diff -Nru hydra-9.2/CHANGES hydra-9.4/CHANGES --- hydra-9.2/CHANGES 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/CHANGES 2022-09-08 08:32:44.000000000 +0000 @@ -1,6 +1,28 @@ Changelog for hydra ------------------- +Release 9.4 +* Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian +* Small fix for weird RTSP servers +* Added "2=" optional parameter to http-post-form module to tell hydra that + a "302" HTTP return code means success +* replaced wait3 with waitpid for better compatability + + +Release 9.3 +* support Xcode compilation +* new module: cobaltstrike by ultimaiiii, thank you! +* fix for ssh to support -M or ip/range +* fix for rdp to detect empty passwords +* fix for http-form to no send empty headers +* fix for http on non-default ports when using with a proxy +* for vnc/cisco/... protocols that only check for a password, skip host + after the password is found +* fix to support IPv6 addresses in -M +* fix to test all entries in -C files, not exiting after the first found +* make disappearing targets faster to terminate on +* added "make uninstall" + Release 9.2 * fix for http-post-form optional parameters diff -Nru hydra-9.2/CITATION.cff hydra-9.4/CITATION.cff --- hydra-9.2/CITATION.cff 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/CITATION.cff 2022-09-08 08:32:44.000000000 +0000 @@ -0,0 +1,20 @@ +cff-version: 1.2.0 +message: "If you use this software, please cite it as below." +authors: + - given-names: Marc + family-names: Heuse + name-particle: "van Hauser" + email: vh@thc.org + affiliation: The Hacker's Choice +title: "hydra" +version: 9.2 +type: software +date-released: 2021-03-15 +url: "https://github.com/vanhauser-thc/thc-hydra" +keywords: + - scanning + - passwords + - hacking + - pentesting + - securiy +license: AGPL-3.0-or-later diff -Nru hydra-9.2/configure hydra-9.4/configure --- hydra-9.2/configure 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/configure 2022-09-08 08:32:44.000000000 +0000 @@ -380,21 +380,21 @@ CURSES_IPATH="" fi -echo "Checking for pcre (libpcre/pcre.h) ..." +echo "Checking for pcre2 (libpcre/pcre.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$PCRE_PATH" ]; then - if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then + if [ -f "$i/libpcre2-8.so" -o -f "$i/libpcre2-8.dylib" -o -f "$i/libpcre2-8.a" ]; then PCRE_PATH="$i" fi fi if [ "X" = "X$PCRE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libpcre.so* 2> /dev/null | grep libpcre.` + TMP_LIB=`/bin/ls $i/libpcre2*.so* 2> /dev/null | grep libpcre.` if [ -n "$TMP_LIB" ]; then PCRE_PATH="$i" fi fi if [ "X" = "X$PCRE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libpcre.dll* 2> /dev/null | grep libpcre.` + TMP_LIB=`/bin/ls $i/libpcre2*.dll* 2> /dev/null | grep libpcre.` if [ -n "$TMP_LIB" ]; then PCRE_PATH="$i" fi @@ -402,20 +402,20 @@ done for i in $INCDIRS ; do if [ "X" != "X$PCRE_PATH" ]; then - if [ -f "$i/pcre.h" ]; then + if [ -f "$i/pcre2.h" ]; then PCRE_IPATH="$i" fi fi done if [ "X" != "X$DEBUG" ]; then echo DEBUG: PCRE_PATH=$PCRE_PATH/libpcre - echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre.h + echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre2.h fi if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then - echo " ... NOT found, server response checks will be less reliable" + echo " ... NOT found, server response checks will be less reliable" PCRE_PATH="" PCRE_IPATH="" fi @@ -998,11 +998,9 @@ if [ "X" = "X$MCACHED_IPATH" ]; then if [ -f "$i/memcached.h" ]; then MCACHED_IPATH="$i" - fi - if [ -f "$i/libmemcached/memcached.h" ]; then + elif [ -f "$i/libmemcached/memcached.h" ]; then MCACHED_IPATH="$i/libmemcached" - fi - if [ -f "$i/libmemcached-1.0/memcached.h" ]; then + elif [ -f "$i/libmemcached-1.0/memcached.h" ]; then MCACHED_IPATH="$i/libmemcached-1.0" fi fi @@ -1362,6 +1360,10 @@ echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c $CC -o $TMPC $TMPC.c > /dev/null 2>&1 test -x $TMPC && STRRCHR="" +rm -f $TMPC +$CC -o $TMPC -Wl,--allow-multiple-definition $TMPC.c > /dev/null 2>&1 +WALLOW="no" +test -x $TMPC && WALLOW="yes" rm -f $TMPC $TMPC.c echo " ... strrchr()$STRRCHR found" if [ -n "$CRYPTO_PATH" ]; then @@ -1392,6 +1394,11 @@ echo " Compiling... $GCCSEC" echo " Linking... $LDSEC" +echo "Checking for --allow-multiple-definition linker option ... $WALLOW" +if [ "$WALLOW" = "yes" ]; then + GCCSECOPT="$GCCSECOPT -Wl,--allow-multiple-definition" +fi + echo XDEFINES="" XLIBS="" @@ -1642,7 +1649,7 @@ XLIBS="$XLIBS -lidn" fi if [ -n "$PCRE_PATH" ]; then - XLIBS="$XLIBS -lpcre" + XLIBS="$XLIBS -lpcre2-8" fi if [ -n "$MYSQL_PATH" ]; then XLIBS="$XLIBS -lmysqlclient" diff -Nru hydra-9.2/_config.yml hydra-9.4/_config.yml --- hydra-9.2/_config.yml 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/_config.yml 2022-09-08 08:32:44.000000000 +0000 @@ -0,0 +1,2 @@ +title: "thc-hydra" +theme: jekyll-theme-midnight diff -Nru hydra-9.2/debian/changelog hydra-9.4/debian/changelog --- hydra-9.2/debian/changelog 2022-01-31 21:45:43.000000000 +0000 +++ hydra-9.4/debian/changelog 2022-10-23 01:25:55.000000000 +0000 @@ -1,15 +1,51 @@ -hydra (9.2-1ubuntu1) jammy; urgency=medium +hydra (9.4-1) unstable; urgency=medium - * Adjust include directory for memcached so as to not shadow the - /usr/include/limits.h file for the one in memcached (LP: #1959622). + * New upstream release. + * debian/control + + Bump Standards-Version to 4.6.1 (no changes). + * debian/copyright + + Extend debian copyright holders years. + * debian/patches + + Refresh 03_use_bin_path.diff patch. + + Remove 10_switch_pcre2_lib.diff patch. + + Merge with upstream. + * debian/source/lintian-overrides + + Add lintian overrides for some long lines. + + -- Daniel Echeverri Sat, 22 Oct 2022 20:25:55 -0500 + +hydra (9.3-3) unstable; urgency=medium + + * debian/patches + + Refresh 11_change_exit_output.diff patch. (Closes: #1008028) + * debian/rules + + Add DEB_HOST_GNU_TYPE and DEB_BUILD_GNU_TYPE variables. + + -- Daniel Echeverri Sat, 16 Apr 2022 16:26:41 -0500 + +hydra (9.3-2) unstable; urgency=medium + + * debian/patches + + Add 11_change_exit_output.diff patch. + + Make build fails when xhydra can't compile. (Closes: #1008028) + * debian/upstream/metadata + + Remove obsolete field Name. + + -- Daniel Echeverri Sat, 02 Apr 2022 12:35:54 -0500 + +hydra (9.3-1) unstable; urgency=medium + + * New upstream release. (Closes: #1004707). + * Update d/docs file. + * debian/control + + Switch to pcre2 lib. (Closes: #1000116). + * debian/patches + + Refresh 05_add_option_to_cflag.diff patch. + + Refresh 07_remove_troubled_files.diff patch. + + Add Forwarded field to 03_use_bin_path.diff patch. + + Add 10_switch_pcre2_lib.diff patch. - -- Dan Bungert Mon, 31 Jan 2022 14:45:43 -0700 - -hydra (9.2-1build1) jammy; urgency=medium - - * No-change rebuild against libssl3 - - -- Steve Langasek Wed, 08 Dec 2021 23:34:21 +0000 + -- Daniel Echeverri Wed, 02 Mar 2022 21:57:37 -0500 hydra (9.2-1) unstable; urgency=medium diff -Nru hydra-9.2/debian/control hydra-9.4/debian/control --- hydra-9.2/debian/control 2021-12-08 23:34:21.000000000 +0000 +++ hydra-9.4/debian/control 2022-10-06 04:00:46.000000000 +0000 @@ -1,8 +1,7 @@ Source: hydra Section: net Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Debian Security Tools +Maintainer: Debian Security Tools Uploaders: Julián Moreno Patiño , Daniel Echeverri Build-Depends: debhelper-compat (= 13), firebird-dev[!hurd-any], @@ -14,13 +13,13 @@ libmemcached-dev, libmongoc-dev, libncurses-dev, - libpcre3-dev, + libpcre2-dev, libpq-dev, libssh-dev, libsvn-dev, pkg-config, dh-exec -Standards-Version: 4.6.0.1 +Standards-Version: 4.6.1 Homepage: https://github.com/vanhauser-thc/thc-hydra Vcs-Git: https://salsa.debian.org/pkg-security-team/hydra.git Vcs-Browser: https://salsa.debian.org/pkg-security-team/hydra diff -Nru hydra-9.2/debian/copyright hydra-9.4/debian/copyright --- hydra-9.2/debian/copyright 2021-11-13 00:52:46.000000000 +0000 +++ hydra-9.4/debian/copyright 2022-10-06 04:07:21.000000000 +0000 @@ -11,7 +11,7 @@ Files: debian/* Copyright: 2011-2014 Julián Moreno Patiño 2019 Sophie Brun - 2011-2019 Daniel Echeverry + 2011-2022 Daniel Echeverri 2004 Andrés Roldán License: AGPL-3.0 with OpenSSL exception diff -Nru hydra-9.2/debian/docs hydra-9.4/debian/docs --- hydra-9.2/debian/docs 2021-11-13 00:52:46.000000000 +0000 +++ hydra-9.4/debian/docs 2022-10-06 03:28:27.000000000 +0000 @@ -1 +1 @@ -README.md +README diff -Nru hydra-9.2/debian/patches/03_use_bin_path.diff hydra-9.4/debian/patches/03_use_bin_path.diff --- hydra-9.2/debian/patches/03_use_bin_path.diff 2021-11-13 00:52:58.000000000 +0000 +++ hydra-9.4/debian/patches/03_use_bin_path.diff 2022-10-06 03:42:34.000000000 +0000 @@ -1,7 +1,7 @@ Description: Use /usr/bin/hydra path by default in xhydra. -Forwarded: no +Forwarded: not-needed Author: Julián Moreno Patiño -Last-Update: 2020-07-30 +Last-Update: 2022-10-05 --- a/hydra-gtk/src/main.c +++ b/hydra-gtk/src/main.c @@ -14,9 +14,9 @@ @@ -13,6 +13,6 @@ char *hydra_path2 = "/usr/local/bin/hydra"; -char *hydra_path3 = "/usr/bin/hydra"; +char *hydra_path3 = "./hydra"; + char *hydra_path4 = "/data/data/com.termux/files/usr/bin/hydra"; + char *hydra_path5 = "/data/data/com.termux/files/usr/local/bin/hydra"; - GtkWidget *wndMain; - char *HYDRA_BIN; diff -Nru hydra-9.2/debian/patches/05_add_option_to_cflag.diff hydra-9.4/debian/patches/05_add_option_to_cflag.diff --- hydra-9.2/debian/patches/05_add_option_to_cflag.diff 2021-11-13 00:52:58.000000000 +0000 +++ hydra-9.4/debian/patches/05_add_option_to_cflag.diff 2022-10-06 03:28:27.000000000 +0000 @@ -2,15 +2,15 @@ and drop -O3 optimization level according debian policy Forwarded: vh@thc.org Author: Julián Moreno Patiño -Last-Update: 2021-11-12 +Last-Update: 2022-02-25 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g --OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition -+OPTS=-I. -Wall $(CFLAGS) -fcommon -Wl,--allow-multiple-definition +-OPTS=-I. -O3 $(CFLAGS) -fcommon ++OPTS=-I. -Wall $(CFLAGS) -fcommon # -Wall -g -pedantic LIBS=-lm DESTDIR ?= diff -Nru hydra-9.2/debian/patches/07_remove_troubled_files.diff hydra-9.4/debian/patches/07_remove_troubled_files.diff --- hydra-9.2/debian/patches/07_remove_troubled_files.diff 2021-11-13 00:52:58.000000000 +0000 +++ hydra-9.4/debian/patches/07_remove_troubled_files.diff 2022-10-06 03:28:27.000000000 +0000 @@ -1,20 +1,25 @@ Description: Remove troubled files to avoid FTBFS. Forwarded: not-needed Author: Julián Moreno Patiño -Last-Update: 2020-08-01 +Last-Update: 2022-02-25 --- a/Makefile -+++ /dev/null -@@ -1,5 +0,0 @@ ++++ b/Makefile +@@ -1,8 +1,3 @@ -all: - @echo Error: you must run "./configure" first - -clean: - cp -f Makefile.orig Makefile + + uninstall: + @echo Error: you must run "./configure" first --- a/Makefile.am +++ b/Makefile.am -@@ -81,5 +81,4 @@ +@@ -87,7 +87,6 @@ clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile - cp -f Makefile.orig Makefile + uninstall: + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh diff -Nru hydra-9.2/debian/patches/10_memcached_include.diff hydra-9.4/debian/patches/10_memcached_include.diff --- hydra-9.2/debian/patches/10_memcached_include.diff 2022-01-31 21:45:43.000000000 +0000 +++ hydra-9.4/debian/patches/10_memcached_include.diff 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -Description: Adjust memcached include dir lookup to not shadow limits.h - Compilation against openssl 3.0 causes a failure to find INT_MAX, despite the - openssl headers including limits.h. However, the fact that the - libmemcached-dev package provides both /usr/include/libmemcached{,-1.0} - directories, both of which contain memcached.h, mean that MCACHED_IPATH ends - up set to the libmemcached-1.0 one, which contains a limits.h, which shadows - /usr/include/limits.h. - Don't do that. -Author: Dan Bungert -Bug-Ubuntu: https://launchpad.net/bugs/1959622 -Forwarded: https://github.com/vanhauser-thc/thc-hydra/pull/718 -Last-Update: 2022-01-31 ---- a/configure -+++ b/configure -@@ -998,11 +998,9 @@ - if [ "X" = "X$MCACHED_IPATH" ]; then - if [ -f "$i/memcached.h" ]; then - MCACHED_IPATH="$i" -- fi -- if [ -f "$i/libmemcached/memcached.h" ]; then -+ elif [ -f "$i/libmemcached/memcached.h" ]; then - MCACHED_IPATH="$i/libmemcached" -- fi -- if [ -f "$i/libmemcached-1.0/memcached.h" ]; then -+ elif [ -f "$i/libmemcached-1.0/memcached.h" ]; then - MCACHED_IPATH="$i/libmemcached-1.0" - fi - fi diff -Nru hydra-9.2/debian/patches/11_change_exit_output.diff hydra-9.4/debian/patches/11_change_exit_output.diff --- hydra-9.2/debian/patches/11_change_exit_output.diff 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/debian/patches/11_change_exit_output.diff 2022-10-06 03:28:27.000000000 +0000 @@ -0,0 +1,30 @@ +Description: Force to exit if doesn't have dependencies to build xhydra. +Forwarded: not-need +Author: epsilon@debian.org +Last-Update: 2022-04-16 +--- a/Makefile.am ++++ b/Makefile.am +@@ -58,10 +58,10 @@ + @echo + + xhydra: +- -cd hydra-gtk && sh ./make_xhydra.sh ++ cd hydra-gtk && sh ./make_xhydra.sh $(DEB_HOST_GNU_TYPE) $(DEB_BUILD_GNU_TYPE) + + pw-inspector: pw-inspector.c +- -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c ++ $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + + .c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) +--- a/hydra-gtk/make_xhydra.sh ++++ b/hydra-gtk/make_xhydra.sh +@@ -2,7 +2,7 @@ + PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/gnome/lib/pkgconfig + export PKG_CONFIG_PATH + echo "Trying to compile xhydra now (hydra gtk gui) - don't worry if this fails, this is really optional ..." +-./configure ++./configure --host=$1 --build=$2 + test -e Makefile || { + echo "Error: configure wasnt happy. Analyse this:" + exit 1 diff -Nru hydra-9.2/debian/patches/series hydra-9.4/debian/patches/series --- hydra-9.2/debian/patches/series 2022-01-31 21:45:43.000000000 +0000 +++ hydra-9.4/debian/patches/series 2022-10-06 03:45:11.000000000 +0000 @@ -5,4 +5,4 @@ 03_use_bin_path.diff 06_show_xhydra_build_output.diff 07_remove_troubled_files.diff -10_memcached_include.diff +11_change_exit_output.diff diff -Nru hydra-9.2/debian/rules hydra-9.4/debian/rules --- hydra-9.2/debian/rules 2021-11-13 00:52:58.000000000 +0000 +++ hydra-9.4/debian/rules 2022-10-06 03:28:27.000000000 +0000 @@ -9,6 +9,8 @@ export CC export PKG_CONFIG ?