hydra-8.1/0000755000175000010010000000000012441065161011061 5ustar marcNonehydra-8.1/Android.mk0000644000175000010010000000360312441064454013000 0ustar marcNoneLOCAL_PATH:= $(call my-dir) include $(CLEAR_VARS) LOCAL_CFLAGS:= -O3 -DLIBOPENSSL -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE \ -DLIBMYSQLCLIENT -DLIBNCP -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DNO_RINDEX \ -DHAVE_MATH_H -DHAVE_MYSQL_H -DOPENSSL_NO_DEPRECATED -DNO_RSA_LEGACY \ -fdata-sections -ffunction-sections LOCAL_LDFLAGS:=-Wl,--gc-sections LOCAL_C_INCLUDES:= \ $(LOCAL_PATH)\ external/openssl/include\ external/libssh/include\ external/libidn/lib\ external/libmysqlclient/include\ external/subversion/subversion/include\ external/apr/include\ external/firebird/include\ external/libncp/include\ external/libpcre LOCAL_SRC_FILES:= \ bfg.c\ crc32.c\ d3des.c\ hmacmd5.c\ hydra-afp.c\ hydra-asterisk.c\ hydra.c\ hydra-cisco.c\ hydra-cisco-enable.c\ hydra-cvs.c\ hydra-firebird.c\ hydra-ftp.c\ hydra-http.c\ hydra-http-form.c\ hydra-http-proxy.c\ hydra-http-proxy-urlenum.c\ hydra-icq.c\ hydra-imap.c\ hydra-irc.c\ hydra-ldap.c\ hydra-mod.c\ hydra-mssql.c\ hydra-mysql.c\ hydra-ncp.c\ hydra-nntp.c\ hydra-oracle.c\ hydra-oracle-listener.c\ hydra-oracle-sid.c\ hydra-pcanywhere.c\ hydra-pcnfs.c\ hydra-pop3.c\ hydra-postgres.c\ hydra-rdp.c\ hydra-redis.c\ hydra-rexec.c\ hydra-rlogin.c\ hydra-rsh.c\ hydra-s7-300.c\ hydra-sapr3.c\ hydra-sip.c\ hydra-smb.c\ hydra-smtp.c\ hydra-smtp-enum.c\ hydra-snmp.c\ hydra-socks5.c\ hydra-ssh.c\ hydra-sshkey.c\ hydra-svn.c\ hydra-teamspeak.c\ hydra-telnet.c\ hydra-vmauthd.c\ hydra-vnc.c\ hydra-xmpp.c\ ntlm.c\ sasl.c LOCAL_STATIC_LIBRARIES := \ libfbclient \ libidn \ libmysqlclient \ libncp \ libpcre \ libpcrecpp \ libpcreposix \ libpq \ libssh \ libsvn_client-1 \ libapr-1 \ libaprutil-1 \ libiconv\ libneon LOCAL_SHARED_LIBRARIES := \ libcrypto\ libssl\ libsqlite\ libexpat LOCAL_MODULE:= hydra include $(BUILD_EXECUTABLE) hydra-8.1/bfg.c0000644000175000010010000001346312441064454011776 0ustar marcNone /* code original by Jan Dlabal , partially rewritten by vh */ #include #include #include #include #include #include "bfg.h" bf_option bf_options; #ifdef HAVE_MATH_H extern int debug; // return values : 0 on success, 1 on error // // note that we check for -x .:.:ab but not for -x .:.:ba // int bf_init(char *arg) { int i = 0; int crs_len = 0; char flags = 0; char *tmp = strchr(arg, ':'); if (!tmp) { fprintf(stderr, "Error: Invalid option format for -x\n"); return 1; } else { tmp[0] = '\0'; } bf_options.from = atoi(arg); if (bf_options.from < 1 || bf_options.from > 127) { fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n"); return 1; } arg = tmp + 1; tmp++; if (!arg[0]) { fprintf(stderr, "Error: no maximum length specified for -x min:max:types!\n"); return 1; } tmp = strchr(arg, ':'); if (!tmp) { fprintf(stderr, "Error: Invalid option format for -x\n"); return 1; } else { tmp[0] = '\0'; } bf_options.to = atoi(arg); tmp++; if (bf_options.from > bf_options.to) { fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n"); return 1; } if (tmp[0] == 0) { fprintf(stderr, "Error: charset not specified!\n"); return 1; } bf_options.crs = malloc(sizeof(char) * BF_CHARSMAX); if (bf_options.crs == NULL) { fprintf(stderr, "Error: can't allocate enough memory!\n"); return 1; } bf_options.crs[0] = 0; for (; tmp[i]; i++) { switch (tmp[i]) { case 'a': crs_len += 26; if (BF_CHARSMAX - crs_len < 1) { free(bf_options.crs); fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); return 1; } else if (flags & BF_LOWER) { free(bf_options.crs); fprintf(stderr, "Error: 'a' specified more than once in charset!\n"); return 1; } else { strcat(bf_options.crs, "abcdefghijklmnopqrstuvwxyz"); flags |= BF_LOWER; } break; case 'A': crs_len += 26; if (BF_CHARSMAX - crs_len < 1) { free(bf_options.crs); fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); return 1; } else if (flags & BF_UPPER) { free(bf_options.crs); fprintf(stderr, "Error: 'A' specified more than once in charset!\n"); return 1; } else { strcat(bf_options.crs, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); flags |= BF_UPPER; } break; case '1': crs_len += 10; if (BF_CHARSMAX - crs_len < 1) { free(bf_options.crs); fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); return 1; } else if (flags & BF_NUMS) { free(bf_options.crs); fprintf(stderr, "Error: '1' specified more than once in charset!\n"); return 1; } else { strcat(bf_options.crs, "0123456789"); flags |= BF_NUMS; } break; default: if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') { if ((flags & BF_NUMS) > 0) { printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]); continue; } printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]); } if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') { if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) { printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a'); continue; } printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a', tmp[i] <= 'Z' ? "up" : "low"); } crs_len++; if (BF_CHARSMAX - crs_len < 1) { free(bf_options.crs); fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); return 1; } else { bf_options.crs[crs_len - 1] = tmp[i]; bf_options.crs[crs_len] = '\0'; } break; } } bf_options.crs_len = crs_len; bf_options.current = bf_options.from; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); if (debug) printf("[DEBUG] bfg INIT: from %d, to %d, len: %d, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); return 0; } unsigned long int bf_get_pcount() { int i; unsigned long int count = 0; for (i = bf_options.from; i <= bf_options.to; i++) count += (unsigned long int) (pow((float) bf_options.crs_len, (float) i)); return count; } char *bf_next() { int i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) return NULL; // we are done if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } for (i = 0; i < bf_options.current; i++) bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; bf_options.ptr[bf_options.current] = 0; if (debug) { printf("[DEBUG] bfg IN: len %d, from %d, current %d, to %d, state:", bf_options.crs_len, bf_options.from, bf_options.current, bf_options.to); for (i = 0; i < bf_options.current; i++) printf(" %d", bf_options.state[i]); printf(", x: %s\n", bf_options.ptr); } while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; } if (pos < 0) { bf_options.current++; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); } return bf_options.ptr; } #endif hydra-8.1/bfg.h0000644000175000010010000000446212441064454012002 0ustar marcNone/* (c) 2008 Jan Dlabal */ /* */ /* This file is part of the bfg. */ /* */ /* bfgen is free software: you can redistribute it and/or modify */ /* it under the terms of the GNU General Public License as published by */ /* the Free Software Foundation, either version 3 of the License, or */ /* any later version. */ /* */ /* bfgen is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with bfgen. If not, see . */ #ifndef BF_H #define BF_H #define BF_NAME "bfg" #define BF_VERSION "v0.3" #define BF_YEAR "2009" #define BF_WEBSITE "http://houbysoft.com/bfg/" #define BF_BUFLEN 1024 #define BF_CHARSMAX 256 /* how many max possibilities there are for characters, normally it's 2^8 = 256 */ #define BF_LOWER 1 #define BF_UPPER 2 #define BF_NUMS 4 typedef struct { unsigned char from; unsigned char to; unsigned char current; unsigned char state[BF_CHARSMAX]; /* which position has which character */ unsigned char pos; /* where in current string length is the position */ unsigned char crs_len; /* length of selected charset */ char *arg; /* argument received for bfg commandline option */ char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ } bf_option; extern bf_option bf_options; #ifdef HAVE_MATH_H extern unsigned long int bf_get_pcount(); extern int bf_init(char *arg); extern char *bf_next(); #endif #endif hydra-8.1/CHANGES0000644000175000010010000010207112441064454012061 0ustar marcNoneChangelog for hydra ------------------- Release 8.1 * David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best! * Added patch from Ander Juaristi which adds h/H header options for http-form-*, great work, thanks! * Fixed the -M option, works now with many many targets :-) * -M option now supports ports, add a colon in between: "host:port", or, if IPv6, "[ipv6ipaddress]:port" * Found login:password combinations are now printed with the name specified (hostname or IP), not always IP * Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting) * Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks! * Added xhydra gtk patches by Petar Kaleychev to support -h, -U, -f, -F, -q and -e r options, thanks! * Added patch for teamspeak to better identify server errors and auth failures (thanks to Petar Kaleychev) * Fixed a crash in the cisco module (thanks to Anatoly Mamaev for reporting) * Small fix for HTTP form module for redirect pages where a S= string match would not work (thanks to mkosmach for reporting) * Updated configure to detect subversion packages on current Cygwin * Fixed RDP module to support the port option (thanks to and.enshin(at)gmail.com) Release 8.0 ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra * Added module for redis (submitted by Alejandro Ramos, thanks!) * Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach) * Added initial interactive password authentication test for ssh (thanks to Joshua Houghton) * Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev) * Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24 * with -M , you can now specify a port for each entry (use "target:port" per line) * Verified that hydra compiles cleanly on QNX / Blackberry 10 :-) * Bugfixes for -x option: - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting) - fixed crash when used together with -e option * Fixed a bug that hydra would not compile without libssh (introduced in v7.6) * Various bugfixes if many targets where attacked in parallel * Cygwin's Postgresql is working again, hence configure detection re-enabled * Added gcc compilation security options (if detected to be supported by configure script) * Enhancements to the secure compilation options * Checked code with cppcheck and fixed some minor issues. * Checked code with Coverity. Fixed a lot of small and medium issues. Release 7.6 * Added a wizard script for hydra based on a script by Shivang Desai * Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!) * HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon) * SMTP Enum: HELO is now always sent, better 500 error detection * hydra main: - fixed a bug in the IPv6 address parsing when a port was supplied - added info message for pop3, imap and smtp protocol usage * hydra GTK: missed some services, added * dpl4hydra.sh: - added Siemens S7-300 common passwords to default password list - more broad searching in the list * Performed code indention on all C files :-) * Makefile patch to ensure .../etc directory is there (thanks to vonnyfly) Release 7.5 * Moved the license from GPLv3 to AGPLv3 (see LICENSE file) * Added module for Asterisk Call Manager * Added support for Android where some functions are not available * hydra main: - reduced the screen output if run without -h, full screen with -h - fix for IPv6 and port parsing with service://[ipv6address]:port/OPTIONS - fixed -o output (thanks to www417) - warning if HYDRA_PROXY is defined but the module does not use it - fixed an issue with large input files and long entries * hydra library: - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems - removed support for old OPENSSL libraries * HTTP Form module: - login and password values are now encoded if special characters are present - ^USER^ and ^PASS^ are now also supported in H= header values - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\ * Mysql module: protocol 10 is now supported * SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option "TLS" if required. This increases performance. * Cisco module: fixed a small bug (thanks to Vitaly McLain) * Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin Release 7.4.3 FIX RELEASES for bugs introduced in 7.4 * Quickfix for people who do not have libssh installed (won't compile otherwise) * Quickfix for http-get/http-head and irc module which would not run due a new feature. * Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting) Release 7.4 * New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) * Added support for win8 and win2012 server to the RDP module * Better target distribution if -M is used * Added colored output (needs libcurses) * Better library detection for current Cygwin and OS X * Fixed the -W option * Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested * Fixed HTTP Form module false positive when no answer was received from the server * Fixed SMB module return code for invalid hours logon and LM auth disabled * Fixed http-{get|post-form} from xhydra * Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz) * Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-) * Added debug mode option to usage (thanks to Anold Black) Release 7.3 * Hydra main: - Added -F switch to quit all targets if one pair was found (for -M) - Fixed a bug where hydra would terminate after reporting a successful login when an account would accept any password - Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!) - Enhanced the module help * configure script: - Added fix Oracle library inclusion, thanks to Brandon Archer! - Added --nostrip option to prevent binary stripping (requested by Fedora maintainer) * Added a Makefile patch by the Debian maintainers to support their SecurityHardeningBuildFlags for the wheezy build as requested * dpl4hydra: added install directory support * All code: message cleanups * SNMP module - originally already supported write and v2 although this was not in the module help output. Added :-) - added SNMPv3 MD5/SHA1 authentication support, though beta still * HTTP module: - fixed HTTP NTLM auth session - implemented errata fix for HTTP digest md5-sess algorithm - set default path to / * HTTP Form module: - set default path to / - support HTTP/1.0 redirects - fix failed condition check when pcre is not used * IMAP module: fixed auth detection * POP3 module: Updated auth and capability detection * Oracle module: fixed bad handling * Oracle listener module: fixed hash size handling * Telnet/Cisco/Cisco-enable modules: support "press ENTER" prompts * FTP module: - Fixed a bug where 530 messages were incorrectly handled - Clarification for the usage of ftps * Mysql module: added patch from Redhat/Fedora that fixes compile problems * Added IDN and PCRE support for Cygwin Release 7.2 * Speed-up http modules auth mechanism detection * Fixed -C colonfile mode when empty login/passwords were used (thanks to will(at)configitnow(dot)com for reporting) * The -f switch was not working for postgres, afp, socks5, firebird and ncp, thanks to Richard Whitcroft for reporting! * Fixed NTLM auth in http-proxy/http-proxy-url module * Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at * Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com * Fix http form module: optional headers and 3xx status redirect, thx to Gash * Fix in configure script for --prefix option, thanks to dazzlepod * Update of the dpl4hydra script by Roland Kessler, thanks! * Small fix for hydra man page, thanks to brad(at)comstyle(dot)com Release 7.1 * Added HTTP Proxy URL enumeration module * Added SOCKS4/SOCKS5 proxy support with authentication * Added IPv6 support for SOCKS5 module * Added -e r option to try the reversed login as password * Rewrote -x functionality as the code caused too much trouble (thanks to murder.net7(at)gmail.com for reporting one of the issues) * Fixed a bug with multiple hosts (-M) and http modules against targets that are virtual servers. Well spotted by Tyler Krpata! * Fixed SVN IPv6 support and updated deprecated calls * Fixed RDP failed child connection returned value and false positive issues reported by Wangchaohui, thanks! * Fixed restore file functionality, was not working together with -o option * Fix in http-form module for bug introduced in 7.0 * Fixed xhydra specific parameter value for http-proxy module * minor enhancements Release 7.0 * New main engine for hydra: better performance, flexibility and stability * New option -u - loop around users, not passwords * Option -e now also works with -x and -C * Added RDP module, domain can be passed as argument * Added other_domain option to smb module to test trusted domains * Small enhancement for http and http-proxy module for standard ignoring servers * Lots of bugfixes, especially with many tasks, multiple targets and restore file * Fixes for a few http-form issues * Fix smb module NTLM hash use * Fixed Firebird module deprecated API call * Fixed for dpl4hydra to work on old sed implementations (OS/X ...) * Fixed makefile to install dpl4hydra (thx @sitecrea) * Fixed local buffer overflow in debug output function (required -d to be used) * Fixed xhydra running warnings and correct quit action event Release 6.5 * Improved HTTP form module: getting cookie, fail or success condition, follow multiple redirections, support cookie gathering URL, multiple user defined headers * Added interface support for IPv6, needed for connecting to link local fe80:: addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome * Added -W waittime between connects option * The -x bruteforce mode now allows for generated password amounts > 2 billion * Fix if -L was used together with -x * Fixes for http- modules when the http-...://target/options format was used * Fixed a bug in the restore file write function that could lead to a crash * Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T" * Fix: if a proxy was used, unresolveable targets were disabled. now its fine * Fix for service://host/ usage if a colon was used after the URI without a port defined Release 6.4 * Update SIP module to extract and use external IP addr return from server error to bypass NAT * Update SIP module to use SASL lib * Update email modules to check clear mode when TLS mode failed * Update Oracle Listener module to work with Oracle DB 9.2 * Update LDAP module to support Windows 2008 active directory simple auth * Fix to the connection adaptation engine which would loose planned attempts * Fix make script for CentOS, reported by ya0wei * Print error when a service limits connections and few pairs have to be tested * Improved Mysql module to only init/close when needed * Added patch from the FreeBSD maintainers * Module usage help does not need a target to be specified anymore * Configure script now honors /etc/ld.so.conf.d/ directory * Add more SMB dialects Release 6.3 * Added patch by Petar Kaleychev which adds nice icons to cygwin hydra files * Added patch by Gauillaume Rousse which fixes a warning display * New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration) * New SMTP user enum module (using VRFY, EXPN or RCPT command) * Memory leak fix for -x bruteforcing option reported by Alex Lau * Fix for svn module, for some versions it needs one more lib, thanks to the Debian team for reporting! * Fix ssh module, on connection refused a credential could be lost * Fix http-form module, a redirect was not always followed * QA on all modules for memory leaks * Better gtk detection (to not even try xhydra compilation when its useless) * First blant attempt for configuring to x64 systems (Linux and *BSD) * Updated network password cracker comparison on the web page (for hydra and new ncrack) * Indented all source code Release 6.2 * Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) ) * Forgot to rename ssh2 to ssh in xhydra, fixed * Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module * Fix SASL PLAIN auth method issue * Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap * Added man pages from Debian maintainers * Checked Teamspeak module, works on TS2 protocol * Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah ! * New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support * Add SCRAM-SHA1 auth to IMAP module * Add module usage help (-U) * Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep") * Rename smtpauth module to smtp * Add SASL + TLS support for NNTP * Bugfix SASL DIGEST-MD5, response could be wrong sometime, mainly on 64bits systems * Bugfix rlogin module, some auth failure could not be detected accurately * Bugfix rsh module, some auth failure could not be detected accurately * New module: IRC is not dead ! use to find general server password and /oper credential * Add SSL support for VMware Authentication Daemon module * Bugfix CVS module, should work now, why does nobody report this ?? * Bugfix Telnet module, when line mode is not available * Add support for new syntax ://[:][/] * Add TLS support for SIP * STILL OPEN: Fixed a problem in hydra where a login+pw test was lost when an arm/child was quitting Release 6.1 * More license updates for the files for the Debian guys * Fix for the configure script to correctly detect postgresql * Add checks for libssh v0.4 and support for ssh v1 * Merge all latest crypto code in sasl files * Fix SVN compilation issue on openSUSE (tested with v11.3) Release 6.0 * Added GPL exception clause to license to allow linking to OpenSSL - Debian people need this * IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet * Changes to code and configure script to ensure clean compile on Solaris 11, OSX, FreeBSD 8.1, Cygwin and Linux * Bugfix for SIP module, thanks to yori(at)counterhackchallenges(dot)com * Compile fixes for systems without OpenSSL or old OpenSSL installations * Eliminated compile time warnings * xhydra updates to support the new features (david@) * Added CRAM-MD5, DIGEST-MD5 auth mechanism to the smtp-auth module (david@) * Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules (david@) * Added APOP auth to POP3 module (david@) * Added NTLM and DIGEST-MD5 to http-auth module and DIGEST-MD5 to http-proxy module (david@) * Fixed VNC module for None and VLC auth (david@) * Fixes for LDAP module (david@) * Bugfix Telnet module linemode option negotiation using win7 (david@) * Bugfix SSH module when max auth connection is reached (david@) Release 5.9 * Update for the subversion module for newer SVN versions (thanks to David Maciejak @ GMAIL dot com) * Another patch by David to add the PLAIN auth mechanism to the smtp-auth module * mysql module now has two implementations and uses a library when found (again thanks to David Maciejak @ GMAIL dot com - what would hydra be without him) * camiloculpian @ gmail dot com submitted a logo for hydra - looks cool, thanks! * better FTP 530 error code detection * bugfix for the SVN module for non-standard ports (again david@) Release 5.8 * Added Apple Filing Protocol (thank to "never tired" David Maciejak @ GMAIL dot com) * Fixed a big bug in the SSL option (-S) Release 5.7 * Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com) * Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz * Removed unnecessary compiler warnings * Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be * Fixed small local defined overflow in the teamspeak module. Does it still work anyway?? Release 5.6 PRIVATE VERSION ########### * Moved to GPLv3 License (lots of people wanted that) * Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for the 0.2 basis) * Added firebird support (by David Maciejak @ GMAIL dot com) * Added SIP MD5 auth patch (by Jean-Baptiste Aviat 100 ! Soon to come: v5.0 - some cool new features to arrive on your pentest machine! Release 4.6 ########### * Snakebyte delivered a module for Teamspeak * Snakebyte updated the rexec module for the Hydra Palm version * Snakebyte updated xhydra to support the new Telnet success response option * Clarified the Licence * Updated the ldap module to support v3, note that "ldap" is now specified as "ldap2" or "ldap3". Added wrong version detection. Release 4.5 ########### * The configure script now detects Cygwin automatically :-) * The telnet module now handles the OPT special input. Specify the string which is displayed after successfully a login. Use this if you have false positives. * Made smtp-auth module more flexible in EHLO/HELO handling * Fixed some glitches in the SAP/R3 module (correct sysnr, better port handling) thanks to ngregoire@exaprobe.com ! * Fixed some glitches in the http/https module * Fixed a big bug in snakebyte's snmp module * Warning msg is now displayed if the deprecated icq module is used * Added warning message to the ssh2 module during compilation as many people use the newest libssh version which is broken. Release 4.4 ########### * Fixed another floating point exception *sigh* * Fixed -C colon mode * Added EHLO support for the smtp-auth module, required for some smtpd Release 4.3 ########### * Fixed a divide by zero bug in the status report function * Added functionality for skipping accounts (cvs is so nice to report this) * Snakebyte sent in a patch for cvs for skipping nonexisting accounts * sent in a patch to fix proxy support for the HTTP module without proxy authentication Release 4.2 ########### * Snakebyte sent in modules for SNMP and CVS - great work! * Snakebyte also expanded the gtk gui to support the two new modules * Justin sent in a module for smtp-auth ... thanks! * master_up@post.cz sent in some few patches to fix small glitches * Incorporated a check from the openbsd port Release 4.1 ########### * Snakebyte wrote a very nice GTK GUI for hydra! enjoy! * due a bug, sometimes hydra would kill process -1 ... baaaad boy! * found passwords are now also printed to stdout if -o option is used * reported that hydra wouldn't complain on ssh2 option if compiled without support, fixed * made an official port for FreeBSD and sent me a diff to exchange the MD4 of libdes to openssl * noticed that hydra will crash on big wordlists as the result of the mallocs there were not checked, fixed * Snakebyte expanded his PalmOS Version of hydra to nntp and fixed vnc * Increased the wait time for children from 5 to 15 seconds, as e.g. snakebyte reported detection problems * Fixed some display glitches Release v4.0 ############ # # This is a summary of changes of the D1 to D5 beta releases and shows # what makes v4.0 different from 3.1. # Have fun. Lots of it. # # By the way: I need someone to program a nice GTK frontend for hydra, # would YOU like to do that and receive the fame? Send an email to vh@thc.org ! # * For the first time there is not only a UNIX/source release but additionally: ! Windows release (cygwin compile with dll's) ! PalmPilot release ! ARM processor release (for all your Zaurus, iPaq etc. running Linux) * There are new service attack modules: ! ms-sql ! sap r/3 (requires a library) ! ssh v2 (requires a library) * Enhancements/Fixes to service attack modules: ! vnc module didnt work correctly, fixed ! mysql module supports newer versions now ! http module received a minor fix and has better virtual host support now ! http-proxy supports now an optional URL ! socks5 checks now for false positives and daemons without authentication * The core code (hydra.c) was rewritten from scratch ! rewrote the internal distribution functions from scratch. code is now safer, less error prone, easier to read. ! multiple target support rewritten which now includes intelligent load balancing based on success, error and load rate ! intelligently detect maximum connect numbers for services (per server if multiple targets are used) ! intelligent restore file writing ! Faster (up to 15%) ! Full Cygwin and Cygwin IPv6 support * added new tool: pw-inspector - it can be used to just try passwords which matches the target's password policy # # This should be more than enough! :-) # ... the rest below is history ... ########################################################################### # # New Hydra v4.0 code branch # Release D5 * added patches by kan@dcit.cz which enhance the proxy module and provide a small fix for the http module * small beautifcations to make the compiler happy ! This is the final beta version before public release - please test everything! Release D4 * Tick made an update to his configure-arm * snakebyte@gmx.de added imap, vnc and cisco module support to PalmPilot * fixed VNC module * enhanced mysql module to work also with 4.0.x (and all future protocol 10 mysql protocol types) * enhanced socks5 module to identify daemons which do not require authentication, and false positive check (otherwise dante would report all tries as successful) * fixed a bug in configure for D3 which resulted in compile problems on several platforms requiring libcrypto Release D3 * added sapr3 attack module (requires libsdk.a and saprfc.h) * added ssh2 attack module (requires libssh) * snakebyte@gmx.de added telnet module support for PalmPilot * fixed the mssql module, should work now * fixed -e option bug * fixed -C option bug (didnt work at all!!) * fixed double detection (with -e option) plus added simple dictionary double detection * target port is now displayed on start Release D2 * added better virtual host support to the www/http/https/ssl module (based on a patch from alla@scanit.be) * added ARM support (does not work for libdes yet, ssl works), done by Tick * added Palm support (well, in reality it is more a rewrite which can use the hydra-modules), done by snakebyte * added ms-sql attack module (code based on perl script form HD Moore , thanks for contributing) Release D1 (3 March 2003) * rewrote the internal distribution functions from scratch. code is now safer, less error prone, easier to read. * multiple target support rewritten which now includes intelligent load balancing based on success, error and load rate * intelligently detect maximum connect numbers for services (per server if multiple targets are used) * intelligent restore file writing * Faster (up to 15%) * Full Cygwin and Cygwin IPv6 support * added new tool: pw-inspector - it can be used to just try passwords which matches the target's password policy ########################################################################### v3.0 (FEBRUARY 2004) PUBLIC RELEASE * added a restore function to enable you to continue aborted/crashed sessions. Just type "hydra -R" to continue a session. NOTE: this does not work with the -M option! This feature is then disabled! * added a module for http proxy authentication cracking ("http-proxy") :-) * added HTTP and SSL/CONNECT proxy support. SSL/CONNECT proxy support works for *all* TCP protocols, you just need to find a proxy which allows you to CONNECT on port 23 ... The environment variable HYDRA_PROXY_HTTP defines the web proxy. The following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" Same for HYDRA_PROXY_CONNECT. If you require authentication for the proxy, use the HYDRA_PROXY_AUTH environment variable: HYDRA_PROXY_AUTH="login:password" * fixed parallel host scanning engine (thanks to m0j0.j0j0 for reporting) * A status, speed and time to completion report is now printed every minute. * finally updated the README v2.9 (FEBRUARY 2004) PRIVATE RELEASE ... v2.8 (JANUARY 2004) PRIVATE RELEASE ... v2.7 (JANUARY 2004) PUBLIC RELEASE * small fix for the parallel host code (thanks to m0j0@foofus.net) v2.6 (DECEMBER 2003) PUBLIC RELEASE * fixed a compiling problem for picky compilers. v2.5 (NOVEMBER 2003) PUBLIC RELEASE * added a big patch from m0j0@foofus.net which adds: - AAA authentication to the cisco-enable module - Running the attacks on hosts in parallel - new smbnt module, which uses lanman hashes for authentication, needs libdes ! great work and thanks ! * changed code to compile easily on FreeBSD * changed configure to compile easily on MacOS X - Panther (cool OS btw ...) v2.4 (AUGUST 2003) PUBLIC RELEASE * public release === 2.3 stuff=== * added mysql module (thanks to mcbethh@u-n-f.com) * small fix in vnc (thanks to the Nessus team) * added credits for vnc-module (FX/Phenolite) * new ./configure script for better Solaris and *BSD support (copied from amap) * updated to new email/www addresses => www.thc.org v2.2 (OCTOBER 2002) PUBLIC RELEASE * fixed a bug in the -P passwordfile handling ... uhhh ... thanks to all the many people who reported that bug! * added check if a password in -P passwordfile was already done via the -e n|s switch v2.1 (APRIL 2002) PUBLIC RELEASE * added ldap cracking mode (thanks to myself, eh ;-) * added -e option to try null passwords ("-e n") and passwords equal to the login ("-e s"). When specifying -e, -p/-P is optional (and vice versa) * when a login is found, hydra will now go on with the next login v2.0 (APRIL 2002) PRIVATE RELEASE ! with v1.1.14 of Nessus, Hydra is a Nessus plugin! * incorporated code to make hydra a nessus plugin (thanks to deraison@cvs.nessus.org !) * added smb/samba/CIFS cracking mode (thanks to deraison@cvs.nessus.org !) * added cisco-enable cracking mode (thanks to J.Marx@secunet.de !) * minor enhancements and fixes v1.7 (MARCH 2002) PRIVATE RELEASE * configure change to better detect OpenSSL * ported to Solaris v1.6 (FEBRUARY 2002) PUBLIC RELEASE * added socks5 support (thanks to bigbud@weed.tc !) v1.5 (DECEMBER 2001) PRIVATE RELEASE * added -S option for SSL support (for all TCP based protocols) * added -f option to stop attacking once a valid login/pw has been discovered * made modules more hydra-mod compliant * configure stuff thrown out - was not really used and too complicated, wrote my own, lets hope it works everywhere ;-) v1.4 (DECEMBER 2001) PUBLIC RELEASE * added REXEC cracking module * added NNTP cracking module * added VNC cracking module (plus the 3DES library, which is needed) - some of the code ripped from FX/Phenolite :-) thanks a lot * added PCNFS cracking module * added ICQ cracking module (thanks to ocsic !!) * for the pcnfs cracking module, I had to add the hydra_connect_udp function * added several compactibility stuff to work with all the M$ crap v1.3 (September 2001) PUBLIC RELEASE * uh W2K telnetd sends null bytes in negotiation mode. workaround implemented. * Rewrote the finish functions which would sometimes hang. Shutdowns are faster now as well. * Fixed the line count (it was always one to much) * Put more information in the outpufile (-o) * Removed some configure crap. v1.2 (August 2001) PRIVATE RELEASE * Fixed a BIG bug which resulted in accounts being checked serveral times. ugh * Fixed the bug which showed the wrong password for a telnet hack. Works for me. please test. * Added http basic authentication cracking. Works for me. please test. * Fixed the ftp cracker module for occasions where a long welcome message was displayed for ftp. * Removed some compiler warnings. v1.1 (May 2001) PUBLIC RELEASE * Added wait+reconnect functionality to hydra-mod * Additional wait+reconnect for cisco module * Added small waittimes to all attack modules to prevent too fast reconnects * Added cisco Username/Password support to the telnet module * Fixed a deadlock in the modules, plus an additional one in the telnet module v1.0 (April 2001) PUBLIC RELEASE * Verified that all service modules really work, no fix necessary ;-) ... so let's make it public * Changed the LICENCE v0.6 (April 2001) PRIVATE RELEASE * Added hydra-cisco.c for the cisco 3 times "Password:" type * Added hydra-imap.c for the imap service * Fixed a bug in hydra-mod.c: empty logins resulted in an empty hydra_get_next_password() :-(, additionally the blocking/recv works better now. (no, not better - perfect ;-) * Fixed a bug in hydra-telnet.c: too many false alarms for success due some mis-thinking on my side and I also implemented a more flexible checking * Fixed hydra-ftp.c to allow more weird reactions * Fixed all ;-) memory leaks v0.5 (December 2000) PUBLIC RELEASE * NOTE WE HAVE GOT A NEW WWW ADDRESS -> www.thehackerschoice.com * added telnet protocol * exchanged snprintf with sprintf(%.250s) to let it compile on more platforms but still have buffer overflow protection. * fixed a bug in Makefile.in (introduced by Plasmo ,-) v0.4 (August 2000) PUBLIC RELEASE * Plasmoid added a ./configure script. thanks! v0.3 (August 2000) * first release hydra-8.1/configure0000755000175000010010000007603712441064460013006 0ustar marcNone#!/bin/sh # # uname -s = Linux | OpenBSD | FreeBSD # uname -m = i636 or x86_64 if [ "$1" = "-h" -o "$1" = "--help" ]; then echo Options: echo " --prefix=path path to install hydra and its datafiles to" echo " --with-oracle=prefix prefix for oracle include dir" echo " --with-oracle-lib=prefix prefix for oracle lib dir" echo " --disable-xhydra disable compilation of hydra GUI" echo " --nostrip do not per default strip binaries before install" echo " --help this here" exit 0 fi echo echo "Starting hydra auto configuration ..." rm -f Makefile.in SYSS=`uname -s 2> /dev/null` SYSO=`uname -o 2> /dev/null` SIXFOUR="" if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" -o "$SYSS" = "Darwin" ]; then SF=`uname -m | grep 64` if [ `uname -m` = "s390x" ]; then SF=64 fi if [ "x$SF" = "x" ]; then SIXFOUR="" echo Detected 32 Bit $SYSS OS else SIXFOUR=64 echo Detected 64 Bit $SYSS OS fi fi PREFIX="" NOSTRIP="" ORACLE_PATH="" ORACLE_IPATH="" WORACLE_PATH="" WORACLE_LIB_PATH="" SSL_PATH="" SSL_IPATH="" CURSES_PATH="" CURSES_IPATH="" CRYPTO_PATH="" IDN_PATH="" IDN_IPATH="" PR29_IPATH="" PCRE_PATH="" PCRE_IPATH="" POSTGRES_PATH="" FIREBIRD_PATH="" FIREBIRD_IPATH="" MYSQL_PATH="" MYSQL_IPATH="" AFP_PATH="" AFP_IPATH="" NCP_PATH="" NCP_IPATH="" SVN_PATH="" SVN_IPATH="" APR_IPATH="" SAPR3_PATH="" SAPR3_IPATH="" SSH_PATH="" SSH_IPATH="" NSL_PATH="" SOCKET_PATH="" MANDIR="" XHYDRA_SUPPORT="" LIBDIRS=`cat /etc/ld.so.conf /etc/ld.so.conf.d/* 2> /dev/null | grep -v '^#' | sort | uniq` if [ "$SIXFOUR" = "64" ]; then LIBDIRS="$LIBDIRS /lib64 /usr/lib64 /usr/local/lib64 /opt/local/lib64" fi LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib" INCDIRS="/usr/include /usr/local/include /opt/include /opt/local/include" STRIP="strip" echo echo "Checking for openssl (libssl, libcrypto, ssl.h, sha.h) ..." for i in $LIBDIRS \ /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl \ /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib do if [ "X" = "X$SSL_PATH" ]; then if [ -f "$i/libssl.so" -o -f "$i/libssl.dylib" -o -f "$i/libssl.a" ]; then SSL_PATH="$i" fi fi if [ "X" = "X$SSL_PATH" ]; then TMP_LIB=`/bin/ls $i/libssl.so* /bin/cygssl*.dll 2> /dev/null | grep ssl` if [ -n "$TMP_LIB" ]; then SSL_PATH="$i" fi fi if [ "X" = "X$CRYPTO_PATH" ]; then if [ -f "$i/libcrypto.so" -o -f "$i/libcrypto.dylib" -o -f "$i/libcrypto.a" ]; then CRYPTO_PATH="$i" fi fi if [ "X" = "X$CRYPTO_PATH" ]; then TMP_LIB=`/bin/ls $i/libcrypto.so* /bin/cygcrypto*.dll 2> /dev/null | grep crypto` if [ -n "$TMP_LIB" ]; then CRYPTO_PATH="$i" fi fi done SSLNEW="" for i in $INCDIRS /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include do if [ "X" = "X$SSL_IPATH" ]; then if [ -f "$i/openssl/ssl.h" ]; then SSL_IPATH="$i" SSLNEW=`grep SHA256_CTX $i/openssl/sha.h 2> /dev/null` fi fi done if [ "X" = "X$SSL_PATH" ]; then SSL_IPATH="" CRYPTO_PATH="" fi if [ "X" = "X$SSL_IPATH" ]; then SSL_PATH="" CRYPTO_PATH="" fi if [ -n "$SSL_PATH" -a "X" = "X$SSLNEW" ]; then echo " ... found but OLD" echo "NOTE: your OpenSSL package is outdated, update it!" fi if [ -n "$SSL_PATH" -a '!' "X" = "X$SSLNEW" ]; then echo " ... found" fi if [ "X" = "X$SSL_PATH" ]; then echo " ... NOT found, SSL support disabled" echo "Get it from http://www.openssl.org" fi if [ "$SSL_IPATH" = "/usr/include" ]; then SSL_IPATH="" fi echo "Checking for idn (libidn.so) ..." for i in $LIBDIRS ; do if [ "X" = "X$IDN_PATH" ]; then if [ -f "$i/libidn.so" -o -f "$i/libidn.dylib" -o -f "$i/libidn.a" -o -f "$i/libidn.dll.a" -o -f "$i/libidn.la" ]; then IDN_PATH="$i" fi fi if [ "X" = "X$IDN_PATH" ]; then TMP_LIB=`/bin/ls $i/libidn.so* /bin/libidn*.dll 2> /dev/null | grep ssl` if [ -n "$TMP_LIB" ]; then IDN_PATH="$i" fi fi done for i in $INCDIRS ; do if [ "X" != "X$IDN_PATH" ]; then if [ -f "$i/stringprep.h" ]; then IDN_IPATH="$i" fi fi if [ "X" != "X$IDN_PATH" ]; then if [ -f "$i/pr29.h" ]; then PR29_IPATH="$i" fi fi done if [ -n "$IDN_PATH" -a -n "$IDN_IPATH" ]; then echo " ... found" fi #pr29 is optional if [ "X" = "X$IDN_PATH" -o "X" = "X$IDN_IPATH" ]; then echo " ... NOT found, unicode logins and passwords will not be supported" IDN_PATH="" IDN_IPATH="" PR29_IPATH="" fi echo "Checking for curses (libcurses.so / term.h) ..." for i in $LIBDIRS; do if [ "X" = "X$CURSES_PATH" ]; then if [ -f "$i/libcurses.so" -o -f "$i/libcurses.dylib" -o -f "$i/libcurses.a" ]; then CURSES_PATH="$i" fi fi if [ "X" = "X$CURSES_PATH" ]; then TMP_LIB=`/bin/ls $i/libcurses.so.* 2> /dev/null | grep curses.` if [ -n "$TMP_LIB" ]; then CURSES_PATH="$i" fi fi if [ "X" = "X$CURSES_PATH" ]; then TMP_LIB=`/bin/ls $i/libcurses.dll* 2> /dev/null | grep curses.` if [ -n "$TMP_LIB" ]; then CURSES_PATH="$i" fi fi done for i in $INCDIRS ; do if [ "X" != "X$CURSES_PATH" ]; then if [ -f "$i/term.h" ]; then CURSES_IPATH="$i" fi if [ -f "$i/ncurses/term.h" ]; then CURSES_IPATH="$i/ncurses" fi fi done if [ -n "$CURSES_PATH" -a -n "$CURSES_IPATH" ]; then echo " ... found, color output enabled" fi if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then echo " ... NOT found, color output disabled" CURSES_PATH="" CURSES_IPATH="" fi echo "Checking for pcre (libpcre.so, pcre.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$PCRE_PATH" ]; then if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then PCRE_PATH="$i" fi fi if [ "X" = "X$PCRE_PATH" ]; then TMP_LIB=`/bin/ls $i/libpcre.so* 2> /dev/null | grep libpcre.` if [ -n "$TMP_LIB" ]; then PCRE_PATH="$i" fi fi if [ "X" = "X$PCRE_PATH" ]; then TMP_LIB=`/bin/ls $i/libpcre.dll* 2> /dev/null | grep libpcre.` if [ -n "$TMP_LIB" ]; then PCRE_PATH="$i" fi fi done for i in $INCDIRS ; do if [ "X" != "X$PCRE_PATH" ]; then if [ -f "$i/pcre.h" ]; then PCRE_IPATH="$i" fi fi done if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then echo " ... found" fi if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then echo " ... NOT found, server response checks will be less reliable" PCRE_PATH="" PCRE_IPATH="" fi echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." #if [ "$SYSO" = "Cygwin" ]; then # echo " ... DISABLED - postgres is buggy in Cygwin at the moment" # POSTGRES_PATH="" # POSTGRES_IPATH="" #else for i in $LIBDIRS ; do if [ "X" = "X$POSTGRES_PATH" ]; then if [ -f "$i/libpq.so" -o -f "$i/libpq.dylib" -o -f "$i/libpq.a" ]; then POSTGRES_PATH="$i" fi fi if [ "X" = "X$POSTGRES_PATH" ]; then TMP_LIB=`/bin/ls $i/libpq.so* 2> /dev/null | grep pq` if [ -n "$TMP_LIB" ]; then POSTGRES_PATH="$i" fi fi if [ "X" = "X$POSTGRES_PATH" ]; then TMP_LIB=`/bin/ls $i/libpq.dll* 2> /dev/null | grep pq` if [ -n "$TMP_LIB" ]; then POSTGRES_PATH="$i" fi fi done POSTGRES_IPATH= for i in $INCDIRS \ /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include do if [ "X" = "X$POSTGRES_IPATH" ]; then if [ -f "$i/libpq-fe.h" ]; then POSTGRES_IPATH="$i" fi if [ -f "$i/pgsql/libpq-fe.h" ]; then POSTGRES_IPATH="$i/pgsql" fi if [ -f "$i/postgresql/libpq-fe.h" ]; then POSTGRES_IPATH="$i/postgresql" fi fi done if [ -n "$POSTGRES_PATH" -a -n "$POSTGRES_IPATH" ]; then echo " ... found" fi if [ "X" = "X$POSTGRES_PATH" -o "X" = "X$POSTGRES_IPATH" ]; then echo " ... NOT found, module postgres disabled" POSTGRES_PATH="" POSTGRES_IPATH="" fi #fi echo "Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ..." for i in $LIBDIRS ; do if [ "X" = "X$SVN_PATH" ]; then if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-1.so" ]&&[ -f "$i/libaprutil-1.so" ]; then SVN_PATH="$i" APR_PATH="$i" fi fi if [ "X" = "X$SVN_PATH" ]; then if [ -f "$i/libsvn_client-1.dll.a" ]&&[ -f "$i/libapr-1.dll.a" ]&&[ -f "$i/libaprutil-1.dll.a" ]; then SVN_PATH="$i" APR_PATH="$i" fi fi if [ "X" = "X$SVN_PATH" ]; then if [ -f "$i/libsvn_client-1.dylib" ]&&[ -f "$i/libapr-1.dylib" ]&&[ -f "$i/libaprutil-1.dylib" ]; then SVN_PATH="$i" APR_PATH="$i" fi fi if [ "X" = "X$SVN_PATH" ]; then if [ -f "$i/libsvn_client-1.a" ]&&[ -f "$i/libapr-1.a" ]&&[ -f "$i/libaprutil-1.a" ]; then SVN_PATH="$i" APR_PATH="$i" fi fi if [ "X" = "X$SVN_PATH" ]; then TMP_LIB1=`/bin/ls $i/libsvn_client*.so* 2> /dev/null | grep libsvn_client.` TMP_LIB2=`/bin/ls $i/libapr-1*.so* 2> /dev/null | grep libsvn_client.` TMP_LIB3=`/bin/ls $i/libaprutil-1*.so* 2> /dev/null | grep libsvn_client.` if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then SVN_PATH="$i" APR_PATH="$i" fi fi if [ "X" = "X$SVN_PATH" ]; then TMP_LIB1=`/bin/ls $i/libsvn_client*.dll* 2> /dev/null | grep libsvn_client.` TMP_LIB2=`/bin/ls $i/libapr-1*.dll* 2> /dev/null | grep libsvn_client.` TMP_LIB3=`/bin/ls $i/libaprutil-1*.dll* 2> /dev/null | grep libsvn_client.` if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then SVN_PATH="$i" APR_PATH="$i" fi fi done for i in $INCDIRS ; do if [ "X" = "X$SVN_IPATH" ]; then if [ -d "$i/subversion-1" ]; then SVN_IPATH="$i/subversion-1" fi if [ -d "$i/svn" ]; then SVN_IPATH="$i/svn" fi fi if [ "X" = "X$APR_IPATH" ]; then if [ -d "$i/apr-1.0" ]; then APR_IPATH="$i/apr-1.0" fi if [ -d "$i/apr-1" ]; then APR_IPATH="$i/apr-1" fi if [ -d "$i/apr" ]; then APR_IPATH="$i/apr" fi fi done if [ "X" = "X$SVN_PATH" -o "X" = "X$SVN_IPATH" -o "X" = "X$APR_IPATH" ]; then SVN_PATH="" SVN_IPATH="" APR_IPATH="" fi if [ "$SVN_IPATH" = "/usr/include" ]; then SVN_IPATH="" fi if [ "$APR_IPATH" = "/usr/include" ]; then APR_IPATH="" fi if [ -n "$SVN_PATH" -a -n "$APR_PATH" ]; then echo " ... found" fi if [ "X" = "X$SVN_PATH" -o "X" = "X$APR_PATH" ]; then echo " ... NOT found, module svn disabled" fi echo "Checking for firebird (libfbclient.so) ..." for i in $LIBDIRS ; do if [ "X" = "X$FIREBIRD_PATH" ]; then if [ -f "$i/libfbclient.so" -o -f "$i/libfbclient.dylib" -o -f "$i/libfbclient.a" ]; then FIREBIRD_PATH="$i" fi fi if [ "X" = "X$FIREBIRD_PATH" ]; then TMP_LIB=`/bin/ls $i/libfbclient.so.* 2> /dev/null | grep libfbclient.` if [ -n "$TMP_LIB" ]; then FIREBIRD_PATH="$i" fi fi if [ "X" = "X$FIREBIRD_PATH" ]; then TMP_LIB=`/bin/ls $i/libfbclient.dll* 2> /dev/null | grep libfbclient.` if [ -n "$TMP_LIB" ]; then FIREBIRD_PATH="$i" fi fi done for i in $INCDIRS ; do if [ "X" != "X$FIREBIRD_PATH" ]; then if [ -f "$i/ibase.h" ]; then FIREBIRD_IPATH="$i" fi fi done if [ -n "$FIREBIRD_PATH" -a -n "$FIREBIRD_IPATH" ]; then echo " ... found" fi if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then echo " ... NOT found, module firebird disabled" FIREBIRD_PATH="" FIREBIRD_IPATH="" fi echo "Checking for MYSQL client (libmysqlclient.so, math.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$MYSQL_PATH" ]; then if [ -f "$i/libmysqlclient.so" -o -f "$i/libmysqlclient.dylib" -o -f "$i/libmysqlclient.a" ]; then MYSQL_PATH="$i" fi fi if [ "X" = "X$MYSQL_PATH" ]; then TMP_LIB=`/bin/ls $i/libmysqlclient.so.* 2> /dev/null | grep libmysqlclient.` if [ -n "$TMP_LIB" ]; then MYSQL_PATH="$i" fi fi if [ "X" = "X$MYSQL_PATH" ]; then TMP_LIB=`/bin/ls $i/libmysqlclient.dll* 2> /dev/null | grep libmysqlclient.` if [ -n "$TMP_LIB" ]; then MYSQL_PATH="$i" fi fi done MYSQLINSUBDIR="" for i in $INCDIRS ; do if [ "X" != "X$MYSQL_PATH" ]; then if [ -f "$i/mysql/mysql.h" ]; then MYSQL_IPATH="$i/mysql" MYSQLINSUBDIR="mysql/" fi if [ -f "$i/mysql.h" ]; then MYSQL_IPATH="$i" fi fi done MATH="" if [ -f "/usr/include/math.h" ]; then MATH="-DHAVE_MATH_H" if [ -n "$MYSQL_PATH" -a -n "$MYSQL_IPATH" -a -n "$MATH" ]; then echo " ... found" else echo " ... NOT found, module Mysql will not support version > 4.x" MYSQL_PATH="" MYSQL_IPATH="" fi else echo " ... math.h not found, module Mysql disabled" fi echo "Checking for AFP (libafpclient.so) ..." for i in $LIBDIRS ; do if [ "X" = "X$AFP_PATH" ]; then if [ -f "$i/libafpclient.so" -o -f "$i/libafpclient.so" -o -f "$i/libafpclient.a" ]; then AFP_PATH="$i" fi fi if [ "X" = "X$AFP_PATH" ]; then TMP_LIB=`/bin/ls $i/libafpclient.so.* 2> /dev/null | grep libafpclient.` if [ -n "$TMP_LIB" ]; then AFP_PATH="$i" fi fi if [ "X" = "X$AFP_PATH" ]; then TMP_LIB=`/bin/ls $i/libafpclient.dll* 2> /dev/null | grep libafpclient.` if [ -n "$TMP_LIB" ]; then AFP_PATH="$i" fi fi done for i in $INCDIRS ; do if [ "X" != "X$AFP_PATH" ]; then if [ -f "$i/afpfs-ng/afp.h" ]; then AFP_IPATH="$i/afpfs-ng" fi fi done if [ -n "$AFP_PATH" -a -n "$AFP_IPATH" ]; then echo " ... found" fi if [ "X" = "X$AFP_PATH" -o "X" = "X$AFP_IPATH" ]; then echo " ... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway" AFP_PATH="" AFP_IPATH="" fi echo "Checking for NCP (libncp.so / nwcalls.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$NCP_PATH" ]; then if [ -f "$i/libncp.so" -o -f "$i/libncp.dylib" -o -f "$i/libncp.a" ]; then NCP_PATH="$i" fi fi if [ "X" = "X$NCP_PATH" ]; then TMP_LIB=`/bin/ls $i/libncp.so.* 2> /dev/null | grep ncp.` if [ -n "$TMP_LIB" ]; then NCP_PATH="$i" fi fi if [ "X" = "X$NCP_PATH" ]; then TMP_LIB=`/bin/ls $i/libncp.dll* 2> /dev/null | grep ncp.` if [ -n "$TMP_LIB" ]; then NCP_PATH="$i" fi fi done for i in $INCDIRS ; do if [ "X" != "X$NCP_PATH" ]; then if [ -f "$i/ncp/nwcalls.h" ]; then NCP_IPATH="$i" fi fi done if [ -n "$NCP_PATH" -a -n "$NCP_IPATH" ]; then echo " ... found" fi if [ "X" = "X$NCP_PATH" -o "X" = "X$NCP_IPATH" ]; then echo " ... NOT found, module NCP disabled" NCP_PATH="" NCP_IPATH="" fi echo "Checking for SAP/R3 (librfc/saprfc.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$SAPR3_PATH" ]; then if [ -f "$i/librfc.a" -o -f "$i/librfc.dylib" -o "$i/librfc32.dll" ]; then SAPR3_PATH="$i" fi fi if [ "X" = "X$SAPR3_PATH" ]; then TMP_LIB=`/bin/ls $i/librfc.* $i/librfc32.* 2> /dev/null | grep librfc` if [ -n "$TMP_LIB" ]; then SAPR3_PATH="$i" fi fi done for i in $INCDIRS ; do if [ "X" = "X$SAPR3_IPATH" ]; then if [ -f "$i/saprfc.h" ]; then SAPR3_IPATH="$i" fi fi done if [ "X" = "X$SAPR3_PATH" ]; then SAPR3_IPATH="" fi if [ "X" = "X$SAPR3_IPATH" ]; then SAPR3_PATH="" fi if [ -n "$SAPR3_PATH" ]; then echo " ... found" fi if [ "X" = "X$SAPR3_PATH" ]; then echo " ... NOT found, module sapr3 disabled" echo "Get it from http://www.sap.com/solutions/netweaver/linux/eval/index.asp" fi if [ "$SAPR3_IPATH" = "/usr/include" ]; then SAPR3_IPATH="" fi echo "Checking for libssh (libssh/libssh.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$SSH_PATH" ]; then if [ -f "$i/libssh.so" -o -f "$i/libssh.dylib" -o -f "$i/libssh.a" ]; then SSH_PATH="$i" fi fi if [ "X" = "X$SSH_PATH" ]; then TMP_LIB=`/bin/ls $i/libssh.so* 2> /dev/null | grep libssh.` if [ -n "$TMP_LIB" ]; then SSH_PATH="$i" fi fi if [ "X" = "X$SSH_PATH" ]; then TMP_LIB=`/bin/ls $i/libssh.dll* 2> /dev/null | grep libssh.` if [ -n "$TMP_LIB" ]; then SSH_PATH="$i" fi fi done for i in $INCDIRS ; do if [ "X" = "X$SSH_IPATH" ]; then if [ -f "$i/libssh/libssh.h" ]; then SSH_IPATH="$i" fi fi done if [ "X" = "X$SSH_PATH" ]; then SSH_IPATH="" fi if [ "X" = "X$SSH_IPATH" ]; then SSH_PATH="" fi if [ -n "$SSH_PATH" ]; then echo " ... found" fi if [ "X" = "X$SSH_PATH" ]; then echo " ... NOT found, module ssh disabled" echo 'Get it from http://www.libssh.org' fi if [ "$SSH_IPATH" = "/usr/include" ]; then SSH_IPATH="" fi if [ '!' "X" = "X$*" ]; then while [ $# -gt 0 ] ; do if [ "X" = "X$PREFIX" ]; then PREFIX_TMP=`echo "$1"|sed 's/.*--prefix=//'` if [ "$PREFIX_TMP" != "$1" ]; then PREFIX=$PREFIX_TMP fi fi if [ "X" = "X$NOSTRIP" ]; then NOSTRIP_TMP=`echo "$1"|sed 's/.*--nostrip//'` if [ -z "$NOSTRIP_TMP" ]; then NOSTRIP="yes" fi fi if [ "X" = "X$XHYDRA_SUPPORT" ]; then XHYDRA_SUPPORT_TMP=`echo "$1"|sed 's/.*--disable-xhydra//'` if [ -z "$XHYDRA_SUPPORT_TMP" ]; then XHYDRA_SUPPORT="disable" fi fi if [ "X" = "X$WORACLE_PATH" ]; then WORACLE_PATH_TMP=`echo "$1"|sed 's/.*--with-oracle=//'` if [ "$WORACLE_PATH_TMP" != "$1" ]; then WORACLE_PATH="$WORACLE_PATH_TMP" fi fi if [ "X" = "X$WORACLE_LIB_PATH" ]; then WORACLE_LIB_PATH_TMP=`echo "$1"|sed 's/.*--with-oracle-lib=//'` if [ "$WORACLE_LIB_PATH_TMP" != "$1" ]; then WORACLE_LIB_PATH="$WORACLE_LIB_PATH_TMP" fi fi shift done fi echo "Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so) ..." #assume if we find oci.h other headers should also be in that dir #for libs we will test the 2 if [ "X" != "X$WORACLE_PATH" ]; then INCDIRS="$INCDIRS $WORACLE_PATH" fi if [ "X" != "X$WORACLE_LIB_PATH" ]; then LIBDIRS="$LIBDIRS $WORACLE_LIB_PATH" fi for i in $LIBDIRS ; do if [ "X" = "X$ORACLE_PATH" ]; then if [ -f "$i/libocci.so" ]&&[ -f "$i/libclntsh.so" ]; then ORACLE_PATH="$i" fi fi if [ "X" = "X$ORACLE_PATH" ]; then if [ -f "$i/libocci.dylib" ]&&[ -f "$i/libclntsh.dylib" ]; then ORACLE_PATH="$i" fi fi if [ "X" = "X$ORACLE_PATH" ]; then if [ -f "$i/libocci.a" ]&&[ -f "$i/libclntsh.a" ]; then ORACLE_PATH="$i" fi fi if [ "X" = "X$ORACLE_PATH" ]; then TMP_LIB=`/bin/ls $i/libocci.so.* 2> /dev/null | grep occi.` if [ -n "$TMP_LIB" ]; then ORACLE_PATH="$i" fi if [ "X" != "X$ORACLE_PATH" ]; then TMP_LIB=`/bin/ls $i/libclntsh.so.* 2> /dev/null | grep clntsh.` if [ -z "$TMP_LIB" ]; then ORACLE_PATH="" fi fi fi if [ "X" = "X$ORACLE_PATH" ]; then TMP_LIB=`/bin/ls $i/libocci.dll* 2> /dev/null | grep occi.` if [ -n "$TMP_LIB" ]; then ORACLE_PATH="$i" fi if [ "X" != "X$ORACLE_PATH" ]; then TMP_LIB=`/bin/ls $i/libclntsh.dll* 2> /dev/null | grep clntsh.` if [ -z "$TMP_LIB" ]; then ORACLE_PATH="" fi fi fi done #check for Kernel Asynchronous I/O (AIO) lib support if [ "X" != "X$ORACLE_PATH" ]; then LIBAIO="" for i in $LIBDIRS ; do if [ "X" = "X$LIBAIO" ]; then if [ -f "$i/libaio.so" -o -f "$i/libaio.dylib" -o -f "$i/libaio.a" ]; then LIBAIO="$i" fi fi if [ "X" = "X$LIBAIO" ]; then TMP_LIB=`/bin/ls $i/libaio.so.* 2> /dev/null | grep aio.` if [ -n "$TMP_LIB" ]; then LIBAIO="$i" fi TMP_LIB=`/bin/ls $i/libaio.dll* 2> /dev/null | grep aio.` if [ -n "$TMP_LIB" ]; then LIBAIO="$i" fi fi done if [ "X" = "X$LIBAIO" ]; then ORACLE_PATH="" fi fi for i in $INCDIRS ; do if [ "X" != "X$ORACLE_PATH" ]; then if [ -f "$i/oci.h" ]; then ORACLE_IPATH="$i" fi fi done if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then echo " ... found" fi if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then echo " ... NOT found, module Oracle disabled" echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html" ORACLE_PATH="" ORACLE_IPATH="" fi if [ "X" = "X$XHYDRA_SUPPORT" ]; then echo "Checking for GUI req's (pkg-config, gtk+-2.0) ..." XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` if [ "X" = "X$XHYDRA_SUPPORT" ]; then XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` else XHYDRA_SUPPORT="" fi if [ "X" = "X$XHYDRA_SUPPORT" ]; then echo " ... NOT found, optional anyway" else echo " ... found" fi fi if [ "$SYSS" = "SunOS" ]; then echo "Checking for Solaris libraries ..." for i in $LIBDIRS ; do if [ "X" = "X$NSL_PATH" ]; then if [ -f "$i/libnsl.so" ]; then NSL_PATH="$i" fi fi if [ "X" = "X$SOCKET_PATH" ]; then if [ -f "$i/libsocket.so" ]; then SOCKET_PATH="$i" fi fi if [ "X" = "X$RESOLV_PATH" ]; then if [ -f "$i/libresolv.so" ]; then RESOLV_PATH="$i" fi fi done if [ "X" = "X$NSL_PATH" ]; then echo "NSL library not found, which is needed on Solaris." fi if [ "X" = "X$SOCKET_PATH" ]; then echo "Socket library not found, which is needed on Solaris." fi if [ "X" = "X$RESOLV_PATH" ]; then echo "Resolv library not found, which is needed on Solaris." fi if [ -n "$RESOLV_PATH" -a -n "$SOCKET_PATH" -a -n "$RESOLV_PATH" ]; then echo " ... all found" fi echo fi echo "Checking for Android specialities ..." TMPC=comptest$$ RINDEX=" not" echo '#include ' > $TMPC.c echo '#include ' >> $TMPC.c echo "int main() { char *x = rindex(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c gcc -o $TMPC $TMPC.c > /dev/null 2>&1 test -x $TMPC && RINDEX="" rm -f $TMPC $TMPC.c echo " ... rindex()$RINDEX found" if [ -n "$CRYPTO_PATH" ]; then RSA=" not" echo '#include ' > $TMPC.c echo '#include ' >> $TMPC.c echo "int main() { RSA *rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c #echo "int main() { RSA *rsa; RSA_generate_key_ex(rsa, 1024, 0, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c gcc -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1 test -x $TMPC && RSA="" rm -f $TMPC $TMPC.c echo " ... RSA_generate_key()$RSA found" fi echo "Checking for secure compile option support in gcc ..." GCCSEC="no" LDSEC="no" GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2" echo '#include ' > $TMPC.c echo 'int main() { printf(""); return 0; }' >> $TMPC.c gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err test -x $TMPC && GCCSEC="yes" grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT" rm -f "$TMPC" gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; } rm -f $TMPC $TMPC.c $TMPC.c.err echo " Compiling... $GCCSEC" echo " Linking... $LDSEC" echo XDEFINES="" XLIBS="" XLIBPATHS="" XIPATHS="" if [ -n "$FIREBIRD_PATH" -o -n "$PCRE_PATH" -o -n "$IDN_PATH" -o -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$NCP_PATH" -o -n "$CURSES_PATH" -o -n "$ORACLE_PATH" -o -n "$AFP_PATH" -o -n "$MYSQL_PATH" ]; then XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" fi if [ -n "$SSL_PATH" ]; then if [ -n "$SSLNEW" ]; then XDEFINES="$XDEFINES -DLIBOPENSSL" fi fi if [ -n "$CURSES_PATH" ]; then XDEFINES="$XDEFINES -DLIBNCURSES" fi if [ -n "$SAPR3_PATH" ]; then XDEFINES="$XDEFINES -DLIBSAPR3" fi if [ -n "$FIREBIRD_PATH" ]; then XDEFINES="$XDEFINES -DLIBFIREBIRD" fi if [ -n "$IDN_PATH" ]; then XDEFINES="$XDEFINES -DLIBIDN -DHAVE_PR29_H" fi if [ -n "$PCRE_PATH" ]; then XDEFINES="$XDEFINES -DHAVE_PCRE" fi if [ -n "$MYSQL_PATH" ]; then XDEFINES="$XDEFINES -DLIBMYSQLCLIENT" fi if [ -n "$AFP_PATH" ]; then XDEFINES="$XDEFINES -DLIBAFP" fi if [ -n "$NCP_PATH" ]; then XDEFINES="$XDEFINES -DLIBNCP" fi if [ -n "$ORACLE_PATH" ]; then XDEFINES="$XDEFINES -DLIBORACLE" fi if [ -n "$POSTGRES_PATH" ]; then XDEFINES="$XDEFINES -DLIBPOSTGRES" fi if [ -n "$SVN_PATH" ]; then XDEFINES="$XDEFINES -DLIBSVN" fi if [ -n "$SSH_PATH" ]; then XDEFINES="$XDEFINES -DLIBSSH" fi if [ -n "$RINDEX" ]; then XDEFINES="$XDEFINES -DNO_RINDEX" fi if [ -n "$RSA" ]; then XDEFINES="$XDEFINES -DNO_RSA_LEGACY" fi OLDPATH="" for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $NCP_PATH $CURSES_PATH $ORACLE_PATH $AFP_PATH $MYSQL_PATH; do if [ "$OLDPATH" = "$i" ]; then OLDPATH="$i" else XLIBPATHS="$XLIBPATHS -L$i" OLDPATH="$i" fi done if [ -n "$SSL_IPATH" ]; then XIPATHS="-I$SSL_IPATH" fi if [ -n "$CURSES_PATH" ]; then XLIBS="$XLIBS -lcurses" fi if [ -n "$SAPR3_IPATH" ]; then XIPATHS="$XIPATHS -I$SAPR3_IPATH" fi if [ -n "$SSH_IPATH" ]; then XIPATHS="$XIPATHS -I$SSH_IPATH" fi if [ -n "$SVN_IPATH" ]; then XIPATHS="$XIPATHS -I$SVN_IPATH" fi if [ -n "$APR_IPATH" ]; then XIPATHS="$XIPATHS -I$APR_IPATH" fi if [ -n "$SVN_IPATH" ]; then XIPATHS="$XIPATHS -I$SVN_IPATH" fi if [ -n "$MYSQL_IPATH" ]; then XIPATHS="$XIPATHS -I$MYSQL_IPATH" if [ -n "$MYSQLINSUBDIR" ]; then XDEFINES="$XDEFINES -DHAVE_MYSQL_MYSQL_H" else XDEFINES="$XDEFINES -DHAVE_MYSQL_H" fi fi if [ -n "$AFP_IPATH" ]; then XIPATHS="$XIPATHS -I$AFP_IPATH" fi if [ -n "$ORACLE_IPATH" ]; then XIPATHS="$XIPATHS -I$ORACLE_IPATH" fi if [ -n "$SSL_PATH" ]; then XLIBS="$XLIBS -lssl" fi if [ -n "$NCP_PATH" ]; then XLIBS="$XLIBS -lncp" fi if [ -n "$ORACLE_PATH" ]; then XLIBS="$XLIBS -locci -lclntsh" fi if [ -n "$FIREBIRD_PATH" ]; then XLIBS="$XLIBS -lfbclient" fi if [ -n "$IDN_PATH" ]; then XLIBS="$XLIBS -lidn" fi if [ -n "$PCRE_PATH" ]; then XLIBS="$XLIBS -lpcre" fi if [ -n "$MYSQL_PATH" ]; then XLIBS="$XLIBS -lmysqlclient" fi if [ -n "$AFP_PATH" ]; then XLIBS="$XLIBS -lafpclient" fi if [ -n "$SAPR3_PATH" ]; then XLIBS="$XLIBS -lrfc" if [ "$SYSO" = "Cygwin" ]; then BLA=TMP else XLIBS="$XLIBS -ldl" fi fi if [ -n "$POSTGRES_PATH" ]; then XLIBS="$XLIBS -lpq" fi if [ -n "$SVN_PATH" ]; then XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1" fi if [ -n "$SSH_PATH" ]; then XLIBS="$XLIBS -lssh" fi if [ -n "$CRYPTO_PATH" ]; then XLIBS="$XLIBS -lcrypto" fi if [ -n "$NSL_PATH" ]; then XLIBS="$XLIBS -lnsl" fi if [ -n "$SOCKET_PATH" ]; then XLIBS="$XLIBS -lsocket" fi if [ -n "$RESOLV_PATH" ]; then XLIBS="$XLIBS -lresolv" fi if [ -d /usr/kerberos/include ]; then XIPATHS="$XIPATHS -I/usr/kerberos/include" fi if [ "X" = "X$PREFIX" ]; then PREFIX="/usr/local" fi if [ "X" = "X$XHYDRA_SUPPORT" ]; then XHYDRA_SUPPORT="" else XHYDRA_SUPPORT="xhydra" fi echo "Hydra will be installed into .../bin of: $PREFIX" echo " (change this by running ./configure --prefix=path)" echo echo "Writing Makefile.in ..." echo "XDEFINES=$XDEFINES $MATH" >> Makefile.in echo "XLIBS=$XLIBS" >> Makefile.in echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in echo "XIPATHS=$XIPATHS" >> Makefile.in echo "PREFIX=$PREFIX" >> Makefile.in #if [ $XHYDRA_SUPPORT != "disable" ]; then echo "XHYDRA_SUPPORT=$XHYDRA_SUPPORT" >> Makefile.in #fi echo "STRIP=$STRIP" >> Makefile.in echo >> Makefile.in cat Makefile.unix > Makefile cat Makefile.in >> Makefile # ignore errors if this uname call fails ### Current Cygwin is up to speed :-) WINDRES="" if [ "$SYSO" = "Cygwin" ]; then echo echo "Cygwin detected, if compilation fails just update your installation." echo WINDRES=`which windres` test -x "$WINDRES" && { echo "Windres found, will attach icons to hydra cygwin executables" echo HYDRA_LOGO=hydra-logo.o >> Makefile echo PWI_LOGO=pw-inspector-logo.o >> Makefile windres hydra-logo.rc hydra-logo.o windres pw-inspector-logo.rc pw-inspector-logo.o } test -x "$WINDRES" || { WINDRES="" echo Windres NOT found, you will not have pretty icon files in the hydra cygwin executables echo } echo fi if [ "x$WINDRES" = "x" ]; then echo HYDRA_LOGO= >> Makefile echo PWI_LOGO= >> Makefile fi if [ "$GCCSEC" = "yes" ]; then echo "SEC=$GCCSECOPT" >> Makefile else echo "SEC=" >> Makefile fi echo >> Makefile if [ "x$NOSTRIP" = "x" ]; then cat Makefile.am >> Makefile else cat Makefile.am | sed 's/^install:.