, this password cracker tool can be very +fast, however it depends on the protocol. The fastest are generally POP3 +and FTP. +Experiment with the task option (-t) to speed things up! The higher - the +faster ;-) (but too high - and it disables the service) + + + +STATISTICS +---------- +Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing +295 entries (294 tries invalid logins, 1 valid). Every test was run three +times (only for "1 task" just once), and the average noted down. + +``` + P A R A L L E L T A S K S +SERVICE 1 4 8 16 32 50 64 100 128 +------- -------------------------------------------------------------------- +telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* +ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 +pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 +imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 +``` + +(*) +Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with +128 tasks, running four times resulted in timings between 28 and 97 seconds! +The reason for this is unknown... + +guesses per task (rounded up): + + 295 74 38 19 10 6 5 3 3 + +guesses possible per connect (depends on the server software and config): + + telnet 4 + ftp 6 + pop3 1 + imap 3 + + + +BUGS & FEATURES +--------------- +Hydra: +Email me or David if you find bugs or if you have written a new module. +vh@thc.org (and put "antispam" in the subject line) + + +You should use PGP to encrypt emails to vh@thc.org : + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v3.3.3 (vh@thc.org) + +mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT +KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ +FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c +vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k +Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p +lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI +zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI +DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf +lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN +DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 +n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB +tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC +F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ +xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH +Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 +qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz +dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp +QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga +V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 +slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl +Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM +0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP +JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs +IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL +CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS +AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ +HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR +2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C +nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc +XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 +Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL +ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V +l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F +n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl +7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb +/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii +tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 +Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR +gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt +x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 +0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS ++C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw +G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA +oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr +rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC +v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 +02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv +s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ +Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK +d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP +gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y +ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP +8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd +X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD +aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN +cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC +Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR +zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni +1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT +zB3yrr+vYBT0uDWmxwPjiJs= +=ytEf +-----END PGP PUBLIC KEY BLOCK----- +``` From be95247c690608535a37f416223add86e0ec1690 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 15:48:43 -0500 Subject: [PATCH 176/332] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 322da43..14c64cd 100644 --- a/README.md +++ b/README.md @@ -52,12 +52,12 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-) WHERE TO GET ------------ You can always find the newest release/production version of hydra at its -project page at https://github.com/vanhauser-thc/thc-hydra/releases +project page at [https://github.com/vanhauser-thc/thc-hydra/releases](https://github.com/vanhauser-thc/thc-hydra/releases) If you are interested in the current development state, the public development repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra + svn co [https://github.com/vanhauser-thc/thc-hydra](https://github.com/vanhauser-thc/thc-hydra) or - git clone https://github.com/vanhauser-thc/thc-hydra + git clone [https://github.com/vanhauser-thc/thc-hydra](https://github.com/vanhauser-thc/thc-hydra) Use the development version at your own risk. It contains new features and new bugs. Things might not work! From caf39e154265ae78b092c9210db6354b775e1a73 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 15:51:52 -0500 Subject: [PATCH 177/332] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 14c64cd..0657f26 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ make install ``` If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need +system, get it from [http://www.libssh.org](http://www.libssh.org), for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! From bfdbeee1b281f319e171a2ea3976d8869d3f3400 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 15:54:06 -0500 Subject: [PATCH 178/332] Delete index.md --- docs/index.md | 534 -------------------------------------------------- 1 file changed, 534 deletions(-) delete mode 100644 docs/index.md diff --git a/docs/index.md b/docs/index.md deleted file mode 100644 index 322da43..0000000 --- a/docs/index.md +++ /dev/null @@ -1,534 +0,0 @@ - - H Y D R A - - (c) 2001-2021 by van Hauser / THC - https://github.com/vanhauser-thc/thc-hydra - many modules were written by David (dot) Maciejak @ gmail (dot) com - BFG code by Jan Dlabal - - Licensed under AGPLv3 (see LICENSE file) - - Please do not use in military or secret service organizations, - or for illegal purposes. - (This is the wish of the author and non-binding. Many people working - in these organizations do not care for laws and ethics anyways. - You are not one of the "good" ones if you ignore this.) - - - -INTRODUCTION ------------- -Number one of the biggest security holes are passwords, as every password -security study shows. -This tool is a proof of concept code, to give researchers and security -consultants the possibility to show how easy it would be to gain unauthorized -access from remote to a system. - -THIS TOOL IS FOR LEGAL PURPOSES ONLY! - -There are already several login hacker tools available, however, none does -either support more than one protocol to attack or support parallelized -connects. - -It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. - -Currently this tool supports the following protocols: - Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, - HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, - HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, - Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, - Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, - SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, - VNC and XMPP. - -However the module engine for new services is very easy so it won't take a -long time until even more services are supported. -Your help in writing, enhancing or fixing modules is highly appreciated!! :-) - - - -WHERE TO GET ------------- -You can always find the newest release/production version of hydra at its -project page at https://github.com/vanhauser-thc/thc-hydra/releases -If you are interested in the current development state, the public development -repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra - or - git clone https://github.com/vanhauser-thc/thc-hydra -Use the development version at your own risk. It contains new features and -new bugs. Things might not work! - - - -HOW TO COMPILE --------------- -To configure, compile and install hydra, just type: - -``` -./configure -make -make install -``` - -If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need -to add "-DWITH_SSH1=On" option in the cmake command line. -IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! - -If you use Ubuntu/Debian, this will install supplementary libraries needed -for a few optional modules (note that some might not be available on your distribution): - -``` -apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ - libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird-dev libmemcached-dev libgpg-error-dev \ - libgcrypt11-dev libgcrypt20-dev -``` - -This enables all optional modules and features with the exception of Oracle, -SAP R/3, NCP and the apple filing protocol - which you will need to download and -install from the vendor's web sites. - -For all other Linux derivates and BSD based systems, use the system -software installer and look for similarly named libraries like in the -command above. In all other cases, you have to download all source libraries -and compile them manually. - - - -SUPPORTED PLATFORMS -------------------- -- All UNIX platforms (Linux, *BSD, Solaris, etc.) -- MacOS (basically a BSD clone) -- Windows with Cygwin (both IPv4 and IPv6) -- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - - - -HOW TO USE ----------- -If you just enter `hydra`, you will see a short summary of the important -options available. -Type `./hydra -h` to see all available command line options. - -Note that NO login/password file is included. Generate them yourself. -A default password list is however present, use "dpl4hydra.sh" to generate -a list. - -For Linux users, a GTK GUI is available, try `./xhydra` - -For the command line usage, the syntax is as follows: - For attacking one target or a network, you can use the new "://" style: - hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS - The old mode can be used for these too, and additionally if you want to - specify your targets from a text file, you *must* use this one: - -``` -hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] -``` - -Via the command line options you specify which logins to try, which passwords, -if SSL should be used, how many parallel tasks to use for attacking, etc. - -PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, -http-get or many others are available -TARGET is the target you want to attack -MODULE-OPTIONS are optional values which are special per PROTOCOL module - -FIRST - select your target - you have three options on how to specify the target you want to attack: - 1. a single target on the command line: just put the IP or DNS address in - 2. a network range on the command line: CIDR specification like "192.168.0.0/24" - 3. a list of hosts in a text file: one line per entry (see below) - -SECOND - select your protocol - Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. - Use a port scanner to see which protocols are enabled on the target. - -THIRD - check if the module has optional parameters - hydra -U PROTOCOL - e.g. hydra -U smtp - -FOURTH - the destination port - this is optional, if no port is supplied the default common port for the - PROTOCOL is used. - If you specify SSL to use ("-S" option), the SSL common port is used by default. - - -If you use "://" notation, you must use "[" "]" brackets if you want to supply -IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: - hydra [some command line options] ftp://[192.168.0.0/24]/ - hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM - -Note that everything hydra does is IPv4 only! -If you want to attack IPv6 addresses, you must add the "-6" command line option. -All attacks are then IPv6 only! - -If you want to supply your targets via a text file, you can not use the :// -notation but use the old style and just supply the protocol (and module options): - hydra [some command line options] -M targets.txt ftp -You can also supply the port for each target entry by adding ":" after a -target entry in the file, e.g.: - -``` -foo.bar.com -target.com:21 -unusual.port.com:2121 -default.used.here.com -127.0.0.1 -127.0.0.1:2121 -``` - -Note that if you want to attach IPv6 targets, you must supply the -6 option -and *must* put IPv6 addresses in brackets in the file(!) like this: - -``` -foo.bar.com -target.com:21 -[fe80::1%eth0] -[2001::1] -[2002::2]:8080 -[2a01:24a:133:0:00:123:ff:1a] -``` - -LOGINS AND PASSWORDS --------------------- -You have many options on how to attack with logins and passwords -With -l for login and -p for password you tell hydra that this is the only -login and/or password to try. -With -L for logins and -P for passwords you supply text files with entries. -e.g.: - -``` -hydra -l admin -p password ftp://localhost/ -hydra -L default_logins.txt -p test ftp://localhost/ -hydra -l admin -P common_passwords.txt ftp://localhost/ -hydra -L logins.txt -P passwords.txt ftp://localhost/ -``` - -Additionally, you can try passwords based on the login via the "-e" option. -The "-e" option has three parameters: - -``` -s - try the login as password -n - try an empty password -r - reverse the login and try it as password -``` - -If you want to, e.g. try "try login as password and "empty password", you -specify "-e sn" on the command line. - -But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is separated by a colon, -e.g.: - -``` -admin:password -test:test -foo:bar -``` - -This is a common default account style listing, that is also generated by the -dpl4hydra.sh default account file generator supplied with hydra. -You use such a text file with the -C option - note that in this mode you -can not use -l/-L/-p/-P options (-e nsr however you can). -Example: - -``` -hydra -C default_accounts.txt ftp://localhost/ -``` - -And finally, there is a bruteforce mode with the -x option (which you can not -use with -p/-P/-C): - -``` --x minimum_length:maximum_length:charset -``` - -the charset definition is `a` for lowercase letters, `A` for uppercase letters, -`1` for numbers and for anything else you supply it is their real representation. -Examples: - -``` --x 1:3:a generate passwords from length 1 to 3 with all lowercase letters --x 2:5:/ generate passwords from length 2 to 5 containing only slashes --x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -``` - -Example: - -``` -hydra -l ftp -x 3:3:a ftp://localhost/ -``` - -SPECIAL OPTIONS FOR MODULES ---------------------------- -Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -command line option, you can pass one option to a module. -Many modules use this, a few require it! - -To see the special option of a module, type: - - hydra -U - -e.g. - - ./hydra -U http-post-form - -The special options can be passed via the -m parameter, as 3rd command line -option or in the service://target/option format. - -Examples (they are all equal): - -``` -./hydra -l test -p test -m PLAIN 127.0.0.1 imap -./hydra -l test -p test 127.0.0.1 imap PLAIN -./hydra -l test -p test imap://127.0.0.1/PLAIN -``` - -RESTORING AN ABORTED/CRASHED SESSION ------------------------------------- -When hydra is aborted with Control-C, killed or crashes, it leaves a -"hydra.restore" file behind which contains all necessary information to -restore the session. This session file is written every 5 minutes. -NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little endian to big endian, or from Solaris to AIX) - -HOW TO SCAN/CRACK OVER A PROXY ------------------------------- -The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works -just for the http services!). -The following syntax is valid: - -``` -HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" -HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" -HYDRA_PROXY_HTTP="proxylist.txt" -``` - -The last example is a text file containing up to 64 proxies (in the same -format definition as the other examples). - -For all other services, use the HYDRA_PROXY variable to scan/crack. -It uses the same syntax. eg: - -``` -HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port -``` - -for example: - -``` -HYDRA_PROXY=connect://proxy.anonymizer.com:8000 -HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 -HYDRA_PROXY=socksproxylist.txt -``` - -ADDITIONAL HINTS ----------------- -* sort your password files by likelihood and use the -u option to find - passwords much faster! -* uniq your dictionary files! this can save you a lot of time :-) - cat words.txt | sort | uniq > dictionary.txt -* if you know that the target is using a password policy (allowing users - only to choose a password with a minimum length of 6, containing a least one - letter and one number, etc. use the tool pw-inspector which comes along - with the hydra package to reduce the password list: - cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt - - -RESULTS OUTPUT --------------- - -The results are output to stdio along with the other information. Via the -o -command line option, the results can also be written to a file. Using -b, -the format of the output can be specified. Currently, these are supported: - -* `text` - plain text format -* `jsonv1` - JSON data using version 1.x of the schema (defined below). -* `json` - JSON data using the latest version of the schema, currently there - is only version 1. - -If using JSON output, the results file may not be valid JSON if there are -serious errors in booting Hydra. - - -JSON Schema ------------ -Here is an example of the JSON output. Notes on some of the fields: - -* `errormessages` - an array of zero or more strings that are normally printed - to stderr at the end of the Hydra's run. The text is very free form. -* `success` - indication if Hydra ran correctly without error (**NOT** if - passwords were detected). This parameter is either the JSON value `true` - or `false` depending on completion. -* `quantityfound` - How many username+password combinations discovered. -* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, - 2.03, etc. Hydra will make second tuple of the version to always be two - digits to make it easier for downstream processors (as opposed to v1.1 vs - v1.10). The minor-level versions are additive, so 1.02 will contain more - fields than version 1.00 and will be backward compatible. Version 2.x will - break something from version 1.x output. - -Version 1.00 example: -``` -{ - "errormessages": [ - "[ERROR] Error Message of Something", - "[ERROR] Another Message", - "These are very free form" - ], - "generator": { - "built": "2021-03-01 14:44:22", - "commandline": "hydra -b jsonv1 -o results.json ... ...", - "jsonoutputversion": "1.00", - "server": "127.0.0.1", - "service": "http-post-form", - "software": "Hydra", - "version": "v8.5" - }, - "quantityfound": 2, - "results": [ - { - "host": "127.0.0.1", - "login": "bill@example.com", - "password": "bill", - "port": 9999, - "service": "http-post-form" - }, - { - "host": "127.0.0.1", - "login": "joe@example.com", - "password": "joe", - "port": 9999, - "service": "http-post-form" - } - ], - "success": false -} -``` - - -SPEED ------ -through the parallelizing feature, this password cracker tool can be very -fast, however it depends on the protocol. The fastest are generally POP3 -and FTP. -Experiment with the task option (-t) to speed things up! The higher - the -faster ;-) (but too high - and it disables the service) - - - -STATISTICS ----------- -Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing -295 entries (294 tries invalid logins, 1 valid). Every test was run three -times (only for "1 task" just once), and the average noted down. - -``` - P A R A L L E L T A S K S -SERVICE 1 4 8 16 32 50 64 100 128 -------- -------------------------------------------------------------------- -telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* -ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 -pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 -imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 -``` - -(*) -Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with -128 tasks, running four times resulted in timings between 28 and 97 seconds! -The reason for this is unknown... - -guesses per task (rounded up): - - 295 74 38 19 10 6 5 3 3 - -guesses possible per connect (depends on the server software and config): - - telnet 4 - ftp 6 - pop3 1 - imap 3 - - - -BUGS & FEATURES ---------------- -Hydra: -Email me or David if you find bugs or if you have written a new module. -vh@thc.org (and put "antispam" in the subject line) - - -You should use PGP to encrypt emails to vh@thc.org : - -``` ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v3.3.3 (vh@thc.org) - -mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT -KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ -FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c -vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k -Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p -lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI -zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI -DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf -lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN -DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 -n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB -tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC -F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ -xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH -Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 -qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz -dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp -QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga -V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 -slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl -Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM -0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP -JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs -IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL -CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS -AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ -HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR -2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C -nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc -XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 -Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL -ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V -l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F -n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl -7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb -/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii -tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 -Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR -gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt -x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 -0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS -+C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw -G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA -oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr -rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC -v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 -02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv -s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ -Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK -d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP -gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y -ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP -8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd -X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD -aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN -cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC -Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR -zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni -1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT -zB3yrr+vYBT0uDWmxwPjiJs= -=ytEf ------END PGP PUBLIC KEY BLOCK----- -``` From 2d12a0df6a2a441673d71316abd8c3ee30ee4ab0 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:06:21 -0500 Subject: [PATCH 179/332] Create index.md --- docs/android/index.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 docs/android/index.md diff --git a/docs/android/index.md b/docs/android/index.md new file mode 100644 index 0000000..4480b3c --- /dev/null +++ b/docs/android/index.md @@ -0,0 +1,27 @@ +## thc-hydra +### How to compile hydra on Android + +Hydra is layers running on Android without rodent permission, +this is thanks to [Termux](https://termux.com/), A powerful emulator +of terminal with an ecosystem of packages. + +To compile hydra on Android, you will need to download +[Termux](https://termux.com/). + +I note that termux no longer provides support +for Android devices less than or equal to Android 6, +therefore your cell phone must be Android 7 or higher. + +After installing termux, enter the following commands +at your terminal: + +``` +# Update package list +pkg update && pkg upgrade +# Installing dependencies +pkg install -y x11-repo +pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 +# Compiling hydra +./configure --prefix=$PREFIX +make && make install +``` From d260804d19fcb2d547fc88ac01f083cbdab6f6b5 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:12:12 -0500 Subject: [PATCH 180/332] Update index.md --- docs/android/index.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/android/index.md b/docs/android/index.md index 4480b3c..43eaaa0 100644 --- a/docs/android/index.md +++ b/docs/android/index.md @@ -25,3 +25,16 @@ pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 ./configure --prefix=$PREFIX make && make install ``` + +To use xhydra, you will need to install a graphical output in termux, you can be guided from this article: + +[https://wiki.termux.com/wiki/Graphical_Environment](https://wiki.termux.com/wiki/Graphical_Environment) + +If you have never used a GUI on Android or are not able to configure it, +you can use these projects from the termux community: + +- [openbox by adi1090x](https://github.com/adi1090x/termux-desktop) + +- [lxqt by yisus](https://github.com/Yisus7u7/termux-desktop-lxqt) + +- [xfce4 by yisus](https://github.com/Yisus7u7/termux-desktop-xfce) From 54c2e85d797f5b1b29f759a418c863ce9ebcbf08 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:13:24 -0500 Subject: [PATCH 181/332] Update index.md --- docs/android/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/android/index.md b/docs/android/index.md index 43eaaa0..9a87fa5 100644 --- a/docs/android/index.md +++ b/docs/android/index.md @@ -1,7 +1,7 @@ ## thc-hydra ### How to compile hydra on Android -Hydra is layers running on Android without rodent permission, +Hydra can run on Android without root permissions, this is thanks to [Termux](https://termux.com/), A powerful emulator of terminal with an ecosystem of packages. From 9fc4aabd6b71e5b2e6549b2be3398ff22c5b6676 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:15:08 -0500 Subject: [PATCH 182/332] Update index.md --- docs/android/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/android/index.md b/docs/android/index.md index 9a87fa5..4b70ab9 100644 --- a/docs/android/index.md +++ b/docs/android/index.md @@ -26,7 +26,9 @@ pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 make && make install ``` -To use xhydra, you will need to install a graphical output in termux, you can be guided from this article: +then you can use hydra in the termux terminal + +To use xhydra (GUI), you will need to install a graphical output in termux, you can be guided from this article: [https://wiki.termux.com/wiki/Graphical_Environment](https://wiki.termux.com/wiki/Graphical_Environment) From cf325b000898fe4699e07d82267d753ba05f5ba8 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:18:57 -0500 Subject: [PATCH 183/332] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0657f26..0c4e3b6 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,7 @@ make make install ``` +`Note`: To compile hydra on Android (termux) [follow this articule](https://vanhauser-thc.github.io/thc-hydra/docs/android) If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from [http://www.libssh.org](http://www.libssh.org), for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. From 3b9280da3ace333c268bb530a493d9a8a16e764f Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:19:51 -0500 Subject: [PATCH 184/332] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c4e3b6..1e059ad 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,9 @@ make make install ``` -`Note`: To compile hydra on Android (termux) [follow this articule](https://vanhauser-thc.github.io/thc-hydra/docs/android) +`Note`: To compile hydra on Android (termux) [follow this articule](https://vanhauser-thc.github.io/thc-hydra/docs/android) + + If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from [http://www.libssh.org](http://www.libssh.org), for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. From e02b0d41e5013fc4b516cd57285f54e05a58cfa6 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:30:45 -0500 Subject: [PATCH 185/332] Show repo info in image --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 1e059ad..dd0f8e0 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +![image](https://opengraph.githubassets.com/91871daab983cd69e18846c4f5c40a547e91638b3fe6064d81d9bb4574d95e73/vanhauser-thc/thc-hydra) + + H Y D R A From 12dc488f3f3d4c8ff98dfb2994633ea2bfc70ff5 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 22:55:27 -0500 Subject: [PATCH 186/332] Set theme jekyll-theme-slate --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 225f091..427c783 100644 --- a/_config.yml +++ b/_config.yml @@ -1,2 +1,2 @@ title: "thc-hydra" -theme: jekyll-theme-midnight +theme: jekyll-theme-slate From 92ef7d7455d8aca7ed6f3295d0dc21bcd28741ed Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Jun 2021 16:16:43 +0200 Subject: [PATCH 187/332] Revert "Merge pull request #666 from Yisus7u7/master" This reverts commit 5b98a23140d50b40389b284d64d0f2396f386efc, reversing changes made to a6784e40213b3709990f307f0e892832680625cc. --- README.md | 14 ++++---------- _config.yml | 2 +- docs/android/index.md | 42 ------------------------------------------ 3 files changed, 5 insertions(+), 53 deletions(-) delete mode 100644 docs/android/index.md diff --git a/README.md b/README.md index dd0f8e0..322da43 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,3 @@ -![image](https://opengraph.githubassets.com/91871daab983cd69e18846c4f5c40a547e91638b3fe6064d81d9bb4574d95e73/vanhauser-thc/thc-hydra) - - H Y D R A @@ -55,12 +52,12 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-) WHERE TO GET ------------ You can always find the newest release/production version of hydra at its -project page at [https://github.com/vanhauser-thc/thc-hydra/releases](https://github.com/vanhauser-thc/thc-hydra/releases) +project page at https://github.com/vanhauser-thc/thc-hydra/releases If you are interested in the current development state, the public development repository is at Github: - svn co [https://github.com/vanhauser-thc/thc-hydra](https://github.com/vanhauser-thc/thc-hydra) + svn co https://github.com/vanhauser-thc/thc-hydra or - git clone [https://github.com/vanhauser-thc/thc-hydra](https://github.com/vanhauser-thc/thc-hydra) + git clone https://github.com/vanhauser-thc/thc-hydra Use the development version at your own risk. It contains new features and new bugs. Things might not work! @@ -76,11 +73,8 @@ make make install ``` -`Note`: To compile hydra on Android (termux) [follow this articule](https://vanhauser-thc.github.io/thc-hydra/docs/android) - - If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from [http://www.libssh.org](http://www.libssh.org), for ssh v1 support you also need +system, get it from http://www.libssh.org, for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! diff --git a/_config.yml b/_config.yml index 427c783..225f091 100644 --- a/_config.yml +++ b/_config.yml @@ -1,2 +1,2 @@ title: "thc-hydra" -theme: jekyll-theme-slate +theme: jekyll-theme-midnight diff --git a/docs/android/index.md b/docs/android/index.md deleted file mode 100644 index 4b70ab9..0000000 --- a/docs/android/index.md +++ /dev/null @@ -1,42 +0,0 @@ -## thc-hydra -### How to compile hydra on Android - -Hydra can run on Android without root permissions, -this is thanks to [Termux](https://termux.com/), A powerful emulator -of terminal with an ecosystem of packages. - -To compile hydra on Android, you will need to download -[Termux](https://termux.com/). - -I note that termux no longer provides support -for Android devices less than or equal to Android 6, -therefore your cell phone must be Android 7 or higher. - -After installing termux, enter the following commands -at your terminal: - -``` -# Update package list -pkg update && pkg upgrade -# Installing dependencies -pkg install -y x11-repo -pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 -# Compiling hydra -./configure --prefix=$PREFIX -make && make install -``` - -then you can use hydra in the termux terminal - -To use xhydra (GUI), you will need to install a graphical output in termux, you can be guided from this article: - -[https://wiki.termux.com/wiki/Graphical_Environment](https://wiki.termux.com/wiki/Graphical_Environment) - -If you have never used a GUI on Android or are not able to configure it, -you can use these projects from the termux community: - -- [openbox by adi1090x](https://github.com/adi1090x/termux-desktop) - -- [lxqt by yisus](https://github.com/Yisus7u7/termux-desktop-lxqt) - -- [xfce4 by yisus](https://github.com/Yisus7u7/termux-desktop-xfce) From d3f784ab64b9f44ab31c38d980c63b1a3140300b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Jun 2021 16:17:44 +0200 Subject: [PATCH 188/332] fix --- README.md => README | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename README.md => README (100%) diff --git a/README.md b/README similarity index 100% rename from README.md rename to README From 93283091d03ee509fd6968bf07959df2119f5503 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 24 Jun 2021 09:22:53 +0200 Subject: [PATCH 189/332] sscanf change --- hydra-sip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-sip.c b/hydra-sip.c index 6be4d93..9c5ad78 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -42,7 +42,7 @@ int32_t get_sip_code(char *buf) { int32_t code; char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF]; - if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3) + if (sscanf(buf, "%256s %i %256s", tmpbuf, &code, word) != 3) return -1; return code; } From 0b1f3c5037b042f19bc5a74b4d6c72df3c96b2de Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 29 Jun 2021 12:04:36 +0200 Subject: [PATCH 190/332] fix ssh for -M and ip/range --- CHANGES | 3 +++ hydra-ssh.c | 6 ++++-- hydra-sshkey.c | 3 ++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index e895e03..b481211 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ Changelog for hydra ------------------- +Release 9.3-dev +* fix for ssh to support -M or ip/range + Release 9.2 * fix for http-post-form optional parameters diff --git a/hydra-ssh.c b/hydra-ssh.c index ef4a691..eb021ce 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -34,11 +34,12 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char if (new_session) { if (session) { ssh_disconnect(session); - ssh_finalize(); + //ssh_finalize(); ssh_free(session); + } else { + ssh_init(); } - ssh_init(); session = ssh_new(); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); @@ -173,6 +174,7 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc // 3 skip target because its unreachable #ifdef LIBSSH int32_t rc, method; + ssh_init(); ssh_session session = ssh_new(); if (verbose || debug) diff --git a/hydra-sshkey.c b/hydra-sshkey.c index 113d6de..092d655 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -33,8 +33,9 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, c if (new_session) { if (session) { ssh_disconnect(session); - ssh_finalize(); ssh_free(session); + } else { + ssh_init(); } session = ssh_new(); From b375bbc33264f3cedd0b75096a663c36c88b3770 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 29 Jun 2021 12:15:03 +0200 Subject: [PATCH 191/332] skip host when password is found on password-only checks --- CHANGES | 2 ++ hydra.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index b481211..1afb314 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,8 @@ Changelog for hydra Release 9.3-dev * fix for ssh to support -M or ip/range +* for vnc/cisco/... protocols that only check for a password, skip host + after the password is found Release 9.2 diff --git a/hydra.c b/hydra.c index 0c889f8..6c5b82f 100644 --- a/hydra.c +++ b/hydra.c @@ -3310,6 +3310,9 @@ int main(int argc, char *argv[]) { hydra_options.port = port; } + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) + hydra_options.exit_found = 1; + if (hydra_options.ssl == 0 && hydra_options.port == 443) fprintf(stderr, "[WARNING] you specified port 443 for attacking a http " "service, however did not specify the -S ssl switch nor " From cf2015365553a933e8d6d19e4aacae3697559fcf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 1 Aug 2021 11:06:15 +0200 Subject: [PATCH 192/332] smtp-enum: skip host on unsupported command --- hydra-mod.c | 6 ++++-- hydra-smtp-enum.c | 10 ++++++++-- hydra.c | 15 +++++++++++++++ 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index befa365..4d34b2a 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -637,9 +637,11 @@ void hydra_child_exit(int32_t code) { __fck = write(intern_socket, "C", 1); else if (code == 2) /* application protocol error or service shutdown */ __fck = write(intern_socket, "E", 1); - // code 3 means exit without telling mommy about it - a bad idea. mommy should + else if (code == 3) /* application protocol error or service shutdown */ + __fck = write(intern_socket, "D", 1); + // code 4 means exit without telling mommy about it - a bad idea. mommy should // know - else if (code == -1 || code > 3) { + else if (code == -1 || code > 4) { fprintf(stderr, "[TOTAL FUCKUP] a module should not use " "hydra_child_exit(-1) ! Fix it in the source please ...