= $(DEB_HOST_GNU_TYPE)-pkg-config +export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) %: dh $@ diff -Nru hydra-9.2/debian/source/lintian-overrides hydra-9.4/debian/source/lintian-overrides --- hydra-9.2/debian/source/lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/debian/source/lintian-overrides 2022-10-23 01:25:55.000000000 +0000 @@ -0,0 +1,2 @@ +#very long lines but they don't look that bad +hydra source: very-long-line-length-in-source-file diff -Nru hydra-9.2/debian/upstream/metadata hydra-9.4/debian/upstream/metadata --- hydra-9.2/debian/upstream/metadata 2021-11-13 00:52:58.000000000 +0000 +++ hydra-9.4/debian/upstream/metadata 2022-10-06 03:28:27.000000000 +0000 @@ -1,4 +1,3 @@ -Name: Hydra Reference: Author: Van Hauser / THC Title: "very fast network logon cracker" diff -Nru hydra-9.2/Dockerfile hydra-9.4/Dockerfile --- hydra-9.2/Dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/Dockerfile 2022-09-08 08:32:44.000000000 +0000 @@ -0,0 +1,72 @@ +FROM debian:buster-slim + +ARG HYDRA_VERSION="github" + +LABEL \ + org.opencontainers.image.url="https://github.com/vanhauser-thc/thc-hydra" \ + org.opencontainers.image.source="https://github.com/vanhauser-thc/thc-hydra" \ + org.opencontainers.image.version="$HYDRA_VERSION" \ + org.opencontainers.image.vendor="vanhauser-thc" \ + org.opencontainers.image.title="hydra" \ + org.opencontainers.image.licenses="GNU AFFERO GENERAL PUBLIC LICENSE" + +COPY . /src + +RUN set -x \ + && apt-get update \ + && apt-get -y install \ + #libmysqlclient-dev \ + default-libmysqlclient-dev \ + libgpg-error-dev \ + #libmemcached-dev \ + #libgcrypt11-dev \ + libgcrypt-dev \ + #libgcrypt20-dev \ + #libgtk2.0-dev \ + libpcre3-dev \ + #firebird-dev \ + libidn11-dev \ + libssh-dev \ + #libsvn-dev \ + libssl-dev \ + #libpq-dev \ + make \ + curl \ + gcc \ + 1>/dev/null \ + # The next line fixes the curl "SSL certificate problem: unable to get local issuer certificate" for linux/arm + && c_rehash \ + # Get hydra sources and compile + && cd /src \ + && ./configure 1>/dev/null \ + && make 1>/dev/null \ + && make install \ + # Make clean + && apt-get purge -y make gcc libgpg-error-dev libgcrypt-dev \ + && apt-get autoremove -y \ + && rm -rf /var/lib/apt/lists/* \ + # Verify hydra installation + && hydra -h || error_code=$? \ + && if [ ! "${error_code}" -eq 255 ]; then echo "Wrong exit code for 'hydra help' command"; exit 1; fi \ + # Unprivileged user creation + && echo 'hydra:x:10001:10001::/tmp:/sbin/nologin' > /etc/passwd \ + && echo 'hydra:x:10001:' > /etc/group + +ARG INCLUDE_SECLISTS="true" + +RUN set -x \ + && if [ "${INCLUDE_SECLISTS}" = "true" ]; then \ + mkdir /tmp/seclists \ + && curl -SL "https://api.github.com/repos/danielmiessler/SecLists/tarball" -o /tmp/seclists/src.tar.gz \ + && tar xzf /tmp/seclists/src.tar.gz -C /tmp/seclists \ + && mv /tmp/seclists/*SecLists*/Passwords /opt/passwords \ + && mv /tmp/seclists/*SecLists*/Usernames /opt/usernames \ + && chmod -R u+r /opt/passwords /opt/usernames \ + && rm -Rf /tmp/seclists \ + && ls -la /opt/passwords /opt/usernames \ + ;fi + +# Use an unprivileged user +USER 10001:10001 + +ENTRYPOINT ["hydra"] diff -Nru hydra-9.2/dpl4hydra_full.csv hydra-9.4/dpl4hydra_full.csv --- hydra-9.2/dpl4hydra_full.csv 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/dpl4hydra_full.csv 2022-09-08 08:32:44.000000000 +0000 @@ -2417,8 +2417,6 @@ dreambox,All models,all versions,http, telnet,root,dreambox,, dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox, drupal.org,Drupal,,administrator,admin,admin,,, -ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!, -ducati,Diavel,,,,Last 4 digits of VIN,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, @@ -3061,7 +3059,6 @@ hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,, -hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,, hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, @@ -3611,7 +3608,6 @@ iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, -jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,, janitza,UMG 508,,,Homepage Password,0th,,, @@ -3786,7 +3782,6 @@ kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, kyocera,KM-4850W,,,admin,,,, -kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification, kyocera,TASKalfa 250ci,,IP,,admin00,,, kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,, @@ -5188,82 +5183,42 @@ oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, -oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, -oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,, -oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,, oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, -oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC), oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6300,,,root,last six charachter of mac address,root,, oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6500,,,root,(last 6 digits of MAC address),root,, oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), -oki,B930n,,,root,(last 4 digits of MAC address),root,, -oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,, oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, -oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, -oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator, -oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, -oki,C380,,,admin,last 6 characters of the MAC ADRESS,,, -oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,, -oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), -oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C5550 MFP,,http,,*blank*,Admin,, -oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, oki,C5650dn,,,,000000,menu,, oki,C5650n,,,,000000,menu,, -oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, -oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, -oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,C6050dn,,,,000000,menu,, oki,C6050n,,,,000000,menu,, oki,C610,,,admin,aaaaaa,admin,, -oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., -oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol oki,C6150dn,,,,000000,menu,, oki,C6150dtn,,,,000000,menu,, oki,C6150hdn,,,,000000,menu,, oki,C6150n,,,,000000,menu,, oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, oki,C711,,Web,admin,aaaaaa,Admin access,, -oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, -oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present., -oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, -oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,, -oki,C830,all,web,root,last 6 digits of the MAC address,,, -oki,C8800,,Web or Console,root,Last six characters of MAC address,,, oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,C9650,,,,0000,Print statistics,, oki,C9650,,,,aaaaaa,Administration,, -oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,, oki,C9655,,printer menu,,aaaaaa,printer menubutton,, -oki,C9800,,,root,(last 6 digits of MAC address),,, -oki,C9850,,,root,(last 6 digits of MAC address),,, oki,CX1145,,,,123456,,, oki,CX2032 MFP,,http,,*blank*,Admin,, oki,CX2033,,Printer Menu,,,,When asked for password just press OK, oki,CX2633,,Web interface,admin,aaaaaa,admin,, oki,CX2731,,Web interface,admin,aaaaaa,admin,, -oki,CX3641,,,root,(last 6 digits of MAC address),,, oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC), -oki,ES3640,,,root,(last 6 digits of MAC address),,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, oki,ES7120,,Web,root,aaaaaa,Admin,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, @@ -5275,7 +5230,6 @@ oki,MC160,,Web,,sysAdmin,Admin,, oki,MC342w,,,admin,aaaaaa,admin,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, -oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,MC361,,Web interface,admin,aaaaaa,admin,, oki,MC560,,Printer Menu,,,,When asked for password just press OK, oki,MC560,,Printer Menu,,,,When asked for password, @@ -5285,19 +5239,10 @@ oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) oki,ML491n,,http://,Admin,OkiLAN,Admin,, oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) -oki,ML8810,,,root,(last 6 digits of MAC address),,, oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,, oki,WebTools,,,Administrator,,,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned. -oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, oki,c5750,n1.02,http://192.168.0.200,,,,, oki,c810,1.0,192.100.185.78,admin,admin,admin,, olegkhabarov,Comfy CMS,,,username,password,,, @@ -10100,7 +10045,6 @@ telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, tenda,W150M,,192.168.1.1,admin,admin,Admin,, -teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, terayon,TeraLink 1000 Controller,,,admin,password,,, @@ -10403,8 +10347,6 @@ unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,, -universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, -universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, diff -Nru hydra-9.2/dpl4hydra_local.csv hydra-9.4/dpl4hydra_local.csv --- hydra-9.2/dpl4hydra_local.csv 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/dpl4hydra_local.csv 2022-09-08 08:32:44.000000000 +0000 @@ -2417,8 +2417,6 @@ dreambox,All models,all versions,http, telnet,root,dreambox,, dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox, drupal.org,Drupal,,administrator,admin,admin,,, -ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!, -ducati,Diavel,,,,Last 4 digits of VIN,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, @@ -3061,7 +3059,6 @@ hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,, -hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,, hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, @@ -3611,7 +3608,6 @@ iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, -jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,, janitza,UMG 508,,,Homepage Password,0th,,, @@ -3786,7 +3782,6 @@ kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, kyocera,KM-4850W,,,admin,,,, -kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification, kyocera,TASKalfa 250ci,,IP,,admin00,,, kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,, @@ -5188,82 +5183,42 @@ oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, -oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, -oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,, -oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,, oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, -oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC), oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6300,,,root,last six charachter of mac address,root,, oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6500,,,root,(last 6 digits of MAC address),root,, oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), -oki,B930n,,,root,(last 4 digits of MAC address),root,, -oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,, oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, -oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, -oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator, -oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, -oki,C380,,,admin,last 6 characters of the MAC ADRESS,,, -oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,, -oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), -oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C5550 MFP,,http,,*blank*,Admin,, -oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, oki,C5650dn,,,,000000,menu,, oki,C5650n,,,,000000,menu,, -oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, -oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, -oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,C6050dn,,,,000000,menu,, oki,C6050n,,,,000000,menu,, oki,C610,,,admin,aaaaaa,admin,, -oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., -oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol oki,C6150dn,,,,000000,menu,, oki,C6150dtn,,,,000000,menu,, oki,C6150hdn,,,,000000,menu,, oki,C6150n,,,,000000,menu,, oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, oki,C711,,Web,admin,aaaaaa,Admin access,, -oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, -oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present., -oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, -oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,, -oki,C830,all,web,root,last 6 digits of the MAC address,,, -oki,C8800,,Web or Console,root,Last six characters of MAC address,,, oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,C9650,,,,0000,Print statistics,, oki,C9650,,,,aaaaaa,Administration,, -oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,, oki,C9655,,printer menu,,aaaaaa,printer menubutton,, -oki,C9800,,,root,(last 6 digits of MAC address),,, -oki,C9850,,,root,(last 6 digits of MAC address),,, oki,CX1145,,,,123456,,, oki,CX2032 MFP,,http,,*blank*,Admin,, oki,CX2033,,Printer Menu,,,,When asked for password just press OK, oki,CX2633,,Web interface,admin,aaaaaa,admin,, oki,CX2731,,Web interface,admin,aaaaaa,admin,, -oki,CX3641,,,root,(last 6 digits of MAC address),,, oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC), -oki,ES3640,,,root,(last 6 digits of MAC address),,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, oki,ES7120,,Web,root,aaaaaa,Admin,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, @@ -5275,7 +5230,6 @@ oki,MC160,,Web,,sysAdmin,Admin,, oki,MC342w,,,admin,aaaaaa,admin,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, -oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,MC361,,Web interface,admin,aaaaaa,admin,, oki,MC560,,Printer Menu,,,,When asked for password just press OK, oki,MC560,,Printer Menu,,,,When asked for password, @@ -5285,19 +5239,10 @@ oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) oki,ML491n,,http://,Admin,OkiLAN,Admin,, oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) -oki,ML8810,,,root,(last 6 digits of MAC address),,, oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,, oki,WebTools,,,Administrator,,,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned. -oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, oki,c5750,n1.02,http://192.168.0.200,,,,, oki,c810,1.0,192.100.185.78,admin,admin,admin,, olegkhabarov,Comfy CMS,,,username,password,,, @@ -10100,7 +10045,6 @@ telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, tenda,W150M,,192.168.1.1,admin,admin,Admin,, -teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, terayon,TeraLink 1000 Controller,,,admin,password,,, @@ -10403,8 +10347,6 @@ unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,, -universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, -universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, diff -Nru hydra-9.2/.github/workflows/release.yml hydra-9.4/.github/workflows/release.yml --- hydra-9.2/.github/workflows/release.yml 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/.github/workflows/release.yml 2022-09-08 08:32:44.000000000 +0000 @@ -0,0 +1,38 @@ +name: release + +on: + push: + branches: [master, main] + tags-ignore: ['**'] + paths-ignore: [README, TODO, PROBLEMS] + pull_request: + paths-ignore: [README, TODO, PROBLEMS] + +jobs: + docker-image: + name: Build the docker image + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + + - uses: docker/setup-qemu-action@v2 + + - uses: docker/setup-buildx-action@v2 + + - uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - uses: gacts/github-slug@v1 # Action page: + id: slug + + - uses: docker/build-push-action@v3 # Action page: + with: + context: . + file: Dockerfile + push: true + platforms: linux/amd64, linux/arm64 +# ,linux/arm/v6, linux/arm/v7 + tags: vanhauser/hydra:latest + diff -Nru hydra-9.2/hydra.1 hydra-9.4/hydra.1 --- hydra-9.2/hydra.1 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra.1 2022-09-08 08:32:44.000000000 +0000 @@ -1,4 +1,4 @@ -.TH "HYDRA" "1" "01/01/2021" +.TH "HYDRA" "1" "01/01/2022" .SH NAME hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS diff -Nru hydra-9.2/hydra.c hydra-9.4/hydra.c --- hydra-9.2/hydra.