*/install: all/' >> Makefile fi echo "now type \"make\"" hydra-8.1/crc32.c0000644000175000010010000001242312441064454012147 0ustar marcNone /*- * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or * code or tables extracted from it, as desired without restriction. * * First, the polynomial itself and its table of feedback terms. The * polynomial is * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 * * Note that we take it "backwards" and put the highest-order term in * the lowest-order bit. The X^32 term is "implied"; the LSB is the * X^31 term, etc. The X^0 term (usually shown as "+1") results in * the MSB being 1 * * Note that the usual hardware shift register implementation, which * is what we're using (we're merely optimizing it by doing eight-bit * chunks at a time) shifts bits into the lowest-order term. In our * implementation, that means shifting towards the right. Why do we * do it this way? Because the calculated CRC must be transmitted in * order from highest-order term to lowest-order term. UARTs transmit * characters in order from LSB to MSB. By storing the CRC this way * we hand it to the UART in the order low-byte to high-byte; the UART * sends each low-bit to hight-bit; and the result is transmission bit * by bit from highest- to lowest-order term without requiring any bit * shuffling on our part. Reception works similarly * * The feedback terms table consists of 256, 32-bit entries. Notes * * The table can be generated at runtime if desired; code to do so * is shown later. It might not be obvious, but the feedback * terms simply represent the results of eight shift/xor opera * tions for all combinations of data and CRC register values * * The values must be right-shifted by eight bits by the "updcrc * logic; the shift must be unsigned (bring in zeroes). On some * hardware you could probably optimize the shift in assembler by * using byte-swap instructions * polynomial $edb88320 * * * CRC32 code derived from work by Gary S. Brown. */ #include unsigned int crc32_tab[] = { 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d }; unsigned int crc32(const void *buf, unsigned int size) { const unsigned char *p; unsigned int crc; p = buf; crc = ~0U; while (size--) crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); return crc ^ ~0U; } hydra-8.1/crc32.h0000644000175000010010000000017112441064454012151 0ustar marcNone#ifndef CRC32_H #define CRC32_H #include unsigned int crc32(const void *buf, unsigned int size); #endif hydra-8.1/d3des.c0000644000175000010010000003723012441064454012240 0ustar marcNone /* 2001 van Hauser for Hydra: commented out KnR Kn3 and Df_Key to remove compiler warnings for unused definitions. */ /* * This is D3DES (V5.09) by Richard Outerbridge with the double and * triple-length support removed for use in VNC. Also the bytebit[] array * has been reversed so that the most significant bit in each byte of the * key is ignored, not the least significant. * * These changes are: * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* D3DES (V5.09) - * * A portable, public domain, version of the Data Encryption Standard. * * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, * for humouring me on. * * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. */ #include "d3des.h" static void scrunch(unsigned char *, unsigned long *); static void unscrun(unsigned long *, unsigned char *); static void desfunc(unsigned long *, unsigned long *); static void cookey(unsigned long *); static unsigned long KnL[32] = { 0L }; /* not needed ... static unsigned long KnR[32] = { 0L }; static unsigned long Kn3[32] = { 0L }; static unsigned char Df_Key[24] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; */ static unsigned short bytebit[8] = { 01, 02, 04, 010, 020, 040, 0100, 0200 }; static unsigned long bigbyte[24] = { 0x800000L, 0x400000L, 0x200000L, 0x100000L, 0x80000L, 0x40000L, 0x20000L, 0x10000L, 0x8000L, 0x4000L, 0x2000L, 0x1000L, 0x800L, 0x400L, 0x200L, 0x100L, 0x80L, 0x40L, 0x20L, 0x10L, 0x8L, 0x4L, 0x2L, 0x1L }; /* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ static unsigned char pc1[56] = { 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 }; static unsigned char totrot[16] = { 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 }; static unsigned char pc2[48] = { 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 }; void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ unsigned char *key; int edf; { register int i, j, l, m, n; unsigned char pc1m[56], pcr[56]; unsigned long kn[32]; for (j = 0; j < 56; j++) { l = pc1[j]; m = l & 07; pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0; } for (i = 0; i < 16; i++) { if (edf == DE1) m = (15 - i) << 1; else m = i << 1; n = m + 1; kn[m] = kn[n] = 0L; for (j = 0; j < 28; j++) { l = j + totrot[i]; if (l < 28) pcr[j] = pc1m[l]; else pcr[j] = pc1m[l - 28]; } for (j = 28; j < 56; j++) { l = j + totrot[i]; if (l < 56) pcr[j] = pc1m[l]; else pcr[j] = pc1m[l - 28]; } for (j = 0; j < 24; j++) { if (pcr[pc2[j]]) kn[m] |= bigbyte[j]; if (pcr[pc2[j + 24]]) kn[n] |= bigbyte[j]; } } cookey(kn); return; } static void cookey(raw1) register unsigned long *raw1; { register unsigned long *cook, *raw0; unsigned long dough[32]; register int i; cook = dough; for (i = 0; i < 16; i++, raw1++) { raw0 = raw1++; *cook = (*raw0 & 0x00fc0000L) << 6; *cook |= (*raw0 & 0x00000fc0L) << 10; *cook |= (*raw1 & 0x00fc0000L) >> 10; *cook++ |= (*raw1 & 0x00000fc0L) >> 6; *cook = (*raw0 & 0x0003f000L) << 12; *cook |= (*raw0 & 0x0000003fL) << 16; *cook |= (*raw1 & 0x0003f000L) >> 4; *cook++ |= (*raw1 & 0x0000003fL); } usekey(dough); return; } void cpkey(into) register unsigned long *into; { register unsigned long *from, *endp; from = KnL, endp = &KnL[32]; while (from < endp) *into++ = *from++; return; } void usekey(from) register unsigned long *from; { register unsigned long *to, *endp; to = KnL, endp = &KnL[32]; while (to < endp) *to++ = *from++; return; } void des(unsigned char *inblock, unsigned char *outblock) { unsigned long work[2]; scrunch(inblock, work); desfunc(work, KnL); unscrun(work, outblock); return; } static void scrunch(outof, into) register unsigned char *outof; register unsigned long *into; { *into = (*outof++ & 0xffL) << 24; *into |= (*outof++ & 0xffL) << 16; *into |= (*outof++ & 0xffL) << 8; *into++ |= (*outof++ & 0xffL); *into = (*outof++ & 0xffL) << 24; *into |= (*outof++ & 0xffL) << 16; *into |= (*outof++ & 0xffL) << 8; *into |= (*outof & 0xffL); return; } static void unscrun(outof, into) register unsigned long *outof; register unsigned char *into; { *into++ = (*outof >> 24) & 0xffL; *into++ = (*outof >> 16) & 0xffL; *into++ = (*outof >> 8) & 0xffL; *into++ = *outof++ & 0xffL; *into++ = (*outof >> 24) & 0xffL; *into++ = (*outof >> 16) & 0xffL; *into++ = (*outof >> 8) & 0xffL; *into = *outof & 0xffL; return; } static unsigned long SP1[64] = { 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L }; static unsigned long SP2[64] = { 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L }; static unsigned long SP3[64] = { 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L }; static unsigned long SP4[64] = { 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L }; static unsigned long SP5[64] = { 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L }; static unsigned long SP6[64] = { 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L }; static unsigned long SP7[64] = { 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L }; static unsigned long SP8[64] = { 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L }; static void desfunc(block, keys) register unsigned long *block, *keys; { register unsigned long fval, work, right, leftt; register int round; leftt = block[0]; right = block[1]; work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; right ^= work; leftt ^= (work << 4); work = ((leftt >> 16) ^ right) & 0x0000ffffL; right ^= work; leftt ^= (work << 16); work = ((right >> 2) ^ leftt) & 0x33333333L; leftt ^= work; right ^= (work << 2); work = ((right >> 8) ^ leftt) & 0x00ff00ffL; leftt ^= work; right ^= (work << 8); right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL; work = (leftt ^ right) & 0xaaaaaaaaL; leftt ^= work; right ^= work; leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL; for (round = 0; round < 8; round++) { work = (right << 28) | (right >> 4); work ^= *keys++; fval = SP7[work & 0x3fL]; fval |= SP5[(work >> 8) & 0x3fL]; fval |= SP3[(work >> 16) & 0x3fL]; fval |= SP1[(work >> 24) & 0x3fL]; work = right ^ *keys++; fval |= SP8[work & 0x3fL]; fval |= SP6[(work >> 8) & 0x3fL]; fval |= SP4[(work >> 16) & 0x3fL]; fval |= SP2[(work >> 24) & 0x3fL]; leftt ^= fval; work = (leftt << 28) | (leftt >> 4); work ^= *keys++; fval = SP7[work & 0x3fL]; fval |= SP5[(work >> 8) & 0x3fL]; fval |= SP3[(work >> 16) & 0x3fL]; fval |= SP1[(work >> 24) & 0x3fL]; work = leftt ^ *keys++; fval |= SP8[work & 0x3fL]; fval |= SP6[(work >> 8) & 0x3fL]; fval |= SP4[(work >> 16) & 0x3fL]; fval |= SP2[(work >> 24) & 0x3fL]; right ^= fval; } right = (right << 31) | (right >> 1); work = (leftt ^ right) & 0xaaaaaaaaL; leftt ^= work; right ^= work; leftt = (leftt << 31) | (leftt >> 1); work = ((leftt >> 8) ^ right) & 0x00ff00ffL; right ^= work; leftt ^= (work << 8); work = ((leftt >> 2) ^ right) & 0x33333333L; right ^= work; leftt ^= (work << 2); work = ((right >> 16) ^ leftt) & 0x0000ffffL; leftt ^= work; right ^= (work << 16); work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; leftt ^= work; right ^= (work << 4); *block++ = right; *block = leftt; return; } /* Validation sets: * * Single-length key, single-length plaintext - * Key : 0123 4567 89ab cdef * Plain : 0123 4567 89ab cde7 * Cipher : c957 4425 6a5e d31d * * Double-length key, single-length plaintext - * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 * Plain : 0123 4567 89ab cde7 * Cipher : 7f1d 0a77 826b 8aff * * Double-length key, double-length plaintext - * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff * Cipher : 27a0 8440 406a df60 278f 47cf 42d6 15d7 * * Triple-length key, single-length plaintext - * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 * Plain : 0123 4567 89ab cde7 * Cipher : de0b 7c06 ae5e 0ed5 * * Triple-length key, double-length plaintext - * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff * Cipher : ad0d 1b30 ac17 cf07 0ed1 1c63 81e4 4de5 * * d3des V5.0a rwo 9208.07 18:44 Graven Imagery **********************************************************************/ hydra-8.1/d3des.h0000644000175000010010000000316312441064454012243 0ustar marcNone /* * This is D3DES (V5.09) by Richard Outerbridge with the double and * triple-length support removed for use in VNC. * * These changes are: * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* d3des.h - * * Headers and defines for d3des.c * Graven Imagery, 1992. * * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge * (GEnie : OUTER; CIS : [71755,204]) */ #define EN0 0 /* MODE == encrypt */ #define DE1 1 /* MODE == decrypt */ extern void deskey(unsigned char *, int); /* hexkey[8] MODE * Sets the internal key register according to the hexadecimal * key contained in the 8 bytes of hexkey, according to the DES, * for encryption or decryption according to MODE. */ extern void usekey(unsigned long *); /* cookedkey[32] * Loads the internal key register with the data in cookedkey. */ extern void cpkey(unsigned long *); /* cookedkey[32] * Copies the contents of the internal key register into the storage * located at &cookedkey[0]. */ extern void des(unsigned char *, unsigned char *); /* from[8] to[8] * Encrypts/Decrypts (according to the key currently loaded in the * internal key register) one block of eight bytes at address 'from' * into the block at address 'to'. They can be the same. */ /* d3des.h V5.09 rwo 9208.04 15:06 Graven Imagery ********************************************************************/ hydra-8.1/dpl4hydra.sh0000755000175000010010000001406412441064454013324 0ustar marcNone#!/bin/sh # # Name: dpl4hydra # Version: 0.9.9 # Date: 2012-04-16 # Author: Roland Kessler / Twitter: @rokessler # Synopsis: Generates a (d)efault (p)assword (l)ist as input for THC hydra. # Credits: Thanks to van Hauser for support and fixing portability issues. # "The universe is an intelligence test." -Timothy Leary (R.I.P.) INSTALLDIR=/usr/local LOCATION=etc usage () { cat </dev/null 2>&1 && FETCH="wget -q -O -" which curl >/dev/null 2>&1 && FETCH="curl -s" if [ -n "$FETCH" ]; then echo "done." echo "Using `echo $FETCH | cut -d ' ' -f 1` for downloading data." echo else echo echo "ERROR: Cannot refresh the list without wget or curl. Aborting." >&2 echo exit 1 fi echo "Trying to download list of vendors from" echo "${SITE}... " | tr -d "\n" $FETCH $SITE > $INDEXSITE 2>/dev/null || { echo; echo; echo "ERROR: Downloading data to disk failed. Network down?" >&2; echo; rm $INDEXSITE; exit 1; } echo "done." echo cat $INDEXSITE | grep td | awk -F"\"" '{ print $8 }' | grep http > $SUBSITES rm $INDEXSITE if [ -r $FULLFILE ]; then echo "Moving existing password list to ${OLDFILE}." echo mv $FULLFILE $OLDFILE || { echo "ERROR: Moving file $FULLFILE failed. Please check." >&2; echo; exit 1; } fi for SUBSITE in `cat $SUBSITES`; do VENDOR=`echo $SUBSITE | awk -F"-" '{ print $3 }' | sed 's/.htm//'` echo "Downloading default passwords for ${VENDOR}... " | tr -d "\n" $FETCH $SUBSITE | grep -i tr | grep -i td | grep -i celltext | sed 's/<[^>]*>/,/g' | sed 's/,,*/,/g' | sed 's/^,//g' | tr -d "\r" >dpl4hydra_${VENDOR}.tmp || { echo "not found - skipping... " | tr -d "\n" ; } while read SYSTEM; do echo "${VENDOR}," | tr -d "\n" >> $FULLFILE echo "$SYSTEM" >> $FULLFILE done < dpl4hydra_${VENDOR}.tmp rm dpl4hydra_${VENDOR}.tmp echo "done." done rm $SUBSITES if [ ! -r $LOCALFILE ]; then echo echo "ERROR: Cannot access local file ${LOCALFILE}. Skipping." >&2 echo else echo echo "Merging download with ${LOCALFILE}... " | tr -d "\n" cat $LOCALFILE >> $FULLFILE || { echo; echo "ERROR: Merging of $FULLFILE and $LOCALFILE failed. Please check." >&2; echo; exit 1; } echo "done." fi echo "Cleaning up and sorting ${FULLFILE}... " | tr -d "\n" cat $FULLFILE | sed 's/(null)//g' | sed 's/(Null)//g' | sed 's/(NULL)//g' | sed 's/(blank)//g' | sed 's/(Blank)//g' | sed 's/(BLANK)//g' | sed 's/(none)//g' | sed 's/(None)//g' | sed 's/(NONE)//g' | sed 's/none//g' | sed 's/n\/a//g' | sed 's/<//g' | sed 's/ //g' | sort | uniq > $CLEANFILE mv $CLEANFILE $FULLFILE echo "done." echo echo "Refreshed (d)efault (p)assword (l)ist $FULLFILE" echo "was created with `wc -l $FULLFILE | awk '{ print $1 }'` entries." echo } generate () { HYDRAFILE=`echo "dpl4hydra_${BRAND}.lst" | tr '/ =:@\\|;<>"'"'" '_____________'` if [ ! -r $FULLFILE ]; then echo echo "ERROR: Cannot access input file ${FULLFILE}" >&2 echo " You can rebuild it with '`basename $0` refresh'." >&2 echo echo " Trying to use $LOCALFILE instead... " | tr -d "\n" if [ -r $LOCALFILE ]; then FULLFILE=$LOCALFILE echo "done." else echo echo "ERROR: Cannot access local file ${LOCALFILE}. Aborting." >&2 echo exit 1 fi fi cat $FULLFILE 2>/dev/null | grep -i "$PATTERN" | awk -F"," '{ print $5":"$6 }' | sed 's/^[ \t]*//' | sed 's/[ \t]*$//' | sort | uniq > $HYDRAFILE ENTRIES=`wc -l $HYDRAFILE | awk '{ print $1 }'` if [ "$ENTRIES" -eq 0 ]; then rm -f $HYDRAFILE echo echo "ERROR: No matching entries found for $BRAND systems." >&2 echo " File $HYDRAFILE was not created." >&2 echo exit 1 else if [ "$ENTRIES" -eq 1 ]; then echo echo "File $HYDRAFILE was created with one entry." echo else echo echo "File $HYDRAFILE was created with $ENTRIES entries." echo fi fi } LC_ALL=C export LC_ALL DPLPATH="." test -r "$DPLPATH/dpl4hydra_full.csv" || DPLPATH="$INSTALLDIR/$LOCATION" FULLFILE="$DPLPATH/dpl4hydra_full.csv" OLDFILE="$DPLPATH/dpl4hydra_full.old" LOCALFILE="$DPLPATH/dpl4hydra_local.csv" INDEXSITE="$DPLPATH/dpl4hydra_index.tmp" SUBSITES="$DPLPATH/dpl4hydra_subs.tmp" CLEANFILE="$DPLPATH/dpl4hydra_clean.tmp" SITE="http://open-sez.me/passwd.htm" case $# in 0) usage exit 0;; 1) OPT=`echo $1 | tr "[A-Z]" "[a-z]"`;; *) echo echo "ERROR: Too many options." >&2 usage exit 1;; esac case "$OPT" in "-h" | "help" | "-help" | "--help") usage;; "-r" | "refresh" | "-refresh" | "--refresh") refresh;; "-a" | "all" | "-all" | "--all") PATTERN="," BRAND="all" generate;; *) PATTERN="${OPT}" BRAND="$OPT" generate;; esac hydra-8.1/dpl4hydra_full.csv0000644000175000010010000136102712441064454014531 0ustar marcNone2wire,Wireless Routers (most models),,http,,Wireless,Admin,, 360systems,Image Server 2000,,,factory,factory,,, 3com,,,,adm,,,, 3com,,,,admin,synnet,,, 3com,,,,manager,manager,,, 3com,,,,monitor,monitor,,, 3com,,,,read,synnet,,, 3com,,,,root,letmein,,1.25, 3com,,,,security,security,,, 3com,,,,write,synnet,,, 3com,3C16405,,,admin,,,, 3com,3C16405,,Console,Administrator,,Admin,, 3com,3C16405,,Multi,,,Admin,, 3com,3C16405,,Multi,admin,,Admin,, 3com,3C16406,,,admin,,,, 3com,3C16406,,Multi,admin,,Admin,telnet or serial, 3com,3C16450,,,admin,,,, 3com,3C16450,,Multi,admin,,Admin,telnet or serial, 3com,3CRADSL72 ,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, 3com,3CRWE52196,,,,admin,,, 3com,3Com SuperStack 3 Switch 3300XM,,,security,security,,, 3com,3Com SuperStack 3 Switch 3300XM,,Admin,security,security,,, 3com,3c16405,,,,,,, 3com,3c16405,,,Administrator,,,, 3com,812,,HTTP,Administrator,admin,Admin,, 3com,AirConnect AP,,,,comcomcom,,, 3com,AirConnect Access Point,,01.50-01,,,,, 3com,AirConnect Access Point,,Admin,,,,, 3com,AirConnect Access Point,,SNMP,,comcomcom,,, 3com,AirConnect Access Point,01.50-01,Multi,,,Admin,, 3com,Boson router simulator,3.66,HTTP,admin,admin,User,, 3com,CB9000 / 4007,3,Console,Type User: FORCE,,Admin,This will recover a lost password and reset the switch config to Factory Default, 3com,Cable Managment System SQL Database (DOSCIC DHCP),,,DOCSIS_APP,3com,,Win2000 & MS, 3com,CellPlex,,,admin,synnet,,, 3com,CellPlex,,7000,,,,, 3com,CellPlex,,7000,admin,admin,,, 3com,CellPlex,,7000,root,,,, 3com,CellPlex,,7000,tech,tech,,, 3com,CellPlex,,Admin,admin,synnet,,, 3com,CellPlex,,Admin,tech,tech,,, 3com,CellPlex,,HTTP,admin,synnet,Admin,, 3com,CellPlex,,Multi,,,Admin,, 3com,CellPlex,,Multi,admin,admin,Admin,, 3com,CellPlex,7000,Multi,admin,admin,Admin,RS-232/telnet, 3com,CellPlex,7000,Telnet,admin,admin,Admin,, 3com,CellPlex,7000,Telnet,operator,,Admin,, 3com,CellPlex,7000,Telnet,root,,Admin,, 3com,CellPlex,7000,Telnet,tech,,Admin,, 3com,CellPlex,7000,Telnet,tech,tech,Admin,, 3com,CoreBuilder 6000,,,debug,tech,,, 3com,CoreBuilder,,,debug,synnet,,, 3com,CoreBuilder,,,tech,tech,,, 3com,CoreBuilder,,7000/6000/3500/2500,debug,synnet,,, 3com,CoreBuilder,,7000/6000/3500/2500,tech,tech,,, 3com,CoreBuilder,7000/6000/3500/2500,Telnet,,,Admin,, 3com,CoreBuilder,7000/6000/3500/2500,Telnet,,admin,Admin,, 3com,CoreBuilder,7000/6000/3500/2500,Telnet,debug,synnet,,, 3com,CoreBuilder,7000/6000/3500/2500,Telnet,tech,tech,,, 3com,HiPerACT,,v4.1.x,admin,,,, 3com,HiPerARC,,Admin,adm,,,, 3com,HiPerARC,,v4.1.x,adm,,,, 3com,HiPerARC,v4.1.x,Telnet,adm,,,, 3com,HiPerARC,v4.1.x,Telnet,adm,,Admin,, 3com,HiPerARC,v4.1.x,Telnet,admin,,Admin,, 3com,Home Connect,,,User,Password,,, 3com,Internet Firewall,3C16770,HTTP,admin,password,Admin,, 3com,LANplex,,,debug,synnet,,, 3com,LANplex,,,tech,tech,,, 3com,LANplex,,2500,debug,synnet,,, 3com,LANplex,,2500,tech,,,, 3com,LANplex,,Admin,tech,,,, 3com,LANplex,2500,Telnet,debug,synnet,,, 3com,LANplex,2500,Telnet,tech,,Admin,, 3com,LANplex,2500,Telnet,tech,tech,,, 3com,LANplex/Corebuilder line,multiple models,,debug,synnet,,, 3com,LinkBuilder,,,,,,, 3com,LinkBuilder,,Admin,,,,, 3com,LinkBuilder,,Telnet,,,Admin,, 3com,LinkSwitch and CellPlex,,,debug,synnet,,, 3com,LinkSwitch and CellPlex,,,tech,tech,,, 3com,LinkSwitch,,,tech,tech,,, 3com,LinkSwitch,,2000/2700,tech,tech,,, 3com,LinkSwitch,2000/2700,Telnet,tech,tech,,, 3com,LinkSwitch,2700,,debug,synnet,,, 3com,Linkbuilder 3500,,,administer,administer,,, 3com,NAC (Network Access Card),,,adm,,,, 3com,NBX100,,,administrator,0,,2.8, 3com,NetBuilder,,,,ANYCOM,,, 3com,NetBuilder,,,,admin,,, 3com,NetBuilder,,SNMP,,ANYCOM,snmp-read,, 3com,NetBuilder,,SNMP,,ILMI,snmp-read,, 3com,NetBuilder,,SNMP,,admin,User,SNMP_READ, 3com,NetBuilder,,User,,admin,,, 3com,NetBuilder,,snmp-read,,ANYCOM,,, 3com,NetBuilder,,snmp-read,,ILMI,,, 3com,Netbuilder,,,Root,,,, 3com,Netbuilder,,,admin,,,, 3com,Netbuilder,,HTTP,Root,,Admin,http://10.1.0.1, 3com,Netbuilder,,Multi,admin,,Admin,, 3com,Office Connect ISDN Routers,,5x0,,PASSWORD,,, 3com,Office Connect ISDN Routers,,Admin,,PASSWORD,,, 3com,OfficeConnect 812 ADSL,,,adminttd,adminttd,,, 3com,OfficeConnect 812 ADSL,,01.50-01,admin,,,, 3com,OfficeConnect 812 ADSL,,Admin,admint|,admint|,,, 3com,OfficeConnect 812 ADSL,,Multi,adminttd,adminttd,Admin,, 3com,OfficeConnect 812 ADSL,01.50-01,Multi,admin,,Admin,, 3com,OfficeConnect ADSL Wireless 11g Firewall Router,3CRWDR100-72,HTTP,,admin,Admin,http://192.168.1.1, 3com,OfficeConnect ISDN Routers,5x0,Telnet,,PASSWORD,Admin,, 3com,OfficeConnect Remote 812,,,root,!root,,, 3com,OfficeConnect Remote 840,,,root,!root,,, 3com,OfficeConnect Remote Router,,812 ADSL 840 SDSL,root,!root,,, 3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,,,admin,,, 3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,HTTP,,admin,Admin,, 3com,OfficeConnect,,Multi,,,Admin,, 3com,OfficeConnect,11g,Multi,admin,,User,, 3com,Router,3000/5000 Series,Boot Prompt,,,Admin,, 3com,SS III Switch,,4xxx (4900 - sure),recovery,recovery,,, 3com,Shark Fin,Comcast-supplied,HTTP,User,Password,Diagnostics page,192.160.100.1, 3com,SuperStack 2700,,,tech,tech,,, 3com,SuperStack 3,,4400-49XX,manager,manager,,, 3com,SuperStack 3,,4XXX,admin,,,, 3com,SuperStack 3,,4XXX,monitor,monitor,,, 3com,SuperStack II Dual Speed 500,,,security,security,,, 3com,SuperStack II Netbuilder,11.1,Multi,,,Admin,, 3com,SuperStack II Switch 1100,,,manager,manager,,, 3com,SuperStack II Switch 1100,,,security,security,,, 3com,SuperStack II Switch 3300,,,manager,manager,,, 3com,SuperStack II Switch,,,debug,synnet,,, 3com,SuperStack II Switch,,,manager,manager,,Any, 3com,SuperStack II Switch,,,monitor,monitor,,Any, 3com,SuperStack II Switch,,,tech,password,,Any, 3com,SuperStack II Switch,,1100/3300,admin,,,, 3com,SuperStack II Switch,,1100/3300,manager,manager,,, 3com,SuperStack II Switch,,1100/3300,monitor,monitor,,, 3com,SuperStack II Switch,,1100/3300,security,security,,, 3com,SuperStack II Switch,,2200,debug,synnet,,, 3com,SuperStack II Switch,,2700,tech,tech,,, 3com,SuperStack II Switch,,Admin,tech,tech,,, 3com,SuperStack II Switch,1100/3300,Console,3comcso,RIP000,initialize,resets all pws to defaults, 3com,SuperStack II Switch,2200,Telnet,debug,synnet,,, 3com,SuperStack II Switch,2700,Telnet,tech,tech,Admin,, 3com,SuperStack II,,Console,,,Admin,, 3com,SuperStack III Switch,3300XM,Multi,security,security,Admin,, 3com,SuperStack III Switch,4400-49XX,Multi,manager,manager,User can access/change operational setting but not security settings,, 3com,SuperStack III Switch,4XXX,Multi,admin,,Admin,, 3com,SuperStack III Switch,4XXX,Multi,monitor,monitor,User,, 3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_ , 3com,SuperStack III Switch,4xxx (4900 - sure),console,recover,recover,Admin,, 3com,Superstack 3 switch,,4900,recover,recover,,, 3com,Switch 3000/3300,,,Admin,3com,,, 3com,Switch 3000/3300,,,admin,admin,,, 3com,Switch 3000/3300,,,manager,manager,,, 3com,Switch 3000/3300,,,monitor,monitor,,, 3com,Switch 3000/3300,,,security,security,,, 3com,Switch,,3300XM,admin,admin,,, 3com,Switch,3300XM,Multi,admin,admin,Admin,, 3com,US Robotics ADSL Router,,8550,,12345,,, 3com,Wireless AP,,,,comcomcom,,, 3com,Wireless AP,,ANY,admin,comcomcom,,, 3com,Wireless AP,,Admin,admin,comcomcom,,, 3com,Wireless AP,ANY,Multi,admin,comcomcom,Admin,Works on all 3com wireless APs, 3com,boson router simulator,,User,admin,admin,,, 3com,cellplex,,,,,,, 3com,cellplex,,7000,operator,,,, 3com,cellplex,,Admin,admin,admin,,, 3com,corebuilder,,7000,operator,admin,,, 3com,e960,3CRWDR100-72,Admin,Admin,Admin,HTTP,http://192.168.1.1, 3com,hub,,,,,,, 3com,hub,,Admin,,,,, 3com,hub,,Multi,,,Admin,, 3com,router,,,,,,, 3com,router,,Admin,,,,, 3com,super stack 2 switch,,,manager,manager,,, 3com,super stack II,,,,,,, 3com,super stack II,,Admin,,,,, 3com,super,,,admin,,,, 3com,superstack II,,1100/3300,3comcso,RIP000,,, 3com,superstack II,,initialize,3comcso,RIP000,,, 3m,VOL-0215 etc.,,,volition,volition,,, 3m,VOL-0215 etc.,,Admin,volition,volition,,, 3m,VOL-0215 etc.,,SNMP,volition,volition,Admin,Volition fiber switches, 3ware,3DM,,HTTP,Administrator,3ware,Admin,, acc,Any router,,,netman,netman,,all, acc,Congo/Amazon/Tigris,,,netman,netman,,All versions, acc,Tigris Platform,All,Multi,public,,Guest,, accelerated networks,DSL CPE and DSLAM,,,sysadm,anicust,,, acceleratednetworks,DSL CPE and DSLAM,,Telnet,sysadm,anicust,,, accton t_online,accton,,,,0,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,admin,,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,manager,manager,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,monitor,monitor,,, accton,T-ONLINE,,aaaaaaa,,0,,, accton,Wireless Router,T-online,HTTP,,0,Admin,, accton,Wireless Router,T-online,HTTP,,0000,Admin,, accton,Wirelessrouter,,T-online,,0,,, aceex,Modem ADSL Router,,,admin,,,, aceex,Modem ADSL Router,,HTTP,admin,,Admin,, acer,517te,,,,,,, acer,BIOS,,,,,,, acer,BIOS,,Console,,,Admin,, acer,Phoenix,,,,,,, acer,acer,,,acer,acer,,, acorp,all routers,,http,Admin,Admin,,, actiontec,,,192.168.1.1,admin,password1,Admin,This the password commonly set by VZ Techs., actiontec,GE344000-01 Router,,,,,,, actiontec,GT701-GW,,Multi,admin,admin,,, actiontec,GT701-WG,,192.168.1.1,admin,password,,, actiontec,GT701-WG,,HTTP,admin,password,192.168.1.1,, actiontec,gt701,,http://192.168.0.1,admin,,,, actiontec,gt701-gw,,,admin,admin,,, adaptec,RAID Controller,,,Administrator,adaptec,,, adaptecraid,Storage Manager Pro,,,Administrator,adaptec,,All, adc kentrox,Pacesetter Router,,,,secret,,, adckentrox,Pacesetter Router,,Telnet,,secret,,, adcompletecom,Ban Man Pro,,,Admin1,Admin1,,, adic,24,,HTTP,admin,password,,, adic,Scalar 100/1000,,HTTP,admin,secure,Admin,, adic,Scalar i2000,,Multi,admin,password,Admin,, adp,ADP Payroll Database,,,sys,adpadmin,,, adp,ADP Payroll HR database,,Admin,sysadmin,master,,, adp,ADP Payroll HR database,,All,sysadmin,master,,, adp,ADP Payroll HR database,All,Multi,sysadmin,master,Admin,, adtech,AX4000,,,root,ax400,,, adtech,AX4000,,,root,ax400,Admin,, adtran,Agent Card,,,,ADTRAN,,, adtran,Agent Card,,Telnet,,ADTRAN,Admin,ctrl-PTT, adtran,Atlas 800/800Plus/810Plus/550,,,,Password,,, adtran,Atlas 800/800Plus/810Plus/550,,Telnet,,Password,Admin,crtl-L, adtran,Express 5110/5200/5210,,,,adtran,,, adtran,Express 5110/5200/5210,,Telnet,,adtran,Admin,hit enter a few times, adtran,MX2800,,,,adtran,,, adtran,MX2800,,Telnet,,adtran,Admin,hit enter a few times, adtran,NetVanta 7100,,,admin,password,,, adtran,NetVanta 7100,,Multi,admin,password,,, adtran,NxIQ,,,,adtran,,, adtran,NxIQ,,Telnet,,adtran,Admin,hit enter a few times, adtran,Smart 16/16e,,,,PASSWORD,,, adtran,Smart 16/16e,,Telnet,,,Admin,hit enter a few times, adtran,Smart 16/16e,,Telnet,,PASSWORD,Admin,hit enter a few times, adtran,T3SU 300,,,,adtran,,, adtran,T3SU 300,,Telnet,,adtran,Admin,Hit enter a few times, adtran,TSU IQ/DSU IQ,,,,,,, adtran,TSU IQ/DSU IQ,,Telnet,,,Admin,hit enter a few times, adtran,TSU Router Module/L128/L768/1.5,,,,,,, adtran,TSU Router Module/L128/L768/1.5,,Telnet,,,Admin,hit enter a few times, advanced integration,PC BIOS,,,,Advance,,, advanced integration,PC BIOS,,Admin,,Advance,,, advancedintegration,PC BIOS,,Console,,Advance,Admin,, advanteknetworks,Wireless LAN 802.11 g/b,,Multi,admin,,Admin,, aethra,Starbridge EU,,HTTP,admin,password,Admin,, airlink plus,RTW026,,V0.80.0010 (firmware),,admin,,, aironet,(All),,,,,,, aironet,all products,all vers,,,,,, airway,Transport,,,,0000,admin,, aladdin,eSafe Appliance,,,root,kn1TG7psLu,,, aladdin,eSafe Appliance,,Console/SSH,root,kn1TG7psLu,root,, alcatel thomson,SpeedTouch580,,,admin,admin,,, alcatel,4400,,Console,mtcl,,User,, alcatel,4400,,Superuser,superuser,superuser,,, alcatel,6224-24p,,console,admin,switch,,, alcatel,OS6850-24p,,console,admin,switch,,, alcatel,OXO,1.3,Multi,,admin,User,, alcatel,Office 4200,,,,1064,,, alcatel,Office 4200,,Admin,,1064,,, alcatel,Office 4200,,Multi,,1064,Admin,, alcatel,OmniPCX Office,,Admin,ftp_admi,kilo1987,,, alcatel,OmniPCX Office,,Installer,ftp_inst,pbxk1064,,, alcatel,OmniPCX Office,,NMC,ftp_nmc,tuxalize,,, alcatel,OmniPCX Office,,Operator,ftp_oper,help1954,,, alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,Admin,, alcatel,OmniPCX Office,4.1,FTP,ftp_inst,pbxk1064,Installer,, alcatel,OmniPCX Office,4.1,FTP,ftp_nmc,tuxalize,NMC,, alcatel,OmniPCX Office,4.1,FTP,ftp_oper,help1954,Operator,, alcatel,OmniPCX Office,4.1,Multi,ftp_admi,kilo1987,Admin,, alcatel,OmniPCX Office,4.1,Other,ftp_inst,pbxk1064,Installer,, alcatel,OmniPCX Office,4.1,Other,ftp_nmc,tuxalize,NMC,, alcatel,OmniPCX Office,4.1,Other,ftp_oper,help1954,Operator,, alcatel,OmniPCX,4.1 and above,Voicemail (User),,1515,,, alcatel,OmniStack 6024,,,admin,switch,,, alcatel,OmniStack 6024,,Admin,admin,switch,,, alcatel,OmniStack 6024,,Telnet,admin,switch,Admin,, alcatel,OmniStack/OmniSwitch,,Telnet,diag,switch,Admin,, alcatel,OmniStack/OmniSwitch,,Telnet/Console,diag,switch,Admin,, alcatel,Omnistack/Omniswitch,,,diag,switch,,, alcatel,PBX,,4400,adfexc,adfexc,,, alcatel,PBX,,4400,at4400,at4400,,, alcatel,PBX,,4400,client,client,,, alcatel,PBX,,4400,dhs3mt,dhs3mt,,, alcatel,PBX,,4400,dhs3pms,dhs3pms,,, alcatel,PBX,,4400,halt,tlah,,, alcatel,PBX,,4400,install,llatsni,,, alcatel,PBX,,4400,kermit,kermit,,, alcatel,PBX,,4400,mtch,mtch,,, alcatel,PBX,,4400,mtcl,mtcl,,, alcatel,PBX,,4400,root,letacla,,, alcatel,PBX,,unknown,adfexc,adfexc,,, alcatel,PBX,,unknown,at4400,at4400,,, alcatel,PBX,,unknown,client,client,,, alcatel,PBX,,unknown,dhs3mt,dhs3mt,,, alcatel,PBX,,unknown,dhs3pms,dhs3pms,,, alcatel,PBX,,unknown,halt,tlah,,, alcatel,PBX,,unknown,install,llatsni,,, alcatel,PBX,,unknown,kermit,kermit,,, alcatel,PBX,,unknown,mtch,mtch,,, alcatel,PBX,,unknown,mtcl,mtcl,,, alcatel,PBX,,unknown,root,letacla,,, alcatel,PBX,4400,Port 2533,adfexc,adfexc,unknown,, alcatel,PBX,4400,Port 2533,at4400,at4400,unknown,, alcatel,PBX,4400,Port 2533,client,client,unknown,, alcatel,PBX,4400,Port 2533,dhs3mt,dhs3mt,unknown,, alcatel,PBX,4400,Port 2533,dhs3pms,dhs3pms,unknown,, alcatel,PBX,4400,Port 2533,halt,tlah,shutdown,, alcatel,PBX,4400,Port 2533,install,llatsni,unknown,, alcatel,PBX,4400,Port 2533,kermit,kermit,unknown,, alcatel,PBX,4400,Port 2533,mtch,mtch,unknown,, alcatel,PBX,4400,Port 2533,mtcl,mtcl,unknown,, alcatel,PBX,4400,Port 2533,root,letacla,unknown,, alcatel,SpeedTouch 510,,HTTP/Telnet,,,,Default IP 192.168.1.254/24, alcatel,SpeedTouch 580,4.3.19,HTTP,admin,admin,,, alcatel,Speedtouch,,500 series,,,,, alcatel,Timestep VPN 1520,3.00.026,Permit config and console,root,permit,Admin,Perm/Config port 38036, alcatel,Timestep VPN Gateway 15xx/45xx/7xxx,,,root,permit,,Any, allan,ass,,tool,tool,face,,, allied telesyn,8326G,,,,,,, allied telesyn,AT-8024(GB),,,,admin,,, allied telesyn,AT-8024(GB),,,manager,admin,,, allied telesyn,AT-8024(GB),,any,,admin,,, allied telesyn,All,,Admin,manager,friend,,, allied telesyn,All,,All,manager,friend,,, allied telesyn,Generic Switch/Router,,,manager,friend,,, allied telesyn,Generic Switch/Router,,Admin,manager,friend,,, allied telesyn,Rapier G6 Switch,,,,manager,,, allied telesyn,Switch,,AT-8124XL 1.0.3,admin,,,, allied telesyn,Switch,,Admin,admin,,,, allied,CJ8MO E-U,,,,,,, allied,CJ8MO E-U,,Admin,,,,, allied,CJ8MO E-U,,Telnet,,,Admin,, allied,Telesyn,,,manager,friend,,, allied,Telesyn,,,secoff,secoff,,, allied,Telesyn,,Admin,manager,friend,,, allied,Telesyn,,Admin,secoff,secoff,,, allied-telesyn,AT-8550GB,,,manager,friend,,, allied-telesyn,AT-RG613LH,,,manager,friend,,, alliedtelesyn,ALAT8326GB,,Multi,manager,manager,Admin,, alliedtelesyn,AT Router,,HTTP,root,,Admin,, alliedtelesyn,AT-8024(GB),,Console,,admin,Admin,, alliedtelesyn,AT-8024(GB),,HTTP,manager,admin,Admin,, alliedtelesyn,AT-8550GB,,Telnet,manager,friend,,, alliedtelesyn,AT-AR130 (U) -10,,HTTP,Manager,friend,Admin,Default IP is 192.168.242.242, alliedtelesyn,AT-AR750S,,,manager,friend,,, alliedtelesyn,AT-RG613LH,2-3_59,Telnet,manager,friend,,, alliedtelesyn,AT8000S/24,v1.1.0.32,serial console,manager,friend,admin,, alliedtelesyn,AT8016F,,Console,manager,friend,Admin,, alliedtelesyn,All Routers,,,Manager,Friend,,Any, alliedtelesyn,All,All,Telnet,manager,friend,Admin,, alliedtelesyn,Allied Telesyn,AR410,,Administrator,admin,,, alliedtelesyn,Generic Switch/Router,,Multi,manager,friend,Admin,, alliedtelesyn,R130,,,Manager,friend,,, alliedtelesyn,Rapier G6 Switch,,,manager,friend,,, alliedtelesyn,Switch,AT-8124XL 1.0.3,Multi,admin,,Admin,, alliedtelesyn,Various,,Multi,manager,friend,Admin,, alliedtelesyn,Various,,Multi,secoff,secoff,Admin,, alliedtelesyn,at-img634w,a+,multi,manager,friend,,, alliedtelesyn,windows xp, AR410,http://192.168.1.174,admin,admin,user,HACK, allnet,ALL0275 802.11g AP,,1.0.6,,admin,,, allnet,ALL0275 802.11g AP,1.0.6,HTTP,,admin,Admin,, allnet,ALL129DSL,,,admin,admin,,, allnet,ALL129DSL,,,admin,admin,Administrator,Likely the default on all routers, allnet,T-DSL Modem,,Software Version: v1.51,admin,admin,,, allnet,T-DSL Modem,Software Version: v1.51 ,HTTP,admin,admin,Admin,, allot,Netenforcer,,,admin,allot,,, allot,Netenforcer,,,admin,allot,Admin,, allot,Netenforcer,,,root,bagabu,,, allot,Netenforcer,,,root,bagabu,Admin,, alteon,ACEDirector3,,,admin,,,, alteon,ACEDirector3,,console,admin,,,, alteon,ACEswitch 180e (telnet),,,admin,blank,,, alteon,ACEswitch,,,admin,,,, alteon,ACEswitch,,180e,admin,,,, alteon,ACEswitch,,Admin,admin,admin,,, alteon,ACEswitch,,Admin,admin,linga,,, alteon,ACEswitch,180e,HTTP,admin,admin,Admin,, alteon,ACEswitch,180e,HTTP,admin,linga,Admin,, alteon,AD4,9,Console,admin,admin,Admin,Factory default, alteon,All hardware releases,,,,admin,,Web OS 5.2, ambit,,,,admin,cableroot,root,, ambit,ADSL,,,root,,,, ambit,ADSL,,Admin,root,,,, ambit,ADSL,,Telnet,root,,Admin,, ambit,Cable Modem 60678eu,,1.12,root,root,,, ambit,Cable Modem 60678eu,1.12,Multi,root,root,Admin,, ambit,Cable Modem,,,root,root,,, ambit,Cable Modem,,Multi,root,root,Admin,Time Warner Cable issued modem, ambit,Cable Modem,,Multi,user,user,,, ambit,DOCSIS 1.0/1.1/2.0 Compliant,5.66.1011,,user,,user,, ambit,ntl:home 200,2.67.1011,HTTP,root,root,Admin,This is the cable modem supplied by NTL in the UK, ami bios,1999,,AT 49,,,,, ami,PC BIOS,,,,AMI.KEY,,, ami,PC BIOS,,,,AMISETUP,,, ami,PC BIOS,,Admin,,A.M.I,,, ami,PC BIOS,,Admin,,AM,,, ami,PC BIOS,,Admin,,AMI!SW,,, ami,PC BIOS,,Admin,,AMI,,, ami,PC BIOS,,Admin,,AMI.KEY,,, ami,PC BIOS,,Admin,,AMI.KEZ,,, ami,PC BIOS,,Admin,,AMI?SW,,, ami,PC BIOS,,Admin,,AMIAMI,,, ami,PC BIOS,,Admin,,AMIDECOD,,, ami,PC BIOS,,Admin,,AMIPSWD,,, ami,PC BIOS,,Admin,,AMISETUP,,, ami,PC BIOS,,Admin,,AMI_SW,,, ami,PC BIOS,,Admin,,AMI~,,, ami,PC BIOS,,Admin,,BIOSPASS,,, ami,PC BIOS,,Admin,,HEWITT RAND,,, ami,PC BIOS,,Admin,,aammii,,, ami,PC BIOS,,Console,,A.M.I,Admin,, ami,PC BIOS,,Console,,AAAMMMIII,Admin,, ami,PC BIOS,,Console,,AM,Admin,, ami,PC BIOS,,Console,,AMI!SW,Admin,, ami,PC BIOS,,Console,,AMI,Admin,, ami,PC BIOS,,Console,,AMI.KEY,Admin,, ami,PC BIOS,,Console,,AMI.KEZ,Admin,, ami,PC BIOS,,Console,,AMI?SW,Admin,, ami,PC BIOS,,Console,,AMIAMI,Admin,, ami,PC BIOS,,Console,,AMIDECOD,Admin,, ami,PC BIOS,,Console,,AMIPSWD,Admin,, ami,PC BIOS,,Console,,AMISETUP,Admin,, ami,PC BIOS,,Console,,AMI_SW,Admin,, ami,PC BIOS,,Console,,AMI~,Admin,, ami,PC BIOS,,Console,,BIOS,Admin,, ami,PC BIOS,,Console,,BIOSPASS,Admin,, ami,PC BIOS,,Console,,CMOSPWD,Admin,, ami,PC BIOS,,Console,,CONDO,Admin,, ami,PC BIOS,,Console,,HEWITT RAND,Admin,, ami,PC BIOS,,Console,,LKWPETER,Admin,, ami,PC BIOS,,Console,,MI,Admin,, ami,PC BIOS,,Console,,Oder,Admin,, ami,PC BIOS,,Console,,PASSWORD,Admin,, ami,PC BIOS,,Console,,aammii,Admin,, ami,at 49,,,,,,, amigo,ADSL Router,,,admin,epicrouter,,, amitech,wireless router and access point 802.11g 802.11b,any,HTTP,admin,admin,Admin,Web interface is on 192.168.1.254 available on the LAN ports of the AP., amptron,PC BIOS,,,,Polrty,,, amptron,PC BIOS,,Admin,,Polrty,,, amptron,PC BIOS,,Console,,Polrty,Admin,, andover controls,Infinity,,any,acc,acc,,, andovercontrols,Infinity,any,Console,acc,acc,Admin,Building managment system, aoc,zenworks 4.0,,Multi,,admin,Admin,, apache project,,,Apache,jj,,,, apache,TomCat,,HTTP,admin,admin,,, apache,TomCat,,HTTP,admin,tomcat,,, apache,TomCat,,HTTP,role,changethis,,, apache,TomCat,,HTTP,role1,role1,,, apache,TomCat,,HTTP,root,changethis,,, apache,TomCat,,HTTP,root,root,,, apache,TomCat,,HTTP,tomcat,changethis,,, apache,TomCat,,HTTP,tomcat,tomcat,,, apache,Tomcat,,,admin,tomcat,,, apache,Tomcat,,,role,changethis,,, apache,Tomcat,,,role1,role1,,, apache,Tomcat,,,root,changethis,,, apache,Tomcat,,,tomcat,tomcat,,, apache,jboss4,,jmx-console,admin,jboss4,,, apc,9606 Smart Slot,,,,backdoor,,, apc,9606 Smart Slot,,Telnet,,backdoor,Admin,, apc,9606 Smart Slot,AOS 3.2.1 and AOS 3.0.3,Telnet,(any),TENmanUFactOryPOWER,,, apc,AP9606 SmartSlot Web/SNMP Management Card,,AOS 3.2.1 and AOS 3.0.3,(any),TENmanUFactOryPOWER,,, apc,AP9606,,,apc,apc,Admin,, apc,Any,,,apcuser,apc,,, apc,Call-UPS,,AP9608,,serial number of the Call-UPS,,, apc,Call-UPS,AP9608,Console,,(Device Serial Number),Admin,, apc,MasterSwitch,,AP9210,apc,apc,,, apc,MasterSwitch,AP9210,,apc,apc,Admin,, apc,PowerChute Bussiness Edition,,Installed program,Pingo,Ura,Admin access,, apc,Powerchute Plus,,4.x for Netware 3.x/4.x,POWERCHUTE,APC,,, apc,Powerchute Plus,4.x for Netwware 3.x/4.x,Console,POWERCHUTE,APC,Admin,, apc,SNMP Adapter,,2.x,apc,apc,,, apc,SNMP Adapter,2.x,,apc,apc,,, apc,Share-UPS,,AP9207,,serial number of the Share-UPS,,, apc,Share-UPS,AP9207,Console,,(Device Serial Number),Admin,, apc,Smart UPS,,Multi,apc,apc,Admin,, apc,Smartups 3000,,HTTP,apc,apc,Admin,, apc,Smartups 5000,,HTTP,apc,apc,admin,, apc,UPS,,,apc,apc,,, apc,UPS,,Admin,apc,apc,,, apc,UPS,,Telnet,apc,apc,Admin,, apc,UPSes (Web/SNMP Mgmt Card),,HTTP,device,device,Admin,Secondary access account (next to apc/apc), apc,USV Network Management Card,,,,TENmanUFactOryPOWER,,, apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER ,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, apc,Web/SNMP Management Card,,AP9606,apc,apc,,, apple computer,Airport,,,,public,,, apple computer,Network Assistant,,,,xyzzy,,, apple computer,Remote Desktop,,,,xyzzy,,, apple,AirPort Base Station (Graphite),,2,,public,,, apple,AirPort Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, apple,Airport Base Station (Dual Ethernet),,2,,password,,, apple,Airport Base Station (Dual Ethernet),2,Multi,,password,Guest,See Apple article number 106597 for details, apple,Airport Extreme Base Station,,2,,admin,,, apple,Airport Extreme Base Station,2,Multi,,admin,Guest,see Apple article number 107518 for details, apple,Airport,,,,public,,1.1, apple,Airport,,Administrative,admin,public,,, apple,Airport,,Other,admin,public,Administrative,, apple,Airport,5,1.0.09,Multi,root,admin,, apple,Network Assistant,,,None,xyzzy,Admin,3.X, apple,Remote Desktop,,,,xyzzy,Admin,, apple,iPod Touch,,,root/mobile,alpine,,, arcor,Easybox,all,http://192.168.2.1,root,123456,Root,, areca,RAID controllers,,Console,admin,0,Admin,, arescom,modem/router ,10XX,Telnet,,atc123,Admin,, arlotto,SG205,,HTTP,admin,123456,https://192.168.2.1,, arlotto,SG205,,https://192.168.2.1,admin,123456,,, armenia,Forum,,No,admin,admin,,, arrowpoint,Any,,,admin,system,Admin,, arrowpoint,Unknown,,,,,,, arrowpoint,Unknown,,,admin,system,,, arrowpoint,Various,,,,,Admin,, arrowpoint,windows xp,all,192.168.0.1,admin,arrowpoint,,, artem,ComPoint - CPD-XT-b,CPD-XT-b,Telnet,,admin,Admin,, asante,FM2008,,Multi,admin,asante,Admin,, asante,FM2008,,Telnet,superuser,,Admin,, asante,FM2008,01.06,Telnet,superuser,asante,Admin,, asante,IntraStack,,,IntraStack,Asante,,, asante,IntraStack,,Admin,IntraStack,Asante,,, asante,IntraStack,,multi,IntraStack,Asante,Admin,, asante,IntraSwitch,,,IntraSwitch,Asante,,, asante,IntraSwitch,,Admin,IntraSwitch,Asante,,, asante,IntraSwitch,,multi,IntraSwitch,Asante,Admin,, ascend,All TAOS models,,,admin,Ascend,,all, ascend,Router,,,,ascend,,, ascend,Router,,Admin,,ascend,,, ascend,Router,,Telnet,,ascend,Admin,, ascend,Sahara,,,root,ascend,,, ascend,Sahara,,Multi,root,ascend,,, ascend,Yurie,,,readonly,lucenttech2,,, ascend,Yurie,,,readwrite,lucenttech1,,, ascend,Yurie,,Multi,readonly,lucenttech2,,, ascend,Yurie,,Multi,readwrite,lucenttech1,,, ascom,Ascotel PBX,,ALL,,3ascotel,,, ascom,Ascotel PBX,ALL,Multi,,3ascotel,Admin,, asdsa,sadsa,,asdsad,12321,sadsad,,, asmack,router,ar804u,HTTP,admin,epicrouter,Admin,, asmax,AR701u / ASMAX AR6024,,HTTP,admin,epicrouter,Admin,, asmax,AR800C2,,HTTP,admin,epicrouter,Admin,, asmax,Ar-804u,,HTTP,admin,epicrouter,Admin,, aspect,ACD,,6,DTA,TJM,,, aspect,ACD,,6,customer,,,, aspect,ACD,,7,DTA,TJM,,, aspect,ACD,,8,DTA,TJM,,, aspect,ACD,,User,DTA,TJM,,, aspect,ACD,,User,customer,,,, aspect,ACD,6,HTTP,customer,,User,views error logs, aspect,ACD,6,Oracle,DTA,TJM,User,, aspect,ACD,7,Oracle,DTA,TJM,User,, aspect,ACD,8,Oracle,DTA,TJM,User,, ast,PC BIOS,,,,SnuFG5,,, ast,PC BIOS,,Admin,,SnuFG5,,, ast,PC BIOS,,Console,,SnuFG5,Admin,, ast,Powerexec 4/25sl,,Multi,,,Admin,, ast,powerexec 4/25sl,,,,,,, ast,powerexec 4/25sl,,Admin,,,,, asus,6310EV,,,adsl,adsl1234,,, asus,6310EV,,Multi,adsl,adsl1234,,, asus,ACPIBIOS,,,,,,, asus,L3800,,,,,,, asus,P5P800,,Multi,,admin,User,, asus,WL-300,All,HTTP,admin,admin,Admin,, asus,WL-500G Deluxe,,HTTP,admin,admin,Admin,, asus,WL-500G,,HTTP,admin,admin,Admin,, asus,WL-500G,1.7.5.6,HTTP,admin,admin,Admin,, asus,WL-503G,All,HTTP,admin,admin,Admin,, asus,WL-520G,,HTTP,admin,admin,Admin,, asus,WL-HDD2.5,,,admin,admin,Admin,Default IP 192.168.1.220, aszs,graphick,,jkl,Administrator,admin,,, at&,T,,mcp,Console,,,, at&t,3B2 Firmware,,,,mcp,,, atcom,AG-168FC,,http://192.168.1.100,,12345678,Administration,, atlantis,A02-RA141,,Multi,admin,atlantis,Admin,, atlantis,I-Storm Lan Router ADSL ,,Multi,admin,atlantis,Admin,, atlantis,Web Share RB,Web Share RB,http://192.168.1.1,santus,marika,,, att,3B2 Firmware,,Console,,mcp,Admin,, att,EP5962 2-Line Cordless Phone System,,by telephone,,5000,Mailbox access,, att,Starlan SmartHUB,,,N/A,manager,,9.9, attachmate,Attachmate Gateway,,,,PASSWORD,,, attachmate,Attachmate Gateway,,Console,,PASSWORD,Admin,, audioactive,MPEG Realtime Encoders,,,,telos,,, audioactive,MPEG Realtime Encoders,,Telnet,,telos,Admin,, autodesk,Autocad,,,autocad,autocad,,, autodesk,Autocad,,Multi,autocad,autocad,User,, autodesk,Autocad,,User,autocad,autocad,,, avaya,4602 SIP Telephone,1.1.HTTP,admin,barney,,,, avaya,CMS Supervisor,,11,root,cms500,,, avaya,CMS Supervisor,11,Console,root,cms500,Admin,, avaya,Cajun P33x,,Admin,,admin,,, avaya,Cajun P33x,,firmware before 3.11.0,,admin,,, avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,, avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,check the Bugtraq archives for more information, avaya,Cajun Pxxx,,,root,root,,, avaya,Cajun Pxxx,,Admin,root,root,,, avaya,Cajun Pxxx,,Multi,root,root,Admin,, avaya,Cajun,,Admin,,,,, avaya,Cajun,,Developer,diag,danger,,, avaya,Cajun,,Developer,manuf,xxyyzz,,, avaya,Cajun,,P550R P580 P880 and P882,diag,danger,,, avaya,Cajun,,P550R P580 P880 and P882,manuf,xxyyzz,,, avaya,Cajun,,P550R/P580/P880/P882,,,,, avaya,Cajun,P550R P580 P880 and P882,Multi,diag,danger,Developer,, avaya,Cajun,P550R P580 P880 and P882,Multi,manuf,xxyyzz,Developer,, avaya,Cajun,P550R/P580/P880/P882,Telnet,,,Admin,, avaya,Definity,,Admin,craft,,,, avaya,Definity,,G3Si,craft,,,, avaya,Definity,,Multi,dadmin,dadmin01,Admin,, avaya,Definity,G3Si,Multi,craft,,Admin,, avaya,IMD,,,admin,admin123,Admin,, avaya,IP Office,500, 406,Default IP: 192.168.42.1, you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98, Administrator,Admin, avaya,Pxxx,,5.2.14,diag,danger,,, avaya,Pxxx,,5.2.14,manuf,xxyyzz,,, avaya,Pxxx,,Admin,diag,danger,,, avaya,Pxxx,,Admin,manuf,xxyyzz,,, avaya,Pxxx,5.2.14,Multi,diag,danger,Admin,, avaya,Pxxx,5.2.14,Multi,manuf,xxyyzz,Admin,, avaya,Routers,Various,telnet,root,root,Admin,, avaya,definity,,Admin,craft,crftpw,,, avaya,definity,,up to rev. 6,craft,crftpw,,, avaya,definity,up to rev. 6,any,craft,crftpw,Admin,, avaya,g3R,,Admin,root,ROOT500,,, avaya,g3R,,v6,root,ROOT500,,, avaya,g3R,v6,Console,root,ROOT500,Admin,, avaya,g3si,,,,,,, avaya,routers,,,root,root,,, avenger news system (ans),ANS,,,,Administrative,,, avengernewssystem,Avenger News System,,HTTP,,Administrative,,default string: admin:aaLR8vE.jjhss:root@127.0.0.1 pass file is located at ans_data/ans.passwd (relative to ans.pl location), award,6,,,,,,, award,6.00PG,,,,,,, award,BIOS,,,,lkwpeter,,, award,BIOS,,Admin,,lkwpeter,,, award,Bios,,6,,,,, award,PC BIOS,,,,1322222,,, award,PC BIOS,,,,SER,,, award,PC BIOS,,,AWARD_SW,,,, award,PC BIOS,,Admin,,01322222,,, award,PC BIOS,,Admin,,256256,,, award,PC BIOS,,Admin,,?award,,, award,PC BIOS,,Admin,,AWARD_SW,,, award,PC BIOS,,Admin,,BIOS,,, award,PC BIOS,,Admin,,CONCAT,,, award,PC BIOS,,Admin,,CONDO,,, award,PC BIOS,,Admin,,HELGA-S,,, award,PC BIOS,,Admin,,HEWITT RAND,,, award,PC BIOS,,Admin,,HLT,,, award,PC BIOS,,Admin,,PASSWORD,,, award,PC BIOS,,Admin,,SER,,, award,PC BIOS,,Admin,,SKY_FOX,,, award,PC BIOS,,Admin,,SWITCHES_SW,,, award,PC BIOS,,Admin,,SZYX,,, award,PC BIOS,,Admin,,Sxyz,,, award,PC BIOS,,Admin,,TTPTHA,,, award,PC BIOS,,Admin,,TzqF,,, award,PC BIOS,,Admin,,aLLy,,, award,PC BIOS,,Admin,,aPAf,,, award,PC BIOS,,Admin,,admin,,, award,PC BIOS,,Admin,,alfarome,,, award,PC BIOS,,Admin,,award,,, award,PC BIOS,,Admin,,awkward,,, award,PC BIOS,,Admin,,biosstar,,, award,PC BIOS,,Admin,,biostar,,, award,PC BIOS,,Admin,,g6PJ,,, award,PC BIOS,,Admin,,h6BB,,, award,PC BIOS,,Admin,,j09F,,, award,PC BIOS,,Admin,,j256,,, award,PC BIOS,,Admin,,j262,,, award,PC BIOS,,Admin,,j322,,, award,PC BIOS,,Admin,,j64,,, award,PC BIOS,,Admin,,lkw peter,,, award,PC BIOS,,Admin,,lkwpeter,,, award,PC BIOS,,Admin,,setup,,, award,PC BIOS,,Admin,,t0ch20x,,, award,PC BIOS,,Admin,,t0ch88,,, award,PC BIOS,,Admin,,wodj,,, award,PC BIOS,,Admin,,zbaaaca,,, award,PC BIOS,,Console,,(eight spaces),Admin,The password is eight spaces on some versions, award,PC BIOS,,Console,,01322222,Admin,, award,PC BIOS,,Console,,1322222,Admin,, award,PC BIOS,,Console,,256256,Admin,, award,PC BIOS,,Console,,589589,Admin,, award,PC BIOS,,Console,,589721,Admin,, award,PC BIOS,,Console,,595595,Admin,, award,PC BIOS,,Console,,598598,Admin,, award,PC BIOS,,Console,,?award,Admin,, award,PC BIOS,,Console,,ALFAROME,Admin,, award,PC BIOS,,Console,,ALLY,Admin,, award,PC BIOS,,Console,,ALLy,Admin,, award,PC BIOS,,Console,,AWARD PW,Admin,, award,PC BIOS,,Console,,AWARD SW,Admin,, award,PC BIOS,,Console,,AWARD?SW,Admin,, award,PC BIOS,,Console,,AWARD_PW,Admin,, award,PC BIOS,,Console,,AWARD_SW,Admin,, award,PC BIOS,,Console,,AWKWARD,Admin,, award,PC BIOS,,Console,,BIOS,Admin,, award,PC BIOS,,Console,,BIOSTAR,Admin,, award,PC BIOS,,Console,,CONCAT,Admin,, award,PC BIOS,,Console,,CONDO,Admin,, award,PC BIOS,,Console,,Condo,Admin,, award,PC BIOS,,Console,,HELGA-S,Admin,, award,PC BIOS,,Console,,HEWITT RAND,Admin,, award,PC BIOS,,Console,,HLT,Admin,, award,PC BIOS,,Console,,J256,Admin,, award,PC BIOS,,Console,,J262,Admin,, award,PC BIOS,,Console,,KDD,Admin,, award,PC BIOS,,Console,,LKWPETER,Admin,, award,PC BIOS,,Console,,Lkwpeter,Admin,, award,PC BIOS,,Console,,PASSWORD,Admin,, award,PC BIOS,,Console,,PINT,Admin,, award,PC BIOS,,Console,,SER,Admin,, award,PC BIOS,,Console,,SKY_FOX,Admin,, award,PC BIOS,,Console,,SWITCHES_SW,Admin,, award,PC BIOS,,Console,,SW_AWARD,Admin,, award,PC BIOS,,Console,,SXYZ,Admin,, award,PC BIOS,,Console,,SZYX,Admin,, award,PC BIOS,,Console,,Sxyz,Admin,, award,PC BIOS,,Console,,TTPTHA,Admin,, award,PC BIOS,,Console,,TzqF,Admin,, award,PC BIOS,,Console,,ZAAAADA,Admin,, award,PC BIOS,,Console,,ZAAADA,Admin,, award,PC BIOS,,Console,,ZBAAACA,Admin,, award,PC BIOS,,Console,,ZJAAADC,Admin,, award,PC BIOS,,Console,,_award,Admin,, award,PC BIOS,,Console,,aLLY,Admin,, award,PC BIOS,,Console,,aLLy,Admin,, award,PC BIOS,,Console,,aPAf,Admin,, award,PC BIOS,,Console,,admin,Admin,, award,PC BIOS,,Console,,alfarome,Admin,, award,PC BIOS,,Console,,award,Admin,, award,PC BIOS,,Console,,award.sw,Admin,, award,PC BIOS,,Console,,award_?,Admin,, award,PC BIOS,,Console,,award_ps,Admin,, award,PC BIOS,,Console,,awkward,Admin,, award,PC BIOS,,Console,,biosstar,Admin,, award,PC BIOS,,Console,,biostar,Admin,, award,PC BIOS,,Console,,condo,Admin,, award,PC BIOS,,Console,,d8on,Admin,, award,PC BIOS,,Console,,djonet,Admin,, award,PC BIOS,,Console,,efmukl,Admin,, award,PC BIOS,,Console,,g6PJ,Admin,, award,PC BIOS,,Console,,h6BB,Admin,, award,PC BIOS,,Console,,j09F,Admin,, award,PC BIOS,,Console,,j256,Admin,, award,PC BIOS,,Console,,j262,Admin,, award,PC BIOS,,Console,,j322,Admin,, award,PC BIOS,,Console,,j64,Admin,, award,PC BIOS,,Console,,kdd,Admin,, award,PC BIOS,,Console,,lkw peter,Admin,, award,PC BIOS,,Console,,lkwpeter,Admin,, award,PC BIOS,,Console,,lkwpeter,Admin,Note - After 1996-12-19 Award required each OEM to set their own password, award,PC BIOS,,Console,,pint,Admin,, award,PC BIOS,,Console,,setup,Admin,, award,PC BIOS,,Console,,sxyz,Admin,, award,PC BIOS,,Console,,t0ch20x,Admin,, award,PC BIOS,,Console,,t0ch88,Admin,, award,PC BIOS,,Console,,wodj,Admin,, award,PC BIOS,,Console,,zbaaaca,Admin,, award,PC BIOS,,Console,,zjaaadc,Admin,, award,award,,6,,,,, award,bios,,1.0A,,,,, award,bios,,4.6,admin,admin,,, award,v4.51PG,,Admin,,SY_MB,,, award,v4.51PG,,v4.51PG,,SY_MB,,, award,v4.51PG,v4.51PG,Multi,,SY_MB,Admin,, axent,NetProwler manager,,,administrator,admin,,WinNT, axis,200 Network Camera,,,root,pass,,, axis,200 V1.32,,,admin,,,, axis,200+ Network Camera,,,root,pass,,, axis,2100 Network Camera,,,root,pass,,, axis,2110 Network Camera,,,root,pass,,, axis,2120 Network Camera,,,root,pass,,, axis,2420 Network Camera,,,root,pass,,, axis,540 Print Server,,Multi,root,pass,Admin,, axis,540+ Print Server,,Multi,root,pass,Admin,, axis,542 Print Server,,Multi,root,pass,Admin,, axis,All Axis Printserver,All,Multi,root,pass,Admin,, axis,NETCAM,,200/240,root,pass,,, axis,NETCAM,,Admin,root,pass,,, axis,NETCAM,200/240,,root,pass,,, axis,NETCAM,200/240,Telnet,root,pass,Admin,, axis,NPS 530,,,root,pass,,5.02, axis,StorPoint CD100,,,root,pass,,4.28, axis,StorPoint CDE100,,,root,pass,,, axis,StorPoint NAS 100,,,root,pass,,, axis,Webcams,,HTTP,root,pass,Admin,, axus,AXUS YOTTA,,Multi,,0,Admin,Storage DAS SATA to SCSI/FC, axway,synchronization gateway,,,admin,Secret1,Admin,, aztech,DSL-600E,,HTTP,admin,admin,Admin,, aztech,windows xp, all models,38.4.2,192.168.1.1,admin,admin,, backtrack,backtrack 4,,CLI,root,toor,,, barracudanetworks,Barracuda Spam Firewall 300,,http://:8000,admin,admin,full admin access,, barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,admin,adminbn99,full admin access,, barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,guest,bnadmin99,guest access - some information disclosure,, barracudanetworks,Barracuda Spyware Firewall,,http://:8000,admin,admin,full admin access,, bauschdatacom,Proxima PRI ADSL PSTN Router4 Wireless,,Multi,admin,epicrouter,Admin,, bay networks,Router,,,Manager,,,, bay networks,Router,,,User,,,, bay networks,Router,,Admin,Manager,,,, bay networks,Router,,User,User,,,, bay networks,SuperStack II,,,security,security,,, bay networks,SuperStack II,,Admin,security,security,,, bay networks,Switch,,350T,,NetICs,,, bay networks,Switch,,Admin,,NetICs,,, baynetworks,ASN / ARN Routers,,,Manager,Manager,,Any, baynetworks,Accelar 1xxx switches,,,rwa,rwa,,Any, baynetworks,Remote Annex 2000,,,admin,IP address,,Any, baynetworks,Router,,,User,,User,, baynetworks,Router,,Telnet,Manager,,Admin,, baynetworks,Router,,Telnet,User,,User,, baynetworks,SuperStack II,,,security,security,Admin,, baynetworks,SuperStack II,,Telnet,security,security,Admin,, baynetworks,Switch,350T,,,NetICs,Admin,, baynetworks,Switch,350T,Telnet,,NetICs,Admin,, bea,WebLogic Process Integrator,,2.0,admin,security,,, bea,WebLogic Process Integrator,,2.0,joe,password,,, bea,WebLogic Process Integrator,,2.0,mary,password,,, bea,WebLogic Process Integrator,,2.0,system,security,,, bea,WebLogic Process Integrator,,2.0,wlcsystem,wlcsystem,,, bea,WebLogic Process Integrator,,2.0,wlpisystem,wlpisystem,,, bea,WebLogic,,,system,weblogic,,, bea,WebLogic,,Admin,system,weblogic,,, bea,WebLogic,,https,system,weblogic,Admin,, bea,WebLogic,9.0 beta (Diablo),,weblogic,weblogic,,, bea,Weblogic Process Integrator,2.0,,admin,security,,, bea,Weblogic Process Integrator,2.0,,joe,password,,, bea,Weblogic Process Integrator,2.0,,mary,password,,, bea,Weblogic Process Integrator,2.0,,system,security,,, bea,Weblogic Process Integrator,2.0,,wlcsystem,wlcsystem,,, bea,Weblogic Process Integrator,2.0,,wlpisystem,wlpisystem,,, bea,Weblogic,,,system,weblogic,,5.1, becu,accpints summary,,,musi1921,Musii%1921,,, beetal,220x ADSL router,any,http://192.168.1.1,admin,password,admin,should be same for all routers, belkin,Belkin_N+_61F980,,Password,Belkin_N+_61F980,,,, belkin,F1PG200ENau,,,,admin,,, belkin,F5D5231-4,,http://192.168.2.1,,,Administration,, belkin,F5D6130,,,,MiniAP,,, belkin,F5D6130,,Admin,,MiniAP,,, belkin,F5D6130,,SNMP,,MiniAP,Admin,Wireless Acess Point IEEE802.11b, belkin,F5D6231-4 Router,,,,,,, belkin,F5D6231-4,,V1.0 - 2.0,,,,, belkin,F5D7150,FB,Multi,,admin,Admin,, belkin,F5D7230-4 Router,,,,,,, belkin,F5D7231-4,,http://192.168.2.1,,,Administration,, belkin,F5D7234 4V1,1002,,insight_wifi_1902,lgibson5405,,, belkin,F5D8230-4,,http://192.168.2.1,,,Administration,, belkin,F5D9230-4,,http://192.168.2.1,user:,,Administration,, belkin,F5U025 USB Flash drive,,,,1111,,, belkin,F8T030 Bluetooth AP,,,guest,guest,,Bluetooth passkey: belkin, belkin,P74476au,,http://10.0.0.2,admin,password,,, belkin,PRO 3 KVM switch,,Console,admin,belkin,Admin,, belkin,Wireless ADSL Modem/Router,,Full,admin,,,, belkin,Wireless ADSL Modem/Router,,Multi,admin,,Full,, belkin,f5d9230-4,,192.168.2.1,admin,admin,,, benq,awl 700 wireless router,1.3.6 Beta-002,Multi,admin,admin,Admin,, bestpractical,RT,,,root,password,,, bestpractical,RT,,HTTP,root,password,Admin,, betabrite,1026,,,,LLLLLL,Sign programming,Reset sign password, betabrite,1036,,,,LLLLLL,Sign programming,Reset sign password, betabrite,1040,,,,LLLLLL,Sign programming,Reset sign password, betabrite,Prism 1196,,,,LLLLLL,Sign programming,Reset sign password, betabrite,Prism full-colour LED sign,,,,,Sign programming,The sign has no password by default but if it does you can reset it by entering LLLLLL then a new password at the password prompt. Password is always 6 characters., bewan,Wireless Routers,,,bewan,bewan,Admin,, billion,BiPAC 5100,,HTTP,admin,admin,Admin,, billion,BiPAC 5102,,http://192.168.1.254,admin,admin,Administration,, billion,BiPAC 640 AC,640AE100,HTTP,,,Admin,, billion,BiPAC 6600,,http://192.168.1.254,,,Administration,, billion,BiPAC 7202G,,http://192.168.1.254,admin,admin,Administration,, billion,BiPAC 7402VGP,,http://192.168.1.254,admin,admin,Administration,, bintec,Bianca/Brick,,XM-5.1,,snmp-Trap,,, bintec,Bianca/Brick,,read/write,,snmp-Trap,,, bintec,Bianca/Brick,XM-5.1,SNMP,,snmp-Trap,read/write,, bintec,Bianka ,,admin bintec,Admin,No,,, bintec,Bianka Routers,,,admin,bintec,,, bintec,Bianka Routers,,Admin,admin,bintec,,, bintec,Bianka Routers,,Multi,admin,bintec,Admin,, bintec,all Routers,,,admin,bintec,,Any, bintec,x1200,37834,Multi,admin,bintec,Admin,, bintec,x2300i,37834,Multi,admin,bintec,Admin,, bintec,x3200,37834,Multi,admin,bintec,Admin,, biodata,BIGfire,,,,Babylon,,, biodata,Babylon,,,,Babylon,,, biodata,Bigfire +,,Admin,config,biodata,,, biodata,Bigfire +,,Multi,config,biodata,Admin,, biostar,PC BIOS,,,,Biostar,,, biostar,PC BIOS,,Admin,,Biostar,,, biostar,PC BIOS,,Admin,,Q54arwms,,, biostar,PC BIOS,,Console,,Biostar,Admin,, biostar,PC BIOS,,Console,,Q54arwms,Admin,, bizdesign,ImageFoliio,,2.2,Admin,ImageFolio,,, bizdesign,ImageFolio Pro,,2.2,Admin,ImageFolio,,, bizdesign,ImageFolio Pro,2.2,HTTP,Admin,ImageFolio,Admin,default admin page is:/cgi-bidmidmin.cgi, bizdesign,ImageFolio,2.2,HTTP,Admin,ImageFolio,Admin,, blackberry,Pearl,,,Password Keeper,By default has no password, blackbox,BLACK BOX ServSensor JR,,,Administrator,public,,, blackbox,BLACK BOX ServSensor JR,v2.0,HTTP,Administrator,public,,, blackwidowwebdesignltd,Saxon,5.4,http,admin,nimda,Admin,, bluecoatsystems,ProxySG,3.x,HTTP,admin,articon,Admin,access to command line interface via ssh and web gui, bmc software,Patrol,,Admin,Administrator,the same all over,,, bmc software,Patrol,,all,Administrator,the same all over,,, bmc,Patrol,,6,patrol,patrol,,, bmc,Patrol,,User,patrol,patrol,,, bmc,Patrol,6.0,Multi,patrol,patrol,User,, bmc,Patrol,all,BMC unique,Administrator,the same all over,Admin,this default user normally for ALL system in this area with one Password, borland,Interbase,,,,,,, borland,Interbase,,,,,,Any, borland,Interbase,,,SYSDBA,masterkey,,any, borland,Interbase,,,politcally,correct,,Any, borland,Interbase,,,politically,correct,,, borri,CS131,all versions,http,admin,UpsMon,,, boson,router simulator,,Admin,,,,, boson,router simulator,3.66,Multi,,,Admin,, breezecom,Breezecom Adapters,,2.x,,laflaf,,, breezecom,Breezecom Adapters,,3.x,,Master,,, breezecom,Breezecom Adapters,,4.4.x,,Helpdesk,,, breezecom,Breezecom Adapters,,4.x,,Super,,, breezecom,Breezecom Adapters,,Admin,,Master,,, breezecom,Breezecom Adapters,,Admin,,Super,,, breezecom,Breezecom Adapters,,Admin,,laflaf,,, breezecom,Breezecom Adapters,2.x,,,laflaf,,, breezecom,Breezecom Adapters,2.x,,,laflaf,Admin,, breezecom,Breezecom Adapters,3.x,,,Master,,, breezecom,Breezecom Adapters,3.x,,,Master,Admin,, breezecom,Breezecom Adapters,4.4.x,Console,,Helpdesk,Admin,, breezecom,Breezecom Adapters,4.x,,,Super,,, breezecom,Breezecom Adapters,4.x,,,Super,Admin,, breezecom,SA10,,,,,,, broadlogic,XLT router,,HTTP,webadmin,webadmin,Admin,, broadlogic,XLT router,,Telnet,admin,admin,Admin,, broadlogic,XLT router,,Telnet,installer,installer,Admin,, broadmax,LinkMax HSA300A-2,,http://192.168.0.1,broadmax,broadmax,Admin,You need to put the IP as Gateway in TCPIP settings and 192.168.0.2 as your assigned IP., brocade,Fabric OS,,3.x,admin,password,,, brocade,Fabric OS,,3.x,root,fivranne,,, brocade,Fabric OS,,All,root,fivranne,,, brocade,Fabric OS,,Multi,admin,password,Admin,Gigabit SAN, brocade,Fabric OS,All,Multi,root,fibranne,Admin,, brocade,Fabric OS,All,Multi,root,fivranne,Admin,Gigiabit SAN (), brocade,Silkworm,all,Multi,admin,password,Admin,Also on other Fiberchannel switches, brother,HL-1270n,,,,access,,, brother,HL-1270n,,Multi,,access,network board access,, brother,HL-1270n,,network board access,,access,,, brother,HL-3040CN,,,admin,access,,, brother,MFC Network-capable printers,all versions,http,admin,access,,, brother,MFC-8860DB,,,admin,access,,, brother,NC-3100h,,,,access,,, brother,NC-3100h,,,,access,network board access,, brother,NC-3100h,,network board access,,access,,, brother,NC-4100h,,,,access,,, brother,NC-4100h,,,,access,network board access,, brother,NC-4100h,,network board access,,access,,, brother,QL-580N,,,admin,access,,, bt,HomeHub,,192.168.1.254,admin,admin,Admin,, bt,Voyager 2000,,,admin,admin,,, bt,Voyager 2000,,,admin,admin,Admin,, bt,Voyager 240,,,admin,admin,Admin,, buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, buffalo,BBR-4MG and BBR-4HG,ALL,HTTP,root,,Admin,, buffalo,WHR3-G54 Router,,,root,,,, buffalo,Wireless Broadband Base Station-g ,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, buffalo,Wireless Broadband Base Station-g,,WLA-G54 WBR-G54,root,,,, buffalo/melco,AirStation,,,root,,,, cableandwireless,ADSL Modem/Router,,Multi,admin,1234,Admin,, cabletron,Netgear modem/router and SSR,,,netman,,,, cabletron,Netgear modem/router and SSR,,,netman,,Admin,, cabletron,Netgear modem/router and SSR,,Admin,netman,,,, cabletron,routers & switches,,,,,,, cabletron,routers &,,,,,,, canon,iR1023,,Administrator,,0000,,, canyon,router,,Multi,Administrator,admin,Admin,, castlenet,,,http,MSO,changeme,ROOT,, cayman,3220-H DSL Router,,,Any,,,GatorSurf 5., cayman,Cayman DSL,,,,,,, cayman,Cayman DSL,,,,,Admin,, cayman,Cayman DSL,,3220-H,},,,, cayman,Cayman DSL,,Admin,,,,, cayman,Cayman DSL,,Admin,},,,, cayman,Cayman DSL,3220-H,,},,Admin,, cayman,Cayman DSL,SBC/Pacbell,,admin,(device serial number),Admin,, cayman,DSL Router,,,admin,(serial number),,, celerity,Mediator,,,root,Mau,,, celerity,Mediator,,Admin,root,Mau dib,,, celerity,Mediator,,Multi,mediator,mediator,,, celerity,Mediator,,Multi,root,Mau'dib,Admin,Assumption: the password is Mua'dib, celerity,Mediator,,User,mediator,mediator,,, celerity,Mediator,Multi,Multi,mediator,mediator,User,, cellit,CCPro,,Multi,cellit,cellit,Admin,, cgi world,Poll It,,v2.0,,protection,,, cgiworld,Poll It,2.0,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, chase research,Iolan,,,,iolan,,, chaseresearch,Iolan,,,,iolan,,, checkpoint,,,,admin,qaz123,,, checkpoint,Firewall-1,,Multi,admin,abc123,admin,, checkpoint,Firewall-1,,admin,admin,abc123,,, checkpoint,Interspect 210,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,Interspect 210N,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,Interspect 410,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,Interspect 610,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,Interspect 610S,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,SecurePlatform,,Admin,admin,admin,,, checkpoint,SecurePlatform,,NG FP3,admin,admin,,, checkpoint,SecurePlatform,NG FP3,Console,admin,admin,Admin,, chuming chen,NessusWeb,,,administrator,adminpass,,, chumingchen,NessusWeb,,HTTP,administrator,adminpass,Admin,, ciphertrust,IronMail,Any,Multi,admin,password,Admin,, cisco,1100,,,,Cisco,Admin,, cisco,1200,,,Cisco,Cisco,Admin,, cisco,1300,,,Cisco,Cisco,Admin,, cisco,1400,,,,Cisco,Admin,, cisco,2100 aka DPX2100,all versions (comcast-supplied),http://192.168.100.1,,W2402,,password case sensitive, cisco,2600,,Telnet,Administrator,admin,Admin,, cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,,, cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,Admin,Default SSID is tsunami. Username/password are case sensitive., cisco,AP1200,IOS,Multi,Cisco,Cisco,Admin,This is when you convert AP1200 or AP350 to IOS, cisco,ATA 186,,,admin,,Admin,, cisco,Aironet 1100,,webadmin,Cisco,Cisco,,, cisco,Aironet 1100,AP1120B-E-K9,HTTP,Cisco,Cisco,webadmin,, cisco,Aironet 1200,,,Cisco,Cisco,,, cisco,Aironet 1200,,HTTP,root,Cisco,Admin,, cisco,Aironet 1200,,Multi,Cisco,Cisco,,, cisco,Aironet 1350,,HTTP,admin,tsunami,webadmin,, cisco,Aironet 1350,,webadmin,admin,tsunami,,, cisco,Aironet,,Multi,,_Cisco,Admin,, cisco,Aironet,,Multi,Cisco,Cisco,Admin,, cisco,Any Router and Switch,,,cisco,cisco,,10 thru 12, cisco,Arrowpoint,,,admin,system,Admin,, cisco,BBSD MSDE Client,,5.0 and 5.1,bbsd-client,NULL,,, cisco,BBSD MSDE Client,,database,bbsd-client,NULL,,, cisco,BBSD MSDE Client,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,NULL,database,The