\n"); __fck = write(intern_socket, "E", 1); diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c index ddc0355..d887307 100644 --- a/hydra-smtp-enum.c +++ b/hydra-smtp-enum.c @@ -128,13 +128,13 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options //#endif // hydra_report(stderr, "Server %s", err); // } - if (strncmp(buf, "500 ", 4) == 0) { + if (strncmp(buf, "500 ", 4) == 0 || strncmp(buf, "502 ", 4) == 0) { hydra_report(stderr, "[ERROR] command is disabled on the server (choose " "different method): %s", buf); free(buf); - return 3; + return 4; } memset(buffer, 0, sizeof(buffer)); // 503 5.5.1 Error: nested MAIL command @@ -245,6 +245,12 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt } hydra_child_exit(0); return; + case 4: /* unsupported exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(3); + return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); diff --git a/hydra.c b/hydra.c index 6c5b82f..24dde22 100644 --- a/hydra.c +++ b/hydra.c @@ -4156,6 +4156,21 @@ int main(int argc, char *argv[]) { fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack break; + case 'D': // disable target, unknown protocol or feature + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done == TARGET_ACTIVE) { + hydra_targets[j]->done = TARGET_FINISHED; + hydra_brains.finished++; + } + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0 && hydra_heads[j]->target_no == target_no) { + if (hydra_brains.targets > hydra_brains.finished) + hydra_kill_head(j, 1, 0); // kill all heads working on the target + else + hydra_kill_head(j, 1, 2); // kill all heads working on the target + } + break; + // we do not make a difference between 'C' and 'E' results - yet case 'E': // head reports protocol error case 'C': // head reports connect error From edc910628f9e883cf3bc4755f984f9a8b9b18318 Mon Sep 17 00:00:00 2001 From: horner Date: Thu, 5 Aug 2021 13:52:18 -0400 Subject: [PATCH 193/332] telnet detects password retries with same user --- hydra-telnet.c | 45 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 4 deletions(-) diff --git a/hydra-telnet.c b/hydra-telnet.c index 39908f9..63fcb23 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -75,16 +75,53 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c } /*win7 answering with do terminal type = 0xfd 0x18 */ - while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL || strchr(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "password:") == NULL || strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) + || (miscptr == NULL + && strstr(buf, "invalid") == NULL + && strstr(buf, "incorrect") == NULL + && strstr(buf, "bad ") == NULL + && (strchr(buf, '/') != NULL + || strchr(buf, '>') != NULL + || strchr(buf, '$') != NULL + || strchr(buf, '#') != NULL + || strchr(buf, '%') != NULL + || ((buf[1] == '\xfd') + && (buf[2] == '\x18'))) + )) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; - } - free(buf); + } else if (buf && strstr(buf, "assword:") ) { + hydra_completed_pair(); + //printf("password prompt\n"); + free(buf); + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + sprintf(buffer, "%s\r", pass); + if (no_line_mode) { + for (i = 0; i < strlen(buffer); i++) { + if (strcmp(&buffer[i], "\r") == 0) { + send(s, "\r\0", 2, 0); + } else { + send(s, &buffer[i], 1, 0); + } + usleepn(20); + } + } else { + if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { + return 1; + } + } + } else if (buf && strstr(buf, "login:") ) { + free(buf); + hydra_completed_pair(); + return 2; + } else + free(buf); } hydra_completed_pair(); From 93cee75419eb67b6ae34bf75bc2a57c50e0ea03e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 17 Aug 2021 18:21:35 +0200 Subject: [PATCH 194/332] added make uninstall --- CHANGES | 1 + Makefile | 3 +++ Makefile.am | 6 ++++++ Makefile.orig | 3 +++ 4 files changed, 13 insertions(+) diff --git a/CHANGES b/CHANGES index 1afb314..50d56fd 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,7 @@ Release 9.3-dev * fix for ssh to support -M or ip/range * for vnc/cisco/... protocols that only check for a password, skip host after the password is found +* added "make uninstall" Release 9.2 diff --git a/Makefile b/Makefile index 372e67e..0fc0d2e 100644 --- a/Makefile +++ b/Makefile @@ -3,3 +3,6 @@ all: clean: cp -f Makefile.orig Makefile + +uninstall: + @echo Error: you must run "./configure" first diff --git a/Makefile.am b/Makefile.am index 1cd9156..a85c99d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -89,3 +89,9 @@ clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile +uninstall: + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv + -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 + -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png + -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop diff --git a/Makefile.orig b/Makefile.orig index 372e67e..0fc0d2e 100644 --- a/Makefile.orig +++ b/Makefile.orig @@ -3,3 +3,6 @@ all: clean: cp -f Makefile.orig Makefile + +uninstall: + @echo Error: you must run "./configure" first From 84c7b116db1b054cb3effa840c87fb098d1ae03a Mon Sep 17 00:00:00 2001 From: ultimaiiii <89281437+ultimaiiii@users.noreply.github.com> Date: Fri, 20 Aug 2021 23:09:51 +0000 Subject: [PATCH 195/332] New CobaltStrike module --- Makefile | 108 +++++++++++++++++++++++++++++++++++-- hydra-cobaltstrike.c | 126 +++++++++++++++++++++++++++++++++++++++++++ hydra.c | 8 ++- hydra.h | 2 + 4 files changed, 240 insertions(+), 4 deletions(-) create mode 100644 hydra-cobaltstrike.c diff --git a/Makefile b/Makefile index 0fc0d2e..fe872d7 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,110 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DHAVE_GCRYPT -DLIBMCACHED -DHAVE_MATH_H +XLIBS= -lgcrypt -lz -lssl -lfbclient -lidn -lpcre -lmysqlclient -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/usr/lib/x86_64-linux-gnu -L/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu +XIPATHS= -I/usr/include/mysql -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached-1.0 +PREFIX=/usr/local +XHYDRA_SUPPORT=xhydra +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro + +# +# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC +# +WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations +WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align +CFLAGS ?= -g +OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition +# -Wall -g -pedantic +LIBS=-lm +DESTDIR ?= +BINDIR = /bin +MANDIR = /man/man1/ +DATADIR = /etc +PIXDIR = /share/pixmaps +APPDIR = /share/applications + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-cobaltstrike.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) + -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ + -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) + -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - @echo Error: you must run "./configure" first + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv + -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 + -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png + -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop diff --git a/hydra-cobaltstrike.c b/hydra-cobaltstrike.c new file mode 100644 index 0000000..64092cf --- /dev/null +++ b/hydra-cobaltstrike.c @@ -0,0 +1,126 @@ +#include "hydra-mod.h" + +#define MSLEN 256 + +extern char *HYDRA_EXIT; +char *buf; + +int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *pass, buffer[4 + 1 + 256]; + char ms_pass[MSLEN + 1]; + unsigned char len_pass; + unsigned char reply_byte_0; + unsigned char reply_byte_1; + unsigned char reply_byte_2; + unsigned char reply_byte_3; + int32_t ret = -1; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + if (strlen(pass) > MSLEN) + pass[MSLEN - 1] = 0; + len_pass = strlen(pass); + memset(ms_pass, 0, MSLEN + 1); + strcpy(ms_pass, pass); + + memset(buffer, 0x41, sizeof(buffer)); + buffer[0] = 0x00; + buffer[1] = 0x00; + buffer[2] = 0xBE; + buffer[3] = 0xEF; + memcpy(buffer + 4, &len_pass, 1); + memcpy(buffer + 5, ms_pass, len_pass); + + if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) + return 1; + + reply_byte_0 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_0, 1); + if (ret <= 0) + return 3; + + reply_byte_1 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_1, 1); + if (ret <= 0) + return 3; + + reply_byte_2 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_2, 1); + if (ret <= 0) + return 3; + + reply_byte_3 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_3, 1); + if (ret <= 0) + return 3; + + if (reply_byte_0 == 0x00 && reply_byte_1 == 0x00 && reply_byte_2 == 0xCA && reply_byte_3 == 0xFE) { + hydra_report_found_host(port, ip, "cobaltstrike", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; +} + +void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = start_cobaltstrike(sock, ip, port, options, miscptr, fp); + hydra_disconnect(sock); + break; + case 2: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra.c b/hydra.c index 24dde22..9047336 100644 --- a/hydra.c +++ b/hydra.c @@ -78,6 +78,7 @@ extern void service_http_post_form(char *ip, int32_t sp, unsigned char options, extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); @@ -178,6 +179,7 @@ extern int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, ch extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); @@ -208,7 +210,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " "memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid " "pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap " "rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh " - "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; + "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp cobaltstrike"; #define MAXBUF 520 #define MAXLINESIZE ((MAXBUF / 2) - 4) @@ -402,6 +404,7 @@ static const struct { {"memcached", service_mcached_init, service_mcached, NULL}, #endif SERVICE(mssql), + SERVICE(cobaltstrike), #ifdef LIBMONGODB SERVICE3("mongodb", mongodb), #endif @@ -1344,6 +1347,7 @@ int32_t hydra_lookup_port(char *service) { {"memcached", PORT_MCACHED, PORT_MCACHED_SSL}, {"mongodb", PORT_MONGODB, PORT_MONGODB}, {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"cobaltstrike", PORT_COBALTSTRIKE, PORT_COBALTSTRIKE_SSL}, {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, @@ -2800,6 +2804,8 @@ int main(int argc, char *argv[]) { } if (strcmp(hydra_options.service, "mssql") == 0) i = 1; + if (strcmp(hydra_options.service, "cobaltstrike") == 0) + i = 2; if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { i = 2; hydra_options.service = malloc(strlen("oracle-listener") + 1); diff --git a/hydra.h b/hydra.h index 6698eaf..353b318 100644 --- a/hydra.h +++ b/hydra.h @@ -101,6 +101,8 @@ #define PORT_MYSQL_SSL 3306 #define PORT_MSSQL 1433 #define PORT_MSSQL_SSL 1433 +#define PORT_COBALTSTRIKE 50050 +#define PORT_COBALTSTRIKE_SSL 50050 #define PORT_POSTGRES 5432 #define PORT_POSTGRES_SSL 5432 #define PORT_ORACLE 1521 From 63badb59afbf6d0f6937bc34f524b7e1d6ad1ba5 Mon Sep 17 00:00:00 2001 From: ultimaiiii <89281437+ultimaiiii@users.noreply.github.com> Date: Fri, 20 Aug 2021 23:18:46 +0000 Subject: [PATCH 196/332] Makefile fix --- Makefile | 108 ++-------------------------------------------------- Makefile.am | 4 +- 2 files changed, 5 insertions(+), 107 deletions(-) diff --git a/Makefile b/Makefile index fe872d7..0fc0d2e 100644 --- a/Makefile +++ b/Makefile @@ -1,110 +1,8 @@ -STRIP=strip -XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DHAVE_GCRYPT -DLIBMCACHED -DHAVE_MATH_H -XLIBS= -lgcrypt -lz -lssl -lfbclient -lidn -lpcre -lmysqlclient -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/usr/lib/x86_64-linux-gnu -L/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu -XIPATHS= -I/usr/include/mysql -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached-1.0 -PREFIX=/usr/local -XHYDRA_SUPPORT=xhydra -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro - -# -# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC -# -WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations -WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align -CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition -# -Wall -g -pedantic -LIBS=-lm -DESTDIR ?= -BINDIR = /bin -MANDIR = /man/man1/ -DATADIR = /etc -PIXDIR = /share/pixmaps -APPDIR = /share/applications - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-cobaltstrike.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ - hydra-smb2.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ - hydra-smb2.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) - -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ - -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) - -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv - -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 - -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png - -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop + @echo Error: you must run "./configure" first diff --git a/Makefile.am b/Makefile.am index a85c99d..3768fe3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ APPDIR = /share/applications SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-cobaltstrike.c hydra-xmpp.c \ hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ @@ -31,7 +31,7 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ From cb8fccda71b3b91d04cfa6a26a96e87bae529e39 Mon Sep 17 00:00:00 2001 From: ultimaiiii <89281437+ultimaiiii@users.noreply.github.com> Date: Sat, 21 Aug 2021 17:07:40 +0000 Subject: [PATCH 197/332] Rename MS to CS --- hydra-cobaltstrike.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/hydra-cobaltstrike.c b/hydra-cobaltstrike.c index 64092cf..5997bf7 100644 --- a/hydra-cobaltstrike.c +++ b/hydra-cobaltstrike.c @@ -1,6 +1,6 @@ #include "hydra-mod.h" -#define MSLEN 256 +#define CSLEN 256 extern char *HYDRA_EXIT; char *buf; @@ -8,7 +8,7 @@ char *buf; int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[4 + 1 + 256]; - char ms_pass[MSLEN + 1]; + char cs_pass[CSLEN + 1]; unsigned char len_pass; unsigned char reply_byte_0; unsigned char reply_byte_1; @@ -18,11 +18,11 @@ int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char opti if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - if (strlen(pass) > MSLEN) - pass[MSLEN - 1] = 0; + if (strlen(pass) > CSLEN) + pass[CSLEN - 1] = 0; len_pass = strlen(pass); - memset(ms_pass, 0, MSLEN + 1); - strcpy(ms_pass, pass); + memset(cs_pass, 0, CSLEN + 1); + strcpy(cs_pass, pass); memset(buffer, 0x41, sizeof(buffer)); buffer[0] = 0x00; @@ -30,7 +30,7 @@ int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char opti buffer[2] = 0xBE; buffer[3] = 0xEF; memcpy(buffer + 4, &len_pass, 1); - memcpy(buffer + 5, ms_pass, len_pass); + memcpy(buffer + 5, cs_pass, len_pass); if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) return 1; @@ -74,7 +74,7 @@ int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char opti void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; + int32_t mysslport = PORT_COBALTSTRIKE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) From c9da8671419a9da9eaa0363999663d1bfbd973b8 Mon Sep 17 00:00:00 2001 From: ultimaiiii <89281437+ultimaiiii@users.noreply.github.com> Date: Sat, 21 Aug 2021 17:12:40 +0000 Subject: [PATCH 198/332] Move CS service to keep service list sorted --- hydra.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index 9047336..5db647b 100644 --- a/hydra.c +++ b/hydra.c @@ -204,13 +204,13 @@ extern int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, ch extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); // ADD NEW SERVICES HERE -char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " +char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs firebird ftp[s] " "http[s]-{head|get|post} http[s]-{get|post}-form http-proxy " "http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] " "memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid " "pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap " "rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh " - "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp cobaltstrike"; + "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; #define MAXBUF 520 #define MAXLINESIZE ((MAXBUF / 2) - 4) From 67ef4c733ff047a1d1b1bc622bb587db9db4c983 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 23 Aug 2021 11:31:58 +0200 Subject: [PATCH 199/332] code format --- CHANGES | 1 + Makefile.am | 4 ++-- hydra-cobaltstrike.c | 8 ++++---- hydra-mod.h | 2 +- hydra-sip.c | 12 ++++-------- hydra-ssh.c | 2 +- hydra-telnet.c | 20 ++++---------------- hydra.c | 7 +++++-- 8 files changed, 22 insertions(+), 34 deletions(-) diff --git a/CHANGES b/CHANGES index 50d56fd..398cd19 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 9.3-dev +* New module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range * for vnc/cisco/... protocols that only check for a password, skip host after the password is found diff --git a/Makefile.am b/Makefile.am index 3768fe3..10cad3a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ APPDIR = /share/applications SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-cobaltstrike.c hydra-xmpp.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ @@ -25,7 +25,7 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ + hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ hydra-smb2.c OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ diff --git a/hydra-cobaltstrike.c b/hydra-cobaltstrike.c index 5997bf7..6c40e64 100644 --- a/hydra-cobaltstrike.c +++ b/hydra-cobaltstrike.c @@ -35,22 +35,22 @@ int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char opti if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) return 1; - reply_byte_0 = 0x00; + reply_byte_0 = 0x00; ret = hydra_recv_nb(s, &reply_byte_0, 1); if (ret <= 0) return 3; - reply_byte_1 = 0x00; + reply_byte_1 = 0x00; ret = hydra_recv_nb(s, &reply_byte_1, 1); if (ret <= 0) return 3; - reply_byte_2 = 0x00; + reply_byte_2 = 0x00; ret = hydra_recv_nb(s, &reply_byte_2, 1); if (ret <= 0) return 3; - reply_byte_3 = 0x00; + reply_byte_3 = 0x00; ret = hydra_recv_nb(s, &reply_byte_3, 1); if (ret <= 0) return 3; diff --git a/hydra-mod.h b/hydra-mod.h index 636efb5..f0c22c4 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -71,7 +71,7 @@ char *cmdlinetarget; typedef int32_t BOOL; #else /* __APPLE__ */ /* ensure compatibility with objc libraries */ -#if (TARGET_OS_IPHONE && __LP64__) || TARGET_OS_WATCH +#if (TARGET_OS_IPHONE && __LP64__) || TARGET_OS_WATCH typedef bool BOOL; #else typedef signed char BOOL; diff --git a/hydra-sip.c b/hydra-sip.c index 9c5ad78..c9d71d2 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -71,14 +71,12 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u } int32_t has_sip_cred = 0; - int32_t try - = 0; + int32_t try = 0; /* We have to check many times because server may begin to send "100 Trying" * before "401 Unauthorized" */ while (try < 2 && !has_sip_cred) { - try - ++; + try++; if (hydra_data_ready_timed(s, 3, 0) > 0) { i = hydra_recv(s, (char *)buf, sizeof(buf) - 1); if (i > 0) @@ -160,14 +158,12 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; } - try - = 0; + try = 0; int32_t has_resp = 0; int32_t sip_code = 0; while (try < 2 && !has_resp) { - try - ++; + try++; if (hydra_data_ready_timed(s, 5, 0) > 0) { memset(buf, 0, sizeof(buf)); if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0) diff --git a/hydra-ssh.c b/hydra-ssh.c index eb021ce..785ae1e 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -34,7 +34,7 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char if (new_session) { if (session) { ssh_disconnect(session); - //ssh_finalize(); + // ssh_finalize(); ssh_free(session); } else { ssh_init(); diff --git a/hydra-telnet.c b/hydra-telnet.c index 63fcb23..183621a 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -76,28 +76,16 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c /*win7 answering with do terminal type = 0xfd 0x18 */ while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "password:") == NULL || strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) - || (miscptr == NULL - && strstr(buf, "invalid") == NULL - && strstr(buf, "incorrect") == NULL - && strstr(buf, "bad ") == NULL - && (strchr(buf, '/') != NULL - || strchr(buf, '>') != NULL - || strchr(buf, '$') != NULL - || strchr(buf, '#') != NULL - || strchr(buf, '%') != NULL - || ((buf[1] == '\xfd') - && (buf[2] == '\x18'))) - )) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "incorrect") == NULL && strstr(buf, "bad ") == NULL && (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL || strchr(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; - } else if (buf && strstr(buf, "assword:") ) { + } else if (buf && strstr(buf, "assword:")) { hydra_completed_pair(); - //printf("password prompt\n"); + // printf("password prompt\n"); free(buf); if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; @@ -116,7 +104,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } } - } else if (buf && strstr(buf, "login:") ) { + } else if (buf && strstr(buf, "login:")) { free(buf); hydra_completed_pair(); return 2; diff --git a/hydra.c b/hydra.c index 5db647b..54038da 100644 --- a/hydra.c +++ b/hydra.c @@ -1935,8 +1935,11 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { // the above line } if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, - hydra_targets[target_no]->redo); + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", + hydra_targets[target_no]->redo_state ? "REDO-" + : snp_is_redo ? "RE-" + : "", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, hydra_targets[target_no]->redo); } loop_cnt = 0; return 0; From 5cb14100f87daa6190a6e811e47852180ef2748a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 31 Aug 2021 09:37:06 +0200 Subject: [PATCH 200/332] remove old option from help output --- hydra.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/hydra.c b/hydra.c index 54038da..5ffecbe 100644 --- a/hydra.c +++ b/hydra.c @@ -596,8 +596,6 @@ void help_bfg() { "others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n" - " -r use a shuffling method called 'rain' to try to break\n" - " the linearity of the bruteforce\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all " "lowercase letters\n" From b3bd06833480e3ae99102b6ff8e0fce867f4c308 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 6 Oct 2021 15:21:26 +0200 Subject: [PATCH 201/332] fix nits --- hydra-cisco.c | 2 +- hydra-vnc.c | 2 +- hydra.c | 14 +++++++------- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/hydra-cisco.c b/hydra-cisco.c index 72709ac..e31c749 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -5,7 +5,7 @@ #endif extern char *HYDRA_EXIT; -char *buf = NULL; +static char *buf = NULL; int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; diff --git a/hydra-vnc.c b/hydra-vnc.c index aeecd59..c836371 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -19,7 +19,7 @@ int32_t vnc_client_version = RFB33; int32_t failed_auth = 0; extern char *HYDRA_EXIT; -char *buf; +static char *buf; /* * Encrypt CHALLENGESIZE bytes in memory using a password. diff --git a/hydra.c b/hydra.c index 5ffecbe..7f37f11 100644 --- a/hydra.c +++ b/hydra.c @@ -2220,6 +2220,10 @@ int main(int argc, char *argv[]) { SERVICES = hydra_string_replace(SERVICES, "radmin2 ", ""); strcat(unsupported, "radmin2 "); #endif +#ifndef LIBFREERDP + SERVICES = hydra_string_replace(SERVICES, "rdp ", ""); + strcat(unsupported, "rdp "); +#endif #ifndef LIBSAPR3 SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); strcat(unsupported, "sapr3 "); @@ -2267,11 +2271,6 @@ int main(int argc, char *argv[]) { strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif -#ifndef LIBFREERDP - // for rdp - SERVICES = hydra_string_replace(SERVICES, " rdp", ""); -#endif - #ifndef HAVE_MATH_H if (strlen(unsupported) > 0) strcat(unsupported, "and "); @@ -3940,9 +3939,10 @@ int main(int argc, char *argv[]) { } freeaddrinfo(res); } - // restore device information if present + // restore device information if present (overwrite null bytes) if (device != NULL) { - *(device - 1) = '%'; + char *tmpptr = device - 1; + *tmpptr = '%'; // you can ignore the compiler warning fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 " "link local addresses, e.g. SSH does not\n"); } From 89fbd9a44d552f9f65c79e312d0157834cdd5492 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 14 Oct 2021 10:14:42 +0200 Subject: [PATCH 202/332] debug --- hydra-rdp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-rdp.c b/hydra-rdp.c index 6a000a4..d8eec87 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -54,6 +54,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, } login_result = rdp_connect(server, port, domain, login, pass); + if (debug) hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result); switch (login_result) { case 0: // login success From 3e364483d2dfd498b4fce4e2f2e5e2a23bcb6b75 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 20 Oct 2021 16:29:52 +0200 Subject: [PATCH 203/332] support xcode --- CHANGES | 3 ++- Makefile.am | 2 +- configure | 9 +++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 398cd19..5f0f8ba 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,8 @@ Changelog for hydra ------------------- Release 9.3-dev -* New module: cobaltstrike by ultimaiiii, thank you! +* support Xcode compilation +* new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range * for vnc/cisco/... protocols that only check for a password, skip host after the password is found diff --git a/Makefile.am b/Makefile.am index 10cad3a..74288cf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition +OPTS=-I. -O3 $(CFLAGS) -fcommon # -Wall -g -pedantic LIBS=-lm DESTDIR ?= diff --git a/configure b/configure index 139c9bf..8ad8af2 100755 --- a/configure +++ b/configure @@ -1362,6 +1362,10 @@ echo '#include ' >> $TMPC.c echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c $CC -o $TMPC $TMPC.c > /dev/null 2>&1 test -x $TMPC && STRRCHR="" +rm -f $TMPC +$CC -o $TMPC -Wl,--allow-multiple-definition $TMPC.c > /dev/null 2>&1 +WALLOW="no" +test -x $TMPC && WALLOW="yes" rm -f $TMPC $TMPC.c echo " ... strrchr()$STRRCHR found" if [ -n "$CRYPTO_PATH" ]; then @@ -1392,6 +1396,11 @@ rm -f $TMPC $TMPC.c $TMPC.c.err echo " Compiling... $GCCSEC" echo " Linking... $LDSEC" +echo "Checking for --allow-multiple-definition linker option ... $WALLOW" +if [ "$WALLOW" = "yes" ]; then + GCCSECOPT="$GCCSECOPT -Wl,--allow-multiple-definition" +fi + echo XDEFINES="" XLIBS="" From 13db28f9d26af1027cf42beeb41b61ae3df6ed58 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 27 Oct 2021 17:19:13 +0200 Subject: [PATCH 204/332] rdp empty pw fix --- CHANGES | 1 + hydra-rdp.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 5f0f8ba..f3aadbe 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,7 @@ Release 9.3-dev * support Xcode compilation * new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range +* fix for rdp to detect empty passwords * for vnc/cisco/... protocols that only check for a password, skip host after the password is found * added "make uninstall" diff --git a/hydra-rdp.c b/hydra-rdp.c index d8eec87..6e9c8db 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -22,7 +22,10 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->Username = login; instance->settings->Password = password; instance->settings->IgnoreCertificate = TRUE; - instance->settings->AuthenticationOnly = TRUE; + if (password[0] == 0) + instance->settings->AuthenticationOnly = FALSE; + else + instance->settings->AuthenticationOnly = TRUE; instance->settings->ServerHostname = server; instance->settings->ServerPort = port; instance->settings->Domain = domain; From 9b055287c07719861c8053ca3e1218ab2303f529 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 1 Nov 2021 14:13:51 +0100 Subject: [PATCH 205/332] fix -M ipv6 --- CHANGES | 1 + hydra.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index f3aadbe..1f5d497 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,7 @@ Release 9.3-dev * fix for rdp to detect empty passwords * for vnc/cisco/... protocols that only check for a password, skip host after the password is found +* fixe to support IPv6 addresses in -M * added "make uninstall" diff --git a/hydra.c b/hydra.c index 7f37f11..abc6286 100644 --- a/hydra.c +++ b/hydra.c @@ -3586,7 +3586,7 @@ int main(int argc, char *argv[]) { } } else hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = strchr(hydra_targets[i]->target, ':')) != NULL) { + if ((tmpptr2 = strchr(tmpptr, ':')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; hydra_targets[i]->port = atoi(tmpptr2); From f20ca77309fa57c47d80e4a28cd8f015c6212fad Mon Sep 17 00:00:00 2001 From: Kai Date: Fri, 5 Nov 2021 17:47:21 +0100 Subject: [PATCH 206/332] README: HTTP => HTTPS --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 322da43..2ce34ad 100644 --- a/README +++ b/README @@ -74,7 +74,7 @@ make install ``` If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need +system, get it from https://www.libssh.org, for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! From 52ce0772e85f2f305a0a2307038f5f148090d685 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Mon, 22 Nov 2021 13:55:36 -0500 Subject: [PATCH 207/332] hydra-gtk: update to gtk3 gtk3 is more modern and successor to the old gtk2 --- hydra-gtk/configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-gtk/configure.in b/hydra-gtk/configure.in index e4fb923..5bf4e78 100755 --- a/hydra-gtk/configure.in +++ b/hydra-gtk/configure.in @@ -10,7 +10,7 @@ AC_PROG_CC AM_PROG_CC_STDC AC_HEADER_STDC -pkg_modules="gtk+-2.0 >= 2.0.0" +pkg_modules="gtk+-3.0 >= 3.24.24" PKG_CHECK_MODULES(PACKAGE, [$pkg_modules]) AC_SUBST(PACKAGE_CFLAGS) AC_SUBST(PACKAGE_LIBS) From 4a1bb5117f9bd1f1310f995f6a2c870e971f6878 Mon Sep 17 00:00:00 2001 From: Toranova Date: Fri, 31 Dec 2021 11:43:19 +0800 Subject: [PATCH 208/332] fix mongodb module not using user specified port --- hydra-mongodb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-mongodb.c b/hydra-mongodb.c index 5b38a42..201c3ff 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -72,7 +72,7 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, mongoc_log_set_handler(NULL, NULL); bson_init(&q); - snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s", login, pass, hydra_address2string(ip), miscptr); + snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr); client = mongoc_client_new(uri); if (!client) return 3; From c637d1d7a04d9f6068b332bf5e9c9ffbc9b967e4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 1 Jan 2022 00:50:58 +0100 Subject: [PATCH 209/332] welcome 2022 --- Makefile.am | 2 +- README | 2 +- hydra.1 | 2 +- hydra.c | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 74288cf..adfbf64 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # -# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC +# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC # WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align diff --git a/README b/README index 2ce34ad..2b59866 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2021 by van Hauser / THC + (c) 2001-2022 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal diff --git a/hydra.1 b/hydra.1 index 039d55f..81b2feb 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,4 +1,4 @@ -.TH "HYDRA" "1" "01/01/2021" +.TH "HYDRA" "1" "01/01/2022" .SH NAME hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS diff --git a/hydra.c b/hydra.c index abc6286..9450847 100644 --- a/hydra.c +++ b/hydra.c @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2021 by van Hauser / THC + * hydra (c) 2001-2022 by van Hauser / THC * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. @@ -2181,7 +2181,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2021 by %s & %s - Please do not use in military or secret " + printf("%s %s (c) 2022 by %s & %s - Please do not use in military or secret " "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP From c61fe26d167f6c0d8fd1c20380a5eb0ec53c7ef5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 11 Jan 2022 10:19:04 +0100 Subject: [PATCH 210/332] fix http with proxy + port usage --- hydra-http.c | 24 ++++++++++++------------ hydra-rdp.c | 1 + 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/hydra-http.c b/hydra-http.c index a0769b9..c76b937 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -52,17 +52,17 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha /* again: no snprintf to be portable. don't worry, buffer can't overflow */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " "close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic " "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header); + type, webtarget, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " "(Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buffer2, header); + type, webtarget, miscptr, webtarget, buffer2, header); else sprintf(buffer, "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: " @@ -110,16 +110,16 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha // send the first.. if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " "(Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); + type, webtarget, miscptr, webtarget, buf1, header); else sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " @@ -174,16 +174,16 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha // create the auth response if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " "(Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); + type, webtarget, miscptr, webtarget, buf1, header); else sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " diff --git a/hydra-rdp.c b/hydra-rdp.c index 6e9c8db..20f665c 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -29,6 +29,7 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->ServerHostname = server; instance->settings->ServerPort = port; instance->settings->Domain = domain; + instance->settings->MaxTimeInCheckLoop = 100; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); return err; From e11e00740020fb0728d6314b8ad036af0b92f8ec Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 11 Jan 2022 13:50:47 +0100 Subject: [PATCH 211/332] make strip optional --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index adfbf64..8cd56d1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -67,7 +67,7 @@ pw-inspector: pw-inspector.c $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) strip: all - strip $(BINS) + -strip $(BINS) -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null install: strip From 02ae72c7e72505144f640db51bb0c4911008ca68 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 12 Jan 2022 10:14:57 +0100 Subject: [PATCH 212/332] dont exit after find with -C --- CHANGES | 4 +++- hydra.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 1f5d497..208b12f 100644 --- a/CHANGES +++ b/CHANGES @@ -6,9 +6,11 @@ Release 9.3-dev * new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range * fix for rdp to detect empty passwords +* fix for http on non-default ports when using with a proxy * for vnc/cisco/... protocols that only check for a password, skip host after the password is found -* fixe to support IPv6 addresses in -M +* fix to support IPv6 addresses in -M +* fix to test all entries in -C files, not exiting after the first found * added "make uninstall" diff --git a/hydra.c b/hydra.c index 9450847..c154424 100644 --- a/hydra.c +++ b/hydra.c @@ -3316,7 +3316,8 @@ int main(int argc, char *argv[]) { hydra_options.port = port; } - if (hydra_options.login == NULL && hydra_options.loginfile == NULL) + if (hydra_options.login == NULL && hydra_options.loginfile == NULL && + hydra_options.colonfile == NULL) hydra_options.exit_found = 1; if (hydra_options.ssl == 0 && hydra_options.port == 443) From 5a451ba54192cb029600a83afaf0fc3a1730dd50 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 12 Jan 2022 10:27:58 +0100 Subject: [PATCH 213/332] http-form: no empty headers --- CHANGES | 1 + hydra-http-form.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 208b12f..48374f9 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,7 @@ Release 9.3-dev * new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range * fix for rdp to detect empty passwords +* fix for http-form to no send empty headers * fix for http on non-default ports when using with a proxy * for vnc/cisco/... protocols that only check for a password, skip host after the password is found diff --git a/hydra-http-form.c b/hydra-http-form.c index f675beb..224bf8d 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -258,6 +258,9 @@ int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char ty ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; + if (!header || !value || !strlen(header) || !strlen(value)) + return; + // get to the last header for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next) ; From 1edef892f63f4c2ea3e4c42a68f7b407133ca0ba Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 19 Jan 2022 13:00:57 +0100 Subject: [PATCH 214/332] fix disappearing targets --- CHANGES | 1 + hydra.c | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 48374f9..39940ae 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,7 @@ Release 9.3-dev after the password is found * fix to support IPv6 addresses in -M * fix to test all entries in -C files, not exiting after the first found +* attempt to make disappearing targets faster to terminate on * added "make uninstall" diff --git a/hydra.c b/hydra.c index c154424..f7d31c3 100644 --- a/hydra.c +++ b/hydra.c @@ -1487,7 +1487,7 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { hydra_heads[head_no]->current_pass_ptr = empty_login; } if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { - if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use <= hydra_targets[target_no]->failed) { if (hydra_targets[target_no]->ok == 1) hydra_targets[target_no]->done = TARGET_ERROR; // mark target as done by errors else @@ -1497,12 +1497,15 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { "[ERROR] Too many connect errors to target, disabling " "%s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + } else { + hydra_targets[target_no]->failed++; } - if (hydra_brains.targets > hydra_brains.finished) + if (hydra_brains.targets <= hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else hydra_kill_head(head_no, 1, 2); - } // we keep the last one alive as long as it make sense + } + // we keep the last one alive as long as it make sense } else { // we need to put this in a list, otherwise we fail one login+pw test if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { @@ -1517,12 +1520,14 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } +/* hydra_targets[target_no]->fail_count--; if (k < 5 && hydra_targets[target_no]->ok) hydra_targets[target_no]->fail_count--; if (k == 2 && hydra_targets[target_no]->ok) hydra_targets[target_no]->fail_count--; - if (hydra_brains.targets > hydra_brains.finished) +*/ + if (hydra_brains.targets <= hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else { hydra_kill_head(head_no, 1, 2); From 6d5fa802a246be1afcd5a34f43cb5f9b42211705 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 23 Jan 2022 16:33:22 +0100 Subject: [PATCH 215/332] citation --- CITATION.cff | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 CITATION.cff diff --git a/CITATION.cff b/CITATION.cff new file mode 100644 index 0000000..3ed8ae2 --- /dev/null +++ b/CITATION.cff @@ -0,0 +1,20 @@ +cff-version: 1.2.0 +message: "If you use this software, please cite it as below." +authors: + - given-names: Heuse + family-names: Marc + name-particle: van Hauser + email: vh@thc.org + affiliation: The Hacker's Choice +title: "hydra" +version: 9.2 +type: software +date-released: 2021-03-15 +url: "https://github.com/vanhauser-thc/thc-hydra" +keywords: + - scanning + - passwords + - hacking + - pentesting + - securiy +license: AGPL-3.0-or-later From e9140e5434f29bb08a710ba1ff02ac94b982844c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 23 Jan 2022 19:33:28 +0100 Subject: [PATCH 216/332] fix --- CITATION.cff | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CITATION.cff b/CITATION.cff index 3ed8ae2..3b450d3 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -1,9 +1,9 @@ cff-version: 1.2.0 message: "If you use this software, please cite it as below." authors: - - given-names: Heuse - family-names: Marc - name-particle: van Hauser + - given-names: Marc + family-names: Heuse + name-particle: "van Hauser" email: vh@thc.org affiliation: The Hacker's Choice title: "hydra" From e40b0dc252b36a1cdd240b169672fcfb6a2686b8 Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Mon, 31 Jan 2022 14:41:32 -0700 Subject: [PATCH 217/332] configure: openssl / memcached build fix On Debian/Ubuntu, compilation against openssl 3.0 causes a failure to find INT_MAX, despite the openssl headers including limits.h. However, the fact that the libmemcached-dev package provides both /usr/include/libmemcached{,-1.0} directories, both of which contain memcached.h, mean that MCACHED_IPATH ends up set to the libmemcached-1.0 one, which contains a limits.h, which shadows /usr/include/limits.h. Don't do that. --- configure | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configure b/configure index 8ad8af2..1cde2f1 100755 --- a/configure +++ b/configure @@ -998,11 +998,9 @@ echo "Checking for Memcached (libmemcached/memcached.h) ..." if [ "X" = "X$MCACHED_IPATH" ]; then if [ -f "$i/memcached.h" ]; then MCACHED_IPATH="$i" - fi - if [ -f "$i/libmemcached/memcached.h" ]; then + elif [ -f "$i/libmemcached/memcached.h" ]; then MCACHED_IPATH="$i/libmemcached" - fi - if [ -f "$i/libmemcached-1.0/memcached.h" ]; then + elif [ -f "$i/libmemcached-1.0/memcached.h" ]; then MCACHED_IPATH="$i/libmemcached-1.0" fi fi From 9cf065f06e6eccf9429c0224c3fe3ce34a87aae4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 3 Feb 2022 10:32:20 +0100 Subject: [PATCH 218/332] error exit, restore write fix --- hydra.