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra.c 2022-09-08 08:32:44.000000000 +0000 @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2021 by van Hauser / THC + * hydra (c) 2001-2022 by van Hauser / THC * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. @@ -78,6 +78,7 @@ extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); @@ -178,6 +179,7 @@ extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); @@ -202,7 +204,7 @@ extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); // ADD NEW SERVICES HERE -char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " +char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs firebird ftp[s] " "http[s]-{head|get|post} http[s]-{get|post}-form http-proxy " "http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] " "memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid " @@ -226,7 +228,7 @@ #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.2" +#define VERSION "v9.4" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" @@ -402,6 +404,7 @@ {"memcached", service_mcached_init, service_mcached, NULL}, #endif SERVICE(mssql), + SERVICE(cobaltstrike), #ifdef LIBMONGODB SERVICE3("mongodb", mongodb), #endif @@ -593,8 +596,6 @@ "others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n" - " -r use a shuffling method called 'rain' to try to break\n" - " the linearity of the bruteforce\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all " "lowercase letters\n" @@ -807,7 +808,7 @@ fprintf(stderr, "[WARNING] restore file was created by version %c.%c, this is " "version %s\n", - buf[0], buf[2], VERSION); + buf[0], buf[1], VERSION); if (buf[2] != sizeof(int32_t) % 256 || buf[3] != sizeof(hydra_head *) % 256) { fprintf(stderr, "[ERROR] restore file was created on a different, " "incompatible processor platform!\n"); @@ -883,11 +884,19 @@ printf("[DEBUG] reading restore file: Step 8 complete\n"); login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); + if (!login_ptr) { + fprintf(stderr, "Error: malloc(%lu) failed\n", hydra_brains.sizelogin + hydra_brains.countlogin + 8); + exit(-1); + } fck = (int32_t)fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); + if (!pass_ptr) { + fprintf(stderr, "Error: malloc(%lu) failed\n", hydra_brains.sizepass + hydra_brains.countpass + 8); + exit(-1); + } fck = (int32_t)fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); } else { // colonfile mode hydra_options.colonfile = empty_login; // dummy @@ -897,8 +906,16 @@ printf("[DEBUG] reading restore file: Step 10 complete\n"); hydra_targets = (hydra_target **)malloc((hydra_brains.targets + 3) * sizeof(hydra_target *)); + if (!hydra_targets) { + fprintf(stderr, "Error: malloc(%lu) failed\n", (hydra_brains.targets + 3) * sizeof(hydra_target *)); + exit(-1); + } for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); + if (!hydra_targets[j]) { + fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_target)); + exit(-1); + } fck = (int32_t)fread(hydra_targets[j], sizeof(hydra_target), 1, f); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -950,8 +967,16 @@ if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); + if (!hydra_heads) { + fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_head *) * hydra_options.max_use); + exit(-1); + } for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); + if (!hydra_heads[j]) { + fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_head)); + exit(-1); + } fck = (int32_t)fread(hydra_heads[j], sizeof(hydra_head), 1, f); hydra_heads[j]->sp[0] = -1; hydra_heads[j]->sp[1] = -1; @@ -1001,7 +1026,7 @@ int32_t pid, i; killed++; - pid = wait3(NULL, WNOHANG, NULL); + pid = waitpid(-1, NULL, WNOHANG); for (i = 0; i < hydra_options.max_use; i++) { if (pid == hydra_heads[i]->pid) { hydra_heads[i]->pid = -1; @@ -1107,7 +1132,7 @@ tmp[len] = 0; } if (colonmode) { - if ((ptr2 = index(tmp, ':')) == NULL) { + if ((ptr2 = strchr(tmp, ':')) == NULL) { fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon " "in line: %s\n", @@ -1320,6 +1345,7 @@ {"memcached", PORT_MCACHED, PORT_MCACHED_SSL}, {"mongodb", PORT_MONGODB, PORT_MONGODB}, {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"cobaltstrike", PORT_COBALTSTRIKE, PORT_COBALTSTRIKE_SSL}, {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, @@ -1421,7 +1447,7 @@ // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = // NULL; } - (void)wait3(NULL, WNOHANG, NULL); + (void)waitpid(-1, NULL, WNOHANG); } void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { @@ -1461,7 +1487,7 @@ hydra_heads[head_no]->current_pass_ptr = empty_login; } if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { - if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use <= hydra_targets[target_no]->failed) { if (hydra_targets[target_no]->ok == 1) hydra_targets[target_no]->done = TARGET_ERROR; // mark target as done by errors else @@ -1470,13 +1496,16 @@ fprintf(stderr, "[ERROR] Too many connect errors to target, disabling " "%s://%s%s%s:%d\n", - hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + } else { + hydra_targets[target_no]->failed++; } - if (hydra_brains.targets > hydra_brains.finished) + if (hydra_brains.targets <= hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else hydra_kill_head(head_no, 1, 2); - } // we keep the last one alive as long as it make sense + } + // we keep the last one alive as long as it make sense } else { // we need to put this in a list, otherwise we fail one login+pw test if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { @@ -1491,12 +1520,14 @@ hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } - hydra_targets[target_no]->fail_count--; - if (k < 5 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; - if (k == 2 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; - if (hydra_brains.targets > hydra_brains.finished) + /* + hydra_targets[target_no]->fail_count--; + if (k < 5 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (k == 2 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + */ + if (hydra_brains.targets <= hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else { hydra_kill_head(head_no, 1, 2); @@ -1566,7 +1597,7 @@ snp_is_redo = 0; snpdont = 0; loop_cnt++; - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + if (hydra_heads[head_no]->redo == 1 && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { hydra_heads[head_no]->redo = 0; snp_is_redo = 1; snpdone = 1; @@ -1598,7 +1629,7 @@ return -1; } - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + if (hydra_heads[head_no]->redo == 1 && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { hydra_heads[head_no]->redo = 0; snp_is_redo = 1; snpdone = 1; @@ -1607,7 +1638,7 @@ printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - " "%" hPRIu64 " of %" hPRIu64 "\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); - hydra_heads[head_no]->redo = 0; + // hydra_heads[head_no]->redo = 0; if (hydra_targets[target_no]->redo_state > 0) { if (hydra_targets[target_no]->redo_state <= hydra_targets[target_no]->redo) { hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; @@ -1907,8 +1938,11 @@ // the above line } if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, - hydra_targets[target_no]->redo); + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", + hydra_targets[target_no]->redo_state ? "REDO-" + : snp_is_redo ? "RE-" + : "", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, hydra_targets[target_no]->redo); } loop_cnt = 0; return 0; @@ -1933,7 +1967,7 @@ hydra_targets[target_no]->skipcnt++; } if (hydra_options.loop_mode == 0 && !check_flag(hydra_options.mode, MODE_COLON_FILE)) { - if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { + if (strcmp(username, hydra_targets[target_no]->login_ptr) == 0) { if (debug) printf("[DEBUG] skipping username %s\n", username); // increase count @@ -2023,11 +2057,11 @@ } *sep = 0; target_string = sep + 3; - if ((sep = index(target_string, '@')) != NULL) { + if ((sep = strchr(target_string, '@')) != NULL) { auth_string = target_string; *sep = 0; target_string = sep + 1; - if (index(auth_string, ':') == NULL) { + if (strchr(auth_string, ':') == NULL) { fprintf(stderr, "[WARNING] %s has an invalid authentication definition %s, must " "be in the format login:pass, entry ignored\n", @@ -2035,14 +2069,14 @@ return; } } - if ((sep = index(target_string, ':')) != NULL) { + if ((sep = strchr(target_string, ':')) != NULL) { *sep = 0; port_string = sep + 1; - if ((sep = index(port_string, '%')) != NULL) { + if ((sep = strchr(port_string, '%')) != NULL) { *sep = 0; device_string = sep + 1; } - if ((sep = index(port_string, '/')) != NULL) + if ((sep = strchr(port_string, '/')) != NULL) *sep = 0; port = atoi(port_string); if (port < 1 || port > 65535) { @@ -2152,7 +2186,7 @@ struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2021 by %s & %s - Please do not use in military or secret " + printf("%s %s (c) 2022 by %s & %s - Please do not use in military or secret " "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP @@ -2191,6 +2225,10 @@ SERVICES = hydra_string_replace(SERVICES, "radmin2 ", ""); strcat(unsupported, "radmin2 "); #endif +#ifndef LIBFREERDP + SERVICES = hydra_string_replace(SERVICES, "rdp ", ""); + strcat(unsupported, "rdp "); +#endif #ifndef LIBSAPR3 SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); strcat(unsupported, "sapr3 "); @@ -2238,11 +2276,6 @@ strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif -#ifndef LIBFREERDP - // for rdp - SERVICES = hydra_string_replace(SERVICES, " rdp", ""); -#endif - #ifndef HAVE_MATH_H if (strlen(unsupported) > 0) strcat(unsupported, "and "); @@ -2571,23 +2604,23 @@ if (*target_pos == '[') { target_pos++; - if ((param_pos = index(target_pos, ']')) == NULL) + if ((param_pos = strchr(target_pos, ']')) == NULL) bail("no closing ']' found in target definition"); *param_pos++ = 0; if (*param_pos == ':') port_pos = ++param_pos; - if ((param_pos = index(param_pos, '/')) != NULL) + if ((param_pos = strchr(param_pos, '/')) != NULL) *param_pos++ = 0; } else { - port_pos = index(target_pos, ':'); - param_pos = index(target_pos, '/'); + port_pos = strchr(target_pos, ':'); + param_pos = strchr(target_pos, '/'); if (port_pos != NULL && param_pos != NULL && port_pos > param_pos) port_pos = NULL; if (port_pos != NULL) *port_pos++ = 0; if (param_pos != NULL) *param_pos++ = 0; - if (port_pos != NULL && index(port_pos, ':') != NULL) { + if (port_pos != NULL && strchr(port_pos, ':') != NULL) { if (prefer_ipv6) bail("Illegal IPv6 target definition must be written within '[' " "']'"); @@ -2776,6 +2809,8 @@ } if (strcmp(hydra_options.service, "mssql") == 0) i = 1; + if (strcmp(hydra_options.service, "cobaltstrike") == 0) + i = 2; if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { i = 2; hydra_options.service = malloc(strlen("oracle-listener") + 1); @@ -2870,7 +2905,7 @@ "like parallel connections)\n"); hydra_options.tasks = 1; } - if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + if (hydra_options.login != NULL && (strchr(hydra_options.login, '\\') != NULL || strchr(hydra_options.login, '/') != NULL)) fprintf(stderr, "[WARNING] potential windows domain specification found in " "login. You must use the -m option to pass a domain.\n"); i = 1; @@ -2894,7 +2929,7 @@ #if !defined(LIBSMBCLIENT) bail("Compiled without LIBSMBCLIENT support, module not available!"); #else - if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + if (hydra_options.login != NULL && (strchr(hydra_options.login, '\\') != NULL || strchr(hydra_options.login, '/') != NULL)) fprintf(stderr, "[WARNING] potential windows domain specification found in " "login. You must use the -m option to pass a domain.\n"); if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { @@ -3286,6 +3321,9 @@ hydra_options.port = port; } + if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) + hydra_options.exit_found = 1; + if (hydra_options.ssl == 0 && hydra_options.port == 443) fprintf(stderr, "[WARNING] you specified port 443 for attacking a http " "service, however did not specify the -S ssl switch nor " @@ -3547,13 +3585,13 @@ if (*tmpptr == '[') { tmpptr++; hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(tmpptr, ']')) != NULL) { + if ((tmpptr2 = strchr(tmpptr, ']')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; } } else hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { + if ((tmpptr2 = strchr(tmpptr, ':')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; hydra_targets[i]->port = atoi(tmpptr2); @@ -3569,13 +3607,13 @@ } else if (hydra_options.server == NULL) { fprintf(stderr, "Error: no target server given, nor -M option used\n"); exit(-1); - } else if (index(hydra_options.server, '/') != NULL) { + } else if (strchr(hydra_options.server, '/') != NULL) { if (cmdlinetarget == NULL) bail("You seem to mix up \"service://target:port/options\" syntax with " "\"target service options\" syntax. Read the README on how to use " "hydra correctly!"); if (strstr(cmdlinetarget, "://") != NULL) { - tmpptr = index(hydra_options.server, '/'); + tmpptr = strchr(hydra_options.server, '/'); if (tmpptr != NULL) *tmpptr = 0; countservers = hydra_brains.targets = 1; @@ -3598,7 +3636,7 @@ exit(-1); } strcpy(tmpptr, hydra_options.server); - tmpptr2 = index(tmpptr, '/'); + tmpptr2 = strchr(tmpptr, '/'); *tmpptr2++ = 0; if ((k = atoi(tmpptr2)) < 16 || k > 31) { fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); @@ -3764,7 +3802,7 @@ printf(" per task\n"); if (hydra_brains.targets == 1) { - if (index(hydra_targets[0]->target, ':') == NULL) { + if (strchr(hydra_targets[0]->target, ':') == NULL) { printf("[DATA] attacking %s%s://%s:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target); printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); } else { @@ -3840,7 +3878,7 @@ #ifdef AF_INET6 ipv6 = NULL; #endif - if ((device = index(hydra_targets[i]->target, '%')) != NULL) + if ((device = strchr(hydra_targets[i]->target, '%')) != NULL) *device++ = 0; if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { if (use_proxy == 0) { @@ -3906,9 +3944,10 @@ } freeaddrinfo(res); } - // restore device information if present + // restore device information if present (overwrite null bytes) if (device != NULL) { - *(device - 1) = '%'; + char *tmpptr = device - 1; + *tmpptr = '%'; // you can ignore the compiler warning fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 " "link local addresses, e.g. SSH does not\n"); } @@ -4129,6 +4168,21 @@ fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack break; + case 'D': // disable target, unknown protocol or feature + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done == TARGET_ACTIVE) { + hydra_targets[j]->done = TARGET_FINISHED; + hydra_brains.finished++; + } + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0 && hydra_heads[j]->target_no == target_no) { + if (hydra_brains.targets > hydra_brains.finished) + hydra_kill_head(j, 1, 0); // kill all heads working on the target + else + hydra_kill_head(j, 1, 2); // kill all heads working on the target + } + break; + // we do not make a difference between 'C' and 'E' results - yet case 'E': // head reports protocol error case 'C': // head reports connect error @@ -4197,7 +4251,7 @@ // hydra_brains.sent); usleepn(USLEEP_LOOP); - (void)wait3(NULL, WNOHANG, NULL); + (void)waitpid(-1, NULL, WNOHANG); // write restore file and report status if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { hydra_restore_write(0); @@ -4300,7 +4354,7 @@ for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i]->active == HEAD_ACTIVE && hydra_heads[i]->pid > 0) hydra_kill_head(i, 1, 3); - (void)wait3(NULL, WNOHANG, NULL); + (void)waitpid(-1, NULL, WNOHANG); #define STRMAX (10 * 1024) char json_error[STRMAX + 2], tmp_str[STRMAX + 2]; @@ -4335,6 +4389,7 @@ strncat(json_error, tmp_str, STRMAX); strncat(json_error, "\"", STRMAX); error = 1; + hydra_restore_write(1); } // yeah we did it printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); diff -Nru hydra-9.2/hydra-cisco.c hydra-9.4/hydra-cisco.c --- hydra-9.2/hydra-cisco.