BBSD Windows Client password will match the BBSD MSDE Client password, cisco,BBSM Administrator,,5.0 and 5.1,Administrator,changeme,,, cisco,BBSM Administrator,,Admin,Administrator,changeme,,, cisco,BBSM Administrator,5.0 and 5.1,Multi,Administrator,changeme,Admin,, cisco,BBSM MSDE Administrator,,5.0 and 5.1,sa,,,, cisco,BBSM MSDE Administrator,,Admin,sa,,,, cisco,BBSM MSDE Administrator,5.0 and 5.1,IP and Named Pipes,sa,,Admin,, cisco,BBSM,,5.0 and 5.1,bbsd-client,changeme2,,, cisco,BBSM,,database,bbsd-client,changeme2,,, cisco,BBSM,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,changeme2,database,The BBSD Windows Client password will match the BBSD MSDE Client password, cisco,CNR,,Admin,admin,changeme,,, cisco,CNR,,All,admin,changeme,,, cisco,CNR,All,CNR GUI,admin,changeme,Admin,This is the default password for Cisco Network Registrar, cisco,Cache Engine,,,admin,diamond,,, cisco,Cache Engine,,Admin,admin,diamond,,, cisco,Cache Engine,,Console,admin,diamond,Admin,, cisco,Catalyst 4000/5000/6000,,All,,public/private/secret,,, cisco,Catalyst 4000/5000/6000,,RO/RW/RW+change SNMP config,,public/private/secret,,, cisco,Catalyst 4000/5000/6000,All,SNMP,,public/private/secret,RO/RW/RW+change SNMP config,default on All Cat switches running the native CatOS CLI software., cisco,Cisco Broadband Troubleshooter,,,admin,changeme,,, cisco,Cisco Guard,,SNMP,,riverhead,,, cisco,Cisco IDS,,,root,attack,,, cisco,Cisco Works,,,admin,admin,,, cisco,CiscoWorks 2000,,,admin,cisco,,, cisco,CiscoWorks 2000,,,admin,cisco,Admin,, cisco,CiscoWorks 2000,,,guest,,,, cisco,CiscoWorks 2000,,,guest,,User,, cisco,CiscoWorks 2000,,Admin,admin,cisco,,, cisco,CiscoWorks 2000,,User,guest,,,, cisco,CiscoWorks,,Multi,admin,admin,,, cisco,Ciso Aironet 1100 series,Rev. 01,HTTP,,Cisco,Admin,, cisco,ConfigMaker Software,,,,cmaker,,any?, cisco,ConfigMaker,,,cmaker,cmaker,,, cisco,ConfigMaker,,,cmaker,cmaker,Admin,, cisco,ConfigMaker,,Admin,cmaker,cmaker,,, cisco,Content Engine,,Telnet,admin,default,Admin,, cisco,E3000,,192.168.1.1,admin,admin,admin,, cisco,GSR,,Telnet,admin,admin,admin,, cisco,HSE,,Multi,hsa,hsadb,Admin,, cisco,HSE,,Multi,root,blender,Admin,, cisco,IDS (netranger),,,root,attack,,, cisco,IOS,,,,Cisco router,,, cisco,IOS,,,,c,,, cisco,IOS,,,,cc,,, cisco,IOS,,,,cisco,,, cisco,IOS,,,cisco,cisco,,, cisco,IOS,,,enable,cisco,,, cisco,IOS,,,private ReadWrite access,secret,,, cisco,IOS,,,public ReadOnly access,secret,,, cisco,IOS,,,ripeop,(no pw),,, cisco,IOS,,11.x-12.x,,ILMI,,, cisco,IOS,,12.1(3),,cable-docsis,,, cisco,IOS,,2600 series,,c,,, cisco,IOS,,Admin,,c,,, cisco,IOS,,Multi,,Cisco router,,, cisco,IOS,,Multi,,c,Admin,, cisco,IOS,,Multi,,cc,,, cisco,IOS,,Multi,,cisco,,, cisco,IOS,,Multi,cisco,cisco,,, cisco,IOS,,Multi,enable,cisco,,, cisco,IOS,,Multi,ripeop,,,, cisco,IOS,,SNMP read-write,,cable-docsis,,, cisco,IOS,,SNMP,private ReadWrite access,secret,Read/write,, cisco,IOS,,SNMP,public ReadOnly access,secret,Read,, cisco,IOS,,limited READ/WRITE,,ILMI,,, cisco,IOS,11.x-12.x,SNMP,,ILMI,limited READ/WRITE,, cisco,IOS,12.1(3),SNMP,,cable-docsis,SNMP read-write,, cisco,IOS,2600 Series,Multi,,c,Admin,, cisco,IP Conference Station,7936,HTTP,End User,7936,,, cisco,MGX,,,superuser,superuser,,*, cisco,NA,,,prixadmin,prixadmin,,NA, cisco,Net Ranger 2.2.1,,,root,attack,,Sol 5.6, cisco,Netranger/secure IDS,,,netrangr,attack,,, cisco,Netranger/secure IDS,,3.0(5)S17,root,attack,,, cisco,Netranger/secure IDS,,Admin,root,attack,,, cisco,Netranger/secure IDS,,Multi,netrangr,attack,,, cisco,Netranger/secure IDS,3.0(5)S17,Multi,root,attack,Admin,must be changed at the first connection, cisco,Network Registrar (CNR),,,admin,changeme,,, cisco,PIX firewall,,Telnet,,cisco,UID=pix,, cisco,PIX,,,,cisco,,, cisco,Traffic Anomaly Detector,,SNMP,,riverhead,,, cisco,Trailhead,,4.0,admin,admin,,, cisco,Trailhead,4.0,HTTP,admin,admin,Admin,, cisco,Unity,,,EAdmin,,,, cisco,Unity,,,ESubscriber,,,, cisco,Unity,,,UAMIS_,,,, cisco,Unity,,,UNITY_,,,, cisco,Unity,,,UOMNI_,,,, cisco,Unity,,,UVPIM_,,,, cisco,Unity,,1.3.2,bubba,,,, cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba, cisco,VPN 3000 Concentrator,,,admin,admin,,, cisco,VPN Concentrator 3000 series,3,Multi,admin,admin,Admin,, cisco,WLSE,,Multi,root,blender,Admin,, cisco,WLSE,,Multi,wlse,wlsedb,Admin,, cisco,any,,,no default login,no default password,,any IOS, cisco,cva 122,,,admin,admin,,, cisco,cva 122,,Admin,admin,admin,,, cisco,cva 122,,Telnet,admin,admin,Admin,, cisco-arrowpoint,Arrowpoint,,,admin,system,,, cisco-arrowpoint,Arrowpoint,,Admin,admin,system,,, claris,At-Ease,,,,familymacintosh,,, cnet,804-nf,,Admin,Admin,epicrouter,,, cnet,804-nf,,HTTP,Admin,epicrouter,Admin,, cnet,804-nf,,HTTP,admin,password,http://,, cnet,804-nf,,http:// ,admin,password,,, cnet,CNET 4PORT ADSL MODEM,CNAD NF400,Multi,admin,epicrouter,Admin,, cobalt,RaQ * Qube*,,,admin,admin,,Any, cobalt,Unknown,,,admin,admin,,, colubris,MSC,5100,user,admin,admin,admin,continue with https, colubrisnetworks,MSC 5100,5100,http -> https,admin,admin,Admin,make exception for invalid certificate to continue with https, comersus,Comersus Shopping Cart,3.2,,,admin,dmr99,, comersus,Shopping Cart,,,admin,dmr99,,, compaq,Familiar Linux,,,root,rootme,,, compaq,Familiar Linux,,telnet/ssh/con,root,rootme,Admin,, compaq,Insight Manager,,,PFCUser,240653C9467E45,,, compaq,Insight Manager,,,PFCUser,240653C9467E45,User,, compaq,Insight Manager,,,administrator,administrator,,, compaq,Insight Manager,,,administrator,administrator,Admin,, compaq,Insight Manager,,,anonymous,,,, compaq,Insight Manager,,,anonymous,,User,, compaq,Insight Manager,,,operator,operator,,, compaq,Insight Manager,,,user,public,,, compaq,Insight Manager,,,user,public,User,, compaq,Insight Manager,,,user,user,,, compaq,Insight Manager,,,user,user,User,, compaq,Insight Manager,,Admin,administrator,administrator,,, compaq,Insight Manager,,User,PFCUser,240653C9467E45,,, compaq,Insight Manager,,User,anonymous,,,, compaq,Insight Manager,,User,user,public,,, compaq,Insight Manager,,User,user,user,,, compaq,Management Agents,,,administrator,,,All, compaq,Networth FastPipes,,,root,manager,,, compaq,Networth FastPipes,,Console,root,manager,,, compaq,PC BIOS,,,,Compaq,,, compaq,PC BIOS,,Admin,,Compaq,,, compaq,PC BIOS,,Console,,Compaq,Admin,, compaq,T1010,,@ , ,use ALT+G at boot to reset config,,, compaq,T1010,,Multi,,use ALT+G at boot to reset config,@,, compaq,WBEM,,,administrator,administrator,,, compaq,WBEM,,HTTP 2301 / HTTPS 2381,administrator,administrator,Admin,, compex,NetPassage 15BR,,http://192.168.168.1,,password,Administration,, compex,NetPassage 18,,http://192.168.168.1,,password,Administration,, compualynx,Cmail Server,,All Versions,administrator,asecret,,, compualynx,Cmail Server,all,multi,administrator,asecret,Admin,, compualynx,Cproxy Server,,All Versions,administrator,asecret,,, compualynx,Cproxy Server,all,multi,administrator,asecret,Admin,, compualynx,SCM,,All Versions,administrator,asecret,,, compualynx,SCM,all,multi,administrator,asecret,Admin,, computer associates,ControlIT,,,DEFAULT,default,,, computer associates,ControlIT,,Desktop/console access,DEFAULT,default,,, computerassociates,ControlIT,,ControlIT,DEFAULT,default,Desktop/console access,, comtrend,CT-5361T,,192.168.1.1,root,12345,,, comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info, and Error Log., comtrend,CT560,,http://192.168.1.1,aolbb,setup,Admin,, comtrend,ct536+,,Multi,admin,,Admin,, conceptronic,C100BRS4H,,,admin,1234,,, conceptronic,C100BRS4H,,HTTP,admin,1234,,, conceptronic,CADSLR4,,HTTP/telnet,admin,password,Admin,Default IP 192.168.1.254, conceptronic,CADSLR4,,HTTP/telnet,anonymous,password,anon,Default IP 192.168.1.254, conceptronic,CFULLHDMAi,,telnet port 4836,,conceptronic2008,,, conceptronic,cdeskcam,1.0,,conceptronic,,,camera, concord,PC BIOS,,,,last,,, concord,PC BIOS,,,,last,Admin,, concord,PC BIOS,,Admin,,last,,, conexant,ACCESS RUNNER ADSL CONSOLE PORT 3.27,,Telnet,Administrator,admin,Admin,, conexant,PAE-CE81,,,admin,epicrouter,,, conexant,PAE-CE81,,Multi,admin,epicrouter,,, conexant,Router,,HTTP,,admin,Admin,yes, conexant,Router,,HTTP,,epicrouter,Admin,, conexant,Router,,HTTP,admin,amigosw1,Admin,, conexant,Router,,HTTP,admin,conexant,Admin,, conexant,Router,,HTTP,admin,epicrouter,Admin,, conexant,Router,,HTTP,admin,password,Admin,, conexant,four port ethernet switch,,,admin,epicrouter,,, conitec,3D Gamestudio,,Capek,Adam,29111991,,, conitec,3D Gamestudio,6.22,Serial,Adam,29111991,Capek,, corecess,3113,,Multi,admin,,Admin,, corecess,6808 APC,,Telnet,corecess,corecess,User,, corecess,Corecess 3112,,HTTP,Administrator,admin,Admin,, coyotepoint,Equaliser 4,,,eqadmin - Serial port only,equalizer,,Free BSD, coyotepoint,Equaliser 4,,,look,look,,Free BSD - Web Browser only, coyotepoint,Equaliser 4,,,root ,,,Free BSD - Serial port only, coyotepoint,Equaliser 4,,,touch,touch,,Free BSD - Web Browser only, creative,2015U,,Multi,,,Admin,, crystalview,OutsideView 32,,,,Crystal,,, crystalview,OutsideView 32,,,,Crystal,Admin,, crystalview,OutsideView 32,,Admin,,Crystal,,, ctcunion,ATU-R130,81001a,Multi,root,root,Admin,, ctx international,PC BIOS,,,,CTX_123,,, ctx international,PC BIOS,,Admin,,CTX_123,,, ctxinternational,PC BIOS,,Console,,CTX_123,Admin,, cyberguard,Firewall,,,cgadmin,cgadmin,,, cyberguard,SG300,,http://192.168.0.1,root,default,Administration,, cyberguard,SG560,,http://192.168.0.1,root,default,Administration,, cyberguard,SG565,,http://192.168.0.1,root,default,Administration,, cyberguard,all firewalls,all,console + passport1,cgadmin,cgadmin,Admin,, cybermax,PC BIOS,,,,Congress,,, cybermax,PC BIOS,,Admin,,Congress,,, cybermax,PC BIOS,,Console,,Congress,Admin,, cyclades,Cyclades-TS800,,TS800,root,tslinux,,, cyclades,MP/RT,,,super,surt,,, cyclades,PR-1000,,,super,surt,,, cyclades,PR-1000,,Telnet,super,surt,Admin,, cyclades,PR1000,,,super,surt,,, cyclades,TS800,,HTTP,root,tslinux,Admin,, cyclades,TS800,,telnet/ssh/http,root,,Admin,, d-link,604,,,Admin,,,, d-link,Cable/DSL Routers/Switches,,Admin,,admin,,, d-link,D-704P,,rev b,admin,,,, d-link,DCS-1000,,admin,,,,, d-link,DI-524,,Admin,admin,,,, d-link,DI-604,,Admin,user,,,, d-link,DI-604,,rev a rev b rev c rev e,admin,,,, d-link,DI-614+,,Admin,admin,,,, d-link,DI-614+,,User,user,,,, d-link,DI-624,,,admin,,,, d-link,DI-624,,192.168.0.1,Admin,,,, d-link,DI-701,,Admin,admin,year2000,,, d-link,DI-704,,rev a,,admin,,, d-link,DI-714P+,,192.168.0.1,admin,____BLANK___,,, d-link,DI-804,,Admin,admin,,,, d-link,DI-804,,v2.03,admin,,,, d-link,DSL-300,,,,private,,, d-link,DSL-300G+,,admin?,,private,,, d-link,DSL-504,,,,private,,, d-link,DSL-G664T,,,admin,admin,,, d-link,DWL 900AP,,,,public,,, d-link,DWL 900AP,,Admin,admin,public,,, d-link,Routers,,DI-764,admin,,,, d-link,hubs/switches,,,D-Link,D-Link,,, daewoo,PC BIOS,,,,Daewuu,,, daewoo,PC BIOS,,Admin,,Daewuu,,, daewoo,PC BIOS,,Console,,Daewuu,Admin,, dallas semiconductors,TINI embedded JAVA Module,,<= 1.0,root,tini,,, dallas semiconductors,TINI embedded JAVA Module,,Admin,root,tini,,, dallas semiconductors,TINI embedded JAVA Module,,tini,Telnet,root,,, dallassemiconductors,TINI embedded JAVA Module,1.0 or lower,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,1.0,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,below 1.0,Telnet,root,tini,Admin,, darkman,ioFTPD,,root,ioFTPD,ioFTPD,,, darkman,ioFTPD,all,Other,ioFTPD,ioFTPD,root,, data general,AOS/VS,,,op,operator,,, data general,AOS/VS,,,operator,operator,,, datacom,BSASX/101,,,,letmein,,, datacom,BSASX/101,,,,letmein,Admin,, datacom,BSASX/101,,Admin,,letmein,,, datacom,NSBrowse,,,sysadm,sysadm,,, datacom,NSBrowse,,,sysadm,sysadm,Admin,, datageneral,AOS/VS,,multi,op,op,Admin,, datageneral,AOS/VS,,multi,op,operator,Admin,, datageneral,AOS/VS,,multi,operator,operator,Admin,, datawizard.net,FTPXQ server,,,anonymous,any@,,, datawizard.net,FTPXQ server,,read/write,anonymous,any,,, datawizardtechnologiesinc,FtpQX server,,FTP,anonymous,(any),Read only on C: by default,, datawizardtechnologiesinc,FtpQX server,,FTP,test,test,Test user has R/W permission on C: drive by default,, davolink,DV2020,,Http://192.168.1.1,user,user,user settings,, davox,Unison,,Multi,admin,admin,User,, davox,Unison,,Multi,davox,davox,User,, davox,Unison,,Multi,root,davox,Admin,, davox,Unison,,Sybase,sa,,Admin,, daytek,PC BIOS,,,,Daytec,,, daytek,PC BIOS,,Admin,,Daytec,,, daytek,PC BIOS,,Console,,Daytec,Admin,, debian,Linux LILO Default,,2.2,,tatercounter2000,,, debian,Linux LILO Default,2.2,console,,tatercounter2000,Admin,, decnet,decnet,,,operator,admin,,, decnet,decnet,,Guest,operator,admin,,, deerfield,MDaemon,,HTTP,MDaemon,MServer,Admin,web interface to manage MDaemon. fixed June 2002, deerfield,WorldClient and MDaemon,,5.0.5.0,MDaemon,MServer,,, deerfield,WorldClient,5.0.5.0,,MDaemon,MServer,,Can be used to send/recv mail remotely, dell latitude cpx,dell,,,admin,admin,,, dell,CSr500xt,,,,admin,,, dell,CSr500xt,,Admin,,admin,,, dell,CSr500xt,,Multi,,admin,Admin,, dell,DRAC,,,root,calvin,management,, dell,ERA,,,root,calvin,,, dell,ERA,,,root,calvin,Admin - Embedded remote access,, dell,Inspiron,,Multi,,admin,Admin,, dell,Laser Printer 3000cn / 3100cn,,HTTP,admin,password,Admin,, dell,Latitude CMOS,CPi,console,,nx0nu4bbe,,Enter password then CTRL+Enter, dell,Latitude,,Admin,,1RRWTTOOI,,, dell,Latitude,,Bios D35B,,1RRWTTOOI,,, dell,Latitude,Bios D35B,Multi,,1RRWTTOOI,Admin,, dell,Lattitude CMOS,,CPi,,nz0u4bbe,,, dell,OpenManage Server Console,,,root,calvin,,, dell,OpenManage Server Console,,Admin,root,calvin,,, dell,OpenManage Server Console,,Console,root,calvin,Admin,, dell,PC BIOS,,,,Dell,,, dell,PC BIOS,,Admin,,Dell,,, dell,PC BIOS,,Console,,Dell,Admin,, dell,PowerEdge 1655MC,,,admin,admin,Admin,, dell,PowerEdge 2650 RAC,,,root,calvin,,, dell,PowerEdge 2650 RAC,,HTTP,root,calvin,,, dell,PowerVault 35F,,,root,calvin,,, dell,PowerVault 50F,,,root,calvin,,, dell,PowerVault TL-2000/4000,,http://,Admin,secure,,, dell,Powerapp Web 100 Linux,,,root,powerapp,,RedHat 6.2, dell,Poweredge,,1655MC,admin,admin,,, dell,RAC,,,root,calvin,,, dell,Remote Access Card,,HTTP,root,calvin,Admin,, dell,Switch PowerConnect,,,admin,admin,,, dell,Switch PowerConnect,,,admin,admin,Admin,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,,Admin,admin,admin,,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,,unknown,admin,admin,,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,unknown,HTTP,admin,admin,Admin,, dell,TrueMobile 2300 Router,,,admin,admin,,, dell,inspiron,,,,admin,,, dell,inspiron,,Admin,,admin,,, dell,latitude,,a05,,admin,,, demarc,Network Monitor,,,admin,my_DEMARC,,, demarc,Network Monitor,,Admin,admin,my_DEMARC,,, demarc,Network Monitor,,multi,admin,my_DEMARC,Admin,, deutschetelekom,T-Sinus 130 DSL,,HTTP,,0,Admin,, deutschetelekom,T-Sinus 154 DSL,13.9.38,HTTP,,0,Admin,thx to AwdCzAb, deutschetelekom,T-Sinus DSL 130,,HTTP,admin,,Admin,Usuallay also a WirelessLan AP :), develcon,Orbitor Default Console,,,,BRIDGE,,, develcon,Orbitor Default Console,,,,BRIDGE,Admin,, develcon,Orbitor Default Console,,,,password,,, develcon,Orbitor Default Console,,,,password,Admin,, develcon,Orbitor Default Console,,Admin,,BRIDGE,,, develcon,Orbitor Default Console,,Admin,,password,,, dictaphone,ProLog,,,NETOP,,,, dictaphone,ProLog,,,NETWORK,NETWORK,,, dictaphone,ProLog,,,PBX,PBX,,, digiboard,Portserver 8 & 16,,,root,dbps,,any, digicom,Michelangelo,,Multi,admin,michelangelo,Admin,, digicom,Michelangelo,,Multi,user,password,User,, digicorp,Router,,,,BRIDGE,Admin,, digicorp,Router,,,,password,Admin,, digicorp,Viper,,,,BRIDGE,,, digicorp,Viper,,Admin,,BRIDGE,,, digicorp,Viper,,Admin,,password,,, digicorp,Viper,,Telnet,,BRIDGE,Admin,, digicorp,Viper,,Telnet,,password,Admin,, digicraft software,Yak!,,2.0.1,Yak,asd123,,, digicraftsoftware,Yak!,2.0.1,FTP (default port 3535),Yak,asd123,,, digiinternational,Digi One SP,all versions,http,root,dbps,Full configuration,Device default to DHCP for IP address., digital equipment,10-Dec,,,1,manager,,, digital equipment,10-Dec,,,2,maintain,,, digital equipment,10-Dec,,,2,operator,,, digital equipment,10-Dec,,,30,games,,, digital equipment,10-Dec,,,5,games,,, digital equipment,10-Dec,,,7,maintain,,, digital equipment,DEC-10,,,1,manager,,, digital equipment,DEC-10,,,2,operator,,, digital equipment,DEC-10,,,30,games,,, digital equipment,DEC-10,,,5,games,,, digital equipment,DEC-10,,,7,maintain,,, digital equipment,DEC-10,,Admin,1,manager,,, digital equipment,DEC-10,,Admin,1,operator,,, digital equipment,DEC-10,,Admin,1,syslib,,, digital equipment,DEC-10,,Admin,2,maintain,,, digital equipment,DEC-10,,Admin,2,manager,,, digital equipment,DEC-10,,Admin,2,operator,,, digital equipment,DEC-10,,Admin,2,syslib,,, digital equipment,DEC-10,,User,30,games,,, digital equipment,DEC-10,,User,5,games,,, digital equipment,DEC-10,,User,7,maintain,,, digital equipment,DecServer,,,,ACCESS,,, digital equipment,DecServer,,Admin,,ACCESS,,, digital equipment,DecServer,,Admin,,SYSTEM,,, digital equipment,IRIS,,,PDP11,PDP11,,, digital equipment,IRIS,,,PDP8,PDP8,,, digital equipment,IRIS,,,accounting,accounting,,, digital equipment,IRIS,,,boss,boss,,, digital equipment,IRIS,,,demo,demo,,, digital equipment,IRIS,,,manager,manager,,, digital equipment,IRIS,,,software,software,,, digital equipment,IRIS,,Admin,accounting,accounting,,, digital equipment,IRIS,,Admin,boss,boss,,, digital equipment,IRIS,,Admin,manager,manager,,, digital equipment,IRIS,,User,PDP11,PDP11,,, digital equipment,IRIS,,User,PDP8,PDP8,,, digital equipment,IRIS,,User,demo,demo,,, digital equipment,IRIS,,User,software,software,,, digital equipment,PC BIOS,,,,komprie,,, digital equipment,PC BIOS,,Admin,,komprie,,, digital equipment,RSX,,,,1,,, digital equipment,RSX,,,1.1,SYSTEM,,, digital equipment,RSX,,,BATCH,BATCH,,, digital equipment,RSX,,,SYSTEM,MANAGER,,, digital equipment,RSX,,,USER,USER,,, digital equipment,RSX,,Admin,1.1,SYSTEM,,, digital equipment,RSX,,Admin,SYSTEM,MANAGER,,, digital equipment,RSX,,Admin,SYSTEM,SYSTEM,,, digital equipment,RSX,,User,BATCH,BATCH,,, digital equipment,RSX,,User,USER,USER,,, digital equipment,Terminal Server,,,,access,,, digital equipment,Terminal Server,,,,system,,, digital equipment,Terminal Server,,Admin,,system,,, digital equipment,Terminal Server,,User,,access,,, digital equipment,VMS,,,ALLIN1,ALLIN1,,, digital equipment,VMS,,,ALLIN1MAIL,ALLIN1MAIL,,, digital equipment,VMS,,,ALLINONE,ALLINONE,,, digital equipment,VMS,,,BACKUP,BACKUP,,, digital equipment,VMS,,,DCL,DCL,,, digital equipment,VMS,,,DECMAIL,DECMAIL,,, digital equipment,VMS,,,DECNET,DECNET,,, digital equipment,VMS,,,DECNET,NONPRIV,,, digital equipment,VMS,,,DEFAULT,DEFAULT,,, digital equipment,VMS,,,DEFAULT,USER,,, digital equipment,VMS,,,DEMO,DEMO,,, digital equipment,VMS,,,FIELD,DIGITAL,,, digital equipment,VMS,,,FIELD,FIELD,,, digital equipment,VMS,,,FIELD,SERVICE,,, digital equipment,VMS,,,FIELD,TEST,,, digital equipment,VMS,,,GUEST,GUEST,,, digital equipment,VMS,,,HELP,HELP,,, digital equipment,VMS,,,HELPDESK,HELPDESK,,, digital equipment,VMS,,,HOST,HOST,,, digital equipment,VMS,,,INFO,INFO,,, digital equipment,VMS,,,INGRES,INGRES,,, digital equipment,VMS,,,LINK,LINK,,, digital equipment,VMS,,,MAILER,MAILER,,, digital equipment,VMS,,,MBMANAGER,MBMANAGER,,, digital equipment,VMS,,,MBWATCH,MBWATCH,,, digital equipment,VMS,,,NETCON,NETCON,,, digital equipment,VMS,,,NETMGR,NETMGR,,, digital equipment,VMS,,,NETNONPRIV,NETNONPRIV,,, digital equipment,VMS,,,NETPRIV,NETPRIV,,, digital equipment,VMS,,,NETSERVER,NETSERVER,,, digital equipment,VMS,,,NETWORK,NETWORK,,, digital equipment,VMS,,,NEWINGRES,NEWINGRES,,, digital equipment,VMS,,,NEWS,NEWS,,, digital equipment,VMS,,,OPERVAX,OPERVAX,,, digital equipment,VMS,,,POSTMASTER,POSTMASTER,,, digital equipment,VMS,,,PRIV,PRIV,,, digital equipment,VMS,,,REPORT,REPORT,,, digital equipment,VMS,,,RJE,RJE,,, digital equipment,VMS,,,STUDENT,STUDENT,,, digital equipment,VMS,,,SYS,SYS,,, digital equipment,VMS,,,SYSMAINT,DIGITAL,,, digital equipment,VMS,,,SYSMAINT,SERVICE,,, digital equipment,VMS,,,SYSMAINT,SYSMAINT,,, digital equipment,VMS,,,SYSTEM,MANAGER,,, digital equipment,VMS,,,SYSTEM,OPERATOR,,, digital equipment,VMS,,,SYSTEM,SYSLIB,,, digital equipment,VMS,,,SYSTEM,SYSTEM,,, digital equipment,VMS,,,SYSTEST,UETP,,, digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST,,, digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST_CLIG,,, digital equipment,VMS,,,TELEDEMO,TELEDEMO,,, digital equipment,VMS,,,TEST,TEST,,, digital equipment,VMS,,,UETP,UETP,,, digital equipment,VMS,,,USER,PASSWORD,,, digital equipment,VMS,,,USERP,USERP,,, digital equipment,VMS,,,VAX,VAX,,, digital equipment,VMS,,,VMS,VMS,,, digitalequipment,DEC-10,,Multi,1,manager,Admin,, digitalequipment,DEC-10,,Multi,1,operator,Admin,, digitalequipment,DEC-10,,Multi,1,syslib,Admin,, digitalequipment,DEC-10,,Multi,2,maintain,Admin,, digitalequipment,DEC-10,,Multi,2,manager,Admin,, digitalequipment,DEC-10,,Multi,2,operator,Admin,, digitalequipment,DEC-10,,Multi,2,syslib,Admin,, digitalequipment,DEC-10,,Multi,30,games,User,, digitalequipment,DEC-10,,Multi,5,games,User,, digitalequipment,DEC-10,,Multi,7,maintain,User,, digitalequipment,DecServer,,Multi,,ACCESS,Admin,, digitalequipment,DecServer,,Multi,,SYSTEM,Admin,, digitalequipment,IRIS,,Multi,PDP11,PDP11,User,, digitalequipment,IRIS,,Multi,PDP8,PDP8,User,, digitalequipment,IRIS,,Multi,accounting,accounting,Admin,, digitalequipment,IRIS,,Multi,boss,boss,Admin,, digitalequipment,IRIS,,Multi,demo,demo,User,, digitalequipment,IRIS,,Multi,manager,manager,Admin,, digitalequipment,IRIS,,Multi,software,software,User,, digitalequipment,PC BIOS,,Console,,komprie,Admin,, digitalequipment,RSX,,Multi,1,,Level 1,, digitalequipment,RSX,,Multi,1.1,SYSTEM,Admin,, digitalequipment,RSX,,Multi,BATCH,BATCH,User,, digitalequipment,RSX,,Multi,SYSTEM,MANAGER,Admin,, digitalequipment,RSX,,Multi,SYSTEM,SYSTEM,Admin,, digitalequipment,RSX,,Multi,USER,USER,User,, digitalequipment,Terminal Server,,Port 7000,,access,User,, digitalequipment,Terminal Server,,Port 7000,,system,Admin,, digitalequipment,VMS,,Multi,ALLIN1,ALLIN1,,, digitalequipment,VMS,,Multi,ALLIN1MAIL,ALLIN1MAIL,,, digitalequipment,VMS,,Multi,ALLINONE,ALLINONE,,, digitalequipment,VMS,,Multi,BACKUP,BACKUP,,, digitalequipment,VMS,,Multi,DCL,DCL,,, digitalequipment,VMS,,Multi,DECMAIL,DECMAIL,,, digitalequipment,VMS,,Multi,DECNET,DECNET,,, digitalequipment,VMS,,Multi,DECNET,NONPRIV,,, digitalequipment,VMS,,Multi,DEFAULT,DEFAULT,,, digitalequipment,VMS,,Multi,DEFAULT,USER,,, digitalequipment,VMS,,Multi,DEMO,DEMO,,, digitalequipment,VMS,,Multi,FIELD,DIGITAL,,, digitalequipment,VMS,,Multi,FIELD,FIELD,,, digitalequipment,VMS,,Multi,FIELD,SERVICE,,, digitalequipment,VMS,,Multi,FIELD,TEST,,, digitalequipment,VMS,,Multi,GUEST,GUEST,,, digitalequipment,VMS,,Multi,HELP,HELP,,, digitalequipment,VMS,,Multi,HELPDESK,HELPDESK,,, digitalequipment,VMS,,Multi,HOST,HOST,,, digitalequipment,VMS,,Multi,INFO,INFO,,, digitalequipment,VMS,,Multi,INGRES,INGRES,,, digitalequipment,VMS,,Multi,LINK,LINK,,, digitalequipment,VMS,,Multi,MAILER,MAILER,,, digitalequipment,VMS,,Multi,MBMANAGER,MBMANAGER,,, digitalequipment,VMS,,Multi,MBWATCH,MBWATCH,,, digitalequipment,VMS,,Multi,NETCON,NETCON,,, digitalequipment,VMS,,Multi,NETMGR,NETMGR,,, digitalequipment,VMS,,Multi,NETNONPRIV,NETNONPRIV,,, digitalequipment,VMS,,Multi,NETPRIV,NETPRIV,,, digitalequipment,VMS,,Multi,NETSERVER,NETSERVER,,, digitalequipment,VMS,,Multi,NETWORK,NETWORK,,, digitalequipment,VMS,,Multi,NEWINGRES,NEWINGRES,,, digitalequipment,VMS,,Multi,NEWS,NEWS,,, digitalequipment,VMS,,Multi,OPERVAX,OPERVAX,,, digitalequipment,VMS,,Multi,POSTMASTER,POSTMASTER,,, digitalequipment,VMS,,Multi,PRIV,PRIV,,, digitalequipment,VMS,,Multi,REPORT,REPORT,,, digitalequipment,VMS,,Multi,RJE,RJE,,, digitalequipment,VMS,,Multi,STUDENT,STUDENT,,, digitalequipment,VMS,,Multi,SYS,SYS,,, digitalequipment,VMS,,Multi,SYSMAINT,DIGITAL,,, digitalequipment,VMS,,Multi,SYSMAINT,SERVICE,,, digitalequipment,VMS,,Multi,SYSMAINT,SYSMAINT,,, digitalequipment,VMS,,Multi,SYSTEM,MANAGER,,, digitalequipment,VMS,,Multi,SYSTEM,OPERATOR,,, digitalequipment,VMS,,Multi,SYSTEM,SYSLIB,,, digitalequipment,VMS,,Multi,SYSTEM,SYSTEM,,, digitalequipment,VMS,,Multi,SYSTEST,UETP,,, digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST,,, digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST_CLIG,,, digitalequipment,VMS,,Multi,TELEDEMO,TELEDEMO,,, digitalequipment,VMS,,Multi,TEST,TEST,,, digitalequipment,VMS,,Multi,UETP,UETP,,, digitalequipment,VMS,,Multi,USER,PASSWORD,,, digitalequipment,VMS,,Multi,USERP,USERP,,, digitalequipment,VMS,,Multi,VAX,VAX,,, digitalequipment,VMS,,Multi,VMS,VMS,,, digitalequipment,decnet,,Multi,operator,admin,Guest,, discar,PMC30,,,SUPERVISOR,DISCAR,,, discar,PMC30,TODAS,Multi,SUPERVISOR,DISCAR,,, dlink,,dir 655,,admin,blank,,, dlink,All Models,All Versions,192.168.0.1,,211cmw91765,user,, dlink,Cable/DSL Routers/Switches,,Multi,,admin,Admin,, dlink,D-704P,,Multi,admin,admin,Admin,, dlink,D-704P,rev b,Multi,admin,,Admin,, dlink,DCS-1000,,HTTP,,,admin,, dlink,DFL-1100 firewall,,HTTP,admin,,Admin,, dlink,DFL-1600 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, dlink,DFL-200 firewall,,HTTP,admin,,Admin,, dlink,DFL-200 firewall,,HTTP,admin,admin,Admin,, dlink,DFL-210 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, dlink,DFL-300 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DFL-700 firewall,,HTTP,admin,,Admin,, dlink,DFL-80 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DFL-CP310 firewall,,http://my.firewall,admin,Management Interface Admin,, dlink,DFL-CPG310 firewall,,http://my.firewall,admin,Management Interface Admin,, dlink,DFL-M510 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DGL-4100,,http://192.168.0.1,,,Administration,, dlink,DGL-4300,,http://192.168.0.1,,,Administration,, dlink,DGL-4500,,http://192.168.0.1,,,Administration,, dlink,DI-106,,,administrator,@*nigU^D.ha,,winnt, dlink,DI-206 ISDN router,,,Admin,Admin,,1.*, dlink,DI-514 Router,,HTTP,admin,,,, dlink,DI-514,,Multi,user,,Admin,, dlink,DI-524,all,HTTP,admin,,Admin,http://192.168.0.1, dlink,DI-524,all,HTTP,user,,User,, dlink,DI-604,,HTTP,user,,Admin,, dlink,DI-604,1.62b+,HTTP,admin,,Admin,, dlink,DI-604,2.02,HTTP,admin,admin,Admin,, dlink,DI-604,rev a rev b rev c rev e,Multi,admin,,Admin,http://192.168.0.1, dlink,DI-614+,,HTTP,admin,,Admin,, dlink,DI-614+,,HTTP,admin,admin,Admin,, dlink,DI-614+,,HTTP,user,,User,, dlink,DI-614+,any,HTTP,admin,,Admin,all access :D, dlink,DI-614,,HTTP,admin,,Admin,, dlink,DI-624+,,HTTP,admin,,,, dlink,DI-624+,A3,HTTP,admin,admin,Admin,, dlink,DI-624,,http://192.168.0.1,Admin,,admin,, dlink,DI-624,all,HTTP,User,,Admin,, dlink,DI-624M,,http://192.168.0.1,admin,,Administration,, dlink,DI-624S,,http://192.168.0.1,admin,,Administration,, dlink,DI-634M,,http://192.168.0.1,admin,,Administration,, dlink,DI-701,unknown,Multi,admin,year2000,Admin,, dlink,DI-704,,Multi,,admin,Admin,, dlink,DI-704,rev a,Multi,,admin,Admin,Cable/DSL Routers/Switches, dlink,DI-704P,,http://192.168.0.1,admin,,Administration,, dlink,DI-704UP,,http://192.168.0.1,admin,,Administration,, dlink,DI-707P,,HTTP,admin,,Admin,, dlink,DI-714 Router,,HTTP,admin,,,, dlink,DI-714P+,,Multi,admin,,192.168.0.1,, dlink,DI-724GU,,http://192.168.0.1,admin,,Administration,, dlink,DI-724P+ Router,,HTTP,admin,,,, dlink,DI-724U,,http://192.168.0.1,admin,,Administration,, dlink,DI-764,,HTTP,admin,,Admin,, dlink,DI-784 Router,,HTTP,admin,,,, dlink,DI-804,v2.03,Multi,admin,,Admin,, dlink,DI-804HV,,http://192.168.0.1,admin,,Administration,, dlink,DI-808HV,,http://192.168.0.1,admin,,Administration,, dlink,DI-824VUP Airplus G Wireless VPN Router,,http://192.168.0.1,admin,,Administrator,, dlink,DI-LB604,,http://192.168.0.1,admin,,Administration,, dlink,DIR-130,,http://192.168.0.1,admin,,administrator,, dlink,DIR-300,,192.168.0.1,admin,blank,administrator,, dlink,DIR-300,,telnet 192.168.0.1,root,,shell,, dlink,DIR-330,,http://192.168.0.1,admin,,administrator,, dlink,DIR-450,,http://192.168.0.1,admin,,administrator,, dlink,DIR-451,,http://192.168.0.1,admin,,administrator,, dlink,DIR-615 ,3.01,192.168.01 ,,family,family,, dlink,DIR-615,,http://192.168.0.1,admin,,administrator,, dlink,DIR-615,Ver.1.10(I),http://192.168.0.1). ,Admin,,Admin,mantra88dotcom, dlink,DIR-625,,http://192.168.0.1,admin,,administrator,, dlink,DIR-635,,http://192.168.0.1,Admin,,Administration,, dlink,DIR-655,,http://192.168.0.1,admin,,Administration,, dlink,DIR-660,,http://192.168.0.1,admin,,Administration,, dlink,DIR-855,,http://192.168.0.1,admin,,Administration,, dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,00000000,,, dlink,DSL Router,,,root,admin,Administrator,, dlink,DSL-2640T,1.00(1),192.168.I.I,88612421,2421D,ADMIN,ADMIN, dlink,DSL-300,?,Telnet,,private,,, dlink,DSL-300G+,7.1.0.30,Telnet,,private,admin?,, dlink,DSL-300g+,Teo,HTTP,admin,admin,Admin,, dlink,DSL-300g+,Teo,Telnet,,private,Admin,, dlink,DSL-302G,,Multi,admin,admin,Admin,, dlink,DSL-500,,Multi,admin,admin,Admin,, dlink,DSL-504,,HTTP,,private,Admin,, dlink,DSL-504T,,http://10.1.1.1,admin,admin,Admin,, dlink,DSL-604+,,,admin,admin,Admin,, dlink,DSL-G604T,,http://10.1.1.1,admin,admin,Admin,, dlink,DSL-G624T,?,? via WAN ...,root,admin,Admin,, dlink,DSL-G664T,A1,HTTP,admin,admin,Admin,SSID : G664T_WIRELESS, dlink,DSL500G,,Multi,admin,admin,Admin,, dlink,DWL-1000+,,HTTP,admin,,Admin,, dlink,DWL-1000,,HTTP,admin,,Admin,, dlink,DWL-1000AP+,,http://192.168.0.50,admin,,Admin,, dlink,DWL-1700AP,,http://192.168.0.50:2000,admin,root,,, dlink,DWL-1750,,http://192.168.0.50:2000,admin,root,,, dlink,DWL-2000AP+,1.13,HTTP,admin,,Admin,Wireless Access Point, dlink,DWL-2100AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, dlink,DWL-210AP,1.03,Wireless,admin,,,, dlink,DWL-2200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, dlink,DWL-2210AP,,http://192.168.0.50,admin,admin,,, dlink,DWL-2700AP,,MIB or AP Mgr or D-View Module or http://192.168.0.50,admin,,,, dlink,DWL-3150,,http://192.168.0.30,admin,,Administration,default SSID is 'dlink', dlink,DWL-3200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, dlink,DWL-3200AP,,http://192.168.1.199,,,admin,, dlink,DWL-5000AP,,http://192.168.0.50,admin,,,, dlink,DWL-6000AP,Rev.A and Rev.B,multi interfaces incl. http://192.168.0.50,admin,,,, dlink,DWL-614+,2.03,HTTP,admin,,Admin,, dlink,DWL-614+,rev a rev b,HTTP,admin,,Admin,http://192.168.0.1, dlink,DWL-7000AP,,http://192.168.0.50 or AP Mgr,admin,,,, dlink,DWL-700AP,,http://192.168.0.50,admin,,Admin,, dlink,DWL-7100AP,,http://192.168.0.50,admin,,Administration,, dlink,DWL-7200AP,,http://192.168.0.50,admin,,Administration,, dlink,DWL-7700AP,Rev. A and Rev. B,mutli console,admin,,Administration,default IP 192.168.0.50, dlink,DWL-810+,,http://192.168.0.30,admin,,Admin,, dlink,DWL-810,,http://192.168.0.30,admin,,Admin,, dlink,DWL-8200AP,,multi console,admin,,,default IP 192.160.0.50, dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/! Previous indication in the page is false!), dlink,DWL-900+,,HTTP,admin,,Admin,, dlink,DWL-900,,,admin,public,Admin,, dlink,DWL-900AP+,,,Admin,1970,,, dlink,DWL-900AP+,rev a rev b rev c,HTTP,admin,,Admin,http://192.168.0.50, dlink,DWL-900AP,,Multi,,public,Admin,, dlink,DWL-900AP,,Multi,admin,public,Admin,, dlink,DWL-900AP,,USB/SNMP,,public,Admin,default IP 192.168.0.20, dlink,DWL-AG700AP,,http://192.168.0.50,admin,,Administration,, dlink,DWL-G700AP,,HTTP,admin,,,, dlink,DWL-G700AP,,http://192.168.0.50/,admin,olinda,,, dlink,DWL-G710,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G730AP,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G800AP,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G820,,http://192.168.0.35,admin,,Administration,, dlink,EBR-2310,,http://192.168.0.1,admin,,Administration,, dlink,WBR-1310,,http://192.168.0.1,admin,,Administration,, dlink,WBR-2310,,http://192.168.0.1,admin,,Administration,, dlink,WBR-2310,revB,http://192.168.0.1,admin,,Administration,, dlink,Windows XP,Windows XP,192.168.0.1,admin,password,admin,amdin, dlink,hubs/switches,,Telnet,D-Link,D-Link,,, dlink,wbr-2310,a1 1.02,192.168.0.1,D Link 25,,,, dlink,windows xp,all,192.168.0.1,admin,,,, draytek,Vigor 2200 USB,,,admin,,Admin,, draytek,Vigor 2600 Plus Series,Annex A,HTTP,admin,,Admin,, draytek,Vigor 2600,,HTTP,admin,,Admin,, draytek,Vigor 2900+,,HTTP,admin,admin,Admin,, draytek,Vigor,all,HTTP,admin,admin,Admin,, dreambox,All models,all versions,http, telnet,root,dreambox,, drupal.org,Drupal,,administrator,admin,admin,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, dynalink,RTA020,,Multi,admin,private,Admin,, dynalink,RTA1025W,,console,http//192.168.1.1,admin,admin,, dynalink,RTA1320,,console,http//192.168.1.1,admin,admin,, dynalink,RTA1335,,console,http//192.168.1.1,admin,admin,, dynalink,RTA230,,,userNotUsed,userNotU,,, dynalink,RTA230,,,userNotUsed,userNotU,Admin,, dynalink,RTA230,,Multi,admin,admin,Admin,, dynamode,BR-6004,,http,guest,guest,Standard admin access,, dynix library systems,Dynix,,,LIBRARY,,,, dynix library systems,Dynix,,,SETUP,,,, dynix library systems,Dynix,,,circ,,,, dynix library systems,Dynix,,,circ,,,, dynix library systems,Dynix,,Admin,SETUP,,,, dynix library systems,Dynix,,User,LIBRARY,,,, dynixlibrarysystems,Dynix,,Multi,LIBRARY,,User,, dynixlibrarysystems,Dynix,,Multi,SETUP,,Admin,, dynixlibrarysystems,Dynix,,Multi,circ,(social security number),User,, e-tech,Router,,Admin,,admin,,, econ,Econ DSL Router,,Router,admin,epicrouter,Admin,DSL Router, edimax,.,,,admin,1234,,, edimax,.,,Multi,admin,1234,,, edimax,6114wg,1.83,192.168.2.1,admin,1234,,, edimax,7205APL,,,guest,1234,,, edimax,7205APL,,,guest,1234,Guest - allows backup of config.bin,attacker can gain all passwords, edimax,AR-6004,,,admin,1234,,, edimax,AR-7024,,,admin,epicrouter,,, edimax,AR-7024WG,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, edimax,AR-7024Wg,,Admin,admin,epicrouter,,, edimax,AR-7084A,,192.168.2.1,admin,1234,Admin,, edimax,AR-7084gA,3.0A,http://192.168.2.1,admin,1234,Admin,, edimax,BR 4000+ Router,,,admin,password,,, edimax,BR 4000+ Router,all,HTTP,admin,password,,, edimax,BR-6204WG,,Default IP: 192.168.2.1,admin,1234,,, edimax,BR-7209WG,,Default IP: 192.168.2.1,admin,1234,,, edimax,Broadband Router,Hardware: Rev A. Boot Code: 1.0 Runtime Code 2.63,HTTP,admin,1234,Admin,, edimax,ES-5224RXM,,Multi,admin,123,Admin,, edimax,EW-7205APL,Firmware release 2.40a-00,Multi,guest,,Admin,, edimax,Wireless ADSL Router,AR-7024,Multi,admin,epicrouter,Admin,, edimax,br-6204,wg,http://192.168.2.1,admin,1234,admin,, efficient networks,5851 SDSL Router,,,,hs7mwxkk,,, efficient networks,5851 SDSL Router,,Admin,,hs7mwxkk,,, efficient networks,EN 5861,,,login,admin,,, efficient networks,EN 5861,,Admin,login,admin,,, efficient networks,Speedstream 5711,,Admin,,4getme2,,, efficient networks,Speedstream 5711,,Teledanmark version (only .dk),,4getme2,,, efficient,5871 DSL Router,,Admin,login,admin,,, efficient,5871 DSL Router,,v 5.3.3-0,login,admin,,, efficient,Speedstream DSL,,,,admin,,, efficient,Speedstream DSL,,Admin,,admin,,, efficientnetworks,5800 Class DSL Routers,all,Multi,login,admin,Admin,, efficientnetworks,5851 SDSL Router,N/A,Console,,hs7mwxkk,Admin,On some Covad Routers, efficientnetworks,5851,,Telnet,login,password,Admin,might be all 5800 series, efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,, efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,This is for access to HTTP admin console., efficientnetworks,EN 5861,,Telnet,login,admin,Admin,, efficientnetworks,Speedstream DSL,,Telnet,,admin,Admin,, efficientnetworks,Speedstream,5200,http/telnet,,,,Default IP 10.0.0.1/8, efficientnetworks,Speedstream,5600,http/telnet,,,,Default IP 10.0.0.1/8, efficientnetworks,Speedstream,5711 Teledanmark version (only .dk),Console,,4getme2,Admin,, efficientnetworks,Speedstream,57xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, efficientnetworks,Speedstream,59xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, efficientnetworks,Speedstream,various,http/telnet,superuser,admin,Admin,, efficinet networks,5800 Class DSL Routers,,Admin,login,admin,,, efficinet networks,5800 Class DSL Routers,,all,login,admin,,, egenera,all models,all version,http, ssh, console,root,root, elron,Firewall,,,(hostname/ipaddress),sysadmin,,, elronsoftware,Elron Firewall,2.5c,,hostname/ip address,sysadmin,Admin,, elsa,LANCom Office ISDN Router,,800/1000/1100,,,,, elsa,LANCom Office ISDN Router,,Admin,,,,, elsa,LANCom Office ISDN Router,,Admin,,cisco,,, elsa,LANCom Office ISDN Router,1000,Telnet,,,Admin,, elsa,LANCom Office ISDN Router,1000,Telnet,,cisco,Admin,, elsa,LANCom Office ISDN Router,1100,Telnet,,,Admin,, elsa,LANCom Office ISDN Router,1100,Telnet,,cisco,Admin,, elsa,LANCom Office ISDN Router,800,Telnet,,,Admin,, elsa,LANCom Office ISDN Router,800,Telnet,,cisco,Admin,, emachines,notebook,,,emaq,4133,,, eminent,EM4114,,,admin,admin,Administrator,, encad,XPO,,,,,,, encad,XPO,,Admin,,,,, encad,XPO,,Multi,,,Admin,, enhydra,Multiserver,,,admin,enhydra,,, enhydra,Multiserver,,,admin,enhydra,Admin,, enox,PC BIOS,,,,xo11nE,,, enox,PC BIOS,,Admin,,xo11nE,,, enox,PC BIOS,,Console,,xo11nE,Admin,, enterasys,ANG-1105,,Admin,,netadmin,,, enterasys,ANG-1105,,Admin,admin,netadmin,,, enterasys,ANG-1105,,unknown,,netadmin,,, enterasys,ANG-1105,,unknown,admin,netadmin,,, enterasys,ANG-1105,unknown,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, enterasys,ANG-1105,unknown,Telnet,,netadmin,Admin,default IP is 192.168.1.1, enterasys,Vertical Horizon,ANY,Multi,admin,,Admin,this works in telnet or http, enterasys,Vertical Horizon,VH-2402S,Multi,tiger,tiger123,Admin,, entrust,Get Access Service Control Agent,,4.x,admin,admin,,, entrust,GetAccess,4.x,http,admin,admin,Admin,, entrust,GetAccess,4.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, entrust,GetAccess,7.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, epox,PC BIOS,,,,central,,, epox,PC BIOS,,Admin,,central,,, epox,PC BIOS,,Console,,central,Admin,, ericsson,ACC,,,netman,netman,,, ericsson,Any router,,,netman,netman,,all, ericsson,Ericsson ACC,,,netman,netman,,, ericsson,Ericsson ACC,,Multi,,,Admin,, ericsson,Ericsson Acc,,,netman,netman,,, ericsson,Tigris Platform,All,Multi,public,,Guest,, ericsson,W20,,,user,user,,, ericsson,md110 pabx,,up-to-bc9,,help,,, ericsson,md110 pabx,,varies depending on config minimal list access by default,,help,,, ericsson,md110 pabx,up-to-bc9,Multi,,help,varies depending on config minimal list access by default,, esesixcomputergmbh,Thintune,2.4.38-32-D,Connect port 25072,root,jstwo,Admin,, etech,ADSL Ethernet Router,Annex A v2,HTTP,admin,epicrouter,Admin,Password can also be password, etech,Router,RTBR03,HTTP,,admin,Admin,1wan/4ports switch router, etech,Router,v1,HTTP,,admin,Admin,, etech,Wireless 11Mbps Router Model:WLRT03,,HTTP,,admin,Admin,, etech,rtbr03,rtbr03,Admin,admin,admin,,, everfocus,ECOR 8F,,,admin,11111111,,, everfocus,PowerPlex,,Admin,admin,admin,,, everfocus,PowerPlex,,Admin,operator,operator,,, everfocus,PowerPlex,,Admin,supervisor,supervisor,,, everfocus,PowerPlex,,EDR1600,admin,admin,,, everfocus,PowerPlex,,EDR1600,operator,operator,,, everfocus,PowerPlex,,EDR1600,supervisor,supervisor,,, everfocus,PowerPlex,EDR1600,Multi,admin,admin,Admin,, everfocus,PowerPlex,EDR1600,Multi,operator,operator,Admin,, everfocus,PowerPlex,EDR1600,Multi,supervisor,supervisor,Admin,, everfocus,edsr400,,,Admin,admin,,, exabyte,Magnum20,,FTP,anonymous,Exabyte,Admin,, exindanetworks,1700,,Default login http://172.14.1.57,admin,exinda,Admin,, extended systems,Firewall,,,admin,admin,,, extended systems,Print Server,,,admin,extendnet,,, extendedsystems,ExtendNet 4000 / Firewall,,,admin,admin,,all Versions, extendedsystems,Print Servers,,,admin,extendnet,,, extreme networks,All Switches,,,admin,,,, extreme networks,All Switches,,Admin,admin,,,, extreme networks,Alpine,,,admin,,,, extreme networks,BlackDiamond,,,admin,,,, extreme networks,Summit,,,admin,,,, extreme networks,Switches,,,admin,,,, extreme networks,Switches,,Admin,admin,,,, extreme networks,Swithces,,,admin,,,, extreme networks,Swithces,,Admin,admin,,,, extremenetworks,All Switches,,Multi,admin,,Admin,, extremenetworks,Alpine,,,admin,,Admin,, extremenetworks,BlackDiamond,,,admin,,Admin,, extremenetworks,Summit,,,admin,,Admin,, extremenetworks,Switches,,,admin,,Admin,, extremenetworks,Swithces,,Multi,admin,,Admin,, f5,Big-IP 540,,Multi,root,default,Admin,, f5,Big-IP,9.12,http,admin,admin,Administrator,, fastwire,Fastwire Bank Transfer,,,fastwire,fw,,, firebird,FirebirdSQL,,,SYSDBA,masterkey,,, flowpoint,100 IDSN,,,admin,admin,,, flowpoint,100 IDSN,,Admin,admin,admin,,, flowpoint,100 IDSN,,Telnet,admin,admin,Admin,, flowpoint,2200 SDSL,,,admin,admin,,, flowpoint,2200 SDSL,,Admin,admin,admin,,, flowpoint,2200 SDSL,,Telnet,admin,admin,Admin,, flowpoint,40 IDSL,,,admin,admin,,, flowpoint,40 IDSL,,Admin,admin,admin,,, flowpoint,40 IDSL,,Telnet,admin,admin,Admin,, flowpoint,DSL,,,,password,,, flowpoint,DSL,,2000,admin,admin,,, flowpoint,DSL,,Admin,,password,,, flowpoint,DSL,,Admin,admin,admin,,, flowpoint,DSL,,Telnet,,password,Admin,Installed by Covad, flowpoint,DSL,2000,Telnet,admin,admin,Admin,, flowpoint,Flowpoint DSL,,,admin,admin,Admin,, flowpoint,Flowpoint/2000 ADSL,,,,,,, flowpoint,Flowpoint/2000 ADSL,,Admin,,,,, flowpoint,Flowpoint/2000 ADSL,,Telnet,,,Admin,, fortigate,Fortinet firewall,,,admin,no password,,, fortinet,FortiGate 300A,n/d,Multi,admin,no password,HTTP,, fortinet,FortiGate firewall,,Multi,admin,no password,,, fortinet,FortiGate,,Telnet,admin,,Admin,, fortinet,FortiGate,,serial console,maintainer,pbcpbn(add serial number),Admin,, fortinet,Fortigate 300A,,HTTP SSH,admin,no password,,, foundry networks,IronView Network Manager,,Version 01.6.00a(service pack) 0620031754,admin,admin,,, foundry networks,ServerIron,,,,,,, foundrynetworks,IronView Network Manager,Version 01.6.00a(service pack) 0620031754,HTTP,admin,admin,Admin,, foundrynetworks,ServerIron,,,,,Admin,, freetech,PC BIOS,,,,Posterie,,, freetech,PC BIOS,,Admin,,Posterie,,, freetech,PC BIOS,,Console,,Posterie,Admin,, fujitsusiemens,Routers,,HTTP,,connect,Admin,, fujixerox,DocuPrint 3055,200911121222,http://10.0.14.50,,,admin,, fujixerox,Document Centre C450,,console,11111,x-admin,,http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, funk software,Steel Belted Radius,,3.x,admin,radius,,, funk software,Steel Belted Radius,,Admin,admin,radius,,, funksoftware,Steel Belted Radius,3.x,Proprietary,admin,radius,Admin,, funksoftware,Steel Belted Radius,450,,admin,radius,Admin,, galacticomm,Major BBS,,,Sysop,Sysop,,, galacticomm,Major BBS,,Admin,Sysop,Sysop,,, galacticomm,Major BBS,,Multi,Sysop,Sysop,Admin,, gandalf,XMUX,,,,console,,, gandalf,XMUX,,,,gandalf,,, gandalf,XMUX,,,,system,,, gandalf,XMUX,,,,xmux,,, gateway,WGR-200 Router,,,admin,admin,Admin,, gateway,WGR-250 Router,,,admin,admin,Admin,, ge,Data management system,,,administrator,Never!Mind,,, ge,Data management system,,,museadmin,Muse!Admin,,, ge,Data management system,1/2/3,Console,administrator,Never!Mind,,, ge,Data management system,1/2/3,Console,museadmin,Muse!Admin,,, ge,Enterprise Archive,,,administrator,eaadmin,,, ge,Enterprise Archive,1/2,Console,administrator,eaadmin,,, ge,Image management system,,,administrator,gemnet,,, ge,Image management system,1/2/3,Console,administrator,gemnet,,, ge,Maclab,,,mlcltechuser,mlcl!techuser,,, ge,Maclab,1,Console,mlcltechuser,mlcl!techuser,,, geeklog,Geeklog,,1.3.x,username,password,,, geeklog,Geeklog,1.3.x,MySQL,username,password,,, general instruments,Cable Modem,,,test,test,,, generalinstruments,SB2100D Cable Modem,,,test,test,,, gericom,Phoenix,,Multi,Administrator,,Admin,, giga,8ippro1000,,Multi,Administrator,admin,Admin,, gigabyte,GN-B49G,,,admin,admin,,, gigabyte,GN-B49G,,HTTP,admin,admin,,, gigabyte,GN-BR01G,,ip address,admin,admin,,, glftpd,glftpd,1.32,Other,glftpd,glftpd,ftp,, globespanvirata,GS8100,,,DSL,DSL,Admin,, globespanvirata,Viking,,Telnet,root,root,admin,, globespanvirata,Viking,,admin,root,root,,, globespanvirata,all models,all versions,http://192.168.1.1,WebAdmin,,,, gonet,,,,fast,abd234,,, gossamerthreads,dbMan,,,admin,admin,Change/Delete Data in Database,, gossamerthreads,dbMan,,,author,author,Change/Delete Data in Database,, gossamerthreads,dbMan,,,guest,guest,Change/Delete Data in Database,, grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,123,Config (End User),, grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,admin,Config (Advanced User),, grandstreamnetworks,HandyTone 286,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 286,,HTTP,End User,,,, grandstreamnetworks,HandyTone 286,,HTTP,End User,123,,, grandstreamnetworks,HandyTone 386,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 386,,HTTP,End User,,,, grandstreamnetworks,HandyTone 386,,HTTP,End User,123,,, grandstreamnetworks,HandyTone 486,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 486,,HTTP,End User,,,, grandstreamnetworks,HandyTone 486,,HTTP,End User,123,,, grandstreamnetworks,HandyTone 488,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 488,,HTTP,End User,,,, grandstreamnetworks,HandyTone 488,,HTTP,End User,123,,, grandstreamnetworks,HandyTone 496,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 496,,HTTP,End User,,,, grandstreamnetworks,HandyTone 496,,HTTP,End User,123,,, grandstreamnetworks,HandyTone Budgetone-100 IP Phone,,HTTP,,admin,administrator,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,,,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,123,,, greatspeed,DUO,,,admin,broadband,,, greatspeed,DUO,,HTTP,admin,broadband,,, guardone,BizGuard,,,n.a,guardone,,, guardone,BizGuard,,multi,,guardone,Admin,, guardone,Restrictor,,,,guardone,,, guardone,Restrictor,,multi,,guardone,Admin,, gvc,e800/rb4,,HTTP,Administrator,admin,Admin,, h2o project,Medialibrary,,,admin,admin,,, h2oproject,Medialibrary,,HTTP,admin,admin,Admin,, harris,DATU,,DTMF,,1111,,, harris,DATU,,DTMF,,1234,,, harris,DATU,,DTMF,,2345,,, harris,DATU,,DTMF,,4300,,, harris,DATU,,DTMF,,7373,,, harris,MAU,,Modem,,4372266,,, harris,SASS,,DTMF,,1111,,, harris,SASS,,DTMF,,1122,,, hawlett-packard,HP Omnibook 2100,,,,,,, hayes,Century,,MR200,system,isp,,, hayes,Century,MR200,,system,isp,Admin,, hewlett-packard,CommandView SDM,,Secure Manager,,AUTORAID,,, hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HPOFFICE DATA,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPONLY,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPP187 SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPWORD PUB,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,LOTUS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MANAGER,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MGR,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SERVICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SUPPORT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,FIELD.SUPPORT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MANAGER.SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MGR.SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,OP.OPERATOR,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,HPOFFICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MAIL,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MPE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,REMOTE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,TELESUP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,COGNOS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,HPOFFICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,ITF3000,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SECURITY,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TCH,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TELESUP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGE,VESOFT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CAROLIAN,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CCC,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CNAS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,COGNOS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CONV,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPDESK,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPOFFICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPONLY,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP187,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP189,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP196,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,INTX3,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ITF3000,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,NETBASE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,REGO,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,RJE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ROBELLE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SECURITY,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,TELESUP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,VESOFT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,WORD,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,XLSERVER,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,COGNOS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,DISC,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SUPPORT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYSTEM,,, hewlett-packard,HP 2000/3000 MPE/xx,,,PCUSER,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,RSBCMON,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,SPOOLMAN,HPOFFICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,WP,HPOFFICE,,, hewlett-packard,LaserJet Net Printers,,Admin,,,,, hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,,,,, hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,Anonymous,,,, hewlett-packard,LaserJet Net Printers,,User,,,,, hewlett-packard,LaserJet Net Printers,,User,Anonymous,,,, hewlett-packard,Vectra,,,,hewlpack,,, hewlett-packard,Vectra,,Admin,,hewlpack,,, hewlett-packard,Webmin,,0.84,admin,hp.com,,, hewlettpackard,CommandView SDM,,Multi,N/A,AUTORAID,Secure Manager,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HP,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HPOFFICE DATA,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPONLY,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPP187 SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPWORD PUB,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,LOTUS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MANAGER,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MGR,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SERVICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SUPPORT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,FIELD.SUPPORT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MANAGER.SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MGR.SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,OP.OPERATOR,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,HPOFFICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MAIL,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MPE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,REMOTE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,TELESUP,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,COGNOS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,HPOFFICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,ITF3000,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SECURITY,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TCH,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TELESUP,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGE,VESOFT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CAROLIAN,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CCC,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CNAS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,COGNOS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CONV,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPDESK,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPOFFICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPONLY,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP187,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP189,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP196,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,INTX3,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ITF3000,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,NETBASE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,REGO,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,RJE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ROBELLE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SECURITY,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,TELESUP,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,VESOFT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,WORD,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,XLSERVER,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,COGNOS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,DISC,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SUPPORT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYSTEM,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,PCUSER,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,RSBCMON,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,SPOOLMAN,HPOFFICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,WP,HPOFFICE,,, hewlettpackard,HP Jetdirect (All Models),,,,,,Any, hewlettpackard,ISEE,,Multi,admin,isee,Admin,, hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,9100,,,User,Type what you want and close telnet session to print it out, hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,FTP,Anonymous,,User,send files to be printed, hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,HTTP,,,Admin,HTTP interface, hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,Telnet,,,Admin,press enter twice if no response in telnet, hewlettpackard,MPE-XL,,,HELLO,FIELD.SUPPORT,,, hewlettpackard,MPE-XL,,,HELLO,MANAGER.SYS,,, hewlettpackard,MPE-XL,,,HELLO,MGR.SYS,,, hewlettpackard,MPE-XL,,,MANAGER,HPOFFICE,,, hewlettpackard,MPE-XL,,,MGR,CAROLIAN,,, hewlettpackard,MPE-XL,,,MGR,CCC,,, hewlettpackard,MPE-XL,,,OPERATOR,COGNOS,,, hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, hewlettpackard,iLo,,http,oper,oper,,, hewlettpackard,sa7200,,Multi,admin,,Admin,, hewlettpackard,sa7200,,Multi,admin,admin,Admin,, hewlettpackard,webmin,0.84,HTTP,admin,hp.com,Admin,, honeywell,Experion,,,LocalComServer,LCS pwd 03,,, honeywell,Experion,,,TPSLocalServer,TLS pwd 03,,, horizon datasys,FoolProof,,,,foolproof,,, horizondatasys,FoolProof,,,,foolproof,Admin,, hosting controller,Hosting Controller,,,AdvWebadmin,advcomm500349,,, hp,sa7200,,,admin,,,, hp,sa7200,,Admin,admin,,,, hp,sa7200,,Admin,admin,admin,,, huawei,B932,,http:192.168.1.1,,,,, huawei,MT880r,,Multi,TMAR#HWMT8007079,,Admin,, huawei,SmartAX MT882,,,admin,admin,,, huawei,e226,,,admin,admin,,, huwai,Modem,,,Admin,admin,,, huwai,Modem,,Multi,Admin,admin,,, iblitzz,BWA711/All Models,All,HTTP,admin,admin,Admin,This Information Works On All Models Of The Blitzz Line, ibm,2210,,,def,trade,,RIP, ibm,3534 F08 Fibre Switch,,,admin,password,,, ibm,3534 F08 Fibre Switch,,Admin,admin,password,,, ibm,3534 F08 Fibre Switch,,Multi,admin,password,Admin,, ibm,3583 Tape Library,,HTTP,admin,secure,Admin,, ibm,390e,,,,admin,,, ibm,390e,,Admin,,admin,,, ibm,390e,,Multi,,admin,Admin,, ibm,600x,,,,admin,,, ibm,600x,,Admin,,admin,,, ibm,600x,,Multi,,admin,Admin,, ibm,8224 HUB,,,vt100,public,,, ibm,8224 HUB,,Admin,vt100,public,,, ibm,8224 HUB,,Multi,vt100,public,Admin,Swap MAC address chip from other 8224, ibm,8225,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, ibm,8225,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, ibm,8225,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, ibm,8237,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, ibm,8237,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, ibm,8237,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, ibm,8239 Token Ring HUB,,2.5,,R1QTPS,,, ibm,8239 Token Ring HUB,,Utility Program,,R1QTPS,,, ibm,8239 Token Ring HUB,2.5,Console,,R1QTPS,Utility Program,, ibm,A21m,,,,,,, ibm,A21m,,Admin,,,,, ibm,A21m,,Multi,,,Admin,, ibm,AIX,,,guest,guest,,, ibm,AIX,,4.X,admin,admin,,, ibm,AIX,,Multi,guest,,User,, ibm,AIX,,Multi,guest,guest,User,, ibm,AIX,,User,admin,admin,,, ibm,AIX,,User,guest,,,, ibm,AIX,,User,guest,guest,,, ibm,AIX,4.X,Multi,admin,admin,User,, ibm,AS/400,,,QSECOFR,QSECOFR,,Any, ibm,AS/400,,,QSRV,QSRV,,, ibm,AS/400,,,QSRVBAS,QSRVBAS,,, ibm,AS/400,,,QUSER,QUSER,,OS/400, ibm,AS/400,,,qpgmr,qpgmr,,, ibm,AS/400,,,qsysopr,qsysopr,,, ibm,Aptiva,,,,,CMOS,Press both mouse buttons repeatedly during boot to bypass CMOS password, ibm,Ascend OEM Routers,,,,ascend,,, ibm,Ascend OEM Routers,,Admin,,ascend,,, ibm,Ascend OEM Routers,,Telnet,,ascend,Admin,, ibm,BladeCenter Mgmt Console,,HTTP,USERID,PASSW0RD,Admin,, ibm,CICS,,,$SRV,$SRV,,, ibm,CICS,,,CICSUSER,CISSUS,,, ibm,CICS,,,DBDCCICS,DBDCCIC,,, ibm,CICS,,,FORSE,FORSE,,, ibm,CICS,,,OPER,OPER,,, ibm,CICS,,,POST,BASE,,, ibm,CICS,,,PRODCICS,PRODCICS,,, ibm,CICS,,,PROG,PROG,,, ibm,CICS,,,SYSA,SYSA,,, ibm,CICS,,,VCSRV,VCSRV,,, ibm,DB2,,,db2admin,db2admin,,WinNT, ibm,DB2,,,db2fenc1,db2fenc1,,, ibm,Directory - Web Administration Tool,5.1,HTTP,superadmin,secret,Admin,Documented in Web Administration Guide, ibm,Fibre Switch,,3534 F08,admin,password,,, ibm,Hardware Management Console,3,ssh,hscroot,abc123,Admin,, ibm,IBM,,Multi,,,Admin,, ibm,Infoprint 6700,,Multi,root,,Admin,Also works for older 4400 printers and probably Printronics equivalents as well., ibm,LAN Server / OS/2,,,username,password,,2.1 3.0 4., ibm,Lotus Domino Go WebServer (net.commerce edition),,,webadmin,webibm,,ANY ?, ibm,NetCommerce PRO,,,ncadmin,ncadmin,,3.2, ibm,OS/400,,,11111111,11111111,,, ibm,OS/400,,,22222222,22222222,,, ibm,OS/400,,,QSECOFR,QSECOFR,,OS/400, ibm,OS/400,,,ibm,2222,,, ibm,OS/400,,,ibm,password,,, ibm,OS/400,,,ibm,service,,, ibm,OS/400,,,qpgmr,qpgmr,,, ibm,OS/400,,,qsecofr,11111111,,, ibm,OS/400,,,qsecofr,22222222,,, ibm,OS/400,,,qsecofr,qsecofr,,, ibm,OS/400,,,qserv,qserv,,, ibm,OS/400,,,qsrv,qsrv,,, ibm,OS/400,,,qsrvbas,qsrvbas,,, ibm,OS/400,,,qsvr,ibmcel,,, ibm,OS/400,,,qsvr,qsvr,,, ibm,OS/400,,,qsysopr,qsysopr,,, ibm,OS/400,,,quser,quser,,, ibm,OS/400,,,secofr,secofr,,, ibm,OS/400,,,sedacm,secacm,,, ibm,OS/400,,,sysopr,sysopr,,, ibm,OS/400,,,user,USERP,,, ibm,OS/400,,Multi,11111111,11111111,,, ibm,OS/400,,Multi,22222222,22222222,,, ibm,OS/400,,Multi,ibm,2222,,, ibm,OS/400,,Multi,ibm,password,,, ibm,OS/400,,Multi,ibm,service,,, ibm,OS/400,,Multi,qpgmr,qpgmr,,, ibm,OS/400,,Multi,qsecofr,11111111,,, ibm,OS/400,,Multi,qsecofr,22222222,,, ibm,OS/400,,Multi,qsecofr,qsecofr,,, ibm,OS/400,,Multi,qserv,qserv,,, ibm,OS/400,,Multi,qsrv,11111111,,, ibm,OS/400,,Multi,qsrv,22222222,,, ibm,OS/400,,Multi,qsrv,qsrv,,, ibm,OS/400,,Multi,qsrvbas,qsrvbas,,, ibm,OS/400,,Multi,qsvr,ibmcel,,, ibm,OS/400,,Multi,qsvr,qsvr,,, ibm,OS/400,,Multi,qsysopr,qsysopr,,, ibm,OS/400,,Multi,quser,quser,,, ibm,OS/400,,Multi,secofr,secofr,,, ibm,OS/400,,Multi,sedacm,sedacm,,, ibm,OS/400,,Multi,sysopr,sysopr,,, ibm,OS/400,,Multi,userp,,No,, ibm,PC BIOS,,,,IBM,,, ibm,PC BIOS,,,,sertafu,,, ibm,PC BIOS,,Admin,,IBM,,, ibm,PC BIOS,,Admin,,MBIU0,,, ibm,PC BIOS,,Admin,,sertafu,,, ibm,PC BIOS,,Console,,IBM,Admin,, ibm,PC BIOS,,Console,,MBIU0,Admin,, ibm,PC BIOS,,Console,,merlin,No,, ibm,PC BIOS,,Console,,sertafu,Admin,, ibm,POS CMOS,,,ESSEX,,,, ibm,POS CMOS,,,IPC,,,, ibm,POS CMOS,,Console,ESSEX,,,, ibm,POS CMOS,,Console,IPC,,,, ibm,RACF,,,IBMUSER,SYS1,,, ibm,RS/6000,,,root,ibm,,AIX, ibm,RSA,,9091,wpsadmin,wpsadmin,,, ibm,RSA,5.0,HTTP,wpsadmin,wpsadmin,9091,, ibm,Remote Supervisor Adapter (RSA),,HTTP,USERID,PASSW0RD,Admin,, ibm,T20,,Multi,,admin,Admin,, ibm,T42,,HTTP,Administrator,admin,Admin,, ibm,TS3100(3573-L2U),,http,admin,secure,,, ibm,TS3100,,,admin,secure,,, ibm,Tivoli,,,admin,admin,,, ibm,Tivoli,,HTTP,admin,admin,Admin,, ibm,TotalStorage Enterprise Server,,,storwatch,specialist,,, ibm,TotalStorage Enterprise Server,,Admin,storwatch,specialist,,, ibm,TotalStorage Enterprise Server,,Multi,storwatch,specialist,Admin,, ibm,TotalStorage,,,storwatch,specialist,,, ibm,VM/CMS,,,$ALOC$,,,, ibm,VM/CMS,,,ADMIN,,,, ibm,VM/CMS,,,AP2SVP,,,, ibm,VM/CMS,,,APL2PP,,,, ibm,VM/CMS,,,AUTOLOG1,,,, ibm,VM/CMS,,,BATCH,,,, ibm,VM/CMS,,,BATCH1,,,, ibm,VM/CMS,,,BATCH2,,,, ibm,VM/CMS,,,CCC,,,, ibm,VM/CMS,,,CMSBATCH,,,, ibm,VM/CMS,,,CMSUSER,,,, ibm,VM/CMS,,,CPNUC,,,, ibm,VM/CMS,,,CPRM,,,, ibm,VM/CMS,,,CSPUSER,,,, ibm,VM/CMS,,,CVIEW,,,, ibm,VM/CMS,,,DATAMOVE,,,, ibm,VM/CMS,,,DEMO1,,,, ibm,VM/CMS,,,DEMO2,,,, ibm,VM/CMS,,,DEMO3,,,, ibm,VM/CMS,,,DEMO4,,,, ibm,VM/CMS,,,DIRECT,,,, ibm,VM/CMS,,,DIRMAINT,,,, ibm,VM/CMS,,,DISKCNT,,,, ibm,VM/CMS,,,EREP,,,, ibm,VM/CMS,,,FSFADMIN,,,, ibm,VM/CMS,,,FSFTASK1,,,, ibm,VM/CMS,,,FSFTASK2,,,, ibm,VM/CMS,,,GCS,,,, ibm,VM/CMS,,,IDMS,,,, ibm,VM/CMS,,,IDMSSE,,,, ibm,VM/CMS,,,IIPS,,,, ibm,VM/CMS,,,IPFSERV,,,, ibm,VM/CMS,,,ISPVM,,,, ibm,VM/CMS,,,IVPM1,,,, ibm,VM/CMS,,,IVPM2,,,, ibm,VM/CMS,,,MAINT,,,, ibm,VM/CMS,,,MOESERV,,,, ibm,VM/CMS,,,NEVIEW,,,, ibm,VM/CMS,,,OLTSEP,,,, ibm,VM/CMS,,,OP1,,,, ibm,VM/CMS,,,OPERATIONS,OPERATIONS,,, ibm,VM/CMS,,,OPERATNS,,,, ibm,VM/CMS,,,OPERATOR,,,, ibm,VM/CMS,,,PDMREMI,,,, ibm,VM/CMS,,,PENG,,,, ibm,VM/CMS,,,PROCAL,,,, ibm,VM/CMS,,,PRODBM,,,, ibm,VM/CMS,,,PROMAIL,,,, ibm,VM/CMS,,,PSFMAINT,,,, ibm,VM/CMS,,,PVM,,,, ibm,VM/CMS,,,RDM470,,,, ibm,VM/CMS,,,ROUTER,,,, ibm,VM/CMS,,,RSCS,,,, ibm,VM/CMS,,,RSCSV2,,,, ibm,VM/CMS,,,SAVSYS,,,, ibm,VM/CMS,,,SFCMI,,,, ibm,VM/CMS,,,SFCNTRL,,,, ibm,VM/CMS,,,SMART,,,, ibm,VM/CMS,,,SQLDBA,,,, ibm,VM/CMS,,,SQLUSER,,,, ibm,VM/CMS,,,SYSADMIN,,,, ibm,VM/CMS,,,SYSCKP,,,, ibm,VM/CMS,,,SYSDUMP1,,,, ibm,VM/CMS,,,SYSERR,,,, ibm,VM/CMS,,,SYSWRM,,,, ibm,VM/CMS,,,TDISK,,,, ibm,VM/CMS,,,TEMP,,,, ibm,VM/CMS,,,TSAFVM,,,, ibm,VM/CMS,,,VASTEST,,,, ibm,VM/CMS,,,VM3812,,,, ibm,VM/CMS,,,VMARCH,,,, ibm,VM/CMS,,,VMASMON,,,, ibm,VM/CMS,,,VMASSYS,,,, ibm,VM/CMS,,,VMBACKUP,,,, ibm,VM/CMS,,,VMBSYSAD,,,, ibm,VM/CMS,,,VMMAP,,,, ibm,VM/CMS,,,VMTAPE,,,, ibm,VM/CMS,,,VMTLIBR,,,, ibm,VM/CMS,,,VMUTIL,,,, ibm,VM/CMS,,,VSEIPO,,,, ibm,VM/CMS,,,VSEMAINT,,,, ibm,VM/CMS,,,VSEMAN,,,, ibm,VM/CMS,,,VTAM,,,, ibm,VM/CMS,,,VTAM,VTAM,,, ibm,VM/CMS,,,VTAMUSER,,,, ibm,VM/CMS,,Multi,$ALOC$,,,, ibm,VM/CMS,,Multi,ADMIN,,,, ibm,VM/CMS,,Multi,AP2SVP,,,, ibm,VM/CMS,,Multi,APL2PP,,,, ibm,VM/CMS,,Multi,AUTOLOG1,,,, ibm,VM/CMS,,Multi,BATCH,,,, ibm,VM/CMS,,Multi,BATCH1,,,, ibm,VM/CMS,,Multi,BATCH2,,,, ibm,VM/CMS,,Multi,CCC,,,, ibm,VM/CMS,,Multi,CMSBATCH,,,, ibm,VM/CMS,,Multi,CMSBATCH,CMSBATCH,,, ibm,VM/CMS,,Multi,CMSUSER,,,, ibm,VM/CMS,,Multi,CPNUC,,,, ibm,VM/CMS,,Multi,CPRM,,,, ibm,VM/CMS,,Multi,CSPUSER,,,, ibm,VM/CMS,,Multi,CVIEW,,,, ibm,VM/CMS,,Multi,DATAMOVE,,,, ibm,VM/CMS,,Multi,DEMO1,,,, ibm,VM/CMS,,Multi,DEMO2,,,, ibm,VM/CMS,,Multi,DEMO3,,,, ibm,VM/CMS,,Multi,DEMO4,,,, ibm,VM/CMS,,Multi,DIRECT,,,, ibm,VM/CMS,,Multi,DIRMAINT,,,, ibm,VM/CMS,,Multi,DISKCNT,,,, ibm,VM/CMS,,Multi,EREP,,,, ibm,VM/CMS,,Multi,FSFADMIN,,,, ibm,VM/CMS,,Multi,FSFTASK1,,,, ibm,VM/CMS,,Multi,FSFTASK2,,,, ibm,VM/CMS,,Multi,GCS,,,, ibm,VM/CMS,,Multi,IDMS,,,, ibm,VM/CMS,,Multi,IDMSSE,,,, ibm,VM/CMS,,Multi,IIPS,,,, ibm,VM/CMS,,Multi,IPFSERV,,,, ibm,VM/CMS,,Multi,ISPVM,,,, ibm,VM/CMS,,Multi,IVPM1,,,, ibm,VM/CMS,,Multi,IVPM2,,,, ibm,VM/CMS,,Multi,MAINT,,,, ibm,VM/CMS,,Multi,MAINT,MAINT,,, ibm,VM/CMS,,Multi,MOESERV,,,, ibm,VM/CMS,,Multi,NEVIEW,,,, ibm,VM/CMS,,Multi,OLTSEP,,,, ibm,VM/CMS,,Multi,OP1,,,, ibm,VM/CMS,,Multi,OPERATNS,,,, ibm,VM/CMS,,Multi,OPERATNS,OPERATNS,,, ibm,VM/CMS,,Multi,OPERATOR,,,, ibm,VM/CMS,,Multi,OPERATOR,OPERATOR,,, ibm,VM/CMS,,Multi,PDMREMI,,,, ibm,VM/CMS,,Multi,PENG,,,, ibm,VM/CMS,,Multi,PROCAL,,,, ibm,VM/CMS,,Multi,PRODBM,,,, ibm,VM/CMS,,Multi,PROMAIL,,,, ibm,VM/CMS,,Multi,PSFMAINT,,,, ibm,VM/CMS,,Multi,PVM,,,, ibm,VM/CMS,,Multi,RDM470,,,, ibm,VM/CMS,,Multi,ROUTER,,,, ibm,VM/CMS,,Multi,RSCS,,,, ibm,VM/CMS,,Multi,RSCSV2,,,, ibm,VM/CMS,,Multi,SAVSYS,,,, ibm,VM/CMS,,Multi,SFCMI,,,, ibm,VM/CMS,,Multi,SFCNTRL,,,, ibm,VM/CMS,,Multi,SMART,,,, ibm,VM/CMS,,Multi,SQLDBA,,,, ibm,VM/CMS,,Multi,SQLUSER,,,, ibm,VM/CMS,,Multi,SYSADMIN,,,, ibm,VM/CMS,,Multi,SYSCKP,,,, ibm,VM/CMS,,Multi,SYSDUMP1,,,, ibm,VM/CMS,,Multi,SYSERR,,,, ibm,VM/CMS,,Multi,SYSWRM,,,, ibm,VM/CMS,,Multi,TDISK,,,, ibm,VM/CMS,,Multi,TEMP,,,, ibm,VM/CMS,,Multi,TSAFVM,,,, ibm,VM/CMS,,Multi,VASTEST,,,, ibm,VM/CMS,,Multi,VM3812,,,, ibm,VM/CMS,,Multi,VMARCH,,,, ibm,VM/CMS,,Multi,VMASMON,,,, ibm,VM/CMS,,Multi,VMASSYS,,,, ibm,VM/CMS,,Multi,VMBACKUP,,,, ibm,VM/CMS,,Multi,VMBSYSAD,,,, ibm,VM/CMS,,Multi,VMMAP,,,, ibm,VM/CMS,,Multi,VMTAPE,,,, ibm,VM/CMS,,Multi,VMTLIBR,,,, ibm,VM/CMS,,Multi,VMUTIL,,,, ibm,VM/CMS,,Multi,VSEIPO,,,, ibm,VM/CMS,,Multi,VSEMAINT,,,, ibm,VM/CMS,,Multi,VSEMAN,,,, ibm,VM/CMS,,Multi,VTAM,,,, ibm,VM/CMS,,Multi,VTAM,VTAM,,, ibm,VM/CMS,,Multi,VTAMUSER,,,, ibm,a20m,,,,admin,,, ibm,a20m,,Admin,,admin,,, ibm,a20m,,Multi,,admin,Admin,, ibm,management hw,,Multi,USERID,PASSW0RD,admin,, ibm,management hw,,admin,USERID,PASSW0RD,,, ibm,routers,,router,msmadhuastro@gmail.com,06725A1201,,, ibm,switch,8275-217,Telnet,admin,,Admin,, imai,Traffic Shaper,TS-1012,HTTP,,,Admin,default IP 1.2.3.4, imperiasoftware,Imperia Content Managment System,,,superuser,superuser,,Unix/NT, informix,Database,,,informix,informix,,, infosmart,SOHO router,,HTTP,admin,0,Admin,, infotec,ISC2525,System v1.67 / NIB v5.14 / WIM v1.10,http://192.168.0.100,admin,,Admin,, infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,admin,infrant1,administrator,, infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,root,see note,,root password is generated on each boot with a hardcoded algorithm and the password cannot be permanently changed - once discovered it will always work after the device is rebooted, innovaphone,IP20,,Admin,admin,ip20,,, innovaphone,IP20,,Multi,admin,ip20,Admin,, innovaphone,IP3000,,Admin,admin,ip3000,,, innovaphone,IP3000,,Multi,admin,ip3000,Admin,, innovaphone,IP305,,,admin,ip305Beheer,,, innovaphone,IP400,,Admin,admin,ip400,,, innovaphone,IP400,,Multi,admin,ip400,Admin,, integraltechnologies,RemoteView,4,Console,Administrator,letmein,Admin,, integratednetworks,IP Phone,IN1002,HTTP,Administrator,1234,Admin,, integratednetworks,IP Phone,IN1002,HTTP,Administrator,12345678,Admin,, integratednetworks,IP Phone,IN1002,HTTP,Administrator,19750407,Admin,, intel,Express 520T Switch,,,setup,setup,,, intel,Express 520T Switch,,Multi,setup,setup,User,, intel,Express 520T Switch,,User,setup,setup,,, intel,Express 9520 Router,,,NICONEX,NICONEX,,, intel,Express 9520 Router,,Multi,NICONEX,NICONEX,User,, intel,Express 9520 Router,,User,NICONEX,NICONEX,,, intel,LanRover VPN Gateway,,6.0 >,,shiva,,, intel,LanRover VPN Gateway,,< 6.0,,isolation,,, intel,LanRover VPN Gateway,6.0+,multi,,shiva,Admin,, intel,LanRover VPN Gateway,below 6.0,multi,,isolation,Admin,, intel,LanRover,6.7,Console,root,admin,Admin,, intel,NetporrExpress,,,,,,, intel,NetporrExpress,,Admin,,,,, intel,Netstructure,480t,Telnet,admin,,Admin,, intel,Shiva Access Port,All,Telnet,admin,hello,Admin,, intel,Shiva LanRover,,,Guest,,User,, intel,Shiva LanRover,,Multi,root,,Admin,, intel,Shiva Lanrovers,,,root,,,, intel,Shiva Lanrovers,,Admin,root,,,, intel,Shiva Mezza ISDN Router,All,Telnet,admin,hello,Admin,, intel,Shiva,,,Guest,,,, intel,Shiva,,,root,,,, intel,Shiva,,Admin,root,,,, intel,Shiva,,Multi,Guest,,User,, intel,Shiva,,User,Guest,,,, intel,Wireless AP 2011,,2.21,,Intel,,, intel,Wireless AP 2011,,Admin,,Intel,,, intel,Wireless AP 2011,2.21,Multi,,Intel,Admin,, intel,Wireless Gateway,,3.x,intel,intel,,, intel,Wireless Gateway,,Admin,intel,intel,,, intel,Wireless Gateway,3.x,HTTP,intel,intel,Admin,, intel,intel,,,khan,kahn,,, intel,intel,1,Multi,khan,kahn,,, intel,lan rover,,6.7,root,admin,,, intel,lan rover,,Admin,root,admin,,, intel,netstructure,,480t,admin,,,, intel,netstructure,,Admin,admin,,,, intellitouch,ITC3002 VoIP Telephone Deskset,,HTTP/phone,administrator,1234,Admin,, interbase,Interbase Database Server,,Admin,SYSDBA,masterkey,,, interbase,Interbase Database Server,,All,SYSDBA,masterkey,,, interbase,Interbase Database Server,All,Multi,SYSDBA,masterkey,Admin,, intermec,EasyLAN,,10i2,,intermec,,, intermec,EasyLAN,10i2,HTTP,,intermec,Admin,, intermec,Mobile LAN,5.25,Multi,intermec,intermec,Admin,, intermec,PF2i,,Multi,admin,pass,Admin,, internetarchive,Heritrix,1.6.0,,admin,letmein,Admin,, intershop,Intershop,,4,operator,$chwarzepumpe,,, intershop,Intershop,,Admin,operator,$chwarzepumpe,,, intershop,Intershop,4,HTTP,operator,$chwarzepumpe,Admin,, intersystems,Cache Post-RDMS,,Console,system,sys,Admin,Change immediately, intex,organizer,,,,,,, intex,organizer,,Admin,,,,, intex,organizer,,Multi,,,Admin,, intuit,Quickbooks,,1.0,admin,(no-default-password),,, intuit,Quickbooks,,2.0,admin,(no-default-password),,, intuit,Quickbooks,,2004,admin,(no-default-password),,, intuit,Quickbooks,,2005,admin,(no-default-password),,, intuit,Quickbooks,,2006,admin,(no-default-password),,, intuit,Quickbooks,,2007,admin,(no-default-password),,, intuit,Quickbooks,,2008,admin,(no-default-password),,, intuit,Quickbooks,,2009,admin,(no-default-password),,, intuit,Quickbooks,,2010,admin,(no-default-password),,, intuit,Quickbooks,,2011,admin,(no-default-password),,, intuit,Quickbooks,,3.0,admin,(no-default-password),,, intuit,Quickbooks,,4.0,admin,(no-default-password),,, intuit,Quickbooks,,5.0,admin,(no-default-password),,, intuit,Quickbooks,,6.