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra.c b/hydra.c index f7d31c3..c31cc60 100644 --- a/hydra.c +++ b/hydra.c @@ -4390,6 +4390,7 @@ int main(int argc, char *argv[]) { strncat(json_error, tmp_str, STRMAX); strncat(json_error, "\"", STRMAX); error = 1; + hydra_restore_write(1); } // yeah we did it printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); From 58b8ede906f1923e872f4fecd4723078bf0ef38a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 3 Feb 2022 10:34:26 +0100 Subject: [PATCH 219/332] 9.3 release --- CHANGES | 4 ++-- hydra.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 39940ae..32b0db1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,7 @@ Changelog for hydra ------------------- -Release 9.3-dev +Release 9.3 * support Xcode compilation * new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range @@ -12,7 +12,7 @@ Release 9.3-dev after the password is found * fix to support IPv6 addresses in -M * fix to test all entries in -C files, not exiting after the first found -* attempt to make disappearing targets faster to terminate on +* make disappearing targets faster to terminate on * added "make uninstall" diff --git a/hydra.c b/hydra.c index c31cc60..b0e5cab 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.3-dev" +#define VERSION "v9.3" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 9ac9f7010ec430c3c853d2a42915d07bea7b2104 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 3 Feb 2022 10:36:43 +0100 Subject: [PATCH 220/332] v9.4-dev init --- CHANGES | 4 ++++ hydra.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 32b0db1..796f664 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ Changelog for hydra ------------------- +Release 9.4-dev + * your patch? + + Release 9.3 * support Xcode compilation * new module: cobaltstrike by ultimaiiii, thank you! diff --git a/hydra.c b/hydra.c index b0e5cab..ed528f4 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.3" +#define VERSION "v9.4-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From e5996654ed48b385bc7f842d84d8b2ba72d29be1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 6 Feb 2022 11:59:08 +0100 Subject: [PATCH 221/332] fix return --- hydra-http-form.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 224bf8d..2fc6d60 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -259,7 +259,7 @@ int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char ty ptr_header_node existing_hdr, new_ptr; if (!header || !value || !strlen(header) || !strlen(value)) - return; + return 0; // get to the last header for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next) From 280988bfe6bfb8fb3de5a4c3b3794654da960c46 Mon Sep 17 00:00:00 2001 From: Yisus7u7 Date: Fri, 11 Feb 2022 11:23:24 -0500 Subject: [PATCH 222/332] hydra-gtk: add support for termux path --- hydra-gtk/src/main.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hydra-gtk/src/main.c b/hydra-gtk/src/main.c index 72d6dd7..b713e6f 100644 --- a/hydra-gtk/src/main.c +++ b/hydra-gtk/src/main.c @@ -17,6 +17,8 @@ char *hydra_path1 = "./hydra"; char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra"; +char *hydra_path4 = "/data/data/com.termux/files/usr/bin/hydra"; +char *hydra_path5 = "/data/data/com.termux/files/usr/local/bin/hydra"; GtkWidget *wndMain; char *HYDRA_BIN; @@ -53,6 +55,10 @@ int main(int argc, char *argv[]) { HYDRA_BIN = hydra_path2; } else if (g_file_test(hydra_path3, G_FILE_TEST_IS_EXECUTABLE)) { HYDRA_BIN = hydra_path3; + } else if (g_file_test(hydra_path4, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path4; + } else if (g_file_test(hydra_path5, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path5; } else { g_error("Please tell me where hydra is, use --hydra-path\n"); return -1; From 330e910a02dbd9aa165c077796ae1cff10f0ff99 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 21 Feb 2022 14:18:29 +0100 Subject: [PATCH 223/332] try redo fix --- hydra.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra.c b/hydra.c index ed528f4..6afdf48 100644 --- a/hydra.c +++ b/hydra.c @@ -1597,7 +1597,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { snp_is_redo = 0; snpdont = 0; loop_cnt++; - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + if (hydra_heads[head_no]->redo == 1 && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { hydra_heads[head_no]->redo = 0; snp_is_redo = 1; snpdone = 1; @@ -1629,7 +1629,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return -1; } - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + if (hydra_heads[head_no]->redo == 1 && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { hydra_heads[head_no]->redo = 0; snp_is_redo = 1; snpdone = 1; @@ -1638,7 +1638,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - " "%" hPRIu64 " of %" hPRIu64 "\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); - hydra_heads[head_no]->redo = 0; + //hydra_heads[head_no]->redo = 0; if (hydra_targets[target_no]->redo_state > 0) { if (hydra_targets[target_no]->redo_state <= hydra_targets[target_no]->redo) { hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; From c82e5d51c5595374e6b7801bfc84c26a497d8989 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Mar 2022 14:56:05 +0100 Subject: [PATCH 224/332] switch to pcre2 --- CHANGES | 2 +- configure | 18 +++++++++--------- hydra-mod.c | 21 +++++++++++++-------- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/CHANGES b/CHANGES index 796f664..869fb68 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ Changelog for hydra ------------------- Release 9.4-dev - * your patch? +* Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian Release 9.3 diff --git a/configure b/configure index 1cde2f1..d9c8b02 100755 --- a/configure +++ b/configure @@ -380,21 +380,21 @@ if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then CURSES_IPATH="" fi -echo "Checking for pcre (libpcre/pcre.h) ..." +echo "Checking for pcre2 (libpcre/pcre.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$PCRE_PATH" ]; then - if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then + if [ -f "$i/libpcre2-8.so" -o -f "$i/libpcre2-8.dylib" -o -f "$i/libpcre2-8.a" ]; then PCRE_PATH="$i" fi fi if [ "X" = "X$PCRE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libpcre.so* 2> /dev/null | grep libpcre.` + TMP_LIB=`/bin/ls $i/libpcre2*.so* 2> /dev/null | grep libpcre.` if [ -n "$TMP_LIB" ]; then PCRE_PATH="$i" fi fi if [ "X" = "X$PCRE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libpcre.dll* 2> /dev/null | grep libpcre.` + TMP_LIB=`/bin/ls $i/libpcre2*.dll* 2> /dev/null | grep libpcre.` if [ -n "$TMP_LIB" ]; then PCRE_PATH="$i" fi @@ -402,20 +402,20 @@ for i in $LIBDIRS ; do done for i in $INCDIRS ; do if [ "X" != "X$PCRE_PATH" ]; then - if [ -f "$i/pcre.h" ]; then + if [ -f "$i/pcre2.h" ]; then PCRE_IPATH="$i" fi fi done if [ "X" != "X$DEBUG" ]; then echo DEBUG: PCRE_PATH=$PCRE_PATH/libpcre - echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre.h + echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre2.h fi if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then - echo " ... NOT found, server response checks will be less reliable" + echo " ... NOT found, server response checks will be less reliable" PCRE_PATH="" PCRE_IPATH="" fi @@ -1649,7 +1649,7 @@ if [ -n "$IDN_PATH" ]; then XLIBS="$XLIBS -lidn" fi if [ -n "$PCRE_PATH" ]; then - XLIBS="$XLIBS -lpcre" + XLIBS="$XLIBS -lpcre2-8" fi if [ -n "$MYSQL_PATH" ]; then XLIBS="$XLIBS -lmysqlclient" diff --git a/hydra-mod.c b/hydra-mod.c index 4d34b2a..a24889b 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -7,7 +7,8 @@ #include #endif #ifdef HAVE_PCRE -#include +#define PCRE2_CODE_UNIT_WIDTH 8 +#include #endif #define MAX_CONNECT_RETRY 1 @@ -1291,19 +1292,23 @@ void hydra_set_srcport(int32_t port) { src_port = port; } #ifdef HAVE_PCRE int32_t hydra_string_match(char *str, const char *regex) { - pcre *re = NULL; - int32_t offset_error = 0; - const char *error = NULL; + pcre2_code *re = NULL; + int32_t error_code = 0; + PCRE2_SIZE error_offset; int32_t rc = 0; - re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL); + re = pcre2_compile(regex, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS | PCRE2_DOTALL, &error_code, &error_offset, NULL); if (re == NULL) { - fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %s\n", offset_error, error); + fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %d\n", error_offset, error_code); return 0; } - rc = pcre_exec(re, NULL, str, strlen(str), 0, 0, NULL, 0); - if (rc >= 0) { + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(re, NULL); + rc = pcre2_match(re, str, PCRE2_ZERO_TERMINATED, 0, 0, match_data, NULL); + pcre2_match_data_free(match_data); + pcre2_code_free(re); + + if (rc >= 1) { return 1; } return 0; From 59b96af73454d659621b5344a64944bcb90a7ff1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Mar 2022 11:25:14 +0100 Subject: [PATCH 225/332] rtsp fix --- CHANGES | 1 + Makefile | 108 +++++++++++++++++++++++++++++++++++++++++++++++++-- hydra-rtsp.c | 55 ++++++++++++-------------- 3 files changed, 131 insertions(+), 33 deletions(-) diff --git a/CHANGES b/CHANGES index 869fb68..1e229ab 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ Changelog for hydra Release 9.4-dev * Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian +* Small fix for weird RTSP servers Release 9.3 diff --git a/Makefile b/Makefile index 0fc0d2e..a8c13f5 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,110 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DLIBMCACHED -DLIBFREERDP -DLIBWINPR2 -DHAVE_MATH_H -DHAVE_SYS_PARAM_H +XLIBS= -lz -lcurses -lssl -lfbclient -lidn -lpcre2-8 -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -lfreerdp2 -lwinpr2 +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu +XIPATHS= -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached -I/usr/include/freerdp2 -I/usr/include/winpr2 +PREFIX=/usr/local +XHYDRA_SUPPORT=xhydra +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -Wl,--allow-multiple-definition + +# +# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC +# +WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations +WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align +CFLAGS ?= -g +OPTS=-I. -O3 $(CFLAGS) -fcommon +# -Wall -g -pedantic +LIBS=-lm +DESTDIR ?= +BINDIR = /bin +MANDIR = /man/man1/ +DATADIR = /etc +PIXDIR = /share/pixmaps +APPDIR = /share/applications + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + -strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) + -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ + -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) + -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - @echo Error: you must run "./configure" first + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv + -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 + -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png + -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 1bc6f4d..436a0be 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -104,42 +104,37 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } else { create_core_packet(1, ip, port); - if (use_Basic_Auth(lresp) == 1) { + if (use_Digest_Auth(lresp) == 1) { + char aux[500] = "", dbuf[500] = "", *result = NULL; + char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); + + strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); + aux[sizeof(aux) - 1] = '\0'; + free(lresp); +#ifdef LIBOPENSSL + result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); +#else + hydra_report(stderr, "[ERROR] Digest auth required but compiled " + "without OpenSSL/MD5 support\n"); + return 3; +#endif + if (result == NULL) { + hydra_report(stderr, "[ERROR] digest generation failed\n"); + return 3; + } + sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + } else if (use_Basic_Auth(lresp) == 1) { free(lresp); sprintf(buffer2, "%.249s:%.249s", login, pass); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2); - - if (debug) { + if (debug) hydra_report(stderr, "C:%s\n", buffer); - } } else { - if (use_Digest_Auth(lresp) == 1) { - char aux[500] = "", dbuf[500] = "", *result = NULL; - char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); - - strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); - aux[sizeof(aux) - 1] = '\0'; - free(lresp); -#ifdef LIBOPENSSL - result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); -#else - hydra_report(stderr, "[ERROR] Digest auth required but compiled " - "without OpenSSL/MD5 support\n"); - return 3; -#endif - - if (result == NULL) { - hydra_report(stderr, "[ERROR] digest generation failed\n"); - return 3; - } - sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf); - - if (debug) { - hydra_report(stderr, "C:%s\n", buffer); - } - } + hydra_report(stderr, "[ERROR] unknown authentication protocol\n"); + return 1; } if (strlen(buffer) == 0) { From 7dfedbb43aac31343f0eaad8d37d081ddcfac9eb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Mar 2022 11:25:22 +0100 Subject: [PATCH 226/332] rtsp fix --- Makefile | 108 ++----------------------------------------------------- 1 file changed, 3 insertions(+), 105 deletions(-) diff --git a/Makefile b/Makefile index a8c13f5..0fc0d2e 100644 --- a/Makefile +++ b/Makefile @@ -1,110 +1,8 @@ -STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DLIBMCACHED -DLIBFREERDP -DLIBWINPR2 -DHAVE_MATH_H -DHAVE_SYS_PARAM_H -XLIBS= -lz -lcurses -lssl -lfbclient -lidn -lpcre2-8 -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -lfreerdp2 -lwinpr2 -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu -XIPATHS= -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached -I/usr/include/freerdp2 -I/usr/include/winpr2 -PREFIX=/usr/local -XHYDRA_SUPPORT=xhydra -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -Wl,--allow-multiple-definition - -# -# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC -# -WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations -WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align -CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon -# -Wall -g -pedantic -LIBS=-lm -DESTDIR ?= -BINDIR = /bin -MANDIR = /man/man1/ -DATADIR = /etc -PIXDIR = /share/pixmaps -APPDIR = /share/applications - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ - hydra-smb2.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ - hydra-smb2.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - -strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) - -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ - -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) - -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv - -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 - -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png - -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop + @echo Error: you must run "./configure" first From 584be39d138befdbfa7cb8ecc3d9907fed1d1852 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 18 Mar 2022 10:48:52 +0100 Subject: [PATCH 227/332] debug --- hydra-rtsp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 436a0be..2652871 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -104,6 +104,8 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } else { create_core_packet(1, ip, port); + printf("[DEBUG] checking for auth type\n"); + if (use_Digest_Auth(lresp) == 1) { char aux[500] = "", dbuf[500] = "", *result = NULL; char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); From 354d9734afd9ca6b28df2c91664c376104c4e763 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 19 Mar 2022 13:47:42 +0100 Subject: [PATCH 228/332] rtsp support 200 ok for auth check --- hydra-rtsp.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 2652871..1d970e3 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -104,8 +104,6 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } else { create_core_packet(1, ip, port); - printf("[DEBUG] checking for auth type\n"); - if (use_Digest_Auth(lresp) == 1) { char aux[500] = "", dbuf[500] = "", *result = NULL; char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); @@ -156,7 +154,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 1; } - if ((is_NotFound(lresp))) { + if (is_NotFound(lresp) || is_Authorized(lresp)) { free(lresp); hydra_completed_pair_found(); From 64ca3aead24297952fe330e405c33d12ccaf12ff Mon Sep 17 00:00:00 2001 From: Raphael Isemann Date: Mon, 11 Apr 2022 16:57:49 +0200 Subject: [PATCH 229/332] Fix memory leak in radmin2 `msg` is calloc'd a few lines above via `msg = buffer2message(buffer);`. The check afterwards either exits the process on success or restarts the loop without free'ing `msg`. --- hydra-radmin2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-radmin2.c b/hydra-radmin2.c index 8c417d3..bc6b461 100644 --- a/hydra-radmin2.c +++ b/hydra-radmin2.c @@ -366,6 +366,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid()); hydra_child_exit(2); } + free(msg); } #endif } From d95a89c384ec73b015967ce1803e6afb57f0e43d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Apr 2022 13:21:45 +0200 Subject: [PATCH 230/332] no .md --- README | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README b/README index 2b59866..99c968b 100644 --- a/README +++ b/README @@ -14,6 +14,8 @@ in these organizations do not care for laws and ethics anyways. You are not one of the "good" ones if you ignore this.) + NOTE: no this is not meant to be a markdown doc! old school! + INTRODUCTION From a1cbbe14327da406237dc05ed8d775dc04ada15f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 26 Apr 2022 12:09:03 +0200 Subject: [PATCH 231/332] more variance for rtsp, code format --- hydra-rdp.c | 3 ++- hydra-rtsp.c | 11 ++++++----- hydra.c | 21 ++++++++++----------- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index 20f665c..b33c87d 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -58,7 +58,8 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, } login_result = rdp_connect(server, port, domain, login, pass); - if (debug) hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result); + if (debug) + hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result); switch (login_result) { case 0: // login success diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 1d970e3..3b6e84b 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -9,6 +9,7 @@ #include "hydra-mod.h" #include "sasl.h" #include +#define _GNU_SOURCE #include extern char *HYDRA_EXIT; @@ -16,7 +17,7 @@ char packet[500]; char packet2[500]; int32_t is_Unauthorized(char *s) { - if (strstr(s, "401 Unauthorized") != NULL) { + if (strcasestr(s, "401 Unauthorized") != NULL) { return 1; } else { return 0; @@ -24,7 +25,7 @@ int32_t is_Unauthorized(char *s) { } int32_t is_NotFound(char *s) { - if (strstr(s, "404 Stream Not Found") != NULL) { + if (strcasestr(s, "404 Stream") != NULL || strcasestr(s, "404 Not") != NULL) { return 1; } else { return 0; @@ -32,7 +33,7 @@ int32_t is_NotFound(char *s) { } int32_t is_Authorized(char *s) { - if (strstr(s, "200 OK") != NULL) { + if (strcasestr(s, "200 OK") != NULL) { return 1; } else { return 0; @@ -40,7 +41,7 @@ int32_t is_Authorized(char *s) { } int32_t use_Basic_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Basic") != NULL) { + if (strcasestr(s, "WWW-Authenticate: Basic") != NULL) { return 1; } else { return 0; @@ -48,7 +49,7 @@ int32_t use_Basic_Auth(char *s) { } int32_t use_Digest_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Digest") != NULL) { + if (strcasestr(s, "WWW-Authenticate: Digest") != NULL) { return 1; } else { return 0; diff --git a/hydra.c b/hydra.c index 6afdf48..a4267d4 100644 --- a/hydra.c +++ b/hydra.c @@ -1520,13 +1520,13 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } -/* - hydra_targets[target_no]->fail_count--; - if (k < 5 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; - if (k == 2 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; -*/ + /* + hydra_targets[target_no]->fail_count--; + if (k < 5 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (k == 2 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + */ if (hydra_brains.targets <= hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else { @@ -1638,7 +1638,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - " "%" hPRIu64 " of %" hPRIu64 "\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); - //hydra_heads[head_no]->redo = 0; + // hydra_heads[head_no]->redo = 0; if (hydra_targets[target_no]->redo_state > 0) { if (hydra_targets[target_no]->redo_state <= hydra_targets[target_no]->redo) { hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; @@ -3321,8 +3321,7 @@ int main(int argc, char *argv[]) { hydra_options.port = port; } - if (hydra_options.login == NULL && hydra_options.loginfile == NULL && - hydra_options.colonfile == NULL) + if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) hydra_options.exit_found = 1; if (hydra_options.ssl == 0 && hydra_options.port == 443) @@ -3948,7 +3947,7 @@ int main(int argc, char *argv[]) { // restore device information if present (overwrite null bytes) if (device != NULL) { char *tmpptr = device - 1; - *tmpptr = '%'; // you can ignore the compiler warning + *tmpptr = '%'; // you can ignore the compiler warning fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 " "link local addresses, e.g. SSH does not\n"); } From 7591dcc60bfddc9c7de855147d6f15dbeebb4d32 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 5 May 2022 09:33:49 +0200 Subject: [PATCH 232/332] add 2= optional parameter to http-post-form --- CHANGES | 2 ++ hydra-http-form.c | 22 +++++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 1e229ab..ab378a9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,8 @@ Changelog for hydra Release 9.4-dev * Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian * Small fix for weird RTSP servers +* Added "2=" optional parameter to http-post-form module to tell hydra that + a "302" HTTP return code means success Release 9.3 diff --git a/hydra-http-form.c b/hydra-http-form.c index 2fc6d60..3a32909 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -75,6 +75,7 @@ typedef struct cookie_node { int32_t success_cond = 0; int32_t getcookie = 1; int32_t auth_flag = 0; +int32_t code_302_is_success = 0; char cookie[4096] = "", cmiscptr[1024]; @@ -441,6 +442,9 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":")); miscptr = ptr; break; + case '2': + code_302_is_success = 1; + break; case 'g': // fall through case 'G': ptr = miscptr + 2; @@ -951,12 +955,16 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = analyze_server_response(s); + if (redirected_flag && code_302_is_success) { + found = success_cond; + } + if (auth_flag) { // we received a 401 error - user is using wrong module hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP " "error code 401. Use module \"http%s-get\" instead.\n", (options & OPTION_SSL) > 0 ? "s" : ""); - return 4; + return 2; } if (strlen(cookie) > 0) @@ -967,7 +975,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); - while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { // we have to split the location char *startloc, *endloc; char str[2048]; @@ -1108,7 +1116,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } // if the last status is still 3xx, set it as a false - if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { + if (found != -1 && found == success_cond && ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { @@ -1436,8 +1444,9 @@ void usage_http_form(const char *service) { " login check must be preceded by \"S=\".\n" " This is where most people get it wrong. You have to check the webapp " "what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" + " failed string looks like and put it in this parameter! Add the -d switch to see\nthe sent/received data!\n" + "\nThe following parameters are optional:\n" + " 2= 302 page forward return codes identify a successful attempt\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" " (g|G)= skip pre-requests - only use this when no pre-cookies are required\n" @@ -1451,8 +1460,7 @@ void usage_http_form(const char *service) { "exists, by the\n" " one supplied by the user, or add the header at the " "end\n" - "Note that if you are going to put colons (:) in your headers you should " - "escape them with a backslash (\\).\n" + "\nNote that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" " All colons that are not option separators should be escaped (see the " "examples above and below).\n" " You can specify a header without escaping the colons, but that way you " From 63e2836e91175d7c8bc0a775729975541d1d6fe2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 5 May 2022 12:45:47 +0200 Subject: [PATCH 233/332] fix option parsing --- hydra-http-form.c | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 3a32909..983b525 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -404,7 +404,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { * Beware of the backslashes (\)! */ while (*miscptr != 0) { - if (strlen(miscptr) < 3 || miscptr[1] != '=') { + if (strlen(miscptr) < 2 || miscptr[1] != '=') { hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr); return 0; } @@ -444,6 +444,11 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '2': code_302_is_success = 1; + char *tmp = strchr(miscptr, ':'); + if (tmp) + miscptr = tmp + 1; + else + miscptr += strlen(miscptr); break; case 'g': // fall through case 'G': @@ -1281,8 +1286,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr = ptr2 = NULL; sprintf(bufferurl, "%.6096s", miscptr); - url = bufferurl; - ptr = url; + ptr = url = bufferurl; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; @@ -1295,15 +1299,19 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { if (*ptr != 0) *ptr++ = 0; - cond = ptr; + optional1 = cond = ptr; - if ((ptr2 = strchr(ptr, ':')) != NULL) { + ptr2 = ptr + strlen(ptr); + + while (ptr2 > ptr && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2--; + + if (*ptr2 == ':') { *ptr2++ = 0; - if (*ptr2) - optional1 = ptr2; - else - optional1 = NULL; - } else + cond = ptr2; + } + + if (optional1 == cond) optional1 = NULL; if (strstr(url, "\\:") != NULL) { @@ -1325,9 +1333,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { } } - // printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: - // %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : - // optional1); + // printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : optional1); if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */) hydra_child_exit(2); @@ -1351,8 +1357,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 0; } - // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s - // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. From b9a985fb566277b5cd39e56a559554be411dac73 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 11 May 2022 11:27:39 +0200 Subject: [PATCH 234/332] fix wizard script --- hydra-wizard.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra-wizard.sh b/hydra-wizard.sh index 1370661..d4e3c3f 100755 --- a/hydra-wizard.sh +++ b/hydra-wizard.sh @@ -33,10 +33,10 @@ test -e "$pass" && passs="-P $pass" test -e "$pass" || passs="-p $pass" test -n "$port" && ports="-s $port" test -n "$pw" && pws="-e $pw" -test -n "$opt" && opts="-m '$opt'" +test -n "$opt" && { opts="-m $opt" ; dopts="-m '$opt'" ; } echo The following command will be executed now: -echo " hydra $users $passs -u $pws $ports $opts $targets $service" +echo " hydra $users $passs -u $pws $ports $dopts $targets $service" echo read -p "Do you want to run the command now? [Y/n] " yn test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; } From 2dc4656d720a4dcbe819688584088b30a9afac0e Mon Sep 17 00:00:00 2001 From: Paramtamtam <7326800+tarampampam@users.noreply.github.com> Date: Mon, 13 Jun 2022 18:07:55 +0400 Subject: [PATCH 235/332] Docker env implemented --- .github/workflows/release.yml | 45 ++++++++++++++++++++++ .github/workflows/tests.yml | 33 ++++++++++++++++ Dockerfile | 72 +++++++++++++++++++++++++++++++++++ 3 files changed, 150 insertions(+) create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/tests.yml create mode 100644 Dockerfile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..b595cea --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,45 @@ +name: release + +on: + release: # Docs: + types: [published] + +jobs: + docker-image: + name: Build the docker image + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + + - uses: docker/setup-qemu-action@v2 + + - uses: docker/setup-buildx-action@v2 + + # uncomment for publishing on hub.docker.com (don't forget to fillup the repository secrets) + #- uses: docker/login-action@v2 + # with: + # username: ${{ secrets.DOCKER_LOGIN }} + # password: ${{ secrets.DOCKER_PASSWORD }} + + - uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: gacts/github-slug@v1 # Action page: + id: slug + + - uses: docker/build-push-action@v3 # Action page: + with: + context: . + file: Dockerfile + push: true + platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 + build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" + tags: | + ghcr.io/${{ github.actor }}/hydra:${{ steps.slug.outputs.version-semantic }} + # append the following line to the list above for publishing on hub.docker.com + # (and don't forget to change on a real repo/user name) + # vanhauser-thc/thc-hydra:${{ steps.slug.outputs.version-semantic }} + diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..84e173a --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,33 @@ +name: tests + +on: + push: + branches: [master, main] + tags-ignore: ['**'] + paths-ignore: [README, TODO, PROBLEMS] + pull_request: + paths-ignore: [README, TODO, PROBLEMS] + +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + +jobs: # Docs: + docker-build: + name: Build the docker image + runs-on: ubuntu-20.04 + timeout-minutes: 25 + steps: + - uses: actions/checkout@v3 + + - uses: docker/setup-qemu-action@v2 + + - uses: docker/setup-buildx-action@v2 + + - uses: docker/build-push-action@v3 # Action page: + with: + context: . + file: Dockerfile + platforms: linux/amd64,linux/arm/v7 + push: false + tags: hydra:ci diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4312a10 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,72 @@ +FROM debian:buster-slim + +ARG HYDRA_VERSION="unknown" + +LABEL \ + org.opencontainers.image.url="https://github.com/vanhauser-thc/thc-hydra" \ + org.opencontainers.image.source="https://github.com/vanhauser-thc/thc-hydra" \ + org.opencontainers.image.version="$HYDRA_VERSION" \ + org.opencontainers.image.vendor="vanhauser-thc" \ + org.opencontainers.image.title="hydra" \ + org.opencontainers.image.licenses="GNU AFFERO GENERAL PUBLIC LICENSE" + +COPY . /src + +RUN set -x \ + && apt-get update \ + && apt-get -y install \ + #libmysqlclient-dev \ + default-libmysqlclient-dev \ + libgpg-error-dev \ + #libmemcached-dev \ + #libgcrypt11-dev \ + libgcrypt-dev \ + #libgcrypt20-dev \ + #libgtk2.0-dev \ + libpcre3-dev \ + #firebird-dev \ + libidn11-dev \ + libssh-dev \ + #libsvn-dev \ + libssl-dev \ + #libpq-dev \ + make \ + curl \ + gcc \ + 1>/dev/null \ + # The next line fixes the curl "SSL certificate problem: unable to get local issuer certificate" for linux/arm + && c_rehash \ + # Get hydra sources and compile + && cd /src \ + && ./configure 1>/dev/null \ + && make 1>/dev/null \ + && make install \ + # Make clean + && apt-get purge -y make gcc libgpg-error-dev libgcrypt-dev \ + && apt-get autoremove -y \ + && rm -rf /var/lib/apt/lists/* \ + # Verify hydra installation + && hydra -h || error_code=$? \ + && if [ ! "${error_code}" -eq 255 ]; then echo "Wrong exit code for 'hydra help' command"; exit 1; fi \ + # Unprivileged user creation + && echo 'hydra:x:10001:10001::/tmp:/sbin/nologin' > /etc/passwd \ + && echo 'hydra:x:10001:' > /etc/group + +ARG INCLUDE_SECLISTS="true" + +RUN set -x \ + && if [ "${INCLUDE_SECLISTS}" = "true" ]; then \ + mkdir /tmp/seclists \ + && curl -SL "https://api.github.com/repos/danielmiessler/SecLists/tarball" -o /tmp/seclists/src.tar.gz \ + && tar xzf /tmp/seclists/src.tar.gz -C /tmp/seclists \ + && mv /tmp/seclists/*SecLists*/Passwords /opt/passwords \ + && mv /tmp/seclists/*SecLists*/Usernames /opt/usernames \ + && chmod -R u+r /opt/passwords /opt/usernames \ + && rm -Rf /tmp/seclists \ + && ls -la /opt/passwords /opt/usernames \ + ;fi + +# Use an unprivileged user +USER 10001:10001 + +ENTRYPOINT ["hydra"] From f90c4d24c6fa2baeacb11f4bc5838dc7c6e74dfd Mon Sep 17 00:00:00 2001 From: Paramtamtam <7326800+tarampampam@users.noreply.github.com> Date: Mon, 13 Jun 2022 19:40:11 +0500 Subject: [PATCH 236/332] Update release.yml --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b595cea..bfaee9d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,7 +38,7 @@ jobs: platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" tags: | - ghcr.io/${{ github.actor }}/hydra:${{ steps.slug.outputs.version-semantic }} + ghcr.io/${{ github.repository }}:${{ steps.slug.outputs.version-semantic }} # append the following line to the list above for publishing on hub.docker.com # (and don't forget to change on a real repo/user name) # vanhauser-thc/thc-hydra:${{ steps.slug.outputs.version-semantic }} From 26f97b54d56f84c6a2c5da3e226e2f5e5bec2cbf Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 13 Jun 2022 17:09:43 +0200 Subject: [PATCH 237/332] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4312a10..4496f50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM debian:buster-slim -ARG HYDRA_VERSION="unknown" +ARG HYDRA_VERSION="github" LABEL \ org.opencontainers.image.url="https://github.com/vanhauser-thc/thc-hydra" \ From 705a6c180dac7198aaf149aa7466a9d5123510eb Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 13 Jun 2022 17:13:37 +0200 Subject: [PATCH 238/332] Update release.yml --- .github/workflows/release.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bfaee9d..5bd629b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,8 +24,8 @@ jobs: - uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} - uses: gacts/github-slug@v1 # Action page: id: slug @@ -37,8 +37,7 @@ jobs: push: true platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" - tags: | - ghcr.io/${{ github.repository }}:${{ steps.slug.outputs.version-semantic }} + tags: vanhauser/hydra:latest # append the following line to the list above for publishing on hub.docker.com # (and don't forget to change on a real repo/user name) # vanhauser-thc/thc-hydra:${{ steps.slug.outputs.version-semantic }} From d5e525bcb0cd9f44a78c45c7ffd588637197d8a0 Mon Sep 17 00:00:00 2001 From: Paramtamtam <7326800+tarampampam@users.noreply.github.com> Date: Mon, 13 Jun 2022 20:20:58 +0500 Subject: [PATCH 239/332] cleanup --- .github/workflows/release.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5bd629b..7c9308d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,12 +15,6 @@ jobs: - uses: docker/setup-buildx-action@v2 - # uncomment for publishing on hub.docker.com (don't forget to fillup the repository secrets) - #- uses: docker/login-action@v2 - # with: - # username: ${{ secrets.DOCKER_LOGIN }} - # password: ${{ secrets.DOCKER_PASSWORD }} - - uses: docker/login-action@v2 with: registry: ghcr.io @@ -38,7 +32,4 @@ jobs: platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" tags: vanhauser/hydra:latest - # append the following line to the list above for publishing on hub.docker.com - # (and don't forget to change on a real repo/user name) - # vanhauser-thc/thc-hydra:${{ steps.slug.outputs.version-semantic }} From 63e3dce877e96432a738f93fbedf8586277a0703 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 13 Jun 2022 17:30:57 +0200 Subject: [PATCH 240/332] Update .github/workflows/release.yml Co-authored-by: Paramtamtam <7326800+tarampampam@users.noreply.github.com> --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7c9308d..6b13896 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,6 @@ jobs: - uses: docker/login-action@v2 with: - registry: ghcr.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} From 77037ecbb6acd64732edb00a2fbcdb8b272cec88 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 19:32:55 +0200 Subject: [PATCH 241/332] docker image --- .github/workflows/tests.yml | 4 ++-- README | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 84e173a..0baa450 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -16,7 +16,7 @@ jobs: # Docs: docker-build: name: Build the docker image runs-on: ubuntu-20.04 - timeout-minutes: 25 + timeout-minutes: 45 steps: - uses: actions/checkout@v3 @@ -29,5 +29,5 @@ jobs: # Docs: context: . file: Dockerfile platforms: linux/amd64,linux/arm/v7 - push: false + push: true tags: hydra:ci diff --git a/README b/README index 99c968b..e8c7b6a 100644 --- a/README +++ b/README @@ -17,6 +17,11 @@ NOTE: no this is not meant to be a markdown doc! old school! +Hydra in the most current github state can be directly downloaded via docker: +``` +docker pull vanhauser/hydra +``` + INTRODUCTION ------------ @@ -63,6 +68,10 @@ repository is at Github: Use the development version at your own risk. It contains new features and new bugs. Things might not work! +Alternatively (and easier) to can pull it as a docker container: +``` +docker pull vanhauser/hydra +``` HOW TO COMPILE From 72f5cfe67cec27d195ad414ddfeebd2158c4ea7a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 19:52:13 +0200 Subject: [PATCH 242/332] fix --- .github/workflows/release.yml | 14 +++++++++++--- .github/workflows/tests.yml | 33 --------------------------------- 2 files changed, 11 insertions(+), 36 deletions(-) delete mode 100644 .github/workflows/tests.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6b13896..bfe82ee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,16 @@ name: release on: - release: # Docs: - types: [published] + push: + branches: [master, main] + tags-ignore: ['**'] + paths-ignore: [README, TODO, PROBLEMS] + pull_request: + paths-ignore: [README, TODO, PROBLEMS] + +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true jobs: docker-image: @@ -28,7 +36,7 @@ jobs: context: . file: Dockerfile push: true - platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 + platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7,linux/arm64 build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" tags: vanhauser/hydra:latest diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml deleted file mode 100644 index 0baa450..0000000 --- a/.github/workflows/tests.