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-cisco.c 2022-09-08 08:32:44.000000000 +0000 @@ -5,7 +5,7 @@ #endif extern char *HYDRA_EXIT; -char *buf = NULL; +static char *buf = NULL; int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; diff -Nru hydra-9.2/hydra-cobaltstrike.c hydra-9.4/hydra-cobaltstrike.c --- hydra-9.2/hydra-cobaltstrike.c 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/hydra-cobaltstrike.c 2022-09-08 08:32:44.000000000 +0000 @@ -0,0 +1,126 @@ +#include "hydra-mod.h" + +#define CSLEN 256 + +extern char *HYDRA_EXIT; +char *buf; + +int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *pass, buffer[4 + 1 + 256]; + char cs_pass[CSLEN + 1]; + unsigned char len_pass; + unsigned char reply_byte_0; + unsigned char reply_byte_1; + unsigned char reply_byte_2; + unsigned char reply_byte_3; + int32_t ret = -1; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + if (strlen(pass) > CSLEN) + pass[CSLEN - 1] = 0; + len_pass = strlen(pass); + memset(cs_pass, 0, CSLEN + 1); + strcpy(cs_pass, pass); + + memset(buffer, 0x41, sizeof(buffer)); + buffer[0] = 0x00; + buffer[1] = 0x00; + buffer[2] = 0xBE; + buffer[3] = 0xEF; + memcpy(buffer + 4, &len_pass, 1); + memcpy(buffer + 5, cs_pass, len_pass); + + if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) + return 1; + + reply_byte_0 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_0, 1); + if (ret <= 0) + return 3; + + reply_byte_1 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_1, 1); + if (ret <= 0) + return 3; + + reply_byte_2 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_2, 1); + if (ret <= 0) + return 3; + + reply_byte_3 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_3, 1); + if (ret <= 0) + return 3; + + if (reply_byte_0 == 0x00 && reply_byte_1 == 0x00 && reply_byte_2 == 0xCA && reply_byte_3 == 0xFE) { + hydra_report_found_host(port, ip, "cobaltstrike", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; +} + +void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t mysslport = PORT_COBALTSTRIKE_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = start_cobaltstrike(sock, ip, port, options, miscptr, fp); + hydra_disconnect(sock); + break; + case 2: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff -Nru hydra-9.2/hydra-gtk/configure.in hydra-9.4/hydra-gtk/configure.in --- hydra-9.2/hydra-gtk/configure.in 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-gtk/configure.in 2022-09-08 08:32:44.000000000 +0000 @@ -10,7 +10,7 @@ AM_PROG_CC_STDC AC_HEADER_STDC -pkg_modules="gtk+-2.0 >= 2.0.0" +pkg_modules="gtk+-3.0 >= 3.24.24" PKG_CHECK_MODULES(PACKAGE, [$pkg_modules]) AC_SUBST(PACKAGE_CFLAGS) AC_SUBST(PACKAGE_LIBS) diff -Nru hydra-9.2/hydra-gtk/src/main.c hydra-9.4/hydra-gtk/src/main.c --- hydra-9.2/hydra-gtk/src/main.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-gtk/src/main.c 2022-09-08 08:32:44.000000000 +0000 @@ -17,6 +17,8 @@ char *hydra_path1 = "./hydra"; char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra"; +char *hydra_path4 = "/data/data/com.termux/files/usr/bin/hydra"; +char *hydra_path5 = "/data/data/com.termux/files/usr/local/bin/hydra"; GtkWidget *wndMain; char *HYDRA_BIN; @@ -53,6 +55,10 @@ HYDRA_BIN = hydra_path2; } else if (g_file_test(hydra_path3, G_FILE_TEST_IS_EXECUTABLE)) { HYDRA_BIN = hydra_path3; + } else if (g_file_test(hydra_path4, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path4; + } else if (g_file_test(hydra_path5, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path5; } else { g_error("Please tell me where hydra is, use --hydra-path\n"); return -1; diff -Nru hydra-9.2/hydra.h hydra-9.4/hydra.h --- hydra-9.2/hydra.h 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra.h 2022-09-08 08:32:44.000000000 +0000 @@ -101,6 +101,8 @@ #define PORT_MYSQL_SSL 3306 #define PORT_MSSQL 1433 #define PORT_MSSQL_SSL 1433 +#define PORT_COBALTSTRIKE 50050 +#define PORT_COBALTSTRIKE_SSL 50050 #define PORT_POSTGRES 5432 #define PORT_POSTGRES_SSL 5432 #define PORT_ORACLE 1521 diff -Nru hydra-9.2/hydra-http.c hydra-9.4/hydra-http.c --- hydra-9.2/hydra-http.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-http.c 2022-09-08 08:32:44.000000000 +0000 @@ -52,17 +52,17 @@ /* again: no snprintf to be portable. don't worry, buffer can't overflow */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " "close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic " "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header); + type, webtarget, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " "(Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buffer2, header); + type, webtarget, miscptr, webtarget, buffer2, header); else sprintf(buffer, "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: " @@ -110,16 +110,16 @@ // send the first.. if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " "(Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); + type, webtarget, miscptr, webtarget, buf1, header); else sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " @@ -174,16 +174,16 @@ // create the auth response if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " "(Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); + type, webtarget, miscptr, webtarget, buf1, header); else sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " @@ -208,7 +208,7 @@ complete_line = 0; tmpreplybuf[0] = 0; - while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) { + while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (strchr(http_buf, '\n') == NULL && complete_line == 0))) { if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) { @@ -245,7 +245,7 @@ if (debug) hydra_report(stderr, "S:%s\n", http_buf); - ptr = ((char *)index(http_buf, ' ')); + ptr = ((char *)strchr(http_buf, ' ')); if (ptr != NULL) ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { diff -Nru hydra-9.2/hydra-http-form.c hydra-9.4/hydra-http-form.c --- hydra-9.2/hydra-http-form.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-http-form.c 2022-09-08 08:32:44.000000000 +0000 @@ -75,6 +75,7 @@ int32_t success_cond = 0; int32_t getcookie = 1; int32_t auth_flag = 0; +int32_t code_302_is_success = 0; char cookie[4096] = "", cmiscptr[1024]; @@ -258,6 +259,9 @@ ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; + if (!header || !value || !strlen(header) || !strlen(value)) + return 0; + // get to the last header for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next) ; @@ -400,7 +404,7 @@ * Beware of the backslashes (\)! */ while (*miscptr != 0) { - if (strlen(miscptr) < 3 || miscptr[1] != '=') { + if (strlen(miscptr) < 2 || miscptr[1] != '=') { hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr); return 0; } @@ -438,6 +442,14 @@ sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":")); miscptr = ptr; break; + case '2': + code_302_is_success = 1; + char *tmp = strchr(miscptr, ':'); + if (tmp) + miscptr = tmp + 1; + else + miscptr += strlen(miscptr); + break; case 'g': // fall through case 'G': ptr = miscptr + 2; @@ -572,17 +584,17 @@ if (ret == NULL) return NULL; - if (index(ret, '%') != NULL) + if (strchr(ret, '%') != NULL) ret = hydra_strrep(ret, "%", "%25"); - if (index(ret, ' ') != NULL) + if (strchr(ret, ' ') != NULL) ret = hydra_strrep(ret, " ", "%20"); - if (index(ret, '&') != NULL) + if (strchr(ret, '&') != NULL) ret = hydra_strrep(ret, "&", "%26"); - if (index(ret, '#') != NULL) + if (strchr(ret, '#') != NULL) ret = hydra_strrep(ret, "#", "%23"); - if (index(ret, '=') != NULL) + if (strchr(ret, '=') != NULL) ret = hydra_strrep(ret, "=", "%3D"); - if (index(ret, '+') != NULL) + if (strchr(ret, '+') != NULL) ret = hydra_strrep(ret, "+", "%2B"); return ret; @@ -646,10 +658,10 @@ } else if (endcookie2 != NULL) *endcookie2 = 0; // is the cookie already there? if yes, remove it! - if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { + if (strchr(startcookie, '=') != NULL && (ptr = strchr(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { strncpy(tmpname, startcookie, sizeof(tmpname) - 2); tmpname[sizeof(tmpname) - 2] = 0; - ptr = index(tmpname, '='); + ptr = strchr(tmpname, '='); *(++ptr) = 0; // is the cookie already in the cookiejar? (so, does it have to be // replaced?) @@ -675,7 +687,7 @@ strcpy(cookie, tmpcookie); } } - ptr = index(str, '='); + ptr = strchr(str, '='); // only copy the cookie if it has a value (otherwise the server wants to // delete the cookie) if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') { @@ -948,12 +960,16 @@ found = analyze_server_response(s); + if (redirected_flag && code_302_is_success) { + found = success_cond; + } + if (auth_flag) { // we received a 401 error - user is using wrong module hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP " "error code 401. Use module \"http%s-get\" instead.\n", (options & OPTION_SSL) > 0 ? "s" : ""); - return 4; + return 2; } if (strlen(cookie) > 0) @@ -964,12 +980,10 @@ if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); - while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { // we have to split the location char *startloc, *endloc; - char str[2048]; - char str2[2048]; - char str3[2048]; + char str[2048], str2[2048], str3[2048], str4[2048]; redirected_cpt--; redirected_flag = 0; @@ -988,19 +1002,21 @@ startloc += strlen("://"); if ((endloc = strchr(startloc, '\r')) != NULL) { - startloc[endloc - startloc] = 0; + *endloc = 0; } if ((endloc = strchr(startloc, '\n')) != NULL) { - startloc[endloc - startloc] = 0; + *endloc = 0; } - strcpy(str, startloc); + strncpy(str, startloc, sizeof(str) - 1); + str[sizeof(str) - 1] = 0; endloc = strchr(str, '/'); if (endloc != NULL) { strncpy(str2, str, endloc - str); str2[endloc - str] = 0; - } else - strncpy(str2, str, sizeof(str)); + } else { + strcpy(str2, str); + } if (strlen(str) - strlen(str2) == 0) { strcpy(str3, "/"); @@ -1009,7 +1025,8 @@ str3[strlen(str) - strlen(str2)] = 0; } } else { - strncpy(str2, webtarget, sizeof(str2)); + strncpy(str2, webtarget, sizeof(str2) - 1); + str2[sizeof(str2) - 1] = 0; if (redirected_url_buff[0] != '/') { // it's a relative path, so we have to concatenate it // with the path from the first url given @@ -1025,8 +1042,10 @@ } else { sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); } - } else - strncpy(str3, redirected_url_buff, sizeof(str3)); + } else { + strncpy(str3, redirected_url_buff, sizeof(str3) - 1); + str3[sizeof(str3) - 1] = 0; + } if (debug) hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); } @@ -1038,12 +1057,13 @@ str3[0] = '/'; } - if (strrchr(url, ':') == NULL && port != 80) { - sprintf(str2, "%.2040s:%d", str2, port); + if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) { + sprintf(str4, "%.2000s:%d", str2, port); + strcpy(str2, str4); } if (verbose) - hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); + hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); @@ -1105,7 +1125,7 @@ } // if the last status is still 3xx, set it as a false - if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { + if (found != -1 && found == success_cond && ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { @@ -1270,8 +1290,7 @@ ptr = ptr2 = NULL; sprintf(bufferurl, "%.6096s", miscptr); - url = bufferurl; - ptr = url; + ptr = url = bufferurl; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; @@ -1284,39 +1303,41 @@ if (*ptr != 0) *ptr++ = 0; - cond = ptr; + optional1 = cond = ptr; + + ptr2 = ptr + strlen(ptr); - if ((ptr2 = index(ptr, ':')) != NULL) { + while (ptr2 > ptr && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2--; + + if (*ptr2 == ':') { *ptr2++ = 0; - if (*ptr2) - optional1 = ptr2; - else - optional1 = NULL; - } else + cond = ptr2; + } + + if (optional1 == cond) optional1 = NULL; if (strstr(url, "\\:") != NULL) { - if ((ptr = malloc(strlen(url))) != NULL) { + if ((ptr = malloc(strlen(url) + 1)) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); url = ptr; } } if (strstr(variables, "\\:") != NULL) { - if ((ptr = malloc(strlen(variables))) != NULL) { + if ((ptr = malloc(strlen(variables) + 1)) != NULL) { strcpy(ptr, hydra_strrep(variables, "\\:", ":")); variables = ptr; } } if (strstr(cond, "\\:") != NULL) { - if ((ptr = malloc(strlen(cond))) != NULL) { + if ((ptr = malloc(strlen(cond) + 1)) != NULL) { strcpy(ptr, hydra_strrep(cond, "\\:", ":")); cond = ptr; } } - // printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: - // %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : - // optional1); + // printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : optional1); if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */) hydra_child_exit(2); @@ -1340,8 +1361,7 @@ success_cond = 0; } - // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s - // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. @@ -1433,8 +1453,9 @@ " login check must be preceded by \"S=\".\n" " This is where most people get it wrong. You have to check the webapp " "what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" + " failed string looks like and put it in this parameter! Add the -d switch to see\nthe sent/received data!\n" + "\nThe following parameters are optional:\n" + " 2= 302 page forward return codes identify a successful attempt\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" " (g|G)= skip pre-requests - only use this when no pre-cookies are required\n" @@ -1448,8 +1469,7 @@ "exists, by the\n" " one supplied by the user, or add the header at the " "end\n" - "Note that if you are going to put colons (:) in your headers you should " - "escape them with a backslash (\\).\n" + "\nNote that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" " All colons that are not option separators should be escaped (see the " "examples above and below).\n" " You can specify a header without escaping the colons, but that way you " diff -Nru hydra-9.2/hydra-http-proxy.c hydra-9.4/hydra-http-proxy.c --- hydra-9.2/hydra-http-proxy.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-http-proxy.c 2022-09-08 08:32:44.000000000 +0000 @@ -24,9 +24,9 @@ sprintf(url, "%.500s", miscptr); ptr = strstr(miscptr, "://"); // :// check is in hydra.c sprintf(host, "Host: %.50s", ptr + 3); - if ((ptr = index(host, '/')) != NULL) + if ((ptr = strchr(host, '/')) != NULL) *ptr = 0; - if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[') + if ((ptr = strchr(host + 6, ':')) != NULL && host[0] != '[') *ptr = 0; strcat(host, "\r\n"); } @@ -185,7 +185,7 @@ char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; - auth_hdr == NULL; + auth_hdr = NULL; pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); buffer[sizeof(buffer) - 1] = '\0'; @@ -232,7 +232,7 @@ } } - ptr = ((char *)index(http_proxy_buf, ' ')) + 1; + ptr = ((char *)strchr(http_proxy_buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2') || (*ptr == '4' && *(ptr + 2) == '4')) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); @@ -240,7 +240,7 @@ http_proxy_buf = NULL; } else { if (*ptr != '4') - hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(index(http_proxy_buf, ' ') + 1), login, pass); + hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(strchr(http_proxy_buf, ' ') + 1), login, pass); else if (verbose && *(ptr + 2) == '3') hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); hydra_completed_pair(); diff -Nru hydra-9.2/hydra-http-proxy-urlenum.c hydra-9.4/hydra-http-proxy-urlenum.c --- hydra-9.2/hydra-http-proxy-urlenum.