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 1.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 10.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 11.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 4.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 5.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 6.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 7.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 8.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 9.0,admin,(no-default-password),,, inventelwanadoo,LiveBox,D34A,,Admin,Admin,Admin,, ipstar,iPSTAR Network Box,v.2+,HTTP,admin,operator,Admin,iPSTAR Network Box is used by the CSLoxInfo Broadband Satellite system., ipstar,iPSTAR Satellite Router/Radio,v2,HTTP,admin,operator,Admin,For CSLoxInfo and iPSTAR Customers, ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,,, ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,Admin,User's realname: Local Session Manager, ipswitch,Whats up Gold 6.0,,,admin,admin,,Windows 9x a, irc,IRC Daemon,,,,FOOBAR,,, irc,IRC Daemon,,IRC,,FOOBAR,,, ironport,C30,,,admin,ironport,,, ironport,C30,,http,admin,ironport,Admin,, ironport,Messaging Gateway Appliance,,Multi,admin,ironport,Admin,, ironport,S650,,https,admin,ironport,,, iso sistemi,winwork,,,,,,, iso sistemi,winwork,,Admin,,,,, iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, jd edwards,WorldVision/OneWorld,,Admin/SECOFR,JDE,JDE,,, jd edwards,WorldVision/OneWorld,,All(?),JDE,JDE,,, jdedwards,WorldVision/OneWorld,,Multi,PRODDTA,PRODDTA,Admin,Owner of database tables and objects, jdedwards,WorldVision/OneWorld,All(?),Console,JDE,JDE,Admin/SECOFR,, jdedwards,WorldVision/OneWorld,All(?),TCP 1964,JDE,JDE,Admin/SECOFR,, jds microprocessing,Hydra 3000,,Admin,hydrasna,,,, jds microprocessing,Hydra 3000,,r2.02,hydrasna,,,, jdsmicroprocessing,Hydra 3000,r2.02,Console,hydrasna,,Admin,, jetform,Jetform Design,,,Jetform,,,, jetform,Jetform Design,,Admin,Jetform,,,, jetform,Jetform Design,,HTTP,Jetform,,Admin,, jetway,PC BIOS,,,,spooml,,, jetway,PC BIOS,,Admin,,spooml,,, jetway,PC BIOS,,Console,,spooml,Admin,, johnson controls,HVAC System,,,johnson,control,,, johnsoncontrols,HVAC System,,modem,johnson,control,,, joss technology,PC BIOS,,,,57gbzb,,, joss technology,PC BIOS,,,,technolgi,,, joss technology,PC BIOS,,Admin,,57gbzb,,, joss technology,PC BIOS,,Admin,,technolgi,,, josstechnology,PC BIOS,,Console,,57gbzb,Admin,, josstechnology,PC BIOS,,Console,,technolgi,Admin,, juniper,All,,,root,,,Junos 4.4, juniper,CMS,All versions,https,root,juniper,admin access,, juniper,ISG2000,,Multi,netscreen,netscreen,Admin,Just a note - netscreen is now made by Juniper - otherwise no change, juniper,Peribit,,,admin,peribit,Admin,, juniper,ScreenOS,All,ssh or http,netscreen,netscreen,admin,, juniper,all mode,7.6R1.9,http://118.98.171.65,,,root,administrator juniper, justin hagstrom,AutoIndex,,1.3.2,admin,admin,,, justin hagstrom,AutoIndex,,1.3.2,test,test,,, justinhagstrom,AutoIndex,1.3.2,,admin,admin,Admin,, justinhagstrom,AutoIndex,1.3.2,,test,test,,, kalatel,Calibur DSR-2000e,,Multi,,3477,Admin,, kalatel,Calibur DSR-2000e,,on-screen menu system,,8111,restore factory defaults,, kaptest,usmle,,,admin,,,, kaptest,usmle,,Admin,admin,,,, kaptest,usmle,,HTTP,admin,,Admin,, kethinov,Kboard Forum,,0.3.x,root,password,,, kethinov,Kboard Forum,0.3.x,SQL,root,password,Admin,, keyscan,Keyscan System V,,admin,keyscan,KEYSCAN,,, keyscan,Keyscan System V,5.2,Console,keyscan,KEYSCAN,admin,, konica minolta,7255,,admin,,sysadm,,, konicaminolta,1690MF,1.0,web,,sysAdmin,root,, konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is "administrator" fully spelled out all lower case., konicaminolta,4650,,HTTP,admin,administrator,admin,, konicaminolta,7216,7216,http,,sysadm,Admin,, konicaminolta,7255,,Multi,,sysadm,admin,, konicaminolta,BIZHUB 7272 / IP-511A,Type A,IP,,sysadm,admin,, konicaminolta,BizHUB 160(f),,HTTP,N/A,sysadm,,, konicaminolta,Bizhub C10,,http,,MagiMFP,Admin,, konicaminolta,Bizhub C20,,,,000000,,, konicaminolta,C20,,http://xxx.xxx.xxx.xxx,Administrator,Administrator,from the login webpage,, konicaminolta,C253,,Console,,12345678,admin,Tried what was listed at url and it worked on device :http://www.fixya.com/support/t888192-konica_minolta_bizbub_c253, konicaminolta,C350,,,,00000000,,often either 00000000 or 12345678 on all KM printers, konicaminolta,C352,,console/network,,12345678,,, konicaminolta,Di 2010f,,HTTP,,0,Admin,Printer configuration interface, konicaminolta,Di3510,,web,,00000000,,, konicaminolta,Di470,,Admin Panel,,0000,admin,, konicaminolta,Magiccolor 4690MF,all,http,,sysadm,Administrator,, konicaminolta,Magicolor 2450,,front panel,,KM2450,,, konicaminolta,Magicolor 2530DL,,,,administrator,,, konicaminolta,Magicolor 5450D,All versions,HTTP,admin,,,, konicaminolta,bizhub 163/211,bizhub 163/211,http,,sysadm,administrator,, konicaminolta,bizhub 420,,console,,12345678,,, konicaminolta,bizhub c203,all,all,,12345678,,, konicaminolta,magicolor 2300 DL,,Multi,,1234,Admin,, konicaminolta,magicolor 2430DL,All,Multi,,,Admin,Taken from reference manual for product, kragerenergibredbnd,mozilla firefoz,802.11G - 2,4ghz,BREDBNDKABEL,ADMIN,,11G 2, kti,KS-2260,,Telnet,superuser,123456,special CLI,can be disabled by renaming the regular login name to superuser, kti,KS2260,,Console,admin,123,Admin,, kti,KS2600,,Console,admin,123456,Admin,, kyocera,EcoLink,,7.2,,PASSWORD,,, kyocera,EcoLink,,Admin,,PASSWORD,,, kyocera,EcoLink,7.2,HTTP,,PASSWORD,Admin,, kyocera,FS- 5XXX,,http://,,admin00,,, kyocera,FS-1020D,,HTTP,admin,,Admin,, kyocera,FS-1020D,,HTTP,admin,admin,Admin,, kyocera,FS-1028MFP,,http,,admin00,,, kyocera,FS-1128MFP,,,,admin00,,, kyocera,FS-1350DN,,http://,,admin00,,, kyocera,FS-3920DN,,Web,,admin00,,, kyocera,FS-4020 DN,,HTTP,/,admin00,,, kyocera,FS-C5100DN,,http,,admin00,,, kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, kyocera,TASKalfa 250ci,,IP,,admin00,,, kyocera,TaskAlfa 520i,All versions,Console,5200,5200,Machine Administrator,, kyocera,Taskalfa i300,,web-access/tray,admin00/3000,admin00/3000,admin,, kyocera,Telnet Server IB-20/21,,,root,root,,, kyocera,Telnet Server IB-20/21,,Admin,root,root,,, kyocera,Telnet Server IB-20/21,,multi,root,root,Admin,, lacie,2Big Network,,,admin,admin,admin console,, lacie,Ethernet Big Disk,,ftp://EthernetBD,admin,admin,Big Disk Administration,, lacie,Ethernet Disk Mini 500GB,,,admin,admin,Admin,, lacie,Ethernet Disk Mini,all sizes,http://edmini,admin,admin,Administrator's Console,, lacie,Ethernet Disk RAID,1.4,HTTP,admin,storage,Manager console,, lacie,Ethernet Disk,,multi,,admin,Administrator password,, lacie,Ethernet Disk,,multi,myuser,myuser,Default user has access to default public folder,, lacie,lacie ethernet Disk,,,administrator,admin,,, lancom,IL11,,Multi,,,Admin,, lanier,5618,,,,sysadm,,, lanier,5618,,Multi,,sysadm,,, lanier,LD120d,,web,Administrator,password,admin,, lanier,mpc 2500,1.,Deault ip,admin,LEAVE ME BLANK,,, lantronics,Lantronics Terminal Server,,,,access,,, lantronics,Lantronics Terminal Server,,Admin,,access,,, lantronics,Lantronics Terminal Server,,Admin,,system,,, lantronix,ETS16P,,,,,,, lantronix,ETS16P,,Multi,,,Admin,secondary priv. password: system, lantronix,ETS16PR,,,,,,, lantronix,ETS32PR,,,,,,, lantronix,ETS32PR,,Multi,,,Admin,secondary priv. password: system, lantronix,ETS422PR,,,,,,, lantronix,ETS422PR,,Multi,,,Admin,secondary priv. password: system, lantronix,ETS4P,,,,,,, lantronix,ETS4P,,Multi,,,Admin,secondary priv. password: system, lantronix,LPS1-T Print Server,,,any,system,,j11-16, lantronix,LSB4,,,any,system,,any, lantronix,Lantronix Terminal,,,,lantronix,,, lantronix,Lantronix Terminal,,Admin,,lantronix,,, lantronix,SCS100,,,,access,,, lantronix,SCS100,,Multi,,access,Admin,secondary priv. password: system, lantronix,SCS1620,,,sysadmin,PASS,,, lantronix,SCS1620,,Multi,sysadmin,PASS,Admin,9600/N/8/1 XON/XOFF, lantronix,SCS200,,,,admin,,, lantronix,SCS200,,Multi,,admin,Admin,secondary priv. password: system, lantronix,SCS3200,,,login,access,,, lantronix,SCS3200,,,login,access,Admin,secondary port settings login: root password: system, lantronix,SCS400,,,,admin,,, lantronix,SCS400,,Multi,,admin,Admin,secondary priv. password: system, lantronix,SecureLinux Console Manager (SLC),,http/ssh,sysadmin,PASS,Admin,, lantronix,Terminal Server,,TCP 7000,,access,Admin,, lantronix,Terminal Server,,TCP 7000,,lantronix,Admin,, latisnetwork,border guard,,Multi,,,Admin,, leading edge,PC BIOS,,,,MASTER,,, leading edge,PC BIOS,,Admin,,MASTER,,, leadingedge,PC BIOS,,Console,,MASTER,Admin,, lenel,OnGuard,,http - tcp 9999,admin,admin,Admin,, level1,WAP_002,,,admin,admin,Administrator,, lg,Aria iPECS,All,Console,,jannie,maintenance,dealer backdoor password, lg,LAM200E / LAM200R,,Multi,admin,epicrouter,Admin,, lg,LAM200E / LAM200R,,Multi,admin,epicrouter,admin,, lg,lsp340,,,,6278,,, lgic,Goldstream,,,LR-ISDN,LR-ISDN,,, lgic,Goldstream,,2.5.1,LR-ISDN,LR-ISDN,,, lgic,Goldstream,2.5.1,,LR-ISDN,LR-ISDN,,, linksys,2700v ADSL Router,,,,epicrouter,Admin,, linksys,ADSL Router,,2700v,,epicrouter,,, linksys,AG 241 - ADSL2 Gateway with 4-Port Switch,,Multi,admin,admin,Admin,, linksys,AP 1120,,Multi,,,Admin,, linksys,BEFSR41,,,,admin,,, linksys,BEFSR41,2,HTTP,,admin,Admin,, linksys,BEFSR7(1) OR (4),,,blank,admin,,, linksys,BEFSR81,,http://192.168.0.1,admin,password,Administration,, linksys,BEFW11S4 Router,,,,admin,,, linksys,BEFW11S4,,1,admin,,,, linksys,BEFW11S4,,Admin,admin,,,, linksys,BEFW11S4,1,HTTP,admin,,Admin,, linksys,BEFW11S4,4,http://192.168.1.245,,,,, linksys,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics,192.168.0.1/docsisdevicestatus.asp, linksys,DSL,,,,admin,,, linksys,DSL,,Admin,,admin,,, linksys,DSL,,Telnet,,admin,Admin,, linksys,E3000,,,admin,admin,,, linksys,E3000,,192.168.1.1,admin,admin,admin,, linksys,EF1324,,multi,admin,,,, linksys,EF1704,,multi,admin,,,, linksys,EFG250,,,admin,admin,,, linksys,EFG250,2,HTTP,admin,admin,,, linksys,EtherFast Cable/DSL ROuter,,,Administrator,admin,,, linksys,EtherFast Cable/DSL ROuter,,Admin,Administrator,admin,,, linksys,EtherFast Cable/DSL ROuter,,Multi,Administrator,admin,Admin,, linksys,EtherFast Cable/DSL Router,,,admin,,,, linksys,EtherFast Cable/DSL Router,,Admin,admin,,,, linksys,EtherFast Cable/DSL Router,,HTTP,admin,,Admin,, linksys,Linksys Router DSL/Cable,,,,admin,,, linksys,Linksys Router DSL/Cable,,Admin,,admin,,, linksys,Linksys Router DSL/Cable,,HTTP,,admin,Admin,, linksys,PC22224,1.0,multi,admin,,Admin,, linksys,PC22604,1.0,multi,admin,,Admin,, linksys,PSUS4 USB Print Server,,,admin,admin,Administrator,, linksys,RT31P2,,http://192.168.15.1,,admin,Administration,, linksys,RT31P2-AT,,http://192.168.15.1,,admin,Administration,, linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,admin,admin,Admin,, linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,user,tivonpw,update access,use for flashing firmware, linksys,RV0041,,http://192.168.1.1,admin,admin,Administration,, linksys,RVS4000,,http://192.168.1.1,admin,admin,,, linksys,SFE2000,,http,admin,,Admin,, linksys,SFE2000,,http,l1_admin,,Admin,, linksys,SFE2000P,,http,admin,,Admin,, linksys,SFE2000P,,http,l1_admin,,Admin,, linksys,SGE2000,,http,admin,,Admin,, linksys,SGE2000,,http,l1_admin,,Admin,, linksys,SGE2000P,,http,admin,,Admin,, linksys,SGE2000P,,http,l1_admin,,Admin,, linksys,SPA400,,http,Admin,,Admin,, linksys,SPA9000,,http,Admin,,Admin,, linksys,SRW2008,,http://192.168.1.254,admin,,Admin,, linksys,SRW2008MP,,http://192.168.1.254,admin,,Admin,, linksys,SRW2008P,,http://192.168.1.254,admin,,Admin,, linksys,SRW2016,,http://192.168.1.254,admin,,Admin,, linksys,SRW2024,,http://192.168.1.254,admin,,Admin,, linksys,SRW2048,,http://192.168.1.254,admin,,Admin,, linksys,SRW208,,http://192.168.1.254,admin,,Admin,, linksys,SRW208G,,http://192.168.1.254,admin,,Admin,, linksys,SRW208L,,http://192.168.1.254,admin,,Admin,, linksys,SRW208MP,,http://192.168.1.254,admin,,Admin,, linksys,SRW208P,,http://192.168.1.254,admin,,Admin,, linksys,SRW224,,http://192.168.1.254,admin,,Admin,, linksys,SRW224G4,,http://192.168.1.254,admin,,Admin,, linksys,SRW248G4,,http://192.168.1.254,admin,,Admin,, linksys,SVR200,,,(AA Admin number),4x98,Autoattendant,, linksys,SVR200,,,(AA Admin number),4x99,Autoattendant,, linksys,SVR200,,,(username),3+(extension),User Access,, linksys,SVR200,,,,3450,Operator voicemailbox,, linksys,SVR200,,,,498,Autoattendant,, linksys,SVR3000,,,(AA Admin number),4x98,Autoattendant,, linksys,SVR3000,,,(AA Admin number),4x99,Autoattendant,, linksys,SVR3000,,,(username),3+(extension),User Access,, linksys,SVR3000,,,,3450,Operator voicemailbox,, linksys,SVR3000,,,,498,Autoattendant,, linksys,SVR3500,,,(AA Admin number),4x98,Autoattendant,, linksys,SVR3500,,,(AA Admin number),4x99,Autoattendant,, linksys,SVR3500,,,(username),3+(extension),User Access,, linksys,SVR3500,,,,3450,Operator voicemailbox,, linksys,SVR3500,,,,498,Autoattendant,, linksys,WAG54G,,HTTP,admin,admin,Admin,, linksys,WAG54GS,,Multi,admin,admin,Admin,, linksys,WAP Router,,4 Port 2.4GHz,,admin,,, linksys,WAP11,,,admin,admin,,, linksys,WAP11,,Multi,,,Admin,, linksys,WAP200,,http://192.168.1.245,,admin,Admin,, linksys,WAP4400N,,http://192.168.1.245,,admin,Admin,, linksys,WAP4400N,business series,192.168.1.245,admin,admin,admin,, linksys,WAP44OON,2,4-GHZ,http://192.168.1.245,Admin,Admin,, linksys,WAP51AB,,console,,Admin,Admin,, linksys,WAP54A,,http://192.168.1.252,,admin,Web-Based Config Utility,, linksys,WAP54G Router,,http://192.168.1.245,,admin,,, linksys,WAP54G,,,,admin,,, linksys,WAP54G,2,http://192.168.1.245,,admin,Admin,, linksys,WAP54GP,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GPE,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GX,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GX,1.0,web ,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., linksys,WAP55AG,1.0, 2.0 ,http://192.168.1.246,,admin,, linksys,WCG200,,http://192.168.0.1,,admin,Administration,, linksys,WET11,,,,admin,Admin,, linksys,WET54G,,,,admin,Admin,, linksys,WGA11B,,,,admin,Admin,, linksys,WMB54G,,,,admin,Admin,, linksys,WRK54G Router,,,,admin,,, linksys,WRT160n,V2,http://192.168.1.1,admin,admin,admin,, linksys,WRT300N,,http://192.168.1.1,,admin,Administration,, linksys,WRT54G Router,,,,admin,,, linksys,WRT54G v4,2.4,http:192.168.1.245,,admin,,, linksys,WRT54G,,Admin,admin,admin,,, linksys,WRT54G,,HTTP,admin,admin,Admin,, linksys,WRT54G,2.4,http:192.168.1.245,,admin,,, linksys,WRT54GC,,,admin,admin,,, linksys,WRT54GC,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GL,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GP2,,http://192.168.15.1,,admin,Administration,, linksys,WRT54GP2A-AT,,http://192.168.15.1,,admin,Administration,, linksys,WRT54GR,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GS Router,,,,admin,,, linksys,WRT54GS,,Admin,admin,admin,,, linksys,WRT54GS,1.1,HTTP,admin,admin,Admin,, linksys,WRT54GX,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GX2,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GX4,,http://192.168.1.1,,admin,Administration,, linksys,WRT55AG Router,,,,admin,,, linksys,WRTP54G-ER,,http://192.168.15.1,admin,admin,Admin,, linksys,WRTSL54GS,,http://192.168.1.1,,admin,Administration,, linksys,WRV54G,,,admin,admin,,, linksys,WRV54G,,Multi,admin,admin,,, linksys,WTR54GS,,http://192.168.16.1,,admin,Administration,, linksys,wrt110,,admin,admin,admin,,, linunx,Linux,,,Administrator,admin,,, linux,Slackware,,,gonzo,,,, linux,Slackware,,,satan,,,, linux,Slackware,,,snake,,,, linux,Slackware,,Multi,gonzo,,User,, linux,Slackware,,Multi,satan,,User,, linux,Slackware,,Multi,snake,,User,, linux,Slackware,,User,gonzo,,,, linux,Slackware,,User,satan,,,, linux,Slackware,,User,snake,,,, linux,UCLinux for UCSIMM,,,root,uClinux,,, linux,UCLinux for UCSIMM,,Admin,root,uClinux,,, linux,UCLinux for UCSIMM,,Multi,root,uClinux,Admin,, linux,back trak,3 and 4,,root,toor,,penetration version hacking WiFi, livingston,IRX Router,,,!root,,,, livingston,IRX Router,,Telnet,!root,,,, livingston,Livingston Portmaster 3,,,!root,,,, livingston,Officerouter,,,!root,,,, livingston,Officerouter,,,!root,blank,,, livingston,Officerouter,,Telnet,!root,,,, livingston,Portmaster 2R,,Telnet,root,,Admin,, livingston,Portmaster 3,,Telnet,!root,,,, livingston,Portmaster,2/3,,!root,blank,,, livingstone,Portmaster 2R,,,root,,,, livingstone,Portmaster 2R,,Admin,root,,,, lockdownnetworks,All Lockdown Products,up to 2.7,Console,setup,changeme(exclamation),User,, logitech,Logitech Mobile Headset,,Bluetooth,,0,audio access,, longshine,isscfg,,HTTP,admin,0,Admin,, lucent,AP-1000,,,public,public,,, lucent,Anymedia,,,LUCENT01,UI-PSWD-01,,, lucent,Anymedia,,,LUCENT02,UI-PSWD-02,,, lucent,Anymedia,,Admin,LUCENT01,UI-PSWD-01,,, lucent,Anymedia,,Admin,LUCENT02,UI-PSWD-02,,, lucent,Anymedia,,Console,LUCENT01,UI-PSWD-01,Admin,requires GSI software, lucent,Anymedia,,Console,LUCENT02,UI-PSWD-02,Admin,requires GSI software, lucent,B-STDX9000,,,(any 3 characters),cascade,,, lucent,B-STDX9000,,,,cascade,,, lucent,B-STDX9000,,Multi,(any 3 characters),cascade,,, lucent,B-STDX9000,,SNMP readwrite,,cascade,,, lucent,B-STDX9000,,all,,cascade,,, lucent,B-STDX9000,,debug mode,,cascade,,, lucent,B-STDX9000,all,SNMP,,cascade,Admin,, lucent,CBX 500,,,(any 3 characters),cascade,,, lucent,CBX 500,,,,cascade,,, lucent,CBX 500,,Multi,(any 3 characters),cascade,,, lucent,CBX 500,,SNMP readwrite,,cascade,,, lucent,CBX 500,,debug mode,,cascade,,, lucent,Cajun Family,,,root,root,,, lucent,Cellpipe 22A-BX-AR USB D,,Console,admin,AitbISP4eCiG,Admin,, lucent,GX 550,,,(any 3 characters),cascade,,, lucent,GX 550,,,,cascade,,, lucent,GX 550,,Multi,(any 3 characters),cascade,,, lucent,GX 550,,SNMP readwrite,,cascade,,, lucent,GX 550,,debug mode,,cascade,,, lucent,M770,,Telnet,super,super,Admin,, lucent,MAX-TNT,,,admin,Ascend,,, lucent,MAX-TNT,,Multi,admin,Ascend,,, lucent,Max TNT,,9.1.3,,admin,,, lucent,PSAX 1200 and below,,,root,ascend,,, lucent,PSAX 1200 and below,,Multi,root,ascend,,, lucent,PSAX 1250 and above,,,readonly,lucenttech2,,, lucent,PSAX 1250 and above,,,readwrite,lucenttech1,,, lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,,, lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,Admin,, lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,,, lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,Admin,, lucent,PacketStar,,Multi,Administrator,,Admin,, lucent,Packetstar (PSAX),,,readwrite,lucenttech1,,, lucent,Portmaster 2,,,!root,,,, lucent,Portmaster 3,,,!root,!ishtar,,unknown, lucent,Stinger,,,admin,Ascend,,, lucent,System 75,,,bciim,bciimpw,,, lucent,System 75,,,bcim,bcimpw,,, lucent,System 75,,,bcms,bcmspw,,, lucent,System 75,,,bcnas,bcnaspw,,, lucent,System 75,,,blue,bluepw,,, lucent,System 75,,,browse,browsepw,,, lucent,System 75,,,browse,looker,,, lucent,System 75,,,craft,craft,,, lucent,System 75,,,craft,craftpw,,, lucent,System 75,,,cust,custpw,,, lucent,System 75,,,enquiry,enquirypw,,, lucent,System 75,,,field,support,,, lucent,System 75,,,inads,inads,,, lucent,System 75,,,inads,indspw,,, lucent,System 75,,,init,initpw,,, lucent,System 75,,,locate,locatepw,,, lucent,System 75,,,maint,maintpw,,, lucent,System 75,,,maint,rwmaint,,, lucent,System 75,,,nms,nmspw,,, lucent,System 75,,,pw,pwpw,,, lucent,System 75,,,rcust,rcustpw,,, lucent,System 75,,,support,supportpw,,, lucent,System 75,,,sysadm,sysadmpw,,, lucent,System 75,,,tech,field,,, lucent,System 75,,Multi,bciim,bciimpw,,, lucent,System 75,,Multi,bcim,bcimpw,,, lucent,System 75,,Multi,bcms,bcmspw,,, lucent,System 75,,Multi,bcnas,bcnaspw,,, lucent,System 75,,Multi,blue,bluepw,,, lucent,System 75,,Multi,browse,browsepw,,, lucent,System 75,,Multi,browse,looker,,, lucent,System 75,,Multi,craft,craft,,, lucent,System 75,,Multi,craft,craftpw,,, lucent,System 75,,Multi,cust,custpw,,, lucent,System 75,,Multi,enquiry,enquirypw,,, lucent,System 75,,Multi,field,support,,, lucent,System 75,,Multi,inads,inads,,, lucent,System 75,,Multi,inads,indspw,,, lucent,System 75,,Multi,init,initpw,,, lucent,System 75,,Multi,locate,locatepw,,, lucent,System 75,,Multi,maint,maintpw,,, lucent,System 75,,Multi,maint,rwmaint,,, lucent,System 75,,Multi,nms,nmspw,,, lucent,System 75,,Multi,pw,pwpw,,, lucent,System 75,,Multi,rcust,rcustpw,,, lucent,System 75,,Multi,support,supportpw,,, lucent,System 75,,Multi,sysadm,admpw,,, lucent,System 75,,Multi,sysadm,sysadmpw,,, lucent,System 75,,Multi,sysadm,syspw,,, lucent,System 75,,Multi,tech,field,,, luxoncommunications,IP Phone,,http,administrator,19750407,Admin,, m technology,PC BIOS,,,,mMmM,,, m technology,PC BIOS,,Admin,,mMmM,,, machspeed,PC BIOS,,,,sp99dd,,, machspeed,PC BIOS,,Admin,,sp99dd,,, machspeed,PC BIOS,,Console,,sp99dd,Admin,, macromedia,Dreamweaver,,,,admin,,, macromedia,Dreamweaver,,FTP,,admin,Guest,, macromedia,Dreamweaver,,Guest,,admin,,, macsense,X-Router Pro,,,admin,admin,,, magic-pro,PC BIOS,,,,prost,,, magic-pro,PC BIOS,,Admin,,prost,,, magicpro,PC BIOS,,Console,,prost,Admin,, main street softworks,MCVE,,2.5,MCVEADMIN,password,,, main street softworks,MCVE,,Admin,MCVEADMIN,password,,, mainstreetsoftworks,MCVE,2.5,Multi,MCVEADMIN,password,Admin,, mambo,Site Server,,4.x,admin,admin,,, mambo,Site Server,4.x,HTTP,admin,admin,Admin,, mantis,Mantis,,,administrator,root,,, mantis,Mantis,,,administrator,root,Admin,, manufactor,Product,,Access_Validated,User,Password,,, marconi,Fore ATM Switches,,,ami,,,, marconi,Fore ATM Switches,,Admin,ami,,,, marconi,Fore ATM Switches,,Multi,ami,,Admin,, maxdata,ms2137,,Multi,,,Admin,, mcafee,3100,4.x, 5.x,local, ssh,root,root, mcafee,IntruShield IPS Sensor,,,admin,admin123,,, mcafee,IntruShield IPS Sensor,1.8,SSH,admin,admin123,,, mcafee,IntruShield IPS Sensor,1.9,SSH,admin,admin123,,, mcafee,IntruShield IPS Sensor,2.1,SSH,admin,admin123,,, mcafee,IntruShield IPS Sensor,3.1,SSH,admin,admin123,,, mcafee,IntruShield Manager,,,admin,admin123,,, mcafee,IntruShield Manager,1.8,HTTP,admin,admin123,,, mcafee,IntruShield Manager,1.9,HTTP,admin,admin123,,, mcafee,IntruShield Manager,2.1,HTTP,admin,admin123,,, mcafee,IntruShield Manager,3.1,HTTP,admin,admin123,,, mcafee,SCM 3100,4.1,Multi,scmadmin,scmchangeme,Admin,, mcafee,SCM 3200,,http,scmadmin,changeme,Admin,, mcafee,e250,,,webshield,webshieldchangeme,,, mcafee,e250,,HTTP,webshield,webshieldchangeme,,, mcdata,FC Switches/Directors,,Multi,Administrator,password,Admin,, mediatrix,2102,,http://x.x.x.x:8080,root,5678,,, mediatrix2102,,,http://192.168.1.102,admin,1234,,, mediatrix2102,mediatrix 2102,,HTTP,admin,1234,Admin,, medion,Routers,,HTTP,,medion,Admin,, megastar,BIOS,,Console,,star,Admin,, megastar,PC BIOS,,,,star,,, megastar,PC BIOS,,Admin,,star,,, megastar,PC BIOS,,Console,,star,Admin,, melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, memotec,CX Line,,Console,memotec,supervisor,,, memotec,CX Line,Any,Multi,memotec,supervisor,Console,, mentec,Micro/RSX,,,MICRO,RSX,,, mentec,Micro/RSX,,,MICRO,RSX,Admin,, mentec,Micro/RSX,,Admin,MICRO,RSX,,, mentec,Micro/RSX,,Multi,MICRO,RSX,Admin,, mercury interactive,Topaz Prism,,,admin,admin,,, mercury,234234,,234234,Administrator,admin,,, mercury,234234,,Admin,Administrator,admin,,, mercury,234234,234234,SNMP,Administrator,admin,Admin,, mercury,KT133A/686B,,,Administrator,admin,,, mercury,KT133A/686B,,Admin,Administrator,admin,,, mercury,KT133A/686B,,SNMP,Administrator,admin,Admin,, mercury,Topaz Prism,,http,admin,admin,Admin,, meridian,PBX,ANY,Telnet,service,smile,System,This is the default password on most Meridian systems., metro,phone,,voicemail,client,client,,, michiel,PHPList,2.6.4,http,admin,phplist,Admin,, michiel,PHPlist,,2.6.4,admin,phplist,,, micro soft,yahoo messenger,,,sherzad420,pakistan,,, microcom,ADSL Routers,,,admin,epicrouter,Admin,, microcom,ADSL Routers,,,user,password,Admin,, microcom,Unknown,,,admin,superuser,,, microcom,hdms,,,system,hdms,,unknown, micron,PC BIOS,,,,sldkj754,,, micron,PC BIOS,,,,xyzall,,, micron,PC BIOS,,Admin,,sldkj754,,, micron,PC BIOS,,Admin,,xyzall,,, micron,PC BIOS,,Console,,sldkj754,Admin,, micron,PC BIOS,,Console,,xyzall,Admin,, micronet,3351 / 3354,,Multi,admin,epicrouter,Admin,, micronet,Access Point,,Admin,root,default,,, micronet,Access Point,,SP912,root,default,,, micronet,SP3356,,,admin,epicrouter,,, micronet,SP3356,,HTTP,admin,epicrouter,,, micronet,SP3357,,HTTP,admin,epicrouter,admin,, micronet,SP3357,,admin,admin,epicrouter,,, micronet,SP5002,,Console,mac,,Admin,, micronet,SP912 Access Point,,Telnet,root,default,Admin,, micronet,SP916BM Wireless Broadband Router,,http,admin,admin,Admin,, micronet,SP916GK,V2,HTTP,admin,,Admin,, micronet,Wireless Broadband Router,,SP916BM,admin,admin,,, micronics,PC BIOS,,,,dn_04rjc,,, micronics,PC BIOS,,Admin,,dn_04rjc,,, micronics,PC BIOS,,Console,,dn_04rjc,Admin,, microplex,Print Server,,,root,root,,, microplex,Print Server,,Admin,root,root,,, microplex,Print Server,,Telnet,root,root,Admin,, microrouter,900i,,,,letmein,,, microrouter,900i,,Admin,,letmein,,, microrouter,900i,,Console/Multi,,letmein,Admin,, microsoft,200 server,,,,,,, microsoft,Great Plains,,,LessonUser1,,,, microsoft,Great Plains,,,LessonUser2,,,, microsoft,Great Plains,All,Multi,LessonUser1,,,, microsoft,Great Plains,All,Multi,LessonUser2,,,, microsoft,MN-100,,http://192.168.2.1,,admin,Administration,, microsoft,MN-500,,http://192.168.2.1,,admin,Administration,, microsoft,MN-700,,http://192.168.2.1,,admin,Administration,, microsoft,MN500 Base Station,,,,admin,Admin,, microsoft,MN700 Wireless AP/Router,,,MSHOME,MSHOME,,, microsoft,NT,,,,start,,, microsoft,NT,,,free user,user,,4, microsoft,SQL Server 2000,,SP3,sa,,,, microsoft,SQL Server,,,,sa,,, microsoft,SQL Server,,7,sa,,,, microsoft,SQL Server,,Admin,sa,,,, microsoft,SQL Server,7,Multi,sa,,Admin,, microsoft,SiteServer,,3.x,LDAP_Anonymous,LdapPassword_1,,, microsoft,SiteServer,3.x,http,LDAP_Anonymous,LdapPassword_1,,, microsoft,Windows NT,,,,,,, microsoft,Windows NT,,,Administrator,,,, microsoft,Windows NT,,,Administrator,,,All, microsoft,Windows NT,,,Administrator,Administrator,,, microsoft,Windows NT,,,Guest,,,All, microsoft,Windows NT,,,Guest,Guest,,, microsoft,Windows NT,,,IS_$hostname,(same),,, microsoft,Windows NT,,,Mail,,,All, microsoft,Windows NT,,,User,User,,, microsoft,Windows NT,,,pkoolt,pkooltPS,,4, microsoft,Windows NT,,Admin,Administrator,,,, microsoft,Windows NT,,Admin,Administrator,Administrator,,, microsoft,Windows NT,,Multi,Administrator,,Admin,, microsoft,Windows NT,,Multi,Administrator,Administrator,Admin,, microsoft,Windows NT,,Multi,Guest,,User,, microsoft,Windows NT,,Multi,Guest,Guest,User,, microsoft,Windows NT,,Multi,IS_$hostname,(same),User,hostname is your servername, microsoft,Windows NT,,Multi,User,User,User,, microsoft,Windows NT,,User,Guest,,,, microsoft,Windows NT,,User,Guest,Guest,,, microsoft,Windows NT,,User,IS_$hostname,(same),,, microsoft,Windows NT,,User,User,User,,, microsoft,Windows Storage Server 2008,,,Administrator,wSS2008!,,, mike peters,BasiliX,,1.1.1,bsxuser,bsxpass,,, mikepeters,BasiliX,1.1.1,sql,bsxuser,bsxpass,Admin,, mikrotik,,2.27,,admin,,172.16.11.1,, mikrotik,,2.9.27,,admin,admin,,, mikrotik,,2.9.27,http://10.0.0.138,admin,,,, mikrotik,,3.20,192.168.2.2,admin,0111313071,,MikroTik, mikrotik,,MikroTik v3.25,telnet,admin,admin,root,hello, mikrotik,MKE-3.28, 3.28 ,http://189.150.32.11/,admin,admin,root,, mikrotik,MicroTik,2.9.27,,admin,123,,, mikrotik,Mikrotik,2.95,,multilink,,,, mikrotik,Mikrotik2.9.42 windows xp,2.9.42,,admin,admin,admin,, mikrotik,Router OS,2.9.17,HTTP,admin,,Admin,, mikrotik,Router OS,all,Telnet,admin,,Admin,also for SSH and Web access, mikrotik,Windows XP,3.2,10.15.113.1,admin,admin,,, mikrotik,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,admin,admin,admin,admin, mikrotik,wbr-2310,1.0,192.168.7.103,admin,,admin,, mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,12345, mikrotik,windows xp,2.9.27,192.168.0.5,admin,18022011,root,, mikrotik,windows xp,2.9.34,http://10.1.11.1,admin,admin,Admin,, mikrotik,windows xp,webbox 2.9.27 login,192.168.2.1,admin,admin,root,, milan,mil-sm801p,,Multi,root,root,Admin,, minoltaqms,Magicolor 3100,3.0.0,HTTP,admin,,Admin,Gives access to Accounting, minoltaqms,Magicolor 3100,3.0.0,HTTP,operator,,Admin,, mintel,Mintel PBX,,,,SYSTEM,,, mintel,Mintel PBX,,,,SYSTEM,Admin,, mintel,Mintel PBX,,Admin,,SYSTEM,,, mitel,3300 ICP,all,HTTP,system,password,Admin,, mitel,MN3100ICP,,,system,mnet,,, mitel,MN3100ICP,,HTTP,system,mnet,,, mitel,SX200,All,Maint Port/attendant console,installer,1000,unlimited,This access controlls all other levels, mitel,SX2000,all,Multi,,,Admin,, mitel,sx2000,light,console,system,sx2000,Full installer,, mklencke,Forumtalk,1.0rc2,,root,blablabla,Admin,, mobotix,M10,,192.168.x.x,admin,meinsm,,, mobotix,M10,,HTTP,admin,meinsm,192.168.x.x,, mobotix,MOBOTIX M12,,http,admin,meinsm,http,, mobotix,Windows XP,all versions,http://192.168.0.1,,ronda_atocha,guest,, mobotix,abosalem,1,aaa,abosalem,1407,,, motive,Chorus,,,admin,isee,Admin,, motorola,Cablerouter,,,cablecom,router,,, motorola,Cablerouter,,Admin,cablecom,router,,, motorola,Cablerouter,,Telnet,cablecom,router,Admin,, motorola,DPC-550 cell phone,,keypad,,000000000000,unlocks the phone,, motorola,DPC-550 cell phone,,keypad,,123456123456,unlocks the phone,, motorola,Motorola Cablerouter,,,cablecom,router,Admin,, motorola,SB5120,,http://192.168.100.1,,,Administration,, motorola,SBG900,,HTTP,admin,motorola,Admin,, motorola,Various,,,service,smile,,, motorola,Various,,,setup,,,, motorola,WR850G Router,,,admin,password,,, motorola,WR850G,4.03,HTTP,admin,motorola,Admin,higher revisions likely the same, motorola,WR850R,,HTTP,admin,motorola,,, motorola,Wireless Router,WR850G,HTTP,admin,motorola,Admin,, motorola,vanguard,,Multi,,,Admin,, motorola,wr850r,,,admin,motorola,,, mp3mystic,MP3Mystic,,,admin,mp3mystic,,, mp3mystic,MP3Mystic,,http,admin,mp3mystic,Admin,, mro software,maximo,,Admin,SYSADM,sysadm,,, mro software,maximo,,v4.1,SYSADM,sysadm,,, mrosoftware,maximo,v4.1,Multi,SYSADM,sysadm,Admin,, mrv,3312-4c,,Multi,admin,admin,all,, mrv,3312-4c,,all,admin,admin,,, mtechnology,PC BIOS,,Console,,mMmM,Admin,, multitech,RASExpress Server,,,guest,,,5.30a, mutare software,EVM Admin,,All,,admin,,, mutaresoftware,EVM Admin,All,HTTP,,admin,Admin,, muze,Ariadne,,2.2.1,admin,muze,,, muze,Ariadne,2.2.1,http,admin,muze,Admin,, my test,1.0,,You,Loser,1234,,, mysql,Eventum,,,admin@example.com,admin,,, mysql,Eventum,,http,admin@example.com,admin,Admin,, mysql,MySQL,,,root,,,, mysql,MySQL,all,,root,,Admin,, nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin, : must be changed at 1st connection, nai,Intrushield IPS,1200/2600/4000,SSH + Web console,admin,admin123,Admin,, nanoteq,NetSeq firewall,,,admin,NetSeq,,*, nanoteq,NetSeq,,,admin,NetSeq,,, ncr,NCR UNIX,,,ncrm,ncrm,,, ncr,NCR UNIX,,Admin,ncrm,ncrm,,, ncr,NCR UNIX,,Multi,ncrm,ncrm,Admin,, nec,WARPSTAR-BaseStation,,Telnet,,,Admin,, netapp,NetCache,,,admin,NetCache,,any, netapp,SANscreen,5.1.3,http,admin,admin123,Admin,, netbotz,Netbotz Appliances,,,netbotz,netbotz,,, netcomm,NB1300+4,,,admin,password,,, netcomm,NB1300+4,all,Multi,admin,password,,, netcomm,NB1300,,,admin,password,,, netcomm,NB1300,all,Multi,admin,password,,, netcomm,NB5580 / NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, netcordia,NetMRI,,http,admin,admin,Admin,, netgear fr314,Firewall router,,,admin,password,,, netgear fr314,Firewall router,,Admin,admin,password,,, netgear,802.11b Wireless Cable/DSL router,,MR814,admin,password,,, netgear,CG814GCMR,,http://192.168.0.1,admin,password,admin,charter communications, netgear,CG814WG,v2,192.168.0.1,comcast,1234,setup,, netgear,Cable/DSL Router,,RT-314,admin,1234,,, netgear,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics page,192.168.0.1/docsisdevicestatus.html, netgear,DG632 ADSL Modem,V3.3.0a_cx,HTTP,admin,password,Admin,, netgear,DG632,,http://192.168.0.1,admin,password,Administration,, netgear,DG814 Router,,,admin,password,Admin,, netgear,DG824G,,,admin,password,Admin,, netgear,DG824M,,,admin,password,Admin,, netgear,DG834,,http://192.168.0.1,admin,password,Administration,, netgear,DG834G,,,,admin,Admin,, netgear,DG834G,,,,zebra,,, netgear,DG834G,,http://192.168.0.1,admin,password,Administration,, netgear,DG834G,,telnet,,zebra,Admin,, netgear,DG834GT,V1.03.87,http://192.168.0.1,,,root,, netgear,DG934G,,,admin,sky,admin,, netgear,DM602,,FTP Telnet and HTTP,admin,password,Admin,, netgear,FM114P,,Multi,,,Admin,, netgear,FR114P,,HTTP,admin,password,Admin,, netgear,FR314,,HTTP,admin,password,Admin,, netgear,FVS318,,HTTP,admin,password,Admin,, netgear,FVS338,,HTTP,admin,password,Admin,, netgear,FWG114P,,Multi,,admin,password,, netgear,GS724t,V1.0.1_1104,HTTP,,password,Admin,, netgear,GSM7224,,HTTP,admin,,Admin,, netgear,ME102 ,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, netgear,MR-314,,3.26,admin,1234,,, netgear,MR-314,,Admin,admin,1234,,, netgear,MR-314,3.26,HTTP,admin,1234,Admin,, netgear,MR314,,Multi,admin,1234,Admin,, netgear,MR814,,HTTP,admin,password,Admin,, netgear,RM356,,Admin,,1234,,, netgear,RM356,,None,,1234,,, netgear,RM356,None,Telnet,,1234,Admin,shutdown the router via internet, netgear,RP114,,,admin,1234,,, netgear,RP114,,3.26,,1234,,, netgear,RP114,,Admin,admin,1234,,, netgear,RP114,,Multi,admin,1234,admin,, netgear,RP114,,Telnet,admin,1234,Admin,, netgear,RP114,,admin,admin,1234,,, netgear,RP114,3.20-3.26,HTTP,admin,1234,Admin,default http://192.168.0.1, netgear,RP114,3.26,Telnet,,1234,Admin,telnet 192.168.0.1, netgear,RP614,,,admin,password,,, netgear,RP614,,Admin,admin,password,,, netgear,RP614,,HTTP,admin,password,Admin,, netgear,RT-311,,Admin,Admin,1234,,, netgear,RT-311,,HTTP,Admin,1234,Admin,, netgear,RT311,,,Admin,1234,,Any, netgear,RT311/RT314,,,admin,1234,,, netgear,RT314,,,admin,admin,,, netgear,RT314,,Admin,admin,1234,,, netgear,RT314,,Admin,admin,admin,,, netgear,RT314,,HTTP and Telnet,admin,1234,Admin,, netgear,RT314,,HTTP,admin,admin,Admin,, netgear,Router,,DG814,admin,password,,, netgear,Router/Modem,,Multi,admin,password,Admin,, netgear,WAP54G,,,,admin,Admin,, netgear,WG302,,,admin,password,,, netgear,WG302,,HTTP,admin,password,,, netgear,WG602 Router,2,,admin,password,,, netgear,WG602,,Firmware Version 1.04.0,super,5777364,,, netgear,WG602,,Firmware Version 1.5.67,super,5777364,,, netgear,WG602,,Firmware Version 1.7.14,superman,21241036,,, netgear,WG602,Firmware Version 1.04.0,HTTP,super,5777364,Admin,, netgear,WG602,Firmware Version 1.5.67,HTTP,super,5777364,Admin,, netgear,WG602,Firmware Version 1.7.14,HTTP,superman,21241036,Admin,, netgear,WGE101,,,admin,password,Admin,, netgear,WGR-614,,admin,admin,password,,, netgear,WGR101 Router,,,admin,password,,, netgear,WGR614 Router,v4,,admin,setup,Admin,, netgear,WGR614,v5,http://192.168.0.1 or http://routerlogin.net/,admin,password,Administration,, netgear,WGR624 Router,,,admin,password,,, netgear,WGT624,,http://192.168.0.1,admin,password,Administration,, netgear,WGT634U,,HTTP,admin,password,Admin,, netgear,wpn824,,,edel,1234567,,, netgeatr,RP114,,3.20-3.26,admin,1234,,, netgenesis,NetAnalysis Web Reporting,,,naadmin,naadmin,,, netgenesis,NetAnalysis Web Reporting,,Admin,naadmin,naadmin,,, netgenesis,NetAnalysis Web Reporting,,HTTP,naadmin,naadmin,Admin,, netopia,3351,,Multi,,,Admin,, netopia,4542,,Multi,admin,noway,Admin,, netopia,Caiman 3200,3200,http://192.168.1.1,admin,1234,,, netopia,Netopia 7100,,,,,,, netopia,Netopia 7100,,Admin,,,,, netopia,Netopia 7100,,Telnet,,,Admin,, netopia,Netopia 9500,,,netopia,netopia,,, netopia,Netopia 9500,,Admin,netopia,netopia,,, netopia,Netopia 9500,,Telnet,netopia,netopia,Admin,, netopia,R7100,,,admin,admin,,4.6.2, netopia,R910,,Multi,admin,,Admin,, netport,Express 10/100,,,setup,setup,,, netport,Express 10/100,,Admin,setup,setup,,, netport,Express 10/100,,multi,setup,setup,Admin,, netscape,Enterprise Server,,http,admin,admin,Admin,, netscape,Netscape Enterprise Server,,,admin,admin,,, netscreen,Firewall,,,netscreen,netscreen,,, netscreen,Firewall,,Admin,netscreen,netscreen,,, netscreen,Firewall,,multi,netscreen,netscreen,Admin,, netscreen,IDP,,2.0p1,admin,netscreen,,, netscreen,IDP,2.0p1,,admin,netscreen,Admin,, netscreen,NS-5 NS10 NS-100,,,netscreen,netscreen,,, netscreen,Netscreen,,,netscreen,netscreen,,, netscreen,all firewalls,,all,netscreen,netscreen,,, netscreen,firewall,,HTTP,Administrator,,Admin,, netscreen,firewall,,Telnet,Administrator,,Admin,, netscreen,firewall,,Telnet,admin,,Admin,, netscreen,firewall,,Telnet,operator,,Admin,, netscreen,ns-25,,,,,,, netscreen,ns-25,,Admin,,,,, netscreen,ns-25,,Multi,,,Admin,, netstar,Netpilot,,Multi,admin,password,Admin,, network appliance,NetCache,,Admin,admin,NetCache,,, network appliance,NetCache,,any,admin,NetCache,,, network associates,WebShield Security Appliance e250,,,e250,e250changeme,,, network associates,WebShield Security Appliance e250,,Admin,e250,e250changeme,,, network associates,WebShield Security Appliance e500,,,e500,e500changeme,,, network associates,WebShield Security Appliance e500,,Admin,e500,e500changeme,,, networkappliance,NetCache,any,Multi,admin,NetCache,Admin,, networkassociates,WebShield Security Appliance e250,,HTTP,e250,e250changeme,Admin,, networkassociates,WebShield Security Appliance e500,,HTTP,e500,e500changeme,Admin,, networkeverywhere,NWR11B,,HTTP,,admin,Admin,, networkice,ICECap Manager,,2.0.22 <,iceman,,,, networkice,ICECap Manager,below 2.0.22,port 8081,iceman,,Admin,, newbridge,Congo/Amazon/Tigris,,,netman,netman,,All versions, nexland,ISB SOHO,,http://192.168.0.1,admin,,Administration,, nexland,ISB2LAN,,http://192.168.0.1,user:,,Administration,, nexland,Pro100,,http://192.168.0.1,user:,,Administration,, nexland,Pro400,,http://192.168.0.1,user:,,Administration,, nexland,Pro800 Turbo,,http://192.168.0.1,admin,,Administration,, nexsan,ATABoy2F,8.10f,http,ADMIN,PASSWORD,Admin,, next,NeXTStep,,,me,,,, next,NeXTStep,,,root,NeXT,,, next,NeXTStep,,,signa,signa,,, next,NeXTStep,,Admin,root,NeXT,,, next,NeXTStep,,Multi,me,,User,, next,NeXTStep,,Multi,root,NeXT,Admin,, next,NeXTStep,,Multi,signa,signa,User,, next,NeXTStep,,User,me,,,, next,NeXTStep,,User,signa,signa,,, ngsec,NGSecureWeb,,HTTP,admin,,Admin,, ngsec,NGSecureWeb,,HTTP,admin,asd,Admin,, ngsecure,The Hooy,,1,admin,admin,,, ngsecure,The Hooy,,Admin,admin,admin,,, nicesystemsltd,NICELog,,,Administrator,nicecti,Admin,, nicesystemsltd,NICELog,,,Nice-admin,nicecti,Admin,, niksun,NetDetector,,Multi,vcr,NetVCR,Admin,su after login with empty password, nimble,BIOS,,Console,,xdfk9874t3,Admin,, nimble,PC BIOS,,,,xdfk9874t3,,, nimble,PC BIOS,,Admin,,xdfk9874t3,,, nimble,PC BIOS,,Console,,xdfk9874t3,Admin,, nixdorf,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, no,no,,microsoft,9000,1234567890,,, nokia,7360,,Multi,,9999,Admin,, nokia,770,,,root,rootme,Admin,, nokia,DSL Router M1122,,1.1 - 1.2,m1122,m1122,,, nokia,DSL Router M1122,,Administrator,Telecom,Telecom,,, nokia,DSL Router M1122,,Multi,Telecom,Telecom,Administrator,, nokia,DSL Router M1122,,User,m1122,m1122,,, nokia,DSL Router M1122,1.1 - 1.2,Multi,m1122,m1122,User,, nokia,M10,,,Telecom,Telecom,,, nokia,MW1122,,Multi,telecom,telecom,Admin,Only in New Zealand., nokia,all mobiles,,Security Code,nop,12345,,, nokia,all mobiles,nop,Multi,nop,12345,Security Code,, nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,, can be reset., nokia,n800,all,ssh (remote or localhost),root,rootme,root user,by default ssh not installed, nokia,nokia,,,root,nokia,,, nokia,nokia,,security code,nop,123454,,, nokia,phone,,voicemail,client,client,,, norstar,Meridian KSU,,Admin,**23646,23646,,, norstar,Meridian KSU,,Config,**266344,266344,,, nortel,Accelar (Passport) 1000 series routing switches,,,l2,l2,,, nortel,Accelar (Passport) 1000 series routing switches,,,l3,l3,,, nortel,Accelar (Passport) 1000 series routing switches,,,ro,ro,,, nortel,Accelar (Passport) 1000 series routing switches,,,rw,rw,,, nortel,Accelar (Passport) 1000 series routing switches,,,rwa,rwa,,, nortel,Accelar (Passport) 1000 series routing switches,,Layer 2 Read Write,l2,l2,,, nortel,Accelar (Passport) 1000 series routing switches,,Layer 3 (and layer 2) Read Write,l3,l3,,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,l2,l2,Layer 2 Read Write,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,l3,l3,Layer 3 (and layer 2) Read Write,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,ro,ro,Read Only,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,rw,rw,Read Write,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,rwa,rwa,Read Write All,, nortel,Accelar (Passport) 1000 series routing switches,,Read Only,ro,ro,,, nortel,Accelar (Passport) 1000 series routing switches,,Read Write All,rwa,rwa,,, nortel,Accelar (Passport) 1000 series routing switches,,Read Write,rw,rw,,, nortel,BCM,,3.5 - 3-7,administrator,PlsChgMe!,,, nortel,BCM,,3.5 - 3-7,supervisor,visor,,, nortel,BayStack,,310/303,,secure,,, nortel,Baystack 350-24T,,,,secure,,, nortel,Baystack 350-24T,,Admin,,secure,,, nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RO,user,Read Only,, nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RW,secure,Admin,, nortel,Baystack,310/303,,,,Admin,, nortel,Baystack,310/303,,,secure,Admin,, nortel,Baystack,350-24T,Telnet,,secure,Admin,, nortel,Business Communications Manager,3.5 and 3.6,https,supervisor,PlsChgMe!,Admin,Note exclamation in password, nortel,Business Communications Manager,3.5-3.7,,administrator,PlsChgMe!,Admin,Note exclamation in password, nortel,Business Communications Manager,3.5-3.7,,supervisor,visor,Admin,, nortel,Contivity Extranet Switches,2.x,,admin,setup,,, nortel,Contivity Switch,,,admin,setup,,, nortel,Contivity,,Admin,admin,setup,,, nortel,Contivity,,Extranet/VPN switches,admin,setup,,, nortel,Contivity,Extranet/VPN switches,HTTP,admin,setup,Admin,, nortel,Extranet Switches,,,admin,setup,,, nortel,Extranet Switches,,Admin,admin,setup,,, nortel,Extranet Switches,,Multi,admin,setup,Admin,, nortel,MIPCD,1.04,,user,,Admin,, nortel,MIPCD,1.04,FTP,user,user,r/w,, nortel,MIPCD,1.04,http,admin,admin,Admin,, nortel,MIPCD,1.5,,,,,, nortel,MIPCD,1.5,,user,,Admin,, nortel,MIPCD,1.5,,user,user,,, nortel,MIRAN,,,distrib,distrib0,Admin,, nortel,MIRAN,,,user,user0000,Admin,, nortel,MIRAN,3.xx,serial,admin,admin000,Admin,, nortel,Matra 6501 PBX,,,,0,,, nortel,Matra 6501 PBX,,Admin,,0000,,, nortel,Matra 6501 PBX,,Console,,0,Admin,, nortel,Matra 6501 PBX,,Console,,0000,Admin,, nortel,Meridian 1 PBX,,,0,0,,OS Release 2, nortel,Meridian CCR,,,ccrusr,ccrusr,,, nortel,Meridian CCR,,,disttech,4tas,,, nortel,Meridian CCR,,,maint,maint,,, nortel,Meridian CCR,,,service,smile,,, nortel,Meridian CCR,,Maintenance account,maint,maint,,, nortel,Meridian CCR,,Multi,disttech,4tas,engineer account,, nortel,Meridian CCR,,Multi,disttech,etas,engineer account,, nortel,Meridian CCR,,Multi,maint,maint,Maintenance account,, nortel,Meridian CCR,,Multi,service,smile,general engineer account,, nortel,Meridian CCR,,User account,ccrusr,ccrusr,,, nortel,Meridian CCR,,engineer account,disttech,4tas,,, nortel,Meridian CCR,,general engineer account,service,smile,,, nortel,Meridian CCR,,telnet/modem,ccrusr,ccrusr,User account,, nortel,Meridian CCR,,telnet/modem,mlusr,mlusr,user account,, nortel,Meridian CCR,,telnet/modem,trmcnfg,trmcnfg,,, nortel,Meridian KSU,,Console,**23646,23646,Admin,, nortel,Meridian KSU,,Console,**266344,266344,Config,, nortel,Meridian Link,,,disttech,4tas,,, nortel,Meridian Link,,,maint,maint,,, nortel,Meridian Link,,,mlusr,mlusr,,, nortel,Meridian Link,,,service,smile,,, nortel,Meridian Link,,Maintenance account,maint,maint,,, nortel,Meridian Link,,Multi,disttech,4tas,engineer account,, nortel,Meridian Link,,Multi,disttech,etas,engineer account,, nortel,Meridian Link,,Multi,maint,maint,Maintenance account,, nortel,Meridian Link,,Multi,service,smile,general engineer account,, nortel,Meridian Link,,engineer account,disttech,4tas,,, nortel,Meridian Link,,general engineer account,service,smile,,, nortel,Meridian Link,,telnet/modem,ccrusr,ccrusr,User account,, nortel,Meridian Link,,telnet/modem,mlusr,mlusr,user account,, nortel,Meridian Link,,telnet/modem,trmcnfg,trmcnfg,,, nortel,Meridian Link,,user account,mlusr,mlusr,,, nortel,Meridian Link/CCR/Max,,,ccrusr,ccrusr,,, nortel,Meridian Link/CCR/Max,,,disttech,4tas,,, nortel,Meridian Link/CCR/Max,,,disttech,disttech,,, nortel,Meridian Link/CCR/Max,,,maint,maint,,, nortel,Meridian Link/CCR/Max,,,mlusr,mlusr,,, nortel,Meridian Link/CCR/Max,,,service,smile,,, nortel,Meridian Link/CCR/Max,,,trmcnfg,trmcnfg,,, nortel,Meridian MAX,,,maint,ntacdmax,,, nortel,Meridian MAX,,,root,3ep5w2u,,, nortel,Meridian MAX,,,service,smile,,, nortel,Meridian MAX,,Admin,root,3ep5w2u,,, nortel,Meridian MAX,,Maintenance account,maint,ntacdmax,,, nortel,Meridian MAX,,general engineer account,service,smile,,, nortel,Meridian Mail,10.xx,AX in serial,admin,admin,Admin,, nortel,Meridian Mail,13.xx,AX in serial,system,adminpwd,Admin,, nortel,Meridian Max,,Multi,maint,maint,Maintenance account,, nortel,Meridian Max,,Multi,maint,ntacdmax,Maintenance account,, nortel,Meridian Max,,Multi,root,3ep5w2u,Admin,, nortel,Meridian Max,,Multi,service,smile,general engineer account,, nortel,Meridian Max,,telnet/modem,disttech,4tas,,, nortel,Meridian Max,,telnet/modem,disttech,etas,,, nortel,Meridian Max,,telnet/modem,mlusr,mlusr,user account,, nortel,Meridian Max,,telnet/modem,trmcnfg,trmcnfg,,, nortel,Meridian Max,,telnet/moden,ccrusr,ccrusr,User account,, nortel,Meridian PBX,,,login,0,,, nortel,Meridian PBX,,,login,0000,,, nortel,Meridian PBX,,,login,1111,,, nortel,Meridian PBX,,,login,8429,,, nortel,Meridian PBX,,,spcl,0,,, nortel,Meridian PBX,,,spcl,0000,,, nortel,Meridian PBX,,Serial,login,0,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,login,0000,,, nortel,Meridian PBX,,Serial,login,1111,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,login,8429,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,spcl,0,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,spcl,0000,,, nortel,Meridian,,,,,,, nortel,Meridian,,Admin,,,,, nortel,Meridian,,Multi,,,Admin,, nortel,Millennium,,keypad while hung up,,2727378,Maintenance,, nortel,Norstar Modular ICS,,,**ADMIN (**23646),ADMIN (23646),,Any, nortel,Norstar Modular ICS,,,**CONFIG (266344),CONFIG (266344),,Any, nortel,Norstar,,Console,266344,266344,Admin,, nortel,Phone System,All,From Phone,,266344,Installers,, nortel,Remote Office 9150,,,admin,root,,, nortel,Remote Office 9150,,Admin,admin,root,,, nortel,Remote Office 9150,,Client,admin,root,Admin,, nortel,Shasta,,,admin,admin,,any, nortel,Symposium,,,sysadmin,nortel,,, nortel,Symposium,,,sysadmin,nortel,Admin,, nortel,dms,,Multi,,,Admin,, nortel,p8600,,Multi,,,Admin,, novell,Groupwise 5.5 Enhancement Pack,,,servlet,manager,,, novell,Groupwise 6.0,,,servlet,manager,,, novell,Groupwise,,5.5 Enhancement Pack,servlet,manager,,, novell,Groupwise,,6,servlet,manager,,, novell,Groupwise,,Servlet Mgr,servlet,manager,,, novell,Groupwise,5.5 Enhancement Pack,HTTP,servlet,manager,Servlet Mgr,, novell,Groupwise,6.0,HTTP,servlet,manager,Servlet Mgr,, novell,NDS iMonitor,,,sadmin,,,, novell,NDS iMonitor,,http,sadmin,,Admin,, novell,NetWare,,,BACKUP,,,Any, novell,NetWare,,,CHEY_ARCHSVR,WONDERLAND,,Arcserve, novell,NetWare,,,GATE,,,Any, novell,NetWare,,,GATEWAY,,,Any, novell,NetWare,,,HPLASER,,,Any, novell,NetWare,,,LASER,,,Any, novell,NetWare,,,LASERWRITER,,,Any, novell,NetWare,,,MAIL,,,Any, novell,NetWare,,,POST,,,Any, novell,NetWare,,,PRINT,,,any, novell,NetWare,,,PRINTER,,,Any, novell,NetWare,,,ROUTER,,,Any, novell,NetWare,,,WINDOWS_PASSTHRU,,,Any, novell,NetWare,,,guest,,,Any, novell,Netware,,,ADMIN,,,, novell,Netware,,,ADMIN,ADMIN,,, novell,Netware,,,ARCHIVIST,,,, novell,Netware,,,ARCHIVIST,ARCHIVIST,,, novell,Netware,,,BACKUP,,,, novell,Netware,,,BACKUP,BACKUP,,, novell,Netware,,,CHEY_ARCHSVR,,,, novell,Netware,,,CHEY_ARCHSVR,CHEY_ARCHSVR,,, novell,Netware,,,FAX,,,, novell,Netware,,,FAX,FAX,,, novell,Netware,,,FAXUSER,,,, novell,Netware,,,FAXUSER,FAXUSER,,, novell,Netware,,,FAXWORKS,,,, novell,Netware,,,FAXWORKS,FAXWORKS,,, novell,Netware,,,GATEWAY,,,, novell,Netware,,,GATEWAY,GATEWAY,,, novell,Netware,,,GUEST,,,, novell,Netware,,,GUEST,GUEST,,, novell,Netware,,,GUEST,GUESTGUE,,, novell,Netware,,,GUEST,GUESTGUEST,,, novell,Netware,,,GUEST,TSEUG,,, novell,Netware,,,HPLASER,,,, novell,Netware,,,HPLASER,HPLASER,,, novell,Netware,,,LASER,,,, novell,Netware,,,LASER,LASER,,, novell,Netware,,,LASERWRITER,,,, novell,Netware,,,LASERWRITER,LASERWRITER,,, novell,Netware,,,MAIL,,,, novell,Netware,,,MAIL,MAIL,,, novell,Netware,,,POST,,,, novell,Netware,,,POST,POST,,, novell,Netware,,,PRINT,,,, novell,Netware,,,PRINT,PRINT,,, novell,Netware,,,PRINTER,,,, novell,Netware,,,PRINTER,PRINTER,,, novell,Netware,,,ROOT,,,, novell,Netware,,,ROOT,ROOT,,, novell,Netware,,,ROUTER,,,, novell,Netware,,,SABRE,,,, novell,Netware,,,SUPERVISOR,,,, novell,Netware,,,SUPERVISOR,HARRIS,,, novell,Netware,,,SUPERVISOR,NETFRAME,,, novell,Netware,,,SUPERVISOR,NF,,, novell,Netware,,,SUPERVISOR,NFI,,, novell,Netware,,,SUPERVISOR,SUPERVISOR,,, novell,Netware,,,SUPERVISOR,SYSTEM,,, novell,Netware,,,TEST,,,, novell,Netware,,,TEST,TEST,,, novell,Netware,,,USER_TEMPLATE,,,, novell,Netware,,,USER_TEMPLATE,USER_TEMPLATE,,, novell,Netware,,,WANGTEK,,,, novell,Netware,,,WANGTEK,WANGTEK,,, novell,Netware,,,WINDOWS_PASSTHRU,,,, novell,Netware,,,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, novell,Netware,,,WINSABRE,SABRE,,, novell,Netware,,,WINSABRE,WINSABRE,,, novell,Netware,,Multi,ADMIN,,,, novell,Netware,,Multi,ADMIN,ADMIN,,, novell,Netware,,Multi,ARCHIVIST,,,, novell,Netware,,Multi,ARCHIVIST,ARCHIVIST,,, novell,Netware,,Multi,BACKUP,,,, novell,Netware,,Multi,BACKUP,BACKUP,,, novell,Netware,,Multi,CHEY_ARCHSVR,,,, novell,Netware,,Multi,CHEY_ARCHSVR,CHEY_ARCHSVR,,, novell,Netware,,Multi,FAX,,,, novell,Netware,,Multi,FAX,FAX,,, novell,Netware,,Multi,FAXUSER,,,, novell,Netware,,Multi,FAXUSER,FAXUSER,,, novell,Netware,,Multi,FAXWORKS,,,, novell,Netware,,Multi,FAXWORKS,FAXWORKS,,, novell,Netware,,Multi,GATEWAY,,,, novell,Netware,,Multi,GATEWAY,GATEWAY,,, novell,Netware,,Multi,GUEST,,,, novell,Netware,,Multi,GUEST,GUEST,,, novell,Netware,,Multi,GUEST,GUESTGUE,,, novell,Netware,,Multi,GUEST,GUESTGUEST,,, novell,Netware,,Multi,GUEST,TSEUG,,, novell,Netware,,Multi,HPLASER,,,, novell,Netware,,Multi,HPLASER,HPLASER,,, novell,Netware,,Multi,LASER,,,, novell,Netware,,Multi,LASER,LASER,,, novell,Netware,,Multi,LASERWRITER,,,, novell,Netware,,Multi,LASERWRITER,LASERWRITER,,, novell,Netware,,Multi,MAIL,,,, novell,Netware,,Multi,MAIL,MAIL,,, novell,Netware,,Multi,POST,,,, novell,Netware,,Multi,POST,POST,,, novell,Netware,,Multi,PRINT,,,, novell,Netware,,Multi,PRINT,PRINT,,, novell,Netware,,Multi,PRINTER,,,, novell,Netware,,Multi,PRINTER,PRINTER,,, novell,Netware,,Multi,ROOT,,,, novell,Netware,,Multi,ROOT,ROOT,,, novell,Netware,,Multi,ROUTER,,,, novell,Netware,,Multi,SABRE,,,, novell,Netware,,Multi,SUPERVISOR,,,, novell,Netware,,Multi,SUPERVISOR,HARRIS,,, novell,Netware,,Multi,SUPERVISOR,NETFRAME,,, novell,Netware,,Multi,SUPERVISOR,NF,,, novell,Netware,,Multi,SUPERVISOR,NFI,,, novell,Netware,,Multi,SUPERVISOR,SUPERVISOR,,, novell,Netware,,Multi,SUPERVISOR,SYSTEM,,, novell,Netware,,Multi,TEST,,,, novell,Netware,,Multi,TEST,TEST,,, novell,Netware,,Multi,USER_TEMPLATE,,,, novell,Netware,,Multi,USER_TEMPLATE,USER_TEMPLATE,,, novell,Netware,,Multi,WANGTEK,,,, novell,Netware,,Multi,WANGTEK,WANGTEK,,, novell,Netware,,Multi,WINDOWS_PASSTHRU,,,, novell,Netware,,Multi,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, novell,Netware,,Multi,WINSABRE,SABRE,,, novell,Netware,,Multi,WINSABRE,WINSABRE,,, novell,iChain,,1.5,,san fran 8,,, novell,iChain,,2,,cr0wmt 911,,, novell,iChain,,Admin,,cr0wmt 911,,, novell,iChain,,Admin,,san fran 8,,, novell,iChain,1.5,Console,,san fran 8,Admin,, novell,iChain,2.0,Console,,cr0wmt 911,Admin,, novell,iChain/ICS,,1.2 2.0,,root,,, novell,iChain/ICS,,Admin,,root,,, novell,iChain/ICS,1.2 2.0,Telnet,,root,Admin,, novell,iManager,,2.0.1,admin,novell,,, novell,iManager,2.0.1,,,admin,novell,, nrg,DSC338 Printer,1.19,HTTP,,password,Admin,no user, nrg,SP C312DN,1.03,,Admin,,Administrator,, nsi,vmXfw,,,root,nsi,Admin,, nullsoft,Shoutcast,1.9.5,PLS,admin,changeme,Admin,, nurit,PC BIOS,,,$system,,,, nurit,PC BIOS,,Admin,$system,,,, nurit,PC BIOS,,Console,$system,,Admin,, oce,Printers,,Admin,,0 and the number of OCE printer,,, oce,Printers,Hardware,HTTP,,0 and the number of OCE printer,Admin,, oce,TCS500,All Versions,Console,oceservice,ser4OCE!,Technical/Admin,Reboot for normal user mode., oce,TDS300,ALL,Direct,guest,RtFM!,,, oce,TDS450,,,oceservice,ser4OCE!,tech/admin,, oce,cm4010,,Web Console via IP Address,Administrator,admin,administrator level,, oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, oki,B6300,,,root,last six charachter of mac address,root,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, oki,C5550 MFP,,http,,*blank*,Admin,, oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,C610,,,admin,aaaaaa,admin,, oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, oki,C830,all,web,root,last 6 digits of the MAC address,,, oki,C8800,,Web or Console,root,Last six characters of MAC address,,, oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, oki,ES8460,,http,admin,aaaaaa,,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,MC560,,Printer Menu,,,,When asked for password, oki,MC860,,Web interface,admin,aaaaaa,admin,, oki,ML491n,,http://,Admin,OkiLAN,Admin,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, olicom,8600,,9600,-,AaBbCcDd,,, olicom,8600,all,Serial,-,AaBbCcDd,9600,, olitec,sx 200 adsl modem router,,Multi,admin,adslolitec,Admin,default ip 192.168.0.250, olitec,sx 202 adsl modem router,,HTTP,admin,admin,Admin,Firmware: 2.7.0.9(UE0.B1C)3.3.0.23, omnitronix,Data-Link,DL150,Multi,,SMDR,Admin,, omnitronix,Data-Link,DL150,Multi,,SUPER,Admin,, omron,MR104FH,,Multi,,,Admin,, oodie.com,odfaq,,admin,admin,admin,,, oodiecom,odfaq,2.1.0,HTTP,admin,admin,admin,, openconnect,OC://WebConnect Pro,,Multi,admin,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminstat,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminuser,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminview,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,helpdesk,OCS,Admin,, openmarket,Content Server,,,Bobo,hello,,, openmarket,Content Server,,,Coco,hello,,, openmarket,Content Server,,,Flo,hello,,, openmarket,Content Server,,,Joe,hello,,, openmarket,Content Server,,,Moe,hello,,, openmarket,Content Server,,,admin,demo,,, openmarket,Content Server,,,user_analyst,demo,,, openmarket,Content Server,,,user_approver,demo,,, openmarket,Content Server,,,user_author,demo,,, openmarket,Content Server,,,user_checker,demo,,, openmarket,Content Server,,,user_designer,demo,,, openmarket,Content Server,,,user_editor,demo,,, openmarket,Content Server,,,user_expert,demo,,, openmarket,Content Server,,,user_marketer,demo,,, openmarket,Content Server,,,user_pricer,demo,,, openmarket,Content Server,,,user_publisher,demo,,, openmarket,Content Server,,http,Admin,demo,Admin,, openmarket,Content Server,,http,Bobo,hello,,, openmarket,Content Server,,http,Coco,hello,,, openmarket,Content Server,,http,Flo,hello,,, openmarket,Content Server,,http,Joe,hello,,, openmarket,Content Server,,http,Moe,hello,,, openmarket,Content Server,,http,user_analyst,demo,,, openmarket,Content Server,,http,user_approver,demo,,, openmarket,Content