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: tests - -on: - push: - branches: [master, main] - tags-ignore: ['**'] - paths-ignore: [README, TODO, PROBLEMS] - pull_request: - paths-ignore: [README, TODO, PROBLEMS] - -concurrency: - group: ${{ github.ref }} - cancel-in-progress: true - -jobs: # Docs: - docker-build: - name: Build the docker image - runs-on: ubuntu-20.04 - timeout-minutes: 45 - steps: - - uses: actions/checkout@v3 - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - - - uses: docker/build-push-action@v3 # Action page: - with: - context: . - file: Dockerfile - platforms: linux/amd64,linux/arm/v7 - push: true - tags: hydra:ci From b2fe51dc7f9fd1e727fb4eb6ee2cd8b5ec395fc4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 19:56:31 +0200 Subject: [PATCH 243/332] fix --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bfe82ee..569c68a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: - uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} + password: ${{ secrets.DOCKER_PASSWORD }} - uses: gacts/github-slug@v1 # Action page: id: slug From ea1e64fa5d993bda7c7ab6a7edfc793c94a6c150 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 20:06:32 +0200 Subject: [PATCH 244/332] fix --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 569c68a..19c1bb7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,3 +1,5 @@ +# build docker image + name: release on: From 03a490133e19fb29b79d84ac02ff1823b590fd6a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 20:15:35 +0200 Subject: [PATCH 245/332] fix --- .github/workflows/release.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 19c1bb7..569c68a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,3 @@ -# build docker image - name: release on: From 1835eac20a301dc39b11e969b625a35ad4765c3e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 20:35:28 +0200 Subject: [PATCH 246/332] fix --- .github/workflows/release.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 569c68a..e88bc6f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,10 +8,6 @@ on: pull_request: paths-ignore: [README, TODO, PROBLEMS] -concurrency: - group: ${{ github.ref }} - cancel-in-progress: true - jobs: docker-image: name: Build the docker image @@ -36,7 +32,7 @@ jobs: context: . file: Dockerfile push: true - platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7,linux/arm64 - build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" + platforms: linux/amd64 +# ,linux/arm64,linux/arm/v6,linux/arm/v7,linux/arm64 tags: vanhauser/hydra:latest From 770c5c436e367b22dc50cc5a1b7eaa1800d9be99 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 20:40:50 +0200 Subject: [PATCH 247/332] fix --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e88bc6f..e7e79e7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: context: . file: Dockerfile push: true - platforms: linux/amd64 -# ,linux/arm64,linux/arm/v6,linux/arm/v7,linux/arm64 + platforms: linux/amd64, linux/arm64 +# ,linux/arm/v6, linux/arm/v7 tags: vanhauser/hydra:latest From 615e566e79571001ff36800300ff9a33dba91c52 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Jul 2022 10:04:01 +0200 Subject: [PATCH 248/332] wait3 -> waitpid --- CHANGES | 1 + hydra.c | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index ab378a9..9727b33 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,7 @@ Release 9.4-dev * Small fix for weird RTSP servers * Added "2=" optional parameter to http-post-form module to tell hydra that a "302" HTTP return code means success +* replaced wait3 with waitpid for better compatability Release 9.3 diff --git a/hydra.c b/hydra.c index a4267d4..b464010 100644 --- a/hydra.c +++ b/hydra.c @@ -1026,7 +1026,7 @@ void killed_childs(int32_t signo) { int32_t pid, i; killed++; - pid = wait3(NULL, WNOHANG, NULL); + pid = waitpid(-1, NULL, WNOHANG); for (i = 0; i < hydra_options.max_use; i++) { if (pid == hydra_heads[i]->pid) { hydra_heads[i]->pid = -1; @@ -1447,7 +1447,7 @@ void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) { // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = // NULL; } - (void)wait3(NULL, WNOHANG, NULL); + (void)waitpid(-1, NULL, WNOHANG); } void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { @@ -4251,7 +4251,7 @@ int main(int argc, char *argv[]) { // hydra_brains.sent); usleepn(USLEEP_LOOP); - (void)wait3(NULL, WNOHANG, NULL); + (void)waitpid(-1, NULL, WNOHANG); // write restore file and report status if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { hydra_restore_write(0); @@ -4354,7 +4354,7 @@ int main(int argc, char *argv[]) { for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i]->active == HEAD_ACTIVE && hydra_heads[i]->pid > 0) hydra_kill_head(i, 1, 3); - (void)wait3(NULL, WNOHANG, NULL); + (void)waitpid(-1, NULL, WNOHANG); #define STRMAX (10 * 1024) char json_error[STRMAX + 2], tmp_str[STRMAX + 2]; From 0eb19744dfdc7e90db9a4615f740309afd26ae7d Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 18 Jul 2022 17:57:11 +0200 Subject: [PATCH 249/332] Create LICENSE.md --- LICENSE.md | 661 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 661 insertions(+) create mode 100644 LICENSE.md diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..0ad25db --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. From 697f408d417e5ba0f3c698900b183f1c6b321b61 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Jul 2022 17:59:18 +0200 Subject: [PATCH 250/332] license stuff --- LICENSE | 32 +- LICENSE.md | 661 ----------------------------- LICENSE.OPENSSL => LICENSE_OPENSSL | 0 3 files changed, 5 insertions(+), 688 deletions(-) delete mode 100644 LICENSE.md rename LICENSE.OPENSSL => LICENSE_OPENSSL (100%) diff --git a/LICENSE b/LICENSE index 052a76b..0ad25db 100644 --- a/LICENSE +++ b/LICENSE @@ -1,12 +1,7 @@ -[see the end of the file for the special exception for linking with OpenSSL - - debian people need this] - - - GNU AFFERO GENERAL PUBLIC LICENSE Version 3, 19 November 2007 - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -638,8 +633,8 @@ the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -648,7 +643,7 @@ the "copyright" line and a pointer to where the full notice is found. GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . + along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. @@ -663,21 +658,4 @@ specific requirements. You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see -. - - -Special Exception - - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the - * OpenSSL library under certain conditions as described in each - * individual source file, and distribute linked combinations - * including the two. - * You must obey the GNU Affero General Public License in all respects - * for all of the code used other than OpenSSL. If you modify - * file(s) with this exception, you may extend this exception to your - * version of the file(s), but you are not obligated to do so. If you - * do not wish to do so, delete this exception statement from your - * version. If you delete this exception statement from all source - * files in the program, then also delete it here. - +. diff --git a/LICENSE.md b/LICENSE.md deleted file mode 100644 index 0ad25db..0000000 --- a/LICENSE.md +++ /dev/null @@ -1,661 +0,0 @@ - GNU AFFERO GENERAL PUBLIC LICENSE - Version 3, 19 November 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU Affero General Public License is a free, copyleft license for -software and other kinds of works, specifically designed to ensure -cooperation with the community in the case of network server software. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -our General Public Licenses are intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - Developers that use our General Public Licenses protect your rights -with two steps: (1) assert copyright on the software, and (2) offer -you this License which gives you legal permission to copy, distribute -and/or modify the software. - - A secondary benefit of defending all users' freedom is that -improvements made in alternate versions of the program, if they -receive widespread use, become available for other developers to -incorporate. Many developers of free software are heartened and -encouraged by the resulting cooperation. However, in the case of -software used on network servers, this result may fail to come about. -The GNU General Public License permits making a modified version and -letting the public access it on a server without ever releasing its -source code to the public. - - The GNU Affero General Public License is designed specifically to -ensure that, in such cases, the modified source code becomes available -to the community. It requires the operator of a network server to -provide the source code of the modified version running there to the -users of that server. Therefore, public use of a modified version, on -a publicly accessible server, gives the public access to the source -code of the modified version. - - An older license, called the Affero General Public License and -published by Affero, was designed to accomplish similar goals. This is -a different license, not a version of the Affero GPL, but Affero has -released a new version of the Affero GPL which permits relicensing under -this license. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU Affero General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Remote Network Interaction; Use with the GNU General Public License. - - Notwithstanding any other provision of this License, if you modify the -Program, your modified version must prominently offer all users -interacting with it remotely through a computer network (if your version -supports such interaction) an opportunity to receive the Corresponding -Source of your version by providing access to the Corresponding Source -from a network server at no charge, through some standard or customary -means of facilitating copying of software. This Corresponding Source -shall include the Corresponding Source for any work covered by version 3 -of the GNU General Public License that is incorporated pursuant to the -following paragraph. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the work with which it is combined will remain governed by version -3 of the GNU General Public License. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU Affero General Public License from time to time. Such new versions -will be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU Affero General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU Affero General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU Affero General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If your software can interact with users remotely through a computer -network, you should also make sure that it provides a way for users to -get its source. For example, if your program is a web application, its -interface could display a "Source" link that leads users to an archive -of the code. There are many ways you could offer source, and different -solutions will be better for different programs; see section 13 for the -specific requirements. - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU AGPL, see -. diff --git a/LICENSE.OPENSSL b/LICENSE_OPENSSL similarity index 100% rename from LICENSE.OPENSSL rename to LICENSE_OPENSSL From 5cb9e50cc58a568a14542d682619834b5549f7ac Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 4 Aug 2022 09:20:06 +0200 Subject: [PATCH 251/332] fix for http-form redirect --- hydra-http-form.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 983b525..a864088 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -983,9 +983,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { // we have to split the location char *startloc, *endloc; - char str[2048]; - char str2[2048]; - char str3[2048]; + char str[2048], str2[2048], str3[2048], str4[2048]; redirected_cpt--; redirected_flag = 0; @@ -1004,19 +1002,21 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options startloc += strlen("://"); if ((endloc = strchr(startloc, '\r')) != NULL) { - startloc[endloc - startloc] = 0; + *endloc = 0; } if ((endloc = strchr(startloc, '\n')) != NULL) { - startloc[endloc - startloc] = 0; + *endloc = 0; } - strcpy(str, startloc); + strncpy(str, startloc, sizeof(str) - 1); + str[sizeof(str) - 1] = 0; endloc = strchr(str, '/'); if (endloc != NULL) { strncpy(str2, str, endloc - str); str2[endloc - str] = 0; - } else - strncpy(str2, str, sizeof(str)); + } else { + strcpy(str2, str); + } if (strlen(str) - strlen(str2) == 0) { strcpy(str3, "/"); @@ -1025,7 +1025,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options str3[strlen(str) - strlen(str2)] = 0; } } else { - strncpy(str2, webtarget, sizeof(str2)); + strncpy(str2, webtarget, sizeof(str2) - 1); + str2[sizeof(str2) - 1] = 0; if (redirected_url_buff[0] != '/') { // it's a relative path, so we have to concatenate it // with the path from the first url given @@ -1041,8 +1042,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } else { sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); } - } else - strncpy(str3, redirected_url_buff, sizeof(str3)); + } else { + strncpy(str3, redirected_url_buff, sizeof(str3) - 1); + str3[sizeof(str3) - 1] = 0; + } if (debug) hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); } @@ -1054,12 +1057,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options str3[0] = '/'; } - if (strrchr(url, ':') == NULL && port != 80) { - sprintf(str2, "%.2040s:%d", str2, port); + if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) { + sprintf(str4, "%.2000s:%d", str2, port); + strcpy(str2, str4); } if (verbose) - hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); + hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); @@ -1315,19 +1319,19 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { optional1 = NULL; if (strstr(url, "\\:") != NULL) { - if ((ptr = malloc(strlen(url))) != NULL) { + if ((ptr = malloc(strlen(url) + 1)) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); url = ptr; } } if (strstr(variables, "\\:") != NULL) { - if ((ptr = malloc(strlen(variables))) != NULL) { + if ((ptr = malloc(strlen(variables) + 1)) != NULL) { strcpy(ptr, hydra_strrep(variables, "\\:", ":")); variables = ptr; } } if (strstr(cond, "\\:") != NULL) { - if ((ptr = malloc(strlen(cond))) != NULL) { + if ((ptr = malloc(strlen(cond) + 1)) != NULL) { strcpy(ptr, hydra_strrep(cond, "\\:", ":")); cond = ptr; } From 45d2f2dd67d2a18a993536187079d6a1eaa8a9b0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 8 Sep 2022 10:32:44 +0200 Subject: [PATCH 252/332] v9.4 release --- CHANGES | 2 +- hydra.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 9727b33..8fd6cf4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,7 @@ Changelog for hydra ------------------- -Release 9.4-dev +Release 9.4 * Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian * Small fix for weird RTSP servers * Added "2=" optional parameter to http-post-form module to tell hydra that diff --git a/hydra.c b/hydra.c index b464010..12772bb 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.4-dev" +#define VERSION "v9.4" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 28aaa7bab9f25bfff9f4dfb03a02cd3fb5a526f6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 8 Sep 2022 10:33:59 +0200 Subject: [PATCH 253/332] v9.5-dev init --- CHANGES | 4 ++++ hydra.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 8fd6cf4..2111ce2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ Changelog for hydra ------------------- +Release 9.5-dev +* ... your patch? :) + + Release 9.4 * Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian * Small fix for weird RTSP servers diff --git a/hydra.c b/hydra.c index 12772bb..2e4f2ab 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.4" +#define VERSION "v9.5-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 613bd02264dcc989eeeb77b83603d4c2f48f0bbc Mon Sep 17 00:00:00 2001 From: Sam James Date: Fri, 9 Sep 2022 04:32:05 +0100 Subject: [PATCH 254/332] Makefile.am: add -D_GNU_SOURCE for strcasestr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit strcasestr is not a standard function and per the man page, needs -D_GNU_SOURCE to be visible. Fixes a build error: ``` hydra-rtsp.c:20:7: error: implicit declaration of function ‘strcasestr’; did you mean ‘strcasecmp’? [-Werror=implicit-function-declaration] 20 | if (strcasestr(s, "401 Unauthorized") != NULL) { | ^~~~~~~~~~ | strcasecmp ``` Signed-off-by: Sam James --- Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index 8cd56d1..a8da8d6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,6 +5,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversio WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g OPTS=-I. -O3 $(CFLAGS) -fcommon +CPPFLAGS += -D_GNU_SOURCE # -Wall -g -pedantic LIBS=-lm DESTDIR ?= From 882a1a3aaca6257069fa8619352cb986973ff98b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 29 Sep 2022 10:01:56 +0200 Subject: [PATCH 255/332] fix http-...-form help --- CHANGES | 3 ++- hydra-http-form.c | 48 +++++++++++++++++++++++------------------------ 2 files changed, 25 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 2111ce2..3d61f77 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,8 @@ Changelog for hydra ------------------- Release 9.5-dev -* ... your patch? :) +* The help for http forms was wrong. the condition variable must always be + the *last* parameter, not the third Release 9.4 diff --git a/hydra-http-form.c b/hydra-http-form.c index a864088..93953dc 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1434,27 +1434,26 @@ void usage_http_form(const char *service) { "redirections in\n" "a row. It always gathers a new cookie from the same URL without " "variables\n" - "The parameters take three \":\" separated values, plus optional " + "The parameters requires three \":\" separated values, plus optional " "values.\n" "(Note: if you need a colon in the option string as value, escape it " "with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: ::[:[:]\n" - "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, " - "etc.\n" - " with url-encoded (resp. base64-encoded) usernames and passwords being " - "replaced in the\n" - " \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") " - "placeholders (FORM PARAMETERS)\n" - "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful " - "condition\n" + "\nSyntax: :[:[:]:\n" + "\nFirst is the page on the server to GET or POST to (URL), e.g. \"/login\".\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.)\n" + " without the initial '?' character and the usernames and passwords being\n" + " replaced with \"^USER^\" (\"^USER64^\" for base64 encodings) and \"^PASS^\"\n" + " (\"^PASS64^\" for base64 encodings).\n" + "Third are optional parameters (see below)\n" + "Last is the string that it checks for an *invalid* login (by default).\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp " - "what a\n" - " failed string looks like and put it in this parameter! Add the -d switch to see\nthe sent/received data!\n" - "\nThe following parameters are optional:\n" + " This is where most people get it wrong! You have to check the webapp what a\n" + " failed string looks like and put it in this parameter! Add the -d switch to see\n" + " the sent/received data!\n" + " Note that using invalid login condition checks can result in false positives!\n" + "\nThe following parameters are optional and are put between the form parameters\n" + " and the condition string; seperate them too with colons:\n" " 2= 302 page forward return codes identify a successful attempt\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" @@ -1469,17 +1468,16 @@ void usage_http_form(const char *service) { "exists, by the\n" " one supplied by the user, or add the header at the " "end\n" - "\nNote that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the " - "examples above and below).\n" - " You can specify a header without escaping the colons, but that way you " - "will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as " - "option separators.\n" + "\nNote that if you are going to put colons (:) in your headers you should escape\n" + "them with a backslash (\\). All colons that are not option separators should be\n" + "escaped (see the examples above and below).\n" + "You can specify a header without escaping the colons, but that way you will not\n" + "be able to put colons in the header value itself, as they will be interpreted by\n" + "hydra as option separators.\n" "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" " \"/" - "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*" + "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=result=" "success\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic " From 8ddec0107b57b356820a8f19ca50d2cb5ea687ed Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 13 Oct 2022 17:28:39 +0200 Subject: [PATCH 256/332] dockerfile fix --- Dockerfile | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4496f50..599e7e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,18 +35,23 @@ RUN set -x \ gcc \ 1>/dev/null \ # The next line fixes the curl "SSL certificate problem: unable to get local issuer certificate" for linux/arm - && c_rehash \ - # Get hydra sources and compile - && cd /src \ - && ./configure 1>/dev/null \ - && make 1>/dev/null \ - && make install \ - # Make clean - && apt-get purge -y make gcc libgpg-error-dev libgcrypt-dev \ + && c_rehash + +# Get hydra sources and compile +RUN cd /src \ + && make clean \ + && ./configure \ + && make \ + && make install + +# Make clean +RUN apt-get purge -y make gcc \ && apt-get autoremove -y \ && rm -rf /var/lib/apt/lists/* \ - # Verify hydra installation - && hydra -h || error_code=$? \ + && rm -rf /src + +# Verify hydra installation +RUN hydra -h || error_code=$? \ && if [ ! "${error_code}" -eq 255 ]; then echo "Wrong exit code for 'hydra help' command"; exit 1; fi \ # Unprivileged user creation && echo 'hydra:x:10001:10001::/tmp:/sbin/nologin' > /etc/passwd \ From 5ab0b95f8f1e6b24846fb9012570c7022eaf32b3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 14 Oct 2022 10:23:19 +0200 Subject: [PATCH 257/332] fix attempt for smb2 --- hydra-smb2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-smb2.c b/hydra-smb2.c index 275bbae..c213596 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,6 +126,7 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { + case 0: break; case ENOENT: // Noticed this when connecting to older samba servers on linux // where any credentials are accepted. From 04204f7d9b9ced8f564aa18d6636779bea5c59eb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 14 Oct 2022 10:29:22 +0200 Subject: [PATCH 258/332] fix attempt for smb2 --- hydra-smb2.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hydra-smb2.c b/hydra-smb2.c index c213596..5e99451 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,7 +126,11 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { - case 0: break; + case 0: + // maybe false positive? unclear ... :( ... needs more testing + smbc_free_context(ctx, 1); + return true; + break; case ENOENT: // Noticed this when connecting to older samba servers on linux // where any credentials are accepted. From 8fb5f5e2b473eb351109d11bfe13a04aa3020bc3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 14 Oct 2022 10:31:21 +0200 Subject: [PATCH 259/332] update changelog --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index 3d61f77..55d74e9 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,8 @@ Changelog for hydra ------------------- Release 9.5-dev +* smb2: fix for updated libsmb2 which resulted in correct guessing attempts + not being detected * The help for http forms was wrong. the condition variable must always be the *last* parameter, not the third From feaab90b1fe29c9f059e4b548540f00b6df79ff1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 3 Nov 2022 17:05:41 +0100 Subject: [PATCH 260/332] fix smtp --- CHANGES | 5 +++-- hydra-smtp.c | 10 ++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 55d74e9..2c27d84 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,11 @@ Changelog for hydra ------------------- Release 9.5-dev +* The help for http-form was wrong. the condition variable must always be + the *last* parameter, not the third * smb2: fix for updated libsmb2 which resulted in correct guessing attempts not being detected -* The help for http forms was wrong. the condition variable must always be - the *last* parameter, not the third +* smtp: break early if the server does not allow authentication Release 9.4 diff --git a/hydra-smtp.c b/hydra-smtp.c index dc6e54a..97d5b72 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -61,6 +61,10 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 1; if (strstr(buf, "334") == NULL) { hydra_report(stderr, "[ERROR] SMTP PLAIN AUTH : %s\n", buf); + if (strstr(buf, "503") != NULL) { + free(buf); + return 4; + } free(buf); return 3; } @@ -438,6 +442,12 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } hydra_child_exit(0); return; + case 4: /* error exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(3); + return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); From 972039b3ae2122a2aa8e9322a6f1b36fd5ef3966 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 4 Nov 2022 10:56:56 +0100 Subject: [PATCH 261/332] fix help --- pw-inspector.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw-inspector.c b/pw-inspector.c index 2f53e05..cc91c02 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -30,7 +30,7 @@ void help() { printf(" -l lowcase characters (a,b,c,d, etc.)\n"); printf(" -u upcase characters (A,B,C,D, etc.)\n"); printf(" -n numbers (1,2,3,4, etc.)\n"); - printf(" -p printable characters (which are not -l/-n/-p, e.g. " + printf(" -p printable characters (which are not -l/-u/-n, e.g. " "$,!,/,(,*, etc.)\n"); printf(" -s special characters - all others not within the sets " "above\n"); From 4778a398d963847bf70862d687d752606847f3f2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 9 Nov 2022 12:08:34 +0100 Subject: [PATCH 262/332] fix man page --- hydra-mod.c | 6 +++--- pw-inspector.1 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index a24889b..de86f66 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -662,10 +662,10 @@ char *hydra_get_next_pair() { pair[sizeof(pair) - 1] = 0; __fck = read(intern_socket, pair, sizeof(pair) - 1); // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); - if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) - return HYDRA_EXIT; - if (pair[0] == 0) + if (pair[0] == 0 || __fck <= 0) return HYDRA_EMPTY; + if (__fck >= sizeof(HYDRA_EXIT) && memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) + return HYDRA_EXIT; } return pair; } diff --git a/pw-inspector.1 b/pw-inspector.1 index 90bff65..c9f228c 100644 --- a/pw-inspector.1 +++ b/pw-inspector.1 @@ -42,7 +42,7 @@ upcase characters (A,B,C,D, etc.) numbers (1,2,3,4, etc.) .TP .B \-p -printable characters (which are not \-l/\-n/\-p, e.g. $,!,/,(,*, etc.) +printable characters (which are not \-l/\-n/\-n, e.g. $,!,/,(,*, etc.) .TP .B \ -s special characters \- all others not withint the sets above From 128467103181c2982a7be6acef33759c8401726b Mon Sep 17 00:00:00 2001 From: mashaz Date: Tue, 15 Nov 2022 15:01:58 +0800 Subject: [PATCH 263/332] fix: error when mongodb user is empty --- hydra-mongodb.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/hydra-mongodb.c b/hydra-mongodb.c index 201c3ff..994f477 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -72,10 +72,17 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, mongoc_log_set_handler(NULL, NULL); bson_init(&q); - snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr); + if (login[0] == '\0' && pass[0] == '\0') { + snprintf(uri, sizeof(uri), "mongodb://%s:%d/?authSource=%s", hydra_address2string(ip), port, miscptr); + } else { + snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr); + } + client = mongoc_client_new(uri); - if (!client) + if (!client) { + hydra_completed_pair_skip(); return 3; + } mongoc_client_set_appname(client, "hydra"); collection = mongoc_client_get_collection(client, miscptr, "test"); From e9698cd53053442f23effc8fee68a8d566fbc94f Mon Sep 17 00:00:00 2001 From: ringzero Date: Sun, 4 Dec 2022 16:13:47 +0800 Subject: [PATCH 264/332] freerdp tls-seclevel to 0 --- hydra-rdp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-rdp.c b/hydra-rdp.c index b33c87d..a772086 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -30,6 +30,7 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->ServerPort = port; instance->settings->Domain = domain; instance->settings->MaxTimeInCheckLoop = 100; + instance->settings->TlsSecLevel = 0; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); return err; From eb939baaa51c6f48c4fdfe5a993bdc7aa495ba89 Mon Sep 17 00:00:00 2001 From: ringzero Date: Mon, 5 Dec 2022 20:12:56 +0800 Subject: [PATCH 265/332] rdp: support hydra waittime --- hydra-rdp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hydra-rdp.c b/hydra-rdp.c index a772086..405ecf3 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -9,6 +9,7 @@ #include "hydra-mod.h" +extern hydra_option hydra_options; extern char *HYDRA_EXIT; #ifndef LIBFREERDP void dummy_rdp() { printf("\n"); } @@ -18,6 +19,7 @@ void dummy_rdp() { printf("\n"); } freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; + int32_t waittime = hydra_options.waittime; instance->settings->Username = login; instance->settings->Password = password; @@ -30,6 +32,11 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->ServerPort = port; instance->settings->Domain = domain; instance->settings->MaxTimeInCheckLoop = 100; + // hydra_options.waittime default value -> 32 + if (waittime != 32) { + // freerdp timeout format is microseconds -> default:15000 + instance->settings->TcpConnectTimeout = waittime * 1000; + } instance->settings->TlsSecLevel = 0; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); From d830ac795e65a7b47492d50859eb36bb8d2dd116 Mon Sep 17 00:00:00 2001 From: ringzero Date: Tue, 6 Dec 2022 09:41:04 +0800 Subject: [PATCH 266/332] rdp implementing-w and -W support --- hydra-rdp.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index 405ecf3..4036591 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -19,7 +19,6 @@ void dummy_rdp() { printf("\n"); } freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; - int32_t waittime = hydra_options.waittime; instance->settings->Username = login; instance->settings->Password = password; @@ -32,11 +31,8 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->ServerPort = port; instance->settings->Domain = domain; instance->settings->MaxTimeInCheckLoop = 100; - // hydra_options.waittime default value -> 32 - if (waittime != 32) { - // freerdp timeout format is microseconds -> default:15000 - instance->settings->TcpConnectTimeout = waittime * 1000; - } + // freerdp timeout format is microseconds -> default:15000 + instance->settings->TcpConnectTimeout = hydra_options.waittime * 1000; instance->settings->TlsSecLevel = 0; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); @@ -108,6 +104,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1; int32_t myport = PORT_RDP; + int32_t __first_rdp_connect = 1; if (port != 0) myport = port; @@ -119,6 +116,10 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL next_run = 0; switch (run) { case 1: /* run the cracking function */ + if (__first_rdp_connect != 0) + __first_rdp_connect = 0; + else + sleep(hydra_options.conwait); next_run = start_rdp(ip, myport, options, miscptr, fp); break; case 2: /* clean exit */ From c6a3f77476bbdf7d409a7cdf46725694fbf18f10 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 3 Jan 2023 11:47:39 +0100 Subject: [PATCH 267/332] welcome 2023 --- Makefile.am | 2 +- hydra.1 | 2 +- hydra.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index a8da8d6..0dd498e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # -# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC +# Makefile for Hydra - (c) 2001-2023 by van Hauser / THC # WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align diff --git a/hydra.1 b/hydra.1 index 81b2feb..b9cb7a5 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,4 +1,4 @@ -.TH "HYDRA" "1" "01/01/2022" +.TH "HYDRA" "1" "01/01/2023" .SH NAME hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS diff --git a/hydra.c b/hydra.c index 2e4f2ab..dbea4c0 100644 --- a/hydra.c +++ b/hydra.c @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2022 by van Hauser / THC + * hydra (c) 2001-2023 by van Hauser / THC * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. @@ -2186,7 +2186,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2022 by %s & %s - Please do not use in military or secret " + printf("%s %s (c) 2023 by %s & %s - Please do not use in military or secret " "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP From a41d10dc8ce718c9bd4397534636d6b4de1450cd Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 18 Jan 2023 16:30:24 +0100 Subject: [PATCH 268/332] Various C99 compatibility fixes strrchr is declared in , not . _GNU_SOURCE needs to be defined before any glibc headers are included, otherwise it is not effective. Also patch some old autoconf-internal issues in the hydra-gtk configure script. --- configure | 2 +- hydra-gtk/configure | 8 ++++---- hydra-rtsp.c | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/configure b/configure index d9c8b02..425f80a 100755 --- a/configure +++ b/configure @@ -1356,7 +1356,7 @@ echo "Checking for Android specialities ..." TMPC=comptest$$ STRRCHR=" not" echo '#include ' > $TMPC.c -echo '#include ' >> $TMPC.c +echo '#include ' >> $TMPC.c echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c $CC -o $TMPC $TMPC.c > /dev/null 2>&1 test -x $TMPC && STRRCHR="" diff --git a/hydra-gtk/configure b/hydra-gtk/configure index 653ba7d..6cd3de7 100755 --- a/hydra-gtk/configure +++ b/hydra-gtk/configure @@ -2391,7 +2391,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then for ac_declaration in \ - '' \ + '#include ' \ 'extern "C" void std::exit (int) throw (); using std::exit;' \ 'extern "C" void std::exit (int); using std::exit;' \ 'extern "C" void exit (int) throw ();' \ @@ -3192,7 +3192,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then for ac_declaration in \ - '' \ + '#include ' \ 'extern "C" void std::exit (int) throw (); using std::exit;' \ 'extern "C" void std::exit (int); using std::exit;' \ 'extern "C" void exit (int) throw ();' \ @@ -3797,8 +3797,8 @@ main () for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) - exit(2); - exit (0); + return 2; + return 0; } _ACEOF rm -f conftest$ac_exeext diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 3b6e84b..3b4bdca 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -6,10 +6,11 @@ // // +#define _GNU_SOURCE + #include "hydra-mod.h" #include "sasl.h" #include -#define _GNU_SOURCE #include extern char *HYDRA_EXIT; From 97cae4633c45be76d2f5df5a739a3870adbd293e Mon Sep 17 00:00:00 2001 From: xd0419 <1249457656@qq.com> Date: Wed, 1 Mar 2023 22:08:53 +0800 Subject: [PATCH 269/332] edit mongodb moudle error --- hydra-mongodb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra-mongodb.c b/hydra-mongodb.c index 994f477..d413192 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -97,11 +97,11 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, mongoc_collection_destroy(collection); mongoc_client_destroy(client); mongoc_cleanup(); - hydra_completed_pair_skip(); + hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { return 3; } - return 2; + return 1; } } From 4ae7a365e92f3b30cc3eb58aa47bf7e42f21a8ef Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 6 Mar 2023 10:35:03 +0100 Subject: [PATCH 270/332] fix http form help output --- hydra-http-form.c | 44 +++++++++++++++++--------------------------- 1 file changed, 17 insertions(+), 27 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 93953dc..53b7ce5 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -20,33 +20,23 @@ Here's a couple of examples: - ./hydra -S -s 443 -l "" -P pass.txt 10.221.64.2 https-get-form "/irmlab1/vulnapp.php:username=^USER^&pass=^PASS^:incorrect" -The option field (following the service field) takes three ":" separated -values and an optional fourth value, the first is the page on the server -to GET or POST to, the second is the POST/GET variables (taken from either -the browser, or a proxy such as PAROS) with the varying usernames and passwords -in the "^USER^" and "^PASS^" placeholders, the third is the string that it -checks for an *invalid* or *valid* login - any exception to this is counted -as a success. +The option field (following the service field) takes ":" separated values: +The first is the page on the server to GET or POST to. +The second is the POST/GET variables (taken from either the browser, or a proxy +such as ZAP) with the varying usernames and passwords in the "^USER^" and +"^PASS^" placeholders. +The third + are optional parameters like C=, H= etc. (see below) +The final(!) parameter is the string that it checks for an *invalid* or *valid* +login So please: * invalid condition login should be preceded by "F=" * valid condition login should be preceded by "S=". -By default, if no header is found the condition is assume to be a fail, -so checking for *invalid* login. -The fourth optional value, can be a 'C' to define a different page to GET -initial cookies from. +By default, if no header is found the condition is assume to be a fail (F=), +so checking for an *invalid* login string. -If you specify the verbose flag (-v) it will show you the response from the +If you specify the debug flag (-d) it will show you the response from the HTTP server which is useful for checking the result of a failed login to -find something to pattern match against. - -Module initially written by Phil Robinson, IRM Plc (releases@irmplc.com), -rewritten by David Maciejak - -Fix and issue with strtok use and implement 1 step location follow if HTTP -3xx code is returned (david dot maciejak at gmail dot com) - -Added fail or success condition, getting cookies, and allow 5 redirections by -david +find something to pattern match against. This should be done together with -t 1. */ @@ -1434,8 +1424,8 @@ void usage_http_form(const char *service) { "redirections in\n" "a row. It always gathers a new cookie from the same URL without " "variables\n" - "The parameters requires three \":\" separated values, plus optional " - "values.\n" + "The parameters requires at a minimum three \":\" separated values,\n" + "plus optional values.