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-http-proxy-urlenum.c 2022-09-08 08:32:44.000000000 +0000 @@ -28,17 +28,17 @@ ptr++; strncpy(mhost, ptr, sizeof(mhost) - 1); mhost[sizeof(mhost) - 1] = 0; - if ((ptr = index(mhost, '/')) != NULL) + if ((ptr = strchr(mhost, '/')) != NULL) *ptr = 0; - if ((ptr = index(mhost, ']')) != NULL) + if ((ptr = strchr(mhost, ']')) != NULL) *ptr = 0; - else if ((ptr = index(mhost, ':')) != NULL) + else if ((ptr = strchr(mhost, ':')) != NULL) *ptr = 0; - if (miscptr != NULL && index(miscptr, ':') != NULL) { + if (miscptr != NULL && strchr(miscptr, ':') != NULL) { strncpy(mlogin, miscptr, sizeof(mlogin) - 1); mlogin[sizeof(mlogin) - 1] = 0; - ptr = index(mlogin, ':'); + ptr = strchr(mlogin, ':'); *ptr++ = 0; strncpy(mpass, ptr, sizeof(mpass) - 1); mpass[sizeof(mpass) - 1] = 0; @@ -215,7 +215,7 @@ } } // result analysis - ptr = ((char *)index(buf, ' ')) + 1; + ptr = ((char *)strchr(buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { hydra_report_found_host(port, ip, "http-proxy", fp); if (fp != stdout) diff -Nru hydra-9.2/hydra-mod.c hydra-9.4/hydra-mod.c --- hydra-9.2/hydra-mod.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-mod.c 2022-09-08 08:32:44.000000000 +0000 @@ -7,7 +7,8 @@ #include #endif #ifdef HAVE_PCRE -#include +#define PCRE2_CODE_UNIT_WIDTH 8 +#include #endif #define MAX_CONNECT_RETRY 1 @@ -295,13 +296,13 @@ send(s, buf, strlen(buf), 0); if (debug) { - char *ptr = index(buf, '\r'); + char *ptr = strchr(buf, '\r'); if (ptr != NULL) *ptr = 0; printf("DEBUG_CONNECT_PROXY_SENT: %s\n", buf); } recv(s, buf, 4096, 0); - if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') { + if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = strchr(buf, ' ')) != NULL && *++tmpptr == '2') { if (debug) printf("DEBUG_CONNECT_PROXY_OK\n"); } else { @@ -637,9 +638,11 @@ __fck = write(intern_socket, "C", 1); else if (code == 2) /* application protocol error or service shutdown */ __fck = write(intern_socket, "E", 1); - // code 3 means exit without telling mommy about it - a bad idea. mommy should + else if (code == 3) /* application protocol error or service shutdown */ + __fck = write(intern_socket, "D", 1); + // code 4 means exit without telling mommy about it - a bad idea. mommy should // know - else if (code == -1 || code > 3) { + else if (code == -1 || code > 4) { fprintf(stderr, "[TOTAL FUCKUP] a module should not use " "hydra_child_exit(-1) ! Fix it in the source please ...\n"); __fck = write(intern_socket, "E", 1); @@ -1289,19 +1292,23 @@ #ifdef HAVE_PCRE int32_t hydra_string_match(char *str, const char *regex) { - pcre *re = NULL; - int32_t offset_error = 0; - const char *error = NULL; + pcre2_code *re = NULL; + int32_t error_code = 0; + PCRE2_SIZE error_offset; int32_t rc = 0; - re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL); + re = pcre2_compile(regex, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS | PCRE2_DOTALL, &error_code, &error_offset, NULL); if (re == NULL) { - fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %s\n", offset_error, error); + fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %d\n", error_offset, error_code); return 0; } - rc = pcre_exec(re, NULL, str, strlen(str), 0, 0, NULL, 0); - if (rc >= 0) { + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(re, NULL); + rc = pcre2_match(re, str, PCRE2_ZERO_TERMINATED, 0, 0, match_data, NULL); + pcre2_match_data_free(match_data); + pcre2_code_free(re); + + if (rc >= 1) { return 1; } return 0; diff -Nru hydra-9.2/hydra-mod.h hydra-9.4/hydra-mod.h --- hydra-9.2/hydra-mod.h 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-mod.h 2022-09-08 08:32:44.000000000 +0000 @@ -67,7 +67,16 @@ char *proxy_authentication[MAX_PROXY_COUNT]; char *cmdlinetarget; +#ifndef __APPLE__ typedef int32_t BOOL; +#else /* __APPLE__ */ +/* ensure compatibility with objc libraries */ +#if (TARGET_OS_IPHONE && __LP64__) || TARGET_OS_WATCH +typedef bool BOOL; +#else +typedef signed char BOOL; +#endif +#endif /* __APPLE__ */ #define hydra_report fprintf diff -Nru hydra-9.2/hydra-mongodb.c hydra-9.4/hydra-mongodb.c --- hydra-9.2/hydra-mongodb.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-mongodb.c 2022-09-08 08:32:44.000000000 +0000 @@ -72,7 +72,7 @@ mongoc_log_set_handler(NULL, NULL); bson_init(&q); - snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s", login, pass, hydra_address2string(ip), miscptr); + snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr); client = mongoc_client_new(uri); if (!client) return 3; diff -Nru hydra-9.2/hydra-radmin2.c hydra-9.4/hydra-radmin2.c --- hydra-9.2/hydra-radmin2.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-radmin2.c 2022-09-08 08:32:44.000000000 +0000 @@ -366,6 +366,7 @@ hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid()); hydra_child_exit(2); } + free(msg); } #endif } diff -Nru hydra-9.2/hydra-rdp.c hydra-9.4/hydra-rdp.c --- hydra-9.2/hydra-rdp.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-rdp.c 2022-09-08 08:32:44.000000000 +0000 @@ -22,10 +22,14 @@ instance->settings->Username = login; instance->settings->Password = password; instance->settings->IgnoreCertificate = TRUE; - instance->settings->AuthenticationOnly = TRUE; + if (password[0] == 0) + instance->settings->AuthenticationOnly = FALSE; + else + instance->settings->AuthenticationOnly = TRUE; instance->settings->ServerHostname = server; instance->settings->ServerPort = port; instance->settings->Domain = domain; + instance->settings->MaxTimeInCheckLoop = 100; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); return err; @@ -54,6 +58,8 @@ } login_result = rdp_connect(server, port, domain, login, pass); + if (debug) + hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result); switch (login_result) { case 0: // login success diff -Nru hydra-9.2/hydra-rtsp.c hydra-9.4/hydra-rtsp.c --- hydra-9.2/hydra-rtsp.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-rtsp.c 2022-09-08 08:32:44.000000000 +0000 @@ -9,6 +9,7 @@ #include "hydra-mod.h" #include "sasl.h" #include +#define _GNU_SOURCE #include extern char *HYDRA_EXIT; @@ -16,7 +17,7 @@ char packet2[500]; int32_t is_Unauthorized(char *s) { - if (strstr(s, "401 Unauthorized") != NULL) { + if (strcasestr(s, "401 Unauthorized") != NULL) { return 1; } else { return 0; @@ -24,7 +25,7 @@ } int32_t is_NotFound(char *s) { - if (strstr(s, "404 Stream Not Found") != NULL) { + if (strcasestr(s, "404 Stream") != NULL || strcasestr(s, "404 Not") != NULL) { return 1; } else { return 0; @@ -32,7 +33,7 @@ } int32_t is_Authorized(char *s) { - if (strstr(s, "200 OK") != NULL) { + if (strcasestr(s, "200 OK") != NULL) { return 1; } else { return 0; @@ -40,7 +41,7 @@ } int32_t use_Basic_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Basic") != NULL) { + if (strcasestr(s, "WWW-Authenticate: Basic") != NULL) { return 1; } else { return 0; @@ -48,7 +49,7 @@ } int32_t use_Digest_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Digest") != NULL) { + if (strcasestr(s, "WWW-Authenticate: Digest") != NULL) { return 1; } else { return 0; @@ -104,42 +105,37 @@ } else { create_core_packet(1, ip, port); - if (use_Basic_Auth(lresp) == 1) { + if (use_Digest_Auth(lresp) == 1) { + char aux[500] = "", dbuf[500] = "", *result = NULL; + char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); + + strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); + aux[sizeof(aux) - 1] = '\0'; + free(lresp); +#ifdef LIBOPENSSL + result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); +#else + hydra_report(stderr, "[ERROR] Digest auth required but compiled " + "without OpenSSL/MD5 support\n"); + return 3; +#endif + if (result == NULL) { + hydra_report(stderr, "[ERROR] digest generation failed\n"); + return 3; + } + sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + } else if (use_Basic_Auth(lresp) == 1) { free(lresp); sprintf(buffer2, "%.249s:%.249s", login, pass); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2); - - if (debug) { + if (debug) hydra_report(stderr, "C:%s\n", buffer); - } } else { - if (use_Digest_Auth(lresp) == 1) { - char aux[500] = "", dbuf[500] = "", *result = NULL; - char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); - - strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); - aux[sizeof(aux) - 1] = '\0'; - free(lresp); -#ifdef LIBOPENSSL - result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); -#else - hydra_report(stderr, "[ERROR] Digest auth required but compiled " - "without OpenSSL/MD5 support\n"); - return 3; -#endif - - if (result == NULL) { - hydra_report(stderr, "[ERROR] digest generation failed\n"); - return 3; - } - sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf); - - if (debug) { - hydra_report(stderr, "C:%s\n", buffer); - } - } + hydra_report(stderr, "[ERROR] unknown authentication protocol\n"); + return 1; } if (strlen(buffer) == 0) { @@ -159,7 +155,7 @@ return 1; } - if ((is_NotFound(lresp))) { + if (is_NotFound(lresp) || is_Authorized(lresp)) { free(lresp); hydra_completed_pair_found(); diff -Nru hydra-9.2/hydra-sip.c hydra-9.4/hydra-sip.c --- hydra-9.2/hydra-sip.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-sip.c 2022-09-08 08:32:44.000000000 +0000 @@ -42,7 +42,7 @@ int32_t code; char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF]; - if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3) + if (sscanf(buf, "%256s %i %256s", tmpbuf, &code, word) != 3) return -1; return code; } @@ -71,14 +71,12 @@ } int32_t has_sip_cred = 0; - int32_t try - = 0; + int32_t try = 0; /* We have to check many times because server may begin to send "100 Trying" * before "401 Unauthorized" */ while (try < 2 && !has_sip_cred) { - try - ++; + try++; if (hydra_data_ready_timed(s, 3, 0) > 0) { i = hydra_recv(s, (char *)buf, sizeof(buf) - 1); if (i > 0) @@ -160,14 +158,12 @@ if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; } - try - = 0; + try = 0; int32_t has_resp = 0; int32_t sip_code = 0; while (try < 2 && !has_resp) { - try - ++; + try++; if (hydra_data_ready_timed(s, 5, 0) > 0) { memset(buf, 0, sizeof(buf)); if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0) diff -Nru hydra-9.2/hydra-smb.c hydra-9.4/hydra-smb.c --- hydra-9.2/hydra-smb.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-smb.c 2022-09-08 08:32:44.000000000 +0000 @@ -1494,7 +1494,7 @@ ctime = time(NULL); do { usleepn(300); - } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL)); + } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 >= time(NULL)); if (ready <= 0) { fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port); diff -Nru hydra-9.2/hydra-smtp-enum.c hydra-9.4/hydra-smtp-enum.c --- hydra-9.2/hydra-smtp-enum.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-smtp-enum.c 2022-09-08 08:32:44.000000000 +0000 @@ -128,13 +128,13 @@ //#endif // hydra_report(stderr, "Server %s", err); // } - if (strncmp(buf, "500 ", 4) == 0) { + if (strncmp(buf, "500 ", 4) == 0 || strncmp(buf, "502 ", 4) == 0) { hydra_report(stderr, "[ERROR] command is disabled on the server (choose " "different method): %s", buf); free(buf); - return 3; + return 4; } memset(buffer, 0, sizeof(buffer)); // 503 5.5.1 Error: nested MAIL command @@ -245,6 +245,12 @@ } hydra_child_exit(0); return; + case 4: /* unsupported exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(3); + return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); diff -Nru hydra-9.2/hydra-ssh.c hydra-9.4/hydra-ssh.c --- hydra-9.2/hydra-ssh.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-ssh.c 2022-09-08 08:32:44.000000000 +0000 @@ -34,11 +34,12 @@ if (new_session) { if (session) { ssh_disconnect(session); - ssh_finalize(); + // ssh_finalize(); ssh_free(session); + } else { + ssh_init(); } - ssh_init(); session = ssh_new(); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); @@ -173,6 +174,7 @@ // 3 skip target because its unreachable #ifdef LIBSSH int32_t rc, method; + ssh_init(); ssh_session session = ssh_new(); if (verbose || debug) diff -Nru hydra-9.2/hydra-sshkey.c hydra-9.4/hydra-sshkey.c --- hydra-9.2/hydra-sshkey.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-sshkey.c 2022-09-08 08:32:44.000000000 +0000 @@ -33,8 +33,9 @@ if (new_session) { if (session) { ssh_disconnect(session); - ssh_finalize(); ssh_free(session); + } else { + ssh_init(); } session = ssh_new(); diff -Nru hydra-9.2/hydra-telnet.c hydra-9.4/hydra-telnet.c --- hydra-9.2/hydra-telnet.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-telnet.c 2022-09-08 08:32:44.000000000 +0000 @@ -36,7 +36,7 @@ if ((buf = hydra_receive_line(s)) == NULL) return 1; - if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL) { + if (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '%') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); @@ -75,16 +75,41 @@ } /*win7 answering with do terminal type = 0xfd 0x18 */ - while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "password:") == NULL || strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "incorrect") == NULL && strstr(buf, "bad ") == NULL && (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL || strchr(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; - } - free(buf); + } else if (buf && strstr(buf, "assword:")) { + hydra_completed_pair(); + // printf("password prompt\n"); + free(buf); + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + sprintf(buffer, "%s\r", pass); + if (no_line_mode) { + for (i = 0; i < strlen(buffer); i++) { + if (strcmp(&buffer[i], "\r") == 0) { + send(s, "\r\0", 2, 0); + } else { + send(s, &buffer[i], 1, 0); + } + usleepn(20); + } + } else { + if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { + return 1; + } + } + } else if (buf && strstr(buf, "login:")) { + free(buf); + hydra_completed_pair(); + return 2; + } else + free(buf); } hydra_completed_pair(); diff -Nru hydra-9.2/hydra-vnc.c hydra-9.4/hydra-vnc.c --- hydra-9.2/hydra-vnc.c 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-vnc.c 2022-09-08 08:32:44.000000000 +0000 @@ -19,7 +19,7 @@ int32_t failed_auth = 0; extern char *HYDRA_EXIT; -char *buf; +static char *buf; /* * Encrypt CHALLENGESIZE bytes in memory using a password. diff -Nru hydra-9.2/hydra-wizard.sh hydra-9.4/hydra-wizard.sh --- hydra-9.2/hydra-wizard.sh 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/hydra-wizard.sh 2022-09-08 08:32:44.000000000 +0000 @@ -33,10 +33,10 @@ test -e "$pass" || passs="-p $pass" test -n "$port" && ports="-s $port" test -n "$pw" && pws="-e $pw" -test -n "$opt" && opts="-m '$opt'" +test -n "$opt" && { opts="-m $opt" ; dopts="-m '$opt'" ; } echo The following command will be executed now: -echo " hydra $users $passs -u $pws $ports $opts $targets $service" +echo " hydra $users $passs -u $pws $ports $dopts $targets $service" echo read -p "Do you want to run the command now? [Y/n] " yn test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; } diff -Nru hydra-9.2/INSTALL hydra-9.4/INSTALL --- hydra-9.2/INSTALL 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/INSTALL 2022-09-08 08:32:44.000000000 +0000 @@ -6,6 +6,23 @@ Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel + +For Termux/Android you need the following setup: + +Install the necessary dependencies + # pkg install -y x11-repo + # pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 +And then compiling hydra + # ./configure --prefix=$PREFIX + # make + # make install + + +To use xhydra, you will need to install a graphical output in termux, you can be guided from this article: + +https://wiki.termux.com/wiki/Graphical_Environment + + For the Oracle login module, install the basic and SDK packages: http://www.oracle.com/technetwork/database/features/instant-client/index.html diff -Nru hydra-9.2/LICENSE hydra-9.4/LICENSE --- hydra-9.2/LICENSE 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/LICENSE 2022-09-08 08:32:44.000000000 +0000 @@ -1,12 +1,7 @@ -[see the end of the file for the special exception for linking with OpenSSL - - debian people need this] - - - GNU AFFERO GENERAL PUBLIC LICENSE Version 3, 19 November 2007 - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -638,8 +633,8 @@ Copyright (C) This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -648,7 +643,7 @@ GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . + along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. @@ -663,21 +658,4 @@ You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see -. - - -Special Exception - - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the - * OpenSSL library under certain conditions as described in each - * individual source file, and distribute linked combinations - * including the two. - * You must obey the GNU Affero General Public License in all respects - * for all of the code used other than OpenSSL. If you modify - * file(s) with this exception, you may extend this exception to your - * version of the file(s), but you are not obligated to do so. If you - * do not wish to do so, delete this exception statement from your - * version. If you delete this exception statement from all source - * files in the program, then also delete it here. - +. diff -Nru hydra-9.2/LICENSE_OPENSSL hydra-9.4/LICENSE_OPENSSL --- hydra-9.2/LICENSE_OPENSSL 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/LICENSE_OPENSSL 2022-09-08 08:32:44.000000000 +0000 @@ -0,0 +1,178 @@ +/* + * (c) 2002, 2003, 2004 by Jason McLaughlin and Riadh Elloumi + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * is provided AS IS, WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and + * NON-INFRINGEMENT. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc. + * + * Free Software Foundation + * 51 Franklin Street, Fifth Floor + * Boston, MA 02110-1335 + * USA + * + * Telephone: +1-617-542-5942 + * Fax: +1-617-542-2652 + * General email: info@fsf.org + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + */ + +Certain source files in this program permit linking with the OpenSSL +library (http://www.openssl.org), which otherwise wouldn't be allowed +under the GPL. For purposes of identifying OpenSSL, most source files +giving this permission limit it to versions of OpenSSL having a license +identical to that listed in this file (LICENSE.OpenSSL). It is not +necessary for the copyright years to match between this file and the +OpenSSL version in question. However, note that because this file is +an extension of the license statements of these source files, this file +may not be changed except with permission from all copyright holders +of source files in this program which reference this file. + + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + diff -Nru hydra-9.2/LICENSE.OPENSSL hydra-9.4/LICENSE.OPENSSL --- hydra-9.2/LICENSE.OPENSSL 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/LICENSE.OPENSSL 1970-01-01 00:00:00.000000000 +0000 @@ -1,178 +0,0 @@ -/* - * (c) 2002, 2003, 2004 by Jason McLaughlin and Riadh Elloumi - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * is provided AS IS, WITHOUT ANY WARRANTY; without even the implied - * warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and - * NON-INFRINGEMENT. See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc. - * - * Free Software Foundation - * 51 Franklin Street, Fifth Floor - * Boston, MA 02110-1335 - * USA - * - * Telephone: +1-617-542-5942 - * Fax: +1-617-542-2652 - * General email: info@fsf.org - * - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the - * OpenSSL library under certain conditions as described in each - * individual source file, and distribute linked combinations - * including the two. - * You must obey the GNU General Public License in all respects - * for all of the code used other than OpenSSL. If you modify - * file(s) with this exception, you may extend this exception to your - * version of the file(s), but you are not obligated to do so. If you - * do not wish to do so, delete this exception statement from your - * version. If you delete this exception statement from all source - * files in the program, then also delete it here. - */ - -Certain source files in this program permit linking with the OpenSSL -library (http://www.openssl.org), which otherwise wouldn't be allowed -under the GPL. For purposes of identifying OpenSSL, most source files -giving this permission limit it to versions of OpenSSL having a license -identical to that listed in this file (LICENSE.OpenSSL). It is not -necessary for the copyright years to match between this file and the -OpenSSL version in question. However, note that because this file is -an extension of the license statements of these source files, this file -may not be changed except with permission from all copyright holders -of source files in this program which reference this file. - - - LICENSE ISSUES - ============== - - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of - the OpenSSL License and the original SSLeay license apply to the toolkit. - See below for the actual license texts. Actually both licenses are BSD-style - Open Source licenses. In case of any license issues related to OpenSSL - please contact openssl-core@openssl.org. - - OpenSSL License - --------------- - -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - Original SSLeay License - ----------------------- - -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - diff -Nru hydra-9.2/Makefile hydra-9.4/Makefile --- hydra-9.2/Makefile 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/Makefile 2022-09-08 08:32:44.000000000 +0000 @@ -3,3 +3,6 @@ clean: cp -f Makefile.orig Makefile + +uninstall: + @echo Error: you must run "./configure" first diff -Nru hydra-9.2/Makefile.am hydra-9.4/Makefile.am --- hydra-9.2/Makefile.am 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/Makefile.am 2022-09-08 08:32:44.000000000 +0000 @@ -1,16 +1,18 @@ # -# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC +# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC # WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition +OPTS=-I. -O3 $(CFLAGS) -fcommon # -Wall -g -pedantic LIBS=-lm DESTDIR ?= BINDIR = /bin MANDIR = /man/man1/ DATADIR = /etc +PIXDIR = /share/pixmaps +APPDIR = /share/applications SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ @@ -23,13 +25,13 @@ hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ + hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ hydra-smb2.c OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ @@ -65,7 +67,7 @@ $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) strip: all - strip $(BINS) + -strip $(BINS) -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null install: strip @@ -78,8 +80,18 @@ -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) + -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ + -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) + -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile +uninstall: + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv + -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 + -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png + -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop diff -Nru hydra-9.2/Makefile.orig hydra-9.4/Makefile.orig --- hydra-9.2/Makefile.orig 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/Makefile.orig 2022-09-08 08:32:44.000000000 +0000 @@ -3,3 +3,6 @@ clean: cp -f Makefile.orig Makefile + +uninstall: + @echo Error: you must run "./configure" first diff -Nru hydra-9.2/README hydra-9.4/README --- hydra-9.2/README 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/README 2022-09-08 08:32:44.000000000 +0000 @@ -0,0 +1,545 @@ + + H Y D R A + + (c) 2001-2022 by van Hauser / THC + https://github.com/vanhauser-thc/thc-hydra + many modules were written by David (dot) Maciejak @ gmail (dot) com + BFG code by Jan Dlabal + + Licensed under AGPLv3 (see LICENSE file) + + Please do not use in military or secret service organizations, + or for illegal purposes. + (This is the wish of the author and non-binding. Many people working + in these organizations do not care for laws and ethics anyways. + You are not one of the "good" ones if you ignore this.) + + NOTE: no this is not meant to be a markdown doc! old school! + + +Hydra in the most current github state can be directly downloaded via docker: +``` +docker pull vanhauser/hydra +``` + + +INTRODUCTION +------------ +Number one of the biggest security holes are passwords, as every password +security study shows. +This tool is a proof of concept code, to give researchers and security +consultants the possibility to show how easy it would be to gain unauthorized +access from remote to a system. + +THIS TOOL IS FOR LEGAL PURPOSES ONLY! + +There are already several login hacker tools available, however, none does +either support more than one protocol to attack or support parallelized +connects. + +It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, +FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. + +Currently this tool supports the following protocols: + Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, + HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, + HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, + Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, + Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, + SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, + VNC and XMPP. + +However the module engine for new services is very easy so it won't take a +long time until even more services are supported. +Your help in writing, enhancing or fixing modules is highly appreciated!! :-) + + + +WHERE TO GET +------------ +You can always find the newest release/production version of hydra at its +project page at https://github.com/vanhauser-thc/thc-hydra/releases +If you are interested in the current development state, the public development +repository is at Github: + svn co https://github.com/vanhauser-thc/thc-hydra + or + git clone https://github.com/vanhauser-thc/thc-hydra +Use the development version at your own risk. It contains new features and +new bugs. Things might not work! + +Alternatively (and easier) to can pull it as a docker container: +``` +docker pull vanhauser/hydra +``` + + +HOW TO COMPILE +-------------- +To configure, compile and install hydra, just type: + +``` +./configure +make +make install +``` + +If you want the ssh module, you have to setup libssh (not libssh2!) on your +system, get it from https://www.libssh.org, for ssh v1 support you also need +to add "-DWITH_SSH1=On" option in the cmake command line. +IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! + +If you use Ubuntu/Debian, this will install supplementary libraries needed +for a few optional modules (note that some might not be available on your distribution): + +``` +apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ + libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ + firebird-dev libmemcached-dev libgpg-error-dev \ + libgcrypt11-dev libgcrypt20-dev +``` + +This enables all optional modules and features with the exception of Oracle, +SAP R/3, NCP and the apple filing protocol - which you will need to download and +install from the vendor's web sites. + +For all other Linux derivates and BSD based systems, use the system +software installer and look for similarly named libraries like in the +command above. In all other cases, you have to download all source libraries +and compile them manually. + + + +SUPPORTED PLATFORMS +------------------- +- All UNIX platforms (Linux, *BSD, Solaris, etc.) +- MacOS (basically a BSD clone) +- Windows with Cygwin (both IPv4 and IPv6) +- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) + + + +HOW TO USE +---------- +If you just enter `hydra`, you will see a short summary of the important +options available. +Type `./hydra -h` to see all available command line options. + +Note that NO login/password file is included. Generate them yourself. +A default password list is however present, use "dpl4hydra.sh" to generate +a list. + +For Linux users, a GTK GUI is available, try `./xhydra` + +For the command line usage, the syntax is as follows: + For attacking one target or a network, you can use the new "://" style: + hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS + The old mode can be used for these too, and additionally if you want to + specify your targets from a text file, you *must* use this one: + +``` +hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] +``` + +Via the command line options you specify which logins to try, which passwords, +if SSL should be used, how many parallel tasks to use for attacking, etc. + +PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, +http-get or many others are available +TARGET is the target you want to attack +MODULE-OPTIONS are optional values which are special per PROTOCOL module + +FIRST - select your target + you have three options on how to specify the target you want to attack: + 1. a single target on the command line: just put the IP or DNS address in + 2. a network range on the command line: CIDR specification like "192.168.0.0/24" + 3. a list of hosts in a text file: one line per entry (see below) + +SECOND - select your protocol + Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. + Use a port scanner to see which protocols are enabled on the target. + +THIRD - check if the module has optional parameters + hydra -U PROTOCOL + e.g. hydra -U smtp + +FOURTH - the destination port + this is optional, if no port is supplied the default common port for the + PROTOCOL is used. + If you specify SSL to use ("-S" option), the SSL common port is used by default. + + +If you use "://" notation, you must use "[" "]" brackets if you want to supply +IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: + hydra [some command line options] ftp://[192.168.0.0/24]/ + hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM + +Note that everything hydra does is IPv4 only! +If you want to attack IPv6 addresses, you must add the "-6" command line option. +All attacks are then IPv6 only! + +If you want to supply your targets via a text file, you can not use the :// +notation but use the old style and just supply the protocol (and module options): + hydra [some command line options] -M targets.txt ftp +You can also supply the port for each target entry by adding ":" after a +target entry in the file, e.g.: + +``` +foo.bar.com +target.com:21 +unusual.port.com:2121 +default.used.here.com +127.0.0.1 +127.0.0.1:2121 +``` + +Note that if you want to attach IPv6 targets, you must supply the -6 option +and *must* put IPv6 addresses in brackets in the file(!) like this: + +``` +foo.bar.com +target.com:21 +[fe80::1%eth0] +[2001::1] +[2002::2]:8080 +[2a01:24a:133:0:00:123:ff:1a] +``` + +LOGINS AND PASSWORDS +-------------------- +You have many options on how to attack with logins and passwords +With -l for login and -p for password you tell hydra that this is the only +login and/or password to try. +With -L for logins and -P for passwords you supply text files with entries. +e.g.: + +``` +hydra -l admin -p password ftp://localhost/ +hydra -L default_logins.txt -p test ftp://localhost/ +hydra -l admin -P common_passwords.txt ftp://localhost/ +hydra -L logins.txt -P passwords.txt ftp://localhost/ +``` + +Additionally, you can try passwords based on the login via the "-e" option. +The "-e" option has three parameters: + +``` +s - try the login as password +n - try an empty password +r - reverse the login and try it as password +``` + +If you want to, e.g. try "try login as password and "empty password", you +specify "-e sn" on the command line. + +But there are two more modes for trying passwords than -p/-P: +You can use text file which where a login and password pair is separated by a colon, +e.g.: + +``` +admin:password +test:test +foo:bar +``` + +This is a common default account style listing, that is also generated by the +dpl4hydra.sh default account file generator supplied with hydra. +You use such a text file with the -C option - note that in this mode you +can not use -l/-L/-p/-P options (-e nsr however you can). +Example: + +``` +hydra -C default_accounts.txt ftp://localhost/ +``` + +And finally, there is a bruteforce mode with the -x option (which you can not +use with -p/-P/-C): + +``` +-x minimum_length:maximum_length:charset +``` + +the charset definition is `a` for lowercase letters, `A` for uppercase letters, +`1` for numbers and for anything else you supply it is their real representation. +Examples: + +``` +-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters +-x 2:5:/ generate passwords from length 2 to 5 containing only slashes +-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers +``` + +Example: + +``` +hydra -l ftp -x 3:3:a ftp://localhost/ +``` + +SPECIAL OPTIONS FOR MODULES +--------------------------- +Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m +command line option, you can pass one option to a module. +Many modules use this, a few require it! + +To see the special option of a module, type: + + hydra -U + +e.g. + + ./hydra -U http-post-form + +The special options can be passed via the -m parameter, as 3rd command line +option or in the service://target/option format. + +Examples (they are all equal): + +``` +./hydra -l test -p test -m PLAIN 127.0.0.1 imap +./hydra -l test -p test 127.0.0.1 imap PLAIN +./hydra -l test -p test imap://127.0.0.1/PLAIN +``` + +RESTORING AN ABORTED/CRASHED SESSION +------------------------------------ +When hydra is aborted with Control-C, killed or crashes, it leaves a +"hydra.restore" file behind which contains all necessary information to +restore the session. This session file is written every 5 minutes. +NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. +from little endian to big endian, or from Solaris to AIX) + +HOW TO SCAN/CRACK OVER A PROXY +------------------------------ +The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works +just for the http services!). +The following syntax is valid: + +``` +HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" +HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" +HYDRA_PROXY_HTTP="proxylist.txt" +``` + +The last example is a text file containing up to 64 proxies (in the same +format definition as the other examples). + +For all other services, use the HYDRA_PROXY variable to scan/crack. +It uses the same syntax. eg: + +``` +HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port +``` + +for example: + +``` +HYDRA_PROXY=connect://proxy.anonymizer.com:8000 +HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 +HYDRA_PROXY=socksproxylist.txt +``` + +ADDITIONAL HINTS +---------------- +* sort your password files by likelihood and use the -u option to find + passwords much faster! +* uniq your dictionary files! this can save you a lot of time :-) + cat words.txt | sort | uniq > dictionary.txt +* if you know that the target is using a password policy (allowing users + only to choose a password with a minimum length of 6, containing a least one + letter and one number, etc. use the tool pw-inspector which comes along + with the hydra package to reduce the password list: + cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt + + +RESULTS OUTPUT +-------------- + +The results are output to stdio along with the other information. Via the -o +command line option, the results can also be written to a file. Using -b, +the format of the output can be specified. Currently, these are supported: + +* `text` - plain text format +* `jsonv1` - JSON data using version 1.x of the schema (defined below). +* `json` - JSON data using the latest version of the schema, currently there + is only version 1. + +If using JSON output, the results file may not be valid JSON if there are +serious errors in booting Hydra. + + +JSON Schema +----------- +Here is an example of the JSON output. Notes on some of the fields: + +* `errormessages` - an array of zero or more strings that are normally printed + to stderr at the end of the Hydra's run. The text is very free form. +* `success` - indication if Hydra ran correctly without error (**NOT** if + passwords were detected). This parameter is either the JSON value `true` + or `false` depending on completion. +* `quantityfound` - How many username+password combinations discovered. +* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, + 2.03, etc. Hydra will make second tuple of the version to always be two + digits to make it easier for downstream processors (as opposed to v1.1 vs + v1.10). The minor-level versions are additive, so 1.02 will contain more + fields than version 1.00 and will be backward compatible. Version 2.x will + break something from version 1.x output. + +Version 1.00 example: +``` +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2021-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 2, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "host": "127.0.0.1", + "login": "joe@example.com", + "password": "joe", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} +``` + + +SPEED +----- +through the parallelizing feature, this password cracker tool can be very +fast, however it depends on the protocol. The fastest are generally POP3 +and FTP. +Experiment with the task option (-t) to speed things up! The higher - the +faster ;-) (but too high - and it disables the service) + + + +STATISTICS +---------- +Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing +295 entries (294 tries invalid logins, 1 valid). Every test was run three +times (only for "1 task" just once), and the average noted down. + +``` + P A R A L L E L T A S K S +SERVICE 1 4 8 16 32 50 64 100 128 +------- -------------------------------------------------------------------- +telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* +ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 +pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 +imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 +``` + +(*) +Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with +128 tasks, running four times resulted in timings between 28 and 97 seconds! +The reason for this is unknown... + +guesses per task (rounded up): + + 295 74 38 19 10 6 5 3 3 + +guesses possible per connect (depends on the server software and config): + + telnet 4 + ftp 6 + pop3 1 + imap 3 + + + +BUGS & FEATURES +--------------- +Hydra: +Email me or David if you find bugs or if you have written a new module. +vh@thc.org (and put "antispam" in the subject line) + + +You should use PGP to encrypt emails to vh@thc.org : + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v3.3.3 (vh@thc.org) + +mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT +KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ +FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c +vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k +Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p +lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI +zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI +DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf +lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN +DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 +n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB +tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC +F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ +xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH +Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 +qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz +dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp +QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga +V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 +slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl +Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM +0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP +JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs +IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL +CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS +AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ +HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR +2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C +nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc +XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 +Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL +ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V +l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F +n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl +7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb +/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii +tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 +Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR +gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt +x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 +0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS ++C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw +G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA +oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr +rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC +v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 +02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv +s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ +Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK +d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP +gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y +ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP +8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd +X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD +aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN +cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC +Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR +zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni +1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT +zB3yrr+vYBT0uDWmxwPjiJs= +=ytEf +-----END PGP PUBLIC KEY BLOCK----- +``` diff -Nru hydra-9.2/README.md hydra-9.4/README.md --- hydra-9.2/README.md 2021-03-15 17:52:54.000000000 +0000 +++ hydra-9.4/README.md 1970-01-01 00:00:00.000000000 +0000 @@ -1,534 +0,0 @@ - - H Y D R A - - (c) 2001-2021 by van Hauser / THC - https://github.com/vanhauser-thc/thc-hydra - many modules were written by David (dot) Maciejak @ gmail (dot) com - BFG code by Jan Dlabal - - Licensed under AGPLv3 (see LICENSE file) - - Please do not use in military or secret service organizations, - or for illegal purposes. - (This is the wish of the author and non-binding. Many people working - in these organizations do not care for laws and ethics anyways. - You are not one of the "good" ones if you ignore this.) - - - -INTRODUCTION ------------- -Number one of the biggest security holes are passwords, as every password -security study shows. -This tool is a proof of concept code, to give researchers and security -consultants the possibility to show how easy it would be to gain unauthorized -access from remote to a system. - -THIS TOOL IS FOR LEGAL PURPOSES ONLY! - -There are already several login hacker tools available, however, none does -either support more than one protocol to attack or support parallelized -connects. - -It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. - -Currently this tool supports the following protocols: - Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, - HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, - HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, - Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, - Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, - SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, - VNC and XMPP. - -However the module engine for new services is very easy so it won't take a -long time until even more services are supported. -Your help in writing, enhancing or fixing modules is highly appreciated!! :-) - - - -WHERE TO GET ------------- -You can always find the newest release/production version of hydra at its -project page at https://github.com/vanhauser-thc/thc-hydra/releases -If you are interested in the current development state, the public development -repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra - or - git clone https://github.com/vanhauser-thc/thc-hydra -Use the development version at your own risk. It contains new features and -new bugs. Things might not work! - - - -HOW TO COMPILE --------------- -To configure, compile and install hydra, just type: - -``` -./configure -make -make install -``` - -If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need -to add "-DWITH_SSH1=On" option in the cmake command line. -IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! - -If you use Ubuntu/Debian, this will install supplementary libraries needed -for a few optional modules (note that some might not be available on your distribution): - -``` -apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ - libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird-dev libmemcached-dev libgpg-error-dev \ - libgcrypt11-dev libgcrypt20-dev -``` - -This enables all optional modules and features with the exception of Oracle, -SAP R/3, NCP and the apple filing protocol - which you will need to download and -install from the vendor's web sites. - -For all other Linux derivates and BSD based systems, use the system -software installer and look for similarly named libraries like in the -command above. In all other cases, you have to download all source libraries -and compile them manually. - - - -SUPPORTED PLATFORMS -------------------- -- All UNIX platforms (Linux, *BSD, Solaris, etc.) -- MacOS (basically a BSD clone) -- Windows with Cygwin (both IPv4 and