Server,,http,user_author,demo,,, openmarket,Content Server,,http,user_checker,demo,,, openmarket,Content Server,,http,user_designer,demo,,, openmarket,Content Server,,http,user_editor,demo,,, openmarket,Content Server,,http,user_expert,demo,,, openmarket,Content Server,,http,user_marketer,demo,,, openmarket,Content Server,,http,user_pricer,demo,,, openmarket,Content Server,,http,user_publisher,demo,,, openwave,MSP,,Admin,cac_admin,cacadmin,,, openwave,MSP,,Any,cac_admin,cacadmin,,, openwave,MSP,Any,HTTP,cac_admin,cacadmin,Admin,, openwave,WAP Gateway,,Admin,sys,uplink,,, openwave,WAP Gateway,,Any,sys,uplink,,, openwave,WAP Gateway,Any,HTTP,sys,uplink,Admin,, openxchange,Open-Xchange LDAP,Open source versions below 0.8.2,,mailadmin,secret,high risk,, openxchange,Open-Xchange Server,5,,mailadmin,secret,Admin,, optivision,Nac 3000 & 4000,,,root,mpegvideo,,any, optivision,Nac 3000,,,root,mpegvideo,,, optus,Counter-Strike,,1.3,Administrator,admin,,, optus,Counter-Strike,,Admin,Administrator,admin,,, optus,Counter-Strike,1.3,Multi,Administrator,admin,Admin,, oracle corporation,Oracle,,,ABM,ABM,,, oracle corporation,Oracle,,,ADAMS,WOOD,,, oracle corporation,Oracle,,,ADLDEMO,ADLDEMO,,, oracle corporation,Oracle,,,ADMIN,JETSPEED,,, oracle corporation,Oracle,,,ADMINISTRATOR,ADMIN,,, oracle corporation,Oracle,,,AHL,AHL,,, oracle corporation,Oracle,,,AHM,AHM,,, oracle corporation,Oracle,,,AK,AK,,, oracle corporation,Oracle,,,ALHRO,XXX,,, oracle corporation,Oracle,,,ALHRW,XXX,,, oracle corporation,Oracle,,,ALR,ALR,,, oracle corporation,Oracle,,,AMS,AMS,,, oracle corporation,Oracle,,,AMV,AMV,,, oracle corporation,Oracle,,,ANDY,SWORDFISH,,, oracle corporation,Oracle,,,ANONYMOUS,ANONYMOUS,,, oracle corporation,Oracle,,,AP,AP,,, oracle corporation,Oracle,,,APPLMGR,APPLMGR,,, oracle corporation,Oracle,,,APPLSYS,FND,,, oracle corporation,Oracle,,,APPLSYSPUB,FNDPUB,,, oracle corporation,Oracle,,,APPLYSYSPUB,PUB,,, oracle corporation,Oracle,,,APPS,APPS,,, oracle corporation,Oracle,,,APPS_MRC,APPS,,, oracle corporation,Oracle,,,APPUSER,APPPASSWORD,,, oracle corporation,Oracle,,,AQ,AQ,,, oracle corporation,Oracle,,,AQDEMO,AQDEMO,,, oracle corporation,Oracle,,,AQJAVA,AQJAVA,,, oracle corporation,Oracle,,,AQUSER,AQUSER,,, oracle corporation,Oracle,,,AR,AR,,, oracle corporation,Oracle,,,ASF,ASF,,, oracle corporation,Oracle,,,ASG,ASG,,, oracle corporation,Oracle,,,ASL,ASL,,, oracle corporation,Oracle,,,ASO,ASO,,, oracle corporation,Oracle,,,ASP,ASP,,, oracle corporation,Oracle,,,AST,AST,,, oracle corporation,Oracle,,,ATM,SAMPLEATM,,, oracle corporation,Oracle,,,AUDIOUSER,AUDIOUSER,,, oracle corporation,Oracle,,,AURORA$JIS$UTILITY$,INVALID,,, oracle corporation,Oracle,,,AURORA$ORB$UNAUTHENTICATED,,,, oracle corporation,Oracle,,,AX,AX,,, oracle corporation,Oracle,,,AZ,AZ,,, oracle corporation,Oracle,,,BC4J,BC4J,,, oracle corporation,Oracle,,,BEN,BEN,,, oracle corporation,Oracle,,,BIC,BIC,,, oracle corporation,Oracle,,,BIL,BIL,,, oracle corporation,Oracle,,,BIM,BIM,,, oracle corporation,Oracle,,,BIS,BIS,,, oracle corporation,Oracle,,,BIV,BIV,,, oracle corporation,Oracle,,,BIX,BIX,,, oracle corporation,Oracle,,,BLAKE,PAPER,,, oracle corporation,Oracle,,,BLEWIS,BLEWIS,,, oracle corporation,Oracle,,,BOM,BOM,,, oracle corporation,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, oracle corporation,Oracle,,,BRUGERNAVN,ADGANGSKODE,,, oracle corporation,Oracle,,,BRUKERNAVN,PASSWORD,,, oracle corporation,Oracle,,,BSC,BSC,,, oracle corporation,Oracle,,,BUG_REPORTS,BUG_REPORTS,,, oracle corporation,Oracle,,,CALVIN,HOBBES,,, oracle corporation,Oracle,,,CATALOG,CATALOG,,, oracle corporation,Oracle,,,CCT,CCT,,, oracle corporation,Oracle,,,CDEMO82,UNKNOWN,,, oracle corporation,Oracle,,,CDEMOCOR,CDEMOCOR,,, oracle corporation,Oracle,,,CDEMORID,CDEMORID,,, oracle corporation,Oracle,,,CDEMOUCB,CDEMOUCB,,, oracle corporation,Oracle,,,CDOUGLAS,CDOUGLAS,,, oracle corporation,Oracle,,,CE,CE,,, oracle corporation,Oracle,,,CENTRA,CENTRA,,, oracle corporation,Oracle,,,CENTRAL,CENTRAL,,, oracle corporation,Oracle,,,CIDS,CIDS,,, oracle corporation,Oracle,,,CIS,ZWERG,,, oracle corporation,Oracle,,,CISINFO,ZWERG,,, oracle corporation,Oracle,,,CLARK,CLOTH,,, oracle corporation,Oracle,,,CLKANA,,,, oracle corporation,Oracle,,,CLKRT,,,, oracle corporation,Oracle,,,CN,CN,,, oracle corporation,Oracle,,,COMPANY,COMPANY,,, oracle corporation,Oracle,,,COMPIERE,COMPIERE,,, oracle corporation,Oracle,,,CQSCHEMAUSER,PASSWORD,,, oracle corporation,Oracle,,,CQUSERDBUSER,PASSWORD,,, oracle corporation,Oracle,,,CRP,CRP,,, oracle corporation,Oracle,,,CS,CS,,, oracle corporation,Oracle,,,CSC,CSC,,, oracle corporation,Oracle,,,CSD,CSD,,, oracle corporation,Oracle,,,CSE,CSE,,, oracle corporation,Oracle,,,CSF,CSF,,, oracle corporation,Oracle,,,CSI,CSI,,, oracle corporation,Oracle,,,CSL,CSL,,, oracle corporation,Oracle,,,CSMIG,CSMIG,,, oracle corporation,Oracle,,,CSP,CSP,,, oracle corporation,Oracle,,,CSR,CSR,,, oracle corporation,Oracle,,,CSS,CSS,,, oracle corporation,Oracle,,,CTXDEMO,CTXDEMO,,, oracle corporation,Oracle,,,CTXSYS,UNKNOWN,,, oracle corporation,Oracle,,,CUA,CUA,,, oracle corporation,Oracle,,,CUE,CUE,,, oracle corporation,Oracle,,,CUF,CUF,,, oracle corporation,Oracle,,,CUG,CUG,,, oracle corporation,Oracle,,,CUI,CUI,,, oracle corporation,Oracle,,,CUN,CUN,,, oracle corporation,Oracle,,,CUP,CUP,,, oracle corporation,Oracle,,,CUS,CUS,,, oracle corporation,Oracle,,,CZ,CZ,,, oracle corporation,Oracle,,,DATA_SCHEMA,LASKJDF098KSDAF09,,, oracle corporation,Oracle,,,DBI,MUMBLEFRATZ,,, oracle corporation,Oracle,,,DBSNMP,DBSNMP,,, oracle corporation,Oracle,,,DBVISION,DBVISION,,, oracle corporation,Oracle,,,DCM,,,, oracle corporation,Oracle,,,DDIC,199220706,,, oracle corporation,Oracle,,,DEMO,DEMO,,, oracle corporation,Oracle,,,DEMO8,DEMO8,,, oracle corporation,Oracle,,,DEMO9,DEMO9,,, oracle corporation,Oracle,,,DES,DES,,, oracle corporation,Oracle,,,DES2K,DES2K,,, oracle corporation,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, oracle corporation,Oracle,,,DIANE,PASSWO1,,, oracle corporation,Oracle,,,DIP,DIP,,, oracle corporation,Oracle,,,DISCOVERER5,,,, oracle corporation,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, oracle corporation,Oracle,,,DMSYS,DMSYS,,, oracle corporation,Oracle,,,DPF,DPFPASS,,, oracle corporation,Oracle,,,DSGATEWAY,,,, oracle corporation,Oracle,,,DSSYS,DSSYS,,, oracle corporation,Oracle,,,DTSP,DTSP,,, oracle corporation,Oracle,,,EAA,EAA,,, oracle corporation,Oracle,,,EAM,EAM,,, oracle corporation,Oracle,,,EARLYWATCH,SUPPORT,,, oracle corporation,Oracle,,,EAST,EAST,,, oracle corporation,Oracle,,,EC,EC,,, oracle corporation,Oracle,,,ECX,ECX,,, oracle corporation,Oracle,,,EJB,EJB,,, oracle corporation,Oracle,,,EJSADMIN,EJSADMIN,,, oracle corporation,Oracle,,,EMP,EMP,,, oracle corporation,Oracle,,,ENG,ENG,,, oracle corporation,Oracle,,,ENI,ENI,,, oracle corporation,Oracle,,,ESTOREUSER,ESTORE,,, oracle corporation,Oracle,,,EVENT,EVENT,,, oracle corporation,Oracle,,,EVM,EVM,,, oracle corporation,Oracle,,,EXAMPLE,EXAMPLE,,, oracle corporation,Oracle,,,EXFSYS,EXFSYS,,, oracle corporation,Oracle,,,EXTDEMO,EXTDEMO,,, oracle corporation,Oracle,,,EXTDEMO2,EXTDEMO2,,, oracle corporation,Oracle,,,FA,FA,,, oracle corporation,Oracle,,,FEM,FEM,,, oracle corporation,Oracle,,,FII,FII,,, oracle corporation,Oracle,,,FINANCE,FINANCE,,, oracle corporation,Oracle,,,FINPROD,FINPROD,,, oracle corporation,Oracle,,,FLM,FLM,,, oracle corporation,Oracle,,,FND,FND,,, oracle corporation,Oracle,,,FOO,BAR,,, oracle corporation,Oracle,,,FPT,FPT,,, oracle corporation,Oracle,,,FRM,FRM,,, oracle corporation,Oracle,,,FROSTY,SNOWMAN,,, oracle corporation,Oracle,,,FTE,FTE,,, oracle corporation,Oracle,,,FV,FV,,, oracle corporation,Oracle,,,GL,GL,,, oracle corporation,Oracle,,,GMA,GMA,,, oracle corporation,Oracle,,,GMD,GMD,,, oracle corporation,Oracle,,,GME,GME,,, oracle corporation,Oracle,,,GMF,GMF,,, oracle corporation,Oracle,,,GMI,GMI,,, oracle corporation,Oracle,,,GML,GML,,, oracle corporation,Oracle,,,GMP,GMP,,, oracle corporation,Oracle,,,GMS,GMS,,, oracle corporation,Oracle,,,GPFD,GPFD,,, oracle corporation,Oracle,,,GPLD,GPLD,,, oracle corporation,Oracle,,,GR,GR,,, oracle corporation,Oracle,,,HADES,HADES,,, oracle corporation,Oracle,,,HCPARK,HCPARK,,, oracle corporation,Oracle,,,HLW,HLW,,, oracle corporation,Oracle,,,HR,HR,,, oracle corporation,Oracle,,,HRI,HRI,,, oracle corporation,Oracle,,,HVST,HVST,,, oracle corporation,Oracle,,,HXC,HXC,,, oracle corporation,Oracle,,,HXT,HXT,,, oracle corporation,Oracle,,,IBA,IBA,,, oracle corporation,Oracle,,,IBE,IBE,,, oracle corporation,Oracle,,,IBP,IBP,,, oracle corporation,Oracle,,,IBU,IBU,,, oracle corporation,Oracle,,,IBY,IBY,,, oracle corporation,Oracle,,,ICDBOWN,ICDBOWN,,, oracle corporation,Oracle,,,ICX,ICX,,, oracle corporation,Oracle,,,IDEMO_USER,IDEMO_USER,,, oracle corporation,Oracle,,,IEB,IEB,,, oracle corporation,Oracle,,,IEC,IEC,,, oracle corporation,Oracle,,,IEM,IEM,,, oracle corporation,Oracle,,,IEO,IEO,,, oracle corporation,Oracle,,,IES,IES,,, oracle corporation,Oracle,,,IEU,IEU,,, oracle corporation,Oracle,,,IEX,IEX,,, oracle corporation,Oracle,,,IFSSYS,IFSSYS,,, oracle corporation,Oracle,,,IGC,IGC,,, oracle corporation,Oracle,,,IGF,IGF,,, oracle corporation,Oracle,,,IGI,IGI,,, oracle corporation,Oracle,,,IGS,IGS,,, oracle corporation,Oracle,,,IGW,IGW,,, oracle corporation,Oracle,,,IMAGEUSER,IMAGEUSER,,, oracle corporation,Oracle,,,IMC,IMC,,, oracle corporation,Oracle,,,IMEDIA,IMEDIA,,, oracle corporation,Oracle,,,IMT,IMT,,, oracle corporation,Oracle,,,INTERNAL,SYS_STNT,,, oracle corporation,Oracle,,,INV,INV,,, oracle corporation,Oracle,,,IPA,IPA,,, oracle corporation,Oracle,,,IPD,IPD,,, oracle corporation,Oracle,,,IPLANET,IPLANET,,, oracle corporation,Oracle,,,ISC,ISC,,, oracle corporation,Oracle,,,ITG,ITG,,, oracle corporation,Oracle,,,JA,JA,,, oracle corporation,Oracle,,,JAKE,PASSWO4,,, oracle corporation,Oracle,,,JE,JE,,, oracle corporation,Oracle,,,JG,JG,,, oracle corporation,Oracle,,,JILL,PASSWO2,,, oracle corporation,Oracle,,,JL ,JL ,,, oracle corporation,Oracle,,,JMUSER,JMUSER,,, oracle corporation,Oracle,,,JOHN,JOHN,,, oracle corporation,Oracle,,,JONES,STEEL,,, oracle corporation,Oracle,,,JTF,JTF,,, oracle corporation,Oracle,,,JTM,JTM,,, oracle corporation,Oracle,,,JTS,JTS,,, oracle corporation,Oracle,,,JWARD,AIROPLANE,,, oracle corporation,Oracle,,,KWALKER,KWALKER,,, oracle corporation,Oracle,,,L2LDEMO,L2LDEMO,,, oracle corporation,Oracle,,,LBACSYS,LBACSYS,,, oracle corporation,Oracle,,,LIBRARIAN,SHELVES,,, oracle corporation,Oracle,,,MANPROD,MANPROD,,, oracle corporation,Oracle,,,MARK,PASSWO3,,, oracle corporation,Oracle,,,MASCARM,MANAGER,,, oracle corporation,Oracle,,,MASTER,PASSWORD,,, oracle corporation,Oracle,,,MDDATA,MDDATA,,, oracle corporation,Oracle,,,MDDEMO,MDDEMO,,, oracle corporation,Oracle,,,MDDEMO_CLERK,MGR,,, oracle corporation,Oracle,,,MDDEMO_MGR,MGR,,, oracle corporation,Oracle,,,MDSYS,MDSYS,,, oracle corporation,Oracle,,,ME,ME,,, oracle corporation,Oracle,,,MFG,MFG,,, oracle corporation,Oracle,,,MGR,MGR,,, oracle corporation,Oracle,,,MGWUSER,MGWUSER,,, oracle corporation,Oracle,,,MIGRATE,MIGRATE,,, oracle corporation,Oracle,,,MILLER,MILLER,,, oracle corporation,Oracle,,,MMO2,UNKNOWN,,, oracle corporation,Oracle,,,MODTEST,YES,,, oracle corporation,Oracle,,,MOREAU,MOREAU,,, oracle corporation,Oracle,,,MRP,MRP,,, oracle corporation,Oracle,,,MSC,MSC,,, oracle corporation,Oracle,,,MSD,MSD,,, oracle corporation,Oracle,,,MSO,MSO,,, oracle corporation,Oracle,,,MSR,MSR,,, oracle corporation,Oracle,,,MTSSYS,MTSSYS,,, oracle corporation,Oracle,,,MTS_USER,MTS_PASSWORD,,, oracle corporation,Oracle,,,MWA,MWA,,, oracle corporation,Oracle,,,MXAGENT,MXAGENT,,, oracle corporation,Oracle,,,NAMES,NAMES,,, oracle corporation,Oracle,,,NEOTIX_SYS,NEOTIX_SYS,,, oracle corporation,Oracle,,,NNEUL,NNEULPASS,,, oracle corporation,Oracle,,,NOMEUTENTE,PASSWORD,,, oracle corporation,Oracle,,,NOME_UTILIZADOR,SENHA,,, oracle corporation,Oracle,,,NOM_UTILISATEUR,MOT_DE_PASSE,,, oracle corporation,Oracle,,,NUME_UTILIZATOR,PAROL,,, oracle corporation,Oracle,,,OAIHUB902,,,, oracle corporation,Oracle,,,OAS_PUBLIC,,,, oracle corporation,Oracle,,,OCITEST,OCITEST,,, oracle corporation,Oracle,,,OCM_DB_ADMIN,OCM_DB_ADMIN,,, oracle corporation,Oracle,,,ODM,ODM,,, oracle corporation,Oracle,,,ODM_MTR,MTRPW,,, oracle corporation,Oracle,,,ODS,ODS,,, oracle corporation,Oracle,,,ODSCOMMON,ODSCOMMON,,, oracle corporation,Oracle,,,ODS_SERVER,ODS_SERVER,,, oracle corporation,Oracle,,,OE,OE,,, oracle corporation,Oracle,,,OEMADM,OEMADM,,, oracle corporation,Oracle,,,OEMREP,OEMREP,,, oracle corporation,Oracle,,,OEM_REPOSITORY,,,, oracle corporation,Oracle,,,OKB,OKB,,, oracle corporation,Oracle,,,OKC,OKC,,, oracle corporation,Oracle,,,OKE,OKE,,, oracle corporation,Oracle,,,OKI,OKI,,, oracle corporation,Oracle,,,OKO,OKO,,, oracle corporation,Oracle,,,OKR,OKR,,, oracle corporation,Oracle,,,OKS,OKS,,, oracle corporation,Oracle,,,OKX,OKX,,, oracle corporation,Oracle,,,OLAPDBA,OLAPDBA,,, oracle corporation,Oracle,,,OLAPSVR,INSTANCE,,, oracle corporation,Oracle,,,OLAPSYS,MANAGER,,, oracle corporation,Oracle,,,OMWB_EMULATION,ORACLE,,, oracle corporation,Oracle,,,ONT,ONT,,, oracle corporation,Oracle,,,OO,OO,,, oracle corporation,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, oracle corporation,Oracle,,,OPI,OPI,,, oracle corporation,Oracle,,,ORACACHE,,,, oracle corporation,Oracle,,,ORACLE,ORACLE,,, oracle corporation,Oracle,,,ORADBA,ORADBAPASS,,, oracle corporation,Oracle,,,ORANGE,,,, oracle corporation,Oracle,,,ORAPROBE,ORAPROBE,,, oracle corporation,Oracle,,,ORAREGSYS,ORAREGSYS,,, oracle corporation,Oracle,,,ORASSO,ORASSO,,, oracle corporation,Oracle,,,ORASSO_DS,ORASSO_DS,,, oracle corporation,Oracle,,,ORASSO_PA,ORASSO_PA,,, oracle corporation,Oracle,,,ORASSO_PS,ORASSO_PS,,, oracle corporation,Oracle,,,ORASSO_PUBLIC,ORASSO_PUBLIC,,, oracle corporation,Oracle,,,ORASTAT,ORASTAT,,, oracle corporation,Oracle,,,ORCLADMIN,WELCOME,,, oracle corporation,Oracle,,,ORDCOMMON,ORDCOMMON,,, oracle corporation,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, oracle corporation,Oracle,,,ORDSYS,ORDSYS,,, oracle corporation,Oracle,,,OSE$HTTP$ADMIN,INVALID,,, oracle corporation,Oracle,,,OSM,OSM,,, oracle corporation,Oracle,,,OSP22,OSP22,,, oracle corporation,Oracle,,,OSSAQ_HOST,,,, oracle corporation,Oracle,,,OSSAQ_PUB,,,, oracle corporation,Oracle,,,OSSAQ_SUB,,,, oracle corporation,Oracle,,,OTA,OTA,,, oracle corporation,Oracle,,,OUTLN,OUTLN,,, oracle corporation,Oracle,,,OWA,OWA,,, oracle corporation,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, oracle corporation,Oracle,,,OWF_MGR,OWF_MGR,,, oracle corporation,Oracle,,,OWNER,OWNER,,, oracle corporation,Oracle,,,OZF,OZF,,, oracle corporation,Oracle,,,OZP,OZP,,, oracle corporation,Oracle,,,OZS,OZS,,, oracle corporation,Oracle,,,PA,PA,,, oracle corporation,Oracle,,,PANAMA,PANAMA,,, oracle corporation,Oracle,,,PATROL,PATROL,,, oracle corporation,Oracle,,,PAUL,PAUL,,, oracle corporation,Oracle,,,PERFSTAT,PERFSTAT,,, oracle corporation,Oracle,,,PERSTAT,PERSTAT,,, oracle corporation,Oracle,,,PJM,PJM,,, oracle corporation,Oracle,,,PLANNING,PLANNING,,, oracle corporation,Oracle,,,PLEX,PLEX,,, oracle corporation,Oracle,,,PLSQL,SUPERSECRET,,, oracle corporation,Oracle,,,PM,PM,,, oracle corporation,Oracle,,,PMI,PMI,,, oracle corporation,Oracle,,,PN,PN,,, oracle corporation,Oracle,,,PO,PO,,, oracle corporation,Oracle,,,PO7,PO7,,, oracle corporation,Oracle,,,PO8,PO8,,, oracle corporation,Oracle,,,POA,POA,,, oracle corporation,Oracle,,,POM,POM,,, oracle corporation,Oracle,,,PORTAL,,,, oracle corporation,Oracle,,,PORTAL30,PORTAL31,,, oracle corporation,Oracle,,,PORTAL30_ADMIN,PORTAL30_ADMIN,,, oracle corporation,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, oracle corporation,Oracle,,,PORTAL30_PS,PORTAL30_PS,,, oracle corporation,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, oracle corporation,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, oracle corporation,Oracle,,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,,, oracle corporation,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, oracle corporation,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, oracle corporation,Oracle,,,PORTAL_APP,,,, oracle corporation,Oracle,,,PORTAL_DEMO,,,, oracle corporation,Oracle,,,PORTAL_PUBLIC,,,, oracle corporation,Oracle,,,PORTAL_SSO_PS,PORTAL_SSO_PS,,, oracle corporation,Oracle,,,POS,POS,,, oracle corporation,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, oracle corporation,Oracle,,,PRIMARY,PRIMARY,,, oracle corporation,Oracle,,,PSA,PSA,,, oracle corporation,Oracle,,,PSB,PSB,,, oracle corporation,Oracle,,,PSP,PSP,,, oracle corporation,Oracle,,,PUBSUB,PUBSUB,,, oracle corporation,Oracle,,,PUBSUB1,PUBSUB1,,, oracle corporation,Oracle,,,PV,PV,,, oracle corporation,Oracle,,,QA,QA,,, oracle corporation,Oracle,,,QDBA,QDBA,,, oracle corporation,Oracle,,,QP,QP,,, oracle corporation,Oracle,,,QS,CHANGE_ON_INSTALL,,, oracle corporation,Oracle,,,QS_ADM,UNKNOWN,,, oracle corporation,Oracle,,,QS_CB,QS_CB,,, oracle corporation,Oracle,,,QS_CBADM,UNKNOWN,,, oracle corporation,Oracle,,,QS_CS,UNKNOWN,,, oracle corporation,Oracle,,,QS_ES,CHANGE_ON_INSTALL,,, oracle corporation,Oracle,,,QS_OS,CHANGE_ON_INSTALL,,, oracle corporation,Oracle,,,QS_WS,UNKNOWN,,, oracle corporation,Oracle,,,RE,RE,,, oracle corporation,Oracle,,,REPADMIN,REPADMIN,,, oracle corporation,Oracle,,,REPORTS,REPORTS,,, oracle corporation,Oracle,,,REPORTS_USER,OEM_TEMP,,, oracle corporation,Oracle,,,REP_MANAGER,DEMO,,, oracle corporation,Oracle,,,REP_OWNER,REP_OWNER,,, oracle corporation,Oracle,,,REP_USER,DEMO,,, oracle corporation,Oracle,,,RG,RG,,, oracle corporation,Oracle,,,RHX,RHX,,, oracle corporation,Oracle,,,RLA,RLA,,, oracle corporation,Oracle,,,RLM,RLM,,, oracle corporation,Oracle,,,RMAIL,RMAIL,,, oracle corporation,Oracle,,,RMAN,RMAN,,, oracle corporation,Oracle,,,RRS,RRS,,, oracle corporation,Oracle,,,SAMPLE,SAMPLE,,, oracle corporation,Oracle,,,SAP,SAPR3,,, oracle corporation,Oracle,,,SAPR3,SAP,,, oracle corporation,Oracle,,,SCOTT,TIGGER,,, oracle corporation,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, oracle corporation,Oracle,,,SECDEMO,SECDEMO,,, oracle corporation,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, oracle corporation,Oracle,,,SH,SH,,, oracle corporation,Oracle,,,SITEMINDER,SITEMINDER,,, oracle corporation,Oracle,,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,,, oracle corporation,Oracle,,,SLIDE,SLIDEPW,,, oracle corporation,Oracle,,,SPIERSON,SPIERSON,,, oracle corporation,Oracle,,,SSP,SSP,,, oracle corporation,Oracle,,,STARTER,STARTER,,, oracle corporation,Oracle,,,STRAT_USER,STRAT_PASSWD,,, oracle corporation,Oracle,,,SWPRO,SWPRO,,, oracle corporation,Oracle,,,SWUSER,SWUSER,,, oracle corporation,Oracle,,,SYMPA,SYMPA,,, oracle corporation,Oracle,,,SYS,MANAGER,,, oracle corporation,Oracle,,,SYSADM,SYSADM,,, oracle corporation,Oracle,,,SYSADMIN,SYSADMIN,,, oracle corporation,Oracle,,,SYSMAN,OEM_TEMP,,, oracle corporation,Oracle,,,SYSTEM,ORACLE,,, oracle corporation,Oracle,,,TAHITI,TAHITI,,, oracle corporation,Oracle,,,TALBOT,MT6CH5,,, oracle corporation,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, oracle corporation,Oracle,,,TEC,TECTEC,,, oracle corporation,Oracle,,,TEST,TEST,,, oracle corporation,Oracle,,,TESTPILOT,TESTPILOT,,, oracle corporation,Oracle,,,TEST_USER,TEST_USER,,, oracle corporation,Oracle,,,THINSAMPLE,THINSAMPLEPW,,, oracle corporation,Oracle,,,TIBCO,TIBCO,,, oracle corporation,Oracle,,,TIP37,TIP37,,, oracle corporation,Oracle,,,TRACESVR,TRACE,,, oracle corporation,Oracle,,,TRAVEL,TRAVEL,,, oracle corporation,Oracle,,,TSDEV,TSDEV,,, oracle corporation,Oracle,,,TSUSER,TSUSER,,, oracle corporation,Oracle,,,TURBINE,TURBINE,,, oracle corporation,Oracle,,,UDDISYS,,,, oracle corporation,Oracle,,,ULTIMATE,ULTIMATE,,, oracle corporation,Oracle,,,UM_ADMIN,UM_ADMIN,,, oracle corporation,Oracle,,,UM_CLIENT,UM_CLIENT,,, oracle corporation,Oracle,,,USER,USER,,, oracle corporation,Oracle,,,USER0,USER0,,, oracle corporation,Oracle,,,USER1,USER1,,, oracle corporation,Oracle,,,USER2,USER2,,, oracle corporation,Oracle,,,USER3,USER3,,, oracle corporation,Oracle,,,USER4,USER4,,, oracle corporation,Oracle,,,USER5,USER5,,, oracle corporation,Oracle,,,USER6,USER6,,, oracle corporation,Oracle,,,USER7,USER7,,, oracle corporation,Oracle,,,USER8,USER8,,, oracle corporation,Oracle,,,USER9,USER9,,, oracle corporation,Oracle,,,USER_NAME,PASSWORD,,, oracle corporation,Oracle,,,USUARIO,CLAVE,,, oracle corporation,Oracle,,,UTILITY,UTILITY,,, oracle corporation,Oracle,,,UTLBSTATU,UTLESTAT,,, oracle corporation,Oracle,,,VEA,VEA,,, oracle corporation,Oracle,,,VEH,VEH,,, oracle corporation,Oracle,,,VERTEX_LOGIN,VERTEX_LOGIN,,, oracle corporation,Oracle,,,VIDEOUSER,VIDEOUSER,,, oracle corporation,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, oracle corporation,Oracle,,,VIRUSER,VIRUSER,,, oracle corporation,Oracle,,,VPD_ADMIN,AKF7D98S2,,, oracle corporation,Oracle,,,VRR1,UNKNOWN,,, oracle corporation,Oracle,,,WEBCAL01,WEBCAL01,,, oracle corporation,Oracle,,,WEBDB,WEBDB,,, oracle corporation,Oracle,,,WEBREAD,WEBREAD,,, oracle corporation,Oracle,,,WEBSYS,MANAGER,,, oracle corporation,Oracle,,,WEBUSER,YOUR_PASS,,, oracle corporation,Oracle,,,WEST,WEST,,, oracle corporation,Oracle,,,WFADMIN,WFADMIN,,, oracle corporation,Oracle,,,WH,WH,,, oracle corporation,Oracle,,,WIP,WIP,,, oracle corporation,Oracle,,,WIRELESS,,,, oracle corporation,Oracle,,,WKADMIN,WKADMIN,,, oracle corporation,Oracle,,,WKPROXY,UNKNOWN,,, oracle corporation,Oracle,,,WKSYS,WKSYS,,, oracle corporation,Oracle,,,WKUSER,WKUSER,,, oracle corporation,Oracle,,,WK_PROXY,,,, oracle corporation,Oracle,,,WK_SYS,,,, oracle corporation,Oracle,,,WK_TEST,WK_TEST,,, oracle corporation,Oracle,,,WMS,WMS,,, oracle corporation,Oracle,,,WMSYS,WMSYS,,, oracle corporation,Oracle,,,WOB,WOB,,, oracle corporation,Oracle,,,WPS,WPS,,, oracle corporation,Oracle,,,WSH,WSH,,, oracle corporation,Oracle,,,WSM,WSM,,, oracle corporation,Oracle,,,WWW,WWW,,, oracle corporation,Oracle,,,WWWUSER,WWWUSER,,, oracle corporation,Oracle,,,XADEMO,XADEMO,,, oracle corporation,Oracle,,,XDB,CHANGE_ON_INSTALL,,, oracle corporation,Oracle,,,XDP,XDP,,, oracle corporation,Oracle,,,XLA,XLA,,, oracle corporation,Oracle,,,XNC,XNC,,, oracle corporation,Oracle,,,XNI,XNI,,, oracle corporation,Oracle,,,XNM,XNM,,, oracle corporation,Oracle,,,XNP,XNP,,, oracle corporation,Oracle,,,XNS,XNS,,, oracle corporation,Oracle,,,XPRT,XPRT,,, oracle corporation,Oracle,,,XTR,XTR,,, oracle,7 or later,,,Scott,Tiger,,Any, oracle,7 or later,,,sys,change_on_install,,, oracle,7 or later,,,system,manager,,, oracle,8.1.7,,,,,,, oracle,8.1.7,,Admin,,,,, oracle,8.1.7,,Multi,,,Admin,, oracle,8i,,,internal,oracle,,all, oracle,8i,,,sys,change_on_install,,8.1.6, oracle,Database,Any,,#INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,#INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ABM,ABM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ADAMS,WOOD,Threatcon 4 (least serious),, oracle,Database,Any,,ADLDEMO,ADLDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ADMIN,JETSPEED,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ADMIN,WELCOME,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ADMINISTRATOR,ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ADMINISTRATOR,ADMINISTRATOR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AHL,AHL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AHM,AHM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AK,AK,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ALHRO,XXX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ALHRW,XXX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ALR,ALR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AMS,AMS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,AMV,AMV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ANDY,SWORDFISH,Threatcon 4 (least serious),, oracle,Database,Any,,ANONYMOUS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ANONYMOUS,ANONYMOUS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AP,AP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLMGR,APPLMGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYS,APPLSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYS,APPS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYS,FND,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYSPUB,APPLSYSPUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYSPUB,PUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLYSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLYSYSPUB,PUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPS,APPS,Threatcon 1 (most serious),, oracle,Database,Any,,APPS_MRC,APPS,Threatcon 1 (most serious),, oracle,Database,Any,,APPUSER,APPPASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AQ,AQ,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AQDEMO,AQDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AQJAVA,AQJAVA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AQUSER,AQUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AR,AR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ASF,ASF,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ASG,ASG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ASL,ASL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ASO,ASO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ASP,ASP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AST,AST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ATM,SAMPLEATM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AUDIOUSER,AUDIOUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$JIS$UTILITY$,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$JIS$UTILITY$,INVALID,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,INVALID,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AX,AX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AZ,AZ,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BC4J,BC4J,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BEN,BEN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIC,BIC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIL,BIL,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIM,BIM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIS,BIS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIV,BIV,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BIX,BIX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BLAKE,PAPER,Threatcon 4 (least serious),, oracle,Database,Any,,BLEWIS,BLEWIS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BOM,BOM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BRIO_ADMIN,BRIO_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BRUGERNAVN,ADGANGSKODE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BRUKERNAVN,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BSC,BSC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BUG_REPORTS,BUG_REPORTS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CALVIN,HOBBES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CATALOG,CATALOG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CCT,CCT,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CDEMO82,CDEMO82,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,CDEMO83,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMOCOR,CDEMOCOR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMORID,CDEMORID,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMOUCB,CDEMOUCB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDOUGLAS,CDOUGLAS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CE,CE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CENTRA,CENTRA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CENTRAL,CENTRAL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CIDS,CIDS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CIS,CIS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CIS,ZWERG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CISINFO,CISINFO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CISINFO,ZWERG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CLARK,CLOTH,Threatcon 4 (least serious),, oracle,Database,Any,,CLKANA,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CLKRT,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CN,CN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,COMPANY,COMPANY,Threatcon 1 (most serious),, oracle,Database,Any,,COMPIERE,COMPIERE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CQSCHEMAUSER,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CQUSERDBUSER,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CRP,CRP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CS,CS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSC,CSC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSD,CSD,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSE,CSE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CSF,CSF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSI,CSI,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CSL,CSL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CSMIG,CSMIG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CSP,CSP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSR,CSR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSS,CSS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CTXDEMO,CTXDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,CTXSYS,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,UNKNOWN,Threatcon 1 (most serious),, oracle,Database,Any,,CUA,CUA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUE,CUE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUF,CUF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUG,CUG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CUI,CUI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUN,CUN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUP,CUP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUS,CUS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CZ,CZ,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DATA_SCHEMA,LASKJDF098KSDAF09,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DBI,MUMBLEFRATZ,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DBSNMP,DBSNMP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DBVISION,DBVISION,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DCM,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DDIC,199220706,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO8,DEMO8,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO9,DEMO9,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DES,DES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DES2K,DES2K,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEV2000_DEMOS,DEV2000_DEMOS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DIANE,PASSWO1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DIP,DIP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DISCOVERER5,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DMSYS,DMSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DPF,DPFPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSGATEWAY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSGATEWAY,DSGATEWAY,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSSYS,DSSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DTSP,DTSP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EAA,EAA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EAM,EAM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EARLYWATCH,SUPPORT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EAST,EAST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EC,EC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ECX,ECX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EJB,EJB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EJSADMIN,EJSADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EJSADMIN,EJSADMIN_PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EMP,EMP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ENG,ENG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ENI,ENI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ESTOREUSER,ESTORE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EVENT,EVENT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EVM,EVM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EXAMPLE,EXAMPLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EXFSYS,EXFSYS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EXTDEMO,EXTDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EXTDEMO2,EXTDEMO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FA,FA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FEM,FEM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FII,FII,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FINANCE,FINANCE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FINPROD,FINPROD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FLM,FLM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FND,FND,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FOO,BAR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FPT,FPT,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FRM,FRM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FROSTY,SNOWMAN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FTE,FTE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FV,FV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GL,GL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,GMA,GMA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMD,GMD,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GME,GME,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMF,GMF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMI,GMI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GML,GML,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMP,GMP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMS,GMS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GPFD,GPFD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,GPLD,GPLD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,GR,GR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HADES,HADES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HCPARK,HCPARK,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HLW,HLW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,HR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HRI,HRI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HVST,HVST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HXC,HXC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HXT,HXT,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBA,IBA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBE,IBE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBP,IBP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBU,IBU,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBY,IBY,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ICDBOWN,ICDBOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ICX,ICX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IDEMO_USER,IDEMO_USER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IEB,IEB,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IEC,IEC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IEM,IEM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IEO,IEO,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IES,IES,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IEU,IEU,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IEX,IEX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IFSSYS,IFSSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IGC,IGC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IGF,IGF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IGI,IGI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IGS,IGS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IGW,IGW,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IMAGEUSER,IMAGEUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IMC,IMC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IMEDIA,IMEDIA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IMT,IMT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,INV,INV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IPA,IPA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IPD,IPD,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IPLANET,IPLANET,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ISC,ISC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ITG,ITG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JA,JA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JAKE,PASSWO4,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JE,JE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JG,JG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JILL,PASSWO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JL ,JL ,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JMUSER,JMUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JOHN,JOHN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JONES,STEEL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JTF,JTF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JTM,JTM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JTS,JTS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JWARD,AIROPLANE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,KWALKER,KWALKER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,L2LDEMO,L2LDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,LBACSYS,LBACSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,LIBRARIAN,SHELVES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MANPROD,MANPROD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MARK,PASSWO3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MASCARM,MANAGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MASTER,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDATA,MDDATA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO,MDDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO_CLERK,CLERK,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO_CLERK,MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO_MGR,MDDEMO_MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO_MGR,MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDSYS,MDSYS,Threatcon 1 (most serious),, oracle,Database,Any,,ME,ME,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MFG,MFG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MGR,MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MGWUSER,MGWUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MIGRATE,MIGRATE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MILLER,MILLER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,MMO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,MMO3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MODTEST,YES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MOREAU,MOREAU,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MRP,MRP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MSC,MSC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MSD,MSD,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MSO,MSO,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MSR,MSR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MTSSYS,MTSSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MTS_USER,MTS_PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MWA,MWA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MXAGENT,MXAGENT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NAMES,NAMES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NEOTIX_SYS,NEOTIX_SYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NNEUL,NNEULPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NOMEUTENTE,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NOME_UTILIZADOR,SENHA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NOM_UTILISATEUR,MOT_DE_PASSE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NUME_UTILIZATOR,PAROL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OAIHUB902,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OAS_PUBLIC,OAS_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OCITEST,OCITEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OCM_DB_ADMIN,OCM_DB_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODM,ODM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODM_MTR,MTRPW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODS,ODS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODSCOMMON,ODSCOMMON,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODS_SERVER,ODS_SERVER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OE,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OE,OE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OE,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEMADM,OEMADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEMREP,OEMREP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEM_REPOSITORY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKB,OKB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKC,OKC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKE,OKE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKI,OKI,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKO,OKO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKR,OKR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKS,OKS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKX,OKX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OLAPDBA,OLAPDBA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OLAPSVR,INSTANCE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OLAPSVR,OLAPSVR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OLAPSYS,MANAGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OLAPSYS,OLAPSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OMWB_EMULATION,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ONT,ONT,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OO,OO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OPENSPIRIT,OPENSPIRIT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OPI,OPI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ORACACHE,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORACACHE,ORACACHE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORACLE,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORADBA,ORADBAPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORANGE,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORAPROBE,ORAPROBE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORAREGSYS,ORAREGSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO,ORASSO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO_DS,ORASSO_DS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO_PA,ORASSO_PA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO_PS,ORASSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO_PUBLIC,ORASSO_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASTAT,ORASTAT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORCLADMIN,WELCOME,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORDCOMMON,ORDCOMMON,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORDPLUGINS,ORDPLUGINS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORDSYS,ORDSYS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OSE$HTTP$ADMIN,INVALID,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSE$HTTP$ADMIN,Invalid password,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSM,OSM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OSP22,OSP22,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_HOST,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_PUB,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_SUB,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OTA,OTA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OUTLN,OUTLN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OWA,OWA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWA_PUBLIC,OWA_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWF_MGR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWF_MGR,OWF_MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWNER,OWNER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OZF,OZF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OZP,OZP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OZS,OZS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PA,PA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PANAMA,PANAMA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PATROL,PATROL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PAUL,PAUL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PERFSTAT,PERFSTAT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PERSTAT,PERSTAT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PJM,PJM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PLANNING,PLANNING,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PLEX,PLEX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PLSQL,SUPERSECRET,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,PM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PMI,PMI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PN,PN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PO,PO,Threatcon 1 (most serious),, oracle,Database,Any,,PO7,PO7,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PO8,PO8,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POA,POA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,POM,POM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PORTAL,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30,PORTAL30,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30,PORTAL31,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_ADMIN,PORTAL30_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_DEMO,PORTAL30_DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_PS,PORTAL30_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO,PORTAL30_SSO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_APP,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_DEMO,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_DEMO,PORTAL_DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_PUBLIC,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_SSO_PS,PORTAL_SSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POS,POS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POWERCARTUSER,POWERCARTUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PRIMARY,PRIMARY,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PSA,PSA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PSB,PSB,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PSP,PSP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PUBSUB,PUBSUB,Threatcon 1 (most serious),, oracle,Database,Any,,PUBSUB1,PUBSUB1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PV,PV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QA,QA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QDBA,QDBA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QP,QP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,QS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,QS_ADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,QS_CB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,QS_CBADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,QS_CS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,QS_ES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,QS_OS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,QS_WS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,RE,RE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REPADMIN,REPADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REPORTS,REPORTS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REPORTS_USER,OEM_TEMP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REP_MANAGER,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REP_OWNER,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REP_OWNER,REP_OWNER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REP_USER,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,RG,RG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RHX,RHX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RLA,RLA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RLM,RLM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RMAIL,RMAIL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,RMAN,RMAN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RRS,RRS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SAMPLE,SAMPLE,Threatcon 1 (most serious),, oracle,Database,Any,,SAP,6071992,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SAP,SAPR3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SAPR3,SAP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SCOTT,TIGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SCOTT,TIGGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SDOS_ICSAP,SDOS_ICSAP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SECDEMO,SECDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SERVICECONSUMER1,SERVICECONSUMER1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,SH,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SITEMINDER,SITEMINDER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SLIDE,SLIDEPW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SPIERSON,SPIERSON,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SSP,SSP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,STARTER,STARTER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,STRAT_USER,STRAT_PASSWD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SWPRO,SWPRO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SWUSER,SWUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYMPA,SYMPA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYS,0RACL3,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACL38,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACL38I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACL39,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACL39I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE8,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE8I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE9,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE9I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,D_SYSPW,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,MANAG3R,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,MANAGER,Threatcon 2 (1 is most serious),, oracle,Database,Any,,SYS,ORACL3,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE8,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE8I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE9,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE9I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,SYS,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,SYSPASS,Threatcon 1 (most serious),, oracle,Database,Any,,SYSADM,SYSADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSADMIN,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSADMIN,SYSADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSMAN,OEM_TEMP,Threatcon 1 (most serious),, oracle,Database,Any,,SYSMAN,SYSMAN,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL3,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL38,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL38I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL39,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL39I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE8,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE8I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE9,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE9I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,CHANGE_ON_INSTALL,Threatcon 2 (1 is most serious),, oracle,Database,Any,,SYSTEM,D_SYSPW,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,D_SYSTPW,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,MANAG3R,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,MANAGER,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACL3,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE8,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE8I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE9,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE9I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,SYSTEM,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,SYSTEMPASS,Threatcon 1 (most serious),, oracle,Database,Any,,TAHITI,TAHITI,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TALBOT,MT6CH5,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TDOS_ICSAP,TDOS_ICSAP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TEC,TECTEC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TEST,PASSWD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TEST,TEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TESTPILOT,TESTPILOT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TEST_USER,TEST_USER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,THINSAMPLE,THINSAMPLEPW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TIBCO,TIBCO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TIP37,TIP37,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TRACESVR,TRACE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TRAVEL,TRAVEL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TSDEV,TSDEV,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TSUSER,TSUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TURBINE,TURBINE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UDDISYS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ULTIMATE,ULTIMATE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UM_ADMIN,UM_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UM_CLIENT,UM_CLIENT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER,USER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER0,USER0,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER1,USER1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER2,USER2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER3,USER3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER4,USER4,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER5,USER5,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER6,USER6,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER7,USER7,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER8,USER8,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER9,USER9,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER_NAME,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USUARIO,CLAVE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UTILITY,UTILITY,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UTLBSTATU,UTLESTAT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VEA,VEA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,VEH,VEH,Threatcon 2 (1 is most serious),, oracle,Database,Any,,VERTEX_LOGIN,VERTEX_LOGIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIDEOUSER,VIDEOUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIF_DEVELOPER,VIF_DEV_PWD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIRUSER,VIRUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VPD_ADMIN,AKF7D98S2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,VRR1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,VRR2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBCAL01,WEBCAL01,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBDB,WEBDB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBREAD,WEBREAD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBSYS,MANAGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBUSER,YOUR_PASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEST,WEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WFADMIN,WFADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WH,WH,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WIP,WIP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WIRELESS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKADMIN,WKADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,WKPROXY,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKSYS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKSYS,WKSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKUSER,WKUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_PROXY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_SYS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_TEST,WK_TEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WMS,WMS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WMSYS,WMSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WOB,WOB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WPS,WPS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WSH,WSH,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WSM,WSM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WWW,WWW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WWWUSER,WWWUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XADEMO,XADEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XDB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XDP,XDP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XLA,XLA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNC,XNC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNI,XNI,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XNM,XNM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNP,XNP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNS,XNS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XPRT,XPRT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XTR,XTR,Threatcon 2 (1 is most serious),, oracle,Internet Directory Service,,,cn=orcladmin,welcome,,, oracle,Internet Directory Service,,,cn=orcladmin,welcome,,any, oracle,Oracle RDBMS,,,ADAMS,WOOD,,, oracle,Oracle RDBMS,,,APPLSYS,APPLSYS,,, oracle,Oracle RDBMS,,,APPS,APPS,,, oracle,Oracle RDBMS,,,AQDEMO,AQDEMO,,, oracle,Oracle RDBMS,,,AQUSER,AQUSER,,, oracle,Oracle RDBMS,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,,,AURORA@ORB@UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,,,BLAKE,PAPER,,, oracle,Oracle RDBMS,,,CATALOG,CATALOG,,, oracle,Oracle RDBMS,,,CDEMO82,CDEMO82,,, oracle,Oracle RDBMS,,,CDEMOCOR,CDEMOCOR,,, oracle,Oracle RDBMS,,,CDEMORID,CDEMORID,,, oracle,Oracle RDBMS,,,CDEMOUCB,CDEMOUCB,,, oracle,Oracle RDBMS,,,CLARK,CLOTH,,, oracle,Oracle RDBMS,,,CTXDEMO,CTXDEMO,,, oracle,Oracle RDBMS,,,CTXSYS,,,, oracle,Oracle RDBMS,,,DEMO,DEMO,,, oracle,Oracle RDBMS,,,DEMO8,DEMO8,,, oracle,Oracle RDBMS,,,EMP,EMP,,, oracle,Oracle RDBMS,,,FND,FND,,, oracle,Oracle RDBMS,,,GPFD,GPFD,,, oracle,Oracle RDBMS,,,GPLD,GPLD,,, oracle,Oracle RDBMS,,,JONES,STEEL,,, oracle,Oracle RDBMS,,,MILLER,MILLER,,, oracle,Oracle RDBMS,,,MMO2,MMO2,,, oracle,Oracle RDBMS,,,MOREAU,MOREAU,,, oracle,Oracle RDBMS,,,MTYSYS,MTYSYS,,, oracle,Oracle RDBMS,,,NAMES,NAMES,,, oracle,Oracle RDBMS,,,OCITEST,OCITEST,,, oracle,Oracle RDBMS,,,ORDPLUGINS,ORDPLUGINS,,, oracle,Oracle RDBMS,,,ORDSYS,ORDSYS,,, oracle,Oracle RDBMS,,,OUTLN,OUTLN,,, oracle,Oracle RDBMS,,,POWERCARTUSER,POWERCARTUSER,,, oracle,Oracle RDBMS,,,PRIMARY,PRIMARY,,, oracle,Oracle RDBMS,,,RE,RE,,, oracle,Oracle RDBMS,,,RMAIL,RMAIL,,, oracle,Oracle RDBMS,,,RMAN,RMAN,,, oracle,Oracle RDBMS,,,SCOTT,TIGER,,, oracle,Oracle RDBMS,,,SECDEMO,SECDEMO,,, oracle,Oracle RDBMS,,,SYSADM,SYSADM,,, oracle,Oracle RDBMS,,,SYSTEM,MANAGER,,, oracle,Oracle RDBMS,,,TRACESRV,TRACE,,, oracle,Oracle RDBMS,,,TSDEV,TSDEV,,, oracle,Oracle RDBMS,,,TSUSER,TSUSER,,, oracle,Oracle RDBMS,,,USER0,USER0,,, oracle,Oracle RDBMS,,,USER1,USER1,,, oracle,Oracle RDBMS,,,USER2,USER2,,, oracle,Oracle RDBMS,,,USER3,USER3,,, oracle,Oracle RDBMS,,,USER4,USER4,,, oracle,Oracle RDBMS,,,USER5,USER5,,, oracle,Oracle RDBMS,,,USER6,USER6,,, oracle,Oracle RDBMS,,,USER7,USER7,,, oracle,Oracle RDBMS,,,USER8,USER8,,, oracle,Oracle RDBMS,,,USER9,USER9,,, oracle,Oracle RDBMS,,7 and 8,ADAMS,WOOD,,, oracle,Oracle RDBMS,,7 and 8,APPLSYS,APPLSYS,,, oracle,Oracle RDBMS,,7 and 8,APPS,APPS,,, oracle,Oracle RDBMS,,7 and 8,AURORA$ORB$UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,,7 and 8,AURORA@ORB@UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,,7 and 8,BLAKE,PAPER,,, oracle,Oracle RDBMS,,7 and 8,CLARK,CLOTH,,, oracle,Oracle RDBMS,,7 and 8,CTXDEMO,CTXDEMO,,, oracle,Oracle RDBMS,,7 and 8,CTXSYS,CTXSYS,,, oracle,Oracle RDBMS,,7 and 8,DBSNMP,DBSNMP,,, oracle,Oracle RDBMS,,7 and 8,DEMO,DEMO,,, oracle,Oracle RDBMS,,7 and 8,JONES,STEEL,,, oracle,Oracle RDBMS,,7 and 8,MDSYS,MDSYS,,, oracle,Oracle RDBMS,,7 and 8,NAMES,NAMES,,, oracle,Oracle RDBMS,,7 and 8,ORDPLUGINS,ORDPLUGINS,,, oracle,Oracle RDBMS,,7 and 8,ORDSYS,ORDSYS,,, oracle,Oracle RDBMS,,7 and 8,OUTLN,OUTLN,,, oracle,Oracle RDBMS,,7 and 8,RMAN,RMAN,,, oracle,Oracle RDBMS,,7 and 8,SCOTT,TIGER,,, oracle,Oracle RDBMS,,7 and 8,SYS,CHANGE_ON_INSTALL,,, oracle,Oracle RDBMS,,7 and 8,SYSADM,SYSADM,,, oracle,Oracle RDBMS,,7 and 8,SYSTEM,MANAGER,,, oracle,Oracle RDBMS,,7 and 8,TRACESRV,TRACE,,, oracle,Oracle RDBMS,,8i Linux,MODTEST,YES,,, oracle,Oracle RDBMS,,8i WinNT,MTYSYS,MTYSYS,,, oracle,Oracle RDBMS,,8i WinNT,RE,RE,,, oracle,Oracle RDBMS,,8i WinNT,RMAIL,RMAIL,,, oracle,Oracle RDBMS,,8i WinNT,SAMPLE,SAMPLE,,, oracle,Oracle RDBMS,,8i,AQDEMO,AQDEMO,,, oracle,Oracle RDBMS,,8i,AQUSER,AQUSER,,, oracle,Oracle RDBMS,,8i,CATALOG,CATALOG,,, oracle,Oracle RDBMS,,8i,CDEMO82,CDEMO82,,, oracle,Oracle RDBMS,,8i,CDEMOCOR,CDEMOCOR,,, oracle,Oracle RDBMS,,8i,CDEMORID,CDEMORID,,, oracle,Oracle RDBMS,,8i,CDEMOUCB,CDEMOUCB,,, oracle,Oracle RDBMS,,8i,COMPANY,COMPANY,,, oracle,Oracle RDBMS,,8i,DEMO8,DEMO8,,, oracle,Oracle RDBMS,,8i,EMP,EMP,,, oracle,Oracle RDBMS,,8i,EVENT,EVENT,,, oracle,Oracle RDBMS,,8i,FINANCE,FINANCE,,, oracle,Oracle RDBMS,,8i,FND,FND,,, oracle,Oracle RDBMS,,8i,GPFD,GPFD,,, oracle,Oracle RDBMS,,8i,GPLD,GPLD,,, oracle,Oracle RDBMS,,8i,MFG,MFG,,, oracle,Oracle RDBMS,,8i,MILLER,MILLER,,, oracle,Oracle RDBMS,,8i,MMO2,MMO2,,, oracle,Oracle RDBMS,,8i,MOREAU,MOREAU,,, oracle,Oracle RDBMS,,8i,OCITEST,OCITEST,,, oracle,Oracle RDBMS,,8i,PO,PO,,, oracle,Oracle RDBMS,,8i,POWERCARTUSER,POWERCARTUSER,,, oracle,Oracle RDBMS,,8i,PRIMARY,PRIMARY,,, oracle,Oracle RDBMS,,8i,PUBSUB,PUBSUB,,, oracle,Oracle RDBMS,,8i,SECDEMO,SECDEMO,,, oracle,Oracle RDBMS,,8i,SYSMAN,oem_temp,,, oracle,Oracle RDBMS,,8i,TSDEV,TSDEV,,, oracle,Oracle RDBMS,,8i,TSUSER,TSUSER,,, oracle,Oracle RDBMS,,8i,USER0,USER0,,, oracle,Oracle RDBMS,,8i,USER1,USER1,,, oracle,Oracle RDBMS,,8i,USER2,USER2,,, oracle,Oracle RDBMS,,8i,USER3,USER3,,, oracle,Oracle RDBMS,,8i,USER4,USER4,,, oracle,Oracle RDBMS,,8i,USER5,USER5,,, oracle,Oracle RDBMS,,8i,USER6,USER6,,, oracle,Oracle RDBMS,,8i,USER7,USER7,,, oracle,Oracle