\n" "(Note: if you need a colon in the option string as value, escape it " "with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" "\nSyntax: :[:[:]:\n" @@ -1480,11 +1470,11 @@ void usage_http_form(const char *service) { "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=result=" "success\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic " + " \"/:user=^USER&pass=^PASS^:H=Authorization\\: Basic " "dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" - " \"/exchweb/bin/auth/" + " \"/exchweb/bin/auth/:F=failed" "owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&" "username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:" - "reason=:C=/exchweb\"\n", + "C=/exchweb\":reason=\n", service); } From 75b7b52da9a2590b772ec75d4b8fb71ed2910335 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Mar 2023 09:23:55 +0100 Subject: [PATCH 271/332] fix proxy support for http-form --- CHANGES | 6 ++++-- hydra-http-form.c | 12 ++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 2c27d84..9f21de3 100644 --- a/CHANGES +++ b/CHANGES @@ -2,8 +2,10 @@ Changelog for hydra ------------------- Release 9.5-dev -* The help for http-form was wrong. the condition variable must always be - the *last* parameter, not the third +* http-form: + - The help for http-form was wrong. the condition variable must always be + the *last* parameter, not the third + - Proxy support was not working correctly * smb2: fix for updated libsmb2 which resulted in correct guessing attempts not being detected * smtp: break early if the server does not allow authentication diff --git a/hydra-http-form.c b/hydra-http-form.c index 53b7ce5..d41cbd9 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -761,7 +761,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); @@ -775,7 +775,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); @@ -823,7 +823,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (getcookie) { // doing a GET to get cookies memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); @@ -837,7 +837,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); @@ -1072,7 +1072,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // proxy with authentication hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); if (normal_request != NULL) free(normal_request); normal_request = stringify_headers(&ptr_head); @@ -1084,7 +1084,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // proxy without authentication hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); if (normal_request != NULL) free(normal_request); normal_request = stringify_headers(&ptr_head); From 01efa98ded7e7053dc8d7b898dee5bd2c365b671 Mon Sep 17 00:00:00 2001 From: bugith Date: Sun, 14 May 2023 12:03:43 +0200 Subject: [PATCH 272/332] Update README -x syntax with special characters --- README | 1 + 1 file changed, 1 insertion(+) diff --git a/README b/README index e8c7b6a..846164a 100644 --- a/README +++ b/README @@ -267,6 +267,7 @@ Examples: -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters -x 2:5:/ generate passwords from length 2 to 5 containing only slashes -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers +-x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates lenght 3 passwords with all 95 characters, and verbose. ``` Example: From a0565e1abe731c455c688c2e82da28bbe7db4a16 Mon Sep 17 00:00:00 2001 From: leo Date: Fri, 9 Jun 2023 20:43:21 +1200 Subject: [PATCH 273/332] fix rdp response 0002000f not recognised as a failed attempt --- hydra-rdp.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hydra-rdp.c b/hydra-rdp.c index 4036591..456a1c3 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -76,6 +76,10 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, // login failure hydra_completed_pair(); break; + case 0x0002000f: + // login failure + hydra_completed_pair_skip(); + break; case 0x0002000d: hydra_report(stderr, "[%d][rdp] account on %s might be valid but account not " From 377ac86652f86bd3317a771a173c4235aaa2055c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jun 2023 10:03:28 +0200 Subject: [PATCH 274/332] v9.6 release --- CHANGES | 1 + hydra.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 9f21de3..d30e1ac 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,7 @@ Release 9.5-dev * smb2: fix for updated libsmb2 which resulted in correct guessing attempts not being detected * smtp: break early if the server does not allow authentication +* rdp: detect more return codes that say a user is disabled etc. Release 9.4 diff --git a/hydra.c b/hydra.c index dbea4c0..cae3dde 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.5-dev" +#define VERSION "v9.6" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 714b051867365c724faf7f505c59dd0b0389ca58 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jun 2023 10:05:41 +0200 Subject: [PATCH 275/332] v9.5 release --- CHANGES | 2 +- README | 2 +- hydra.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index d30e1ac..a78dfea 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,7 @@ Changelog for hydra ------------------- -Release 9.5-dev +Release 9.5 * http-form: - The help for http-form was wrong. the condition variable must always be the *last* parameter, not the third diff --git a/README b/README index 846164a..44cb585 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2022 by van Hauser / THC + (c) 2001-2023 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal diff --git a/hydra.c b/hydra.c index cae3dde..c250f4c 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.6" +#define VERSION "v9.5" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 28f073fd79d337c957fc41ada2be5ec2e8122b0e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 24 Jun 2023 12:03:03 +0200 Subject: [PATCH 276/332] fix pw-inspector --- pw-inspector.c | 55 +++++++++++++++++++++----------------------------- 1 file changed, 23 insertions(+), 32 deletions(-) diff --git a/pw-inspector.c b/pw-inspector.c index cc91c02..8b87a5a 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -50,7 +50,7 @@ int main(int argc, char *argv[]) { int32_t sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0; int32_t set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0; FILE *in = stdin, *out = stdout; - char buf[MAXLENGTH + 1]; + unsigned char buf[MAXLENGTH + 1]; prg = argv[0]; if (argc < 2) @@ -124,9 +124,9 @@ int main(int argc, char *argv[]) { if (countsets == 0) countsets = sets; - while (fgets(buf, sizeof(buf), in) != NULL) { - i = -1; - if (buf[0] == 0) + while (fgets((void *)buf, sizeof(buf), in) != NULL) { + int is_low = 0, is_up = 0, is_no = 0, is_print = 0, is_other = 0; + if (!buf[0]) continue; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; @@ -134,40 +134,31 @@ int main(int argc, char *argv[]) { buf[strlen(buf) - 1] = 0; if (strlen(buf) >= minlen && strlen(buf) <= maxlen) { i = 0; - if (countsets > 0) { - if (set_low) - if (strpbrk(buf, "abcdefghijklmnopqrstuvwxyz") != NULL) - i++; - if (set_up) - if (strpbrk(buf, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != NULL) - i++; - if (set_no) - if (strpbrk(buf, "0123456789") != NULL) - i++; - if (set_print) { - j = 0; - for (k = 0; k < strlen(buf); k++) - if (isprint((int32_t)buf[k]) != 0 && isalnum((int32_t)buf[k]) == 0) - j = 1; - if (j) - i++; - } - if (set_other) { - j = 0; - for (k = 0; k < strlen(buf); k++) - if (isprint((int32_t)buf[k]) == 0 && isalnum((int32_t)buf[k]) == 0) - j = 1; - if (j) - i++; + j = 1; + for (i = 0; i < strlen(buf) && j; i++) { + j = 0; + if (set_low && islower(buf[i])) { + j = 1; + is_low = 1; + } else if (set_up && isupper(buf[i])) { + j = 1; + is_up = 1; + } else if (set_no && isdigit(buf[i])) { + j = 1; + is_no = 1; + } else if (set_print && isprint(buf[i]) && !isalnum(buf[i])) { + j = 1; + is_print = 1; + } else if (set_other && !isprint(buf[i])) { + j = 1; + is_other = 1; } } - if (i >= countsets) { + if (j && countsets <= is_low + is_up + is_no + is_print + is_other) { fprintf(out, "%s\n", buf); count++; } } - /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, - * minlen, maxlen, strlen(buf)); */ } fclose(in); fclose(out); From 58256c8b4f1517d15ba416347451bbf1397d7bef Mon Sep 17 00:00:00 2001 From: neo-one0873 <50387785+neo-one0873@users.noreply.github.com> Date: Tue, 27 Jun 2023 10:41:16 +0800 Subject: [PATCH 277/332] fix: array proxy_string_port may out of bound when proxy_count=64, array proxy_string_port , proxy_string_ip, etc. may out of bound. --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index c250f4c..5a21928 100644 --- a/hydra.c +++ b/hydra.c @@ -2045,7 +2045,7 @@ void process_proxy_line(int32_t type, char *string) { string[strlen(string) - 1] = 0; if (string[strlen(string) - 1] == '\r') string[strlen(string) - 1] = 0; - if (proxy_count > MAX_PROXY_COUNT) { + if (proxy_count >= MAX_PROXY_COUNT) { fprintf(stderr, "[WARNING] maximum amount of proxies loaded, ignoring this entry: %s\n", string); return; } From bb0fc9353913e0f114ec8f1144417a117b951359 Mon Sep 17 00:00:00 2001 From: xiongyi Date: Tue, 27 Jun 2023 17:45:38 +0800 Subject: [PATCH 278/332] fix memory leaks for hydra-http-form.c Signed-off-by: xiongyi --- hydra-http-form.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index d41cbd9..3707b2f 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -796,8 +796,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } else { if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); @@ -814,8 +816,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } } else { if (use_proxy == 1) { @@ -858,8 +862,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } else { if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); @@ -876,8 +882,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } } else { // direct web server, no proxy @@ -921,8 +929,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } else { if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); @@ -939,8 +949,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } } } @@ -1105,8 +1117,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options hydra_reconnect(s, ip, port, options, hostname); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } found = analyze_server_response(s); if (strlen(cookie) > 0) From 8a2df9b8f28ecb8c25b532be1b1deeed2a51d598 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 30 Jun 2023 17:21:44 +0200 Subject: [PATCH 279/332] 9.6dev --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 5a21928..4e33711 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.5" +#define VERSION "v9.6dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 310068c9ca54b86b937dc07c59c5b7a129ed06d7 Mon Sep 17 00:00:00 2001 From: Coen Tempelaars Date: Fri, 7 Jul 2023 20:55:04 +0200 Subject: [PATCH 280/332] fix replacement of user/pass placeholders in http header --- hydra-http-form.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 3707b2f..9e3c92b 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -314,9 +314,15 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) { - cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(newvalue) + 1); - if (cur_ptr->value) - strcpy(cur_ptr->value, newvalue); + size_t oldlen = strlen(oldvalue); + size_t newlen = strlen(newvalue); + if (oldlen != newlen) + cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(cur_ptr->value) - oldlen + newlen + 1); + if (cur_ptr->value) { + char *p = strstr(cur_ptr->value, oldvalue); + memmove(p + newlen, p + oldlen, strlen(p + oldlen) + 1); + memcpy(p, newvalue, newlen); + } else { hydra_report(stderr, "[ERROR] Out of memory (hddrep).\n"); hydra_child_exit(0); From fb964fc1132d7e7ee993b5cfe1ed280978530589 Mon Sep 17 00:00:00 2001 From: Roan Rothrock Date: Tue, 11 Jul 2023 10:15:24 -0500 Subject: [PATCH 281/332] Fixed #868 on vanhauser-thc/thc-hydra --- hydra-rtsp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 3b4bdca..5526f9b 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -6,7 +6,9 @@ // // +#ifndef _GNU_SOURCE #define _GNU_SOURCE +#endif #include "hydra-mod.h" #include "sasl.h" From 568ef74e0d513c8a3a0d388acdd444f92e700cab Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 21 Jul 2023 10:44:31 +0200 Subject: [PATCH 282/332] nits --- Makefile.am | 2 +- hydra-http-form.c | 5 ++--- hydra-mod.c | 2 +- hydra-smb2.c | 2 +- hydra-svn.c | 2 ++ 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index 0dd498e..f6d4bb0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon +OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations CPPFLAGS += -D_GNU_SOURCE # -Wall -g -pedantic LIBS=-lm diff --git a/hydra-http-form.c b/hydra-http-form.c index 9e3c92b..a8e5922 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -322,8 +322,7 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) { char *p = strstr(cur_ptr->value, oldvalue); memmove(p + newlen, p + oldlen, strlen(p + oldlen) + 1); memcpy(p, newvalue, newlen); - } - else { + } else { hydra_report(stderr, "[ERROR] Out of memory (hddrep).\n"); hydra_child_exit(0); } @@ -805,7 +804,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { free(cookie_header); return 1; - } + } } else { if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); diff --git a/hydra-mod.c b/hydra-mod.c index de86f66..c988c1d 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -664,7 +664,7 @@ char *hydra_get_next_pair() { // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); if (pair[0] == 0 || __fck <= 0) return HYDRA_EMPTY; - if (__fck >= sizeof(HYDRA_EXIT) && memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) + if (__fck >= sizeof(HYDRA_EXIT) && memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) return HYDRA_EXIT; } return pair; diff --git a/hydra-smb2.c b/hydra-smb2.c index 5e99451..9f396be 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,7 +126,7 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { - case 0: + case 0: // maybe false positive? unclear ... :( ... needs more testing smbc_free_context(ctx, 1); return true; diff --git a/hydra-svn.c b/hydra-svn.c index 063f12c..0258f9a 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -4,7 +4,9 @@ #ifdef LIBSVN /* needed on openSUSE */ +#ifndef _GNU_SOURCE #define _GNU_SOURCE +#endif #if !defined PATH_MAX && defined HAVE_SYS_PARAM_H #include From d2363dc99eb109adb031508e3fbde6fbba5103ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20den=20Berg?= Date: Thu, 10 Aug 2023 16:25:37 +0200 Subject: [PATCH 283/332] Allow HTTP-POST with F=403 I had a site which returns 200OK, but a json containing 403. Get results in "invalid api call". Allow using F= with post. --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 4e33711..30a8ece 100644 --- a/hydra.c +++ b/hydra.c @@ -388,7 +388,7 @@ static const struct { {"http-get-form", service_http_form_init, service_http_get_form, usage_http_form}, {"http-head", service_http_init, service_http_head, NULL}, {"http-form", service_http_form_init, NULL, usage_http_form}, - {"http-post", NULL, service_http_post, usage_http}, + {"http-post", service_http_init, service_http_post, usage_http}, {"http-post-form", service_http_form_init, service_http_post_form, usage_http_form}, SERVICE3("http-proxy", http_proxy), SERVICE3("http-proxy-urlenum", http_proxy_urlenum), From 16b424af4db7f49d09b4a9157e805040ebff23ee Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 13 Aug 2023 13:07:10 +0200 Subject: [PATCH 284/332] support -W for modules that use libarries --- CHANGES | 2 ++ hydra-firebird.c | 3 +++ hydra-http.c | 2 +- hydra-memcached.c | 3 +++ hydra-mongodb.c | 3 +++ hydra-mysql.c | 3 +++ hydra-oracle-listener.c | 3 +++ hydra-oracle-sid.c | 3 +++ hydra-oracle.c | 3 +++ hydra-postgres.c | 3 +++ hydra-rdp.c | 2 ++ hydra-sapr3.c | 3 +++ hydra-smb2.c | 8 ++++++++ hydra-ssh.c | 2 ++ hydra-sshkey.c | 3 +++ hydra-svn.c | 3 +++ 16 files changed, 48 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index a78dfea..685f48d 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,8 @@ Changelog for hydra ------------------- Release 9.5 +* many modules did not support -W (all those that used a library for the + connection). All (or most?) should be fixed now. * http-form: - The help for http-form was wrong. the condition variable must always be the *last* parameter, not the third diff --git a/hydra-firebird.c b/hydra-firebird.c index 4898c46..dea104f 100644 --- a/hydra-firebird.c +++ b/hydra-firebird.c @@ -22,6 +22,7 @@ void dummy_firebird() { printf("\n"); } #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb" +extern hydra_option hydra_options; extern char *HYDRA_EXIT; int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { @@ -124,6 +125,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr */ next_run = start_firebird(sock, ip, port, options, miscptr, fp); + if ((next_run == 1 || next_run == 2) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: diff --git a/hydra-http.c b/hydra-http.c index c76b937..ba9a676 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -451,7 +451,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis start--; memset(start, '\0', condition_len); if (debug) - hydra_report(stderr, "Modificated options:%s\n", miscptr); + hydra_report(stderr, "Modified options:%s\n", miscptr); } else { if (debug) hydra_report(stderr, "Condition not found\n"); diff --git a/hydra-memcached.c b/hydra-memcached.c index ca21d26..5a7c112 100644 --- a/hydra-memcached.c +++ b/hydra-memcached.c @@ -13,6 +13,7 @@ void dummy_mcached() { printf("\n"); } extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); +extern hydra_option hydra_options; extern char *HYDRA_EXIT; int mcached_send_com_quit(int32_t sock) { @@ -117,6 +118,8 @@ void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, switch (run) { case 1: next_run = start_mcached(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: hydra_child_exit(0); diff --git a/hydra-mongodb.c b/hydra-mongodb.c index d413192..66269be 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -14,6 +14,7 @@ void dummy_mongodb() { printf("\n"); } extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); +extern hydra_option hydra_options; extern char *HYDRA_EXIT; char *buf; @@ -136,6 +137,8 @@ void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, switch (run) { case 1: next_run = start_mongodb(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: hydra_child_exit(0); diff --git a/hydra-mysql.c b/hydra-mysql.c index eae5fd9..01a258e 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -35,6 +35,7 @@ char *hydra_scramble(char *to, const char *message, const char *password); extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length); extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); +extern hydra_option hydra_options; extern char *HYDRA_EXIT; char mysqlsalt[9]; @@ -332,6 +333,8 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F break; case 2: /* run the cracking function */ next_run = start_mysql(sock, ip, port, options, miscptr, fp); + if ((next_run == 1 || next_run == 2) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: /* clean exit */ if (sock >= 0) { diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index e6b77ec..563670b 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -19,6 +19,7 @@ void dummy_oracle_listener() { printf("\n"); } #include #define HASHSIZE 17 +extern hydra_option hydra_options; extern char *HYDRA_EXIT; char *buf; unsigned char *hash; @@ -304,6 +305,8 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char * } /* run the cracking function */ next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: /* clean exit */ if (sock >= 0) diff --git a/hydra-oracle-sid.c b/hydra-oracle-sid.c index c2db73a..32ac557 100644 --- a/hydra-oracle-sid.c +++ b/hydra-oracle-sid.c @@ -16,6 +16,7 @@ void dummy_oracle_sid() { printf("\n"); } #include #define HASHSIZE 16 +extern hydra_option hydra_options; extern char *HYDRA_EXIT; char *buf; unsigned char *hash; @@ -113,6 +114,8 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp } /* run the cracking function */ next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: /* clean exit */ if (sock >= 0) diff --git a/hydra-oracle.c b/hydra-oracle.c index 46deb44..2ae18de 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -21,6 +21,7 @@ void dummy_oracle() { printf("\n"); } #include #include +extern hydra_option hydra_options; extern char *HYDRA_EXIT; OCIEnv *o_environment; @@ -165,6 +166,8 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, break; case 2: next_run = start_oracle(sock, ip, port, options, miscptr, fp); + if ((next_run == 1 || next_run == 2) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: /* clean exit */ if (sock >= 0) diff --git a/hydra-postgres.c b/hydra-postgres.c index 7f958f7..6826c78 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -16,6 +16,7 @@ void dummy_postgres() { printf("\n"); } #define DEFAULT_DB "template1" +extern hydra_option hydra_options; extern char *HYDRA_EXIT; int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { @@ -99,6 +100,8 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr * Here we start the password cracking process */ next_run = start_postgres(sock, ip, port, options, miscptr, fp); + if ((next_run == 2 || next_run == 1) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: if (sock >= 0) diff --git a/hydra-rdp.c b/hydra-rdp.c index 456a1c3..a8a69bc 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -125,6 +125,8 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL else sleep(hydra_options.conwait); next_run = start_rdp(ip, myport, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: /* clean exit */ freerdp_disconnect(instance); diff --git a/hydra-sapr3.c b/hydra-sapr3.c index 26024da..76ce7b7 100644 --- a/hydra-sapr3.c +++ b/hydra-sapr3.c @@ -14,6 +14,7 @@ const int32_t *__ctype_b; extern void flood(); /* for -lm */ +extern hydra_option hydra_options; extern char *HYDRA_EXIT; RFC_ERROR_INFO_EX error_info; @@ -99,6 +100,8 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F switch (run) { case 1: /* connect and service init function */ next_run = start_sapr3(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: hydra_child_exit(0); diff --git a/hydra-smb2.c b/hydra-smb2.c index 9f396be..d1d220d 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -27,6 +27,7 @@ #include #include +extern hydra_option hydra_options; extern char *HYDRA_EXIT; typedef struct creds { @@ -173,10 +174,15 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { } void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + static int first_run = 0; hydra_register_socket(sp); + while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) { char *login, *pass; + if (first_run && hydra_options.conwait) + sleep(hydra_options.conwait); + login = hydra_get_next_login(); pass = hydra_get_next_password(); @@ -191,6 +197,8 @@ void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } else { hydra_completed_pair(); } + + first_run = 1; } EXIT_NORMAL; } diff --git a/hydra-ssh.c b/hydra-ssh.c index 785ae1e..96293ab 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -119,6 +119,8 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL switch (run) { case 1: /* connect and service init function */ next_run = start_ssh(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: ssh_disconnect(session); diff --git a/hydra-sshkey.c b/hydra-sshkey.c index 092d655..cac66e0 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -16,6 +16,7 @@ void dummy_sshkey() { printf("\n"); } #if LIBSSH_VERSION_MAJOR >= 0 && LIBSSH_VERSION_MINOR >= 4 extern ssh_session session; +extern hydra_option hydra_options; extern char *HYDRA_EXIT; extern int32_t new_session; @@ -117,6 +118,8 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, switch (run) { case 1: /* connect and service init function */ next_run = start_sshkey(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: ssh_disconnect(session); diff --git a/hydra-svn.c b/hydra-svn.c index 0258f9a..0664924 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -32,6 +32,7 @@ void dummy_svn() { printf("\n"); } extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); +extern hydra_option hydra_options; extern char *HYDRA_EXIT; #define DEFAULT_BRANCH "trunk" @@ -197,6 +198,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL break; case 2: next_run = start_svn(sock, ip, port, options, miscptr, fp); + if ((next_run == 1 || next_run == 2) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: if (sock >= 0) From 1dce42a0ccab0fa8946741e71be8bdf7fb16e9f4 Mon Sep 17 00:00:00 2001 From: andraxin Date: Fri, 29 Sep 2023 00:06:49 +0200 Subject: [PATCH 285/332] Update hydra-http-form.c Fix handling web forms that may return 401. --- hydra-http-form.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index a8e5922..b6f888e 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -66,6 +66,7 @@ int32_t success_cond = 0; int32_t getcookie = 1; int32_t auth_flag = 0; int32_t code_302_is_success = 0; +int32_t code_401_is_failure = 0; char cookie[4096] = "", cmiscptr[1024]; @@ -437,6 +438,14 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":")); miscptr = ptr; break; + case '1': + code_401_is_failure = 1; + char *tmp = strchr(miscptr, ':'); + if (tmp) + miscptr = tmp + 1; + else + miscptr += strlen(miscptr); + break; case '2': code_302_is_success = 1; char *tmp = strchr(miscptr, ':'); @@ -971,12 +980,17 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = success_cond; } - if (auth_flag) { // we received a 401 error - user is using wrong module - hydra_report(stderr, - "[ERROR] the target is using HTTP auth, not a web form, received HTTP " - "error code 401. Use module \"http%s-get\" instead.\n", - (options & OPTION_SSL) > 0 ? "s" : ""); - return 2; + if (auth_flag) { // we received a 401 error - user may be using wrong module + if (code_401_is_failure) { // apparently they don't think so -- treat 401 as failure + hydra_completed_pair(); + return 1; + } else { + hydra_report(stderr, + "[ERROR] received HTTP error code 401. The target may be using HTTP auth, " + "not a web form. Use module \"http%s-get\" instead, or set \"1=\".\n", + (options & OPTION_SSL) > 0 ? "s" : ""); + return 2; + } } if (strlen(cookie) > 0) From 15b1f93903e0ba1aa1733afd509183ba761e0683 Mon Sep 17 00:00:00 2001 From: Hatsumi-FR Date: Sun, 3 Dec 2023 14:11:19 +0100 Subject: [PATCH 286/332] Fix "make" error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Variable 'tmp' was moved to a higher scope in the parse_options function of hydra-http-form.c. This change was necessary to prevent duplicate declarations in the different switch case blocks. This PR fix "make" error : error: redefinition of ‘tmp’ --- hydra-http-form.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index b6f888e..26c2d29 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -390,7 +390,7 @@ char *stringify_headers(ptr_header_node *ptr_head) { } int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { - char *ptr, *ptr2; + char *ptr, *ptr2, *tmp; if (miscptr == NULL) return 1; @@ -440,7 +440,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '1': code_401_is_failure = 1; - char *tmp = strchr(miscptr, ':'); + *tmp = strchr(miscptr, ':'); if (tmp) miscptr = tmp + 1; else @@ -448,7 +448,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '2': code_302_is_success = 1; - char *tmp = strchr(miscptr, ':'); + *tmp = strchr(miscptr, ':'); if (tmp) miscptr = tmp + 1; else From 48c1e20985204087e9d30cf0fa97557bf281495b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=93TH=20Istv=C3=A1n?= Date: Tue, 5 Dec 2023 01:04:50 +0100 Subject: [PATCH 287/332] fix smb password expired vs account expired confusion --- hydra-smb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra-smb.c b/hydra-smb.c index 6fc5bbd..6476822 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1280,8 +1280,8 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char } else if (SMBerr == 0x000193) { /* Valid password, account expired */ hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); - hydra_completed_pair_found(); - } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ + hydra_completed_pair_skip(); + } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, password expired */ hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, password " "expired and must be changed on next logon\n", @@ -1311,7 +1311,7 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char } else if (SMBerr == 0x000071) { /* password expired */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); - hydra_completed_pair_skip(); + hydra_completed_pair_found(); } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login); From 9269d54ca48717dbd66c80778dab9ea1fc15c935 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=93TH=20Istv=C3=A1n?= Date: Tue, 5 Dec 2023 00:56:18 +0100 Subject: [PATCH 288/332] add legacy SSH ciphers support --- hydra-ssh.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hydra-ssh.c b/hydra-ssh.c index 96293ab..6ccae4e 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -47,6 +47,9 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list + ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256"); + ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256"); if (ssh_connect(session) != 0) { // if the connection was drop, exit and let hydra main handle it if (verbose) @@ -192,6 +195,9 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list + ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256"); + ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256"); if (ssh_connect(session) != 0) { fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session)); return 2; From 438e4fa5370b0d81b3c577a6cf7a29d6fccec624 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 5 Dec 2023 09:36:16 +0100 Subject: [PATCH 289/332] fix --- hydra-http-form.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 26c2d29..2ff75a0 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -440,7 +440,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '1': code_401_is_failure = 1; - *tmp = strchr(miscptr, ':'); + tmp = strchr(miscptr, ':'); if (tmp) miscptr = tmp + 1; else @@ -448,7 +448,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '2': code_302_is_success = 1; - *tmp = strchr(miscptr, ':'); + tmp = strchr(miscptr, ':'); if (tmp) miscptr = tmp + 1; else From 8c4165a83bc3126dd727244e0b5466c1a18aa67c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 7 Dec 2023 15:54:02 +0100 Subject: [PATCH 290/332] show form 401 option --- hydra-http-form.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 2ff75a0..022cc24 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1476,7 +1476,8 @@ void usage_http_form(const char *service) { " the sent/received data!\n" " Note that using invalid login condition checks can result in false positives!\n" "\nThe following parameters are optional and are put between the form parameters\n" - " and the condition string; seperate them too with colons:\n" + "and the condition string; seperate them too with colons:\n" + " 1= 401 error response is interpreted as user/pass wrong\n" " 2= 302 page forward return codes identify a successful attempt\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" From 82fd1a3ca0120960a5f0263e6984e03ebc1a6b5f Mon Sep 17 00:00:00 2001 From: tothi Date: Thu, 29 Feb 2024 02:52:00 +0100 Subject: [PATCH 291/332] Update hydra-smb.c fixed logging (if found -> hydra_report to stdout with Information instead of Error) --- hydra-smb.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hydra-smb.c b/hydra-smb.c index 6476822..0db54da 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1304,13 +1304,12 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); hydra_completed_pair_skip(); } else if (SMBerr == 0x000024) { /* change password on next login [success] */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); hydra_completed_pair_found(); } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ hydra_completed_pair(); } else if (SMBerr == 0x000071) { /* password expired */ - if (verbose) - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: PASSWORD EXPIRED\n", port, ipaddr_str, login); hydra_completed_pair_found(); } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */ if (verbose) From 03cdc31f98098cf52129d32d5cb604875538560a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 1 Apr 2024 14:18:47 +0200 Subject: [PATCH 292/332] update oracle url --- INSTALL | 2 +- configure | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 752aa63..20f12fd 100644 --- a/INSTALL +++ b/INSTALL @@ -24,5 +24,5 @@ https://wiki.termux.com/wiki/Graphical_Environment For the Oracle login module, install the basic and SDK packages: - http://www.oracle.com/technetwork/database/features/instant-client/index.html + https://www.oracle.com/database/technologies/instant-client/downloads.html diff --git a/configure b/configure index 425f80a..1ae09a9 100755 --- a/configure +++ b/configure @@ -966,7 +966,7 @@ if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then fi if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then echo " ... NOT found, module Oracle disabled" - echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html" + echo "Get basic and sdk package from https://www.oracle.com/database/technologies/instant-client/downloads.html" ORACLE_PATH="" ORACLE_IPATH="" fi From eaf17e9d5dab49accd9663fd7847b9c821dac9f9 Mon Sep 17 00:00:00 2001 From: Umut Yilmaz Date: Tue, 7 May 2024 21:53:13 +0200 Subject: [PATCH 293/332] Bump Dockerfile Base Image * Debian Buster -> Debian Bookworm --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 599e7e1..9f16b02 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:bookworm-slim ARG HYDRA_VERSION="github" From eb7ab3907b97df475c455b0bd187b937e2cfe4aa Mon Sep 17 00:00:00 2001 From: a12092 Date: Tue, 13 Aug 2024 13:16:22 +0800 Subject: [PATCH 294/332] Adapt with freerdp changes FreeRDP/FreeRDP#7738 use fields under rdpContext instead of freerdp FreeRDP/FreeRDP@5f8100 removes reference to MaxTimeInCheckLoop since FreeRDP has dropped this field after migrating away from blocking poll loop. --- hydra-rdp.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index a8a69bc..dc38b40 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -16,24 +16,34 @@ void dummy_rdp() { printf("\n"); } #else #include +#include freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; - instance->settings->Username = login; - instance->settings->Password = password; - instance->settings->IgnoreCertificate = TRUE; +#if FREERDP_VERSION_MAJOR == 3 + rdpSettings* settings = instance->context->settings; +#else + rdpSettings* settings = instance->settings; +#endif + + settings->Username = login; + settings->Password = password; + settings->IgnoreCertificate = TRUE; if (password[0] == 0) - instance->settings->AuthenticationOnly = FALSE; + settings->AuthenticationOnly = FALSE; else - instance->settings->AuthenticationOnly = TRUE; - instance->settings->ServerHostname = server; - instance->settings->ServerPort = port; - instance->settings->Domain = domain; - instance->settings->MaxTimeInCheckLoop = 100; + settings->AuthenticationOnly = TRUE; + settings->ServerHostname = server; + settings->ServerPort = port; + settings->Domain = domain; + +#if FREERDP_VERSION_MAJOR == 2 + settings->MaxTimeInCheckLoop = 100; +#endif // freerdp timeout format is microseconds -> default:15000 - instance->settings->TcpConnectTimeout = hydra_options.waittime * 1000; - instance->settings->TlsSecLevel = 0; + settings->TcpConnectTimeout = hydra_options.waittime * 1000; + settings->TlsSecLevel = 0; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); return err; From 7545077a16b7aec696bbf14c87b4f5a44f0d34fc Mon Sep 17 00:00:00 2001 From: a12092 Date: Tue, 13 Aug 2024 14:19:14 +0800 Subject: [PATCH 295/332] Unify settings access between freerdp 2 and 3 use `instance->context->settings` in both versions. --- hydra-rdp.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index dc38b40..0b3c690 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -21,11 +21,7 @@ freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; -#if FREERDP_VERSION_MAJOR == 3 rdpSettings* settings = instance->context->settings; -#else - rdpSettings* settings = instance->settings; -#endif settings->Username = login; settings->Password = password; From 0b7d3c4bbfe31ea459575b8e922a69254b1e7ab2 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 5 Feb 2025 23:18:42 +0100 Subject: [PATCH 296/332] integrated multipart in start_http_form, created multipart flag --- hydra-http-form.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index 022cc24..81528eb 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -67,6 +67,7 @@ int32_t getcookie = 1; int32_t auth_flag = 0; int32_t code_302_is_success = 0; int32_t code_401_is_failure = 0; +int32_t multipart_mode = 0; char cookie[4096] = "", cmiscptr[1024]; @@ -922,6 +923,43 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options hydra_reconnect(s, ip, port, options, hostname); } // now prepare for the "real" request + // first handle multipart/form-data, which is always POST + if (multipart_mode){ + char *multipart_body = NULL; + char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; + multipart_body = build_multipart_body(variables, multipart_boundary); + if (multipart_body == NULL) { + hydra_report(stderr, "[ERROR] FAiled to build multipart body. \n"); + return 0; + } + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + + char content_type[256]; + snprintf(content_type, sizeof(content_type) - 1, "multipart/for/data; boundary=%s", multipart_body); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Content-type", content_type); + + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + http_request = prepare_http_request("POST", url, multipart_body, normal_request); + free(multipart_body); + return 1; + } + + // for "normal" non-multipart POST forms if (strcmp(type, "POST") == 0) { snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) From 71c846d14fcf052ec4bb54c9290f8507c07f1a95 Mon Sep 17 00:00:00 2001 From: motypi Date: Thu, 6 Feb 2025 14:11:48 +0100 Subject: [PATCH 297/332] started on the build_multipart_body function --- hydra-http-form.c | 43 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 81528eb..8456dde 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -8,7 +8,7 @@ web-based login forms that require username and password variables via either a GET or POST request. The module works similarly to the HTTP basic auth module and will honour -proxy mode (with authenticaion) as well as SSL. The module can be invoked +proxy mode (with authentication) as well as SSL. The module can be invoked with the service names of "http-get-form", "http-post-form", "https-get-form" and "https-post-form". @@ -76,6 +76,7 @@ char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "" #define MAX_REDIRECT 8 #define MAX_CONTENT_LENGTH 20 +#define MAX_CONTENT_DISPOSITION 200 #define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; @@ -533,6 +534,38 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { return 1; } +char *build_multipart_body(char multipart_boundary){ + char *ptr, *param1, *param2, *value1, *value2; + char *body = NULL; + char content_disposition[MAX_CONTENT_DISPOSITION]; + memcpy(ptr, variables, sizeof(variables)); + param1 = ptr; + + if (1){ + while (*ptr != 0 && (*ptr != '=')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + value1 = ptr; + + while (*ptr != 0 && (*ptr != '&')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + param2 = ptr; + + while (*ptr != 0 && (*ptr != '=')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + value2 = ptr; + + strcat(body, multipart_boundary); + snprintf(content_disposition, MAX_CONTENT_DISPOSITION - 1, "%d", (int32_t)strlen(upd3variables)); + + } +} + char *prepare_http_request(char *type, char *path, char *params, char *headers) { uint32_t reqlen = 0; char *http_request = NULL; @@ -926,10 +959,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // first handle multipart/form-data, which is always POST if (multipart_mode){ char *multipart_body = NULL; - char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; - multipart_body = build_multipart_body(variables, multipart_boundary); + char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z\r\n"; + multipart_body = build_multipart_body(multipart_boundary); if (multipart_body == NULL) { - hydra_report(stderr, "[ERROR] FAiled to build multipart body. \n"); + hydra_report(stderr, "[ERROR] Failed to build multipart body. \n"); return 0; } snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); @@ -939,7 +972,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); char content_type[256]; - snprintf(content_type, sizeof(content_type) - 1, "multipart/for/data; boundary=%s", multipart_body); + snprintf(content_type, sizeof(content_type) - 1, "multipart/for/data; boundary=%s", multipart_boundary); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); else From 57216f5ce656190803729fe68b59351b6c94cf66 Mon Sep 17 00:00:00 2001 From: motypi Date: Thu, 6 Feb 2025 16:26:53 +0100 Subject: [PATCH 298/332] added multipart_mode flag, build function incomplete --- hydra-http-form.