IPv6) -- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - - - -HOW TO USE ----------- -If you just enter `hydra`, you will see a short summary of the important -options available. -Type `./hydra -h` to see all available command line options. - -Note that NO login/password file is included. Generate them yourself. -A default password list is however present, use "dpl4hydra.sh" to generate -a list. - -For Linux users, a GTK GUI is available, try `./xhydra` - -For the command line usage, the syntax is as follows: - For attacking one target or a network, you can use the new "://" style: - hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS - The old mode can be used for these too, and additionally if you want to - specify your targets from a text file, you *must* use this one: - -``` -hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] -``` - -Via the command line options you specify which logins to try, which passwords, -if SSL should be used, how many parallel tasks to use for attacking, etc. - -PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, -http-get or many others are available -TARGET is the target you want to attack -MODULE-OPTIONS are optional values which are special per PROTOCOL module - -FIRST - select your target - you have three options on how to specify the target you want to attack: - 1. a single target on the command line: just put the IP or DNS address in - 2. a network range on the command line: CIDR specification like "192.168.0.0/24" - 3. a list of hosts in a text file: one line per entry (see below) - -SECOND - select your protocol - Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. - Use a port scanner to see which protocols are enabled on the target. - -THIRD - check if the module has optional parameters - hydra -U PROTOCOL - e.g. hydra -U smtp - -FOURTH - the destination port - this is optional, if no port is supplied the default common port for the - PROTOCOL is used. - If you specify SSL to use ("-S" option), the SSL common port is used by default. - - -If you use "://" notation, you must use "[" "]" brackets if you want to supply -IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: - hydra [some command line options] ftp://[192.168.0.0/24]/ - hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM - -Note that everything hydra does is IPv4 only! -If you want to attack IPv6 addresses, you must add the "-6" command line option. -All attacks are then IPv6 only! - -If you want to supply your targets via a text file, you can not use the :// -notation but use the old style and just supply the protocol (and module options): - hydra [some command line options] -M targets.txt ftp -You can also supply the port for each target entry by adding ":" after a -target entry in the file, e.g.: - -``` -foo.bar.com -target.com:21 -unusual.port.com:2121 -default.used.here.com -127.0.0.1 -127.0.0.1:2121 -``` - -Note that if you want to attach IPv6 targets, you must supply the -6 option -and *must* put IPv6 addresses in brackets in the file(!) like this: - -``` -foo.bar.com -target.com:21 -[fe80::1%eth0] -[2001::1] -[2002::2]:8080 -[2a01:24a:133:0:00:123:ff:1a] -``` - -LOGINS AND PASSWORDS --------------------- -You have many options on how to attack with logins and passwords -With -l for login and -p for password you tell hydra that this is the only -login and/or password to try. -With -L for logins and -P for passwords you supply text files with entries. -e.g.: - -``` -hydra -l admin -p password ftp://localhost/ -hydra -L default_logins.txt -p test ftp://localhost/ -hydra -l admin -P common_passwords.txt ftp://localhost/ -hydra -L logins.txt -P passwords.txt ftp://localhost/ -``` - -Additionally, you can try passwords based on the login via the "-e" option. -The "-e" option has three parameters: - -``` -s - try the login as password -n - try an empty password -r - reverse the login and try it as password -``` - -If you want to, e.g. try "try login as password and "empty password", you -specify "-e sn" on the command line. - -But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is separated by a colon, -e.g.: - -``` -admin:password -test:test -foo:bar -``` - -This is a common default account style listing, that is also generated by the -dpl4hydra.sh default account file generator supplied with hydra. -You use such a text file with the -C option - note that in this mode you -can not use -l/-L/-p/-P options (-e nsr however you can). -Example: - -``` -hydra -C default_accounts.txt ftp://localhost/ -``` - -And finally, there is a bruteforce mode with the -x option (which you can not -use with -p/-P/-C): - -``` --x minimum_length:maximum_length:charset -``` - -the charset definition is `a` for lowercase letters, `A` for uppercase letters, -`1` for numbers and for anything else you supply it is their real representation. -Examples: - -``` --x 1:3:a generate passwords from length 1 to 3 with all lowercase letters --x 2:5:/ generate passwords from length 2 to 5 containing only slashes --x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -``` - -Example: - -``` -hydra -l ftp -x 3:3:a ftp://localhost/ -``` - -SPECIAL OPTIONS FOR MODULES ---------------------------- -Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -command line option, you can pass one option to a module. -Many modules use this, a few require it! - -To see the special option of a module, type: - - hydra -U - -e.g. - - ./hydra -U http-post-form - -The special options can be passed via the -m parameter, as 3rd command line -option or in the service://target/option format. - -Examples (they are all equal): - -``` -./hydra -l test -p test -m PLAIN 127.0.0.1 imap -./hydra -l test -p test 127.0.0.1 imap PLAIN -./hydra -l test -p test imap://127.0.0.1/PLAIN -``` - -RESTORING AN ABORTED/CRASHED SESSION ------------------------------------- -When hydra is aborted with Control-C, killed or crashes, it leaves a -"hydra.restore" file behind which contains all necessary information to -restore the session. This session file is written every 5 minutes. -NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little endian to big endian, or from Solaris to AIX) - -HOW TO SCAN/CRACK OVER A PROXY ------------------------------- -The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works -just for the http services!). -The following syntax is valid: - -``` -HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" -HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" -HYDRA_PROXY_HTTP="proxylist.txt" -``` - -The last example is a text file containing up to 64 proxies (in the same -format definition as the other examples). - -For all other services, use the HYDRA_PROXY variable to scan/crack. -It uses the same syntax. eg: - -``` -HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port -``` - -for example: - -``` -HYDRA_PROXY=connect://proxy.anonymizer.com:8000 -HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 -HYDRA_PROXY=socksproxylist.txt -``` - -ADDITIONAL HINTS ----------------- -* sort your password files by likelihood and use the -u option to find - passwords much faster! -* uniq your dictionary files! this can save you a lot of time :-) - cat words.txt | sort | uniq > dictionary.txt -* if you know that the target is using a password policy (allowing users - only to choose a password with a minimum length of 6, containing a least one - letter and one number, etc. use the tool pw-inspector which comes along - with the hydra package to reduce the password list: - cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt - - -RESULTS OUTPUT --------------- - -The results are output to stdio along with the other information. Via the -o -command line option, the results can also be written to a file. Using -b, -the format of the output can be specified. Currently, these are supported: - -* `text` - plain text format -* `jsonv1` - JSON data using version 1.x of the schema (defined below). -* `json` - JSON data using the latest version of the schema, currently there - is only version 1. - -If using JSON output, the results file may not be valid JSON if there are -serious errors in booting Hydra. - - -JSON Schema ------------ -Here is an example of the JSON output. Notes on some of the fields: - -* `errormessages` - an array of zero or more strings that are normally printed - to stderr at the end of the Hydra's run. The text is very free form. -* `success` - indication if Hydra ran correctly without error (**NOT** if - passwords were detected). This parameter is either the JSON value `true` - or `false` depending on completion. -* `quantityfound` - How many username+password combinations discovered. -* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, - 2.03, etc. Hydra will make second tuple of the version to always be two - digits to make it easier for downstream processors (as opposed to v1.1 vs - v1.10). The minor-level versions are additive, so 1.02 will contain more - fields than version 1.00 and will be backward compatible. Version 2.x will - break something from version 1.x output. - -Version 1.00 example: -``` -{ - "errormessages": [ - "[ERROR] Error Message of Something", - "[ERROR] Another Message", - "These are very free form" - ], - "generator": { - "built": "2021-03-01 14:44:22", - "commandline": "hydra -b jsonv1 -o results.json ... ...", - "jsonoutputversion": "1.00", - "server": "127.0.0.1", - "service": "http-post-form", - "software": "Hydra", - "version": "v8.5" - }, - "quantityfound": 2, - "results": [ - { - "host": "127.0.0.1", - "login": "bill@example.com", - "password": "bill", - "port": 9999, - "service": "http-post-form" - }, - { - "host": "127.0.0.1", - "login": "joe@example.com", - "password": "joe", - "port": 9999, - "service": "http-post-form" - } - ], - "success": false -} -``` - - -SPEED ------ -through the parallelizing feature, this password cracker tool can be very -fast, however it depends on the protocol. The fastest are generally POP3 -and FTP. -Experiment with the task option (-t) to speed things up! The higher - the -faster ;-) (but too high - and it disables the service) - - - -STATISTICS ----------- -Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing -295 entries (294 tries invalid logins, 1 valid). Every test was run three -times (only for "1 task" just once), and the average noted down. - -``` - P A R A L L E L T A S K S -SERVICE 1 4 8 16 32 50 64 100 128 -------- -------------------------------------------------------------------- -telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* -ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 -pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 -imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 -``` - -(*) -Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with -128 tasks, running four times resulted in timings between 28 and 97 seconds! -The reason for this is unknown... - -guesses per task (rounded up): - - 295 74 38 19 10 6 5 3 3 - -guesses possible per connect (depends on the server software and config): - - telnet 4 - ftp 6 - pop3 1 - imap 3 - - - -BUGS & FEATURES ---------------- -Hydra: -Email me or David if you find bugs or if you have written a new module. -vh@thc.org (and put "antispam" in the subject line) - - -You should use PGP to encrypt emails to vh@thc.org : - -``` ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v3.3.3 (vh@thc.org) - -mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT -KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ -FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c -vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k -Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p -lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI -zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI -DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf -lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN -DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 -n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB -tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC -F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ -xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH -Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 -qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz -dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp -QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga -V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 -slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl -Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM -0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP -JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs -IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL -CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS -AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ -HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR -2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C -nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc -XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 -Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL -ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V -l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F -n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl -7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb -/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii -tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 -Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR -gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt -x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 -0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS -+C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw -G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA -oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr -rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC -v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 -02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv -s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ -Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK -d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP -gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y -ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP -8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd -X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD -aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN -cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC -Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR -zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni -1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT -zB3yrr+vYBT0uDWmxwPjiJs= -=ytEf ------END PGP PUBLIC KEY BLOCK----- -``` diff -Nru hydra-9.2/xhydra.desktop hydra-9.4/xhydra.desktop --- hydra-9.2/xhydra.desktop 1970-01-01 00:00:00.000000000 +0000 +++ hydra-9.4/xhydra.desktop 2022-09-08 08:32:44.000000000 +0000 @@ -0,0 +1,10 @@ +[Desktop Entry] +Name=XHydra +GenericName=Hydra very fast network log-on cracker +Comment=GUI frontend for Hydra network log-on cracker +Version=1.0 +Exec=xhydra +Icon=xhydra +Terminal=false +Type=Application +Categories=System;Security;GTK; Binary files /tmp/tmpeqng5sk5/touMF0RW7e/hydra-9.2/xhydra.png and /tmp/tmpeqng5sk5/qh1gj2iKsT/hydra-9.4/xhydra.png differ