RDBMS,,8i,USER8,USER8,,, oracle,Oracle RDBMS,,8i,USER9,USER9,,, oracle,Oracle RDBMS,,8i,VRR1,VRR1,,, oracle,Oracle RDBMS,,All Privileges with Admin,MDSYS,MDSYS,,, oracle,Oracle RDBMS,,All Privileges,COMPANY,COMPANY,,, oracle,Oracle RDBMS,,All Privileges,FINANCE,FINANCE,,, oracle,Oracle RDBMS,,All Privileges,MFG,MFG,,, oracle,Oracle RDBMS,,DBA +,SYS,CHANGE_ON_INSTALL,,, oracle,Oracle RDBMS,,DBA,CTXSYS,CTXSYS,,, oracle,Oracle RDBMS,,DBA,EVENT,EVENT,,, oracle,Oracle RDBMS,,DBA,MODTEST,YES,,, oracle,Oracle RDBMS,,DBA,PO,PO,,, oracle,Oracle RDBMS,,DBA,PUBSUB,PUBSUB,,, oracle,Oracle RDBMS,,DBA,SAMPLE,SAMPLE,,, oracle,Oracle RDBMS,,DBA,SYSMAN,oem_temp,,, oracle,Oracle RDBMS,,DBA,VRR1,VRR1,,, oracle,Oracle RDBMS,,RESOURCE and CONNECT roles,DBSNMP,DBSNMP,,, oracle,Oracle RDBMS,7 and 8,Multi,ADAMS,WOOD,,, oracle,Oracle RDBMS,7 and 8,Multi,APPLSYS,APPLSYS,,, oracle,Oracle RDBMS,7 and 8,Multi,APPS,APPS,,, oracle,Oracle RDBMS,7 and 8,Multi,AURORA$ORB$UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,7 and 8,Multi,AURORA@ORB@UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,7 and 8,Multi,BLAKE,PAPER,,, oracle,Oracle RDBMS,7 and 8,Multi,CLARK,CLOTH,,, oracle,Oracle RDBMS,7 and 8,Multi,CTXDEMO,CTXDEMO,,, oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,,,, oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,CTXSYS,DBA,, oracle,Oracle RDBMS,7 and 8,Multi,DBSNMP,DBSNMP,RESOURCE and CONNECT roles,, oracle,Oracle RDBMS,7 and 8,Multi,DEMO,DEMO,,, oracle,Oracle RDBMS,7 and 8,Multi,JONES,STEEL,,, oracle,Oracle RDBMS,7 and 8,Multi,MDSYS,MDSYS,All Privileges with Admin,, oracle,Oracle RDBMS,7 and 8,Multi,NAMES,NAMES,,, oracle,Oracle RDBMS,7 and 8,Multi,ORDPLUGINS,ORDPLUGINS,,, oracle,Oracle RDBMS,7 and 8,Multi,ORDSYS,ORDSYS,,, oracle,Oracle RDBMS,7 and 8,Multi,OUTLN,OUTLN,,, oracle,Oracle RDBMS,7 and 8,Multi,RMAN,RMAN,,, oracle,Oracle RDBMS,7 and 8,Multi,SCOTT,TIGER,,, oracle,Oracle RDBMS,7 and 8,Multi,SYS,CHANGE_ON_INSTALL,DBA +,, oracle,Oracle RDBMS,7 and 8,Multi,SYSADM,SYSADM,,, oracle,Oracle RDBMS,7 and 8,Multi,SYSTEM,MANAGER,,, oracle,Oracle RDBMS,7 and 8,Multi,TRACESRV,TRACE,,, oracle,Oracle RDBMS,8i Linux,Multi,MODTEST,YES,DBA,, oracle,Oracle RDBMS,8i WinNT,Multi,MTYSYS,MTYSYS,,, oracle,Oracle RDBMS,8i WinNT,Multi,RE,RE,,, oracle,Oracle RDBMS,8i WinNT,Multi,RMAIL,RMAIL,,, oracle,Oracle RDBMS,8i WinNT,Multi,SAMPLE,SAMPLE,DBA,, oracle,Oracle RDBMS,8i,Multi,AQDEMO,AQDEMO,,, oracle,Oracle RDBMS,8i,Multi,AQUSER,AQUSER,,, oracle,Oracle RDBMS,8i,Multi,CATALOG,CATALOG,,, oracle,Oracle RDBMS,8i,Multi,CDEMO82,CDEMO82,,, oracle,Oracle RDBMS,8i,Multi,CDEMOCOR,CDEMOCOR,,, oracle,Oracle RDBMS,8i,Multi,CDEMORID,CDEMORID,,, oracle,Oracle RDBMS,8i,Multi,CDEMOUCB,CDEMOUCB,,, oracle,Oracle RDBMS,8i,Multi,COMPANY,COMPANY,All Privileges,, oracle,Oracle RDBMS,8i,Multi,DEMO8,DEMO8,,, oracle,Oracle RDBMS,8i,Multi,EMP,EMP,,, oracle,Oracle RDBMS,8i,Multi,EVENT,EVENT,DBA,, oracle,Oracle RDBMS,8i,Multi,FINANCE,FINANCE,All Privileges,, oracle,Oracle RDBMS,8i,Multi,FND,FND,,, oracle,Oracle RDBMS,8i,Multi,GPFD,GPFD,,, oracle,Oracle RDBMS,8i,Multi,GPLD,GPLD,,, oracle,Oracle RDBMS,8i,Multi,MFG,MFG,All Privileges,, oracle,Oracle RDBMS,8i,Multi,MILLER,MILLER,,, oracle,Oracle RDBMS,8i,Multi,MMO2,MMO2,,, oracle,Oracle RDBMS,8i,Multi,MOREAU,MOREAU,,, oracle,Oracle RDBMS,8i,Multi,OCITEST,OCITEST,,, oracle,Oracle RDBMS,8i,Multi,PO,PO,DBA,, oracle,Oracle RDBMS,8i,Multi,POWERCARTUSER,POWERCARTUSER,,, oracle,Oracle RDBMS,8i,Multi,PRIMARY,PRIMARY,,, oracle,Oracle RDBMS,8i,Multi,PUBSUB,PUBSUB,DBA,, oracle,Oracle RDBMS,8i,Multi,SECDEMO,SECDEMO,,, oracle,Oracle RDBMS,8i,Multi,SYSMAN,oem_temp,DBA,, oracle,Oracle RDBMS,8i,Multi,TSDEV,TSDEV,,, oracle,Oracle RDBMS,8i,Multi,TSUSER,TSUSER,,, oracle,Oracle RDBMS,8i,Multi,USER0,USER0,,, oracle,Oracle RDBMS,8i,Multi,USER1,USER1,,, oracle,Oracle RDBMS,8i,Multi,USER2,USER2,,, oracle,Oracle RDBMS,8i,Multi,USER3,USER3,,, oracle,Oracle RDBMS,8i,Multi,USER4,USER4,,, oracle,Oracle RDBMS,8i,Multi,USER5,USER5,,, oracle,Oracle RDBMS,8i,Multi,USER6,USER6,,, oracle,Oracle RDBMS,8i,Multi,USER7,USER7,,, oracle,Oracle RDBMS,8i,Multi,USER8,USER8,,, oracle,Oracle RDBMS,8i,Multi,USER9,USER9,,, oracle,Oracle RDBMS,8i,Multi,VRR1,VRR1,DBA,, oracle,Oracle RDBMS,Any,Multi,system/manager,sys/change_on_install,Admin,, oracle,Oracle,,,ADAMS,WOOD,,, oracle,Oracle,,,ADLDEMO,ADLDEMO,,, oracle,Oracle,,,ADMIN,JETSPEED,,, oracle,Oracle,,,ADMINISTRATOR,ADMINISTRATOR,,, oracle,Oracle,,,ANDY,SWORDFISH,,, oracle,Oracle,,,AP,AP,,, oracle,Oracle,,,APPLSYS,FND,,, oracle,Oracle,,,APPLSYSPUB,FNDPUB,,, oracle,Oracle,,,APPS,APPS,,, oracle,Oracle,,,APPUSER,APPUSER,,, oracle,Oracle,,,AQ,AQ,,, oracle,Oracle,,,AQDEMO,AQDEMO,,, oracle,Oracle,,,AQJAVA,AQJAVA,,, oracle,Oracle,,,AQUSER,AQUSER,,, oracle,Oracle,,,AUDIOUSER,AUDIOUSER,,, oracle,Oracle,,,AURORA$JIS$UTILITY$,,,, oracle,Oracle,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, oracle,Oracle,,,BC4J,BC4J,,, oracle,Oracle,,,BLAKE,PAPER,,, oracle,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, oracle,Oracle,,,CATALOG,CATALOG,,, oracle,Oracle,,,CDEMO82,CDEMO82,,, oracle,Oracle,,,CDEMOCOR,CDEMOCOR,,, oracle,Oracle,,,CDEMORID,CDEMORID,,, oracle,Oracle,,,CDEMOUCB,CDEMOUCB,,, oracle,Oracle,,,CENTRA,CENTRA,,, oracle,Oracle,,,CIDS,CIDS,,, oracle,Oracle,,,CIS,CIS,,, oracle,Oracle,,,CISINFO,CISINFO,,, oracle,Oracle,,,CLARK,CLOTH,,, oracle,Oracle,,,COMPANY,COMPANY,,, oracle,Oracle,,,COMPIERE,COMPIERE,,, oracle,Oracle,,,CQSCHEMAUSER,PASSWORD,,, oracle,Oracle,,,CSMIG,CSMIG,,, oracle,Oracle,,,CTXDEMO,CTXDEMO,,, oracle,Oracle,,,CTXSYS,CTXSYS,,, oracle,Oracle,,,DBI,MUMBLEFRATZ,,, oracle,Oracle,,,DBSNMP,DBSNMP,,, oracle,Oracle,,,DEMO8,DEMO8,,, oracle,Oracle,,,DEMO9,DEMO9,,, oracle,Oracle,,,DES,DES,,, oracle,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, oracle,Oracle,,,DIP,DIP,,, oracle,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, oracle,Oracle,,,DSGATEWAY,DSGATEWAY,,, oracle,Oracle,,,DSSYS,DSSYS,,, oracle,Oracle,,,EJSADMIN,EJSADMIN,,, oracle,Oracle,,,EMP,EMP,,, oracle,Oracle,,,ESTOREUSER,ESTORE,,, oracle,Oracle,,,EVENT,EVENT,,, oracle,Oracle,,,EXFSYS,EXFSYS,,, oracle,Oracle,,,FINANCE,FINANCE,,, oracle,Oracle,,,FND,FND,,, oracle,Oracle,,,FROSTY,SNOWMAN,,, oracle,Oracle,,,GL,GL,,, oracle,Oracle,,,GPFD,GPFD,,, oracle,Oracle,,,GPLD,GPLD,,, oracle,Oracle,,,HCPARK,HCPARK,,, oracle,Oracle,,,HLW,HLW,,, oracle,Oracle,,,HR,HR,,, oracle,Oracle,,,IMAGEUSER,IMAGEUSER,,, oracle,Oracle,,,IMEDIA,IMEDIA,,, oracle,Oracle,,,JMUSER,JMUSER,,, oracle,Oracle,,,JONES,STEEL,,, oracle,Oracle,,,JWARD,AIROPLANE,,, oracle,Oracle,,,L2LDEMO,L2LDEMO,,, oracle,Oracle,,,LBACSYS,LBACSYS,,, oracle,Oracle,,,LIBRARIAN,SHELVES,,, oracle,Oracle,,,MASTER,PASSWORD,,, oracle,Oracle,,,MDDEMO,MDDEMO,,, oracle,Oracle,,,MDDEMO_CLERK,CLERK,,, oracle,Oracle,,,MDDEMO_MGR,MGR,,, oracle,Oracle,,,MDSYS,MDSYS,,, oracle,Oracle,,,MFG,MFG,,, oracle,Oracle,,,MGWUSER,MGWUSER,,, oracle,Oracle,,,MIGRATE,MIGRATE,,, oracle,Oracle,,,MILLER,MILLER,,, oracle,Oracle,,,MMO2,MMO2,,, oracle,Oracle,,,MODTEST,YES,,, oracle,Oracle,,,MOREAU,MOREAU,,, oracle,Oracle,,,MTSSYS,MTSSYS,,, oracle,Oracle,,,MTS_USER,MTS_PASSWORD,,, oracle,Oracle,,,MXAGENT,MXAGENT,,, oracle,Oracle,,,NAMES,NAMES,,, oracle,Oracle,,,OAS_PUBLIC,OAS_PUBLIC,,, oracle,Oracle,,,OCITEST,OCITEST,,, oracle,Oracle,,,ODM,ODM,,, oracle,Oracle,,,ODM_MTR,MTRPW,,, oracle,Oracle,,,ODS,ODS,,, oracle,Oracle,,,ODSCOMMON,ODSCOMMON,,, oracle,Oracle,,,OE,OE,,, oracle,Oracle,,,OEMADM,OEMADM,,, oracle,Oracle,,,OEMREP,OEMREP,,, oracle,Oracle,,,OLAPDBA,OLAPDBA,,, oracle,Oracle,,,OLAPSVR,INSTANCE,,, oracle,Oracle,,,OLAPSYS,MANAGER,,, oracle,Oracle,,,OMWB_EMULATION,ORACLE,,, oracle,Oracle,,,OO,OO,,, oracle,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, oracle,Oracle,,,ORACACHE,(random password),,, oracle,Oracle,,,ORAREGSYS,ORAREGSYS,,, oracle,Oracle,,,ORASSO,ORASSO,,, oracle,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, oracle,Oracle,,,ORDSYS,ORDSYS,,, oracle,Oracle,,,OSE$HTTP$ADMIN,(random password),,, oracle,Oracle,,,OSP22,OSP22,,, oracle,Oracle,,,OUTLN,OUTLN,,, oracle,Oracle,,,OWA,OWA,,, oracle,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, oracle,Oracle,,,OWNER,OWNER,,, oracle,Oracle,,,PANAMA,PANAMA,,, oracle,Oracle,,,PATROL,PATROL,,, oracle,Oracle,,,PERFSTAT,PERFSTAT,,, oracle,Oracle,,,PLEX,PLEX,,, oracle,Oracle,,,PLSQL,SUPERSECRET,,, oracle,Oracle,,,PM,PM,,, oracle,Oracle,,,PO,PO,,, oracle,Oracle,,,PO7,PO7,,, oracle,Oracle,,,PORTAL30,PORTAL30,,, oracle,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, oracle,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, oracle,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, oracle,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, oracle,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, oracle,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, oracle,Oracle,,,PRIMARY,PRIMARY,,, oracle,Oracle,,,PUBSUB,PUBSUB,,, oracle,Oracle,,,PUBSUB1,PUBSUB1,,, oracle,Oracle,,,QDBA,QDBA,,, oracle,Oracle,,,QS,QS,,, oracle,Oracle,,,QS_ADM,QS_ADM,,, oracle,Oracle,,,QS_CB,QS_CB,,, oracle,Oracle,,,QS_CBADM,QS_CBADM,,, oracle,Oracle,,,QS_CS,QS_CS,,, oracle,Oracle,,,QS_ES,QS_ES,,, oracle,Oracle,,,QS_OS,QS_OS,,, oracle,Oracle,,,QS_WS,QS_WS,,, oracle,Oracle,,,RE,RE,,, oracle,Oracle,,,REPADMIN,REPADMIN,,, oracle,Oracle,,,REPORTS_USER,OEM_TEMP,,, oracle,Oracle,,,REP_MANAGER,DEMO,,, oracle,Oracle,,,REP_OWNER,REP_OWNER,,, oracle,Oracle,,,RMAIL,RMAIL,,, oracle,Oracle,,,RMAN,RMAN,,, oracle,Oracle,,,SAMPLE,SAMPLE,,, oracle,Oracle,,,SAP,SAPR3,,, oracle,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, oracle,Oracle,,,SECDEMO,SECDEMO,,, oracle,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, oracle,Oracle,,,SH,SH,,, oracle,Oracle,,,SITEMINDER,SITEMINDER,,, oracle,Oracle,,,SLIDE,SLIDEPW,,, oracle,Oracle,,,STARTER,STARTER,,, oracle,Oracle,,,STRAT_USER,STRAT_PASSWD,,, oracle,Oracle,,,SWPRO,SWPRO,,, oracle,Oracle,,,SWUSER,SWUSER,,, oracle,Oracle,,,SYMPA,SYMPA,,, oracle,Oracle,,,SYS,D_SYSPW,,, oracle,Oracle,,,SYSADM,SYSADM,,, oracle,Oracle,,,SYSMAN,OEM_TEMP,,, oracle,Oracle,,,SYSTEM,D_SYSTPW,,, oracle,Oracle,,,TAHITI,TAHITI,,, oracle,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, oracle,Oracle,,,TESTPILOT,TESTPILOT,,, oracle,Oracle,,,TRACESVR,TRACE,,, oracle,Oracle,,,TRAVEL,TRAVEL,,, oracle,Oracle,,,TSDEV,TSDEV,,, oracle,Oracle,,,TSUSER,TSUSER,,, oracle,Oracle,,,TURBINE,TURBINE,,, oracle,Oracle,,,ULTIMATE,ULTIMATE,,, oracle,Oracle,,,USER,USER,,, oracle,Oracle,,,USER0,USER0,,, oracle,Oracle,,,USER1,USER1,,, oracle,Oracle,,,USER2,USER2,,, oracle,Oracle,,,USER3,USER3,,, oracle,Oracle,,,USER4,USER4,,, oracle,Oracle,,,USER5,USER5,,, oracle,Oracle,,,USER6,USER6,,, oracle,Oracle,,,USER7,USER7,,, oracle,Oracle,,,USER8,USER8,,, oracle,Oracle,,,USER9,USER9,,, oracle,Oracle,,,UTLBSTATU,UTLESTAT,,, oracle,Oracle,,,VIDEOUSER,VIDEO USER,,, oracle,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, oracle,Oracle,,,VIRUSER,VIRUSER,,, oracle,Oracle,,,VRR1,VRR1,,, oracle,Oracle,,,WEBCAL01,WEBCAL01,,, oracle,Oracle,,,WEBDB,WEBDB,,, oracle,Oracle,,,WEBREAD,WEBREAD,,, oracle,Oracle,,,WKSYS,WKSYS,,, oracle,Oracle,,,WWW,WWW,,, oracle,Oracle,,,WWWUSER,WWWUSER,,, oracle,Oracle,,,XPRT,XPRT,,, oracle,Oracle,,,demo,demo,,, oracle,Oracle,,,internal,oracle,,, oracle,Oracle,,,oracle,oracle,,, oracle,Oracle,,,scott,tiger or tigger,,, oracle,Oracle,,,sys,sys,,, oracle,Oracle,,,system,manager,,, oracle,Personal Oracle,,,PO8,PO8,,, oracle,Personal Oracle,,8,PO8,PO8,,, oracle,Personal Oracle,8,Multi,PO8,PO8,,, oracle,Web DB,,,webdb,webdb,,, oracle,Web DB,,Admin,webdb,webdb,,, oracle,Web DB,,HTTP,webdb,webdb,Admin,, orange,livebox,,,admin,admin,,, osicom,JETXPrint,,1000E/B,sysadm,sysadm,,, osicom,JETXPrint,,1000E/N,sysadm,sysadm,,, osicom,JETXPrint,,1000T/N,sysadm,sysadm,,, osicom,JETXPrint,,500 E/B,sysadm,sysadm,,, osicom,JETXPrint,,Admin,sysadm,sysadm,,, osicom,JETXPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, osicom,JETXPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, osicom,JETXPrint,1000T/N,Telnet,sysadm,sysadm,Admin,, osicom,JETXPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETCommuter Remote Access Server,,,Manager,Manager,,, osicom,NETCommuter Remote Access Server,,,debug,d.e.b.u.g,,, osicom,NETCommuter Remote Access Server,,,echo,echo,,, osicom,NETCommuter Remote Access Server,,,guest,guest,,, osicom,NETCommuter Remote Access Server,,,sysadm,sysadm,,, osicom,NETCommuter Remote Access Server,,Admin,Manager,Manager,,, osicom,NETCommuter Remote Access Server,,Admin,sysadm,sysadm,,, osicom,NETCommuter Remote Access Server,,Telnet,Manager,Manager,Admin,, osicom,NETCommuter Remote Access Server,,Telnet,debug,d.e.b.u.g,User,, osicom,NETCommuter Remote Access Server,,Telnet,echo,echo,User,, osicom,NETCommuter Remote Access Server,,Telnet,guest,guest,User,, osicom,NETCommuter Remote Access Server,,Telnet,sysadm,sysadm,Admin,, osicom,NETCommuter Remote Access Server,,User,debug,d.e.b.u.g,,, osicom,NETCommuter Remote Access Server,,User,echo,echo,,, osicom,NETCommuter Remote Access Server,,User,guest,guest,,, osicom,NETPrint and JETX Print,500 1000 1500 and 2000 Series,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,,1000 T/B,sysadm,sysadm,,, osicom,NETPrint,,1000 T/N,sysadm,sysadm,,, osicom,NETPrint,,1000E/B,sysadm,sysadm,,, osicom,NETPrint,,1000E/D,Manager,Manager,,, osicom,NETPrint,,1000E/D,debug,d.e.b.u.g,,, osicom,NETPrint,,1000E/D,echo,echo,,, osicom,NETPrint,,1000E/D,guest,guest,,, osicom,NETPrint,,1000E/D,sysadm,sysadm,,, osicom,NETPrint,,1000E/N,sysadm,sysadm,,, osicom,NETPrint,,1000E/NDS,Manager,Manager,,, osicom,NETPrint,,1000E/NDS,debug,d.e.b.u.g,,, osicom,NETPrint,,1000E/NDS,echo,echo,,, osicom,NETPrint,,1000E/NDS,guest,guest,,, osicom,NETPrint,,1000E/NDS,sysadm,sysadm,,, osicom,NETPrint,,1500 E/B,Manager,Manager,,, osicom,NETPrint,,1500 E/B,debug,d.e.b.u.g,,, osicom,NETPrint,,1500 E/B,echo,echo,,, osicom,NETPrint,,1500 E/B,guest,guest,,, osicom,NETPrint,,1500 E/B,sysadm,sysadm,,, osicom,NETPrint,,1500E/N,Manager,Manager,,, osicom,NETPrint,,1500E/N,debug,d.e.b.u.g,,, osicom,NETPrint,,1500E/N,echo,echo,,, osicom,NETPrint,,1500E/N,guest,guest,,, osicom,NETPrint,,1500E/N,sysadm,sysadm,,, osicom,NETPrint,,1500T/N,sysadm,sysadm,,, osicom,NETPrint,,2000 T/B,sysadm,sysadm,,, osicom,NETPrint,,2000 T/N,sysadm,sysadm,,, osicom,NETPrint,,2000E/B,sysadm,sysadm,,, osicom,NETPrint,,2000E/N,Manager,Manager,,, osicom,NETPrint,,2000E/N,debug,d.e.b.u.g,,, osicom,NETPrint,,2000E/N,echo,echo,,, osicom,NETPrint,,2000E/N,guest,guest,,, osicom,NETPrint,,2000E/N,sysadm,sysadm,,, osicom,NETPrint,,500 E/B,sysadm,sysadm,,, osicom,NETPrint,,500 E/N,sysadm,sysadm,,, osicom,NETPrint,,500 T/B,sysadm,sysadm,,, osicom,NETPrint,,500 T/N,sysadm,sysadm,,, osicom,NETPrint,,Admin,Manager,Manager,,, osicom,NETPrint,,Admin,sysadm,sysadm,,, osicom,NETPrint,,User,debug,d.e.b.u.g,,, osicom,NETPrint,,User,echo,echo,,, osicom,NETPrint,,User,guest,guest,,, osicom,NETPrint,1000 T/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000 T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000E/D,Telnet,Manager,Manager,Admin,, osicom,NETPrint,1000E/D,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,1000E/D,Telnet,echo,echo,User,, osicom,NETPrint,1000E/D,Telnet,guest,guest,User,, osicom,NETPrint,1000E/D,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000E/NDS,Telnet,Manager,Manager,Admin,, osicom,NETPrint,1000E/NDS,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,1000E/NDS,Telnet,echo,echo,User,, osicom,NETPrint,1000E/NDS,Telnet,guest,guest,User,, osicom,NETPrint,1000E/NDS,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1500 E/B,Telnet,Manager,Manager,Admin,, osicom,NETPrint,1500 E/B,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,1500 E/B,Telnet,echo,echo,User,, osicom,NETPrint,1500 E/B,Telnet,guest,guest,User,, osicom,NETPrint,1500 E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1500E/N,Telnet,Manager,Manager,Admin,, osicom,NETPrint,1500E/N,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,1500E/N,Telnet,echo,echo,User,, osicom,NETPrint,1500E/N,Telnet,guest,guest,User,, osicom,NETPrint,1500E/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1500T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,2000 T/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,2000 T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,2000E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,2000E/N,Telnet,Manager,Manager,Admin,, osicom,NETPrint,2000E/N,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,2000E/N,Telnet,echo,echo,User,, osicom,NETPrint,2000E/N,Telnet,guest,guest,User,, osicom,NETPrint,2000E/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500 1000 1500 and 2000 Series,Telnet,Manager,Manager,Admin,, osicom,NETPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500 E/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500 T/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500 T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,Manager,Manager,Admin,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,echo,echo,User,, osicom,NetPrint,500,1000,1500, and 2000 Series,Telnet,guest,guest,User,, osicom,Osicom Plus T1/PLUS 56k,,,write,private,,, osicom,Osicom Plus T1/PLUS 56k,,Telnet,write,private,,, osicom,Osicom(Datacom),,,sysadm,sysadm,,, ovislink,1184AR,all,multi,admin,12345,admin,, ovislink,AirLive WIAS-1000G,,console,admin,admin,Admin,, ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,123,Config (End User),, ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,123,Config (End User),, ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),, ovislink,GXP-2000 IP Phone,1.0.1.9,http,,admin,Config (Advanced User),, ovislink,HandyTone-286 analog telephone adaptor,,,,123,config,, ovislink,HandyTone-286 analog telephone adaptor,,,,admin,config,, ovislink,HandyTone-486 analog telephone adaptor,,,,123,config,, ovislink,HandyTone-486 analog telephone adaptor,,,,admin,config,, ovislink,HandyTone-488 analog telephone adaptor,,,,123,Config (End User),, ovislink,HandyTone-488 analog telephone adaptor,,,,admin,Config (Advanced User),, ovislink,HandyTone-496 analog telephone adaptor,,,,123,Config (End User),, ovislink,HandyTone-496 analog telephone adaptor,,,,admin,Config (Advanced User),, ovislink,IWE1100 WLAN to LAN Bridge,,,root,root,Admin,, ovislink,SHDSL Modem,B5.1 5-15-2002,,root,root,Admin,, ovislink,SHDSL Modem,B5.1 5-15-2002,,user,user,Admin,, ovislink,SR200 Router,,console,,,config,, ovislink,SR500 Broadband IP Gateway,5.0 and up,http://192.168.1.254,,,config,, ovislink,WL-1000UR,,http,admin,airlive,admin,, ovislink,WL-1120AP,,Multi,root,,Admin,, ovislink,WL-8000AP Wireless G,,http,12345,12345,Admin,, pachco,AeGIS 9000,All,Console,,0000,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops, pacific micro data,MAST 9500 Universal Disk Array,,Admin,pmd,,,, pacific micro data,MAST 9500 Universal Disk Array,,ESM ver. 2.11 / 1,pmd,,,, pacificmicrodata,MAST 9500 Universal Disk Array,ESM ver. 2.11 / 1,Console,pmd,,Admin,, packard bell,PC BIOS,,,,bell9,,, packard bell,PC BIOS,,Admin,,bell9,,, packardbell,,EasyNote_MX37-U-103SP ,,administrador,1234,,, packardbell,PC BIOS,,,459441,459441,,, packardbell,PC BIOS,,Console,,bell9,Admin,, packeteer,Packetshaper,,,,touchpwd=,,, panasonic,CF-27,4,Multi,,,Admin,, panasonic,CF-28,,Multi,,,Admin,, panasonic,CF-45,,Multi,,,Admin,, panasonic,KX-TD1232,,Multi,admin,1234,Admin,, panasonic,KX-TDA 100,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,KX-TDA 200,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,KX-TDA 30,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,WV-NP240/244,V1.25-V1.50,http://192.168.0.10,admin,12345,,, pandatel,EMUX,,,admin,admin,,, pandatel,EMUX,,,admin,admin,,all, patton,RAS,,2,monitor,monitor,,, patton,RAS,,2,superuser,superuser,,, patton,RAS,2,,monitor,monitor,,, patton,RAS,2,,superuser,superuser,,, pbx,PBX (Generic),,,tech,nician,,, penril datability,vcp300 terminal server,,,,system,,, penril datability,vcp300 terminal server,,Admin,,system,,, penrildatability,vcp300 terminal server,,Multi,,system,Admin,, pentagram,Cerberus ADSL modem + router,,HTTP,admin,password,Admin,, pentaoffice,Sat Router,,Telnet,,pento,Admin,, pentasafe,VigilEnt Security Manager,,3,PSEAdmin,$secure$,,, pentasafe,VigilEnt Security Manager,,Admin,PSEAdmin,$secure$,,, pentasafe,VigilEnt Security Manager,3,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, pentasafe,VigilEnt Security Manager,3.0,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, perle,CS9000,any,Console,admin,superuser,Admin,, philips,Praesideo PA System,,Admin,admin,admin,,, philips,Praesideo PA System,,All versions,admin,admin,,, philips,Praesideo PA System,All versions,Multi,admin,admin,Admin,, phoenix,4.0,,Admin,,admin,,, phoenix,4.0,6.0.2,Multi,,admin,Admin,, phoenix,PC BIOS,,console,,BIOS,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,CMOS,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,PHOENIX,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,phoenix,Admin,Default/backdoor CMOS password, phoenix,Phoenix v1.14,,Multi,Administrator,admin,Admin,, phpreactor,PHPReactor,,1.2.7,core,phpreactor,,, phpreactor,PHPReactor,1.2.7,http,core,phpreactor,,, phptest,phpTest,,0.5.6,admin,1234,,, phptest,phpTest,,0.5.6,guest,guest,,, phptest,phpTest,0.5.6,http,admin,1234,Admin,, phptest,phpTest,0.5.6,http,guest,guest,,, pirelli,,,,on,on,Admin,Used for OnTelecom, pirelli,AGE ADSL Router,,Multi,admin,microbusiness,Admin,, pirelli,AGE ADSL Router,,Multi,user,password,User,, pirelli,DRG A225G,,,3play,3play,admin,, pirelli,DRG A225G,SAPO,192.168.1.1,user,user,admin,, pirelli,PRGAV4202N,,10.0.0.138,Telek0m,Austria&Eur0,,for Telekom Austria, pirelli,Pirelli AGE-SB,,HTTP,admin,smallbusiness,Admin,, pirelli,Pirelli AGE-UB,,HTTP,admin,microbusiness,Admin,, pirelli,Pirelli Router,,Multi,admin,microbusiness,Admin,, pirelli,Pirelli Router,,Multi,admin,mu,Admin,, pirelli,Pirelli Router,,Multi,user,password,Admin,, plaintree,Waveswitch,,,,default.password,,, planet,ADE-4000,,Multi,admin,epicrouter,Admin,, planet,ADE-4110,,HTTP,admin,epicrouter,Admin,, planet,Adsl router,,,admin,epicrouter,,, planet,Adsl router,,Multi,admin,epicrouter,,, planet,Akcess Point,,HTTP,admin,admin,Admin,, planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, planet,FNSW-2402S,,,admin, just hit ENTER ,,, planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, planet,GRT-501,,http,root,root,full,, planet,WAP-1900/1950/2000,,2.5.0,,default,,, planet,WAP-1900/1950/2000,,Admin,,default,,, planet,WAP-1900/1950/2000,2.5.0,Multi,,default,Admin,, planet,XRT-401D,,HTTP,admin,1234,Admin,, pollsafe,Pollsafe,,,SMDR,SECONDARY,,, pollsafe,Pollsafe,,modem,SMDR,SECONDARY,,, polycom,SoundPoint IP 601,,,Polycom,456,Device Admin (Web),Admin credentials for Web interface, polycom,Soundpoint VoIP phones,,HTTP,Polycom,SpIp,User,, polycom,Soundstation IP 3000,,http,administrator,**#,Admin,, polycom,ViewStation 4000,,v.35,,,,, polycom,ViewStation 4000,3.5,Multi,,admin,Admin,, polycom,ViewStation 4000,3.5,Multi,,x6zynd56,update software,, polycom,iPower 9000,,Multi,,,Admin,, postgresql,PostgreSQL,,,postgres,,,, postgresql,PostgreSQL,,CLI,postgres,,Administrator,, powerchute,UPS,,,pwrchute,pwrchute,,, prestige,650,,,admin,1234,Admin,, prestigio,Nobile,156,Multi,,,Admin,, prime,PrimeOS,,,dos,dos,,, prime,PrimeOS,,,fam,fam,,, prime,PrimeOS,,,guest,guest,,, prime,PrimeOS,,,guest1,guest,,, prime,PrimeOS,,,mail,mail,,, prime,PrimeOS,,,maint,maint,,, prime,PrimeOS,,,mfd,mfd,,, prime,PrimeOS,,,netlink,netlink,,, prime,PrimeOS,,,prime,prime,,, prime,PrimeOS,,,primenet,primeos,,, prime,PrimeOS,,,primeos,primeos,,, prime,PrimeOS,,,primos_cs,prime,,, prime,PrimeOS,,,system,prime,,, prime,PrimeOS,,,system,system,,, prime,PrimeOS,,,tele,tele,,, prime,PrimeOS,,,test,test,,, prime,PrimeOS,,Admin,system,prime,,, prime,PrimeOS,,Admin,system,system,,, prime,PrimeOS,,Multi,dos,dos,User,, prime,PrimeOS,,Multi,fam,fam,User,, prime,PrimeOS,,Multi,guest,guest,User,, prime,PrimeOS,,Multi,guest1,guest,User,, prime,PrimeOS,,Multi,guest1,guest1,User,, prime,PrimeOS,,Multi,mail,mail,User,, prime,PrimeOS,,Multi,maint,maint,User,, prime,PrimeOS,,Multi,mfd,mfd,User,, prime,PrimeOS,,Multi,netlink,netlink,User,, prime,PrimeOS,,Multi,prime,prime,User,, prime,PrimeOS,,Multi,prime,primeos,User,, prime,PrimeOS,,Multi,primenet,primenet,User,, prime,PrimeOS,,Multi,primenet,primeos,User,, prime,PrimeOS,,Multi,primeos,prime,User,, prime,PrimeOS,,Multi,primeos,primeos,User,, prime,PrimeOS,,Multi,primos_cs,prime,User,, prime,PrimeOS,,Multi,primos_cs,primos,User,, prime,PrimeOS,,Multi,system,prime,Admin,, prime,PrimeOS,,Multi,system,system,Admin,, prime,PrimeOS,,Multi,tele,tele,User,, prime,PrimeOS,,Multi,test,test,User,, prime,PrimeOS,,User,guest,guest,,, prime,PrimeOS,,User,guest1,guest,,, prime,PrimeOS,,User,guest1,guest1,,, prime,PrimeOS,,User,mail,mail,,, prime,PrimeOS,,User,mfd,mfd,,, prime,PrimeOS,,User,netlink,netlink,,, prime,PrimeOS,,User,prime,prime,,, prime,PrimeOS,,User,primenet,primenet,,, prime,PrimeOS,,User,primenet,primeos,,, prime,PrimeOS,,User,primos_cs,prime,,, prime,PrimeOS,,User,primos_cs,primos,,, prime,PrimeOS,,User,tele,tele,,, prime,PrimeOS,,User,test,test,,, primebase,SQL Database Server,,4.2,Administrator,,,, primebase,SQL Server,4.2,,Administrator,,,, prolite,Tru-Color II,version 5,Remote Control,,,,, prolite,Tru-Color II,version 6,Remote Control,,,,, prolite,Tru-Color XP,version 8,Remote Control,,,,, promise,FastTrak TX4310,,HTTP,admin,admin,admin,, promise,FastTrak TX4310,,admin,admin,admin,,, prostar,1224,,,,4321,,, prostar,1224,,Other,,4321,,, protocraft,authentic train whistle,,,musi1921,Musi%1921,,, proxim,AP-2000,,,,public,,, proxim,AP-2000,,,,public,Admin,, proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se ,no se,se me perdio el pass quiero recuperarlo, proxim,ORiNOCO AP-600,,http://169.254.128.132,,public,Administration,, proxim,ORiNOCO AP-600,all version,192.168.0.2,,,admin,, proxim,ORiNOCO AP-700,,http://169.254.128.132,,public,Administration,, proxim,Orinoco 600/2000,All,HTTP,,,Admin,WLAN accesspoint, proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215) ,TELNET/HTTP,,public,admin,, psionteklogix,9150,,HTTP,support,h179350,Admin,, pyramid computer,BenHur,,Admin,admin,admin,,, pyramid computer,BenHur,,Admin,admin,gnumpf,,, pyramid computer,BenHur,,all,admin,admin,,, pyramidcomputer,BenHur,all,HTTP,admin,admin,Admin,, pyramidcomputer,BenHur,all,HTTP,admin,gnumpf,Admin,, qdi,Broadband Gateway 100,,,,password,,, qdi,Broadband Gateway 100,,Admin,,password,,, qdi,Broadband Gateway 100,,Telnet/HTTP,,password,Admin,, qdi,PC BIOS,,,,QDI,,, qdi,PC BIOS,,Admin,,QDI,,, qdi,PC BIOS,,Console,,QDI,Admin,, qdi,SpeedEasy BIOS,,,,lesarotl,,, qdi,SpeedEasy BIOS,,Admin,,lesarotl,,, qdi,SpeedEasy BIOS,,Console,,lesarotl,Admin,, qtec,790RH,,http://192.168.1.1,Admin,,Administration,, quake,Quake Server,,,,tms,,rcon password; appears to require that you masquerade as 192.246.40.* to use, qualiteam,X-Cart,,,master,master,,, quantex,PC BIOS,,,,xljlbj,,, quantex,PC BIOS,,Admin,,teX1,,, quantex,PC BIOS,,Admin,,xljlbj,,, quantex,PC BIOS,,Console,,teX1,Admin,, quantex,PC BIOS,,Console,,xljlbj,Admin,, quantum,File Servers,,Most of them,,,,, quantum,File Servers,,User,,,,, quantum,File Servers,Most of them,HTTP,,,User,, quintumtechnologiesinc,Tenor Series,all,Multi,admin,admin,Admin,, radio shack,TAD-1004,,keypad,,744,,, radioshack,In-Store Demo PC Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., radioshack,In-Store Demo PC Windows Screen Savers,,,,RS,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., radioshack,TAD-1004,,Multi,,744,keypad,, radware,Linkproof,,ssh,lp,lp,Admin,, radware,Linkproof,3.73.03,Multi,radware,radware,Admin,, raidzone,raid arrays,,,,raidzone,,, rainbow,IKEY 1000,,,,rainbow,Admin,, rainbow,IKEY 2000,,,,PASSWORD,,, rainbow,IKEY,,1000,,rainbow,,, rainbow,IKEY,,2000,,PASSWORD,,, ramp networks,WebRamp,,,wradmin,trancell,,, rampnetworks,WebRamp,,,wradmin,trancell,,, rapidstream,RS4000-RS8000,,,rsadmin,rsadmin,,Linux, rapidstream,RapidStream Appliances,,,rsadmin,,,, raritan,KVM Switches,,,admin,raritan,,, raritan,KVM Switches,,,admin,raritan,Admin,, raytalk,RB-300,,,root,root,,, raytalk,RB-300,,,root,root,Admin,, rca,DCW615R,,http://192.168.100.1 or http://192.168.0.1,,admin,Administration,, redhat,Redhat 6.2,,,piranha,piranha,,, redhat,Redhat 6.2,,,piranha,q,,, redhat,Redhat 6.2,,HTTP,piranha,piranha,User,, redhat,Redhat 6.2,,HTTP,piranha,q,User,, redhat,Redhat 6.2,,User,piranha,piranha,,, redhat,Redhat 6.2,,User,piranha,q,,, redline,,,,user,user,192.168.25.2,, redline,an50,,,admin,admin,,, redline,an50,02.02,Multi,admin,admin,,, remedy,Remedy,,,ARAdmin,AR#Admin#,,, remedy,Remedy,,Multi,Demo,,,, remedy,Remedy,,multi,ARAdmin,AR#Admin#,Admin,, remedy,Remedy,,multi,Demo,,,, research machines,Classroom Assistant,,,manager,changeme,,, research,PC BIOS,,,,Col2ogro2,,, research,PC BIOS,,Admin,,Col2ogro2,,, research,PC BIOS,,Console,,Col2ogro2,Admin,, researchmachines,Classroom Assistant,,,manager,changeme,,Windows 95, resumix,Resumix,,,root,resumix,,, ricoh,1013F,,,,sysadm,,, ricoh,1224c,,http,,password,,, ricoh,1232c,-,http,admin,password,admin,, ricoh,1301f,,,,sysadm,,, ricoh,2035e,,web,admin,password,,no entry ta administrator, ricoh,2060,,HTTP,admin,,Admin,, ricoh,2500,,,admin,blank,admin,, ricoh,3245C,,,admin,blank,admin,, ricoh,650,,,,sysadm,http,, ricoh,AP410N,1.13,HTTP,admin,,Admin,, ricoh,AP610N,,telnet,admin,,admin,, ricoh,Aficio 1013 1515 2013 120,,,sysadm,sysadm,,, ricoh,Aficio 1022,,,Admin,password,,, ricoh,Aficio 1027,,http://,admin,password,admin,, ricoh,Aficio 1045,,HTTP,admin,password,,, ricoh,Aficio 2015,,http,admin,password,,, ricoh,Aficio 2018D,,http,admin,password,Admin,, ricoh,Aficio 2020D,,HTTP,admin,password,Admin,, ricoh,Aficio 2035,,,sisadm,password,,, ricoh,Aficio 2045e,,http,admin,password,Admin,, ricoh,Aficio 2075,,,admin,,Admin,, ricoh,Aficio 2228c,,Multi,sysadmin,password,Admin,Webpage admin, ricoh,Aficio 2232C,,Telnet,,password,Admin,, ricoh,Aficio 3025,,,admin,,Admin,, ricoh,Aficio 3035,,,admin,,Admin,, ricoh,Aficio 3228,,,admin,,Admin,, ricoh,Aficio AP3800C,2.17,HTTP,,password,Admin,alternative to sysadmin and Admin, ricoh,Aficio MP 171,,http or telnet,admin,,,, ricoh,Aficio MP 2000,,,admin,,root acces,, ricoh,Aficio MP 2500,1.03,HTTP,admin,,Administrator,, ricoh,Aficio MP 2550,,web interface,admin,,admin,, ricoh,Aficio MP 3350,,,admin,,administrator,, ricoh,Aficio MP 4500,,,admin,,,, ricoh,Aficio MP 5500,2.08,Telnet / HTTP,admin,,Admin,, ricoh,Aficio MP C2050,,,admin,,Administrator,, ricoh,Aficio MP C2800,,,admin,,,, ricoh,Aficio MP C4000,,,admin,,,, ricoh,Aficio MP C4500,,HTTP,admin,,admin,, ricoh,Aficio SP 4210N,,Web Interface,admin,,,, ricoh,Aficio SP C220N,,http,Admin,,,case sensitive must have upper case A, ricoh,Aficio,1515,http,administrator,password,administrator access,, ricoh,Aficio,2027,,admin,password,,, ricoh,Aficio,AP3800C,HTTP,sysadmin,password,Admin,, ricoh,Aficio,CL100N,Web,admin,password,,, ricoh,Aficioh,,Administrator,admin,,,, ricoh,Africo MP 161,,Telnet/HTTP,admin,,Administrator,, ricoh,C231N,,,Admin,password,,A must be capitalized in username, ricoh,CL2000N,,,admin,password,,, ricoh,CL3500N,,GUI,admin,leave blank,,, ricoh,DSC338 Printer,1.19,HTTP,,password,Admin,no user, ricoh,MFP 2550,,web interface,admin,,admin,, ricoh,MP 161SPF,,Http://,admin,,,, ricoh,MP 7500,2.02.1,HTTP,admin,,Admin,Webpage admin, ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica, ricoh,MP C4000,,http,admin,,Admin Access,, ricoh,MP C6000,,HTTP,admin,N/A,Web admin,, ricoh,MP4000,,web,admin,,,, ricoh,SP 4100N,,web interface,admin,,,leave password black, ricoh,SP C232DN,,,Admin,password,,note A is capitalized, ricoh,SP C311N,,HTTP,Admin,,Config.-Admin,Username is case-sensitive, ricoh,SP C311N,,http,Admin,,,, ricoh,SP C311N,,http,Admin,password,,, ricoh,SPC232,all versions,http,Admin,,admin,, ricoh,afcio mp 161,,telnet http,admin,,,, ricoh,aficio 650 windows xp,all versions,http//192.168.1.4,,,admin,, riverbed,Acelerador,,http,Admin,password,,, rizen,WebGUI,,,Admin,123qwe,,, rizen,WebGUI,,,Admin,123qwe,Admin,, rm,RM Connect,,,RMUser1,password,,, rm,RM Connect,,,admin,rmnetlm,,, rm,RM Connect,,,admin2,changeme,,, rm,RM Connect,,,adminstrator,changeme,,, rm,RM Connect,,,deskalt,password,,, rm,RM Connect,,,deskman,changeme,,, rm,RM Connect,,,desknorm,password,,, rm,RM Connect,,,deskres,password,,, rm,RM Connect,,,guest,,,, rm,RM Connect,,,replicator,replicator,,, rm,RM Connect,,,setup,changeme,,, rm,RM Connect,,,teacher,password,,, rm,RM Connect,,,temp1,password,,, rm,RM Connect,,,topicalt,password,,, rm,RM Connect,,,topicnorm,password,,, rm,RM Connect,,,topicres,password,,, rm,RM Connect,,Main Login,PROPAGATE,APPLICATION,Full,used in school, rm,RM Connect,,Multi,RMUser1,password,,, rm,RM Connect,,Multi,admin,rmnetlm,,, rm,RM Connect,,Multi,admin2,changeme,,, rm,RM Connect,,Multi,adminstrator,changeme,,, rm,RM Connect,,Multi,deskalt,password,,, rm,RM Connect,,Multi,deskman,changeme,,, rm,RM Connect,,Multi,desknorm,password,,, rm,RM Connect,,Multi,deskres,password,,, rm,RM Connect,,Multi,guest,,,, rm,RM Connect,,Multi,replicator,replicator,,, rm,RM Connect,,Multi,setup,changeme,,, rm,RM Connect,,Multi,teacher,password,,, rm,RM Connect,,Multi,temp1,password,,, rm,RM Connect,,Multi,topicalt,password,,, rm,RM Connect,,Multi,topicnorm,password,,, rm,RM Connect,,Multi,topicres,password,,, rm,RM Connect,,Propagating!,PROPAGATE,APPLICATION,Full,used in school, rm,Server BIOS,,,,RM,,, rm,Server BIOS,,Console,,RM,,, rm,computer,,Other,administrator,password/changeme or secret,l:/ and take of restrictions,, rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,, roamabout,RoamAbout R2 Wireless Access Platform,,Multi,admin,password,Admin,, rodopi,Rodopi billing software 'AbacBill' sql database,,,rodopi,rodopi,,, rodopi,Unknown,,,Rodopi,Rodopi,,, safecom,Router,,Admin,admin,epicrouter,,, safecom,Router,,Multi,admin,epicrouter,Admin,, sagem,F@ST ,2404,Telnet , SSH , HTTP,admin,administrator, sagem,Fast 1200 (Fast 1200),,Telnet,root,1234,User,root/1234, sagem,Fast 1400,,Multi,admin,epicrouter,Admin,, sagem,Fast 1400w,,Multi,root,1234,Admin,, sambar technologies,Sambar Server,,,admin,,,, sambar technologies,Sambar Server,,,anonymous,,,, sambar technologies,Sambar Server,,,billy-bob,,,, sambar technologies,Sambar Server,,,ftp,,,, sambar technologies,Sambar Server,,,guest,guest,,, sambartechnologies,Sambar Server,,http,admin,,Admin,, sambartechnologies,Sambar Server,,http,anonymous,,,, sambartechnologies,Sambar Server,,http,billy-bob,,,, sambartechnologies,Sambar Server,,http,ftp,,Admin,, sambartechnologies,Sambar Server,,http,guest,guest,Admin,, samsung,AHT-E300,Multi,admin,password,Admin,,, samsung,E700,,Password,Moeketsik,874434,,, samsung,N620,,Multi,,,Admin,, samsung,SGH E700,,,,874434,User,Sms, samsung,SGH E700,,,Samsung,,,Sms, samsung,SWL-3500RG,2.15,HTTP,public,public,Admin,def. WEP keys: 0123456789 1518896203, samuel abels,Ammerum,,0.6-1,user,password,,, samuelabels,Ammerum,0.6-1,,user,password,,, sap,Business Connector,,4.7,Administrator,manage,,, sap,Business Connector,,4.7,Developer,isdev,,, sap,Business Connector,,4.7,Replicator,iscopy,,, sap,Business Connector,4.7,,Administrator,manage,Admin,, sap,Business Connector,4.7,,Developer,isdev,Admin,, sap,Business Connector,4.7,,Replicator,iscopy,Admin,, sap,ITS,,,itsadmin,init,,, sap,SAP Local Database,,,SAPR3,SAP,,, sap,SAP,,,DDIC,19920706,,, sap,SAP,,,EARLYWATCH,SUPPORT,,, sap,SAP,,,SAP*,7061992,,, sap,SAP,,,SAPCPIC,ADMIN,,, sap,SAP,,000 001 066,SAP*,06071992,,, sap,SAP,,000 001,DDIC,19920706,,, sap,SAP,,000,SAPCPIC,ADMIN,,, sap,SAP,,066,EARLYWATCH,SUPPORT,,, sap,SAP,,Admin,SAPCPIC,ADMIN,,, sap,SAP,,Mandant 066,SAP,SAP internal,,, sap,SAP,,R/3,DDIC,19920706,,, sap,SAP,,R/3,EARLYWATCH,SUPPORT,,, sap,SAP,,R/3,SAP*,06071992,,, sap,SAP,,R/3,SAPCPIC,ADMIN,,, sap,SAP,,R/3,TMSADM,,,, sap,SAP,,SAP internal,DDIC,19920706,,, sap,SAP,,SAP internal,EARLYWATCH,SUPPORT,,, sap,SAP,,SAP internal,SAP*,07061992,,, sap,SAP,,SAP internal,SAP*,PASS,,, sap,SAP,R/3,,SAP*,06071992,,, sap,SAP,R/3,,TMSADM,,,, sap,SAP,R/3,SAP client,DDIC,19920706,SAP internal; Mandant 001,, sap,SAP,R/3,SAP client,EARLYWATCH,SUPPORT,SAP internal; Mandant 066,, sap,SAP,R/3,SAP client,SAP*,07061992,SAP internal; Mandant 066,, sap,SAP,R/3,SAP client,SAP*,PASS,SAP internal; all Mandants,, sap,SAP,R/3,SAP client,SAPCPIC,ADMIN,Admin,, savin,C2525,,HTTP,admin,blank,Admin,, schneider electric,PowerLogic Ethernet Communications Card,,,,admin,,, schneiderelectric,PowerLogic ethernet card,,http,,admin,Admin,, scientificatlanta,2100,comcast-supplied,http,admin,w2402,diagnostics page,192.168.100.1, scientificatlanta,2320,,http://192.168.0.1./,admin,W2402,,, scientificatlanta,2320,,http://192.168.100.1,,,,, scientificatlanta,DPR2325R3,3.0,192.168.0.1,admin,W2402,Admin,, scientificatlanta,DPX2100,Comcast-supplied,HTTP,admin,w2402,diagnostics page,192.168.100.1, scientificatlanta,EPC2100R2,HW Rev 2.1,modem,,,admin,, scientificatlanta,EPC2505,1.0,http://192.168.100.1,admin,W2402,status,, scientificatlanta,EPR2320R2,2.0,192.168.0.1,,Admin,,, scientificatlanta,EPR2320R2,v2.0.2r1262-070212,192.168.0.1,admin,admin,admin,nao consigo entra no router, scientificatlanta,EPR2325R3,3.0,http://192.168.100.1,admin,admin,admin,, scientificatlanta,SERVICE ELECTRIC CABLE (SECABLE),SERVICE ELECTRIC CABLE (SECABLE),http://192.168.100.1/,admin,W2402,Status,Status Page, scientificatlanta,WebSTAR EPC2100R2, 2.0,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, scientificatlanta,epr2325r3,all,http://192.168.100.1/,,,Admin,, seagullscientific,Track'Em,,,ADMIN,admin,Admin,, seagullscientific,Track'Em,,,USER,USER,Admin,, securicor3net,Cezanne,,,manager,friend,,, securicor3net,Cezzanne,,,manager,friend,,any, securicor3net,Monet,,,manager,friend,,any, security.org,lockpicking,,,admin,,,, securstar,ikey,,admin,admin,rainbow,,, securstar,ikey,1000,Multi,admin,rainbow,admin,, semaphore,PICK O/S,,,DESQUETOP,,,, semaphore,PICK O/S,,,DS,,,, semaphore,PICK O/S,,,DSA,,,, semaphore,PICK O/S,,,PHANTOM,,,, senao,2611CB3+D (802.11b Wireless AP),,HTTP,admin,,Admin,Default IP: 192.168.1.1, server technology,Sentry Remote Power Manager,,,ADMN,admn,,, server technology,Sentry Remote Power Manager,,,GEN1,gen1,,, server technology,Sentry Remote Power Manager,,,GEN2,gen2,,, server technology,Sentry Remote Power Manager,,Admin,ADMN,admn,,, server technology,Sentry Remote Power Manager,,view/control,GEN1,gen1,,, server technology,Sentry Remote Power Manager,,view/control,GEN2,gen2,,, servertechnology,Sentry Remote Power Manager,,Multi,ADMN,admn,Admin,Telnet port 2001, servertechnology,Sentry Remote Power Manager,,Multi,GEN1,gen1,view/control,Telnet port 2001, servertechnology,Sentry Remote Power Manager,,Multi,GEN2,gen2,view/control,Telnet port 2001, sgi,Embedded Support Partner,,,Administrator,Partner,,IRIX 6.5.6, sgi,IRIX,,,EZsetup,,,ALL, sgi,IRIX,,,lp,lp,,ALL, sgi,all,,,root,,,all, sharp,AR-201,,http,,sysadm,,, sharp,AR-280,,Full,,sysadm,,, sharp,AR-280,,HTTP,,sysadm,Full,, sharp,AR-336,,HTTP,,sysadm,admin,, sharp,AR-336,,admin,,sysadm,,, sharp,AR-407/S402 ,,Multi,,,Admin,, sharp,AR-M205,,Web,admin,Sharp,full,, sharp,AR-M257,,WEB Interface,admin,Sharp,,, sharp,AR-M355N,,,admin,Sharp,Admin,, sharp,AR-M550,,,admin,Sharp,HTTP,, sharp,AR507/S507,,HTTP,,sysadm,,, shiva,AccessPort,,,hello,hello,,, shiva,AccessPort,,,hello,hello,,Any, shiva,Any?,,,Guest,blank,,, shiva,Integrator,,Admin,admin,hello,,, shiva,Integrator,150/200/500,Multi,admin,hello,Admin,, shiva,LanRover,,,guest,,,, shiva,LanRover,,,root,,,, shiva,ShivaPort,,console,admin,hello,Admin,, shoretel,Conference Bridge,,,Admin,admin1,,, shoretel,ShoreTel Call Manager,,,admin,changeme,,, shoretel,ShoreWare Director,,,admin,changeme,,, shuttle,PC BIOS,,,,Spacve,,, shuttle,PC BIOS,,,,Spacve,Admin,, shuttle,PC BIOS,,Admin,,Spacve,,, siemens nixdorf,Hicom 100E PBX,,,31994,31994,,, siemens nixdorf,Hicom 150E PBX,,,31994,31994,,, siemens nixdorf,PBX,,8818,,uboot,,, siemens nixdorf,PC BIOS,,,,SKY_FOX,,, siemens nixdorf,PC BIOS,,Admin,,SKY_FOX,,, siemens nixdorf,PhoneMail,,,poll,poll,,, siemens nixdorf,PhoneMail,,,sysadmin,sysadmin,,, siemens nixdorf,PhoneMail,,,system,system,,, siemens nixdorf,PhoneMail,,,tech,tech,,, siemens nixdorf,ROLM PBX,,,admin,pwp,,, siemens nixdorf,ROLM PBX,,,eng,engineer,,, siemens nixdorf,ROLM PBX,,,op,operator,,, siemens nixdorf,ROLM PBX,,,su,super,,, siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, siemens,APACS,,ACM Controller,,gubed,,, siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, siemens,HiPath 3000,,,31994,31994,,, siemens,HiPath 3000,,Manager,office,office,,, siemens,HiPath 3000,,Multi,31994,31994,,, siemens,Optipoint,,,,123456,,, siemens,Optipoint,,Multi,,123456,,, siemens,PC BIOS,,,,SKY_FOX,CMOS,, siemens,PhoneMail,,,poll,tech,,, siemens,PhoneMail,,,sysadmin,sysadmin,,, siemens,PhoneMail,,,tech,tech,,, siemens,Phonemail,,,tech,field,,, siemens,Phonemail,,Multi,tech,field,,, siemens,QUADLOG,,CCM Controller,,gubed,,, siemens,ROLM PBX,,,admin,pwp,,, siemens,ROLM PBX,,,eng,engineer,,, siemens,ROLM PBX,,,op,op,,, siemens,ROLM PBX,,,op,operator,,, siemens,ROLM PBX,,,su,super,,, siemens,SE515,,,admin,,,, siemens,SE515,,HTTP,admin,,,, siemens,Siemens Nixdorf 8818 PBX,,,,uboot,,, siemens,Siemens Nixdorf Hicom 100E PBX,,,31994,31994,,, siemens,Siemens Nixdorf Hicom 150E PBX,,,31994,31994,,, siemens,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, siemens,Siemens Pro C5,,Multi,,,Admin,, siemens,SpeedStream 4100,,HTTP,admin,hagpolm1,Admin,DSL Modem and Router, siemens,WinCC,,,WinCCAdmin,2WSXcde.,,, siemens,WinCC,,,WinCCConnect,2WSXcder,,, siemens,hipath,,,,,,, siemens,hipath,,Admin,,,,, siemens,hipath,,Multi,,,Admin,, sigma,Sigmacoma IPshare,Sigmacom router v1.0,HTTP,admin,admin,Admin,, sigmatel,s3+,s3+,,,1221,,can be change, siips,Trojan,,8974202,Administrator,ganteng,,, siips,Trojan,,Admin,Administrator,ganteng,,, siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,, siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,Thx, silextechnology,PRICOM (Printserver),,Multi,root,,Admin,for telnet / HTTP, silicon graphics,IRIX,,,4Dgifts,,,, silicon graphics,IRIX,,,6.x,,,, silicon graphics,IRIX,,,Ezsetup,,,, silicon graphics,IRIX,,,OutOfBox,,,, silicon graphics,IRIX,,,demos,,,, silicon graphics,IRIX,,,field,field,,, silicon graphics,IRIX,,,tour,tour,,, silicon graphics,IRIX,,,tutor,,,, silicon graphics,IRIX,,5.x 6.x,guest,,,, silicon graphics,IRIX,,5.x 6.x,lp,,,, silicon graphics,IRIX,,Admin,4Dgifts,,,, silicon graphics,IRIX,,Admin,4Dgifts,4Dgifts,,, silicon graphics,IRIX,,Admin,Ezsetup,,,, silicon graphics,IRIX,,Admin,OutOfBox,,,, silicon graphics,IRIX,,Admin,demos,,,, silicon graphics,IRIX,,Admin,field,field,,, silicon graphics,IRIX,,Admin,tour,tour,,, silicon graphics,IRIX,,Admin,tutor,,,, silicon graphics,IRIX,,Admin,tutor,tutor,,, silicon graphics,IRIX,,CLI,guest,,,, silicon graphics,IRIX,,CLI,lp,,,, silicongraphics,IRIX,,Multi,4Dgifts,,Admin,, silicongraphics,IRIX,,Multi,4Dgifts,4Dgifts,Admin,, silicongraphics,IRIX,,Multi,Ezsetup,,Admin,, silicongraphics,IRIX,,Multi,OutOfBox,,Admin,, silicongraphics,IRIX,,Multi,demos,,Admin,, silicongraphics,IRIX,,Multi,field,field,Admin,, silicongraphics,IRIX,,Multi,tour,tour,Admin,, silicongraphics,IRIX,,Multi,tutor,,Admin,, silicongraphics,IRIX,,Multi,tutor,tutor,Admin,, silicongraphics,IRIX,5.x 6.x,Multi,guest,,CLI; UID guest,, silicongraphics,IRIX,5.x 6.x,Multi,lp,,CLI; UID lp,, sipura,SPA-3000,,prot:,admin,admin,Administration,, sitara,qosworks,,Console,root,,Admin,, site interactive,Auction Weaver Lite,,,admin,pass,,, sitecom,All WiFi routers,,Multi,,sitecom,Admin,, sitecom,DC-207,,,admin,admin,Admin,, sitecom,WL-108,,,admin,password,Admin,, sitecom,WL-109,,,admin,password,Admin,, sitecom,WL-114v2,,,admin,admin,Admin,, sitecom,WL-122,,,,sitecom,Admin,, sitecom,WL-607,,http://192.168.0.1,admin,admin,,, sitecom,WR-1133,,,,damin,Admin,, sitecom,wl-108,,192.168.0.1,,,,, siteinteractive,Auction Weaver Lite,,,admin,pass,Admin,, smartbridges,airBridge,,admin,admin,public,,, smartbridges,airBridge,2.x,Multi,admin,public,admin,, smartswitch,Router 250 ssr2500,,Admin,admin,,,, smartswitch,Router 250 ssr2500,,v3.0.9,admin,,,, smartswitch,Router 250 ssr2500,v3.0.9,Multi,admin,,Admin,, smc,2804WR,,HTTP,,smcadmin,Admin,, smc,7004FW,,Admin,,,,, smc,7004FW,,HTTP,,,Admin,, smc,7004VBR,V.2,http://192.168.2.1.,,smcadmin,Admin,192.168.2.1., smc,7204BRA,,HTTP,smc,smcadmin,web,, smc,7204BRA,,Multi,smc,smcadmin,Admin,, smc,7204bra,,web,smc,smcadmin,,, smc,7401BRA,1,HTTP,admin,barricade,Admin,, smc,7401BRA,2,HTTP,smc,smcadmin,Admin,, smc,7901W/BRA,,,admin,smcadmin,,, smc,7901W/BRA,,HTTP,admin,smcadmin,,, smc,7901W/BRA,,Multi,admin,smcadmin,,, smc,8014,Comcast,,cusadmin,highspeed,Admin,, smc,Barricade 7004 AWBR,,,admin,,,, smc,Barricade 7004 AWBR,,Admin,admin,,,, smc,Barricade 7004ABR,,,,0000,Admin,, smc,Barricade 7004AWBR,,Multi,admin,,Admin,192.168.123.254 (WiFi AP), smc,Barricade 7004VBR,V.2,,,smcadmin,Admin,, smc,Barricade 7004VWBR,,Multi,,,Admin,Connect to 192.168.2.1 or 192.168.2.1:88, smc,Barricade 7204BRB,,HTTP,admin,smcadmin,Admin,, smc,Barricade Router,,,Admin,Barricade,,, smc,Barricade Router,,7004ABR,,0000,,, smc,Barricade Routers,,,Admin,Barricade,Admin,, smc,Modem/Router,,HTTP,cusadmin,highspeed,Customer Admin,Comcast Commercial High Speed Modem model number 8013WG, smc,Modem/Wireless Router,,http://192.168.0.1,cusadmin,password,root,, smc,Router,,Admin,admin,admin,,, smc,Router,,All,admin,admin,,, smc,Router,All,HTTP,admin,admin,Admin,, smc,Router/Modem,BR7401,Multi,admin,barricade,Admin,, smc,SMB2804WBR,V2,Multi,Administrator,smcadmin,Admin,, smc,SMC broadband router,,HTTP,admin,admin,Admin,, smc,SMC2304 Router,,,,smcadmin,,, smc,SMC2304WBR-AG,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC2404 Router,,,,smcadmin,,, smc,SMC2652W,,,default,WLAN_AP,Admin,, smc,SMC2804 Router,,,,smcadmin,,, smc,SMC2804WBR,,HTTP,admin,smcadmin,Admin,, smc,SMC2804WBR,v.1,HTTP,,smcadmin,Admin,, smc,SMC2804WBRP-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC2804WBRP-G,BARRICADE g,192.168.2.1,,,house hold names,, smc,SMC7004VBR,,http://192.168.2.1,,,Administration,, smc,SMC7904BRA,,Multi,,smcadmin,Admin,, smc,SMC7904BRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC7904WBRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC7908VoWBRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC8014,1B,http://192.168.0.1,cusadmin,password,user,Brighthouse CFL, smc,SMC8014W-G,2A,http://192.168.0.1,cusadmin,password,Admin,This is a Cable Modem / Wireless Router., smc,SMCBR14UP,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR14VPN,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR18VPN,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR24Q,,http://192.168.2.1,smcadmin,smcadmin,Administration,, smc,SMCD3G-CCR,,http://10.1.10.1,cusadmin,highspeed,admin,Comcast small business modem, smc,SMCWBR-14N,,http://192.168.2.1,admin,smcadmin,,, smc,SMCWBR14-G,,HTTP,,smcadmin,Admin,mentioned password (no passwd) on your webpage is wrong, smc,SMCWBR14-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWBR14-GM,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWBR14-N2,,http:192.168.2.1,Admin,smcadmin,Admin,, smc,SMCWBR14T-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWEBT-G,,http://192.168.2.25,,smcadmin,Administration,, smc,WiFi Router,All,HTTP,,smcadmin,Admin,model #2804WBRP-G, smc,Wireless Router 2655W,,Initial Password,None Needed,MiniAP,,, smc,Wireless Router 2655W,1.4h.9,HTTP,None Needed,MiniAP,Initial Password,, smc,all models,all versions,cable,,highspeed,user,, smc,smcwbr14-3gn,,192.168.2.1.,admin,smcadmin,,, smc,wbr14-3gn,,192.168.2.1.,admin,123465,,, smith & bentzen,InstantWebMail (IWM),,,username,password,,, smithbentzen,Instant Web Mail (IWM),,http,username,password,,, snapgear,Pro, Lite, and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., snapgear,SnapGear,,,root,default,,, snapgear,SnapGear,,Multi,root,default,,, snapgear,firewall,,Multi,root,admin,tcp-ip,, snapgear,firewall,,tcp-ip,root,admin,,, snom,320,,http,Administrator,0000,,, snom,360,,http,Administrator,0000,,, softwarehouse,CCURE Access Control System,(all),Console,manager,manager,Admin,, softwarehouse,CCURE Access Control System,,Admin,manager,manager,,, soho,nbg800,,,admin,1234,,unknown, solution6,Viztopia Accounts,,Multi,aaa,often blank,Admin,, sonicwall,ALL,,ALL,admin,password,,, sonicwall,ALL,,Admin,admin,password,,, sonicwall,Any Firewall Device,,,admin,password,,, sonicwall,Firewall,,,admin,password,,, sonicwall,Firewall,,HTTP,admin,password,root,, sonicwall,Firewall,,root,admin,password,,, sonicwall,Most UTM Devices (TZ/PRO/NSA),,http://192.168.168.168:80/,admin,password,,, sonicwall,SOHO TELE TZ and PRO,,,admin,password,,, sonicwall,TZ 190,,Https://10.10.10.206,admin,,,, sonicwall,TZ1000,1.03,,admin,depp,,, sonicx,SonicAnime,on,Telnet,root,admin,Admin,1.0101E+14, sony,Network Camera SNC-RZ30,,,admin,admin,,, sony,Network Camera SNC-RZ30,,HTTP,admin,admin,,, sonyericsson,T290i,,,,0000,default to reset the phone,, sonyericsson,T68i,,,,0000,default to reset the phone,, sonyericsson,sony ericsson xperia,x1,,apex,ccg425,,, sophiaschweizag,Protector,,HTTPS,admin,Protector,Admin,, sophiaschweizag,Protector,,SSH,root,root,Admin,, sorenson,SR-200,,HTTP,,admin,Admin,, sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., sourcefire,RNA Sensor,,,admin,password,,, sourcefire,RNA Sensor,,,root,password,,, sourcefire,RNA Sensor,,http,admin,password,Admin,, sourcefire,RNA Sensor,,ssh/console,root,password,Admin,, sovereign hill,InQuery,,,Admin,shs,,, sovereignhill,InQuery,,,Admin,shs,Admin,, soyo,PC BIOS,,console,,SY_MB,Admin,, speco,CCTV Digital Video Recorder,all,web interface,admin,1234,admin operator,, speco,CCTV Digital Video Recorder,all,web interface,user,4321,viewing user,, speedstream,5660,,Telnet,,adminttd,Admin,, speedstream,5667,R4.0.1 ,HTTP,,admin,Admin,, speedstream,5861 SMT Router,,,admin,admin,,, speedstream,5861 SMT Router,,Admin,admin,admin,,, speedstream,5861 SMT Router,,Multi,admin,admin,Admin,, speedstream,5871 IDSL Router,,,admin,admin,,, speedstream,5871 IDSL Router,,Admin,admin,admin,,, speedstream,5871 IDSL Router,,Multi,admin,admin,Admin,, speedstream,DSL,,,admin,admin,,, speedstream,DSL,,Admin,admin,admin,,, speedstream,DSL,,Multi,admin,admin,Admin,, speedstream,Router 250 ssr250,,,admin,admin,,, speedstream,Router 250 ssr250,,Admin,admin,admin,,, speedstream,Router 250 ssr250,,Multi,admin,admin,Admin,, speedxess,HASE-120,,,,speedxess,,, speedxess,HASE-120,,Admin,,speedxess,,, speedxess,HASE-120,,Multi,,speedxess,Admin,, spider systems,M250,,,,hello,,, spidersystems,M250,,,,hello,,, spike,CPE,,,enable,,,, spike,CPE,,Admin,enable,,,, spike,CPE,,Console,enable,,Admin,, sprint,PCS,,Other,self,system,remote voicemail,, sprint,pcs,,remote voicemail,self,system,,, ssangyoung,SR2501,,,,2501,,, stratitec,TimeIPS,,root,root,ahetzip8,,, stratitec,TimeIPS,All,Console,root,ahetzip8,root,, sun,,,,root,,,SunOS 4.1.4, sun,Cobalt,,HTTP,admin,admin,Admin,, sun,E10000 System Service Processor,,multi,ssp,ssp,Admin,, sun,JavaServer,,,admin,admin,,, sun,JavaWebServer,,1.x 2.x,admin,admin,,, sun,JavaWebServer,,Admin,admin,admin,,, sun,JavaWebServer,1.x 2.x,AdminSrv,admin,admin,Admin,, sun,Sun E10000 System Service Processor,,,ssp,ssp,,, sun,SunOS,,,root,t00lk1t,,, sun,SunOS,,,root,t00lk1t,Admin,, sun,SunScreen,,3.1 Lite,admin,admin,,, sun,SunScreen,3.1 Lite,http (with java) port 3852,admin,admin,Admin,, sun,many,,,root,sun123,,, sun,many,,Other,root,sun123,,, sunmicrosystems,ILOM of X4100,1,HTTP,root,changeme,Admin,, supermicro,PC BIOS,,,,ksdjfg934t,,, supermicro,PC BIOS,,Admin,,ksdjfg934t,,, supermicro,PC BIOS,,Console,,ksdjfg934t,Admin,, surecom,EP3501/3506,,,admin,surecom,,own os, surecom,Unknown,,,admin,surecom,,, surecom,Wireless Broadband Router 11Mbps,,,admin,admin,Administrator,, suse gmbh,Emailserver,,1.x,root,root,,, suse gmbh,Emailserver,,Admin,root,root,,, susegmbh,Emailserver,1.x,Telnet,root,root,Admin,, sweex,,,,sweex,mysweex,,, sweex,Broadband Router,,Admin,,blank,,, sweex,Broadband Router,LB000020,HTTP,,blank,Admin,, sweex,LW055,,192.168.55.1,sweex,mysweex,admin,, sweex,MO200,,http://192.168.200.1,sweex,mysweex,,, swissvoice,IP 10S,,Telnet,target,password,Admin,, sybase (datev),Adaptive Server Enterprise,,12,sa,sasasa,,, sybase (datev),Adaptive Server Enterprise,,Admin,sa,sasasa,,, sybase,Adaptive Server Enterprise,,,12.x,,,, sybase,Adaptive Server Enterprise,,11.x 12.x,sa,,,, sybase,Adaptive Server Enterprise,,SA and SSO roles,sa,,,, sybase,Adaptive Server Enterprise,11.x 12.x,Multi,sa,,SA and SSO roles,, sybase,EAServer,,HTTP,jagadmin,,Admin,Source : Manufactor documentation, sybase,Sybase,,8,DBA,SQL,,, sybase,Sybase,,Admin,DBA,SQL,,, sybase,Sybase,8.0,Multi,DBA,SQL,Admin,, sybasedatev,Adaptive Server Enterprise,12.0,Multi,sa,sasasa,Admin,, symantec,Brightmail Anti-Spam,,,root,brightmail,,, symantec,NAV CORP / ALL,,,admin,symantec,,, symantec,NAV CORP / ALL,,Admin,admin,symantec,,, symantec,NAV CORP / ALL,,HTTP,admin,symantec,Admin,, symantec,Norton Antivirus Corp Ed.,,Admin,,symantec,,, symantec,Norton Antivirus Corp Ed.,,all,,symantec,,, symantec,Norton Antivirus Corp Ed.,all,Multi,,symantec,Admin,, symantec,VPN-Firewall,,,admin,,,, symantec,VPN/Firewall Appliance,100/200,http,admin,,Admin,, symbol,AP-2412,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, symbol,AP-3020,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, symbol,AP-4111,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, symbol,AP-4121,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, symbol,AP-4131,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, symbol,AP-5131,,Multi,admin,motorola,https,, symbol,Spectrum 24 Access Point,,,Symbol,Symbol,,, symbol,Spectrum 24 Access Point,,HTTP,Symbol,Symbol,,, symbol,Spectrum 24 Access Point,,http,symbol,Symbol,Admin,, symbol,Spectrum,series 4100-4121,HTTP,,Symbol,Admin,Access Point Wireless, symbol,ap5131,,,admin,symbol,,, syskonnect,6616,,,default.password,,,, system32,VOS,,Multi,install,secret,Admin,, tandberg,Border Controller,,Telnet/ssh/http,admin,TANDBERG,Admin,, tandberg,DLT8000 Autoloader 10x,,Console,,10023,Maintenance,, tandberg,Gatekeeper,,,admin,TANDBERG,Admin,, tandberg,TANDBERG,,8000,,TANDBERG,,, tandberg,Tandberg,8000,Multi,,TANDBERG,Admin,http://www.tandberg.net/collateral/user_manuals/TANDBERG_8000_UserMan.pdf, tandem,TACL,,Multi,super.super,,Admin,, tandem,TACL,,Multi,super.super,master,Admin,, tasman,T1,1000 Series,console,Tasman,Tasmannet,Admin,, tasman,T1,4000 Series,console,Tasman,Tasmannet,Admin,, tasman,T1,6000 Series,console,Tasman,Tasmannet,Admin,, tasman,T1,7000 Series,console,Tasman,Tasmannet,Admin,, tcomfort,Routers,,HTTP,Administrator,,Admin,, teamxodus,XeniumOS,2.3,FTP,xbox,xbox,Admin,, tecom,Titan,,admin,TECOM MASTER,4346,,, tecom,Titan,2.06,Other,TECOM MASTER,4346,admin,, tekelec,Eagle STP,,,eagle,eagle,,, teklogix,Accesspoint,,Multi,Administrator,,Admin,, telappliant,IP2006 SIP Phone,,http,admin,1234,Admin,, telcosystems,Edge Link 100,,Console,telco,telco,telco,, telebit,Netblazer,,,setup,setup,,, telebit,Netblazer,,,snmp,nopasswd,,, telebit,netblazer 3.*,,,setup,setup,,, telebit,netblazer 3.