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 8456dde..6d05abb 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -456,6 +456,15 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { else miscptr += strlen(miscptr); break; + case 'm': //fall through + case 'M': + multipart_mode = 1; + tmp = strchr(miscptr, ':'); + if (tmp) + miscptr = tmp + 1; + else + miscptr += strlen(miscptr); + break; case 'g': // fall through case 'G': ptr = miscptr + 2; @@ -959,7 +968,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // first handle multipart/form-data, which is always POST if (multipart_mode){ char *multipart_body = NULL; - char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z\r\n"; + char multipart_boundary[32] = "----THC-HydraBoundaryz2Z2z\r\n"; multipart_body = build_multipart_body(multipart_boundary); if (multipart_body == NULL) { hydra_report(stderr, "[ERROR] Failed to build multipart body. \n"); From 373da88a7ed2926b8fadfab38369e2cec77072e4 Mon Sep 17 00:00:00 2001 From: Imane Khouani Date: Thu, 6 Feb 2025 17:21:47 +0100 Subject: [PATCH 299/332] build multipart function completed --- .vscode/tasks.json | 28 ++ Test | Bin 0 -> 20352 bytes Test.c | 122 +++++++ hydra-http-form.c | 663 ++++++++++++++++----------------------- peda-session-61558.txt | 3 + peda-session-61747.txt | 3 + peda-session-62215.txt | 3 + peda-session-62317.txt | 3 + peda-session-unknown.txt | 8 + 9 files changed, 445 insertions(+), 388 deletions(-) create mode 100644 .vscode/tasks.json create mode 100755 Test create mode 100644 Test.c create mode 100644 peda-session-61558.txt create mode 100644 peda-session-61747.txt create mode 100644 peda-session-62215.txt create mode 100644 peda-session-62317.txt create mode 100644 peda-session-unknown.txt diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000..08d9005 --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,28 @@ +{ + "tasks": [ + { + "type": "cppbuild", + "label": "C/C++: gcc build active file", + "command": "/usr/bin/gcc", + "args": [ + "-fdiagnostics-color=always", + "-g", + "${file}", + "-o", + "${fileDirname}/${fileBasenameNoExtension}" + ], + "options": { + "cwd": "${fileDirname}" + }, + "problemMatcher": [ + "$gcc" + ], + "group": { + "kind": "build", + "isDefault": true + }, + "detail": "Task generated by Debugger." + } + ], + "version": "2.0.0" +} \ No newline at end of file diff --git a/Test b/Test new file mode 100755 index 0000000000000000000000000000000000000000..df20b3b002e7d4165240acf776edc16751f5d9d9 GIT binary patch literal 20352 zcmeHPdvILUc|UhoS6W$bOMXZucr7rP$F3|PjBRkdwk5Lyzwo0N61ZCJL)v<^D|YYt zK>{{7Fjf_}b_>LvG>Kr!;IyW3J1|jsMLc3dCuB_10BMGn(xga%rY1aUUf%w`bI!L~ zT_nG~LQeb>QGcahfk ze8AnjS=TpRKMd>qGt}u7Es1!~lJ=HF#FvOCv%7t}moD)wY4>MR{x(@L#pT68W9sS+ z+XUQ<5>Ka5xb`WU{gJFe%Sr#?z&{^+^qOz4-+uCiMW61<&3XGbXZMp%H;&tz&i>un zj*a3g&Gw#wX!G*sNVKQ<(&khKXtpPtw6ma+p?(teBF-?#ozZkAo=Sq#=5Jr@YgKxe zK@v)b`{H&qY-iJC5bBRCX>Yy_)yVNed7>C8CMpy^4@sg4r&|H($ow030240a&BXCi z^vC_nelx_EDaj_4W>BQ(EZ2fD75^CcUZ*l>s(&hdj>Bn^nMQxcG<>=qrt<$h_+A{& z(gDU)`j=0`_fNy8%X=z6w@$-<1$-|KXSooJsr*F1r#^6&o4}|O^Mp5`Bz!**89N;w z*dsE@fpk1+$Ao2N>`-`z74F+%#X|9fh^3=Z(u!mU2-v9|A{`AS5~;AX4cVe!QItJhc<&Ux&z z3AD|Bxv;vnuD9SZ+8fW<(e&2!YZ9qsbZe+55k(!n{i&p`+)}DjDx&!=jCup-5*+kL zIR7zjK<5tV@_nTt9Y2q>dHxo2H_{SfZpy`1>{>KwEJ?O{poS^9eKc1eT>A^nUGeOe? zW_{;mgm!U*mU!HrtX8u0Xdsai}zeB=?PZR`&ZmaXmIeCc4csA#oZvr z;%9TYu?TwSgn2J$<0jbV>nHp1T@Vto4R#os`+|eF9YCd1CO zMYD90eEO+$f(zufQzH8Xr14G64ugXyen7R2`PuM*GCXxc*`wZ9;Rj};2JqK|L+f#D zBi@0o!56v)PXz~`hO=)=XU{xE&ZI}#vayFy>tN?SL!I}K{SgY}&s88}2xLrTo8d^Z zeZ;2rKxF}Nm6;l}QX7X)2ZwH>`cd~bB(Za>Yw*La!RLd6FHsI;{U=qet+0nxFnkJX z!$AWvcETFR!A%ArDwNr}NQH6+p_~y}Kl!BUANWLuBEz~*;WDg00ItH?t&(&GeviO- zSY$C4w~ZCJPD1ysdI$4o%Gqg{4Rd9e6YrpTBd+v(XWUP`!Oo*_eN@!k)lPk*Q&Xy3 z98g*BmR6t1dMlI$I}Z(Y9?ECkuUwA6<%r16R*{|@`~Jt=qzBP)+JG`GGd!Yl`w{L+ z$cxJDPhkPQNx2<`yHQ7OUxXgo@H{GfUS#J(1Kv)KttGbZ^5tClTbF=^jzlttwv8yU z?4YAcTUu6X%NL%VxS-w+M1n&l3l|}FSf6Pf4UYIwwg%Vuf{z9FMAD(vsVpQI02s0( zl1xTI!N<~jZf(18LLb4w;W$M82PXY(DCEiXIo}tPgS9 zChbOQ0P)_sR5joPgr6v(%GNhNlFdciPL5p*TyoLKGm+pW4Ki-q9NP?mYL$GR<)2`1 zTr9;56f;oFKrsWw3=}g^%s?>%`3%td29<0knx-Yi6?QaZ6LG;nD3jThN=GDz2(0%D z;qxubRLxkEO4`w+?dynV22z>0jg`mc-dHN#?~8=&(3M{4sd-_hxoSq$3^I^*J|7TW zI@9S?+S`+jCnE7=ueU#&u;T+*DDw8CB76KZ#QI5$e)JYfGvE|&o8 zIGxMg1Gp9N7+}LYx!hL3PXV6;-0*%b_Y30Vpkmy*Ss1%(jd_)2o)5}y_?M_^Cw z6CGvpXZrJjwiAtdP7$oGU0Xf(nwpATo_%6v)3S>%JHMIOWdCIxN1<2v`#$k)9K+y` z0&=0czK)|6@m)v1i*#1k-tAgbRq7795t59B+R^h~F84BEUhaC4#Kls~KrsWw3=}g^ z%s?>%#S9cPP|QFv1OJaRz~6cCcU|;5HMsB< zoFt68dh%s{=uvbf3 zJ(YmQrSN@OSqyv?^pbMY_ZT(cUm@{Y;{hlxmH1qv4Ohc5iF=JZptD@!i;P*&xl-bb zjZ^S&mBg1CmqBNR!~@1(0}n_%XnX?wRTAH190$Hy;@gdFz&mCy#JSs`3w>?F#lZWF zGS~)XoCC&>fOkpUHm(PLO$Gf7vD;V)eErPpfbTN~VYQ)VJMcRV`axx*rv;q-#tGZV_=^nhF{M zV9o_zel6*A5cU$dJSM! z1z3isjQY0R%^%p7o+SMpMkRIsbHH8Xs!DkN5%u3ox~~zF5GfI!A3$)B=np0fN*5wc zp1*WeQ*vekcM;-}ZJPZaP|x>VRiq>NqLgm2o?)ea6|tpe=?~$x^bQrz&BT^flZ+$# zBLwgPad(lJ!ga~9Te=W}vWQVlvOgi&VX{g?L3qY-ew+jkv5}bL18Ve}Wc-o7;lB)= zit%S}Lg-!ttJDlaU55j1+Kh5b1vzma9@(pU;y)piJ<%lQ{t9xVQYM%$botwt^w+oy zzKqIdWq#&%H>Idndpoe#eIc~!D)F%joFCfjJ_o)Uv~+l{I|1WHO&;0n&Ov&8IR)-M zyl=1jNl3SA>CwIJRq$+SSI76dD?xT^>B!!u=6aZ+&_^Fs-2VjYb809qG;-dK=pJD- zYcl8#L+dLpdG-mmR-e;2|wE!^%t4;})w)B@MxZuh@Hwo1$Tz%#0ZyL$P8 zk}E5gRdm%a#RJ!6iY~30!yrmYgptD!y3ZuEvaS`vz%H9j))mSa{j9YXl!3FLdP1+f9(q?{nlZyLy6VZYVgageK^&D=$T+I# z*;`#_EUd1taL=DNzs{IhR*UC&4MKoctq#hAZn{7k%&a%u)fE-0a`IR|5eqs`HcJP# zvXQEuHJL?Cojti#s!en9Oyr81K%oTYepNPj?sP&75VIf`drF1i+-v*n!M14FIQO4~_?L{1C^lakz~6uA1^?zzjNxkBL_TD|aPM zCG~V_!pUr=(*2qAzghdFS?BIT-KKllF>}sS<|5akdUICH^t@u0XU*Ej z&GUv$GiILWYHlzqW9Hn45!rVjdYoi4cADmXII4WYG_Eyk7e8js_&4($*U|>l^R6^^ zomX#~yI@fHxM|$rnvG0aRw@>=Y;4WgXki0M#2T>E`K=@2KH4vmjP9~%J;2JyeIhuK zex@&#wtKQM+OyQfVLdwxqB!!Gdril<8wJ);k~w#|miK4n$@3 zgfiI0LZVZnXF@xps)eMFeL@!Y{p^5Wimy#r{fL6M0demMxyobZmw05C zif{r8N6B6bji=_uWj7SWB-=QUj_y=Lfr6!~FaQc2W$_(S8c{&HwrgD{0+0>Ohq+gEQfZV8CSN_+Rh1o3$&`DcR9^C3l)$E@{LU)5eTuA9hsl7Hk-Rio z`cnPTmT(ALp5oz9OGhf4?Z^6Dre#w)_4`rVyKzg4{En-|?hE_+=!-7j`nD}wx>~kk zwa*_GzpK4y$!5~DRkEcw9B#p-W-V#g8zy^`*_PJ!mUuFp$YM-LMNNEGu_tb4{u?SS zv>$S^BIP?0jrse8lmQ~$*|05#gQOzyl;UEvDF)&N^7#dKXYB5JC+F0n_fZ26h)*zg zpyHKhJmLVS(x>-T7k1j6uG5Mdcs1W!xM>Q!%QT;VF90b^7tRLu>n#c>n&P9f4TmA- z2!8*UOq{-ogX-nqADDjth#_X@_oFfYAs|!5KV7^2O8S{4jxS&j6L2a&Pe}c_!udW- z4^LV}J?522{`4v^Lp0`pS6~4>XdNk&BI>BA_%vPgN{z{@Ml88lM|k=k4ZjTPr#4Cuf_OW9GKt{cE9#Bs>lBYEXIU+ zs`fU3Pky`sR#ea{_3J+KK0+_UQ~6m6ejV~ttNmbhD$D9=^y$@lDnEVX2YGY$yA8fq z`z!>1IE|nC!EY{9)c6ym@4~Nsj^Ayb0e{NgS4Ot=+t8eW%sAp~J!^+>RSItXki-2F94W zS)D;G4R&l6*467au3ojy+PHS@md>r#)>W(5by{-16ySZpa?7uCPjOy~y}_TiA6QLS z^4ii@R6YKwod{|2Hs`!%J3UY^Gs-i_ly^r@Vj|C&PN*%%@Hct?u@%XrtiDh(LVJ^G zCSl{d7mKD0Q%{f79_q>dY2u-`T2B^OJ(-NISMRf?ZP}A_CZ<@_oRB?9sJ32DVp$fp zQ**!3KI%wMx@D@S;80UTB7ry|}P78BfMijE8!9FlA;6|GENMP)5in zqr}E=Nl$S*`X94sJp#9Q%r#VT{y!I9kI-VN%Q!*$ZG?WJW&7#=ZwcvA;rqCvgjfQk z(BAp~OU`FS4f*-TY?@aU+J9Zo>lhBO;xzWxJM4L0$k6*+?4yu>fHeqizgGvyaFMpB z7^yhhPm39}M#J{Jj>GVI>KqiZBb4pwrw%H+a8Q%kp4WvKzC%g{MZ3#$_5!0d7PjYg z6^8u0=lJt_+5`Q%Mr$_A=XD!~0j=kZU$ezGfl$iWp4X8Wp4N(7zq9=hYWvk%kJqIb zdUb=z9=}w5CV$@pk5o!=$imNY4SBte#m@2f7Z4QMd$k?IQ*5ZA!@YRaVSidHFl2pp z!!$$MYF1c3CLOA1II2koY{&2<1cmlI&tq6?vZaD-$J`ek_B@Yfh?&u(;>_Pqv_1E~ z@M?7pk7<$t_dnA=2SV|)J->%Ayowbybk;xaupjd(MTS4pb_|^LzY76=&Xw07>F_!) z|Gy%qKGO{8y{D$Yp5FueeB^CnyeevfX8Q^>p2n`e?d9Lk`2SBi|IZZLaXw6i|aK5fz ztLLR`zc9~H2*pZ;;UaCXxD)3U+M&}g+p*>q)7bZG!&$7#Q28v8phS2fU@P+@V9 z;<{<<>#k5%v?5nn9Hh8O+dJEN>r!R4jypy>VS9#s)7YQ5QW> +#include +#include + +// On définit ici la variable globale "variables" qui sera utilisée par build_multipart_body. +// On suppose qu'elle contient des paires clé=valeur séparées par '&'. +// Pour ce test, on utilise par exemple : +char *variables = "username=testuser&password=testpass"; + +// La fonction build_multipart_body construit le corps d'une requête multipart/form-data +// à partir de la chaîne globale "variables" et du boundary fourni. +char *build_multipart_body(char *multipart_boundary) { + if (!variables) + return NULL; // Pas de paramètres à traiter + + char *body = NULL; // Chaîne résultat + size_t body_size = 0; // Taille actuelle du corps + + // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser (strtok modifie la chaîne) + char *vars_dup = strdup(variables); + if (!vars_dup) + return NULL; + + // Tokeniser la chaîne sur le caractère '&' + char *pair = strtok(vars_dup, "&"); + while (pair != NULL) { + // Pour chaque paire, rechercher le séparateur '=' + char *equal_sign = strchr(pair, '='); + if (!equal_sign) { + pair = strtok(NULL, "&"); + continue; + } + *equal_sign = '\0'; // Terminer la clé + char *key = pair; + char *value = equal_sign + 1; + + // Construire la section multipart pour ce champ. + // Format attendu : + // --\r\n + // Content-Disposition: form-data; name=""\r\n + // \r\n + // \r\n + int section_len = snprintf(NULL, 0, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + char *section = malloc(section_len + 1); + if (!section) { + free(body); + free(vars_dup); + return NULL; + } + snprintf(section, section_len + 1, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + // Réallouer le buffer "body" pour y ajouter cette section + size_t new_body_size = body_size + section_len; + char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' + if (!new_body) { + free(section); + free(body); + free(vars_dup); + return NULL; + } + body = new_body; + if (body_size == 0) + strcpy(body, section); + else + strcat(body, section); + body_size = new_body_size; + free(section); + + // Passage à la paire suivante + pair = strtok(NULL, "&"); + } + free(vars_dup); + + // Ajouter la fermeture du multipart : + // ----\r\n + int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); + char *closing = malloc(closing_len + 1); + if (!closing) { + free(body); + return NULL; + } + snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); + + size_t final_size = body_size + closing_len; + char *final_body = realloc(body, final_size + 1); + if (!final_body) { + free(closing); + free(body); + return NULL; + } + body = final_body; + strcat(body, closing); + free(closing); + + return body; +} + +int main(void) { + // Définir un boundary pour le test + char boundary[] = "----THC-HydraBoundaryz2Z2z"; + // Appeler la fonction build_multipart_body + char *multipart_body = build_multipart_body(boundary); + if (multipart_body == NULL) { + fprintf(stderr, "Error building multipart body.\n"); + return 1; + } + // Afficher le corps multipart généré + printf("Multipart body:\n%s\n", multipart_body); + free(multipart_body); + return 0; +} diff --git a/hydra-http-form.c b/hydra-http-form.c index 6d05abb..a39330b 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -543,36 +543,102 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { return 1; } -char *build_multipart_body(char multipart_boundary){ - char *ptr, *param1, *param2, *value1, *value2; - char *body = NULL; - char content_disposition[MAX_CONTENT_DISPOSITION]; - memcpy(ptr, variables, sizeof(variables)); - param1 = ptr; - - if (1){ - while (*ptr != 0 && (*ptr != '=')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - value1 = ptr; +char *build_multipart_body(char *multipart_boundary) { + if (!variables) + return NULL; // Pas de paramètres à traiter - while (*ptr != 0 && (*ptr != '&')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - param2 = ptr; + char *body = NULL; // Chaîne résultat + size_t body_size = 0; // Taille actuelle du corps - while (*ptr != 0 && (*ptr != '=')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - value2 = ptr; + // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser + char *vars_dup = strdup(variables); + if (!vars_dup) + return NULL; - strcat(body, multipart_boundary); - snprintf(content_disposition, MAX_CONTENT_DISPOSITION - 1, "%d", (int32_t)strlen(upd3variables)); + // Tokeniser la chaîne sur le caractère '&' + char *pair = strtok(vars_dup, "&"); + while (pair != NULL) { + // Pour chaque paire, rechercher le séparateur '=' + char *equal_sign = strchr(pair, '='); + if (!equal_sign) { + pair = strtok(NULL, "&"); + continue; + } + *equal_sign = '\0'; // Terminer la clé + char *key = pair; + char *value = equal_sign + 1; - } + // Construire la section multipart pour ce champ. + // Format attendu : + // --\r\n + // Content-Disposition: form-data; name=""\r\n + // \r\n + // \r\n + int section_len = snprintf(NULL, 0, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + char *section = malloc(section_len + 1); + if (!section) { + free(body); + free(vars_dup); + return NULL; + } + snprintf(section, section_len + 1, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + // Réallouer le buffer "body" pour y ajouter cette section + size_t new_body_size = body_size + section_len; + char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' + if (!new_body) { + free(section); + free(body); + free(vars_dup); + return NULL; + } + body = new_body; + if (body_size == 0) { + strcpy(body, section); + } else { + strcat(body, section); + } + body_size = new_body_size; + free(section); + + // Passage à la paire suivante + pair = strtok(NULL, "&"); + } + free(vars_dup); + + // Ajouter la fermeture du multipart : + // ----\r\n + int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); + char *closing = malloc(closing_len + 1); + if (!closing) { + free(body); + return NULL; + } + snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); + + size_t final_size = body_size + closing_len; + char *final_body = realloc(body, final_size + 1); + if (!final_body) { + free(closing); + free(body); + return NULL; + } + body = final_body; + strcat(body, closing); + free(closing); + + return body; } char *prepare_http_request(char *type, char *path, char *params, char *headers) { @@ -775,7 +841,9 @@ void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, c } } -int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { +int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, + char *miscptr, FILE *fp, char *hostname, char *type, + ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345]; char header[8096], *upd3variables; @@ -785,12 +853,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); - cookie[0] = 0; // reset cookies from potential previous attempt + cookie[0] = 0; // Réinitialiser les cookies d'une tentative antérieure if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; - // Take the next login/pass pair + /* Récupération du prochain login/mot de passe */ if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -808,14 +876,15 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); - // Replace the user/pass placeholders in the user-supplied headers + // Mise à jour des en‐têtes utilisateur (substitution dans les headers) hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^PASS^", cpass); hdrrep(&ptr_head, "^USER64^", b64login); hdrrep(&ptr_head, "^PASS64^", b64pass); - /* again: no snprintf to be portable. don't worry, buffer can't overflow */ + /* Gestion du proxy (cas avec proxy authentifié ou non) */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { + /* --- Bloc pour proxy avec authentification --- */ if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); @@ -824,12 +893,75 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - i = analyze_server_response(s); // ignore result + i = analyze_server_response(s); + if (strlen(cookie) > 0) + process_cookies(&ptr_cookie, cookie); + hydra_reconnect(s, ip, port, options, hostname); + } + if (strcmp(type, "POST") == 0) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } else { + /* Cas GET avec proxy authentifié */ + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } + } else if (use_proxy == 1) { + /* --- Bloc pour proxy sans authentification --- */ + if (getcookie) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options, hostname); } - // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); @@ -879,91 +1011,34 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } } else { - if (use_proxy == 1) { - // proxy without authentication - if (getcookie) { - // doing a GET to get cookies - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) - process_cookies(&ptr_cookie, cookie); - hydra_reconnect(s, ip, port, options, hostname); - } - // now prepare for the "real" request - if (strcmp(type, "POST") == 0) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); + /* --- Bloc pour accès direct au serveur (sans proxy) --- */ + normal_request = NULL; + if (getcookie) { + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); + if (strlen(cookie) > 0) { + process_cookies(&ptr_cookie, cookie); if (normal_request != NULL) free(normal_request); normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } } - } else { - // direct web server, no proxy - normal_request = NULL; - if (getcookie) { - // doing a GET to save cookies - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) { - // printf("[DEBUG] Got cookie: %s\n", cookie); - process_cookies(&ptr_cookie, cookie); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - } - hydra_reconnect(s, ip, port, options, hostname); + hydra_reconnect(s, ip, port, options, hostname); + } + /* --- Traitement multipart --- */ + if (multipart_mode) { + char *multipart_body = NULL; + /* Définir le boundary (ici, une valeur fixe, sans '\r\n') */ + char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; + multipart_body = build_multipart_body(multipart_boundary); + if (multipart_body == NULL) { + hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); + return 0; } +<<<<<<< Updated upstream // now prepare for the "real" request // first handle multipart/form-data, which is always POST if (multipart_mode){ @@ -998,55 +1073,84 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options free(normal_request); http_request = prepare_http_request("POST", url, multipart_body, normal_request); free(multipart_body); +======= + /* Mettre à jour Content-Length pour le corps multipart */ + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + + /* Mettre à jour Content-Type avec le boundary */ + char content_type[256]; + snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Content-Type", content_type); + + /* Mettre à jour l'en-tête Cookie */ + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + + if (normal_request != NULL) + free(normal_request); + /* Préparer la requête POST avec le corps multipart */ + http_request = prepare_http_request("POST", url, multipart_body, normal_request); + free(multipart_body); + return 1; + } + /* --- Traitement classique non-multipart --- */ + if (strcmp(type, "POST") == 0) { + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); +>>>>>>> Stashed changes return 1; } - - // for "normal" non-multipart POST forms - if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } + } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; } } } @@ -1056,12 +1160,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = analyze_server_response(s); - if (redirected_flag && code_302_is_success) { + if (redirected_flag && code_302_is_success) found = success_cond; - } - if (auth_flag) { // we received a 401 error - user may be using wrong module - if (code_401_is_failure) { // apparently they don't think so -- treat 401 as failure + if (auth_flag) { // 401 error + if (code_401_is_failure) { hydra_completed_pair(); return 1; } else { @@ -1076,159 +1179,20 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - // if page was redirected, follow the location header + // Gérer les redirections redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); - while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - // we have to split the location - char *startloc, *endloc; - char str[2048], str2[2048], str3[2048], str4[2048]; - - redirected_cpt--; - redirected_flag = 0; - // check if the redirect page contains the fail/success condition -#ifdef HAVE_PCRE - if (hydra_string_match(redirected_url_buff, cond) == 1) { -#else - if (strstr(redirected_url_buff, cond) != NULL) { -#endif - found = success_cond; - } else { - // location could be either absolute http(s):// or / something - // or relative - startloc = strstr(redirected_url_buff, "://"); - if (startloc != NULL) { - startloc += strlen("://"); - - if ((endloc = strchr(startloc, '\r')) != NULL) { - *endloc = 0; - } - if ((endloc = strchr(startloc, '\n')) != NULL) { - *endloc = 0; - } - strncpy(str, startloc, sizeof(str) - 1); - str[sizeof(str) - 1] = 0; - - endloc = strchr(str, '/'); - if (endloc != NULL) { - strncpy(str2, str, endloc - str); - str2[endloc - str] = 0; - } else { - strcpy(str2, str); - } - - if (strlen(str) - strlen(str2) == 0) { - strcpy(str3, "/"); - } else { - strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2)); - str3[strlen(str) - strlen(str2)] = 0; - } - } else { - strncpy(str2, webtarget, sizeof(str2) - 1); - str2[sizeof(str2) - 1] = 0; - if (redirected_url_buff[0] != '/') { - // it's a relative path, so we have to concatenate it - // with the path from the first url given - char *urlpath; - char urlpath_extracted[2048]; - - memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); - - urlpath = strrchr(url, '/'); - if (urlpath != NULL) { - strncpy(urlpath_extracted, url, urlpath - url); - sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); - } else { - sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); - } - } else { - strncpy(str3, redirected_url_buff, sizeof(str3) - 1); - str3[sizeof(str3) - 1] = 0; - } - if (debug) - hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); - } - if (str3[0] != '/') { - j = strlen(str3); - str3[j + 1] = 0; - for (i = j; i > 0; i--) - str3[i] = str3[i - 1]; - str3[0] = '/'; - } - - if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) { - sprintf(str4, "%.2000s:%d", str2, port); - strcpy(str2, str4); - } - - if (verbose) - hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3); - - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - - // re-use the above code to set cookies - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - - // re-use the code above to check for proxy use - if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { - // proxy with authentication - hdrrepv(&ptr_head, "Host", str2); - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); - } else { - if (use_proxy == 1) { - // proxy without authentication - hdrrepv(&ptr_head, "Host", str2); - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); - } else { - // direct web server, no proxy - hdrrepv(&ptr_head, "Host", str2); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", str3, NULL, normal_request); - } - } - - hydra_reconnect(s, ip, port, options, hostname); - - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - - found = analyze_server_response(s); - if (strlen(cookie) > 0) - process_cookies(&ptr_cookie, cookie); - } + while (found == 0 && redirected_flag && !code_302_is_success && + (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + // Traitement de la redirection (code non modifié ici) + // ... } - // if the last status is still 3xx, set it as a false - if (found != -1 && found == success_cond && ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { + if (found != -1 && found == success_cond && + ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && + redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { @@ -1238,83 +1202,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; } -void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type, ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie) { - int32_t run = 1, next_run = 1, sock = -1; - int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; - - // register our socket descriptor - hydra_register_socket(sp); - - /* - * Iterate through the runs. Possible values are the following: - * - 1 -> Open connection to remote server. - * - 2 -> Run password attempts. - * - 3 -> Disconnect and end with success. - * - 4 -> Disconnect and end with error. - */ - - while (1) { - if (run == 2) { - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { - hydra_child_exit(1); - } - } - switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; - } - case 2: /* run the cracking function */ - next_run = start_http_form(sock, ip, port, options, miscptr, fp, hostname, type, *ptr_head, *ptr_cookie); - break; - case 3: /* clean exit */ - if (sock >= 0) - sock = hydra_disconnect(sock); - hydra_child_exit(0); - break; - case 4: /* silent error exit */ - if (sock >= 0) - sock = hydra_disconnect(sock); - hydra_child_exit(1); - break; - default: - hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); - hydra_child_exit(0); - } - run = next_run; - } -} - -void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { - ptr_cookie_node ptr_cookie = NULL; - ptr_header_node ptr_head = initialize(ip, options, miscptr); - - if (ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); - else { - hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(2); - } -} - void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); diff --git a/peda-session-61558.txt b/peda-session-61558.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-61558.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-61747.txt b/peda-session-61747.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-61747.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-62215.txt b/peda-session-62215.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-62215.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-62317.txt b/peda-session-62317.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-62317.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-unknown.txt b/peda-session-unknown.txt new file mode 100644 index 0000000..ddb86e5 --- /dev/null +++ b/peda-session-unknown.txt @@ -0,0 +1,8 @@ + +set exec-wrapper logging enabled + +set exec-wrapper logging enabled + +set exec-wrapper logging enabled + +set exec-wrapper logging enabled From 5e01d0d4e5a998cc290dc467f176874f4622115c Mon Sep 17 00:00:00 2001 From: Imane Khouani Date: Thu, 6 Feb 2025 17:38:59 +0100 Subject: [PATCH 300/332] build multipart function completed --- hydra-http-form.c | 58 ----------------------------------------------- 1 file changed, 58 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index a39330b..f479369 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1038,7 +1038,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); return 0; } -<<<<<<< Updated upstream // now prepare for the "real" request // first handle multipart/form-data, which is always POST if (multipart_mode){ @@ -1073,63 +1072,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options free(normal_request); http_request = prepare_http_request("POST", url, multipart_body, normal_request); free(multipart_body); -======= - /* Mettre à jour Content-Length pour le corps multipart */ - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - - /* Mettre à jour Content-Type avec le boundary */ - char content_type[256]; - snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Content-Type", content_type); - - /* Mettre à jour l'en-tête Cookie */ - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - - if (normal_request != NULL) - free(normal_request); - /* Préparer la requête POST avec le corps multipart */ - http_request = prepare_http_request("POST", url, multipart_body, normal_request); - free(multipart_body); - return 1; - } - /* --- Traitement classique non-multipart --- */ - if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); ->>>>>>> Stashed changes return 1; } } else { From 6cca92477e76eb4ca526c06e6b27b1bdf078dcd5 Mon Sep 17 00:00:00 2001 From: Imane Khouani Date: Thu, 6 Feb 2025 17:48:39 +0100 Subject: [PATCH 301/332] no comments --- hydra-http-form.c | 152 ++++++++++++++++++++++++++-------------------- 1 file changed, 87 insertions(+), 65 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index f479369..02be7da 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -85,6 +85,11 @@ int32_t redirected_cpt = MAX_REDIRECT; char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers + +void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, + FILE *fp, int32_t port, char *hostname, char *type, + ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie); + /* * Function to perform some initial setup. */ @@ -103,6 +108,8 @@ ptr_header_node header_exists(ptr_header_node *ptr_head, char *header_name, char return found_header; } + + #if defined(__sun) /* Written by Kaveh R. Ghazi */ @@ -545,31 +552,31 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { char *build_multipart_body(char *multipart_boundary) { if (!variables) - return NULL; // Pas de paramètres à traiter + return NULL; - char *body = NULL; // Chaîne résultat - size_t body_size = 0; // Taille actuelle du corps + char *body = NULL; + size_t body_size = 0; - // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser + // Duplicate "variables" for tokenizing char *vars_dup = strdup(variables); if (!vars_dup) return NULL; - // Tokeniser la chaîne sur le caractère '&' + // Tokenize the string using '&' as a delimiter char *pair = strtok(vars_dup, "&"); while (pair != NULL) { - // Pour chaque paire, rechercher le séparateur '=' + // Find the '=' separator in each pair char *equal_sign = strchr(pair, '='); if (!equal_sign) { pair = strtok(NULL, "&"); continue; } - *equal_sign = '\0'; // Terminer la clé + *equal_sign = '\0'; char *key = pair; char *value = equal_sign + 1; - // Construire la section multipart pour ce champ. - // Format attendu : + // Build the multipart section for the field + // Expected format: // --\r\n // Content-Disposition: form-data; name=""\r\n // \r\n @@ -594,9 +601,9 @@ char *build_multipart_body(char *multipart_boundary) { "%s\r\n", multipart_boundary, key, value); - // Réallouer le buffer "body" pour y ajouter cette section + // Reallocate the body buffer to add this section size_t new_body_size = body_size + section_len; - char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' + char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator if (!new_body) { free(section); free(body); @@ -604,21 +611,18 @@ char *build_multipart_body(char *multipart_boundary) { return NULL; } body = new_body; - if (body_size == 0) { + if (body_size == 0) strcpy(body, section); - } else { + else strcat(body, section); - } body_size = new_body_size; free(section); - // Passage à la paire suivante pair = strtok(NULL, "&"); } free(vars_dup); - // Ajouter la fermeture du multipart : - // ----\r\n + // Append the closing boundary: ----\r\n int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); char *closing = malloc(closing_len + 1); if (!closing) { @@ -853,12 +857,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); - cookie[0] = 0; // Réinitialiser les cookies d'une tentative antérieure + cookie[0] = 0; if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; - /* Récupération du prochain login/mot de passe */ if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -876,15 +879,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); - // Mise à jour des en‐têtes utilisateur (substitution dans les headers) hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^PASS^", cpass); hdrrep(&ptr_head, "^USER64^", b64login); hdrrep(&ptr_head, "^PASS64^", b64pass); - /* Gestion du proxy (cas avec proxy authentifié ou non) */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { - /* --- Bloc pour proxy avec authentification --- */ if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); @@ -926,7 +926,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; } } else { - /* Cas GET avec proxy authentifié */ if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); if (cookie_header != NULL) @@ -948,7 +947,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } } else if (use_proxy == 1) { - /* --- Bloc pour proxy sans authentification --- */ if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); @@ -1011,7 +1009,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } } else { - /* --- Bloc pour accès direct au serveur (sans proxy) --- */ + /* Direct access to the server (no proxy) */ normal_request = NULL; if (getcookie) { if (http_request != NULL) @@ -1028,50 +1026,64 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } hydra_reconnect(s, ip, port, options, hostname); } - /* --- Traitement multipart --- */ if (multipart_mode) { char *multipart_body = NULL; - /* Définir le boundary (ici, une valeur fixe, sans '\r\n') */ char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; multipart_body = build_multipart_body(multipart_boundary); if (multipart_body == NULL) { hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); return 0; } - // now prepare for the "real" request - // first handle multipart/form-data, which is always POST - if (multipart_mode){ - char *multipart_body = NULL; - char multipart_boundary[32] = "----THC-HydraBoundaryz2Z2z\r\n"; - multipart_body = build_multipart_body(multipart_boundary); - if (multipart_body == NULL) { - hydra_report(stderr, "[ERROR] Failed to build multipart body. \n"); - return 0; - } - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - - char content_type[256]; - snprintf(content_type, sizeof(content_type) - 1, "multipart/for/data; boundary=%s", multipart_boundary); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Content-type", content_type); - - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - http_request = prepare_http_request("POST", url, multipart_body, normal_request); - free(multipart_body); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + + char content_type[256]; + snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Content-Type", content_type); + + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + + if (normal_request != NULL) + free(normal_request); + http_request = prepare_http_request("POST", url, multipart_body, normal_request); + free(multipart_body); + return 1; + } + if (strcmp(type, "POST") == 0) { + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; } } else { @@ -1105,7 +1117,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (redirected_flag && code_302_is_success) found = success_cond; - if (auth_flag) { // 401 error + if (auth_flag) { if (code_401_is_failure) { hydra_completed_pair(); return 1; @@ -1121,15 +1133,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - // Gérer les redirections redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - // Traitement de la redirection (code non modifié ici) - // ... + // Processing redirection (code omitted) } if (found != -1 && found == success_cond && @@ -1156,6 +1166,18 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m } } +void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + ptr_cookie_node ptr_cookie = NULL; + ptr_header_node ptr_head = initialize(ip, options, miscptr); + + if (ptr_head) + service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); + else { + hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); + hydra_child_exit(2); + } +} + int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be From 80a11bb1e06cba6f174b3aba691e9a46b8b1aaa3 Mon Sep 17 00:00:00 2001 From: Imane Khouani Date: Thu, 6 Feb 2025 17:54:26 +0100 Subject: [PATCH 302/332] no comments --- hydra-http-form.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 02be7da..8b105ba 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1166,18 +1166,6 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m } } -void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { - ptr_cookie_node ptr_cookie = NULL; - ptr_header_node ptr_head = initialize(ip, options, miscptr); - - if (ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); - else { - hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(2); - } -} - int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be From 65c897da68b0646a713a0d6c3757808c1b2c8e83 Mon Sep 17 00:00:00 2001 From: motypi Date: Fri, 7 Feb 2025 14:27:04 +0100 Subject: [PATCH 303/332] multipart feature finished --- hydra-http-form.c | 742 +++++++++++++++++++++++++++++----------------- 1 file changed, 473 insertions(+), 269 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 8b105ba..1dd9521 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -8,7 +8,7 @@ web-based login forms that require username and password variables via either a GET or POST request. The module works similarly to the HTTP basic auth module and will honour -proxy mode (with authentication) as well as SSL. The module can be invoked +proxy mode (with authenticaion) as well as SSL. The module can be invoked with the service names of "http-get-form", "http-post-form", "https-get-form" and "https-post-form". @@ -76,7 +76,6 @@ char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "" #define MAX_REDIRECT 8 #define MAX_CONTENT_LENGTH 20 -#define MAX_CONTENT_DISPOSITION 200 #define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; @@ -85,11 +84,6 @@ int32_t redirected_cpt = MAX_REDIRECT; char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers - -void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, - FILE *fp, int32_t port, char *hostname, char *type, - ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie); - /* * Function to perform some initial setup. */ @@ -108,8 +102,6 @@ ptr_header_node header_exists(ptr_header_node *ptr_head, char *header_name, char return found_header; } - - #if defined(__sun) /* Written by Kaveh R. Ghazi */ @@ -463,8 +455,8 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { else miscptr += strlen(miscptr); break; - case 'm': //fall through - case 'M': + case 'm': // fall through + case 'M': multipart_mode = 1; tmp = strchr(miscptr, ':'); if (tmp) @@ -551,100 +543,96 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { } char *build_multipart_body(char *multipart_boundary) { - if (!variables) - return NULL; + if (!variables) + return NULL; - char *body = NULL; - size_t body_size = 0; + char *body = NULL; + size_t body_size = 0; - // Duplicate "variables" for tokenizing - char *vars_dup = strdup(variables); - if (!vars_dup) - return NULL; + // Duplicate "variables" for tokenizing + char *vars_dup = strdup(variables); + if (!vars_dup) + return NULL; - // Tokenize the string using '&' as a delimiter - char *pair = strtok(vars_dup, "&"); - while (pair != NULL) { - // Find the '=' separator in each pair - char *equal_sign = strchr(pair, '='); - if (!equal_sign) { - pair = strtok(NULL, "&"); - continue; - } - *equal_sign = '\0'; - char *key = pair; - char *value = equal_sign + 1; + // Tokenize the string using '&' as a delimiter + char *pair = strtok(vars_dup, "&"); + while (pair != NULL) { + // Find the '=' separator in each pair + char *equal_sign = strchr(pair, '='); + if (!equal_sign) { + pair = strtok(NULL, "&"); + continue; + } + *equal_sign = '\0'; + char *key = pair; + char *value = equal_sign + 1; - // Build the multipart section for the field - // Expected format: - // --\r\n - // Content-Disposition: form-data; name=""\r\n - // \r\n - // \r\n - int section_len = snprintf(NULL, 0, - "--%s\r\n" - "Content-Disposition: form-data; name=\"%s\"\r\n" - "\r\n" - "%s\r\n", - multipart_boundary, key, value); - - char *section = malloc(section_len + 1); - if (!section) { - free(body); - free(vars_dup); - return NULL; - } - snprintf(section, section_len + 1, - "--%s\r\n" - "Content-Disposition: form-data; name=\"%s\"\r\n" - "\r\n" - "%s\r\n", - multipart_boundary, key, value); + // Build the multipart section for the field + int section_len = snprintf(NULL, 0, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + char *section = malloc(section_len + 1); + if (!section) { + free(body); + free(vars_dup); + return NULL; + } + snprintf(section, section_len + 1, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); - // Reallocate the body buffer to add this section - size_t new_body_size = body_size + section_len; - char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator - if (!new_body) { - free(section); - free(body); - free(vars_dup); - return NULL; - } - body = new_body; - if (body_size == 0) - strcpy(body, section); - else - strcat(body, section); - body_size = new_body_size; - free(section); + // Reallocate the body buffer to add this section + size_t new_body_size = body_size + section_len; + char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator + if (!new_body) { + free(section); + free(body); + free(vars_dup); + return NULL; + } + body = new_body; + if (body_size == 0) + strcpy(body, section); + else + strcat(body, section); + body_size = new_body_size; + free(section); - pair = strtok(NULL, "&"); - } - free(vars_dup); + pair = strtok(NULL, "&"); + } + free(vars_dup); - // Append the closing boundary: ----\r\n - int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); - char *closing = malloc(closing_len + 1); - if (!closing) { - free(body); - return NULL; - } - snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); - - size_t final_size = body_size + closing_len; - char *final_body = realloc(body, final_size + 1); - if (!final_body) { - free(closing); - free(body); - return NULL; - } - body = final_body; - strcat(body, closing); - free(closing); + // Append the closing boundary: ----\r\n + int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); + char *closing = malloc(closing_len + 1); + if (!closing) { + free(body); + return NULL; + } + snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); + + size_t final_size = body_size + closing_len; + char *final_body = realloc(body, final_size + 1); + if (!final_body) { + free(closing); + free(body); + return NULL; + } + body = final_body; + strcat(body, closing); + free(closing); - return body; + return body; } + char *prepare_http_request(char *type, char *path, char *params, char *headers) { uint32_t reqlen = 0; char *http_request = NULL; @@ -785,7 +773,7 @@ int32_t analyze_server_response(int32_t s) { if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) { // yes it is. // if the cookie is not in the beginning of the cookiejar, copy the - // ones before + // ones before if (ptr != cookie && *(ptr - 1) == ' ') { strncpy(tmpcookie, cookie, ptr - cookie - 2); tmpcookie[ptr - cookie - 2] = 0; @@ -845,9 +833,7 @@ void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, c } } -int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, - char *miscptr, FILE *fp, char *hostname, char *type, - ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { +int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345]; char header[8096], *upd3variables; @@ -855,13 +841,14 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options char *http_request = NULL; int32_t found = !success_cond, i, j; char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; - + char content_type[256]; memset(header, 0, sizeof(header)); - cookie[0] = 0; + cookie[0] = 0; // reset cookies from potential previous attempt if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; + // Take the next login/pass pair if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -874,16 +861,37 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options clogin[sizeof(clogin) - 1] = 0; strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); cpass[sizeof(cpass) - 1] = 0; - upd3variables = hydra_strrep(variables, "^USER^", clogin); - upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); - upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); - upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); + if (multipart_mode) { + char multipart_boundary[32] = "----THC-HydraBoundaryz2Z2z"; + + snprintf(content_type, sizeof(content_type), "multipart/form-data; boundary=%s", multipart_boundary); + char *multipart_body = build_multipart_body(multipart_boundary); + upd3variables = multipart_body; + + upd3variables = hydra_strrep(upd3variables, "^USER^", clogin); + upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); + upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); + upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); + +}else{ + snprintf(content_type, sizeof(content_type), "application/x-www-form-urlencoded"); + + upd3variables = hydra_strrep(variables, "^USER^", clogin); + upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); + upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); + upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); +} + + + + // Replace the user/pass placeholders in the user-supplied headers hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^PASS^", cpass); hdrrep(&ptr_head, "^USER64^", b64login); hdrrep(&ptr_head, "^PASS64^", b64pass); + /* again: no snprintf to be portable. don't worry, buffer can't overflow */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); @@ -893,11 +901,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - i = analyze_server_response(s); + i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options, hostname); } + // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); @@ -907,69 +916,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } - } else if (use_proxy == 1) { - if (getcookie) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); - if (strlen(cookie) > 0) - process_cookies(&ptr_cookie, cookie); - hydra_reconnect(s, ip, port, options, hostname); - } - if (strcmp(type, "POST") == 0) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (multipart_mode) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + else + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); if (cookie_header != NULL) free(cookie_header); cookie_header = stringify_cookies(ptr_cookie); @@ -1009,102 +959,137 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } } else { - /* Direct access to the server (no proxy) */ - normal_request = NULL; - if (getcookie) { - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); - if (strlen(cookie) > 0) { - process_cookies(&ptr_cookie, cookie); + if (use_proxy == 1) { + // proxy without authentication + if (getcookie) { + // doing a GET to get cookies + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) + process_cookies(&ptr_cookie, cookie); + hydra_reconnect(s, ip, port, options, hostname); + } + // now prepare for the "real" request + if (strcmp(type, "POST") == 0) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); if (normal_request != NULL) free(normal_request); normal_request = stringify_headers(&ptr_head); - } - hydra_reconnect(s, ip, port, options, hostname); - } - if (multipart_mode) { - char *multipart_body = NULL; - char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; - multipart_body = build_multipart_body(multipart_boundary); - if (multipart_body == NULL) { - hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); - return 0; - } - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - - char content_type[256]; - snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Content-Type", content_type); - - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - - if (normal_request != NULL) - free(normal_request); - http_request = prepare_http_request("POST", url, multipart_body, normal_request); - free(multipart_body); - return 1; - } - if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } } } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; + // direct web server, no proxy + normal_request = NULL; + if (getcookie) { + // doing a GET to save cookies + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) { + // printf("[DEBUG] Got cookie: %s\n", cookie); + process_cookies(&ptr_cookie, cookie); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + } + hydra_reconnect(s, ip, port, options, hostname); + } + // now prepare for the "real" request + if (strcmp(type, "POST") == 0) { + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } } } } @@ -1114,11 +1099,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = analyze_server_response(s); - if (redirected_flag && code_302_is_success) + if (redirected_flag && code_302_is_success) { found = success_cond; + } - if (auth_flag) { - if (code_401_is_failure) { + if (auth_flag) { // we received a 401 error - user may be using wrong module + if (code_401_is_failure) { // apparently they don't think so -- treat 401 as failure hydra_completed_pair(); return 1; } else { @@ -1133,18 +1119,159 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); + // if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); - while (found == 0 && redirected_flag && !code_302_is_success && - (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - // Processing redirection (code omitted) + while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + // we have to split the location + char *startloc, *endloc; + char str[2048], str2[2048], str3[2048], str4[2048]; + + redirected_cpt--; + redirected_flag = 0; + // check if the redirect page contains the fail/success condition +#ifdef HAVE_PCRE + if (hydra_string_match(redirected_url_buff, cond) == 1) { +#else + if (strstr(redirected_url_buff, cond) != NULL) { +#endif + found = success_cond; + } else { + // location could be either absolute http(s):// or / something + // or relative + startloc = strstr(redirected_url_buff, "://"); + if (startloc != NULL) { + startloc += strlen("://"); + + if ((endloc = strchr(startloc, '\r')) != NULL) { + *endloc = 0; + } + if ((endloc = strchr(startloc, '\n')) != NULL) { + *endloc = 0; + } + strncpy(str, startloc, sizeof(str) - 1); + str[sizeof(str) - 1] = 0; + + endloc = strchr(str, '/'); + if (endloc != NULL) { + strncpy(str2, str, endloc - str); + str2[endloc - str] = 0; + } else { + strcpy(str2, str); + } + + if (strlen(str) - strlen(str2) == 0) { + strcpy(str3, "/"); + } else { + strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2)); + str3[strlen(str) - strlen(str2)] = 0; + } + } else { + strncpy(str2, webtarget, sizeof(str2) - 1); + str2[sizeof(str2) - 1] = 0; + if (redirected_url_buff[0] != '/') { + // it's a relative path, so we have to concatenate it + // with the path from the first url given + char *urlpath; + char urlpath_extracted[2048]; + + memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); + + urlpath = strrchr(url, '/'); + if (urlpath != NULL) { + strncpy(urlpath_extracted, url, urlpath - url); + sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); + } else { + sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); + } + } else { + strncpy(str3, redirected_url_buff, sizeof(str3) - 1); + str3[sizeof(str3) - 1] = 0; + } + if (debug) + hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); + } + if (str3[0] != '/') { + j = strlen(str3); + str3[j + 1] = 0; + for (i = j; i > 0; i--) + str3[i] = str3[i - 1]; + str3[0] = '/'; + } + + if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) { + sprintf(str4, "%.2000s:%d", str2, port); + strcpy(str2, str4); + } + + if (verbose) + hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3); + + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + + // re-use the above code to set cookies + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + + // re-use the code above to check for proxy use + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { + // proxy with authentication + hdrrepv(&ptr_head, "Host", str2); + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); + } else { + if (use_proxy == 1) { + // proxy without authentication + hdrrepv(&ptr_head, "Host", str2); + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); + } else { + // direct web server, no proxy + hdrrepv(&ptr_head, "Host", str2); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", str3, NULL, normal_request); + } + } + + hydra_reconnect(s, ip, port, options, hostname); + + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + + found = analyze_server_response(s); + if (strlen(cookie) > 0) + process_cookies(&ptr_cookie, cookie); + } } - if (found != -1 && found == success_cond && - ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && - redirected_cpt >= 0) { + // if the last status is still 3xx, set it as a false + if (found != -1 && found == success_cond && ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { @@ -1154,6 +1281,83 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; } +void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type, ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; + + // register our socket descriptor + hydra_register_socket(sp); + + /* + * Iterate through the runs. Possible values are the following: + * - 1 -> Open connection to remote server. + * - 2 -> Run password attempts. + * - 3 -> Disconnect and end with success. + * - 4 -> Disconnect and end with error. + */ + + while (1) { + if (run == 2) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + hydra_child_exit(1); + } + } + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http_form(sock, ip, port, options, miscptr, fp, hostname, type, *ptr_head, *ptr_cookie); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + break; + case 4: /* silent error exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(1); + break; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + ptr_cookie_node ptr_cookie = NULL; + ptr_header_node ptr_head = initialize(ip, options, miscptr); + + if (ptr_head) + service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); + else { + hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); + hydra_child_exit(2); + } +} + void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); From ba9a3ba8de63e5ab95e8bc57c88704ed19a5d7e2 Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Feb 2025 10:37:17 +0100 Subject: [PATCH 304/332] add help for multipart mode, remove junk files --- .vscode/tasks.json | 28 --------- Test | Bin 20352 -> 0 bytes Test.c | 122 --------------------------------------- hydra-http-form.c | 1 + peda-session-61558.txt | 3 - peda-session-61747.txt | 3 - peda-session-62215.txt | 3 - peda-session-62317.txt | 3 - peda-session-unknown.txt | 8 --- 9 files changed, 1 insertion(+), 170 deletions(-) delete mode 100644 .vscode/tasks.json delete mode 100755 Test delete mode 100644 Test.c delete mode 100644 peda-session-61558.txt delete mode 100644 peda-session-61747.txt delete mode 100644 peda-session-62215.txt delete mode 100644 peda-session-62317.txt delete mode 100644 peda-session-unknown.txt diff --git a/.vscode/tasks.json b/.vscode/tasks.json deleted file mode 100644 index 08d9005..0000000 --- a/.vscode/tasks.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "tasks": [ - { - "type": "cppbuild", - "label": "C/C++: gcc build active file", - "command": "/usr/bin/gcc", - "args": [ - "-fdiagnostics-color=always", - "-g", - "${file}", - "-o", - "${fileDirname}/${fileBasenameNoExtension}" - ], - "options": { - "cwd": "${fileDirname}" - }, - "problemMatcher": [ - "$gcc" - ], - "group": { - "kind": "build", - "isDefault": true - }, - "detail": "Task generated by Debugger." - } - ], - "version": "2.0.0" -} \ No newline at end of file diff --git a/Test b/Test deleted file mode 100755 index df20b3b002e7d4165240acf776edc16751f5d9d9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20352 zcmeHPdvILUc|UhoS6W$bOMXZucr7rP$F3|PjBRkdwk5Lyzwo0N61ZCJL)v<^D|YYt zK>{{7Fjf_}b_>LvG>Kr!;IyW3J1|jsMLc3dCuB_10BMGn(xga%rY1aUUf%w`bI!L~ zT_nG~LQeb>QGcahfk ze8AnjS=TpRKMd>qGt}u7Es1!~lJ=HF#FvOCv%7t}moD)wY4>MR{x(@L#pT68W9sS+ z+XUQ<5>Ka5xb`WU{gJFe%Sr#?z&{^+^qOz4-+uCiMW61<&3XGbXZMp%H;&tz&i>un zj*a3g&Gw#wX!G*sNVKQ<(&khKXtpPtw6ma+p?(teBF-?#ozZkAo=Sq#=5Jr@YgKxe zK@v)b`{H&qY-iJC5bBRCX>Yy_)yVNed7>C8CMpy^4@sg4r&|H($ow030240a&BXCi z^vC_nelx_EDaj_4W>BQ(EZ2fD75^CcUZ*l>s(&hdj>Bn^nMQxcG<>=qrt<$h_+A{& z(gDU)`j=0`_fNy8%X=z6w@$-<1$-|KXSooJsr*F1r#^6&o4}|O^Mp5`Bz!**89N;w z*dsE@fpk1+$Ao2N>`-`z74F+%#X|9fh^3=Z(u!mU2-v9|A{`AS5~;AX4cVe!QItJhc<&Ux&z z3AD|Bxv;vnuD9SZ+8fW<(e&2!YZ9qsbZe+55k(!n{i&p`+)}DjDx&!=jCup-5*+kL zIR7zjK<5tV@_nTt9Y2q>dHxo2H_{SfZpy`1>{>KwEJ?O{poS^9eKc1eT>A^nUGeOe? zW_{;mgm!U*mU!HrtX8u0Xdsai}zeB=?PZR`&ZmaXmIeCc4csA#oZvr z;%9TYu?TwSgn2J$<0jbV>nHp1T@Vto4R#os`+|eF9YCd1CO zMYD90eEO+$f(zufQzH8Xr14G64ugXyen7R2`PuM*GCXxc*`wZ9;Rj};2JqK|L+f#D zBi@0o!56v)PXz~`hO=)=XU{xE&ZI}#vayFy>tN?SL!I}K{SgY}&s88}2xLrTo8d^Z zeZ;2rKxF}Nm6;l}QX7X)2ZwH>`cd~bB(Za>Yw*La!RLd6FHsI;{U=qet+0nxFnkJX z!$AWvcETFR!A%ArDwNr}NQH6+p_~y}Kl!BUANWLuBEz~*;WDg00ItH?t&(&GeviO- zSY$C4w~ZCJPD1ysdI$4o%Gqg{4Rd9e6YrpTBd+v(XWUP`!Oo*_eN@!k)lPk*Q&Xy3 z98g*BmR6t1dMlI$I}Z(Y9?ECkuUwA6<%r16R*{|@`~Jt=qzBP)+JG`GGd!Yl`w{L+ z$cxJDPhkPQNx2<`yHQ7OUxXgo@H{GfUS#J(1Kv)KttGbZ^5tClTbF=^jzlttwv8yU z?4YAcTUu6X%NL%VxS-w+M1n&l3l|}FSf6Pf4UYIwwg%Vuf{z9FMAD(vsVpQI02s0( zl1xTI!N<~jZf(18LLb4w;W$M82PXY(DCEiXIo}tPgS9 zChbOQ0P)_sR5joPgr6v(%GNhNlFdciPL5p*TyoLKGm+pW4Ki-q9NP?mYL$GR<)2`1 zTr9;56f;oFKrsWw3=}g^%s?>%`3%td29<0knx-Yi6?QaZ6LG;nD3jThN=GDz2(0%D z;qxubRLxkEO4`w+?dynV22z>0jg`mc-dHN#?~8=&(3M{4sd-_hxoSq$3^I^*J|7TW zI@9S?+S`+jCnE7=ueU#&u;T+*DDw8CB76KZ#QI5$e)JYfGvE|&o8 zIGxMg1Gp9N7+}LYx!hL3PXV6;-0*%b_Y30Vpkmy*Ss1%(jd_)2o)5}y_?M_^Cw z6CGvpXZrJjwiAtdP7$oGU0Xf(nwpATo_%6v)3S>%JHMIOWdCIxN1<2v`#$k)9K+y` z0&=0czK)|6@m)v1i*#1k-tAgbRq7795t59B+R^h~F84BEUhaC4#Kls~KrsWw3=}g^ z%s?>%#S9cPP|QFv1OJaRz~6cCcU|;5HMsB< zoFt68dh%s{=uvbf3 zJ(YmQrSN@OSqyv?^pbMY_ZT(cUm@{Y;{hlxmH1qv4Ohc5iF=JZptD@!i;P*&xl-bb zjZ^S&mBg1CmqBNR!~@1(0}n_%XnX?wRTAH190$Hy;@gdFz&mCy#JSs`3w>?F#lZWF zGS~)XoCC&>fOkpUHm(PLO$Gf7vD;V)eErPpfbTN~VYQ)VJMcRV`axx*rv;q-#tGZV_=^nhF{M zV9o_zel6*A5cU$dJSM! z1z3isjQY0R%^%p7o+SMpMkRIsbHH8Xs!DkN5%u3ox~~zF5GfI!A3$)B=np0fN*5wc zp1*WeQ*vekcM;-}ZJPZaP|x>VRiq>NqLgm2o?)ea6|tpe=?~$x^bQrz&BT^flZ+$# zBLwgPad(lJ!ga~9Te=W}vWQVlvOgi&VX{g?L3qY-ew+jkv5}bL18Ve}Wc-o7;lB)= zit%S}Lg-!ttJDlaU55j1+Kh5b1vzma9@(pU;y)piJ<%lQ{t9xVQYM%$botwt^w+oy zzKqIdWq#&%H>Idndpoe#eIc~!D)F%joFCfjJ_o)Uv~+l{I|1WHO&;0n&Ov&8IR)-M zyl=1jNl3SA>CwIJRq$+SSI76dD?xT^>B!!u=6aZ+&_^Fs-2VjYb809qG;-dK=pJD- zYcl8#L+dLpdG-mmR-e;2|wE!^%t4;})w)B@MxZuh@Hwo1$Tz%#0ZyL$P8 zk}E5gRdm%a#RJ!6iY~30!yrmYgptD!y3ZuEvaS`vz%H9j))mSa{j9YXl!3FLdP1+f9(q?{nlZyLy6VZYVgageK^&D=$T+I# z*;`#_EUd1taL=DNzs{IhR*UC&4MKoctq#hAZn{7k%&a%u)fE-0a`IR|5eqs`HcJP# zvXQEuHJL?Cojti#s!en9Oyr81K%oTYepNPj?sP&75VIf`drF1i+-v*n!M14FIQO4~_?L{1C^lakz~6uA1^?zzjNxkBL_TD|aPM zCG~V_!pUr=(*2qAzghdFS?BIT-KKllF>}sS<|5akdUICH^t@u0XU*Ej z&GUv$GiILWYHlzqW9Hn45!rVjdYoi4cADmXII4WYG_Eyk7e8js_&4($*U|>l^R6^^ zomX#~yI@fHxM|$rnvG0aRw@>=Y;4WgXki0M#2T>E`K=@2KH4vmjP9~%J;2JyeIhuK zex@&#wtKQM+OyQfVLdwxqB!!Gdril<8wJ);k~w#|miK4n$@3 zgfiI0LZVZnXF@xps)eMFeL@!Y{p^5Wimy#r{fL6M0demMxyobZmw05C zif{r8N6B6bji=_uWj7SWB-=QUj_y=Lfr6!~FaQc2W$_(S8c{&HwrgD{0+0>Ohq+gEQfZV8CSN_+Rh1o3$&`DcR9^C3l)$E@{LU)5eTuA9hsl7Hk-Rio z`cnPTmT(ALp5oz9OGhf4?Z^6Dre#w)_4`rVyKzg4{En-|?hE_+=!-7j`nD}wx>~kk zwa*_GzpK4y$!5~DRkEcw9B#p-W-V#g8zy^`*_PJ!mUuFp$YM-LMNNEGu_tb4{u?SS zv>$S^BIP?0jrse8lmQ~$*|05#gQOzyl;UEvDF)&N^7#dKXYB5JC+F0n_fZ26h)*zg zpyHKhJmLVS(x>-T7k1j6uG5Mdcs1W!xM>Q!%QT;VF90b^7tRLu>n#c>n&P9f4TmA- z2!8*UOq{-ogX-nqADDjth#_X@_oFfYAs|!5KV7^2O8S{4jxS&j6L2a&Pe}c_!udW- z4^LV}J?522{`4v^Lp0`pS6~4>XdNk&BI>BA_%vPgN{z{@Ml88lM|k=k4ZjTPr#4Cuf_OW9GKt{cE9#Bs>lBYEXIU+ zs`fU3Pky`sR#ea{_3J+KK0+_UQ~6m6ejV~ttNmbhD$D9=^y$@lDnEVX2YGY$yA8fq z`z!>1IE|nC!EY{9)c6ym@4~Nsj^Ayb0e{NgS4Ot=+t8eW%sAp~J!^+>RSItXki-2F94W zS)D;G4R&l6*467au3ojy+PHS@md>r#)>W(5by{-16ySZpa?7uCPjOy~y}_TiA6QLS z^4ii@R6YKwod{|2Hs`!%J3UY^Gs-i_ly^r@Vj|C&PN*%%@Hct?u@%XrtiDh(LVJ^G zCSl{d7mKD0Q%{f79_q>dY2u-`T2B^OJ(-NISMRf?ZP}A_CZ<@_oRB?9sJ32DVp$fp zQ**!3KI%wMx@D@S;80UTB7ry|}P78BfMijE8!9FlA;6|GENMP)5in zqr}E=Nl$S*`X94sJp#9Q%r#VT{y!I9kI-VN%Q!*$ZG?WJW&7#=ZwcvA;rqCvgjfQk z(BAp~OU`FS4f*-TY?@aU+J9Zo>lhBO;xzWxJM4L0$k6*+?4yu>fHeqizgGvyaFMpB z7^yhhPm39}M#J{Jj>GVI>KqiZBb4pwrw%H+a8Q%kp4WvKzC%g{MZ3#$_5!0d7PjYg z6^8u0=lJt_+5`Q%Mr$_A=XD!~0j=kZU$ezGfl$iWp4X8Wp4N(7zq9=hYWvk%kJqIb zdUb=z9=}w5CV$@pk5o!=$imNY4SBte#m@2f7Z4QMd$k?IQ*5ZA!@YRaVSidHFl2pp z!!$$MYF1c3CLOA1II2koY{&2<1cmlI&tq6?vZaD-$J`ek_B@Yfh?&u(;>_Pqv_1E~ z@M?7pk7<$t_dnA=2SV|)J->%Ayowbybk;xaupjd(MTS4pb_|^LzY76=&Xw07>F_!) z|Gy%qKGO{8y{D$Yp5FueeB^CnyeevfX8Q^>p2n`e?d9Lk`2SBi|IZZLaXw6i|aK5fz ztLLR`zc9~H2*pZ;;UaCXxD)3U+M&}g+p*>q)7bZG!&$7#Q28v8phS2fU@P+@V9 z;<{<<>#k5%v?5nn9Hh8O+dJEN>r!R4jypy>VS9#s)7YQ5QW> -#include -#include - -// On définit ici la variable globale "variables" qui sera utilisée par build_multipart_body. -// On suppose qu'elle contient des paires clé=valeur séparées par '&'. -// Pour ce test, on utilise par exemple : -char *variables = "username=testuser&password=testpass"; - -// La fonction build_multipart_body construit le corps d'une requête multipart/form-data -// à partir de la chaîne globale "variables" et du boundary fourni. -char *build_multipart_body(char *multipart_boundary) { - if (!variables) - return NULL; // Pas de paramètres à traiter - - char *body = NULL; // Chaîne résultat - size_t body_size = 0; // Taille actuelle du corps - - // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser (strtok modifie la chaîne) - char *vars_dup = strdup(variables); - if (!vars_dup) - return NULL; - - // Tokeniser la chaîne sur le caractère '&' - char *pair = strtok(vars_dup, "&"); - while (pair != NULL) { - // Pour chaque paire, rechercher le séparateur '=' - char *equal_sign = strchr(pair, '='); - if (!equal_sign) { - pair = strtok(NULL, "&"); - continue; - } - *equal_sign = '\0'; // Terminer la clé - char *key = pair; - char *value = equal_sign + 1; - - // Construire la section multipart pour ce champ. - // Format attendu : - // --\r\n - // Content-Disposition: form-data; name=""\r\n - // \r\n - // \r\n - int section_len = snprintf(NULL, 0, - "--%s\r\n" - "Content-Disposition: form-data; name=\"%s\"\r\n" - "\r\n" - "%s\r\n", - multipart_boundary, key, value); - - char *section = malloc(section_len + 1); - if (!section) { - free(body); - free(vars_dup); - return NULL; - } - snprintf(section, section_len + 1, - "--%s\r\n" - "Content-Disposition: form-data; name=\"%s\"\r\n" - "\r\n" - "%s\r\n", - multipart_boundary, key, value); - - // Réallouer le buffer "body" pour y ajouter cette section - size_t new_body_size = body_size + section_len; - char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' - if (!new_body) { - free(section); - free(body); - free(vars_dup); - return NULL; - } - body = new_body; - if (body_size == 0) - strcpy(body, section); - else - strcat(body, section); - body_size = new_body_size; - free(section); - - // Passage à la paire suivante - pair = strtok(NULL, "&"); - } - free(vars_dup); - - // Ajouter la fermeture du multipart : - // ----\r\n - int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); - char *closing = malloc(closing_len + 1); - if (!closing) { - free(body); - return NULL; - } - snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); - - size_t final_size = body_size + closing_len; - char *final_body = realloc(body, final_size + 1); - if (!final_body) { - free(closing); - free(body); - return NULL; - } - body = final_body; - strcat(body, closing); - free(closing); - - return body; -} - -int main(void) { - // Définir un boundary pour le test - char boundary[] = "----THC-HydraBoundaryz2Z2z"; - // Appeler la fonction build_multipart_body - char *multipart_body = build_multipart_body(boundary); - if (multipart_body == NULL) { - fprintf(stderr, "Error building multipart body.\n"); - return 1; - } - // Afficher le corps multipart généré - printf("Multipart body:\n%s\n", multipart_body); - free(multipart_body); - return 0; -} diff --git a/hydra-http-form.c b/hydra-http-form.c index 1dd9521..0b42268 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1602,6 +1602,7 @@ void usage_http_form(const char *service) { "and the condition string; seperate them too with colons:\n" " 1= 401 error response is interpreted as user/pass wrong\n" " 2= 302 page forward return codes identify a successful attempt\n" + " M= attack forms that use multipart format\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" " (g|G)= skip pre-requests - only use this when no pre-cookies are required\n" diff --git a/peda-session-61558.txt b/peda-session-61558.txt deleted file mode 100644 index e50613c..0000000 --- a/peda-session-61558.txt +++ /dev/null @@ -1,3 +0,0 @@ -break main - -set exec-wrapper logging enabled diff --git a/peda-session-61747.txt b/peda-session-61747.txt deleted file mode 100644 index e50613c..0000000 --- a/peda-session-61747.txt +++ /dev/null @@ -1,3 +0,0 @@ -break main - -set exec-wrapper logging enabled diff --git a/peda-session-62215.txt b/peda-session-62215.txt deleted file mode 100644 index e50613c..0000000 --- a/peda-session-62215.txt +++ /dev/null @@ -1,3 +0,0 @@ -break main - -set exec-wrapper logging enabled diff --git a/peda-session-62317.txt b/peda-session-62317.txt deleted file mode 100644 index e50613c..0000000 --- a/peda-session-62317.txt +++ /dev/null @@ -1,3 +0,0 @@ -break main - -set exec-wrapper logging enabled diff --git a/peda-session-unknown.txt b/peda-session-unknown.txt deleted file mode 100644 index ddb86e5..0000000 --- a/peda-session-unknown.txt +++ /dev/null @@ -1,8 +0,0 @@ - -set exec-wrapper logging enabled - -set exec-wrapper logging enabled - -set exec-wrapper logging enabled - -set exec-wrapper logging enabled From db099fcdacce542bca290c38a03c886a0db0ab78 Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Feb 2025 14:57:07 +0100 Subject: [PATCH 305/332] cleaning code --- hydra-http-form.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 0b42268..4c6919b 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -863,26 +863,20 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options cpass[sizeof(cpass) - 1] = 0; if (multipart_mode) { - char multipart_boundary[32] = "----THC-HydraBoundaryz2Z2z"; - - snprintf(content_type, sizeof(content_type), "multipart/form-data; boundary=%s", multipart_boundary); - char *multipart_body = build_multipart_body(multipart_boundary); + snprintf(content_type, sizeof(content_type), "multipart/form-data; boundary=----THC-HydraBoundaryz2Z2z"); + char *multipart_body = build_multipart_body("----THC-HydraBoundaryz2Z2z"); upd3variables = multipart_body; +}else{ + snprintf(content_type, sizeof(content_type), "application/x-www-form-urlencoded"); + upd3variables = variables; +} + upd3variables = hydra_strrep(upd3variables, "^USER^", clogin); upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); -}else{ - snprintf(content_type, sizeof(content_type), "application/x-www-form-urlencoded"); - - upd3variables = hydra_strrep(variables, "^USER^", clogin); - upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); - upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); - upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); -} - // Replace the user/pass placeholders in the user-supplied headers @@ -916,9 +910,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - if (multipart_mode) - add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); - else add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); if (cookie_header != NULL) free(cookie_header); From 3cc53fe778a58425593a4b3fba5dc55224497ded Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 3 Mar 2025 13:00:37 +0100 Subject: [PATCH 306/332] created skip_password function --- hydra.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/hydra.c b/hydra.c index 30a8ece..a80f84f 100644 --- a/hydra.c +++ b/hydra.c @@ -1591,6 +1591,15 @@ char *hydra_reverse_login(int32_t head_no, char *login) { return hydra_heads[head_no]->reverse; } +void skip_passwords(int skips){ + for(int i=0; ipass_no >= hydra_brains.countpass) + while(*hydra_target[target_no]->pass_ptr != 0) + hydra_target[target_no]->pass_ptr++; + hydra_target[target_no]->pass_ptr++; + } +} + int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { // variables moved to save stack snpdone = 0; @@ -1750,9 +1759,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return hydra_send_next_pair(target_no, head_no); } else { hydra_targets[target_no]->pass_ptr++; - while (*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; + skip_passwords(1); } if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; From a8f80debedf418c07efbc7b70a90ad0eb50d0252 Mon Sep 17 00:00:00 2001 From: motypi Date: Tue, 4 Mar 2025 10:34:23 +0100 Subject: [PATCH 307/332] added variables and applied skipping function --- hydra.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/hydra.c b/hydra.c index a80f84f..3d95cde 100644 --- a/hydra.c +++ b/hydra.c @@ -342,6 +342,8 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; +int32_t total_distributed_machines = 2; +int32_t distributed_machine_rank = 2; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -1591,12 +1593,12 @@ char *hydra_reverse_login(int32_t head_no, char *login) { return hydra_heads[head_no]->reverse; } -void skip_passwords(int skips){ +void skip_passwords(int32_t skips, int32_t target_no){ for(int i=0; ipass_no >= hydra_brains.countpass) - while(*hydra_target[target_no]->pass_ptr != 0) - hydra_target[target_no]->pass_ptr++; - hydra_target[target_no]->pass_ptr++; + //if(*hydra_targets[target_no]->pass_no >= hydra_brains.countpass) + while(*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; } } @@ -1752,6 +1754,9 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_ptr++; + //initialise the password to start with depending on the machine's rank if using distributed computing + skip_passwords(distributed_machine_rank-1, target_no); hydra_targets[target_no]->login_no++; hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; @@ -1759,7 +1764,8 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return hydra_send_next_pair(target_no, head_no); } else { hydra_targets[target_no]->pass_ptr++; - skip_passwords(1); + //number of passwords in the wordlist to skip depending on the number of parallel machines + skip_passwords(total_distributed_machines, target_no); } if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; From 2c50bb8e6db34be37dfdbcc66c088c4b3fbd48fa Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Mar 2025 13:58:09 +0100 Subject: [PATCH 308/332] added wordlist (password,login,colonfile) segmentation on the fly using cmd option -D --- hydra.c | 112 +++++++++++++++++++++++++++++++++++++++++++++++--------- hydra.h | 1 + 2 files changed, 96 insertions(+), 17 deletions(-) diff --git a/hydra.c b/hydra.c index 3d95cde..033ede0 100644 --- a/hydra.c +++ b/hydra.c @@ -342,8 +342,8 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; -int32_t total_distributed_machines = 2; -int32_t distributed_machine_rank = 2; +int32_t num_segments = 0; +int32_t my_segment = 0; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -1593,14 +1593,66 @@ char *hydra_reverse_login(int32_t head_no, char *login) { return hydra_heads[head_no]->reverse; } -void skip_passwords(int32_t skips, int32_t target_no){ - for(int i=0; ipass_no >= hydra_brains.countpass) - while(*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; + +FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ + fprintf(stdout, "Dividing file...\n"); + + if(my_segment > num_segments){ + fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile); + return NULL; + } + + FILE *output_file; + char line[500]; + char output_file_name[20]; + + uint32_t line_number = 0; + + double total_lines; + if (total_lines = countlines(file,0)) + fprintf(stdout, "There are %f lines int the wordlist", total_lines); + else + fprintf(stderr, "Something went wrong in the counting of lines"); + + if(num_segments > total_lines){ + fprintf(stderr, "[ERROR] in option -D XofY, Y must not be greater than the total number of lines in the file to be divided: %s\n", hydra_options.passfile); + return NULL; } -} + + double segment_size_double = total_lines / num_segments; + + // round up segment_size_float to integer + uint64_t segment_size = (uint64_t)segment_size_double; + if(segment_size < segment_size_double) + segment_size++; + + uint64_t segment_start = segment_size * (my_segment - 1) + 1; + uint64_t segment_end = segment_size * my_segment; + + + sprintf(output_file_name, "segment_%d.txt", my_segment); + output_file = fopen(output_file_name, "w"); + + if(!output_file){ + fprintf(stderr, "[ERROR] Segment file empty: %s\n", hydra_options.passfile); + return NULL; + } + + while(fgets(line, sizeof line, file) != NULL && line_number < segment_end){ + line_number++; + + if(line_number >= segment_start && line_number <= segment_end) + fprintf(output_file, "%s", line); + + } + + rewind(file); + fclose(output_file); + output_file = fopen(output_file_name, "r"); + + return output_file; + + } int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { // variables moved to save stack @@ -1754,9 +1806,6 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->pass_ptr = pass_ptr; - hydra_targets[target_no]->pass_ptr++; - //initialise the password to start with depending on the machine's rank if using distributed computing - skip_passwords(distributed_machine_rank-1, target_no); hydra_targets[target_no]->login_no++; hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; @@ -1764,8 +1813,9 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return hydra_send_next_pair(target_no, head_no); } else { hydra_targets[target_no]->pass_ptr++; - //number of passwords in the wordlist to skip depending on the number of parallel machines - skip_passwords(total_distributed_machines, target_no); + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; } if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; @@ -2184,7 +2234,7 @@ void process_proxy_line(int32_t type, char *string) { int main(int argc, char *argv[]) { char *proxy_string = NULL, *device = NULL, *memcheck; char *outfile_format_tmp; - FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp; + FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp, *filecloser=NULL; size_t countinfile = 1, sizeinfile = 0; uint64_t math2; int32_t i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch; @@ -2320,6 +2370,7 @@ int main(int argc, char *argv[]) { hydra_options.loginfile = NULL; hydra_options.pass = NULL; hydra_options.passfile = NULL; + hydra_options.distributed = NULL; hydra_options.tasks = TASKS; hydra_options.max_use = MAXTASKS; hydra_options.outfile_format = FORMAT_PLAIN_TEXT; @@ -2333,8 +2384,18 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:D:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { switch (i) { + case 'D': + hydra_options.distributed = optarg; + if (sscanf(hydra_options.distributed, "%dof%d", &my_segment, &num_segments) != 2) { + fprintf(stderr, "Invalid format. Expected format -D XofY where X and Y are integers.\n"); + exit(EXIT_FAILURE); + } + else{ + fprintf(stdout, "successfully set X to %d and Y to %d\n", my_segment, num_segments); + } + break; case 'h': help(1); break; @@ -3415,6 +3476,13 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] File for logins not found: %s\n", hydra_options.loginfile); exit(-1); } + else if (hydra_options.passfile == NULL){ + if(my_segment && num_segments){ + filecloser = lfp; + lfp = hydra_divide_file(lfp, my_segment, num_segments); + fclose(filecloser); + } + } hydra_brains.countlogin = countlines(lfp, 0); hydra_brains.sizelogin = size_of_data; if (hydra_brains.countlogin == 0) { @@ -3447,6 +3515,11 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] File for passwords not found: %s\n", hydra_options.passfile); exit(-1); } + else if(my_segment && num_segments){ + filecloser = pfp; + pfp = hydra_divide_file(pfp, my_segment, num_segments); + fclose(filecloser); + } hydra_brains.countpass = countlines(pfp, 0); hydra_brains.sizepass = size_of_data; if (hydra_brains.countpass == 0) { @@ -3501,6 +3574,11 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s\n", hydra_options.colonfile); exit(-1); } + else if(my_segment && num_segments){ + filecloser = cfp; + cfp = hydra_divide_file(cfp, my_segment, num_segments); + fclose(filecloser); + } hydra_brains.countlogin = countlines(cfp, 1); hydra_brains.sizelogin = size_of_data; if (hydra_brains.countlogin == 0) { @@ -4421,4 +4499,4 @@ int main(int argc, char *argv[]) { return -1; else return 0; -} +} \ No newline at end of file diff --git a/hydra.h b/hydra.h index 353b318..24b63e8 100644 --- a/hydra.h +++ b/hydra.h @@ -194,6 +194,7 @@ typedef struct { int32_t cidr; int32_t time_next_attempt; output_format_t outfile_format; + char *distributed; // Use distributed computing by splitting user files on the fly char *login; char *loginfile; char *pass; From f632c7231eafa000afc1b5ec1fd1e0c17cbf0036 Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Mar 2025 22:41:50 +0100 Subject: [PATCH 309/332] added help for -D option --- hydra.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra.c b/hydra.c index 033ede0..2803fd8 100644 --- a/hydra.c +++ b/hydra.c @@ -521,6 +521,8 @@ void help(int32_t ext) { "instead of -L/-P options\n" " -M FILE list of servers to attack, one entry per " "line, ':' to specify port\n"); + PRINT_NORMAL(ext, " -D XofY Divide wordlist into Y segments and use the " + "Xth segment.\n"); PRINT_EXTEND(ext, " -o FILE write found login/password pairs to FILE instead of stdout\n" " -b FORMAT specify the format for the -o FILE: text(default), json, " "jsonv1\n" From 8faf1984d88016a96ac1dbe0c2591c40e21ab511 Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Mar 2025 23:02:55 +0100 Subject: [PATCH 310/332] removed debug messages --- hydra.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/hydra.c b/hydra.c index 2803fd8..e5f71a8 100644 --- a/hydra.c +++ b/hydra.c @@ -1597,7 +1597,6 @@ char *hydra_reverse_login(int32_t head_no, char *login) { FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ - fprintf(stdout, "Dividing file...\n"); if(my_segment > num_segments){ fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile); @@ -1610,11 +1609,7 @@ FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ uint32_t line_number = 0; - double total_lines; - if (total_lines = countlines(file,0)) - fprintf(stdout, "There are %f lines int the wordlist", total_lines); - else - fprintf(stderr, "Something went wrong in the counting of lines"); + double total_lines = countlines(file,0); if(num_segments > total_lines){ fprintf(stderr, "[ERROR] in option -D XofY, Y must not be greater than the total number of lines in the file to be divided: %s\n", hydra_options.passfile); @@ -2395,7 +2390,7 @@ int main(int argc, char *argv[]) { exit(EXIT_FAILURE); } else{ - fprintf(stdout, "successfully set X to %d and Y to %d\n", my_segment, num_segments); + fprintf(stdout, "-D: successfully set X to %d and Y to %d\n", my_segment, num_segments); } break; case 'h': From 5eea263707a82ccf071b0e11d210c86f22b74bf8 Mon Sep 17 00:00:00 2001 From: motypi Date: Tue, 11 Mar 2025 14:10:52 +0100 Subject: [PATCH 311/332] remove segment files at exit --- hydra.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/hydra.c b/hydra.c index e5f71a8..bb75d96 100644 --- a/hydra.c +++ b/hydra.c @@ -342,8 +342,12 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; -int32_t num_segments = 0; -int32_t my_segment = 0; + +// requred for distributed attack capability +uint32_t num_segments = 0; +uint32_t my_segment = 0; +uint32_t junk_file_count = 0; +char junk_files[20][16]; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -1595,8 +1599,12 @@ char *hydra_reverse_login(int32_t head_no, char *login) { return hydra_heads[head_no]->reverse; } +void delete_junk_files(){ + for(int i=0; i num_segments){ fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile); @@ -1627,7 +1635,9 @@ FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ uint64_t segment_end = segment_size * my_segment; - sprintf(output_file_name, "segment_%d.txt", my_segment); + fprintf(stdout, "writing filename\n"); + sprintf(output_file_name, "segment_%d_%d.txt",target_no, my_segment); + fprintf(stdout, "writing successful\n"); output_file = fopen(output_file_name, "w"); if(!output_file){ @@ -1635,6 +1645,11 @@ FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ return NULL; } + if(strcpy(junk_files[junk_file_count], output_file_name)) + junk_file_count++; + + atexit(delete_junk_files); + while(fgets(line, sizeof line, file) != NULL && line_number < segment_end){ line_number++; @@ -2390,7 +2405,7 @@ int main(int argc, char *argv[]) { exit(EXIT_FAILURE); } else{ - fprintf(stdout, "-D: successfully set X to %d and Y to %d\n", my_segment, num_segments); + fprintf(stdout, "Option \'D\': successfully set X to %d and Y to %d\n", my_segment, num_segments); } break; case 'h': @@ -3476,7 +3491,7 @@ int main(int argc, char *argv[]) { else if (hydra_options.passfile == NULL){ if(my_segment && num_segments){ filecloser = lfp; - lfp = hydra_divide_file(lfp, my_segment, num_segments); + lfp = hydra_divide_file(lfp, target_no, my_segment, num_segments); fclose(filecloser); } } @@ -3514,7 +3529,7 @@ int main(int argc, char *argv[]) { } else if(my_segment && num_segments){ filecloser = pfp; - pfp = hydra_divide_file(pfp, my_segment, num_segments); + pfp = hydra_divide_file(pfp, target_no, my_segment, num_segments); fclose(filecloser); } hydra_brains.countpass = countlines(pfp, 0); @@ -3573,7 +3588,7 @@ int main(int argc, char *argv[]) { } else if(my_segment && num_segments){ filecloser = cfp; - cfp = hydra_divide_file(cfp, my_segment, num_segments); + cfp = hydra_divide_file(cfp, target_no, my_segment, num_segments); fclose(filecloser); } hydra_brains.countlogin = countlines(cfp, 1); From 4fad67d30791ddfd3f95fe5d70f67a56e53b2ca0 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Tue, 11 Mar 2025 18:42:09 +0500 Subject: [PATCH 312/332] feat: added the ability to brute force a custom port --- hydra-postgres.