*,,,snmp,nopasswd,,, telecomnz,Nokia M10,,,Telecom,Telecom,,, teledat,Routers,,HTTP,admin,1234,Admin,, telelec,Eagle,,,eagle,eagle,,, teletronics,WL-CPE-Router,3.05.2,HTTPS,admin,1234,Admin,, telewell,TW-EA200,,Multi,admin,password,Admin,, telewell,TW-EA510,,http://192.168.0.254,admin,admin,Admin,, telindus,1124,,HTTP,,,Admin,, telindus,SHDSL1421,yes,HTTP,admin,admin,Admin,, telindus,telindus,2002,Telnet,admin,admin,Admin,, tellabs,7120,,Multi,root,admin_1,Admin,telnet on port 3083, tellabs,Titan 5500,,Admin,tellabs,tellabs#1,,, tellabs,Titan 5500,,FP 6.x,tellabs,tellabs#1,,, tellabs,Titan 5500,FP 6.x,Multi,tellabs,tellabs#1,Admin,, teltronic s.a.u.,NEBULA,,,admin,tetra,,, telus,Telephony Services,,,(created),telus00,,, telus,Telephony and internet services,,,(username),telus00,User,Initial password if issued in 2000, telus,Telephony and internet services,,,(username),telus01,User,Initial password if issued in 2001, telus,Telephony and internet services,,,(username),telus02,User,Initial password if issued in 2002, telus,Telephony and internet services,,,(username),telus03,User,Initial password if issued in 2003, telus,Telephony and internet services,,,(username),telus04,User,Initial password if issued in 2004, telus,Telephony and internet services,,,(username),telus05,User,Initial password if issued in 2005, telus,Telephony and internet services,,,(username),telus06,User,Initial password if issued in 2006, telus,Telephony and internet services,,,(username),telus07,User,Initial password if issued in 2007, telus,Telephony and internet services,,,(username),telus08,User,Initial password if issued in 2008, telus,Telephony and internet services,,,(username),telus09,User,Initial password if issued in 2009, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, terayon,TeraLink 1000 Controller,,,admin,password,,, terayon,TeraLink 1000 Controller,,,user,password,,, terayon,TeraLink Getaway,,,admin,password,,, terayon,TeraLink Getaway,,,user,password,,, terayon,TeraLink,,,admin,password,,, terayon,Unknown,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, textportal,TextPortal,,,god1,12345,,, textportal,TextPortal,,,god2,12345,,, thomson,,,,D8AA0,12345678,,, thomson,585,7,192.168.254,,,admin,, thomson,782i,,http://192.168.1.254,Administrator,CPE.hgw.12,Administrator,Made in Macedonia! BaDxBoY, thomson,SpeedTouch ,,125.24.231.95,admin,suadmin,,, thomson,SpeedTouch 530,,http://10.0.0.138,,,Administration,, thomson,SpeedTouch 536,,http://192.168.1.254,Administrator,,Administration,, thomson,SpeedTouch 546,,http://192.168.1.254 or http://speedtouch.lan,Administrator,,Administration,, thomson,SpeedTouch 580,,http://192.168.1.254,Administrator,,Administration,, thomson,SpeedTouch 585,,http://192.168.1.254,Administrator,,Administration,, thomson,SpeedTouch 780 WL,SSID.SpeedTouchB,192.168.1.254,,,,, thomson,SpeedTouch Home,,http://10.0.0.138,admin,admin,Administration,, thomson,SpeedTouch Pro,,http://10.0.0.138,admin,admin,Administration,, thomson,SpeedTouch261A3E,SpeedTouch585v6,,administrator,administrator,,, thomson,SpeedTouch580,,,admin,admin,,, thomson,SpeedTouch580,4.3.19,HTTP,admin,admin,,, thomson,TG585,7,192.168.1.254,jalvarez,pc2119,Poniente 29,, thomson,speed touch,780i wl,,szilizs,keszeg,,, thomson,speedtouch 585V6,,,Admin,23698,,, thomson,xp,all versions,http://192.168.1.254/,administrator,,administrator,, tiara networks,(router???),,1400 6100 6200,,tiara,,, tiara networks,(router???),,tiaranet,,tiara,,, tiara,1400,3.x,Console,tiara,tiaranet,Admin,also known as Tasman Networks routers, tiara,Tiara,,,tiara,tiaranet,,, tiaranetworks,(router???),1400 6100 6200,Multi,,tiara,tiaranet,, tim schaab,Mad.Thought,,2.0.1,theman,changeit,,, timschaab,Mad.Thought,2.0.1,http,theman,changeit,Admin,, tiny,PC BIOS,,,,Tiny,,, tiny,PC BIOS,,Console,,Tiny,Admin,, tinys,PC BIOS,,,,Tiny,,, tinys,PC BIOS,,,,tiny,,, tinys,PC BIOS,,Admin,,Tiny,,, tmc,PC BIOS,,,,BIGO,,, tmc,PC BIOS,,Admin,,BIGO,,, tmc,PC BIOS,,Console,,BIGO,Admin,, toplayer,AppSwitch 2500,,,siteadmin,toplayer,,Any, toplayer,AppSwitch,,,siteadmin,toplayer,,, topsec,firewall,,Multi,superman,talent,Admin,, toshiba 8000,Laptop,,,,,,, toshiba 8000,Laptop,,Admin,,,,, toshiba,Most laptops,,console,,,,, toshiba,PC BIOS,,,,24Banc81,,, toshiba,PC BIOS,,,,toshy99,,, toshiba,PC BIOS,,Admin,,24Banc81,,, toshiba,PC BIOS,,Admin,,Toshiba,,, toshiba,PC BIOS,,Admin,,toshy99,,, toshiba,PC BIOS,,Console,,24Banc81,Admin,, toshiba,PC BIOS,,Console,,Toshiba,Admin,, toshiba,PC BIOS,,Console,,toshy99,Admin,, toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes, toshiba,TR-650,,,admin,tr650,,V2.01.00, toshiba,Toshiba 8000 Laptop,,Multi,,,Admin,, toshiba,eStudio,All versions,http://,admin,123456,admin,, tp link,Tp link,,,admin,admin,,, trend micro,InterScan VirusWall,,,admin,admin,,, trend micro,Trend Micro,,,admin,admin,,, trend micro,Viruswall,,Admin,admin,admin,,, trend micro,Viruswall,,all versions,admin,admin,,, trendmicro,,7.3,,admin,admin,,, trendmicro,ISVW (VirusWall),,,admin,admin,,any, trendmicro,Viruswall,all versions,HTTP on port 1812,admin,admin,Admin,, trendnet,TEW 432 BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,, trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,konya, trendnet,TEW-432BRP,,http://192.168.0.1,,,,, trendnet,TEW-432BRP,TEW-432BRP,,hiua,xurxure,blank,, trendnet,TEW-450APB,,,admin,admin,,, trendnet,TEW-452BRP,,http://192.168.1.1,admin,admin,,, trendnet,TEW-510APB,,http://192.168.1.250,,admin,,, trendnet,TEW-511BRP,,http://192.168.1.1,,admin,,, trendnet,TEW-631BRP,,http://192.168.1.1,admin,admin,,, trendnet,TEW-639GR,,192.168.10.1,admin,payago,,, trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,AMIN,ADMIN,ADMIN,, trendnet,TK1601R,,,,00000000,,, trendnet,TK1602R,,,,00000000,,, trendnet,TK801R,,,,00000000,,, trendnet,TK802R,,,,00000000,,, trendnet,TPL110AP,,http://10.0.0.3,admin,admin,,, trendnet,TRENDNET TEW411BRP,,198.162.1.1,,admin,Admin access,, trendnet,TW100-BRF114,,http://192.168.0.1,,,,, trendnet,TW100-BRV204,,,,,,, trendnet,TW100-BRV304,,,,,,, trendnet,TW100-S4W1CA,,http://192.168.1.1,,,,, trendnet,tew-432brp,windows7,http://192.168.10,1,,admin,, trendnet,tw100-s4w1ca,,http://192.168.0.1,admini,admini,admin,nnu stiu parola si numele vechi de la trendnet, trintech,eAcquirer App/Data Servers,,,t3admin,Trintech,,, trintech,eAcquirer,,,t3admin,Trintech,,, triumphadler,DC2116,1.0,http://,admin,0000,admin,, troy,ExtendNet 100zx,,Multi,admin,extendnet,Admin,dizphunKt, tsunami,Tsunami-45,,,managers,managers,,, tsunami,Tsunami-45,1.0,Multi,managers,managers,,, tvt system,Expresse G5 DS1 Module,,,,enter,,, tvt system,Expresse G5 DS1 Module,,Admin,,enter,,, tvt system,Expresse G5,,,craft,,,, tvt system,Expresse G5,,Admin,craft,,,, tvtsystem,Expresse G5 DS1 Module,,Multi,,enter,Admin,, tvtsystem,Expresse G5,,Multi,craft,,Admin,, type3,Typo3,3.6,,admin,password,Admin,, typo3,TYPO3,,3.6,admin,password,,, unex,NexIP Routers,,,,password,,, unex,NexIP Routers,,HTTP,,password,Admin,, uniden,UIP1868P,,http://192.168.15.1,admin,UnidEn79!,Configuration,password is case sensitive, uniden,UIP1869V,,http://192.168.15.1,admin,admin,,, uniden,UIP300,,HTTP,user,123456,,, uniden,WNR2004,,http://192.168.1.1,UNIDEN,,,, unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, unix,Generic,,,administrator,,,, unix,Generic,,,administrator,administrator,,, unix,Generic,,,anon,anon,,, unix,Generic,,,bbs,,,, unix,Generic,,,bbs,bbs,,, unix,Generic,,,bin,sys,,, unix,Generic,,,checkfs,checkfs,,, unix,Generic,,,checkfsys,checkfsys,,, unix,Generic,,,checksys,checksys,,, unix,Generic,,,daemon,daemon,,, unix,Generic,,,demo,,,, unix,Generic,,,demo,demo,,, unix,Generic,,,demos,,,, unix,Generic,,,demos,demos,,, unix,Generic,,,dni,,,, unix,Generic,,,fal,,,, unix,Generic,,,fal,fal,,, unix,Generic,,,fax,fax,,, unix,Generic,,,ftp,,,, unix,Generic,,,ftp,ftp,,, unix,Generic,,,games,games,,, unix,Generic,,,gopher,gopher,,, unix,Generic,,,gropher,,,, unix,Generic,,,guest,,,, unix,Generic,,,guest,guestgue,,, unix,Generic,,,halt,,,, unix,Generic,,,halt,halt,,, unix,Generic,,,informix,informix,,, unix,Generic,,,install,install,,, unix,Generic,,,lp,,,, unix,Generic,,,lp,lp,,, unix,Generic,,,lpadm,lpadm,,, unix,Generic,,,lpadmin,lpadmin,,, unix,Generic,,,lynx,,,, unix,Generic,,,mail,,,, unix,Generic,,,mail,mail,,, unix,Generic,,,man,man,,, unix,Generic,,,me,,,, unix,Generic,,,mountfs,mountfs,,, unix,Generic,,,mountfsys,mountfsys,,, unix,Generic,,,mountsys,mountsys,,, unix,Generic,,,news,news,,, unix,Generic,,,nobody,,,, unix,Generic,,,nobody,nobody,,, unix,Generic,,,nuucp,,,, unix,Generic,,,operator,,,, unix,Generic,,,operator,operator,,, unix,Generic,,,oracle,,,, unix,Generic,,,postmaster,postmast,,, unix,Generic,,,powerdown,powerdown,,, unix,Generic,,,rje,rje,,, unix,Generic,,,root,root,,, unix,Generic,,,setup,setup,,, unix,Generic,,,shutdown,,,, unix,Generic,,,shutdown,shutdown,,, unix,Generic,,,sync,,,, unix,Generic,,,sync,sync,,, unix,Generic,,,sys,sys,,, unix,Generic,,,sys,system,,, unix,Generic,,,sysadm,admin,,, unix,Generic,,,sysadm,sysadm,,, unix,Generic,,,sysadmin,sysadmin,,, unix,Generic,,,sysbin,sysbin,,, unix,Generic,,,system_admin,,,, unix,Generic,,,system_admin,system_admin,,, unix,Generic,,,trouble,trouble,,, unix,Generic,,,umountfs,umountfs,,, unix,Generic,,,umountfsys,umountfsys,,, unix,Generic,,,umountsys,umountsys,,, unix,Generic,,,unix,unix,,, unix,Generic,,,user,user,,, unix,Generic,,,uucp,uucp,,, unix,Generic,,,uucpadm,uucpadm,,, unix,Generic,,,web,,,, unix,Generic,,,web,web,,, unix,Generic,,,webmaster,,,, unix,Generic,,,www,,,, unix,Generic,,Admin,adm,,,, unix,Generic,,Admin,adm,adm,,, unix,Generic,,Admin,bin,sys,,, unix,Generic,,Admin,install,install,,, unix,Generic,,Admin,mountfs,mountfs,,, unix,Generic,,Admin,mountfsys,mountfsys,,, unix,Generic,,Admin,mountsys,mountsys,,, unix,Generic,,Admin,root,,,, unix,Generic,,Admin,root,hp,,, unix,Generic,,Admin,root,root,,, unix,Generic,,Admin,setup,setup,,, unix,Generic,,Admin,sys,bin,,, unix,Generic,,Admin,sys,sys,,, unix,Generic,,Admin,sys,system,,, unix,Generic,,Admin,sysadm,admin,,, unix,Generic,,Admin,sysadm,sysadm,,, unix,Generic,,Admin,sysadmin,sysadmin,,, unix,Generic,,Admin,sysbin,sysbin,,, unix,Generic,,Admin,system_admin,,,, unix,Generic,,Admin,system_admin,system_admin,,, unix,Generic,,HP-UX,root,hp,,, unix,Generic,,Multi,adm,,Admin,, unix,Generic,,Multi,adm,adm,Admin,, unix,Generic,,Multi,admin,admin,User,, unix,Generic,,Multi,administrator,,User,, unix,Generic,,Multi,administrator,administrator,User,, unix,Generic,,Multi,anon,anon,User,, unix,Generic,,Multi,bbs,,User,, unix,Generic,,Multi,bbs,bbs,User,, unix,Generic,,Multi,bin,sys,Admin,, unix,Generic,,Multi,checkfs,checkfs,User,, unix,Generic,,Multi,checkfsys,checkfsys,User,, unix,Generic,,Multi,checksys,checksys,User,, unix,Generic,,Multi,daemon,,User,, unix,Generic,,Multi,daemon,daemon,User,, unix,Generic,,Multi,demo,,User,, unix,Generic,,Multi,demo,demo,User,, unix,Generic,,Multi,demos,,User,, unix,Generic,,Multi,demos,demos,User,, unix,Generic,,Multi,dni,,User,, unix,Generic,,Multi,dni,dni,User,, unix,Generic,,Multi,fal,,User,, unix,Generic,,Multi,fal,fal,User,, unix,Generic,,Multi,fax,,User,, unix,Generic,,Multi,fax,fax,User,, unix,Generic,,Multi,ftp,,User,, unix,Generic,,Multi,ftp,ftp,User,, unix,Generic,,Multi,games,,User,, unix,Generic,,Multi,games,games,User,, unix,Generic,,Multi,gopher,gopher,User,, unix,Generic,,Multi,gropher,,User,, unix,Generic,,Multi,guest,,User,, unix,Generic,,Multi,guest,guest,User,, unix,Generic,,Multi,guest,guestgue,User,, unix,Generic,,Multi,halt,,User,, unix,Generic,,Multi,halt,halt,User,, unix,Generic,,Multi,informix,informix,User,, unix,Generic,,Multi,install,install,Admin,, unix,Generic,,Multi,lp,,User,, unix,Generic,,Multi,lp,bin,User,, unix,Generic,,Multi,lp,lineprin,User,, unix,Generic,,Multi,lp,lp,User,, unix,Generic,,Multi,lpadm,lpadm,User,, unix,Generic,,Multi,lpadmin,lpadmin,User,, unix,Generic,,Multi,lynx,,User,, unix,Generic,,Multi,lynx,lynx,User,, unix,Generic,,Multi,mail,,User,, unix,Generic,,Multi,mail,mail,User,, unix,Generic,,Multi,man,,User,, unix,Generic,,Multi,man,man,User,, unix,Generic,,Multi,me,,User,, unix,Generic,,Multi,me,me,User,, unix,Generic,,Multi,mountfs,mountfs,Admin,, unix,Generic,,Multi,mountfsys,mountfsys,Admin,, unix,Generic,,Multi,mountsys,mountsys,Admin,, unix,Generic,,Multi,news,,User,, unix,Generic,,Multi,news,news,User,, unix,Generic,,Multi,nobody,,User,, unix,Generic,,Multi,nobody,nobody,User,, unix,Generic,,Multi,nuucp,,User,, unix,Generic,,Multi,operator,,User,, unix,Generic,,Multi,operator,operator,User,, unix,Generic,,Multi,oracle,,User,, unix,Generic,,Multi,postmaster,,User,, unix,Generic,,Multi,postmaster,postmast,User,, unix,Generic,,Multi,powerdown,powerdown,User,, unix,Generic,,Multi,root,,Admin,, unix,Generic,,Multi,root,root,Admin,, unix,Generic,,Multi,setup,setup,Admin,, unix,Generic,,Multi,shutdown,,User,, unix,Generic,,Multi,shutdown,shutdown,User,, unix,Generic,,Multi,sync,,User,, unix,Generic,,Multi,sync,sync,User,, unix,Generic,,Multi,sys,bin,Admin,, unix,Generic,,Multi,sys,sys,Admin,, unix,Generic,,Multi,sys,system,Admin,, unix,Generic,,Multi,sysadm,admin,Admin,, unix,Generic,,Multi,sysadm,sysadm,Admin,, unix,Generic,,Multi,sysadmin,sysadmin,Admin,, unix,Generic,,Multi,sysbin,sysbin,Admin,, unix,Generic,,Multi,system_admin,,Admin,, unix,Generic,,Multi,system_admin,system_admin,Admin,, unix,Generic,,Multi,trouble,trouble,User,, unix,Generic,,Multi,umountfs,umountfs,User,, unix,Generic,,Multi,umountfsys,umountfsys,User,, unix,Generic,,Multi,umountsys,umountsys,User,, unix,Generic,,Multi,unix,unix,User,, unix,Generic,,Multi,user,user,User,, unix,Generic,,Multi,uucp,uucp,User,, unix,Generic,,Multi,uucpadm,uucpadm,User,, unix,Generic,,Multi,web,,User,, unix,Generic,,Multi,web,web,User,, unix,Generic,,Multi,webmaster,,User,, unix,Generic,,Multi,webmaster,webmaster,User,, unix,Generic,,Multi,www,,User,, unix,Generic,,Multi,www,www,User,, unix,Generic,,User,admin,admin,,, unix,Generic,,User,administrator,,,, unix,Generic,,User,administrator,administrator,,, unix,Generic,,User,anon,anon,,, unix,Generic,,User,bbs,,,, unix,Generic,,User,bbs,bbs,,, unix,Generic,,User,checkfs,checkfs,,, unix,Generic,,User,checkfsys,checkfsys,,, unix,Generic,,User,checksys,checksys,,, unix,Generic,,User,daemon,,,, unix,Generic,,User,daemon,daemon,,, unix,Generic,,User,demo,,,, unix,Generic,,User,demo,demo,,, unix,Generic,,User,demos,,,, unix,Generic,,User,demos,demos,,, unix,Generic,,User,dni,,,, unix,Generic,,User,dni,dni,,, unix,Generic,,User,fal,,,, unix,Generic,,User,fal,fal,,, unix,Generic,,User,fax,,,, unix,Generic,,User,fax,fax,,, unix,Generic,,User,ftp,,,, unix,Generic,,User,ftp,ftp,,, unix,Generic,,User,games,,,, unix,Generic,,User,games,games,,, unix,Generic,,User,gopher,gopher,,, unix,Generic,,User,gropher,,,, unix,Generic,,User,guest,,,, unix,Generic,,User,guest,guest,,, unix,Generic,,User,guest,guestgue,,, unix,Generic,,User,halt,,,, unix,Generic,,User,halt,halt,,, unix,Generic,,User,informix,informix,,, unix,Generic,,User,lp,,,, unix,Generic,,User,lp,bin,,, unix,Generic,,User,lp,lineprin,,, unix,Generic,,User,lp,lp,,, unix,Generic,,User,lpadm,lpadm,,, unix,Generic,,User,lpadmin,lpadmin,,, unix,Generic,,User,lynx,,,, unix,Generic,,User,lynx,lynx,,, unix,Generic,,User,mail,,,, unix,Generic,,User,mail,mail,,, unix,Generic,,User,man,,,, unix,Generic,,User,man,man,,, unix,Generic,,User,me,,,, unix,Generic,,User,me,me,,, unix,Generic,,User,news,,,, unix,Generic,,User,news,news,,, unix,Generic,,User,nobody,,,, unix,Generic,,User,nobody,nobody,,, unix,Generic,,User,nuucp,,,, unix,Generic,,User,operator,,,, unix,Generic,,User,operator,operator,,, unix,Generic,,User,oracle,,,, unix,Generic,,User,postmaster,,,, unix,Generic,,User,postmaster,postmast,,, unix,Generic,,User,powerdown,powerdown,,, unix,Generic,,User,rje,rje,,, unix,Generic,,User,shu|own,,,, unix,Generic,,User,shu|own,shu|own,,, unix,Generic,,User,sync,,,, unix,Generic,,User,sync,sync,,, unix,Generic,,User,trouble,trouble,,, unix,Generic,,User,umountfs,umountfs,,, unix,Generic,,User,umountfsys,umountfsys,,, unix,Generic,,User,umountsys,umountsys,,, unix,Generic,,User,unix,unix,,, unix,Generic,,User,user,user,,, unix,Generic,,User,uucp,uucp,,, unix,Generic,,User,uucpadm,uucpadm,,, unix,Generic,,User,web,,,, unix,Generic,,User,web,web,,, unix,Generic,,User,webmaster,,,, unix,Generic,,User,webmaster,webmaster,,, unix,Generic,,User,www,,,, unix,Generic,,User,www,www,,, unix,Generic,HP-UX,Multi,root,hp,Admin,, unix,Generic,early versions,console or telnet,root,gnomes,Admin,early backdoor password that likely is no longer in use anywhere except by nostalgic old-school admins running much newer systems, unix,UNIX,,,setup,,,, unix,Unix,,,service,smile,,, unknown,POCSAG Radio Paging,,2.05,,password,,, unknown,System 88,,,operator,operator,,, unknown,System 88,,,overseer,overseer,,, unknown,System 88,,,test,test,,, us robotics,USR8000,,1.23 / 1.25,root,admin,,, us robotics,USR8000,,Admin,root,admin,,, us robotics,USR8550,,3.0.5,Any,12345,,, usrobotics,805451,805451,,usr54321,usr54321,full,access, usrobotics,ADSL Ethernet Modem,,HTTP,,12345,Admin,, usrobotics,SureConnect 9003 ADSL Ethernet/USB Router,,Multi,root,12345,Admin,, usrobotics,SureConnect 9105 ADSL 4-Port Router,,HTTP,admin,admin,Admin,, usrobotics,SureConnect ADSL ,SureConnect ADSL ,Telnet,support,support,User,works after 3rd login trial, usrobotics,TOTALswitch,,,,amber,,, usrobotics,TOTALswitch,,,,amber,,Any, usrobotics,USR5450,,,admin,,Admin,, usrobotics,USR8000,1.23 / 1.25,Multi,root,admin,Admin,DSL-Router. Web-Login always uses user root, usrobotics,USR8054 Router,,,admin,,,, usrobotics,USR8550,,Any,Any,12345,,, usrobotics,USR8550,3.0.5,Multi,Any,12345,Any,Best Modem, usrobotics,adsl gateway wireless router,,wireless router,support,support,super user access,I find it on a manual, utlexar,Telephone Switches,,,DESIGNED_BY_IC_KF,,Backdoor,, utlexar,Telephone Switches,,,lexar,,maintenance default,, utstar,UT300R,,Multi,admin,utstar,root,, utstar,UT300R,,root,admin,utstar,,, utstarcom,B-NAS B-RAS,,1000,dbase,dbase,,, utstarcom,B-NAS B-RAS,,1000,field,field,,, utstarcom,B-NAS B-RAS,,1000,guru,*3noguru,,, utstarcom,B-NAS B-RAS,,1000,snmp,snmp,,, utstarcom,B-NAS,B-RAS,1000,,dbase,dbase,, utstarcom,B-NAS,B-RAS,1000,,field,field,, utstarcom,B-NAS,B-RAS,1000,,guru,*3noguru,, utstarcom,B-NAS,B-RAS,1000,,snmp,snmp,, vasco,VACMAN Middleware,2.x,Multi,admin,,Admin,strong authentication server, veenman,Linium C353,all versions,console and IP,,12345678,admin,, vendor,Product,Revision,Protocol,User,Password,Access,Notes, vendor,system,,verified,password,level,,, vendor,system,,version,login,password,,, veramark,eCAS,,Administrative,admin,password,,, verifone,Verifone Junior,,,,166816,,, verifone,Verifone Junior,,2.05,,166816,,, verifone,Verifone Junior,2.05,,,166816,,, verilink,NE6100-4 NetEngine,IAD 3.4.8,Telnet,,,Guest,, veritas,Cluster Server,,,admin,password,,, veritas,Cluster Server,,http,admin,password,Admin,, verity,Ultraseek,,http,admin,admin,Admin,, vertex,VERTEX 1501,,5.05,root,vertex25,,, vertex,Vertex 1501,5.05,,root,vertex25,Admin,, vextrec technology,PC BIOS,,,,Vextrex,,, vextrectechnology,PC BIOS,,Console,,Vextrex,,, vienuke,VieBoard,,2.6,admin,admin,,, vienuke,VieBoard,2.6,,admin,admin,Administrator,, vina technologies,ConnectReach,,,,,,, vinatechnologies,ConnectReach,,,,,,3.6.2, virtual programming,VP-ASP Shopping Cart,,5.0,admin,admin,,, virtual programming,VP-ASP Shopping Cart,,5.0,vpasp,vpasp,,, virtualprogramming,VP-ASP Shopping Cart,5.0,,admin,admin,Admin,, virtualprogramming,VP-ASP Shopping Cart,5.0,,vpasp,vpasp,Admin,, visa vap,VAP,,,root,QNX,,, visa,Visa VAP,,Telnet/modem,root,QNX,root,, visualnetworks,Visual Uptime T1 CSU/DSU,1,Console,admin,visual,Admin,, vobis,PC BIOS,,,,merlin,,, vobis,PC BIOS,,Console,,merlin,,, voicegenietechnologies,VoiceGenie,,,pw,pw,Admin,, vpasp,VP-ASP Shopping Cart,,,admin,admin,,, vpasp,VP-ASP Shopping Cart,,,vpasp,vpasp,,, vxworks,misc,,Multi,admin,admin,Admin,, vxworks,misc,,Multi,guest,guest,Guest,, waav,X2,,Admin,admin,waav,,, wanadoo,Livebox,,Multi,admin,admin,Admin,, wang,Wang,,Multi,CSG,SESAME,Admin,, warracorp,janon,,guest,pepino,pepino,,, warracorp,janon,2.1,HTTP,pepino,pepino,guest,, watch guard,firebox 1000,,,admin,,,, watch guard,firebox 1000,,Admin,admin,,,, watchguard,FireBox,,,,wg,,, watchguard,SOHO and SOHO6,all versions,FTP,user,pass,Admin,works only from the inside LAN, watchguard,firebox 1000,,Multi,admin,,Admin,, web wiz,Forums,,7.x,Administrator,letmein,,, weblogic,weblogic,,yes,system,weblogic,,, webmin,Webmin,,,admin,,,default linux install, webmin,Webmin,,,admin,hp.com,,, webmin,Webmin,,http,admin,hp.com,Admin,, webramp,410i etc...,,,wradmin,trancell,,, webramp,Unknown,,,wradmin,trancell,,, webwiz,Forums,7.x,http,Administrator,letmein,Admin,, westell,2200,,Multi,admin,password,Admin,, westell,Versalink 2200,,,admin,password,,, westell,Versalink 327,,,admin,password,,, westell,Versalink 327,,Multi,admin,,Admin,, westell,Versalink 6100,,,admin,password,,, westell,Wang,,Multi,CSG,SESAME,Admin,, westell,Wirespeed wireless router,,Multi,admin,sysAdmin,Admin,, westell,Wirespeed,,Multi,admin,password,Admin,, westell,Wirespeed,,Multi,admin,sysAdmin,Admin,, wim bervoets,WIMBIOSnbsp BIOS,,,,Compleri,,, wim bervoets,WIMBIOSnbsp BIOS,,Admin,,Compleri,,, wimbervoets,WIMBIOSnbsp BIOS,,Console,,Compleri,Admin,, winwork,iso sistemi,,,operator,,,, winwork,iso sistemi,,Admin,operator,,,, wireless inc.,WaveNet,,,root,rootpass,,, wirelessinc,WaveNet 2458,,,root,rootpass,,, worldclient,AdminServer,,,WebAdmin,Admin,,, worldclient,AdminServer,,HTTP:2001,WebAdmin,Admin,WorldClient,, worldclient,AdminServer,,WorldClient,WebAdmin,Admin,,, www.soft.vip600.com,123,,,anonymous,anonymous,,, wwwboard,WWWADMIN.PL,,,WebAdmin,WebBoard,,, wwwboard,WWWADMIN.PL,,Admin,WebAdmin,WebBoard,,, wwwboard,WWWADMIN.PL,,HTTP,WebAdmin,WebBoard,Admin,, wyse,V90 series thin client,all,BIOS,,Fireport,BIOS,, wyse,V90,,VNC,,Wyse,,, wyse,WT 1125 SE,,,user,user,,, wyse,WT9235LE,XPe (XP embedded),console login,Administrator,Administrator,local Admin,(case sensitive), wyse,Winterm 3150,,VNC,,password,Admin,, wyse,Winterm,,5440XL,VNC,winterm,,, wyse,Winterm,,5440XL,root,wyse,,, wyse,Winterm,,Admin,root,wyse,,, wyse,Winterm,,VNC,VNC,winterm,,, wyse,Winterm,5440XL,Console,root,wyse,Admin,, wyse,Winterm,5440XL,VNC,VNC,winterm,VNC,, wyse,Winterm,9455XL,BIOS,,Fireport,BIOS,Case Sensitive, wyse,rapport,4.4,FTP,rapport,r@p8p0r+,ftp logon to controlling ftp server.,, wyse,v90le,unknown,console,Administrator,Administrator,,, wyse,winterm,,Multi,root,,Admin,, x-micro,WLAN 11b Broadband Router,,,1502,1502,,, x-micro,WLAN 11b Broadband Router,,,super,super,,, xavi,7000-ABA-ST1,,Console,,,Admin,, xavi,7001,,Console,,,Admin,, xavi,X7722r,,192.168.1.1,admin,admin,,, xavi,X7722r,all,HTTP,admin,admin,192.168.1.1,, xerox,61xx,All,DocuSP,Administrator,administ,,, xerox,7232,,,11111,x-admin,,, xerox,77xx,,http,admin,1111,,, xerox,ApeosIII 4300,,HTTP,11111,x-admin,Admin,, xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,source http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, xerox,DocuColor 1632,,console,,11111,Admin,, xerox,DocuColor 1632,,http,admin,admin,Admin,, xerox,DocuColor,,1632,,11111,,, xerox,DocuColor,,1632,admin,admin,,, xerox,Document Centre 405,-,HTTP,admin,admin,Admin,, xerox,Document Centre 425,,HTTP,admin,,Admin,, xerox,Document Centre 425,,HTTP,admin,22222,Admin,works for access panel 2, xerox,Document Centre 432,,,admin,22222,,, xerox,Document Centre 432,,http,admin,22222,Admin,, xerox,Document Centre c320,,HTTP,admin,admin,,Default machine admin password: 11111, xerox,Fiery,,,Administrator,Fiery.1,,, xerox,Fiery,,HTTP,Administrator,Fiery.1,,, xerox,Fiery,2.0,remove desktop,Administrator,fiery.1,,, xerox,Multi Function Equipment,,,admin,2222,,, xerox,Multi Function Equipment,,Admin,admin,2222,,, xerox,Multi Function Equipment,,Multi,admin,2222,Admin,combo fax/scanner/printer with network access, xerox,Phaser 3600,,,admin,1111,,, xerox,Work Center Pro C2128,,http,admin,1111,,, xerox,WorkCenter 2640,,http://,admin,1111,,, xerox,WorkCenter Pro 428,,,admin,admin,,, xerox,WorkCenter Pro 428,,Admin,admin,admin,,, xerox,WorkCentre 265,v1,http,admin,1111,,, xerox,WorkCentre 5230,all,web,11111,x-admin,,, xerox,WorkCentre 5675,All,Console, HTTP,admin,1111,, xerox,WorkCentre 57xx,,http,admin,1111,,, xerox,WorkCentre 7245,,http,11111,x-admin,Admin,, xerox,WorkCentre 7328,,http,11111,x-admin,,, xerox,WorkCentre 7335,,,11111,x-admin,,, xerox,WorkCentre 7345,,,11111,x-admin,,, xerox,WorkCentre 7425,,http or console,admin,1111,,, xerox,WorkCentre 7665,,,admin,1111,,, xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\192.168.0.1admintool, xerox,WorkCentre M20i,,http,admin,1111,Admin,, xerox,WorkCentre PE 120i,,IP address,admin,1111,,, xerox,WorkCentre Pro 35,,HTTP,admin,1111,Admin,, xerox,WorkCentre Pro 420,,,admin,sysadm,,, xerox,WorkCentre Pro 428,,HTTP,admin,admin,Admin,, xerox,WorkCentre Pro 45,,HTTP,admin,1111,Admin,, xerox,WorkCentre Pro,,45,admin,1111,,, xerox,WorkCentre and DocumentCentre,,,savelogs,crash,,, xerox,WorkCentre,7232/7242,http,11111,x-admin,Administrator,, xerox,WorkCentre/DocumentCentre,,,savelogs,crash,,, xerox,Workcenter 245 Pro,,HTTP,admin,1111,,, xerox,Workcentre 7120,All,Http,admin,1111,Admin,, xerox,xerox,,Multi,,admin,Admin,, xerox,xerox,,Multi,admin,admin,Admin,, xincom,XC-DPG402,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG502,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG503,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG602,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG603,,http://192.168.1.1,admin,,Administration,, xmicro,WLAN 11b Access Point,1.2.2,Multi,super,super,Admin,, xmicro,X-Micro WLAN 11b Broadband Router,1.2.2 1.2.2.3 1.2.2.4 1.6.0.0,Multi,super,super,Admin,From BUGTRAQ, xmicro,X-Micro WLAN 11b Broadband Router,1.6.0.1,HTTP,1502,1502,Admin,From BUGTRAQ, xylan,Omnistack 1032CF,,,admin,password,,3.2.8, xylan,Omnistack 4024,,,admin,password,,3.4.9, xylan,Omniswitch,,,admin,switch,,, xylan,Omniswitch,,,admin,switch,,3.1.8, xylan,Omniswitch,,,diag,switch,,, xylan,Omniswitch,,Admin,admin,switch,,, xylan,Omniswitch,,Telnet,admin,switch,Admin,, xylan,Omniswitch,,Telnet,diag,switch,Admin,, xyplex,Routers,,,,system,,, xyplex,Routers,,Admin,,system,,, xyplex,Routers,,Port 7000,,access,User,, xyplex,Routers,,Port 7000,,system,Admin,, xyplex,Routers,,User,,access,,, xyplex,Terminal Server,,,,access,,, xyplex,Terminal Server,,,,system,,, xyplex,Terminal Server,,Admin,,system,,, xyplex,Terminal Server,,Port 7000,,access,User,, xyplex,Terminal Server,,Port 7000,,system,Admin,, xyplex,Terminal Server,,User,,access,,, xyplex,mx-16xx,,,setpriv,system,,, xyplex,switch,3.2,Console,,,Admin,, yahoo,mail,yes,Multi,1234567890,bloggs,yes,, yahoo,messenger,messenger,Multi,handsome_123_handsome,plsdontguess,password,, yahoo,messenger,messenger,Multi,intelligent_guy_priyank,passwordguy,password,, yakumo,Routers,,HTTP,admin,admin,Admin,, yuxin,YWH10 IP Phone,,http,User,1234,Admin,, yuxin,YWH10 IP Phone,,http,User,19750407,Admin,, yuxin,YWH100 IP Phone,,http,User,1234,Admin,, yuxin,YWH100 IP Phone,,http,User,19750407,Admin,, yuxin,YWH200 IP Phone,,http,User,1234,Admin,, yuxin,YWH200 IP Phone,,http,User,19750407,Admin,, yuxin,YWH300 IP Phone,,http,User,1234,Admin,, yuxin,YWH300 IP Phone,,http,User,19750407,Admin,, zcom,Wireless,,SNMP,root,admin,Admin,, zcom,XG1021 N,,,admin,password,,, zebra,10/100 Print Server,,Multi,admin,1234,Admin,, zenith,PC BIOS,,,,3098z,,, zenith,PC BIOS,,,,Zenith,,, zenith,PC BIOS,,Admin,,3098z,,, zenith,PC BIOS,,Admin,,Zenith,,, zenith,PC BIOS,,Console,,3098z,Admin,, zenith,PC BIOS,,Console,,Zenith,Admin,, zeos,PC BIOS,,,,zeosx,,, zeos,PC BIOS,,Admin,,zeosx,,, zeos,PC BIOS,,Console,,zeosx,Admin,, zeus,Zeus Admin Server,,4.1r2,admin,,,, zeus,Zeus Admin Server,4.1r2,http,admin,,,, zoom,ADSL X3,,,admin,zoomadsl,,, zoom,ADSL X3,,HTTP,admin,zoomadsl,,, zoom,IG-4165,,http://192.168.123.254,,admin,Administration,, zoom,ZOOM ADSL Modem,,Console,admin,zoomadsl,Admin,, zyxel,641 ADSL,,,,1234,,, zyxel,642R,,Admin,,1234,,, zyxel,642R,,Telnet,,1234,Admin,, zyxel,660,,,1234,1234,,, zyxel,660R-61C,1.0,http://192.168.1.1/,mikucha,abadaifice,root,abadaifice, zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,abadaifice, zyxel,ADSL routers,All ZyNOS Firmwares,Multi,admin,1234,Admin,this is default for dsl routers provided by the ISP firstmile.no, zyxel,G-1000,,http://192.168.1.2,,1234,Administration,, zyxel,G-2000 Plus,,http://192.168.1.1,,1234,Administration,, zyxel,G-3000H,,http://192.168.1.2,,1234,Administration,, zyxel,G-560,,http://192.168.1.2,,1234,Administration,, zyxel,G-570S,,http://192.168.1.2,,1234,Administration,, zyxel,Generic Routers,,,,1234,,, zyxel,Generic Routers,,Admin,,1234,,, zyxel,Generic Routers,,Telnet,,1234,Admin,, zyxel,Generic,,Admin,Admin,atc456,,, zyxel,ISDN Router Prestige 100IH,,,,1234,,, zyxel,ISDN-Router Prestige 1000,,,,1234,,, zyxel,P-320W,,,user11,@12345,,, zyxel,P-330 W EE,4312,,admin,1234,,, zyxel,P-623,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-645,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-650,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-660HW,,http://192.168.1.1,,1234,Administration,, zyxel,P-660RU,,http://192.168.1.1,,1234,Administration,, zyxel,P-660h-t1 v2,ALL VERSIONS ETC,192.168.1.1,,,,, zyxel,P-794M,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-964APR,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-964CM,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-964CR,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-971M,,http://192.168.1001,webadmin,1234,Administration,, zyxel,P-974,,,admin,1234,,, zyxel,P861H,,Multi,admin,1234,Web + Telnet,, zyxel,P861H,,Web + Telnet,admin,1234,,, zyxel,Prestige ,660R-61C,,,1234,,, zyxel,Prestige 100IH,,,,1234,,, zyxel,Prestige 100IH,,Console,,1234,Admin,, zyxel,Prestige 128 modem-router,,,,1234,,any, zyxel,Prestige 300 series,,,,1234,,zynos 2.*, zyxel,Prestige 643,,,,1234,,, zyxel,Prestige 643,,Console,,1234,Admin,, zyxel,Prestige 645,,HTTP,admin,1234,Admin,, zyxel,Prestige 650,,Multi,1234,1234,Admin,, zyxel,Prestige 652HW-31 ADSL Router,,,admin,1234,,, zyxel,Prestige 652HW-31 ADSL Router,,HTTP,admin,1234,Admin,http://192.168.1.1, zyxel,Prestige 652HW-31,,,admin,1234,,, zyxel,Prestige 660HW,,Multi,admin,admin,Admin,, zyxel,Prestige 900,,HTTP,webadmin,1234,Admin,192.168.1.1:8080, zyxel,Prestige P660HW,,Multi,admin,1234,Admin,, zyxel,Prestige,,,,1234,,, zyxel,Prestige,,,root,1234,,, zyxel,Prestige,,Admin,,1234,,, zyxel,Prestige,,Admin,root,1234,,, zyxel,Prestige,,FTP,root,1234,Admin,, zyxel,Prestige,,HTTP,,1234,Admin,http://192.168.1.1, zyxel,Prestige,,Telnet,,1234,Admin,, zyxel,Switch,,Web/Telnet/CLI,admin,1234,,, zyxel,Switch,ES-2108-G,Multi,admin,1234,Web/Telnet/CLI,, zyxel,Windows Vista,P- 2602HWN-D7A,192.168.1.1.,anatoij,1234,1234,, zyxel,ZyWALL Series Prestige 660R-61C,,Multi,,admin,Admin,, zyxel,ZyWall 2,,HTTP,,,Admin,, zyxel,Zywall,,Admin,admin,1234,,, zyxel,Zywall,,Multi,admin,1234,Admin,, zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, siemens s7-300,,,,,',,, siemens s7-300,,,,,'',,, siemens s7-300,,,,,''',,, siemens s7-300,,,,,'''',,, siemens s7-300,,,,,''''',,, siemens s7-300,,,,,'''''',,, siemens s7-300,,,,,''''''',,, siemens s7-300,,,,,'''''''',,, siemens s7-300,,,,,-,,, siemens s7-300,,,,,--,,, siemens s7-300,,,,,---,,, siemens s7-300,,,,,----,,, siemens s7-300,,,,,-----,,, siemens s7-300,,,,,------,,, siemens s7-300,,,,,-------,,, siemens s7-300,,,,,--------,,, siemens s7-300,,,,,!manage,,, siemens s7-300,,,,,!MANAGE,,, siemens s7-300,,,,,$secure$,,, siemens s7-300,,,,,*,,, siemens s7-300,,,,,**,,, siemens s7-300,,,,,***,,, siemens s7-300,,,,,****,,, siemens s7-300,,,,,*****,,, siemens s7-300,,,,,******,,, siemens s7-300,,,,,*******,,, siemens s7-300,,,,,********,,, siemens s7-300,,,,,,,,, siemens s7-300,,,,,,,,,, siemens s7-300,,,,,,,,,,, siemens s7-300,,,,,,,,,,,, siemens s7-300,,,,,,,,,,,,, siemens s7-300,,,,,,,,,,,,,, siemens s7-300,,,,,,,,,,,,,,, siemens s7-300,,,,,,,,,,,,,,,, siemens s7-300,,,,,.,,, siemens s7-300,,,,,..,,, siemens s7-300,,,,,...,,, siemens s7-300,,,,,....,,, siemens s7-300,,,,,.....,,, siemens s7-300,,,,,......,,, siemens s7-300,,,,,.......,,, siemens s7-300,,,,,........,,, siemens s7-300,,,,,/,,, siemens s7-300,,,,,//,,, siemens s7-300,,,,,///,,, siemens s7-300,,,,,////,,, siemens s7-300,,,,,/////,,, siemens s7-300,,,,,//////,,, siemens s7-300,,,,,///////,,, siemens s7-300,,,,,////////,,, siemens s7-300,,,,,;,,, siemens s7-300,,,,,;;,,, siemens s7-300,,,,,;;;,,, siemens s7-300,,,,,;;;;,,, siemens s7-300,,,,,;;;;;,,, siemens s7-300,,,,,;;;;;;,,, siemens s7-300,,,,,;;;;;;;,,, siemens s7-300,,,,,;;;;;;;;,,, siemens s7-300,,,,,@#$123,,, siemens s7-300,,,,,[,,, siemens s7-300,,,,,[[,,, siemens s7-300,,,,,[[[,,, siemens s7-300,,,,,[[[[,,, siemens s7-300,,,,,[[[[[,,, siemens s7-300,,,,,[[[[[[,,, siemens s7-300,,,,,[[[[[[[,,, siemens s7-300,,,,,[[[[[[[[,,, siemens s7-300,,,,,],,, siemens s7-300,,,,,]],,, siemens s7-300,,,,,]]],,, siemens s7-300,,,,,]]]],,, siemens s7-300,,,,,]]]]],,, siemens s7-300,,,,,]]]]]],,, siemens s7-300,,,,,]]]]]]],,, siemens s7-300,,,,,]]]]]]]],,, siemens s7-300,,,,,_Cisco,,, siemens s7-300,,,,,`,,, siemens s7-300,,,,,``,,, siemens s7-300,,,,,```,,, siemens s7-300,,,,,````,,, siemens s7-300,,,,,`````,,, siemens s7-300,,,,,``````,,, siemens s7-300,,,,,```````,,, siemens s7-300,,,,,````````,,, siemens s7-300,,,,,+,,, siemens s7-300,,,,,++,,, siemens s7-300,,,,,+++,,, siemens s7-300,,,,,++++,,, siemens s7-300,,,,,+++++,,, siemens s7-300,,,,,++++++,,, siemens s7-300,,,,,+++++++,,, siemens s7-300,,,,,++++++++,,, siemens s7-300,,,,,=,,, siemens s7-300,,,,,==,,, siemens s7-300,,,,,===,,, siemens s7-300,,,,,====,,, siemens s7-300,,,,,=====,,, siemens s7-300,,,,,======,,, siemens s7-300,,,,,=======,,, siemens s7-300,,,,,========,,, siemens s7-300,,,,,0,,, siemens s7-300,,,,,00,,, siemens s7-300,,,,,000,,, siemens s7-300,,,,,0000,,, siemens s7-300,,,,,00000,,, siemens s7-300,,,,,000000,,, siemens s7-300,,,,,0000000,,, siemens s7-300,,,,,00000000,,, siemens s7-300,,,,,00000001,,, siemens s7-300,,,,,0000001,,, siemens s7-300,,,,,000001,,, siemens s7-300,,,,,00001,,, siemens s7-300,,,,,0001,,, siemens s7-300,,,,,001,,, siemens s7-300,,,,,050952,,, siemens s7-300,,,,,0P3N,,, siemens s7-300,,,,,1,,, siemens s7-300,,,,,100,,, siemens s7-300,,,,,1000,,, siemens s7-300,,,,,10000,,, siemens s7-300,,,,,100000,,, siemens s7-300,,,,,1000000,,, siemens s7-300,,,,,10000000,,, siemens s7-300,,,,,10041979,,, siemens s7-300,,,,,1064,,, siemens s7-300,,,,,11,,, siemens s7-300,,,,,111,,, siemens s7-300,,,,,1111,,, siemens s7-300,,,,,11111,,, siemens s7-300,,,,,111111,,, siemens s7-300,,,,,1111111,,, siemens s7-300,,,,,11111111,,, siemens s7-300,,,,,11112222,,, siemens s7-300,,,,,112233,,, siemens s7-300,,,,,11223344,,, siemens s7-300,,,,,123,,, siemens s7-300,,,,,123123,,, siemens s7-300,,,,,12314500,,, siemens s7-300,,,,,123321,,, siemens s7-300,,,,,1234,,, siemens s7-300,,,,,12344321,,, siemens s7-300,,,,,12345,,, siemens s7-300,,,,,123456,,, siemens s7-300,,,,,1234567,,, siemens s7-300,,,,,12345678,,, siemens s7-300,,,,,12348765,,, siemens s7-300,,,,,123654,,, siemens s7-300,,,,,123asd,,, siemens s7-300,,,,,123ASD,,, siemens s7-300,,,,,123qwe,,, siemens s7-300,,,,,123QWE,,, siemens s7-300,,,,,1246,,, siemens s7-300,,,,,128bit,,, siemens s7-300,,,,,128BIT,,, siemens s7-300,,,,,1313,,, siemens s7-300,,,,,1502,,, siemens s7-300,,,,,151298,,, siemens s7-300,,,,,166816,,, siemens s7-300,,,,,180497,,, siemens s7-300,,,,,1890agb,,, siemens s7-300,,,,,1890AGB,,, siemens s7-300,,,,,1954,,, siemens s7-300,,,,,1G2W3E,,, siemens s7-300,,,,,1q2w3e,,, siemens s7-300,,,,,2,,, siemens s7-300,,,,,21,,, siemens s7-300,,,,,21241036,,, siemens s7-300,,,,,2128506,,, siemens s7-300,,,,,22,,, siemens s7-300,,,,,222,,, siemens s7-300,,,,,2222,,, siemens s7-300,,,,,22222,,, siemens s7-300,,,,,222222,,, siemens s7-300,,,,,2222222,,, siemens s7-300,,,,,22222222,,, siemens s7-300,,,,,266344,,, siemens s7-300,,,,,281067,,, siemens s7-300,,,,,281068,,, siemens s7-300,,,,,2BW9,,, siemens s7-300,,,,,2WSXcder,,, siemens s7-300,,,,,3,,, siemens s7-300,,,,,31994,,, siemens s7-300,,,,,321,,, siemens s7-300,,,,,33,,, siemens s7-300,,,,,333,,, siemens s7-300,,,,,3333,,, siemens s7-300,,,,,33333,,, siemens s7-300,,,,,333333,,, siemens s7-300,,,,,3333333,,, siemens s7-300,,,,,33333333,,, siemens s7-300,,,,,3477,,, siemens s7-300,,,,,355025,,, siemens s7-300,,,,,3597,,, siemens s7-300,,,,,3ascotel,,, siemens s7-300,,,,,3ASCOTEL,,, siemens s7-300,,,,,3ep5w2u,,, siemens s7-300,,,,,3orro,,, siemens s7-300,,,,,3ORRO,,, siemens s7-300,,,,,3ware,,, siemens s7-300,,,,,3WARE,,, siemens s7-300,,,,,4,,, siemens s7-300,,,,,42296795,,, siemens s7-300,,,,,4321,,, siemens s7-300,,,,,44,,, siemens s7-300,,,,,444,,, siemens s7-300,,,,,4444,,, siemens s7-300,,,,,44444,,, siemens s7-300,,,,,444444,,, siemens s7-300,,,,,4444444,,, siemens s7-300,,,,,44444444,,, siemens s7-300,,,,,4ert,,, siemens s7-300,,,,,4ERT,,, siemens s7-300,,,,,4G5K,,, siemens s7-300,,,,,4G7S,,, siemens s7-300,,,,,4getme2,,, siemens s7-300,,,,,4tas,,, siemens s7-300,,,,,4TAS,,, siemens s7-300,,,,,5,,, siemens s7-300,,,,,5001,,, siemens s7-300,,,,,5150,,, siemens s7-300,,,,,5201314,,, siemens s7-300,,,,,54321,,, siemens s7-300,,,,,55,,, siemens s7-300,,,,,55055,,, siemens s7-300,,,,,555,,, siemens s7-300,,,,,5555,,, siemens s7-300,,,,,55555,,, siemens s7-300,,,,,555555,,, siemens s7-300,,,,,5555555,,, siemens s7-300,,,,,55555555,,, siemens s7-300,,,,,56789,,, siemens s7-300,,,,,5693,,, siemens s7-300,,,,,5777364,,, siemens s7-300,,,,,5860,,, siemens s7-300,,,,,589589,,, siemens s7-300,,,,,6,,, siemens s7-300,,,,,60587,,, siemens s7-300,,,,,654321,,, siemens s7-300,,,,,66,,, siemens s7-300,,,,,666,,, siemens s7-300,,,,,6666,,, siemens s7-300,,,,,66666,,, siemens s7-300,,,,,666666,,, siemens s7-300,,,,,6666666,,, siemens s7-300,,,,,66666666,,, siemens s7-300,,,,,66808920,,, siemens s7-300,,,,,6969,,, siemens s7-300,,,,,7,,, siemens s7-300,,,,,7654321,,, siemens s7-300,,,,,77,,, siemens s7-300,,,,,777,,, siemens s7-300,,,,,7777,,, siemens s7-300,,,,,77777,,, siemens s7-300,,,,,777777,,, siemens s7-300,,,,,7777777,,, siemens s7-300,,,,,77777777,,, siemens s7-300,,,,,7SH4,,, siemens s7-300,,,,,8,,, siemens s7-300,,,,,8111,,, siemens s7-300,,,,,8429,,, siemens s7-300,,,,,851141,,, siemens s7-300,,,,,86844,,, siemens s7-300,,,,,8746550,,, siemens s7-300,,,,,87654321,,, siemens s7-300,,,,,88,,, siemens s7-300,,,,,888,,, siemens s7-300,,,,,8888,,, siemens s7-300,,,,,88888,,, siemens s7-300,,,,,888888,,, siemens s7-300,,,,,8888888,,, siemens s7-300,,,,,88888888,,, siemens s7-300,,,,,88981684,,, siemens s7-300,,,,,9,,, siemens s7-300,,,,,901100,,, siemens s7-300,,,,,99,,, siemens s7-300,,,,,999,,, siemens s7-300,,,,,9999,,, siemens s7-300,,,,,99999,,, siemens s7-300,,,,,999999,,, siemens s7-300,,,,,9999999,,, siemens s7-300,,,,,99999999,,, siemens s7-300,,,,,9W5K,,, siemens s7-300,,,,,a,,, siemens s7-300,,,,,A,,, siemens s7-300,,,,,a/d,,, siemens s7-300,,,,,A/D,,, siemens s7-300,,,,,aa,,, siemens s7-300,,,,,AA,,, siemens s7-300,,,,,aaa,,, siemens s7-300,,,,,AAA,,, siemens s7-300,,,,,aaaa,,, siemens s7-300,,,,,AAAA,,, siemens s7-300,,,,,aaaaa,,, siemens s7-300,,,,,AAAAA,,, siemens s7-300,,,,,aaaaaa,,, siemens s7-300,,,,,AAAAAA,,, siemens s7-300,,,,,aaaaaaa,,, siemens s7-300,,,,,AAAAAAA,,, siemens s7-300,,,,,aaaaaaaa,,, siemens s7-300,,,,,AAAAAAAA,,, siemens s7-300,,,,,aabbcc,,, siemens s7-300,,,,,AABBCC,,, siemens s7-300,,,,,aaeon,,, siemens s7-300,,,,,AAEON,,, siemens s7-300,,,,,aavid,,, siemens s7-300,,,,,AAVID,,, siemens s7-300,,,,,ab,,, siemens s7-300,,,,,AB,,, siemens s7-300,,,,,abb,,, siemens s7-300,,,,,ABB,,, siemens s7-300,,,,,abc,,, siemens s7-300,,,,,ABC,,, siemens s7-300,,,,,abc123,,, siemens s7-300,,,,,ABC123,,, siemens s7-300,,,,,abcd,,, siemens s7-300,,,,,ABCD,,, siemens s7-300,,,,,abcde,,, siemens s7-300,,,,,ABCDE,,, siemens s7-300,,,,,ABCDEF,,, siemens s7-300,,,,,abcdefg,,, siemens s7-300,,,,,ABCDEFG,,, siemens s7-300,,,,,abcdefgh,,, siemens s7-300,,,,,ABCDEFGH,,, siemens s7-300,,,,,abelconn,,, siemens s7-300,,,,,ABELCONN,,, siemens s7-300,,,,,abov,,, siemens s7-300,,,,,ABOV,,, siemens s7-300,,,,,abracon,,, siemens s7-300,,,,,ABRACON,,, siemens s7-300,,,,,absopuls,,, siemens s7-300,,,,,ABSOPULS,,, siemens s7-300,,,,,abtech,,, siemens s7-300,,,,,ABTECH,,, siemens s7-300,,,,,abunlock,,, siemens s7-300,,,,,ABUNLOCK,,, siemens s7-300,,,,,acam,,, siemens s7-300,,,,,ACAM,,, siemens s7-300,,,,,acc,,, siemens s7-300,,,,,ACC,,, siemens s7-300,,,,,access,,, siemens s7-300,,,,,ACCESS,,, siemens s7-300,,,,,accord,,, siemens s7-300,,,,,ACCORD,,, siemens s7-300,,,,,acon,,, siemens s7-300,,,,,ACON,,, siemens s7-300,,,,,acopian,,, siemens s7-300,,,,,ACOPIAN,,, siemens s7-300,,,,,acp,,, siemens s7-300,,,,,ACP,,, siemens s7-300,,,,,actel,,, siemens s7-300,,,,,ACTEL,,, siemens s7-300,,,,,activex,,, siemens s7-300,,,,,ACTIVEX,,, siemens s7-300,,,,,adactus,,, siemens s7-300,,,,,ADACTUS,,, siemens s7-300,,,,,adam,,, siemens s7-300,,,,,ADAM,,, siemens s7-300,,,,,adc,,, siemens s7-300,,,,,ADC,,, siemens s7-300,,,,,adcdef,,, siemens s7-300,,,,,adda,,, siemens s7-300,,,,,ADDA,,, siemens s7-300,,,,,adels,,, siemens s7-300,,,,,ADELS,,, siemens s7-300,,,,,adfexc,,, siemens s7-300,,,,,ADFEXC,,, siemens s7-300,,,,,adi,,, siemens s7-300,,,,,ADI,,, siemens s7-300,,,,,admin,,, siemens s7-300,,,,,ADMIN,,, siemens s7-300,,,,,admin123,,, siemens s7-300,,,,,ADMIN123,,, siemens s7-300,,,,,adminttd,,, siemens s7-300,,,,,ADMINTTD,,, siemens s7-300,,,,,adslroot,,, siemens s7-300,,,,,ADSLROOT,,, siemens s7-300,,,,,adtran,,, siemens s7-300,,,,,ADTRAN,,, siemens s7-300,,,,,advanced,,, siemens s7-300,,,,,ADVANCED,,, siemens s7-300,,,,,advantec,,, siemens s7-300,,,,,ADVANTEC,,, siemens s7-300,,,,,aeg mis,,, siemens s7-300,,,,,AEG MIS,,, siemens s7-300,,,,,aeg,,, siemens s7-300,,,,,AEG,,, siemens s7-300,,,,,AEM,,, siemens s7-300,,,,,aem,,, siemens s7-300,,,,,aeroflex,,, siemens s7-300,,,,,Aeroflex,,, siemens s7-300,,,,,AEROFLEX,,, siemens s7-300,,,,,aft,,, siemens s7-300,,,,,AFT,,, siemens s7-300,,,,,aitech,,, siemens s7-300,,,,,AITECH,,, siemens s7-300,,,,,akiwa,,, siemens s7-300,,,,,AKIWA,,, siemens s7-300,,,,,albright,,, siemens s7-300,,,,,ALBRIGHT,,, siemens s7-300,,,,,alcor,,, siemens s7-300,,,,,ALCOR,,, siemens s7-300,,,,,aleph,,, siemens s7-300,,,,,ALEPH,,, siemens s7-300,,,,,ALFA,,, siemens s7-300,,,,,alfaMag,,, siemens s7-300,,,,,ALFAMAG,,, siemens s7-300,,,,,alfa'r,,, siemens s7-300,,,,,ALFA'R,,, siemens s7-300,,,,,alfatron,,, siemens s7-300,,,,,ALFATRON,,, siemens s7-300,,,,,ali,,, siemens s7-300,,,,,ALI,,, siemens s7-300,,,,,all,,, siemens s7-300,,,,,ALL,,, siemens s7-300,,,,,allegro,,, siemens s7-300,,,,,ALLEGRO,,, siemens s7-300,,,,,allen,,, siemens s7-300,,,,,ALLEN,,, siemens s7-300,,,,,alliance,,, siemens s7-300,,,,,ALLIANCE,,, siemens s7-300,,,,,allied,,, siemens s7-300,,,,,ALLIED,,, siemens s7-300,,,,,alpha,,, siemens s7-300,,,,,alpha,,, siemens s7-300,,,,,alpine,,, siemens s7-300,,,,,ALPINE,,, siemens s7-300,,,,,alps,,, siemens s7-300,,,,,ALPS,,, siemens s7-300,,,,,altera,,, siemens s7-300,,,,,ALTERA,,, siemens s7-300,,,,,amber,,, siemens s7-300,,,,,AMBER,,, siemens s7-300,,,,,amd,,, siemens s7-300,,,,,AMD,,, siemens s7-300,,,,,american,,, siemens s7-300,,,,,AMERICAN,,, siemens s7-300,,,,,ametherm,,, siemens s7-300,,,,,AMETHERM,,, siemens s7-300,,,,,ami,,, siemens s7-300,,,,,AMI,,, siemens s7-300,,,,,amic,,, siemens s7-300,,,,,AMIC,,, siemens s7-300,,,,,amis,,, siemens s7-300,,,,,AMIS,,, siemens s7-300,,,,,ammc,,, siemens s7-300,,,,,AMMC,,, siemens s7-300,,,,,amp,,, siemens s7-300,,,,,AMP,,, siemens s7-300,,,,,amperite,,, siemens s7-300,,,,,AMPERITE,,, siemens s7-300,,,,,amphenol,,, siemens s7-300,,,,,AMPHENOL,,, siemens s7-300,,,,,ampire,,, siemens s7-300,,,,,AMPIRE,,, siemens s7-300,,,,,amt,,, siemens s7-300,,,,,AMT,,, siemens s7-300,,,,,anachip,,, siemens s7-300,,,,,ANACHIP,,, siemens s7-300,,,,,anadigic,,, siemens s7-300,,,,,ANADIGIC,,, siemens s7-300,,,,,anadigm,,, siemens s7-300,,,,,ANADIGM,,, siemens s7-300,,,,,analog,,, siemens s7-300,,,,,ANALOG,,, siemens s7-300,,,,,analogic,,, siemens s7-300,,,,,ANALOGIC,,, siemens s7-300,,,,,anaren,,, siemens s7-300,,,,,ANAREN,,, siemens s7-300,,,,,angel,,, siemens s7-300,,,,,ANGEL,,, siemens s7-300,,,,,angle,,, siemens s7-300,,,,,ANGLE,,, siemens s7-300,,,,,anicust,,, siemens s7-300,,,,,ANICUST,,, siemens s7-300,,,,,anla,,, siemens s7-300,,,,,ANLA,,, siemens s7-300,,,,,anleim,,, siemens s7-300,,,,,Anleim,,, siemens s7-300,,,,,ANLEIM,,, siemens s7-300,,,,,anritsu,,, siemens s7-300,,,,,ANRITSU,,, siemens s7-300,,,,,ANS#150,,, siemens s7-300,,,,,anshan,,, siemens s7-300,,,,,ANSHAN,,, siemens s7-300,,,,,ansmann,,, siemens s7-300,,,,,ANSMANN,,, siemens s7-300,,,,,any@,,, siemens s7-300,,,,,anycom,,, siemens s7-300,,,,,ANYCOM,,, siemens s7-300,,,,,anydata,,, siemens s7-300,,,,,ANYDATA,,, siemens s7-300,,,,,anyone,,, siemens s7-300,,,,,ANYONE,,, siemens s7-300,,,,,anyway,,, siemens s7-300,,,,,ANYWAY,,, siemens s7-300,,,,,apbodiur,,, siemens s7-300,,,,,APBODIUR,,, siemens s7-300,,,,,apc,,, siemens s7-300,,,,,APC,,, siemens s7-300,,,,,apem,,, siemens s7-300,,,,,APEM,,, siemens s7-300,,,,,apex,,, siemens s7-300,,,,,APEX,,, siemens s7-300,,,,,api,,, siemens s7-300,,,,,API,,, siemens s7-300,,,,,aplus,,, siemens s7-300,,,,,APLUS,,, siemens s7-300,,,,,apm,,, siemens s7-300,,,,,APM,,, siemens s7-300,,,,,a-power,,, siemens s7-300,,,,,A-POWER,,, siemens s7-300,,,,,app,,, siemens s7-300,,,,,APP,,, siemens s7-300,,,,,applied,,, siemens s7-300,,,,,APPLIED,,, siemens s7-300,,,,,apra,,, siemens s7-300,,,,,APRA,,, siemens s7-300,,,,,arsenal,,, siemens s7-300,,,,,ARSENAL,,, siemens s7-300,,,,,articon,,, siemens s7-300,,,,,ARTICON,,, siemens s7-300,,,,,asante,,, siemens s7-300,,,,,Asante,,, siemens s7-300,,,,,ASANTE,,, siemens s7-300,,,,,ascend,,, siemens s7-300,,,,,Ascend,,, siemens s7-300,,,,,ASCEND,,, siemens s7-300,,,,,asd,,, siemens s7-300,,,,,ASD,,, siemens s7-300,,,,,asdf,,, siemens s7-300,,,,,ASDF,,, siemens s7-300,,,,,asdfg,,, siemens s7-300,,,,,ASDFG,,, siemens s7-300,,,,,asdfgh,,, siemens s7-300,,,,,asdfgh,,, siemens s7-300,,,,,ASDFGH,,, siemens s7-300,,,,,asdfghj,,, siemens s7-300,,,,,ASDFGHJ,,, siemens s7-300,,,,,asdfghjk,,, siemens s7-300,,,,,ASDFGHJK,,, siemens s7-300,,,,,asi,,, siemens s7-300,,,,,ASI,,, siemens s7-300,,,,,asutp,,, siemens s7-300,,,,,ASUTP,,, siemens s7-300,,,,,at4400,,, siemens s7-300,,,,,AT4400,,, siemens s7-300,,,,,atc,,, siemens s7-300,,,,,atc,,, siemens s7-300,,,,,ATC,,, siemens s7-300,,,,,atc123,,, siemens s7-300,,,,,ATC123,,, siemens s7-300,,,,,atlantis,,, siemens s7-300,,,,,ATLANTIS,,, siemens s7-300,,,,,attack,,, siemens s7-300,,,,,ATTACK,,, siemens s7-300,,,,,autohors,,, siemens s7-300,,,,,AUTOHORS,,, siemens s7-300,,,,,azsxdc,,, siemens s7-300,,,,,AZSXDC,,, siemens s7-300,,,,,b,,, siemens s7-300,,,,,B,,, siemens s7-300,,,,,b&r,,, siemens s7-300,,,,,B&R,,, siemens s7-300,,,,,B2H4,,, siemens s7-300,,,,,B9W3,,, siemens s7-300,,,,,back,,, siemens s7-300,,,,,BACK,,, siemens s7-300,,,,,backdoor,,, siemens s7-300,,,,,BACKDOOR,,, siemens s7-300,,,,,badboy,,, siemens s7-300,,,,,BADBOY,,, siemens s7-300,,,,,barricade,,, siemens s7-300,,,,,BARRICADE,,, siemens s7-300,,,,,baseball,,, siemens s7-300,,,,,BASEBALL,,, siemens s7-300,,,,,bb,,, siemens s7-300,,,,,BB,,, siemens s7-300,,,,,bbb,,, siemens s7-300,,,,,BBB,,, siemens s7-300,,,,,bbbb,,, siemens s7-300,,,,,BBBB,,, siemens s7-300,,,,,bbbbb,,, siemens s7-300,,,,,BBBBB,,, siemens s7-300,,,,,bbbbbb,,, siemens s7-300,,,,,BBBBBB,,, siemens s7-300,,,,,bbbbbbb,,, siemens s7-300,,,,,BBBBBBB,,, siemens s7-300,,,,,bbbbbbbb,,, siemens s7-300,,,,,BBBBBBBB,,, siemens s7-300,,,,,bciimpw,,, siemens s7-300,,,,,BCIIMPW,,, siemens s7-300,,,,,bcimpw,,, siemens s7-300,,,,,BCIMPW,,, siemens s7-300,,,,,bcnaspw,,, siemens s7-300,,,,,BCNASPW,,, siemens s7-300,,,,,beatch,,, siemens s7-300,,,,,BEATCH,,, siemens s7-300,,,,,beerbeer,,, siemens s7-300,,,,,BEERBEER,,, siemens s7-300,,,,,betera,,, siemens s7-300,,,,,BETERA,,, siemens s7-300,,,,,bible,,, siemens s7-300,,,,,BIBLE,,, siemens s7-300,,,,,bintec,,, siemens s7-300,,,,,BINTEC,,, siemens s7-300,,,,,birdie,,, siemens s7-300,,,,,BIRDIE,,, siemens s7-300,,,,,black,,, siemens s7-300,,,,,BLACK,,, siemens s7-300,,,,,blaster,,, siemens s7-300,,,,,BLASTER,,, siemens s7-300,,,,,blender,,, siemens s7-300,,,,,BLENDER,,, siemens s7-300,,,,,blink,,, siemens s7-300,,,,,BLINK,,, siemens s7-300,,,,,blink182,,, siemens s7-300,,,,,BLINK182,,, siemens s7-300,,,,,bluepw,,, siemens s7-300,,,,,BLUEPW,,, siemens s7-300,,,,,bowling,,, siemens s7-300,,,,,BOWLING,,, siemens s7-300,,,,,bradley,,, siemens s7-300,,,,,BRADLEY,,, siemens s7-300,,,,,bridge,,, siemens s7-300,,,,,BRIDGE,,, siemens s7-300,,,,,bright,,, siemens s7-300,,,,,BRIGHT,,, siemens s7-300,,,,,c,,, siemens s7-300,,,,,C,,, siemens s7-300,,,,,ca01,,, siemens s7-300,,,,,CA01,,, siemens s7-300,,,,,cacadmin,,, siemens s7-300,,,,,CACADMIN,,, siemens s7-300,,,,,cactus,,, siemens s7-300,,,,,CACTUS,,, siemens s7-300,,,,,calvin,,, siemens s7-300,,,,,CALVIN,,, siemens s7-300,,,,,can,,, siemens s7-300,,,,,CAN,,, siemens s7-300,,,,,canbus,,, siemens s7-300,,,,,CANBUS,,, siemens s7-300,,,,,carolian,,, siemens s7-300,,,,,CAROLIAN,,, siemens s7-300,,,,,cascade,,, siemens s7-300,,,,,CASCADE,,, siemens s7-300,,,,,cc,,, siemens s7-300,,,,,CC,,, siemens s7-300,,,,,ccc,,, siemens s7-300,,,,,CCC,,, siemens s7-300,,,,,cccc,,, siemens s7-300,,,,,CCCC,,, siemens s7-300,,,,,ccccc,,, siemens s7-300,,,,,CCCCC,,, siemens s7-300,,,,,cccccc,,, siemens s7-300,,,,,CCCCCC,,, siemens s7-300,,,,,ccccccc,,, siemens s7-300,,,,,CCCCCCC,,, siemens s7-300,,,,,cccccccc,,, siemens s7-300,,,,,CCCCCCCC,,, siemens s7-300,,,,,ccrusr,,, siemens s7-300,,,,,CCRUSR,,, siemens s7-300,,,,,cellit,,, siemens s7-300,,,,,CELLIT,,, siemens s7-300,,,,,cfc,,, siemens s7-300,,,,,CFC,,, siemens s7-300,,,,,CHABGEME,,, siemens s7-300,,,,,changeme,,, siemens s7-300,,,,,CHANGEME,,, siemens s7-300,,,,,changit,,, siemens s7-300,,,,,CHANGIT,,, siemens s7-300,,,,,charlie,,, siemens s7-300,,,,,CHARLIE,,, siemens s7-300,,,,,cisco,,, siemens s7-300,,,,,Cisco,,, siemens s7-300,,,,,CISCO,,, siemens s7-300,,,,,citel,,, siemens s7-300,,,,,CITEL,,, siemens s7-300,,,,,client,,, siemens s7-300,,,,,CLIENT,,, siemens s7-300,,,,,cmaker,,, siemens s7-300,,,,,CMAKER,,, siemens s7-300,,,,,cms500,,, siemens s7-300,,,,,CMS500,,, siemens s7-300,,,,,cnas,,, siemens s7-300,,,,,CNAS,,, siemens s7-300,,,,,cody,,, siemens s7-300,,,,,CODY,,, siemens s7-300,,,,,cognos,,, siemens s7-300,,,,,COGNOS,,, siemens s7-300,,,,,Col2ogro2,,, siemens s7-300,,,,,computer,,, siemens s7-300,,,,,COMPUTER,,, siemens s7-300,,,,,connect,,, siemens s7-300,,,,,CONNECT,,, siemens s7-300,,,,,conv,,, siemens s7-300,,,,,CONV,,, siemens s7-300,,,,,cool,,, siemens s7-300,,,,,COOL,,, siemens s7-300,,,,,corecess,,, siemens s7-300,,,,,CORECESS,,, siemens s7-300,,,,,cosmos,,, siemens s7-300,,,,,COSMOS,,, siemens s7-300,,,,,craft,,, siemens s7-300,,,,,CRAFT,,, siemens s7-300,,,,,craftpw,,, siemens s7-300,,,,,CRAFTPW,,, siemens s7-300,,,,,crftpw,,, siemens s7-300,,,,,CRFTPW,,, siemens s7-300,,,,,crystal,,, siemens s7-300,,,,,CRYSTAL,,, siemens s7-300,,,,,ct/1,,, siemens s7-300,,,,,customer,,, siemens s7-300,,,,,CUSTOMER,,, siemens s7-300,,,,,custpw,,, siemens s7-300,,,,,CUSTPW,,, siemens s7-300,,,,,d,,, siemens s7-300,,,,,D,,, siemens s7-300,,,,,d.e.b.u.g,,, siemens s7-300,,,,,d00m,,, siemens s7-300,,,,,D00M,,, siemens s7-300,,,,,dadmin01,,, siemens s7-300,,,,,DADMIN01,,, siemens s7-300,,,,,danger,,, siemens s7-300,,,,,DANGER,,, siemens s7-300,,,,,database,,, siemens s7-300,,,,,DATABASE,,, siemens s7-300,,,,,davox,,, siemens s7-300,,,,,dbps,,, siemens s7-300,,,,,DBPS,,, siemens s7-300,,,,,dd,,, siemens s7-300,,,,,DD,,, siemens s7-300,,,,,ddd,,, siemens s7-300,,,,,DDD,,, siemens s7-300,,,,,dddd,,, siemens s7-300,,,,,DDDD,,, siemens s7-300,,,,,ddddd,,, siemens s7-300,,,,,DDDDD,,, siemens s7-300,,,,,dddddd,,, siemens s7-300,,,,,DDDDDD,,, siemens s7-300,,,,,ddddddd,,, siemens s7-300,,,,,DDDDDDD,,, siemens s7-300,,,,,dddddddd,,, siemens s7-300,,,,,DDDDDDDD,,, siemens s7-300,,,,,dean,,, siemens s7-300,,,,,DEAN,,, siemens s7-300,,,,,default,,, siemens s7-300,,,,,DEFAULT,,, siemens s7-300,,,,,delevan,,, siemens s7-300,,,,,demo,,, siemens s7-300,,,,,DEMO,,, siemens s7-300,,,,,denise,,, siemens s7-300,,,,,DENISE,,, siemens s7-300,,,,,derparol,,, siemens s7-300,,,,,DERPAROL,,, siemens s7-300,,,,,DEVEVAN,,, siemens s7-300,,,,,device,,, siemens s7-300,,,,,DEVICE,,, siemens s7-300,,,,,devices,,, siemens s7-300,,,,,DEVICES,,, siemens s7-300,,,,,dhs3mt,,, siemens s7-300,,,,,DHS3MT,,, siemens s7-300,,,,,dhs3pms,,, siemens s7-300,,,,,DHS3PMS,,, siemens s7-300,,,,,diabl0,,, siemens s7-300,,,,,DIABL0,,, siemens s7-300,,,,,diablo,,, siemens s7-300,,,,,DIABLO,,, siemens s7-300,,,,,diamond,,, siemens s7-300,,,,,DIAMOND,,, siemens s7-300,,,,,digital,,, siemens s7-300,,,,,DIGITAL,,, siemens s7-300,,,,,DL20,,, siemens s7-300,,,,,dlink,,, siemens s7-300,,,,,D-Link,,, siemens s7-300,,,,,DLINK,,, siemens s7-300,,,,,dollar,,, siemens s7-300,,,,,DOLLAR,,, siemens s7-300,,,,,doom,,, siemens s7-300,,,,,DOOM,,, siemens s7-300,,,,,draadloos,,, siemens s7-300,,,,,DRAADLOOS,,, siemens s7-300,,,,,drivees,,, siemens s7-300,,,,,DRIVEES,,, siemens s7-300,,,,,e,,, siemens s7-300,,,,,E,,, siemens s7-300,,,,,echo,,, siemens s7-300,,,,,ECHO,,, siemens s7-300,,,,,ee,,, siemens s7-300,,,,,EE,,, siemens s7-300,,,,,eee,,, siemens s7-300,,,,,EEE,,, siemens s7-300,,,,,eeee,,, siemens s7-300,,,,,EEEE,,, siemens s7-300,,,,,eeeee,,, siemens s7-300,,,,,EEEEE,,, siemens s7-300,,,,,eeeeee,,, siemens s7-300,,,,,EEEEEE,,, siemens s7-300,,,,,eeeeeee,,, siemens s7-300,,,,,EEEEEEE,,, siemens s7-300,,,,,eeeeeeee,,, siemens s7-300,,,,,EEEEEEEE,,, siemens s7-300,,,,,EGDFV,,, siemens s7-300,,,,,electrin,,, siemens s7-300,,,,,ELECTRIN,,, siemens s7-300,,,,,elvis,,, siemens s7-300,,,,,ELVIS,,, siemens s7-300,,,,,enable,,, siemens s7-300,,,,,ENABLE,,, siemens s7-300,,,,,energy,,, siemens s7-300,,,,,ENERGY,,, siemens s7-300,,,,,engineer,,, siemens s7-300,,,,,ENGINEER,,, siemens s7-300,,,,,eqdfv,,, siemens s7-300,,,,,err0r,,, siemens s7-300,,,,,ERR0R,,, siemens s7-300,,,,,error,,, siemens s7-300,,,,,evening,,, siemens s7-300,,,,,EVENING,,, siemens s7-300,,,,,Exabyte,,, siemens s7-300,,,,,EXABYTE,,, siemens s7-300,,,,,expert03,,, siemens s7-300,,,,,EXPERT03,,, siemens s7-300,,,,,f,,, siemens s7-300,,,,,F,,, siemens s7-300,,,,,father,,, siemens s7-300,,,,,FATHER,,, siemens s7-300,,,,,fbd,,, siemens s7-300,,,,,FBD,,, siemens s7-300,,,,,ff,,, siemens s7-300,,,,,FF,,, siemens s7-300,,,,,fff,,, siemens s7-300,,,,,FFF,,, siemens s7-300,,,,,ffff,,, siemens s7-300,,,,,FFFF,,, siemens s7-300,,,,,fffff,,, siemens s7-300,,,,,FFFFF,,, siemens s7-300,,,,,ffffff,,, siemens s7-300,,,,,FFFFFF,,, siemens s7-300,,,,,fffffff,,, siemens s7-300,,,,,FFFFFFF,,, siemens s7-300,,,,,ffffffff,,, siemens s7-300,,,,,FFFFFFFF,,, siemens s7-300,,,,,field,,, siemens s7-300,,,,,FIELD,,, siemens s7-300,,,,,fire,,, siemens s7-300,,,,,FIRE,,, siemens s7-300,,,,,Fireport,,, siemens s7-300,,,,,FIREPORT,,, siemens s7-300,,,,,fish,,, siemens s7-300,,,,,FISH,,, siemens s7-300,,,,,fivranne,,, siemens s7-300,,,,,FIVRANNE,,, siemens s7-300,,,,,flash,,, siemens s7-300,,,,,FLASH,,, siemens s7-300,,,,,flex,,, siemens s7-300,,,,,FLEX,,, siemens s7-300,,,,,flexible,,, siemens s7-300,,,,,FLEXIBLE,,, siemens s7-300,,,,,football,,, siemens s7-300,,,,,FOOTBALL,,, siemens s7-300,,,,,friend,,, siemens s7-300,,,,,FRIEND,,, siemens s7-300,,,,,fuck,,, siemens s7-300,,,,,FUCK,,, siemens s7-300,,,,,fuckoff,,, siemens s7-300,,,,,FUCKOFF,,, siemens s7-300,,,,,fuckyou,,, siemens s7-300,,,,,FUCKYOU,,, siemens s7-300,,,,,g,,, siemens s7-300,,,,,G,,, siemens s7-300,,,,,g00gle,,, siemens s7-300,,,,,G00GLE,,, siemens s7-300,,,,,G0F9,,, siemens s7-300,,,,,G0K1,,, siemens s7-300,,,,,G6K6,,, siemens s7-300,,,,,gama,,, siemens s7-300,,,,,GAMA,,, siemens s7-300,,,,,ganteng,,, siemens s7-300,,,,,GAWSED,,, siemens s7-300,,,,,Geardog,,, siemens s7-300,,,,,GEARDOG,,, siemens s7-300,,,,,gen1,,, siemens s7-300,,,,,gen2,,, siemens s7-300,,,,,gfcc,,, siemens s7-300,,,,,GFCC,,, siemens s7-300,,,,,gfccdjhl,,, siemens s7-300,,,,,GFCCDJHL,,, siemens s7-300,,,,,gfhjkm,,, siemens s7-300,,,,,gfhjkm,,, siemens s7-300,,,,,GFHJKM,,, siemens s7-300,,,,,gg,,, siemens s7-300,,,,,GG,,, siemens s7-300,,,,,ggg,,, siemens s7-300,,,,,GGG,,, siemens s7-300,,,,,gggg,,, siemens s7-300,,,,,GGGG,,, siemens s7-300,,,,,ggggg,,, siemens s7-300,,,,,GGGGG,,, siemens s7-300,,,,,gggggg,,, siemens s7-300,,,,,GGGGGG,,, siemens s7-300,,,,,ggggggg,,, siemens s7-300,,,,,GGGGGGG,,, siemens s7-300,,,,,gggggggg,,, siemens s7-300,,,,,GGGGGGGG,,, siemens s7-300,,,,,ghbdtn,,, siemens s7-300,,,,,GHBDTN,,, siemens s7-300,,,,,GHOST,,, siemens s7-300,,,,,ghost,,, siemens s7-300,,,,,goal,,, siemens s7-300,,,,,GOAL,,, siemens s7-300,,,,,golf,,, siemens s7-300,,,,,GOLF,,, siemens s7-300,,,,,google,,, siemens s7-300,,,,,GOOGLE,,, siemens s7-300,,,,,got,,, siemens s7-300,,,,,GOT,,, siemens s7-300,,,,,guest,,, siemens s7-300,,,,,GUEST,,, siemens s7-300,,,,,h,,, siemens s7-300,,,,,H,,, siemens s7-300,,,,,hardware,,, siemens s7-300,,,,,HARDWARE,,, siemens s7-300,,,,,harley,,, siemens s7-300,,,,,helen,,, siemens s7-300,,,,,HELEN,,, siemens s7-300,,,,,hello,,, siemens s7-300,,,,,HELLO,,, siemens s7-300,,,,,help,,, siemens s7-300,,,,,HELP,,, siemens s7-300,,,,,help1954,,, siemens s7-300,,,,,HELP1954,,, siemens s7-300,,,,,Helpdesk,,, siemens s7-300,,,,,HELPDESK,,, siemens s7-300,,,,,hexseal,,, siemens s7-300,,,,,HEXSEAL,,, siemens s7-300,,,,,hh,,, siemens s7-300,,,,,HH,,, siemens s7-300,,,,,hhh,,, siemens s7-300,,,,,HHH,,, siemens s7-300,,,,,hhhh,,, siemens s7-300,,,,,HHHH,,, siemens s7-300,,,,,hhhhh,,, siemens s7-300,,,,,HHHHH,,, siemens s7-300,,,,,hhhhhh,,, siemens s7-300,,,,,HHHHHH,,, siemens s7-300,,,,,hhhhhhh,,, siemens s7-300,,,,,HHHHHHH,,, siemens s7-300,,,,,hhhhhhhh,,, siemens s7-300,,,,,HHHHHHHH,,, siemens s7-300,,,,,highspeed,,, siemens s7-300,,,,,HIGHSPEED,,, siemens s7-300,,,,,hinear,,, siemens s7-300,,,,,HINEAR,,, siemens s7-300,,,,,home,,, siemens s7-300,,,,,HOME,,, siemens s7-300,,,,,homeplug,,, siemens s7-300,,,,,HomePlug,,, siemens s7-300,,,,,HOMEPLUG,,, siemens s7-300,,,,,honda,,, siemens s7-300,,,,,HONDA,,, siemens s7-300,,,,,HP,,, siemens s7-300,,,,,hp.com,,, siemens s7-300,,,,,hpoffice,,, siemens s7-300,,,,,HPOFFICE,,, siemens s7-300,,,,,hponly,,, siemens s7-300,,,,,HPONLY,,, siemens s7-300,,,,,HPP187,,, siemens s7-300,,,,,HPP189,,, siemens s7-300,,,,,HPP196,,, siemens s7-300,,,,,hrloo,,, siemens s7-300,,,,,HRLOO,,, siemens s7-300,,,,,hsadb,,, siemens s7-300,,,,,http,,, siemens s7-300,,,,,HTTP,,, siemens s7-300,,,,,i,,, siemens s7-300,,,,,I,,, siemens s7-300,,,,,iDirect,,, siemens s7-300,,,,,IDIRECT,,, siemens s7-300,,,,,ii,,, siemens s7-300,,,,,II,,, siemens s7-300,,,,,iii,,, siemens s7-300,,,,,III,,, siemens s7-300,,,,,iiii,,, siemens s7-300,,,,,IIII,,, siemens s7-300,,,,,iiiii,,, siemens s7-300,,,,,IIIII,,, siemens s7-300,,,,,iiiiii,,, siemens s7-300,,,,,IIIIII,,, siemens s7-300,,,,,iiiiiii,,, siemens s7-300,,,,,IIIIIII,,, siemens s7-300,,,,,iiiiiiii,,, siemens s7-300,,,,,IIIIIIII,,, siemens s7-300,,,,,ILMI,,, siemens s7-300,,,,,iloveyou,,, siemens s7-300,,,,,ILOVEYOU,,, siemens s7-300,,,,,images,,, siemens s7-300,,,,,IMAGES,,, siemens s7-300,,,,,inads,,, siemens s7-300,,,,,INADS,,, siemens s7-300,,,,,inc,,, siemens s7-300,,,,,INC,,, siemens s7-300,,,,,indspw,,, siemens s7-300,,,,,INDSPW,,, siemens s7-300,,,,,inferno,,, siemens s7-300,,,,,INFERNO,,, siemens s7-300,,,,,initpw,,, siemens s7-300,,,,,INITPW,,, siemens s7-300,,,,,Inmet,,, siemens s7-300,,,,,inmet,,, siemens s7-300,,,,,INMET,,, siemens s7-300,,,,,Intel,,, siemens s7-300,,,,,INTEL,,, siemens s7-300,,,,,internet,,, siemens s7-300,,,,,Internet,,, siemens s7-300,,,,,INTERNET,,, siemens s7-300,,,,,INTX3,,, siemens s7-300,,,,,ironport,,, siemens s7-300,,,,,IRONPORT,,, siemens s7-300,,,,,isee,,, siemens s7-300,,,,,ISEE,,, siemens s7-300,,,,,isp,,, siemens s7-300,,,,,ISP,,, siemens s7-300,,,,,ITF3000,,, siemens s7-300,,,,,j,,, siemens s7-300,,,,,J,,, siemens s7-300,,,,,J6R6,,, siemens s7-300,,,,,J6W8,,, siemens s7-300,,,,,jack,,, siemens s7-300,,,,,JACK,,, siemens s7-300,,,,,janet,,, siemens s7-300,,,,,JANET,,, siemens s7-300,,,,,jannie,,, siemens s7-300,,,,,JANNIE,,, siemens s7-300,,,,,jasmine,,, siemens s7-300,,,,,JASMINE,,, siemens s7-300,,,,,JDE,,, siemens s7-300,,,,,jj,,, siemens s7-300,,,,,JJ,,, siemens s7-300,,,,,jjj,,, siemens s7-300,,,,,JJJ,,, siemens s7-300,,,,,jjjj,,, siemens s7-300,,,,,JJJJ,,, siemens s7-300,,,,,jjjjj,,, siemens s7-300,,,,,JJJJJ,,, siemens s7-300,,,,,jjjjjj,,, siemens s7-300,,,,,JJJJJJ,,, siemens s7-300,,,,,jjjjjjj,,, siemens s7-300,,,,,JJJJJJJ,,, siemens s7-300,,,,,jjjjjjjj,,, siemens s7-300,,,,,JJJJJJJJ,,, siemens s7-300,,,,,JOCKER,,, siemens s7-300,,,,,john,,, siemens s7-300,,,,,JOHN,,, siemens s7-300,,,,,joker,,, siemens s7-300,,,,,jordan,,, siemens s7-300,,,,,JORDAN,,, siemens s7-300,,,,,jordan23,,, siemens s7-300,,,,,JORDAN23,,, siemens s7-300,,,,,JR58,,, siemens s7-300,,,,,JR59,,, siemens s7-300,,,,,k,,, siemens s7-300,,,,,K,,, siemens s7-300,,,,,kermit,,, siemens s7-300,,,,,KERMIT,,, siemens s7-300,,,,,killer,,, siemens s7-300,,,,,KILLER,,, siemens s7-300,,,,,killme,,, siemens s7-300,,,,,kilo1987,,, siemens s7-300,,,,,KILO1987,,, siemens s7-300,,,,,kk,,, siemens s7-300,,,,,KK,,, siemens s7-300,,,,,kkk,,, siemens s7-300,,,,,KKK,,, siemens s7-300,,,,,kkkk,,, siemens s7-300,,,,,KKKK,,, siemens s7-300,,,,,kkkkk,,, siemens s7-300,,,,,KKKKK,,, siemens s7-300,,,,,kkkkkk,,, siemens s7-300,,,,,KKKKKK,,, siemens s7-300,,,,,kkkkkkk,,, siemens s7-300,,,,,KKKKKKK,,, siemens s7-300,,,,,kkkkkkkk,,, siemens s7-300,,,,,KKKKKKKK,,, siemens s7-300,,,,,korn,,, siemens s7-300,,,,,KORN,,, siemens s7-300,,,,,l,,, siemens s7-300,,,,,L,,, siemens s7-300,,,,,lad,,, siemens s7-300,,,,,LAD,,, siemens s7-300,,,,,laflaf,,, siemens s7-300,,,,,LAFLAF,,, siemens s7-300,,,,,letacla,,, siemens s7-300,,,,,LETACLA,,, siemens s7-300,,,,,letmein,,, siemens s7-300,,,,,letmein,,, siemens s7-300,,,,,LETMEIN,,, siemens s7-300,,,,,level1,,, siemens s7-300,,,,,LEVEL1,,, siemens s7-300,,,,,leviton,,, siemens s7-300,,,,,LEVITON,,, siemens s7-300,,,,,LILLME,,, siemens s7-300,,,,,linga,,, siemens s7-300,,,,,LINGA,,, siemens s7-300,,,,,linux,,, siemens s7-300,,,,,LINUX,,, siemens s7-300,,,,,lisa,,, siemens s7-300,,,,,LISA,,, siemens s7-300,,,,,ll,,, siemens s7-300,,,,,LL,,, siemens s7-300,,,,,llatsni,,, siemens s7-300,,,,,LLATSNI,,, siemens s7-300,,,,,lll,,, siemens s7-300,,,,,LLL,,, siemens s7-300,,,,,llll,,, siemens s7-300,,,,,LLLL,,, siemens s7-300,,,,,lllll,,, siemens s7-300,,,,,LLLLL,,, siemens s7-300,,,,,llllll,,, siemens s7-300,,,,,LLLLLL,,, siemens s7-300,,,,,lllllll,,, siemens s7-300,,,,,LLLLLLL,,, siemens s7-300,,,,,llllllll,,, siemens s7-300,,,,,LLLLLLLL,,, siemens s7-300,,,,,locatepw,,, siemens s7-300,,,,,LOCATEPW,,, siemens s7-300,,,,,lock,,, siemens s7-300,,,,,LOCK,,, siemens s7-300,,,,,login,,, siemens s7-300,,,,,LOGIN,,, siemens s7-300,,,,,looker,,, siemens s7-300,,,,,LOOKER,,, siemens s7-300,,,,,lotus,,, siemens s7-300,,,,,LOTUS,,, siemens s7-300,,,,,love,,, siemens s7-300,,,,,LOVE,,, siemens s7-300,,,,,ltd,,, siemens s7-300,,,,,LTD,,, siemens s7-300,,,,,lucky,,, siemens s7-300,,,,,LUCKY,,, siemens s7-300,,,,,m,,, siemens s7-300,,,,,M,,, siemens s7-300,,,,,m1122,,, siemens s7-300,,,,,M1122,,, siemens s7-300,,,,,mail,,, siemens s7-300,,,,,MAIL,,, siemens s7-300,,,,,maint,,, siemens s7-300,,,,,MAINT,,, siemens s7-300,,,,,maintpw,,, siemens s7-300,,,,,MAINTPW,,, siemens s7-300,,,,,manager,,, siemens s7-300,,,,,Manager,,, siemens s7-300,,,,,MANAGER,,, siemens s7-300,,,,,maniac,,, siemens s7-300,,,,,MANIAC,,, siemens s7-300,,,,,master,,, siemens s7-300,,,,,Master,,, siemens s7-300,,,,,MASTER,,, siemens s7-300,,,,,masterkey,,, siemens s7-300,,,,,MASTERKEY,,, siemens s7-300,,,,,Mau'dib,,, siemens s7-300,,,,,mediator,,, siemens s7-300,,,,,MEDIATOR,,, siemens s7-300,,,,,medion,,, siemens s7-300,,,,,MEDION,,, siemens s7-300,,,,,MGR,,, siemens s7-300,,,,,micro,,, siemens s7-300,,,,,MICRO,,, siemens s7-300,,,,,microwav,,, siemens s7-300,,,,,MICROWAV,,, siemens s7-300,,,,,miller,,, siemens s7-300,,,,,MILLLER,,, siemens s7-300,,,,,MiniAP,,, siemens s7-300,,,,,mis,,, siemens s7-300,,,,,MIS,,, siemens s7-300,,,,,MJSSSJJ,,, siemens s7-300,,,,,MJSSSJJ,,, siemens s7-300,,,,,MJSSSJJ_,,, siemens s7-300,,,,,mlusr,,, siemens s7-300,,,,,MLUSR,,, siemens s7-300,,,,,mm,,, siemens s7-300,,,,,MM,,, siemens s7-300,,,,,mmm,,, siemens s7-300,,,,,MMM,,, siemens s7-300,,,,,mmmm,,, siemens s7-300,,,,,MMMM,,, siemens s7-300,,,,,mmmmm,,, siemens s7-300,,,,,MMMMM,,, siemens s7-300,,,,,mmmmmm,,, siemens s7-300,,,,,MMMMMM,,, siemens s7-300,,,,,mmmmmmm,,, siemens s7-300,,,,,MMMMMMM,,, siemens s7-300,,,,,mmmmmmmm,,, siemens s7-300,,,,,MMMMMMMM,,, siemens s7-300,,,,,modul,,, siemens s7-300,,,,,MODUL,,, siemens s7-300,,,,,module,,, siemens s7-300,,,,,MODULE,,, siemens s7-300,,,,,money,,, siemens s7-300,,,,,MONEY,,, siemens s7-300,,,,,monitor,,, siemens s7-300,,,,,MONITOR,,, siemens s7-300,,,,,monkey,,, siemens s7-300,,,,,MONKEY,,, siemens s7-300,,,,,mosmatic,,, siemens s7-300,,,,,MOSMATIC,,, siemens s7-300,,,,,mother,,, siemens s7-300,,,,,MOTHER,,, siemens s7-300,,,,,motorola,,, siemens s7-300,,,,,MOTOROLA,,, siemens s7-300,,,,,mouse,,, siemens s7-300,,,,,MOUSE,,, siemens s7-300,,,,,MPE,,, siemens s7-300,,,,,MServer,,, siemens s7-300,,,,,mtch,,, siemens s7-300,,,,,MTCH,,, siemens s7-300,,,,,Multi,,, siemens s7-300,,,,,mustang,,, siemens s7-300,,,,,MUSTANG,,, siemens s7-300,,,,,mypass,,, siemens s7-300,,,,,MYPASS,,, siemens s7-300,,,,,mypass123,,, siemens s7-300,,,,,MYPASS123,,, siemens s7-300,,,,,mypc,,, siemens s7-300,,,,,MYPC,,, siemens s7-300,,,,,mypc123,,, siemens s7-300,,,,,MYPC123,,, siemens s7-300,,,,,myspace,,, siemens s7-300,,,,,MYSPACE,,, siemens s7-300,,,,,myspace1,,, siemens s7-300,,,,,MYSPACE1,,, siemens s7-300,,,,,n,,, siemens s7-300,,,,,N,,, siemens s7-300,,,,,n/a,,, siemens s7-300,,,,,N/A,,, siemens s7-300,,,,,naadmin,,, siemens s7-300,,,,,NAADMIN,,, siemens s7-300,,,,,naranja,,, siemens s7-300,,,,,NARANJA,,, siemens s7-300,,,,,NAU,,, siemens s7-300,,,,,Net,,, siemens s7-300,,,,,NET,,, siemens s7-300,,,,,netadmin,,, siemens s7-300,,,,,NETADMIN,,, siemens s7-300,,,,,netbase,,, siemens s7-300,,,,,NETBASE,,, siemens s7-300,,,,,NetCache,,, siemens s7-300,,,,,NETCACHE,,, siemens s7-300,,,,,NetICs,,, siemens s7-300,,,,,netman,,, siemens s7-300,,,,,NETMAN,,, siemens s7-300,,,,,netopia,,, siemens s7-300,,,,,NETOPIA,,, siemens s7-300,,,,,netscreen,,, siemens s7-300,,,,,NETSCREEN,,, siemens s7-300,,,,,netutil,,, siemens s7-300,,,,,NETUTIL,,, siemens s7-300,,,,,NetVCR,,, siemens s7-300,,,,,NETVCR,,, siemens s7-300,,,,,network,,, siemens s7-300,,,,,NETWORK,,, siemens s7-300,,,,,newpass,,, siemens s7-300,,,,,NEWPASS,,, siemens s7-300,,,,,niconex,,, siemens s7-300,,,,,NICONEX,,, siemens s7-300,,,,,nimdaten,,, siemens s7-300,,,,,NIMDATEN,,, siemens s7-300,,,,,nmspw,,, siemens s7-300,,,,,NMSPW,,, siemens s7-300,,,,,nn,,, siemens s7-300,,,,,NN,,, siemens s7-300,,,,,nnn,,, siemens s7-300,,,,,NNN,,, siemens s7-300,,,,,nnnn,,, siemens s7-300,,,,,NNNN,,, siemens s7-300,,,,,nnnnn,,, siemens s7-300,,,,,NNNNN,,, siemens s7-300,,,,,nnnnnn,,, siemens s7-300,,,,,NNNNNN,,, siemens s7-300,,,,,nnnnnnn,,, siemens s7-300,,,,,NNNNNNN,,, siemens s7-300,,,,,nnnnnnnn,,, siemens s7-300,,,,,NNNNNNNN,,, siemens s7-300,,,,,nokai,,, siemens s7-300,,,,,NOKAI,,, siemens s7-300,,,,,notused,,, siemens s7-300,,,,,NOTUSED,,, siemens s7-300,,,,,noway,,, siemens s7-300,,,,,NOWAY,,, siemens s7-300,,,,,NSADB,,, siemens s7-300,,,,,ntacdmax,,, siemens s7-300,,,,,NTACDMAX,,, siemens s7-300,,,,,null,,, siemens s7-300,,,,,NULL,,, siemens s7-300,,,,,o,,, siemens s7-300,,,,,O,,, siemens s7-300,,,,,OCS,,, siemens s7-300,,,,,oem,,, siemens s7-300,,,,,OEM,,, siemens s7-300,,,,,OkiLAN,,, siemens s7-300,,,,,OKILAN,,, siemens s7-300,,,,,omron,,, siemens s7-300,,,,,OMRON,,, siemens s7-300,,,,,oo,,, siemens s7-300,,,,,OO,,, siemens s7-300,,,,,ooo,,, siemens s7-300,,,,,OOO,,, siemens s7-300,,,,,oooo,,, siemens s7-300,,,,,OOOO,,, siemens s7-300,,,,,ooooo,,, siemens s7-300,,,,,OOOOO,,, siemens s7-300,,,,,oooooo,,, siemens s7-300,,,,,OOOOOO,,, siemens s7-300,,,,,ooooooo,,, siemens s7-300,,,,,OOOOOOO,,, siemens s7-300,,,,,oooooooo,,, siemens s7-300,,,,,OOOOOOOO,,, siemens s7-300,,,,,op3n,,, siemens s7-300,,,,,operator,,, siemens s7-300,,,,,OPERATOR,,, siemens s7-300,,,,,Opto,,, siemens s7-300,,,,,OPTO,,, siemens s7-300,,,,,owner,,, siemens s7-300,,,,,OWNER,,, siemens s7-300,,,,,p,,, siemens s7-300,,,,,P,,, siemens s7-300,,,,,P@55w0rd!,,, siemens s7-300,,,,,pas,,, siemens s7-300,,,,,PAS,,, siemens s7-300,,,,,pass,,, siemens s7-300,,,,,PASS,,, siemens s7-300,,,,,PASSAGE,,, siemens s7-300,,,,,passage,,, siemens s7-300,,,,,passw,,, siemens s7-300,,,,,PASSW,,, siemens s7-300,,,,,passwd,,, siemens s7-300,,,,,PASSWD,,, siemens s7-300,,,,,passwo,,, siemens s7-300,,,,,PASSWO,,, siemens s7-300,,,,,passwor,,, siemens s7-300,,,,,PASSWOR,,, siemens s7-300,,,,,password,,, siemens s7-300,,,,,PASSWORD,,, siemens s7-300,,,,,pat,,, siemens s7-300,,,,,PAT,,, siemens s7-300,,,,,paterna,,, siemens s7-300,,,,,PATERNA,,, siemens s7-300,,,,,patrick,,, siemens s7-300,,,,,PATRICK,,, siemens s7-300,,,,,patrol,,, siemens s7-300,,,,,PATROL,,, siemens s7-300,,,,,PBX,,, siemens s7-300,,,,,pbxk1064,,, siemens