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-postgres.c b/hydra-postgres.c index 6826c78..3b2cac9 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -41,7 +41,7 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, * Building the connection string */ - snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass); + snprintf(connection_string, sizeof(connection_string), "host = '%s' port = '%d' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), port, database, login, pass); if (verbose) hydra_report(stderr, "connection string: %s\n", connection_string); From 79f7d52ba2f2beadfbf504087500ca8c64fa8def Mon Sep 17 00:00:00 2001 From: xh4vm Date: Wed, 12 Mar 2025 13:07:12 +0500 Subject: [PATCH 313/332] feat: added paths for brute force and additional settings for all targets from the file --- hydra.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/hydra.c b/hydra.c index 30a8ece..d8ede22 100644 --- a/hydra.c +++ b/hydra.c @@ -267,6 +267,7 @@ typedef struct { typedef struct { char *target; + char *miscptr; char ip[36]; char *login_ptr; char *pass_ptr; @@ -1174,13 +1175,12 @@ void hydra_service_init(int32_t target_no) { int32_t x = 99; int32_t i; hydra_target *t = hydra_targets[target_no]; - char *miscptr = hydra_options.miscptr; FILE *ofp = hydra_brains.ofp; for (i = 0; x == 99 && i < sizeof(services) / sizeof(services[0]); i++) { if (strcmp(hydra_options.service, services[i].name) == 0) { if (services[i].init) { - x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target); + x = services[i].init(t->ip, -1, options, t->miscptr, ofp, t->port, t->target); break; } } @@ -1264,13 +1264,13 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { hydra_target *t = hydra_targets[target_no]; int32_t sp = hydra_heads[head_no]->sp[1]; - char *miscptr = hydra_options.miscptr; + // char *miscptr = hydra_options.miscptr; FILE *ofp = hydra_brains.ofp; hydra_target *head_target = hydra_targets[hydra_heads[head_no]->target_no]; for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { if (strcmp(hydra_options.service, services[i].name) == 0) { if (services[i].exec) { - services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target); + services[i].exec(t->ip, sp, options, t->miscptr, ofp, t->port, head_target->target); // just in case a module returns (which it shouldnt) we let it exit // here exit(-1); @@ -2177,7 +2177,7 @@ int main(int argc, char *argv[]) { int32_t i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch; int32_t head_no = 0, target_no = 0, exit_condition = 0, readres; time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; - char *tmpptr, *tmpptr2; + char *tmpptr, *tmpptr2, *tmpptr3; char rc, buf[MAXBUF]; time_t last_attempt = 0; fd_set fdreadheads; @@ -3543,7 +3543,7 @@ int main(int argc, char *argv[]) { fclose(rfp); } - if (hydra_options.infile_ptr != NULL) { + if (hydra_options.infile_ptr != NULL) { if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) { fprintf(stderr, "[ERROR] File for targets not found: %s\n", hydra_options.infile_ptr); exit(-1); @@ -3591,6 +3591,7 @@ int main(int argc, char *argv[]) { } } else hydra_targets[i]->target = tmpptr; + if ((tmpptr2 = strchr(tmpptr, ':')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; @@ -3600,6 +3601,13 @@ int main(int argc, char *argv[]) { } if (hydra_targets[i]->port == 0) hydra_targets[i]->port = hydra_options.port; + + if ((tmpptr3 = strchr(tmpptr, '/')) != NULL) { + hydra_targets[i]->miscptr = tmpptr3; + } + else + hydra_targets[i]->miscptr = "/"; + while (*tmpptr != 0) tmpptr++; tmpptr++; @@ -3622,6 +3630,7 @@ int main(int argc, char *argv[]) { memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; hydra_targets[0]->port = hydra_options.port; + hydra_targets[0]->miscptr = hydra_options.miscptr; sizeservers = strlen(hydra_options.server) + 1; } else { /* CIDR notation on command line, e.g. 192.168.0.0/24 */ @@ -3666,6 +3675,7 @@ int main(int argc, char *argv[]) { memcpy(&target.sin_addr.s_addr, (char *)&addr_cur2, 4); hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr)target.sin_addr)); hydra_targets[i]->port = hydra_options.port; + hydra_targets[i]->miscptr = hydra_options.miscptr; addr_cur++; i++; } @@ -3681,6 +3691,7 @@ int main(int argc, char *argv[]) { memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; hydra_targets[0]->port = hydra_options.port; + hydra_targets[0]->miscptr = hydra_options.miscptr; sizeservers = strlen(hydra_options.server) + 1; } for (i = 0; i < hydra_brains.targets; i++) { @@ -4113,7 +4124,7 @@ int main(int argc, char *argv[]) { } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else - printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + printf("[%d][%s] host: %s misc: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_targets[hydra_heads[head_no]->target_no]->miscptr, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { fprintf(hydra_brains.ofp, From 74b37e24c811c46576687d5f15fae484bdf10828 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 12 Mar 2025 10:37:01 +0100 Subject: [PATCH 314/332] unique segment filename --- hydra.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/hydra.c b/hydra.c index bb75d96..013c4d9 100644 --- a/hydra.c +++ b/hydra.c @@ -346,8 +346,7 @@ int32_t total_redo_count = 0; // requred for distributed attack capability uint32_t num_segments = 0; uint32_t my_segment = 0; -uint32_t junk_file_count = 0; -char junk_files[20][16]; +char junk_file[50]; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -1600,11 +1599,10 @@ char *hydra_reverse_login(int32_t head_no, char *login) { } void delete_junk_files(){ - for(int i=0; i num_segments){ fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile); @@ -1613,7 +1611,7 @@ FILE *hydra_divide_file(FILE *file, uint32_t target_no, uint32_t my_segment, uin FILE *output_file; char line[500]; - char output_file_name[20]; + char output_file_name[50]; uint32_t line_number = 0; @@ -1635,8 +1633,11 @@ FILE *hydra_divide_file(FILE *file, uint32_t target_no, uint32_t my_segment, uin uint64_t segment_end = segment_size * my_segment; - fprintf(stdout, "writing filename\n"); - sprintf(output_file_name, "segment_%d_%d.txt",target_no, my_segment); + + srand(time(NULL)); + int filetag = rand(); + + sprintf(output_file_name, "segment_%d_%d.txt",filetag, my_segment); fprintf(stdout, "writing successful\n"); output_file = fopen(output_file_name, "w"); @@ -1645,8 +1646,7 @@ FILE *hydra_divide_file(FILE *file, uint32_t target_no, uint32_t my_segment, uin return NULL; } - if(strcpy(junk_files[junk_file_count], output_file_name)) - junk_file_count++; + strcpy(junk_file, output_file_name); atexit(delete_junk_files); @@ -3491,7 +3491,7 @@ int main(int argc, char *argv[]) { else if (hydra_options.passfile == NULL){ if(my_segment && num_segments){ filecloser = lfp; - lfp = hydra_divide_file(lfp, target_no, my_segment, num_segments); + lfp = hydra_divide_file(lfp, my_segment, num_segments); fclose(filecloser); } } @@ -3529,7 +3529,7 @@ int main(int argc, char *argv[]) { } else if(my_segment && num_segments){ filecloser = pfp; - pfp = hydra_divide_file(pfp, target_no, my_segment, num_segments); + pfp = hydra_divide_file(pfp, my_segment, num_segments); fclose(filecloser); } hydra_brains.countpass = countlines(pfp, 0); @@ -3588,7 +3588,7 @@ int main(int argc, char *argv[]) { } else if(my_segment && num_segments){ filecloser = cfp; - cfp = hydra_divide_file(cfp, target_no, my_segment, num_segments); + cfp = hydra_divide_file(cfp, my_segment, num_segments); fclose(filecloser); } hydra_brains.countlogin = countlines(cfp, 1); From b8ea180d85fc391d5f349660081c3c8540b7b495 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 12 Mar 2025 10:38:25 +0100 Subject: [PATCH 315/332] unique segment filename --- hydra.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hydra.c b/hydra.c index 013c4d9..7def50a 100644 --- a/hydra.c +++ b/hydra.c @@ -1638,7 +1638,6 @@ FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ int filetag = rand(); sprintf(output_file_name, "segment_%d_%d.txt",filetag, my_segment); - fprintf(stdout, "writing successful\n"); output_file = fopen(output_file_name, "w"); if(!output_file){ From ad286790ca3ca7e61a3341ee784b95864d9349d7 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Thu, 13 Mar 2025 12:26:57 +0500 Subject: [PATCH 316/332] feat: integration with http[s]-* --- hydra.c | 132 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 67 insertions(+), 65 deletions(-) diff --git a/hydra.c b/hydra.c index d8ede22..492089c 100644 --- a/hydra.c +++ b/hydra.c @@ -3201,77 +3201,79 @@ int main(int argc, char *argv[]) { bail("Compiled without SSL support, module not available"); #endif } - if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an " - "additional option or via -m, default path set to /\n"); - hydra_options.miscptr = malloc(2); - hydra_options.miscptr = "/"; - } - // if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, - // "://") == NULL) - // bail("The web page you supplied must start with a \"/\", \"http://\" - // or \"https://\", e.g. \"/protected/login\""); - if (hydra_options.miscptr[0] != '/') - bail("optional parameter must start with a '/' slash!\n"); - if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " - "you can use only ONE for the service http-head/http-get!"); - if (getenv("HYDRA_PROXY_HTTP")) { - printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); - use_proxy = 1; - } - if (strstr(hydra_options.miscptr, "\\:") != NULL) { - fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module " - "option, no parameter verification is performed.\n"); - } else { - sprintf(bufferurl, "%.6000s", hydra_options.miscptr); - url = strtok(bufferurl, ":"); - variables = strtok(NULL, ":"); - cond = strtok(NULL, ":"); - optional1 = strtok(NULL, "\n"); - if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL && strstr(variables, "^USER64^") == NULL && strstr(variables, "^PASS64^") == NULL)) { - fprintf(stderr, - "[ERROR] the variables argument needs at least the strings " - "^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n", - STR_NULL(variables)); - exit(-1); + if (hydra_options.infile_ptr == NULL) { + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an " + "additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; } - if ((url == NULL) || (cond == NULL)) { - fprintf(stderr, - "[ERROR] Wrong syntax, requires three arguments separated by " - "a colon which may not be null: %s\n", - bufferurl); - exit(-1); + // if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, + // "://") == NULL) + // bail("The web page you supplied must start with a \"/\", \"http://\" + // or \"https://\", e.g. \"/protected/login\""); + if (hydra_options.miscptr[0] != '/') + bail("optional parameter must start with a '/' slash!\n"); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; } - while ((optional1 = strtok(NULL, ":")) != NULL) { - if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { - fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); + if (strstr(hydra_options.miscptr, "\\:") != NULL) { + fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module " + "option, no parameter verification is performed.\n"); + } else { + sprintf(bufferurl, "%.6000s", hydra_options.miscptr); + url = strtok(bufferurl, ":"); + variables = strtok(NULL, ":"); + cond = strtok(NULL, ":"); + optional1 = strtok(NULL, "\n"); + if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL && strstr(variables, "^USER64^") == NULL && strstr(variables, "^PASS64^") == NULL)) { + fprintf(stderr, + "[ERROR] the variables argument needs at least the strings " + "^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n", + STR_NULL(variables)); exit(-1); } + if ((url == NULL) || (cond == NULL)) { + fprintf(stderr, + "[ERROR] Wrong syntax, requires three arguments separated by " + "a colon which may not be null: %s\n", + bufferurl); + exit(-1); + } + while ((optional1 = strtok(NULL, ":")) != NULL) { + if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { + fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); + exit(-1); + } - switch (optional1[0]) { - case 'C': // fall through - case 'c': - if (optional1[1] != '=' || optional1[2] != '/') { - fprintf(stderr, - "[ERROR] Wrong syntax of parameter C, must look like " - "'C=/url/of/page', not http:// etc.: %s\n", - optional1); - exit(-1); + switch (optional1[0]) { + case 'C': // fall through + case 'c': + if (optional1[1] != '=' || optional1[2] != '/') { + fprintf(stderr, + "[ERROR] Wrong syntax of parameter C, must look like " + "'C=/url/of/page', not http:// etc.: %s\n", + optional1); + exit(-1); + } + break; + case 'H': // fall through + case 'h': + if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { + fprintf(stderr, + "[ERROR] Wrong syntax of parameter H, must look like " + "'H=X-My-Header: MyValue', no http:// : %s\n", + optional1); + exit(-1); + } + break; + default: + fprintf(stderr, "[ERROR] Unknown optional argument: %s\n", optional1); } - break; - case 'H': // fall through - case 'h': - if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { - fprintf(stderr, - "[ERROR] Wrong syntax of parameter H, must look like " - "'H=X-My-Header: MyValue', no http:// : %s\n", - optional1); - exit(-1); - } - break; - default: - fprintf(stderr, "[ERROR] Unknown optional argument: %s\n", optional1); } } } From ba45db1496584f3a2cd439cb794d54c7fc82b202 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Fri, 14 Mar 2025 19:28:04 +0500 Subject: [PATCH 317/332] feat: added documentation --- hydra-http-form.c | 5 +++++ hydra-http.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index 4c6919b..7f56091 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1613,6 +1613,11 @@ void usage_http_form(const char *service) { "You can specify a header without escaping the colons, but that way you will not\n" "be able to put colons in the header value itself, as they will be interpreted by\n" "hydra as option separators.\n" + "Note: to attack multiple targets, you only need to pass the path to the file containing the targets with parameters,\n" + "for example, a file with targets:\n\n" + " localhost:8443/login:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=401\n" + " localhost:9443/login2:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=302\n" + " ...\n\n" "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" " \"/" diff --git a/hydra-http.c b/hydra-http.c index ba9a676..c083e8c 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -473,6 +473,11 @@ void usage_http(const char *service) { "present the\n" " combination is invalid. Note: this must be the last option " "supplied.\n" + "Note: to attack multiple targets, you only need to pass the path to the file containing the targets with parameters,\n" + "for example, a file with targets:\n\n" + " localhost:5000/protected:A=BASIC\n" + " localhost:5002/protected:A=NTLM\n" + " ...\n\n" "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: " "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service); From aae8baae838ef02eb529f8e63b30747cae3ab4a4 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Tue, 18 Mar 2025 17:32:56 +0500 Subject: [PATCH 318/332] fix: hydra-http documentation --- hydra-http.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) mode change 100644 => 100755 hydra-http.c diff --git a/hydra-http.c b/hydra-http.c old mode 100644 new mode 100755 index c083e8c..e78f865 --- a/hydra-http.c +++ b/hydra-http.c @@ -473,12 +473,13 @@ void usage_http(const char *service) { "present the\n" " combination is invalid. Note: this must be the last option " "supplied.\n" - "Note: to attack multiple targets, you only need to pass the path to the file containing the targets with parameters,\n" - "for example, a file with targets:\n\n" - " localhost:5000/protected:A=BASIC\n" - " localhost:5002/protected:A=NTLM\n" - " ...\n\n" "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: " - "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", + "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n" + "To attack multiple targets, you can use the -M option with a file " + "containing the targets and their parameters.\n" + "Example file content:\n" + " localhost:5000/protected:A=BASIC\n" + " localhost:5002/protected_path:A=NTLM\n" + " ...\n\n", service); } From b81105f6af5b7e1ba43be3863a764bbd2b11c078 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Tue, 18 Mar 2025 17:35:41 +0500 Subject: [PATCH 319/332] fix: hydra-http-form documentation --- hydra-http-form.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) mode change 100644 => 100755 hydra-http-form.c diff --git a/hydra-http-form.c b/hydra-http-form.c old mode 100644 new mode 100755 index 7f56091..af2f457 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1613,11 +1613,6 @@ void usage_http_form(const char *service) { "You can specify a header without escaping the colons, but that way you will not\n" "be able to put colons in the header value itself, as they will be interpreted by\n" "hydra as option separators.\n" - "Note: to attack multiple targets, you only need to pass the path to the file containing the targets with parameters,\n" - "for example, a file with targets:\n\n" - " localhost:8443/login:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=401\n" - " localhost:9443/login2:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=302\n" - " ...\n\n" "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" " \"/" @@ -1629,6 +1624,12 @@ void usage_http_form(const char *service) { " \"/exchweb/bin/auth/:F=failed" "owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&" "username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:" - "C=/exchweb\":reason=\n", + "C=/exchweb\":reason=\n" + "To attack multiple targets, you can use the -M option with a file " + "containing the targets and their parameters.\n" + "Example file content:\n" + " localhost:8443/login:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=401\n" + " localhost:9443/login2:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=302\n" + " ...\n\n", service); } From 3c233fdbc095842daa935753ec4dca5092c47baf Mon Sep 17 00:00:00 2001 From: motypi Date: Tue, 18 Mar 2025 16:05:08 +0100 Subject: [PATCH 320/332] Used freetds to use TDSv7. First working version. --- Makefile | 109 ++++++++++++++++++++++++++++++++++++++++++++++++-- hydra-mssql.c | 103 ++++++++--------------------------------------- 2 files changed, 122 insertions(+), 90 deletions(-) diff --git a/Makefile b/Makefile index 0fc0d2e..b228a4e 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,111 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DHAVE_PCRE -DHAVE_ZLIB -DHAVE_MATH_H -DHAVE_SYS_PARAM_H +XLIBS= -lz -lcurses -lssl -lpcre2-8 -lcrypto -lsybdb +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu +XIPATHS= -I/usr/include -I/usr/include +PREFIX=/usr/local +XHYDRA_SUPPORT= +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -Wl,--allow-multiple-definition + +# +# Makefile for Hydra - (c) 2001-2023 by van Hauser / THC +# +WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations +WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align +CFLAGS ?= -g +OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations +CPPFLAGS += -D_GNU_SOURCE +# -Wall -g -pedantic +LIBS=-lm +DESTDIR ?= +BINDIR = /bin +MANDIR = /man/man1/ +DATADIR = /etc +PIXDIR = /share/pixmaps +APPDIR = /share/applications + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + -strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) + -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ + -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) + -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - @echo Error: you must run "./configure" first + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv + -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 + -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png + -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop diff --git a/hydra-mssql.c b/hydra-mssql.c index ee273ca..17f5bee 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -1,113 +1,42 @@ #include "hydra-mod.h" - -#define MSLEN 30 +#include +#include extern char *HYDRA_EXIT; char *buf; -unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; -unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" - "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" - "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00"; -unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" - "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" - "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00"; -unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" - "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" - "\x00\x03\x00\x00\x00"; - int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; - char *login, *pass, buffer[1024]; - char ms_login[MSLEN + 1]; - char ms_pass[MSLEN + 1]; - unsigned char len_login, len_pass; - int32_t ret = -1; + char *login, *pass; + char *ipaddr_str = hydra_address2string(ip); + + fprintf(stdout, "The target ip is: %s\n", ipaddr_str); + if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - if (strlen(login) > MSLEN) - login[MSLEN - 1] = 0; - if (strlen(pass) > MSLEN) - pass[MSLEN - 1] = 0; - len_login = strlen(login); - len_pass = strlen(pass); - memset(ms_login, 0, MSLEN + 1); - memset(ms_pass, 0, MSLEN + 1); - strcpy(ms_login, login); - strcpy(ms_pass, pass); - memset(buffer, 0, sizeof(buffer)); - memcpy(buffer, p_hdr, 39); - memcpy(buffer + 39, ms_login, MSLEN); - memcpy(buffer + MSLEN + 39, &len_login, 1); - memcpy(buffer + MSLEN + 1 + 39, ms_pass, MSLEN); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN, &len_pass, 1); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1, p_pk2, 110); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110, &len_pass, 1); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1, ms_pass, MSLEN); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN, p_pk3, 270); + DBPROCESS *dbproc; + LOGINREC *attempt; - if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) - return 1; - if (hydra_send(s, (char *)p_lng, 71, 0) < 0) - return 1; + dbinit(); + attempt = dblogin(); + DBSETLUSER(attempt, login); + DBSETLPWD(attempt, pass); - memset(buffer, 0, sizeof(buffer)); - ret = hydra_recv_nb(s, buffer, sizeof(buffer)); + // Connect without specifying a database + dbproc = dbopen(attempt, ipaddr_str); - if (ret <= 0) - return 3; - - if (ret > 10 && buffer[8] == '\xe3') { + if (dbproc != NULL) { hydra_report_found_host(port, ip, "mssql", fp); hydra_completed_pair_found(); - free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } - free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; From 3635dff5ff317a375948cd2b6893a481e183ccbd Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 07:41:46 +0100 Subject: [PATCH 321/332] handle libraries accommodate old version of TDS --- configure | 37 ++++++++++++++- hydra-mssql.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 153 insertions(+), 7 deletions(-) diff --git a/configure b/configure index 1ae09a9..dc86adb 100755 --- a/configure +++ b/configure @@ -185,6 +185,32 @@ else echo " ... zlib not found, gzip support disabled" fi +echo "Checking for sybdb (sybdb.h) ..." +for i in $INCDIRS; do + if [ -f "$i/sybdb.h" ]; then + HAVE_SYBDB="y" + fi +done + +if [ -n "$HAVE_SYBDB" ]; then + echo " ... found" +else + echo " ... sybdb not found, MSSQL module will lack TDSv7 support" +fi + +echo "Checking for sybfront (sybfront.h) ..." +for i in $INCDIRS; do + if [ -f "$i/sybfront.h" ]; then + HAVE_SYBFRONT="y" + fi +done + +if [ -n "$HAVE_SYBFRONT" ]; then + echo " ... found" +else + echo " ... sybfront not found, MSSQL module will lack TDSv7 support" +fi + echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..." if [ "X" != "X$DEBUG" ]; then echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null` @@ -1496,6 +1522,12 @@ fi if [ -n "$RSA" ]; then XDEFINES="$XDEFINES -DNO_RSA_LEGACY" fi +if [ -n "$HAVE_SYBDB" ]; then + XDEFINES="$XDEFINES -DHAVE_SYBDB" +fi +if [ -n "$HAVE_SYBFRONT" ]; then + XDEFINES="$XDEFINES -DHAVE_SYBFRONT" +fi if [ -n "$HAVE_ZLIB" ]; then XDEFINES="$XDEFINES -DHAVE_ZLIB" fi @@ -1627,6 +1659,9 @@ fi if [ -n "$HAVE_ZLIB" ]; then XLIBS="$XLIBS -lz" fi +if [ -n "$HAVE_SYBDB" ]; then + XLIBS="$XLIBS -lsybdb" +fi if [ -n "$CURSES_PATH" ]; then XLIBS="$XLIBS -lcurses" fi @@ -1804,4 +1839,4 @@ if [ "x$NOSTRIP" = "x" ]; then else cat Makefile.am | sed 's/^install:.*/install: all/' >> Makefile fi -echo "now type \"make\"" +echo "now type \"make\"" \ No newline at end of file diff --git a/hydra-mssql.c b/hydra-mssql.c index 17f5bee..4131b54 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -1,18 +1,15 @@ #include "hydra-mod.h" -#include -#include - extern char *HYDRA_EXIT; char *buf; +#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) +#include +#include int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char *ipaddr_str = hydra_address2string(ip); - fprintf(stdout, "The target ip is: %s\n", ipaddr_str); - - if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -43,6 +40,120 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } +#else +#define MSLEN 30 + +unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; +unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" + "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" + "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00"; +unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" + "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" + "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00"; +unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" + "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" + "\x00\x03\x00\x00\x00"; + +int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *login, *pass, buffer[1024]; + char ms_login[MSLEN + 1]; + char ms_pass[MSLEN + 1]; + unsigned char len_login, len_pass; + int32_t ret = -1; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + if (strlen(login) > MSLEN) + login[MSLEN - 1] = 0; + if (strlen(pass) > MSLEN) + pass[MSLEN - 1] = 0; + len_login = strlen(login); + len_pass = strlen(pass); + memset(ms_login, 0, MSLEN + 1); + memset(ms_pass, 0, MSLEN + 1); + strcpy(ms_login, login); + strcpy(ms_pass, pass); + + memset(buffer, 0, sizeof(buffer)); + memcpy(buffer, p_hdr, 39); + memcpy(buffer + 39, ms_login, MSLEN); + memcpy(buffer + MSLEN + 39, &len_login, 1); + memcpy(buffer + MSLEN + 1 + 39, ms_pass, MSLEN); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN, &len_pass, 1); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1, p_pk2, 110); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110, &len_pass, 1); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1, ms_pass, MSLEN); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN, p_pk3, 270); + + if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) + return 1; + if (hydra_send(s, (char *)p_lng, 71, 0) < 0) + return 1; + + memset(buffer, 0, sizeof(buffer)); + ret = hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 10 && buffer[8] == '\xe3') { + hydra_report_found_host(port, ip, "mssql", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; +} + +#endif void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; From 17c6228f7bf6d680bc7d41447dd807e2193d221c Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 08:01:10 +0100 Subject: [PATCH 322/332] generated Makefile --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index b228a4e..47b1751 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DHAVE_PCRE -DHAVE_ZLIB -DHAVE_MATH_H -DHAVE_SYS_PARAM_H -XLIBS= -lz -lcurses -lssl -lpcre2-8 -lcrypto -lsybdb +XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DHAVE_PCRE -DHAVE_SYBDB -DHAVE_SYBFRONT -DHAVE_ZLIB -DHAVE_MATH_H -DHAVE_SYS_PARAM_H +XLIBS= -lz -lsybdb -lcurses -lssl -lpcre2-8 -lcrypto XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu XIPATHS= -I/usr/include -I/usr/include PREFIX=/usr/local From 369374b1661712e80e0c6d9ec48962cd936aa7a2 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 12:14:50 +0100 Subject: [PATCH 323/332] revert Makefile --- Makefile | 109 ++----------------------------------------------------- 1 file changed, 3 insertions(+), 106 deletions(-) diff --git a/Makefile b/Makefile index 47b1751..0fc0d2e 100644 --- a/Makefile +++ b/Makefile @@ -1,111 +1,8 @@ -STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DHAVE_PCRE -DHAVE_SYBDB -DHAVE_SYBFRONT -DHAVE_ZLIB -DHAVE_MATH_H -DHAVE_SYS_PARAM_H -XLIBS= -lz -lsybdb -lcurses -lssl -lpcre2-8 -lcrypto -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu -XIPATHS= -I/usr/include -I/usr/include -PREFIX=/usr/local -XHYDRA_SUPPORT= -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -Wl,--allow-multiple-definition - -# -# Makefile for Hydra - (c) 2001-2023 by van Hauser / THC -# -WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations -WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align -CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations -CPPFLAGS += -D_GNU_SOURCE -# -Wall -g -pedantic -LIBS=-lm -DESTDIR ?= -BINDIR = /bin -MANDIR = /man/man1/ -DATADIR = /etc -PIXDIR = /share/pixmaps -APPDIR = /share/applications - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ - hydra-smb2.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ - hydra-smb2.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - -strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) - -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ - -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) - -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv - -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 - -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png - -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop + @echo Error: you must run "./configure" first From bc48f7625b66b969c35a127b5aa34a8dc6f2456d Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 20:14:23 +0100 Subject: [PATCH 324/332] added dbclose() and dbexit() in mssql module --- hydra-mssql.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hydra-mssql.c b/hydra-mssql.c index 4131b54..f13c20a 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -19,7 +19,9 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch LOGINREC *attempt; dbinit(); + attempt = dblogin(); + DBSETLUSER(attempt, login); DBSETLPWD(attempt, pass); @@ -27,6 +29,8 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch dbproc = dbopen(attempt, ipaddr_str); if (dbproc != NULL) { + dbclose(dbproc); + dbexit(); hydra_report_found_host(port, ip, "mssql", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -35,12 +39,15 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch } hydra_completed_pair(); + dbclose(dbproc); + dbexit(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } #else + #define MSLEN 30 unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" From 5f706c707131970dfe59bcdcc0560f39bec336a3 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 20:35:29 +0100 Subject: [PATCH 325/332] freetds install in README --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 44cb585..66c819a 100644 --- a/README +++ b/README @@ -96,7 +96,7 @@ for a few optional modules (note that some might not be available on your distri apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird-dev libmemcached-dev libgpg-error-dev \ - libgcrypt11-dev libgcrypt20-dev + libgcrypt11-dev libgcrypt20-dev freetds-dev ``` This enables all optional modules and features with the exception of Oracle, From b5eb38e48fdaf5c9facd3f0af7c2b0a3642df00f Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 24 Mar 2025 09:05:03 +0100 Subject: [PATCH 326/332] mixed TDS7 into old function --- hydra-mssql.c | 48 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/hydra-mssql.c b/hydra-mssql.c index f13c20a..064486b 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -5,7 +5,7 @@ char *buf; #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) #include #include -int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { +int32_t start_mssql7(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char *ipaddr_str = hydra_address2string(ip); @@ -18,8 +18,6 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch DBPROCESS *dbproc; LOGINREC *attempt; - dbinit(); - attempt = dblogin(); DBSETLUSER(attempt, login); @@ -39,14 +37,12 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch } hydra_completed_pair(); - dbclose(dbproc); - dbexit(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } -#else +#endif #define MSLEN 30 @@ -101,6 +97,7 @@ unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024]; + char *ipaddr_str = hydra_address2string(ip); char ms_login[MSLEN + 1]; char ms_pass[MSLEN + 1]; unsigned char len_login, len_pass; @@ -110,6 +107,39 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; +#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) + if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){ + + DBPROCESS *dbproc; + LOGINREC *attempt; + + attempt = dblogin(); + + DBSETLUSER(attempt, login); + DBSETLPWD(attempt, pass); + + // Connect without specifying a database + dbproc = dbopen(attempt, ipaddr_str); + + if (dbproc != NULL) { + dbclose(dbproc); + dbexit(); + hydra_report_found_host(port, ip, "mssql", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; + + } + +#endif if (strlen(login) > MSLEN) login[MSLEN - 1] = 0; if (strlen(pass) > MSLEN) @@ -160,12 +190,14 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -#endif - void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; + #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) + dbinit(); + #endif + hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; From 1af16824144c17cc97517435d3ea99364b7a0d3b Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 24 Mar 2025 10:23:51 +0100 Subject: [PATCH 327/332] delete tds7 function and print warning --- hydra-mssql.c | 42 ++++-------------------------------------- 1 file changed, 4 insertions(+), 38 deletions(-) diff --git a/hydra-mssql.c b/hydra-mssql.c index 064486b..1133641 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -5,43 +5,6 @@ char *buf; #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) #include #include -int32_t start_mssql7(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = ""; - char *login, *pass; - char *ipaddr_str = hydra_address2string(ip); - - if (strlen(login = hydra_get_next_login()) == 0) - login = empty; - if (strlen(pass = hydra_get_next_password()) == 0) - pass = empty; - - DBPROCESS *dbproc; - LOGINREC *attempt; - - attempt = dblogin(); - - DBSETLUSER(attempt, login); - DBSETLPWD(attempt, pass); - - // Connect without specifying a database - dbproc = dbopen(attempt, ipaddr_str); - - if (dbproc != NULL) { - dbclose(dbproc); - dbexit(); - hydra_report_found_host(port, ip, "mssql", fp); - hydra_completed_pair_found(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 2; - return 1; - } - - hydra_completed_pair(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 2; - - return 1; -} #endif #define MSLEN 30 @@ -138,7 +101,10 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } - +#else + if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){ + fprintf(stderr,"[WARNING] To crack credentials longer than 30 characters, install freetds and recompile\n"); + } #endif if (strlen(login) > MSLEN) login[MSLEN - 1] = 0; From 21262626e0d79e60421c3305366cd6e26927d310 Mon Sep 17 00:00:00 2001 From: iskanred Date: Tue, 1 Apr 2025 04:59:28 +0300 Subject: [PATCH 328/332] Fix typo in README: lenght --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 44cb585..1c7cf74 100644 --- a/README +++ b/README @@ -267,7 +267,7 @@ Examples: -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters -x 2:5:/ generate passwords from length 2 to 5 containing only slashes -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers --x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates lenght 3 passwords with all 95 characters, and verbose. +-x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates length 3 passwords with all 95 characters, and verbose. ``` Example: From f80dc5aa023c911a2b8f7a5998ffe251118a0535 Mon Sep 17 00:00:00 2001 From: oss-belobog Date: Wed, 4 Jun 2025 00:54:30 +0800 Subject: [PATCH 329/332] fix several memory leaks --- hydra-ftp.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/hydra-ftp.c b/hydra-ftp.c index 590d671..c6e256c 100644 --- a/hydra-ftp.c +++ b/hydra-ftp.c @@ -26,8 +26,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char if (verbose) printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + free(buf); return 4; + } free(buf); return 1; } @@ -35,8 +37,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char if (buf[0] == '2') { hydra_report_found_host(port, ip, "ftp", fp); hydra_completed_pair_found(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + free(buf); return 4; + } free(buf); return 1; } @@ -61,8 +65,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char if (buf[0] == '2') { hydra_report_found_host(port, ip, "ftp", fp); hydra_completed_pair_found(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + free(buf); return 4; + } free(buf); return 1; } From 5ddee91edc377ec9dc11105b5ef05f8e30fc48bd Mon Sep 17 00:00:00 2001 From: xh4vm Date: Sun, 29 Jun 2025 19:22:31 +0500 Subject: [PATCH 330/332] feat: pop3 capa fix --- hydra-pop3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-pop3.c b/hydra-pop3.c index acd6c2e..3671a95 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -109,7 +109,7 @@ char *pop3_read_server_capacity(int32_t sock) { buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; - if (*(ptr) == '.' || *(ptr) == '-') + if (buf[strlen(buf) - 1] == '.' || *(ptr) == '.' || *(ptr) == '-') resp = 1; } } From cbd08d570275489b4b205c82878f835add924992 Mon Sep 17 00:00:00 2001 From: lhywk Date: Thu, 3 Jul 2025 05:07:27 +0000 Subject: [PATCH 331/332] Add NULL check after hydra_receive_line() in start_redis() --- hydra-redis.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hydra-redis.c b/hydra-redis.c index 179007c..5a81cec 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -24,6 +24,11 @@ int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } buf = hydra_receive_line(s); + if (buf == NULL) { + hydra_report(stderr, "[ERROR] Failed to receive response from Redis server.\n"); + return 3; + } + if (buf[0] == '+') { hydra_report_found_host(port, ip, "redis", fp); hydra_completed_pair_found(); From 7a7dd0375856a8fae6439142e4119082ddea6d36 Mon Sep 17 00:00:00 2001 From: Daniel Pimentel Date: Thu, 24 Jul 2025 19:33:19 -0300 Subject: [PATCH 332/332] fix spelling --- hydra-http-form.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index af2f457..7de90e3 100755 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1590,7 +1590,7 @@ void usage_http_form(const char *service) { " the sent/received data!\n" " Note that using invalid login condition checks can result in false positives!\n" "\nThe following parameters are optional and are put between the form parameters\n" - "and the condition string; seperate them too with colons:\n" + "and the condition string; separate them too with colons:\n" " 1= 401 error response is interpreted as user/pass wrong\n" " 2= 302 page forward return codes identify a successful attempt\n" " M= attack forms that use multipart format\n"