s7-300,,,,,PBXK1064,,, siemens s7-300,,,,,pcs7,,, siemens s7-300,,,,,PCS7,,, siemens s7-300,,,,,pentium,,, siemens s7-300,,,,,PENTIUM,,, siemens s7-300,,,,,pento,,, siemens s7-300,,,,,PENTO,,, siemens s7-300,,,,,pepper,,, siemens s7-300,,,,,PEPPER,,, siemens s7-300,,,,,pepsi,,, siemens s7-300,,,,,PEPSI,,, siemens s7-300,,,,,permit,,, siemens s7-300,,,,,PERMIT,,, siemens s7-300,,,,,personal,,, siemens s7-300,,,,,PERSONAL,,, siemens s7-300,,,,,pfsense,,, siemens s7-300,,,,,PFSENSE,,, siemens s7-300,,,,,photonix,,, siemens s7-300,,,,,PHOTONIX,,, siemens s7-300,,,,,pilou,,, siemens s7-300,,,,,PILOU,,, siemens s7-300,,,,,piranha,,, siemens s7-300,,,,,PIRANHA,,, siemens s7-300,,,,,plc,,, siemens s7-300,,,,,PLC,,, siemens s7-300,,,,,plcsim,,, siemens s7-300,,,,,PLCSIM,,, siemens s7-300,,,,,PlsChgMe,,, siemens s7-300,,,,,poerty,,, siemens s7-300,,,,,POERTY,,, siemens s7-300,,,,,policy,,, siemens s7-300,,,,,POLICY,,, siemens s7-300,,,,,Posterie,,, siemens s7-300,,,,,POSTERIE,,, siemens s7-300,,,,,power,,, siemens s7-300,,,,,POWER,,, siemens s7-300,,,,,pp,,, siemens s7-300,,,,,PP,,, siemens s7-300,,,,,ppp,,, siemens s7-300,,,,,PPP,,, siemens s7-300,,,,,pppp,,, siemens s7-300,,,,,PPPP,,, siemens s7-300,,,,,ppppp,,, siemens s7-300,,,,,PPPPP,,, siemens s7-300,,,,,pppppp,,, siemens s7-300,,,,,PPPPPP,,, siemens s7-300,,,,,ppppppp,,, siemens s7-300,,,,,PPPPPPP,,, siemens s7-300,,,,,pppppppp,,, siemens s7-300,,,,,PPPPPPPP,,, siemens s7-300,,,,,princess,,, siemens s7-300,,,,,PRINCESS,,, siemens s7-300,,,,,private,,, siemens s7-300,,,,,PRIVATE,,, siemens s7-300,,,,,proddta,,, siemens s7-300,,,,,PRODDTA,,, siemens s7-300,,,,,profibus,,, siemens s7-300,,,,,PROFIBUS,,, siemens s7-300,,,,,Protector,,, siemens s7-300,,,,,PROTECTOR,,, siemens s7-300,,,,,protool,,, siemens s7-300,,,,,PROTOOL,,, siemens s7-300,,,,,public,,, siemens s7-300,,,,,PUBLIC,,, siemens s7-300,,,,,pusy,,, siemens s7-300,,,,,PUSY,,, siemens s7-300,,,,,pw123,,, siemens s7-300,,,,,PW123,,, siemens s7-300,,,,,pwd,,, siemens s7-300,,,,,PWD,,, siemens s7-300,,,,,q,,, siemens s7-300,,,,,Q,,, siemens s7-300,,,,,qawsed,,, siemens s7-300,,,,,qq,,, siemens s7-300,,,,,QQ,,, siemens s7-300,,,,,qq520,,, siemens s7-300,,,,,QQ520,,, siemens s7-300,,,,,qqq,,, siemens s7-300,,,,,QQQ,,, siemens s7-300,,,,,qqqq,,, siemens s7-300,,,,,QQQQ,,, siemens s7-300,,,,,qqqqq,,, siemens s7-300,,,,,QQQQQ,,, siemens s7-300,,,,,qqqqqq,,, siemens s7-300,,,,,QQQQQQ,,, siemens s7-300,,,,,qqqqqqq,,, siemens s7-300,,,,,QQQQQQQ,,, siemens s7-300,,,,,qqqqqqqq,,, siemens s7-300,,,,,QQQQQQQQ,,, siemens s7-300,,,,,qwe,,, siemens s7-300,,,,,qwer,,, siemens s7-300,,,,,QWER,,, siemens s7-300,,,,,QWERT,,, siemens s7-300,,,,,qwerty,,, siemens s7-300,,,,,QWERTY,,, siemens s7-300,,,,,qwerty1,,, siemens s7-300,,,,,qwertyu,,, siemens s7-300,,,,,QWERTYU,,, siemens s7-300,,,,,qwertyui,,, siemens s7-300,,,,,QWERTYUI,,, siemens s7-300,,,,,r,,, siemens s7-300,,,,,R,,, siemens s7-300,,,,,r@p8p0r+,,, siemens s7-300,,,,,R1QTPS,,, siemens s7-300,,,,,rade0n,,, siemens s7-300,,,,,RADE0N,,, siemens s7-300,,,,,RADEON,,, siemens s7-300,,,,,radius,,, siemens s7-300,,,,,RADIUS,,, siemens s7-300,,,,,radware,,, siemens s7-300,,,,,RADWARE,,, siemens s7-300,,,,,rdfhnbhf,,, siemens s7-300,,,,,RDFHNBHF,,, siemens s7-300,,,,,recovery,,, siemens s7-300,,,,,RECOVERY,,, siemens s7-300,,,,,rego,,, siemens s7-300,,,,,REGO,,, siemens s7-300,,,,,remote,,, siemens s7-300,,,,,REMOTE,,, siemens s7-300,,,,,rip000,,, siemens s7-300,,,,,RIP000,,, siemens s7-300,,,,,rittal,,, siemens s7-300,,,,,RITTAL,,, siemens s7-300,,,,,robele,,, siemens s7-300,,,,,ROBELLE,,, siemens s7-300,,,,,root,,, siemens s7-300,,,,,ROOT,,, siemens s7-300,,,,,ROOT500,,, siemens s7-300,,,,,router,,, siemens s7-300,,,,,ROUTER,,, siemens s7-300,,,,,rr,,, siemens s7-300,,,,,RR,,, siemens s7-300,,,,,rrr,,, siemens s7-300,,,,,RRR,,, siemens s7-300,,,,,rrrr,,, siemens s7-300,,,,,RRRR,,, siemens s7-300,,,,,rrrrr,,, siemens s7-300,,,,,RRRRR,,, siemens s7-300,,,,,rrrrrr,,, siemens s7-300,,,,,RRRRRR,,, siemens s7-300,,,,,rrrrrrr,,, siemens s7-300,,,,,RRRRRRR,,, siemens s7-300,,,,,rrrrrrrr,,, siemens s7-300,,,,,RRRRRRRR,,, siemens s7-300,,,,,rs4igoy,,, siemens s7-300,,,,,RS4IGOY,,, siemens s7-300,,,,,RSX,,, siemens s7-300,,,,,rtyhn,,, siemens s7-300,,,,,RTYHN,,, siemens s7-300,,,,,run-p,,, siemens s7-300,,,,,RUN-P,,, siemens s7-300,,,,,russia,,, siemens s7-300,,,,,RUSSIA,,, siemens s7-300,,,,,rwmaint,,, siemens s7-300,,,,,RWMAINT,,, siemens s7-300,,,,,s,,, siemens s7-300,,,,,S,,, siemens s7-300,,,,,s7,,, siemens s7-300,,,,,S7,,, siemens s7-300,,,,,s7-300,,, siemens s7-300,,,,,S7-300,,, siemens s7-300,,,,,s7-400,,, siemens s7-300,,,,,S7-400,,, siemens s7-300,,,,,scout,,, siemens s7-300,,,,,SCOUT,,, siemens s7-300,,,,,search,,, siemens s7-300,,,,,SEARCH,,, siemens s7-300,,,,,secret,,, siemens s7-300,,,,,SECRET,,, siemens s7-300,,,,,secure,,, siemens s7-300,,,,,SECURE,,, siemens s7-300,,,,,security,,, siemens s7-300,,,,,SECURITY,,, siemens s7-300,,,,,sekret,,, siemens s7-300,,,,,SEKRET,,, siemens s7-300,,,,,Sensor,,, siemens s7-300,,,,,serco,,, siemens s7-300,,,,,SERCO,,, siemens s7-300,,,,,serial#,,, siemens s7-300,,,,,serovox,,, siemens s7-300,,,,,SEROVOX,,, siemens s7-300,,,,,server,,, siemens s7-300,,,,,SERVER,,, siemens s7-300,,,,,SESAME,,, siemens s7-300,,,,,setherco,,, siemens s7-300,,,,,SETHERCO,,, siemens s7-300,,,,,setup,,, siemens s7-300,,,,,SETUP,,, siemens s7-300,,,,,sex,,, siemens s7-300,,,,,SEX,,, siemens s7-300,,,,,sgena,,, siemens s7-300,,,,,SGENA,,, siemens s7-300,,,,,sgilent,,, siemens s7-300,,,,,SGILENT,,, siemens s7-300,,,,,shadow,,, siemens s7-300,,,,,SHADOW,,, siemens s7-300,,,,,Sharp,,, siemens s7-300,,,,,sicostart,,, siemens s7-300,,,,,SICOSTART,,, siemens s7-300,,,,,siemens,,, siemens s7-300,,,,,SIEMENS,,, siemens s7-300,,,,,simatic,,, siemens s7-300,,,,,SIMATIC,,, siemens s7-300,,,,,simens,,, siemens s7-300,,,,,SIMENS,,, siemens s7-300,,,,,simo,,, siemens s7-300,,,,,SIMO,,, siemens s7-300,,,,,simocode,,, siemens s7-300,,,,,SIMOCODE,,, siemens s7-300,,,,,simoreg,,, siemens s7-300,,,,,SIMOREG,,, siemens s7-300,,,,,simovert,,, siemens s7-300,,,,,SIMOVERT,,, siemens s7-300,,,,,simtec,,, siemens s7-300,,,,,SIMTEC,,, siemens s7-300,,,,,sirborn,,, siemens s7-300,,,,,SIRBORN,,, siemens s7-300,,,,,sitop,,, siemens s7-300,,,,,SITOP,,, siemens s7-300,,,,,SKY_FOX,,, siemens s7-300,,,,,slave,,, siemens s7-300,,,,,SLAVE,,, siemens s7-300,,,,,slipknot,,, siemens s7-300,,,,,SLIPKNOT,,, siemens s7-300,,,,,SMDR,,, siemens s7-300,,,,,smile,,, siemens s7-300,,,,,SMILE,,, siemens s7-300,,,,,smuser,,, siemens s7-300,,,,,SMUSER,,, siemens s7-300,,,,,snoopy,,, siemens s7-300,,,,,SNOOPY,,, siemens s7-300,,,,,soccer,,, siemens s7-300,,,,,SOCCER,,, siemens s7-300,,,,,solution,,, siemens s7-300,,,,,SOLUTION,,, siemens s7-300,,,,,SpIp,,, siemens s7-300,,,,,ss,,, siemens s7-300,,,,,SS,,, siemens s7-300,,,,,SSA,,, siemens s7-300,,,,,sss,,, siemens s7-300,,,,,SSS,,, siemens s7-300,,,,,ssss,,, siemens s7-300,,,,,SSSS,,, siemens s7-300,,,,,sssss,,, siemens s7-300,,,,,SSSSS,,, siemens s7-300,,,,,ssssss,,, siemens s7-300,,,,,SSSSSS,,, siemens s7-300,,,,,sssssss,,, siemens s7-300,,,,,SSSSSSS,,, siemens s7-300,,,,,ssssssss,,, siemens s7-300,,,,,SSSSSSSS,,, siemens s7-300,,,,,stan,,, siemens s7-300,,,,,STAN,,, siemens s7-300,,,,,star,,, siemens s7-300,,,,,STAR,,, siemens s7-300,,,,,starwar,,, siemens s7-300,,,,,STARWAR,,, siemens s7-300,,,,,step5,,, siemens s7-300,,,,,STEP5,,, siemens s7-300,,,,,step7,,, siemens s7-300,,,,,STEP7,,, siemens s7-300,,,,,stimpy,,, siemens s7-300,,,,,STIMPY,,, siemens s7-300,,,,,stl,,, siemens s7-300,,,,,STL,,, siemens s7-300,,,,,stop,,, siemens s7-300,,,,,STOP,,, siemens s7-300,,,,,ststic,,, siemens s7-300,,,,,STSTIC,,, siemens s7-300,,,,,summer,,, siemens s7-300,,,,,SUMMER,,, siemens s7-300,,,,,sunrise,,, siemens s7-300,,,,,SUNRISE,,, siemens s7-300,,,,,Super,,, siemens s7-300,,,,,superid,,, siemens s7-300,,,,,SUPERID,,, siemens s7-300,,,,,superman,,, siemens s7-300,,,,,SUPERMAN,,, siemens s7-300,,,,,support,,, siemens s7-300,,,,,SUPPORT,,, siemens s7-300,,,,,surt,,, siemens s7-300,,,,,SURT,,, siemens s7-300,,,,,switch,,, siemens s7-300,,,,,SWITCH,,, siemens s7-300,,,,,sybase,,, siemens s7-300,,,,,SYBASE,,, siemens s7-300,,,,,Symbol,,, siemens s7-300,,,,,SYMBOL,,, siemens s7-300,,,,,synnet,,, siemens s7-300,,,,,SYNNET,,, siemens s7-300,,,,,sysadm,,, siemens s7-300,,,,,SYSADM,,, siemens s7-300,,,,,SYSDISC,,, siemens s7-300,,,,,sysdisk,,, siemens s7-300,,,,,system,,, siemens s7-300,,,,,SYSTEM,,, siemens s7-300,,,,,t,,, siemens s7-300,,,,,T,,, siemens s7-300,,,,,talent,,, siemens s7-300,,,,,TALENT,,, siemens s7-300,,,,,TALINUZ,,, siemens s7-300,,,,,talisman,,, siemens s7-300,,,,,TALISMAN,,, siemens s7-300,,,,,TANDBERG,,, siemens s7-300,,,,,TCH,,, siemens s7-300,,,,,tech,,, siemens s7-300,,,,,TECH,,, siemens s7-300,,,,,telco,,, siemens s7-300,,,,,TELCO,,, siemens s7-300,,,,,telecom,,, siemens s7-300,,,,,Telecom,,, siemens s7-300,,,,,TELECOM,,, siemens s7-300,,,,,telesup,,, siemens s7-300,,,,,TELESUP,,, siemens s7-300,,,,,tellabs#1,,, siemens s7-300,,,,,telus,,, siemens s7-300,,,,,TELUS,,, siemens s7-300,,,,,temp,,, siemens s7-300,,,,,TEMP,,, siemens s7-300,,,,,temp123,,, siemens s7-300,,,,,TEMP123,,, siemens s7-300,,,,,test,,, siemens s7-300,,,,,TEST,,, siemens s7-300,,,,,test123,,, siemens s7-300,,,,,TEST123,,, siemens s7-300,,,,,thomas,,, siemens s7-300,,,,,Thomas,,, siemens s7-300,,,,,THOMAS,,, siemens s7-300,,,,,tiaranet,,, siemens s7-300,,,,,TIARANET,,, siemens s7-300,,,,,tiger123,,, siemens s7-300,,,,,TIGER123,,, siemens s7-300,,,,,timely,,, siemens s7-300,,,,,TIMELY,,, siemens s7-300,,,,,tini,,, siemens s7-300,,,,,TINI,,, siemens s7-300,,,,,tivonpw,,, siemens s7-300,,,,,TIVONPW,,, siemens s7-300,,,,,tjm,,, siemens s7-300,,,,,TJM,,, siemens s7-300,,,,,tlah,,, siemens s7-300,,,,,TLAH,,, siemens s7-300,,,,,toolset,,, siemens s7-300,,,,,TOOLSET,,, siemens s7-300,,,,,trancell,,, siemens s7-300,,,,,TRANCELL,,, siemens s7-300,,,,,tratata,,, siemens s7-300,,,,,TRATATA,,, siemens s7-300,,,,,tslinux,,, siemens s7-300,,,,,TSLINUX,,, siemens s7-300,,,,,tt,,, siemens s7-300,,,,,TT,,, siemens s7-300,,,,,ttt,,, siemens s7-300,,,,,TTT,,, siemens s7-300,,,,,tttt,,, siemens s7-300,,,,,TTTT,,, siemens s7-300,,,,,ttttt,,, siemens s7-300,,,,,TTTTT,,, siemens s7-300,,,,,tttttt,,, siemens s7-300,,,,,TTTTTT,,, siemens s7-300,,,,,ttttttt,,, siemens s7-300,,,,,TTTTTTT,,, siemens s7-300,,,,,tttttttt,,, siemens s7-300,,,,,TTTTTTTT,,, siemens s7-300,,,,,tuborg,,, siemens s7-300,,,,,TUBORG,,, siemens s7-300,,,,,tuxalize,,, siemens s7-300,,,,,TUXALIZE,,, siemens s7-300,,,,,tx100,,, siemens s7-300,,,,,TX100,,, siemens s7-300,,,,,u,,, siemens s7-300,,,,,U,,, siemens s7-300,,,,,uplink,,, siemens s7-300,,,,,UPLINK,,, siemens s7-300,,,,,user,,, siemens s7-300,,,,,USER,,, siemens s7-300,,,,,uu,,, siemens s7-300,,,,,UU,,, siemens s7-300,,,,,uuu,,, siemens s7-300,,,,,UUU,,, siemens s7-300,,,,,uuuu,,, siemens s7-300,,,,,UUUU,,, siemens s7-300,,,,,uuuuu,,, siemens s7-300,,,,,UUUUU,,, siemens s7-300,,,,,uuuuuu,,, siemens s7-300,,,,,UUUUUU,,, siemens s7-300,,,,,uuuuuuu,,, siemens s7-300,,,,,UUUUUUU,,, siemens s7-300,,,,,uuuuuuuu,,, siemens s7-300,,,,,UUUUUUUU,,, siemens s7-300,,,,,v,,, siemens s7-300,,,,,V,,, siemens s7-300,,,,,vesoft,,, siemens s7-300,,,,,VESOFT,,, siemens s7-300,,,,,visual,,, siemens s7-300,,,,,VISUAL,,, siemens s7-300,,,,,vjqgfhjkm,,, siemens s7-300,,,,,VJQGFHJKM,,, siemens s7-300,,,,,vodka,,, siemens s7-300,,,,,VODKA,,, siemens s7-300,,,,,volition,,, siemens s7-300,,,,,VOLITION,,, siemens s7-300,,,,,vv,,, siemens s7-300,,,,,VV,,, siemens s7-300,,,,,vvv,,, siemens s7-300,,,,,VVV,,, siemens s7-300,,,,,vvvv,,, siemens s7-300,,,,,VVVV,,, siemens s7-300,,,,,vvvvv,,, siemens s7-300,,,,,VVVVV,,, siemens s7-300,,,,,vvvvvv,,, siemens s7-300,,,,,VVVVVV,,, siemens s7-300,,,,,vvvvvvv,,, siemens s7-300,,,,,VVVVVVV,,, siemens s7-300,,,,,vvvvvvvv,,, siemens s7-300,,,,,VVVVVVVV,,, siemens s7-300,,,,,w,,, siemens s7-300,,,,,W,,, siemens s7-300,,,,,W9F3,,, siemens s7-300,,,,,webadmin,,, siemens s7-300,,,,,WEBADMIN,,, siemens s7-300,,,,,win,,, siemens s7-300,,,,,WIN,,, siemens s7-300,,,,,wincc,,, siemens s7-300,,,,,WINCC,,, siemens s7-300,,,,,winterm,,, siemens s7-300,,,,,WINTERM,,, siemens s7-300,,,,,Wireless,,, siemens s7-300,,,,,WIRELESS,,, siemens s7-300,,,,,wizard,,, siemens s7-300,,,,,WIZARD,,, siemens s7-300,,,,,wlsedb,,, siemens s7-300,,,,,WLSEDB,,, siemens s7-300,,,,,wolf,,, siemens s7-300,,,,,WONF,,, siemens s7-300,,,,,ww,,, siemens s7-300,,,,,WW,,, siemens s7-300,,,,,www,,, siemens s7-300,,,,,WWW,,, siemens s7-300,,,,,wwww,,, siemens s7-300,,,,,WWWW,,, siemens s7-300,,,,,wwwww,,, siemens s7-300,,,,,WWWWW,,, siemens s7-300,,,,,wwwwww,,, siemens s7-300,,,,,WWWWWW,,, siemens s7-300,,,,,wwwwwww,,, siemens s7-300,,,,,WWWWWWW,,, siemens s7-300,,,,,wwwwwwww,,, siemens s7-300,,,,,WWWWWWWW,,, siemens s7-300,,,,,wyse,,, siemens s7-300,,,,,WYSE,,, siemens s7-300,,,,,x,,, siemens s7-300,,,,,X,,, siemens s7-300,,,,,x40rocks,,, siemens s7-300,,,,,X40ROCKS,,, siemens s7-300,,,,,x-admin,,, siemens s7-300,,,,,X-ADMIN,,, siemens s7-300,,,,,xbox,,, siemens s7-300,,,,,XBOX,,, siemens s7-300,,,,,xlserver,,, siemens s7-300,,,,,XLSERVER,,, siemens s7-300,,,,,xx,,, siemens s7-300,,,,,XX,,, siemens s7-300,,,,,xxx,,, siemens s7-300,,,,,XXX,,, siemens s7-300,,,,,xxxx,,, siemens s7-300,,,,,XXXX,,, siemens s7-300,,,,,xxxxx,,, siemens s7-300,,,,,XXXXX,,, siemens s7-300,,,,,xxxxxx,,, siemens s7-300,,,,,XXXXXX,,, siemens s7-300,,,,,xxxxxxx,,, siemens s7-300,,,,,XXXXXXX,,, siemens s7-300,,,,,xxxxxxxx,,, siemens s7-300,,,,,XXXXXXXX,,, siemens s7-300,,,,,xxyyzz,,, siemens s7-300,,,,,XXYYZZ,,, siemens s7-300,,,,,y,,, siemens s7-300,,,,,Y,,, siemens s7-300,,,,,yxcv,,, siemens s7-300,,,,,YXCV,,, siemens s7-300,,,,,yy,,, siemens s7-300,,,,,YY,,, siemens s7-300,,,,,yyy,,, siemens s7-300,,,,,YYY,,, siemens s7-300,,,,,yyyy,,, siemens s7-300,,,,,YYYY,,, siemens s7-300,,,,,yyyyy,,, siemens s7-300,,,,,YYYYY,,, siemens s7-300,,,,,yyyyyy,,, siemens s7-300,,,,,YYYYYY,,, siemens s7-300,,,,,yyyyyyy,,, siemens s7-300,,,,,YYYYYYY,,, siemens s7-300,,,,,yyyyyyyy,,, siemens s7-300,,,,,YYYYYYYY,,, siemens s7-300,,,,,z,,, siemens s7-300,,,,,Z,,, siemens s7-300,,,,,z0ne,,, siemens s7-300,,,,,Z0NE,,, siemens s7-300,,,,,zettler,,, siemens s7-300,,,,,ZETTLER,,, siemens s7-300,,,,,zippo,,, siemens s7-300,,,,,ZIPPO,,, siemens s7-300,,,,,zone,,, siemens s7-300,,,,,ZONE,,, siemens s7-300,,,,,zoomadsl,,, siemens s7-300,,,,,ZOOMADSL,,, siemens s7-300,,,,,zorro,,, siemens s7-300,,,,,ZORRO,,, siemens s7-300,,,,,zorromen,,, siemens s7-300,,,,,ZORROMEN,,, siemens s7-300,,,,,zxc,,, siemens s7-300,,,,,ZXC,,, siemens s7-300,,,,,zxcv,,, siemens s7-300,,,,,ZXCV,,, siemens s7-300,,,,,zxcvb,,, siemens s7-300,,,,,ZXCVB,,, siemens s7-300,,,,,zxcvbn,,, siemens s7-300,,,,,ZXCVBN,,, siemens s7-300,,,,,zxcvbnm,,, siemens s7-300,,,,,ZXCVBNM,,, siemens s7-300,,,,,zxcvbnm,,,, siemens s7-300,,,,,ZXCVBNM,,,, siemens s7-300,,,,,zz,,, siemens s7-300,,,,,ZZ,,, siemens s7-300,,,,,zzz,,, siemens s7-300,,,,,ZZZ,,, siemens s7-300,,,,,zzzz,,, siemens s7-300,,,,,ZZZZ,,, siemens s7-300,,,,,zzzzz,,, siemens s7-300,,,,,ZZZZZ,,, siemens s7-300,,,,,zzzzzz,,, siemens s7-300,,,,,ZZZZZZ,,, siemens s7-300,,,,,zzzzzzz,,, siemens s7-300,,,,,ZZZZZZZ,,, siemens s7-300,,,,,zzzzzzzz,,, siemens s7-300,,,,,ZZZZZZZZ,,, hydra-8.1/dpl4hydra_local.csv0000644000175000010010000136102712441064454014661 0ustar marcNone2wire,Wireless Routers (most models),,http,,Wireless,Admin,, 360systems,Image Server 2000,,,factory,factory,,, 3com,,,,adm,,,, 3com,,,,admin,synnet,,, 3com,,,,manager,manager,,, 3com,,,,monitor,monitor,,, 3com,,,,read,synnet,,, 3com,,,,root,letmein,,1.25, 3com,,,,security,security,,, 3com,,,,write,synnet,,, 3com,3C16405,,,admin,,,, 3com,3C16405,,Console,Administrator,,Admin,, 3com,3C16405,,Multi,,,Admin,, 3com,3C16405,,Multi,admin,,Admin,, 3com,3C16406,,,admin,,,, 3com,3C16406,,Multi,admin,,Admin,telnet or serial, 3com,3C16450,,,admin,,,, 3com,3C16450,,Multi,admin,,Admin,telnet or serial, 3com,3CRADSL72 ,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, 3com,3CRWE52196,,,,admin,,, 3com,3Com SuperStack 3 Switch 3300XM,,,security,security,,, 3com,3Com SuperStack 3 Switch 3300XM,,Admin,security,security,,, 3com,3c16405,,,,,,, 3com,3c16405,,,Administrator,,,, 3com,812,,HTTP,Administrator,admin,Admin,, 3com,AirConnect AP,,,,comcomcom,,, 3com,AirConnect Access Point,,01.50-01,,,,, 3com,AirConnect Access Point,,Admin,,,,, 3com,AirConnect Access Point,,SNMP,,comcomcom,,, 3com,AirConnect Access Point,01.50-01,Multi,,,Admin,, 3com,Boson router simulator,3.66,HTTP,admin,admin,User,, 3com,CB9000 / 4007,3,Console,Type User: FORCE,,Admin,This will recover a lost password and reset the switch config to Factory Default, 3com,Cable Managment System SQL Database (DOSCIC DHCP),,,DOCSIS_APP,3com,,Win2000 & MS, 3com,CellPlex,,,admin,synnet,,, 3com,CellPlex,,7000,,,,, 3com,CellPlex,,7000,admin,admin,,, 3com,CellPlex,,7000,root,,,, 3com,CellPlex,,7000,tech,tech,,, 3com,CellPlex,,Admin,admin,synnet,,, 3com,CellPlex,,Admin,tech,tech,,, 3com,CellPlex,,HTTP,admin,synnet,Admin,, 3com,CellPlex,,Multi,,,Admin,, 3com,CellPlex,,Multi,admin,admin,Admin,, 3com,CellPlex,7000,Multi,admin,admin,Admin,RS-232/telnet, 3com,CellPlex,7000,Telnet,admin,admin,Admin,, 3com,CellPlex,7000,Telnet,operator,,Admin,, 3com,CellPlex,7000,Telnet,root,,Admin,, 3com,CellPlex,7000,Telnet,tech,,Admin,, 3com,CellPlex,7000,Telnet,tech,tech,Admin,, 3com,CoreBuilder 6000,,,debug,tech,,, 3com,CoreBuilder,,,debug,synnet,,, 3com,CoreBuilder,,,tech,tech,,, 3com,CoreBuilder,,7000/6000/3500/2500,debug,synnet,,, 3com,CoreBuilder,,7000/6000/3500/2500,tech,tech,,, 3com,CoreBuilder,7000/6000/3500/2500,Telnet,,,Admin,, 3com,CoreBuilder,7000/6000/3500/2500,Telnet,,admin,Admin,, 3com,CoreBuilder,7000/6000/3500/2500,Telnet,debug,synnet,,, 3com,CoreBuilder,7000/6000/3500/2500,Telnet,tech,tech,,, 3com,HiPerACT,,v4.1.x,admin,,,, 3com,HiPerARC,,Admin,adm,,,, 3com,HiPerARC,,v4.1.x,adm,,,, 3com,HiPerARC,v4.1.x,Telnet,adm,,,, 3com,HiPerARC,v4.1.x,Telnet,adm,,Admin,, 3com,HiPerARC,v4.1.x,Telnet,admin,,Admin,, 3com,Home Connect,,,User,Password,,, 3com,Internet Firewall,3C16770,HTTP,admin,password,Admin,, 3com,LANplex,,,debug,synnet,,, 3com,LANplex,,,tech,tech,,, 3com,LANplex,,2500,debug,synnet,,, 3com,LANplex,,2500,tech,,,, 3com,LANplex,,Admin,tech,,,, 3com,LANplex,2500,Telnet,debug,synnet,,, 3com,LANplex,2500,Telnet,tech,,Admin,, 3com,LANplex,2500,Telnet,tech,tech,,, 3com,LANplex/Corebuilder line,multiple models,,debug,synnet,,, 3com,LinkBuilder,,,,,,, 3com,LinkBuilder,,Admin,,,,, 3com,LinkBuilder,,Telnet,,,Admin,, 3com,LinkSwitch and CellPlex,,,debug,synnet,,, 3com,LinkSwitch and CellPlex,,,tech,tech,,, 3com,LinkSwitch,,,tech,tech,,, 3com,LinkSwitch,,2000/2700,tech,tech,,, 3com,LinkSwitch,2000/2700,Telnet,tech,tech,,, 3com,LinkSwitch,2700,,debug,synnet,,, 3com,Linkbuilder 3500,,,administer,administer,,, 3com,NAC (Network Access Card),,,adm,,,, 3com,NBX100,,,administrator,0,,2.8, 3com,NetBuilder,,,,ANYCOM,,, 3com,NetBuilder,,,,admin,,, 3com,NetBuilder,,SNMP,,ANYCOM,snmp-read,, 3com,NetBuilder,,SNMP,,ILMI,snmp-read,, 3com,NetBuilder,,SNMP,,admin,User,SNMP_READ, 3com,NetBuilder,,User,,admin,,, 3com,NetBuilder,,snmp-read,,ANYCOM,,, 3com,NetBuilder,,snmp-read,,ILMI,,, 3com,Netbuilder,,,Root,,,, 3com,Netbuilder,,,admin,,,, 3com,Netbuilder,,HTTP,Root,,Admin,http://10.1.0.1, 3com,Netbuilder,,Multi,admin,,Admin,, 3com,Office Connect ISDN Routers,,5x0,,PASSWORD,,, 3com,Office Connect ISDN Routers,,Admin,,PASSWORD,,, 3com,OfficeConnect 812 ADSL,,,adminttd,adminttd,,, 3com,OfficeConnect 812 ADSL,,01.50-01,admin,,,, 3com,OfficeConnect 812 ADSL,,Admin,admint|,admint|,,, 3com,OfficeConnect 812 ADSL,,Multi,adminttd,adminttd,Admin,, 3com,OfficeConnect 812 ADSL,01.50-01,Multi,admin,,Admin,, 3com,OfficeConnect ADSL Wireless 11g Firewall Router,3CRWDR100-72,HTTP,,admin,Admin,http://192.168.1.1, 3com,OfficeConnect ISDN Routers,5x0,Telnet,,PASSWORD,Admin,, 3com,OfficeConnect Remote 812,,,root,!root,,, 3com,OfficeConnect Remote 840,,,root,!root,,, 3com,OfficeConnect Remote Router,,812 ADSL 840 SDSL,root,!root,,, 3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,,,admin,,, 3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,HTTP,,admin,Admin,, 3com,OfficeConnect,,Multi,,,Admin,, 3com,OfficeConnect,11g,Multi,admin,,User,, 3com,Router,3000/5000 Series,Boot Prompt,,,Admin,, 3com,SS III Switch,,4xxx (4900 - sure),recovery,recovery,,, 3com,Shark Fin,Comcast-supplied,HTTP,User,Password,Diagnostics page,192.160.100.1, 3com,SuperStack 2700,,,tech,tech,,, 3com,SuperStack 3,,4400-49XX,manager,manager,,, 3com,SuperStack 3,,4XXX,admin,,,, 3com,SuperStack 3,,4XXX,monitor,monitor,,, 3com,SuperStack II Dual Speed 500,,,security,security,,, 3com,SuperStack II Netbuilder,11.1,Multi,,,Admin,, 3com,SuperStack II Switch 1100,,,manager,manager,,, 3com,SuperStack II Switch 1100,,,security,security,,, 3com,SuperStack II Switch 3300,,,manager,manager,,, 3com,SuperStack II Switch,,,debug,synnet,,, 3com,SuperStack II Switch,,,manager,manager,,Any, 3com,SuperStack II Switch,,,monitor,monitor,,Any, 3com,SuperStack II Switch,,,tech,password,,Any, 3com,SuperStack II Switch,,1100/3300,admin,,,, 3com,SuperStack II Switch,,1100/3300,manager,manager,,, 3com,SuperStack II Switch,,1100/3300,monitor,monitor,,, 3com,SuperStack II Switch,,1100/3300,security,security,,, 3com,SuperStack II Switch,,2200,debug,synnet,,, 3com,SuperStack II Switch,,2700,tech,tech,,, 3com,SuperStack II Switch,,Admin,tech,tech,,, 3com,SuperStack II Switch,1100/3300,Console,3comcso,RIP000,initialize,resets all pws to defaults, 3com,SuperStack II Switch,2200,Telnet,debug,synnet,,, 3com,SuperStack II Switch,2700,Telnet,tech,tech,Admin,, 3com,SuperStack II,,Console,,,Admin,, 3com,SuperStack III Switch,3300XM,Multi,security,security,Admin,, 3com,SuperStack III Switch,4400-49XX,Multi,manager,manager,User can access/change operational setting but not security settings,, 3com,SuperStack III Switch,4XXX,Multi,admin,,Admin,, 3com,SuperStack III Switch,4XXX,Multi,monitor,monitor,User,, 3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_ , 3com,SuperStack III Switch,4xxx (4900 - sure),console,recover,recover,Admin,, 3com,Superstack 3 switch,,4900,recover,recover,,, 3com,Switch 3000/3300,,,Admin,3com,,, 3com,Switch 3000/3300,,,admin,admin,,, 3com,Switch 3000/3300,,,manager,manager,,, 3com,Switch 3000/3300,,,monitor,monitor,,, 3com,Switch 3000/3300,,,security,security,,, 3com,Switch,,3300XM,admin,admin,,, 3com,Switch,3300XM,Multi,admin,admin,Admin,, 3com,US Robotics ADSL Router,,8550,,12345,,, 3com,Wireless AP,,,,comcomcom,,, 3com,Wireless AP,,ANY,admin,comcomcom,,, 3com,Wireless AP,,Admin,admin,comcomcom,,, 3com,Wireless AP,ANY,Multi,admin,comcomcom,Admin,Works on all 3com wireless APs, 3com,boson router simulator,,User,admin,admin,,, 3com,cellplex,,,,,,, 3com,cellplex,,7000,operator,,,, 3com,cellplex,,Admin,admin,admin,,, 3com,corebuilder,,7000,operator,admin,,, 3com,e960,3CRWDR100-72,Admin,Admin,Admin,HTTP,http://192.168.1.1, 3com,hub,,,,,,, 3com,hub,,Admin,,,,, 3com,hub,,Multi,,,Admin,, 3com,router,,,,,,, 3com,router,,Admin,,,,, 3com,super stack 2 switch,,,manager,manager,,, 3com,super stack II,,,,,,, 3com,super stack II,,Admin,,,,, 3com,super,,,admin,,,, 3com,superstack II,,1100/3300,3comcso,RIP000,,, 3com,superstack II,,initialize,3comcso,RIP000,,, 3m,VOL-0215 etc.,,,volition,volition,,, 3m,VOL-0215 etc.,,Admin,volition,volition,,, 3m,VOL-0215 etc.,,SNMP,volition,volition,Admin,Volition fiber switches, 3ware,3DM,,HTTP,Administrator,3ware,Admin,, acc,Any router,,,netman,netman,,all, acc,Congo/Amazon/Tigris,,,netman,netman,,All versions, acc,Tigris Platform,All,Multi,public,,Guest,, accelerated networks,DSL CPE and DSLAM,,,sysadm,anicust,,, acceleratednetworks,DSL CPE and DSLAM,,Telnet,sysadm,anicust,,, accton t_online,accton,,,,0,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,admin,,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,manager,manager,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,monitor,monitor,,, accton,T-ONLINE,,aaaaaaa,,0,,, accton,Wireless Router,T-online,HTTP,,0,Admin,, accton,Wireless Router,T-online,HTTP,,0000,Admin,, accton,Wirelessrouter,,T-online,,0,,, aceex,Modem ADSL Router,,,admin,,,, aceex,Modem ADSL Router,,HTTP,admin,,Admin,, acer,517te,,,,,,, acer,BIOS,,,,,,, acer,BIOS,,Console,,,Admin,, acer,Phoenix,,,,,,, acer,acer,,,acer,acer,,, acorp,all routers,,http,Admin,Admin,,, actiontec,,,192.168.1.1,admin,password1,Admin,This the password commonly set by VZ Techs., actiontec,GE344000-01 Router,,,,,,, actiontec,GT701-GW,,Multi,admin,admin,,, actiontec,GT701-WG,,192.168.1.1,admin,password,,, actiontec,GT701-WG,,HTTP,admin,password,192.168.1.1,, actiontec,gt701,,http://192.168.0.1,admin,,,, actiontec,gt701-gw,,,admin,admin,,, adaptec,RAID Controller,,,Administrator,adaptec,,, adaptecraid,Storage Manager Pro,,,Administrator,adaptec,,All, adc kentrox,Pacesetter Router,,,,secret,,, adckentrox,Pacesetter Router,,Telnet,,secret,,, adcompletecom,Ban Man Pro,,,Admin1,Admin1,,, adic,24,,HTTP,admin,password,,, adic,Scalar 100/1000,,HTTP,admin,secure,Admin,, adic,Scalar i2000,,Multi,admin,password,Admin,, adp,ADP Payroll Database,,,sys,adpadmin,,, adp,ADP Payroll HR database,,Admin,sysadmin,master,,, adp,ADP Payroll HR database,,All,sysadmin,master,,, adp,ADP Payroll HR database,All,Multi,sysadmin,master,Admin,, adtech,AX4000,,,root,ax400,,, adtech,AX4000,,,root,ax400,Admin,, adtran,Agent Card,,,,ADTRAN,,, adtran,Agent Card,,Telnet,,ADTRAN,Admin,ctrl-PTT, adtran,Atlas 800/800Plus/810Plus/550,,,,Password,,, adtran,Atlas 800/800Plus/810Plus/550,,Telnet,,Password,Admin,crtl-L, adtran,Express 5110/5200/5210,,,,adtran,,, adtran,Express 5110/5200/5210,,Telnet,,adtran,Admin,hit enter a few times, adtran,MX2800,,,,adtran,,, adtran,MX2800,,Telnet,,adtran,Admin,hit enter a few times, adtran,NetVanta 7100,,,admin,password,,, adtran,NetVanta 7100,,Multi,admin,password,,, adtran,NxIQ,,,,adtran,,, adtran,NxIQ,,Telnet,,adtran,Admin,hit enter a few times, adtran,Smart 16/16e,,,,PASSWORD,,, adtran,Smart 16/16e,,Telnet,,,Admin,hit enter a few times, adtran,Smart 16/16e,,Telnet,,PASSWORD,Admin,hit enter a few times, adtran,T3SU 300,,,,adtran,,, adtran,T3SU 300,,Telnet,,adtran,Admin,Hit enter a few times, adtran,TSU IQ/DSU IQ,,,,,,, adtran,TSU IQ/DSU IQ,,Telnet,,,Admin,hit enter a few times, adtran,TSU Router Module/L128/L768/1.5,,,,,,, adtran,TSU Router Module/L128/L768/1.5,,Telnet,,,Admin,hit enter a few times, advanced integration,PC BIOS,,,,Advance,,, advanced integration,PC BIOS,,Admin,,Advance,,, advancedintegration,PC BIOS,,Console,,Advance,Admin,, advanteknetworks,Wireless LAN 802.11 g/b,,Multi,admin,,Admin,, aethra,Starbridge EU,,HTTP,admin,password,Admin,, airlink plus,RTW026,,V0.80.0010 (firmware),,admin,,, aironet,(All),,,,,,, aironet,all products,all vers,,,,,, airway,Transport,,,,0000,admin,, aladdin,eSafe Appliance,,,root,kn1TG7psLu,,, aladdin,eSafe Appliance,,Console/SSH,root,kn1TG7psLu,root,, alcatel thomson,SpeedTouch580,,,admin,admin,,, alcatel,4400,,Console,mtcl,,User,, alcatel,4400,,Superuser,superuser,superuser,,, alcatel,6224-24p,,console,admin,switch,,, alcatel,OS6850-24p,,console,admin,switch,,, alcatel,OXO,1.3,Multi,,admin,User,, alcatel,Office 4200,,,,1064,,, alcatel,Office 4200,,Admin,,1064,,, alcatel,Office 4200,,Multi,,1064,Admin,, alcatel,OmniPCX Office,,Admin,ftp_admi,kilo1987,,, alcatel,OmniPCX Office,,Installer,ftp_inst,pbxk1064,,, alcatel,OmniPCX Office,,NMC,ftp_nmc,tuxalize,,, alcatel,OmniPCX Office,,Operator,ftp_oper,help1954,,, alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,Admin,, alcatel,OmniPCX Office,4.1,FTP,ftp_inst,pbxk1064,Installer,, alcatel,OmniPCX Office,4.1,FTP,ftp_nmc,tuxalize,NMC,, alcatel,OmniPCX Office,4.1,FTP,ftp_oper,help1954,Operator,, alcatel,OmniPCX Office,4.1,Multi,ftp_admi,kilo1987,Admin,, alcatel,OmniPCX Office,4.1,Other,ftp_inst,pbxk1064,Installer,, alcatel,OmniPCX Office,4.1,Other,ftp_nmc,tuxalize,NMC,, alcatel,OmniPCX Office,4.1,Other,ftp_oper,help1954,Operator,, alcatel,OmniPCX,4.1 and above,Voicemail (User),,1515,,, alcatel,OmniStack 6024,,,admin,switch,,, alcatel,OmniStack 6024,,Admin,admin,switch,,, alcatel,OmniStack 6024,,Telnet,admin,switch,Admin,, alcatel,OmniStack/OmniSwitch,,Telnet,diag,switch,Admin,, alcatel,OmniStack/OmniSwitch,,Telnet/Console,diag,switch,Admin,, alcatel,Omnistack/Omniswitch,,,diag,switch,,, alcatel,PBX,,4400,adfexc,adfexc,,, alcatel,PBX,,4400,at4400,at4400,,, alcatel,PBX,,4400,client,client,,, alcatel,PBX,,4400,dhs3mt,dhs3mt,,, alcatel,PBX,,4400,dhs3pms,dhs3pms,,, alcatel,PBX,,4400,halt,tlah,,, alcatel,PBX,,4400,install,llatsni,,, alcatel,PBX,,4400,kermit,kermit,,, alcatel,PBX,,4400,mtch,mtch,,, alcatel,PBX,,4400,mtcl,mtcl,,, alcatel,PBX,,4400,root,letacla,,, alcatel,PBX,,unknown,adfexc,adfexc,,, alcatel,PBX,,unknown,at4400,at4400,,, alcatel,PBX,,unknown,client,client,,, alcatel,PBX,,unknown,dhs3mt,dhs3mt,,, alcatel,PBX,,unknown,dhs3pms,dhs3pms,,, alcatel,PBX,,unknown,halt,tlah,,, alcatel,PBX,,unknown,install,llatsni,,, alcatel,PBX,,unknown,kermit,kermit,,, alcatel,PBX,,unknown,mtch,mtch,,, alcatel,PBX,,unknown,mtcl,mtcl,,, alcatel,PBX,,unknown,root,letacla,,, alcatel,PBX,4400,Port 2533,adfexc,adfexc,unknown,, alcatel,PBX,4400,Port 2533,at4400,at4400,unknown,, alcatel,PBX,4400,Port 2533,client,client,unknown,, alcatel,PBX,4400,Port 2533,dhs3mt,dhs3mt,unknown,, alcatel,PBX,4400,Port 2533,dhs3pms,dhs3pms,unknown,, alcatel,PBX,4400,Port 2533,halt,tlah,shutdown,, alcatel,PBX,4400,Port 2533,install,llatsni,unknown,, alcatel,PBX,4400,Port 2533,kermit,kermit,unknown,, alcatel,PBX,4400,Port 2533,mtch,mtch,unknown,, alcatel,PBX,4400,Port 2533,mtcl,mtcl,unknown,, alcatel,PBX,4400,Port 2533,root,letacla,unknown,, alcatel,SpeedTouch 510,,HTTP/Telnet,,,,Default IP 192.168.1.254/24, alcatel,SpeedTouch 580,4.3.19,HTTP,admin,admin,,, alcatel,Speedtouch,,500 series,,,,, alcatel,Timestep VPN 1520,3.00.026,Permit config and console,root,permit,Admin,Perm/Config port 38036, alcatel,Timestep VPN Gateway 15xx/45xx/7xxx,,,root,permit,,Any, allan,ass,,tool,tool,face,,, allied telesyn,8326G,,,,,,, allied telesyn,AT-8024(GB),,,,admin,,, allied telesyn,AT-8024(GB),,,manager,admin,,, allied telesyn,AT-8024(GB),,any,,admin,,, allied telesyn,All,,Admin,manager,friend,,, allied telesyn,All,,All,manager,friend,,, allied telesyn,Generic Switch/Router,,,manager,friend,,, allied telesyn,Generic Switch/Router,,Admin,manager,friend,,, allied telesyn,Rapier G6 Switch,,,,manager,,, allied telesyn,Switch,,AT-8124XL 1.0.3,admin,,,, allied telesyn,Switch,,Admin,admin,,,, allied,CJ8MO E-U,,,,,,, allied,CJ8MO E-U,,Admin,,,,, allied,CJ8MO E-U,,Telnet,,,Admin,, allied,Telesyn,,,manager,friend,,, allied,Telesyn,,,secoff,secoff,,, allied,Telesyn,,Admin,manager,friend,,, allied,Telesyn,,Admin,secoff,secoff,,, allied-telesyn,AT-8550GB,,,manager,friend,,, allied-telesyn,AT-RG613LH,,,manager,friend,,, alliedtelesyn,ALAT8326GB,,Multi,manager,manager,Admin,, alliedtelesyn,AT Router,,HTTP,root,,Admin,, alliedtelesyn,AT-8024(GB),,Console,,admin,Admin,, alliedtelesyn,AT-8024(GB),,HTTP,manager,admin,Admin,, alliedtelesyn,AT-8550GB,,Telnet,manager,friend,,, alliedtelesyn,AT-AR130 (U) -10,,HTTP,Manager,friend,Admin,Default IP is 192.168.242.242, alliedtelesyn,AT-AR750S,,,manager,friend,,, alliedtelesyn,AT-RG613LH,2-3_59,Telnet,manager,friend,,, alliedtelesyn,AT8000S/24,v1.1.0.32,serial console,manager,friend,admin,, alliedtelesyn,AT8016F,,Console,manager,friend,Admin,, alliedtelesyn,All Routers,,,Manager,Friend,,Any, alliedtelesyn,All,All,Telnet,manager,friend,Admin,, alliedtelesyn,Allied Telesyn,AR410,,Administrator,admin,,, alliedtelesyn,Generic Switch/Router,,Multi,manager,friend,Admin,, alliedtelesyn,R130,,,Manager,friend,,, alliedtelesyn,Rapier G6 Switch,,,manager,friend,,, alliedtelesyn,Switch,AT-8124XL 1.0.3,Multi,admin,,Admin,, alliedtelesyn,Various,,Multi,manager,friend,Admin,, alliedtelesyn,Various,,Multi,secoff,secoff,Admin,, alliedtelesyn,at-img634w,a+,multi,manager,friend,,, alliedtelesyn,windows xp, AR410,http://192.168.1.174,admin,admin,user,HACK, allnet,ALL0275 802.11g AP,,1.0.6,,admin,,, allnet,ALL0275 802.11g AP,1.0.6,HTTP,,admin,Admin,, allnet,ALL129DSL,,,admin,admin,,, allnet,ALL129DSL,,,admin,admin,Administrator,Likely the default on all routers, allnet,T-DSL Modem,,Software Version: v1.51,admin,admin,,, allnet,T-DSL Modem,Software Version: v1.51 ,HTTP,admin,admin,Admin,, allot,Netenforcer,,,admin,allot,,, allot,Netenforcer,,,admin,allot,Admin,, allot,Netenforcer,,,root,bagabu,,, allot,Netenforcer,,,root,bagabu,Admin,, alteon,ACEDirector3,,,admin,,,, alteon,ACEDirector3,,console,admin,,,, alteon,ACEswitch 180e (telnet),,,admin,blank,,, alteon,ACEswitch,,,admin,,,, alteon,ACEswitch,,180e,admin,,,, alteon,ACEswitch,,Admin,admin,admin,,, alteon,ACEswitch,,Admin,admin,linga,,, alteon,ACEswitch,180e,HTTP,admin,admin,Admin,, alteon,ACEswitch,180e,HTTP,admin,linga,Admin,, alteon,AD4,9,Console,admin,admin,Admin,Factory default, alteon,All hardware releases,,,,admin,,Web OS 5.2, ambit,,,,admin,cableroot,root,, ambit,ADSL,,,root,,,, ambit,ADSL,,Admin,root,,,, ambit,ADSL,,Telnet,root,,Admin,, ambit,Cable Modem 60678eu,,1.12,root,root,,, ambit,Cable Modem 60678eu,1.12,Multi,root,root,Admin,, ambit,Cable Modem,,,root,root,,, ambit,Cable Modem,,Multi,root,root,Admin,Time Warner Cable issued modem, ambit,Cable Modem,,Multi,user,user,,, ambit,DOCSIS 1.0/1.1/2.0 Compliant,5.66.1011,,user,,user,, ambit,ntl:home 200,2.67.1011,HTTP,root,root,Admin,This is the cable modem supplied by NTL in the UK, ami bios,1999,,AT 49,,,,, ami,PC BIOS,,,,AMI.KEY,,, ami,PC BIOS,,,,AMISETUP,,, ami,PC BIOS,,Admin,,A.M.I,,, ami,PC BIOS,,Admin,,AM,,, ami,PC BIOS,,Admin,,AMI!SW,,, ami,PC BIOS,,Admin,,AMI,,, ami,PC BIOS,,Admin,,AMI.KEY,,, ami,PC BIOS,,Admin,,AMI.KEZ,,, ami,PC BIOS,,Admin,,AMI?SW,,, ami,PC BIOS,,Admin,,AMIAMI,,, ami,PC BIOS,,Admin,,AMIDECOD,,, ami,PC BIOS,,Admin,,AMIPSWD,,, ami,PC BIOS,,Admin,,AMISETUP,,, ami,PC BIOS,,Admin,,AMI_SW,,, ami,PC BIOS,,Admin,,AMI~,,, ami,PC BIOS,,Admin,,BIOSPASS,,, ami,PC BIOS,,Admin,,HEWITT RAND,,, ami,PC BIOS,,Admin,,aammii,,, ami,PC BIOS,,Console,,A.M.I,Admin,, ami,PC BIOS,,Console,,AAAMMMIII,Admin,, ami,PC BIOS,,Console,,AM,Admin,, ami,PC BIOS,,Console,,AMI!SW,Admin,, ami,PC BIOS,,Console,,AMI,Admin,, ami,PC BIOS,,Console,,AMI.KEY,Admin,, ami,PC BIOS,,Console,,AMI.KEZ,Admin,, ami,PC BIOS,,Console,,AMI?SW,Admin,, ami,PC BIOS,,Console,,AMIAMI,Admin,, ami,PC BIOS,,Console,,AMIDECOD,Admin,, ami,PC BIOS,,Console,,AMIPSWD,Admin,, ami,PC BIOS,,Console,,AMISETUP,Admin,, ami,PC BIOS,,Console,,AMI_SW,Admin,, ami,PC BIOS,,Console,,AMI~,Admin,, ami,PC BIOS,,Console,,BIOS,Admin,, ami,PC BIOS,,Console,,BIOSPASS,Admin,, ami,PC BIOS,,Console,,CMOSPWD,Admin,, ami,PC BIOS,,Console,,CONDO,Admin,, ami,PC BIOS,,Console,,HEWITT RAND,Admin,, ami,PC BIOS,,Console,,LKWPETER,Admin,, ami,PC BIOS,,Console,,MI,Admin,, ami,PC BIOS,,Console,,Oder,Admin,, ami,PC BIOS,,Console,,PASSWORD,Admin,, ami,PC BIOS,,Console,,aammii,Admin,, ami,at 49,,,,,,, amigo,ADSL Router,,,admin,epicrouter,,, amitech,wireless router and access point 802.11g 802.11b,any,HTTP,admin,admin,Admin,Web interface is on 192.168.1.254 available on the LAN ports of the AP., amptron,PC BIOS,,,,Polrty,,, amptron,PC BIOS,,Admin,,Polrty,,, amptron,PC BIOS,,Console,,Polrty,Admin,, andover controls,Infinity,,any,acc,acc,,, andovercontrols,Infinity,any,Console,acc,acc,Admin,Building managment system, aoc,zenworks 4.0,,Multi,,admin,Admin,, apache project,,,Apache,jj,,,, apache,TomCat,,HTTP,admin,admin,,, apache,TomCat,,HTTP,admin,tomcat,,, apache,TomCat,,HTTP,role,changethis,,, apache,TomCat,,HTTP,role1,role1,,, apache,TomCat,,HTTP,root,changethis,,, apache,TomCat,,HTTP,root,root,,, apache,TomCat,,HTTP,tomcat,changethis,,, apache,TomCat,,HTTP,tomcat,tomcat,,, apache,Tomcat,,,admin,tomcat,,, apache,Tomcat,,,role,changethis,,, apache,Tomcat,,,role1,role1,,, apache,Tomcat,,,root,changethis,,, apache,Tomcat,,,tomcat,tomcat,,, apache,jboss4,,jmx-console,admin,jboss4,,, apc,9606 Smart Slot,,,,backdoor,,, apc,9606 Smart Slot,,Telnet,,backdoor,Admin,, apc,9606 Smart Slot,AOS 3.2.1 and AOS 3.0.3,Telnet,(any),TENmanUFactOryPOWER,,, apc,AP9606 SmartSlot Web/SNMP Management Card,,AOS 3.2.1 and AOS 3.0.3,(any),TENmanUFactOryPOWER,,, apc,AP9606,,,apc,apc,Admin,, apc,Any,,,apcuser,apc,,, apc,Call-UPS,,AP9608,,serial number of the Call-UPS,,, apc,Call-UPS,AP9608,Console,,(Device Serial Number),Admin,, apc,MasterSwitch,,AP9210,apc,apc,,, apc,MasterSwitch,AP9210,,apc,apc,Admin,, apc,PowerChute Bussiness Edition,,Installed program,Pingo,Ura,Admin access,, apc,Powerchute Plus,,4.x for Netware 3.x/4.x,POWERCHUTE,APC,,, apc,Powerchute Plus,4.x for Netwware 3.x/4.x,Console,POWERCHUTE,APC,Admin,, apc,SNMP Adapter,,2.x,apc,apc,,, apc,SNMP Adapter,2.x,,apc,apc,,, apc,Share-UPS,,AP9207,,serial number of the Share-UPS,,, apc,Share-UPS,AP9207,Console,,(Device Serial Number),Admin,, apc,Smart UPS,,Multi,apc,apc,Admin,, apc,Smartups 3000,,HTTP,apc,apc,Admin,, apc,Smartups 5000,,HTTP,apc,apc,admin,, apc,UPS,,,apc,apc,,, apc,UPS,,Admin,apc,apc,,, apc,UPS,,Telnet,apc,apc,Admin,, apc,UPSes (Web/SNMP Mgmt Card),,HTTP,device,device,Admin,Secondary access account (next to apc/apc), apc,USV Network Management Card,,,,TENmanUFactOryPOWER,,, apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER ,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, apc,Web/SNMP Management Card,,AP9606,apc,apc,,, apple computer,Airport,,,,public,,, apple computer,Network Assistant,,,,xyzzy,,, apple computer,Remote Desktop,,,,xyzzy,,, apple,AirPort Base Station (Graphite),,2,,public,,, apple,AirPort Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, apple,Airport Base Station (Dual Ethernet),,2,,password,,, apple,Airport Base Station (Dual Ethernet),2,Multi,,password,Guest,See Apple article number 106597 for details, apple,Airport Extreme Base Station,,2,,admin,,, apple,Airport Extreme Base Station,2,Multi,,admin,Guest,see Apple article number 107518 for details, apple,Airport,,,,public,,1.1, apple,Airport,,Administrative,admin,public,,, apple,Airport,,Other,admin,public,Administrative,, apple,Airport,5,1.0.09,Multi,root,admin,, apple,Network Assistant,,,None,xyzzy,Admin,3.X, apple,Remote Desktop,,,,xyzzy,Admin,, apple,iPod Touch,,,root/mobile,alpine,,, arcor,Easybox,all,http://192.168.2.1,root,123456,Root,, areca,RAID controllers,,Console,admin,0,Admin,, arescom,modem/router ,10XX,Telnet,,atc123,Admin,, arlotto,SG205,,HTTP,admin,123456,https://192.168.2.1,, arlotto,SG205,,https://192.168.2.1,admin,123456,,, armenia,Forum,,No,admin,admin,,, arrowpoint,Any,,,admin,system,Admin,, arrowpoint,Unknown,,,,,,, arrowpoint,Unknown,,,admin,system,,, arrowpoint,Various,,,,,Admin,, arrowpoint,windows xp,all,192.168.0.1,admin,arrowpoint,,, artem,ComPoint - CPD-XT-b,CPD-XT-b,Telnet,,admin,Admin,, asante,FM2008,,Multi,admin,asante,Admin,, asante,FM2008,,Telnet,superuser,,Admin,, asante,FM2008,01.06,Telnet,superuser,asante,Admin,, asante,IntraStack,,,IntraStack,Asante,,, asante,IntraStack,,Admin,IntraStack,Asante,,, asante,IntraStack,,multi,IntraStack,Asante,Admin,, asante,IntraSwitch,,,IntraSwitch,Asante,,, asante,IntraSwitch,,Admin,IntraSwitch,Asante,,, asante,IntraSwitch,,multi,IntraSwitch,Asante,Admin,, ascend,All TAOS models,,,admin,Ascend,,all, ascend,Router,,,,ascend,,, ascend,Router,,Admin,,ascend,,, ascend,Router,,Telnet,,ascend,Admin,, ascend,Sahara,,,root,ascend,,, ascend,Sahara,,Multi,root,ascend,,, ascend,Yurie,,,readonly,lucenttech2,,, ascend,Yurie,,,readwrite,lucenttech1,,, ascend,Yurie,,Multi,readonly,lucenttech2,,, ascend,Yurie,,Multi,readwrite,lucenttech1,,, ascom,Ascotel PBX,,ALL,,3ascotel,,, ascom,Ascotel PBX,ALL,Multi,,3ascotel,Admin,, asdsa,sadsa,,asdsad,12321,sadsad,,, asmack,router,ar804u,HTTP,admin,epicrouter,Admin,, asmax,AR701u / ASMAX AR6024,,HTTP,admin,epicrouter,Admin,, asmax,AR800C2,,HTTP,admin,epicrouter,Admin,, asmax,Ar-804u,,HTTP,admin,epicrouter,Admin,, aspect,ACD,,6,DTA,TJM,,, aspect,ACD,,6,customer,,,, aspect,ACD,,7,DTA,TJM,,, aspect,ACD,,8,DTA,TJM,,, aspect,ACD,,User,DTA,TJM,,, aspect,ACD,,User,customer,,,, aspect,ACD,6,HTTP,customer,,User,views error logs, aspect,ACD,6,Oracle,DTA,TJM,User,, aspect,ACD,7,Oracle,DTA,TJM,User,, aspect,ACD,8,Oracle,DTA,TJM,User,, ast,PC BIOS,,,,SnuFG5,,, ast,PC BIOS,,Admin,,SnuFG5,,, ast,PC BIOS,,Console,,SnuFG5,Admin,, ast,Powerexec 4/25sl,,Multi,,,Admin,, ast,powerexec 4/25sl,,,,,,, ast,powerexec 4/25sl,,Admin,,,,, asus,6310EV,,,adsl,adsl1234,,, asus,6310EV,,Multi,adsl,adsl1234,,, asus,ACPIBIOS,,,,,,, asus,L3800,,,,,,, asus,P5P800,,Multi,,admin,User,, asus,WL-300,All,HTTP,admin,admin,Admin,, asus,WL-500G Deluxe,,HTTP,admin,admin,Admin,, asus,WL-500G,,HTTP,admin,admin,Admin,, asus,WL-500G,1.7.5.6,HTTP,admin,admin,Admin,, asus,WL-503G,All,HTTP,admin,admin,Admin,, asus,WL-520G,,HTTP,admin,admin,Admin,, asus,WL-HDD2.5,,,admin,admin,Admin,Default IP 192.168.1.220, aszs,graphick,,jkl,Administrator,admin,,, at&,T,,mcp,Console,,,, at&t,3B2 Firmware,,,,mcp,,, atcom,AG-168FC,,http://192.168.1.100,,12345678,Administration,, atlantis,A02-RA141,,Multi,admin,atlantis,Admin,, atlantis,I-Storm Lan Router ADSL ,,Multi,admin,atlantis,Admin,, atlantis,Web Share RB,Web Share RB,http://192.168.1.1,santus,marika,,, att,3B2 Firmware,,Console,,mcp,Admin,, att,EP5962 2-Line Cordless Phone System,,by telephone,,5000,Mailbox access,, att,Starlan SmartHUB,,,N/A,manager,,9.9, attachmate,Attachmate Gateway,,,,PASSWORD,,, attachmate,Attachmate Gateway,,Console,,PASSWORD,Admin,, audioactive,MPEG Realtime Encoders,,,,telos,,, audioactive,MPEG Realtime Encoders,,Telnet,,telos,Admin,, autodesk,Autocad,,,autocad,autocad,,, autodesk,Autocad,,Multi,autocad,autocad,User,, autodesk,Autocad,,User,autocad,autocad,,, avaya,4602 SIP Telephone,1.1.HTTP,admin,barney,,,, avaya,CMS Supervisor,,11,root,cms500,,, avaya,CMS Supervisor,11,Console,root,cms500,Admin,, avaya,Cajun P33x,,Admin,,admin,,, avaya,Cajun P33x,,firmware before 3.11.0,,admin,,, avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,, avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,check the Bugtraq archives for more information, avaya,Cajun Pxxx,,,root,root,,, avaya,Cajun Pxxx,,Admin,root,root,,, avaya,Cajun Pxxx,,Multi,root,root,Admin,, avaya,Cajun,,Admin,,,,, avaya,Cajun,,Developer,diag,danger,,, avaya,Cajun,,Developer,manuf,xxyyzz,,, avaya,Cajun,,P550R P580 P880 and P882,diag,danger,,, avaya,Cajun,,P550R P580 P880 and P882,manuf,xxyyzz,,, avaya,Cajun,,P550R/P580/P880/P882,,,,, avaya,Cajun,P550R P580 P880 and P882,Multi,diag,danger,Developer,, avaya,Cajun,P550R P580 P880 and P882,Multi,manuf,xxyyzz,Developer,, avaya,Cajun,P550R/P580/P880/P882,Telnet,,,Admin,, avaya,Definity,,Admin,craft,,,, avaya,Definity,,G3Si,craft,,,, avaya,Definity,,Multi,dadmin,dadmin01,Admin,, avaya,Definity,G3Si,Multi,craft,,Admin,, avaya,IMD,,,admin,admin123,Admin,, avaya,IP Office,500, 406,Default IP: 192.168.42.1, you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98, Administrator,Admin, avaya,Pxxx,,5.2.14,diag,danger,,, avaya,Pxxx,,5.2.14,manuf,xxyyzz,,, avaya,Pxxx,,Admin,diag,danger,,, avaya,Pxxx,,Admin,manuf,xxyyzz,,, avaya,Pxxx,5.2.14,Multi,diag,danger,Admin,, avaya,Pxxx,5.2.14,Multi,manuf,xxyyzz,Admin,, avaya,Routers,Various,telnet,root,root,Admin,, avaya,definity,,Admin,craft,crftpw,,, avaya,definity,,up to rev. 6,craft,crftpw,,, avaya,definity,up to rev. 6,any,craft,crftpw,Admin,, avaya,g3R,,Admin,root,ROOT500,,, avaya,g3R,,v6,root,ROOT500,,, avaya,g3R,v6,Console,root,ROOT500,Admin,, avaya,g3si,,,,,,, avaya,routers,,,root,root,,, avenger news system (ans),ANS,,,,Administrative,,, avengernewssystem,Avenger News System,,HTTP,,Administrative,,default string: admin:aaLR8vE.jjhss:root@127.0.0.1 pass file is located at ans_data/ans.passwd (relative to ans.pl location), award,6,,,,,,, award,6.00PG,,,,,,, award,BIOS,,,,lkwpeter,,, award,BIOS,,Admin,,lkwpeter,,, award,Bios,,6,,,,, award,PC BIOS,,,,1322222,,, award,PC BIOS,,,,SER,,, award,PC BIOS,,,AWARD_SW,,,, award,PC BIOS,,Admin,,01322222,,, award,PC BIOS,,Admin,,256256,,, award,PC BIOS,,Admin,,?award,,, award,PC BIOS,,Admin,,AWARD_SW,,, award,PC BIOS,,Admin,,BIOS,,, award,PC BIOS,,Admin,,CONCAT,,, award,PC BIOS,,Admin,,CONDO,,, award,PC BIOS,,Admin,,HELGA-S,,, award,PC BIOS,,Admin,,HEWITT RAND,,, award,PC BIOS,,Admin,,HLT,,, award,PC BIOS,,Admin,,PASSWORD,,, award,PC BIOS,,Admin,,SER,,, award,PC BIOS,,Admin,,SKY_FOX,,, award,PC BIOS,,Admin,,SWITCHES_SW,,, award,PC BIOS,,Admin,,SZYX,,, award,PC BIOS,,Admin,,Sxyz,,, award,PC BIOS,,Admin,,TTPTHA,,, award,PC BIOS,,Admin,,TzqF,,, award,PC BIOS,,Admin,,aLLy,,, award,PC BIOS,,Admin,,aPAf,,, award,PC BIOS,,Admin,,admin,,, award,PC BIOS,,Admin,,alfarome,,, award,PC BIOS,,Admin,,award,,, award,PC BIOS,,Admin,,awkward,,, award,PC BIOS,,Admin,,biosstar,,, award,PC BIOS,,Admin,,biostar,,, award,PC BIOS,,Admin,,g6PJ,,, award,PC BIOS,,Admin,,h6BB,,, award,PC BIOS,,Admin,,j09F,,, award,PC BIOS,,Admin,,j256,,, award,PC BIOS,,Admin,,j262,,, award,PC BIOS,,Admin,,j322,,, award,PC BIOS,,Admin,,j64,,, award,PC BIOS,,Admin,,lkw peter,,, award,PC BIOS,,Admin,,lkwpeter,,, award,PC BIOS,,Admin,,setup,,, award,PC BIOS,,Admin,,t0ch20x,,, award,PC BIOS,,Admin,,t0ch88,,, award,PC BIOS,,Admin,,wodj,,, award,PC BIOS,,Admin,,zbaaaca,,, award,PC BIOS,,Console,,(eight spaces),Admin,The password is eight spaces on some versions, award,PC BIOS,,Console,,01322222,Admin,, award,PC BIOS,,Console,,1322222,Admin,, award,PC BIOS,,Console,,256256,Admin,, award,PC BIOS,,Console,,589589,Admin,, award,PC BIOS,,Console,,589721,Admin,, award,PC BIOS,,Console,,595595,Admin,, award,PC BIOS,,Console,,598598,Admin,, award,PC BIOS,,Console,,?award,Admin,, award,PC BIOS,,Console,,ALFAROME,Admin,, award,PC BIOS,,Console,,ALLY,Admin,, award,PC BIOS,,Console,,ALLy,Admin,, award,PC BIOS,,Console,,AWARD PW,Admin,, award,PC BIOS,,Console,,AWARD SW,Admin,, award,PC BIOS,,Console,,AWARD?SW,Admin,, award,PC BIOS,,Console,,AWARD_PW,Admin,, award,PC BIOS,,Console,,AWARD_SW,Admin,, award,PC BIOS,,Console,,AWKWARD,Admin,, award,PC BIOS,,Console,,BIOS,Admin,, award,PC BIOS,,Console,,BIOSTAR,Admin,, award,PC BIOS,,Console,,CONCAT,Admin,, award,PC BIOS,,Console,,CONDO,Admin,, award,PC BIOS,,Console,,Condo,Admin,, award,PC BIOS,,Console,,HELGA-S,Admin,, award,PC BIOS,,Console,,HEWITT RAND,Admin,, award,PC BIOS,,Console,,HLT,Admin,, award,PC BIOS,,Console,,J256,Admin,, award,PC BIOS,,Console,,J262,Admin,, award,PC BIOS,,Console,,KDD,Admin,, award,PC BIOS,,Console,,LKWPETER,Admin,, award,PC BIOS,,Console,,Lkwpeter,Admin,, award,PC BIOS,,Console,,PASSWORD,Admin,, award,PC BIOS,,Console,,PINT,Admin,, award,PC BIOS,,Console,,SER,Admin,, award,PC BIOS,,Console,,SKY_FOX,Admin,, award,PC BIOS,,Console,,SWITCHES_SW,Admin,, award,PC BIOS,,Console,,SW_AWARD,Admin,, award,PC BIOS,,Console,,SXYZ,Admin,, award,PC BIOS,,Console,,SZYX,Admin,, award,PC BIOS,,Console,,Sxyz,Admin,, award,PC BIOS,,Console,,TTPTHA,Admin,, award,PC BIOS,,Console,,TzqF,Admin,, award,PC BIOS,,Console,,ZAAAADA,Admin,, award,PC BIOS,,Console,,ZAAADA,Admin,, award,PC BIOS,,Console,,ZBAAACA,Admin,, award,PC BIOS,,Console,,ZJAAADC,Admin,, award,PC BIOS,,Console,,_award,Admin,, award,PC BIOS,,Console,,aLLY,Admin,, award,PC BIOS,,Console,,aLLy,Admin,, award,PC BIOS,,Console,,aPAf,Admin,, award,PC BIOS,,Console,,admin,Admin,, award,PC BIOS,,Console,,alfarome,Admin,, award,PC BIOS,,Console,,award,Admin,, award,PC BIOS,,Console,,award.sw,Admin,, award,PC BIOS,,Console,,award_?,Admin,, award,PC BIOS,,Console,,award_ps,Admin,, award,PC BIOS,,Console,,awkward,Admin,, award,PC BIOS,,Console,,biosstar,Admin,, award,PC BIOS,,Console,,biostar,Admin,, award,PC BIOS,,Console,,condo,Admin,, award,PC BIOS,,Console,,d8on,Admin,, award,PC BIOS,,Console,,djonet,Admin,, award,PC BIOS,,Console,,efmukl,Admin,, award,PC BIOS,,Console,,g6PJ,Admin,, award,PC BIOS,,Console,,h6BB,Admin,, award,PC BIOS,,Console,,j09F,Admin,, award,PC BIOS,,Console,,j256,Admin,, award,PC BIOS,,Console,,j262,Admin,, award,PC BIOS,,Console,,j322,Admin,, award,PC BIOS,,Console,,j64,Admin,, award,PC BIOS,,Console,,kdd,Admin,, award,PC BIOS,,Console,,lkw peter,Admin,, award,PC BIOS,,Console,,lkwpeter,Admin,, award,PC BIOS,,Console,,lkwpeter,Admin,Note - After 1996-12-19 Award required each OEM to set their own password, award,PC BIOS,,Console,,pint,Admin,, award,PC BIOS,,Console,,setup,Admin,, award,PC BIOS,,Console,,sxyz,Admin,, award,PC BIOS,,Console,,t0ch20x,Admin,, award,PC BIOS,,Console,,t0ch88,Admin,, award,PC BIOS,,Console,,wodj,Admin,, award,PC BIOS,,Console,,zbaaaca,Admin,, award,PC BIOS,,Console,,zjaaadc,Admin,, award,award,,6,,,,, award,bios,,1.0A,,,,, award,bios,,4.6,admin,admin,,, award,v4.51PG,,Admin,,SY_MB,,, award,v4.51PG,,v4.51PG,,SY_MB,,, award,v4.51PG,v4.51PG,Multi,,SY_MB,Admin,, axent,NetProwler manager,,,administrator,admin,,WinNT, axis,200 Network Camera,,,root,pass,,, axis,200 V1.32,,,admin,,,, axis,200+ Network Camera,,,root,pass,,, axis,2100 Network Camera,,,root,pass,,, axis,2110 Network Camera,,,root,pass,,, axis,2120 Network Camera,,,root,pass,,, axis,2420 Network Camera,,,root,pass,,, axis,540 Print Server,,Multi,root,pass,Admin,, axis,540+ Print Server,,Multi,root,pass,Admin,, axis,542 Print Server,,Multi,root,pass,Admin,, axis,All Axis Printserver,All,Multi,root,pass,Admin,, axis,NETCAM,,200/240,root,pass,,, axis,NETCAM,,Admin,root,pass,,, axis,NETCAM,200/240,,root,pass,,, axis,NETCAM,200/240,Telnet,root,pass,Admin,, axis,NPS 530,,,root,pass,,5.02, axis,StorPoint CD100,,,root,pass,,4.28, axis,StorPoint CDE100,,,root,pass,,, axis,StorPoint NAS 100,,,root,pass,,, axis,Webcams,,HTTP,root,pass,Admin,, axus,AXUS YOTTA,,Multi,,0,Admin,Storage DAS SATA to SCSI/FC, axway,synchronization gateway,,,admin,Secret1,Admin,, aztech,DSL-600E,,HTTP,admin,admin,Admin,, aztech,windows xp, all models,38.4.2,192.168.1.1,admin,admin,, backtrack,backtrack 4,,CLI,root,toor,,, barracudanetworks,Barracuda Spam Firewall 300,,http://:8000,admin,admin,full admin access,, barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,admin,adminbn99,full admin access,, barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,guest,bnadmin99,guest access - some information disclosure,, barracudanetworks,Barracuda Spyware Firewall,,http://:8000,admin,admin,full admin access,, bauschdatacom,Proxima PRI ADSL PSTN Router4 Wireless,,Multi,admin,epicrouter,Admin,, bay networks,Router,,,Manager,,,, bay networks,Router,,,User,,,, bay networks,Router,,Admin,Manager,,,, bay networks,Router,,User,User,,,, bay networks,SuperStack II,,,security,security,,, bay networks,SuperStack II,,Admin,security,security,,, bay networks,Switch,,350T,,NetICs,,, bay networks,Switch,,Admin,,NetICs,,, baynetworks,ASN / ARN Routers,,,Manager,Manager,,Any, baynetworks,Accelar 1xxx switches,,,rwa,rwa,,Any, baynetworks,Remote Annex 2000,,,admin,IP address,,Any, baynetworks,Router,,,User,,User,, baynetworks,Router,,Telnet,Manager,,Admin,, baynetworks,Router,,Telnet,User,,User,, baynetworks,SuperStack II,,,security,security,Admin,, baynetworks,SuperStack II,,Telnet,security,security,Admin,, baynetworks,Switch,350T,,,NetICs,Admin,, baynetworks,Switch,350T,Telnet,,NetICs,Admin,, bea,WebLogic Process Integrator,,2.0,admin,security,,, bea,WebLogic Process Integrator,,2.0,joe,password,,, bea,WebLogic Process Integrator,,2.0,mary,password,,, bea,WebLogic Process Integrator,,2.0,system,security,,, bea,WebLogic Process Integrator,,2.0,wlcsystem,wlcsystem,,, bea,WebLogic Process Integrator,,2.0,wlpisystem,wlpisystem,,, bea,WebLogic,,,system,weblogic,,, bea,WebLogic,,Admin,system,weblogic,,, bea,WebLogic,,https,system,weblogic,Admin,, bea,WebLogic,9.0 beta (Diablo),,weblogic,weblogic,,, bea,Weblogic Process Integrator,2.0,,admin,security,,, bea,Weblogic Process Integrator,2.0,,joe,password,,, bea,Weblogic Process Integrator,2.0,,mary,password,,, bea,Weblogic Process Integrator,2.0,,system,security,,, bea,Weblogic Process Integrator,2.0,,wlcsystem,wlcsystem,,, bea,Weblogic Process Integrator,2.0,,wlpisystem,wlpisystem,,, bea,Weblogic,,,system,weblogic,,5.1, becu,accpints summary,,,musi1921,Musii%1921,,, beetal,220x ADSL router,any,http://192.168.1.1,admin,password,admin,should be same for all routers, belkin,Belkin_N+_61F980,,Password,Belkin_N+_61F980,,,, belkin,F1PG200ENau,,,,admin,,, belkin,F5D5231-4,,http://192.168.2.1,,,Administration,, belkin,F5D6130,,,,MiniAP,,, belkin,F5D6130,,Admin,,MiniAP,,, belkin,F5D6130,,SNMP,,MiniAP,Admin,Wireless Acess Point IEEE802.11b, belkin,F5D6231-4 Router,,,,,,, belkin,F5D6231-4,,V1.0 - 2.0,,,,, belkin,F5D7150,FB,Multi,,admin,Admin,, belkin,F5D7230-4 Router,,,,,,, belkin,F5D7231-4,,http://192.168.2.1,,,Administration,, belkin,F5D7234 4V1,1002,,insight_wifi_1902,lgibson5405,,, belkin,F5D8230-4,,http://192.168.2.1,,,Administration,, belkin,F5D9230-4,,http://192.168.2.1,user:,,Administration,, belkin,F5U025 USB Flash drive,,,,1111,,, belkin,F8T030 Bluetooth AP,,,guest,guest,,Bluetooth passkey: belkin, belkin,P74476au,,http://10.0.0.2,admin,password,,, belkin,PRO 3 KVM switch,,Console,admin,belkin,Admin,, belkin,Wireless ADSL Modem/Router,,Full,admin,,,, belkin,Wireless ADSL Modem/Router,,Multi,admin,,Full,, belkin,f5d9230-4,,192.168.2.1,admin,admin,,, benq,awl 700 wireless router,1.3.6 Beta-002,Multi,admin,admin,Admin,, bestpractical,RT,,,root,password,,, bestpractical,RT,,HTTP,root,password,Admin,, betabrite,1026,,,,LLLLLL,Sign programming,Reset sign password, betabrite,1036,,,,LLLLLL,Sign programming,Reset sign password, betabrite,1040,,,,LLLLLL,Sign programming,Reset sign password, betabrite,Prism 1196,,,,LLLLLL,Sign programming,Reset sign password, betabrite,Prism full-colour LED sign,,,,,Sign programming,The sign has no password by default but if it does you can reset it by entering LLLLLL then a new password at the password prompt. Password is always 6 characters., bewan,Wireless Routers,,,bewan,bewan,Admin,, billion,BiPAC 5100,,HTTP,admin,admin,Admin,, billion,BiPAC 5102,,http://192.168.1.254,admin,admin,Administration,, billion,BiPAC 640 AC,640AE100,HTTP,,,Admin,, billion,BiPAC 6600,,http://192.168.1.254,,,Administration,, billion,BiPAC 7202G,,http://192.168.1.254,admin,admin,Administration,, billion,BiPAC 7402VGP,,http://192.168.1.254,admin,admin,Administration,, bintec,Bianca/Brick,,XM-5.1,,snmp-Trap,,, bintec,Bianca/Brick,,read/write,,snmp-Trap,,, bintec,Bianca/Brick,XM-5.1,SNMP,,snmp-Trap,read/write,, bintec,Bianka ,,admin bintec,Admin,No,,, bintec,Bianka Routers,,,admin,bintec,,, bintec,Bianka Routers,,Admin,admin,bintec,,, bintec,Bianka Routers,,Multi,admin,bintec,Admin,, bintec,all Routers,,,admin,bintec,,Any, bintec,x1200,37834,Multi,admin,bintec,Admin,, bintec,x2300i,37834,Multi,admin,bintec,Admin,, bintec,x3200,37834,Multi,admin,bintec,Admin,, biodata,BIGfire,,,,Babylon,,, biodata,Babylon,,,,Babylon,,, biodata,Bigfire +,,Admin,config,biodata,,, biodata,Bigfire +,,Multi,config,biodata,Admin,, biostar,PC BIOS,,,,Biostar,,, biostar,PC BIOS,,Admin,,Biostar,,, biostar,PC BIOS,,Admin,,Q54arwms,,, biostar,PC BIOS,,Console,,Biostar,Admin,, biostar,PC BIOS,,Console,,Q54arwms,Admin,, bizdesign,ImageFoliio,,2.2,Admin,ImageFolio,,, bizdesign,ImageFolio Pro,,2.2,Admin,ImageFolio,,, bizdesign,ImageFolio Pro,2.2,HTTP,Admin,ImageFolio,Admin,default admin page is:/cgi-bidmidmin.cgi, bizdesign,ImageFolio,2.2,HTTP,Admin,ImageFolio,Admin,, blackberry,Pearl,,,Password Keeper,By default has no password, blackbox,BLACK BOX ServSensor JR,,,Administrator,public,,, blackbox,BLACK BOX ServSensor JR,v2.0,HTTP,Administrator,public,,, blackwidowwebdesignltd,Saxon,5.4,http,admin,nimda,Admin,, bluecoatsystems,ProxySG,3.x,HTTP,admin,articon,Admin,access to command line interface via ssh and web gui, bmc software,Patrol,,Admin,Administrator,the same all over,,, bmc software,Patrol,,all,Administrator,the same all over,,, bmc,Patrol,,6,patrol,patrol,,, bmc,Patrol,,User,patrol,patrol,,, bmc,Patrol,6.0,Multi,patrol,patrol,User,, bmc,Patrol,all,BMC unique,Administrator,the same all over,Admin,this default user normally for ALL system in this area with one Password, borland,Interbase,,,,,,, borland,Interbase,,,,,,Any, borland,Interbase,,,SYSDBA,masterkey,,any, borland,Interbase,,,politcally,correct,,Any, borland,Interbase,,,politically,correct,,, borri,CS131,all versions,http,admin,UpsMon,,, boson,router simulator,,Admin,,,,, boson,router simulator,3.66,Multi,,,Admin,, breezecom,Breezecom Adapters,,2.x,,laflaf,,, breezecom,Breezecom Adapters,,3.x,,Master,,, breezecom,Breezecom Adapters,,4.4.x,,Helpdesk,,, breezecom,Breezecom Adapters,,4.x,,Super,,, breezecom,Breezecom Adapters,,Admin,,Master,,, breezecom,Breezecom Adapters,,Admin,,Super,,, breezecom,Breezecom Adapters,,Admin,,laflaf,,, breezecom,Breezecom Adapters,2.x,,,laflaf,,, breezecom,Breezecom Adapters,2.x,,,laflaf,Admin,, breezecom,Breezecom Adapters,3.x,,,Master,,, breezecom,Breezecom Adapters,3.x,,,Master,Admin,, breezecom,Breezecom Adapters,4.4.x,Console,,Helpdesk,Admin,, breezecom,Breezecom Adapters,4.x,,,Super,,, breezecom,Breezecom Adapters,4.x,,,Super,Admin,, breezecom,SA10,,,,,,, broadlogic,XLT router,,HTTP,webadmin,webadmin,Admin,, broadlogic,XLT router,,Telnet,admin,admin,Admin,, broadlogic,XLT router,,Telnet,installer,installer,Admin,, broadmax,LinkMax HSA300A-2,,http://192.168.0.1,broadmax,broadmax,Admin,You need to put the IP as Gateway in TCPIP settings and 192.168.0.2 as your assigned IP., brocade,Fabric OS,,3.x,admin,password,,, brocade,Fabric OS,,3.x,root,fivranne,,, brocade,Fabric OS,,All,root,fivranne,,, brocade,Fabric OS,,Multi,admin,password,Admin,Gigabit SAN, brocade,Fabric OS,All,Multi,root,fibranne,Admin,, brocade,Fabric OS,All,Multi,root,fivranne,Admin,Gigiabit SAN (), brocade,Silkworm,all,Multi,admin,password,Admin,Also on other Fiberchannel switches, brother,HL-1270n,,,,access,,, brother,HL-1270n,,Multi,,access,network board access,, brother,HL-1270n,,network board access,,access,,, brother,HL-3040CN,,,admin,access,,, brother,MFC Network-capable printers,all versions,http,admin,access,,, brother,MFC-8860DB,,,admin,access,,, brother,NC-3100h,,,,access,,, brother,NC-3100h,,,,access,network board access,, brother,NC-3100h,,network board access,,access,,, brother,NC-4100h,,,,access,,, brother,NC-4100h,,,,access,network board access,, brother,NC-4100h,,network board access,,access,,, brother,QL-580N,,,admin,access,,, bt,HomeHub,,192.168.1.254,admin,admin,Admin,, bt,Voyager 2000,,,admin,admin,,, bt,Voyager 2000,,,admin,admin,Admin,, bt,Voyager 240,,,admin,admin,Admin,, buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, buffalo,BBR-4MG and BBR-4HG,ALL,HTTP,root,,Admin,, buffalo,WHR3-G54 Router,,,root,,,, buffalo,Wireless Broadband Base Station-g ,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, buffalo,Wireless Broadband Base Station-g,,WLA-G54 WBR-G54,root,,,, buffalo/melco,AirStation,,,root,,,, cableandwireless,ADSL Modem/Router,,Multi,admin,1234,Admin,, cabletron,Netgear modem/router and SSR,,,netman,,,, cabletron,Netgear modem/router and SSR,,,netman,,Admin,, cabletron,Netgear modem/router and SSR,,Admin,netman,,,, cabletron,routers & switches,,,,,,, cabletron,routers &,,,,,,, canon,iR1023,,Administrator,,0000,,, canyon,router,,Multi,Administrator,admin,Admin,, castlenet,,,http,MSO,changeme,ROOT,, cayman,3220-H DSL Router,,,Any,,,GatorSurf 5., cayman,Cayman DSL,,,,,,, cayman,Cayman DSL,,,,,Admin,, cayman,Cayman DSL,,3220-H,},,,, cayman,Cayman DSL,,Admin,,,,, cayman,Cayman DSL,,Admin,},,,, cayman,Cayman DSL,3220-H,,},,Admin,, cayman,Cayman DSL,SBC/Pacbell,,admin,(device serial number),Admin,, cayman,DSL Router,,,admin,(serial number),,, celerity,Mediator,,,root,Mau,,, celerity,Mediator,,Admin,root,Mau dib,,, celerity,Mediator,,Multi,mediator,mediator,,, celerity,Mediator,,Multi,root,Mau'dib,Admin,Assumption: the password is Mua'dib, celerity,Mediator,,User,mediator,mediator,,, celerity,Mediator,Multi,Multi,mediator,mediator,User,, cellit,CCPro,,Multi,cellit,cellit,Admin,, cgi world,Poll It,,v2.0,,protection,,, cgiworld,Poll It,2.0,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, chase research,Iolan,,,,iolan,,, chaseresearch,Iolan,,,,iolan,,, checkpoint,,,,admin,qaz123,,, checkpoint,Firewall-1,,Multi,admin,abc123,admin,, checkpoint,Firewall-1,,admin,admin,abc123,,, checkpoint,Interspect 210,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,Interspect 210N,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,Interspect 410,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,Interspect 610,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,Interspect 610S,,SSH/Con/Serial,admin,admin,Admin,, checkpoint,SecurePlatform,,Admin,admin,admin,,, checkpoint,SecurePlatform,,NG FP3,admin,admin,,, checkpoint,SecurePlatform,NG FP3,Console,admin,admin,Admin,, chuming chen,NessusWeb,,,administrator,adminpass,,, chumingchen,NessusWeb,,HTTP,administrator,adminpass,Admin,, ciphertrust,IronMail,Any,Multi,admin,password,Admin,, cisco,1100,,,,Cisco,Admin,, cisco,1200,,,Cisco,Cisco,Admin,, cisco,1300,,,Cisco,Cisco,Admin,, cisco,1400,,,,Cisco,Admin,, cisco,2100 aka DPX2100,all versions (comcast-supplied),http://192.168.100.1,,W2402,,password case sensitive, cisco,2600,,Telnet,Administrator,admin,Admin,, cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,,, cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,Admin,Default SSID is tsunami. Username/password are case sensitive., cisco,AP1200,IOS,Multi,Cisco,Cisco,Admin,This is when you convert AP1200 or AP350 to IOS, cisco,ATA 186,,,admin,,Admin,, cisco,Aironet 1100,,webadmin,Cisco,Cisco,,, cisco,Aironet 1100,AP1120B-E-K9,HTTP,Cisco,Cisco,webadmin,, cisco,Aironet 1200,,,Cisco,Cisco,,, cisco,Aironet 1200,,HTTP,root,Cisco,Admin,, cisco,Aironet 1200,,Multi,Cisco,Cisco,,, cisco,Aironet 1350,,HTTP,admin,tsunami,webadmin,, cisco,Aironet 1350,,webadmin,admin,tsunami,,, cisco,Aironet,,Multi,,_Cisco,Admin,, cisco,Aironet,,Multi,Cisco,Cisco,Admin,, cisco,Any Router and Switch,,,cisco,cisco,,10 thru 12, cisco,Arrowpoint,,,admin,system,Admin,, cisco,BBSD MSDE Client,,5.0 and 5.1,bbsd-client,NULL,,, cisco,BBSD MSDE Client,,database,bbsd-client,NULL,,, cisco,BBSD MSDE Client,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,NULL,database,The BBSD Windows Client password will match the BBSD MSDE Client password, cisco,BBSM Administrator,,5.0 and 5.1,Administrator,changeme,,, cisco,BBSM Administrator,,Admin,Administrator,changeme,,, cisco,BBSM Administrator,5.0 and 5.1,Multi,Administrator,changeme,Admin,, cisco,BBSM MSDE Administrator,,5.0 and 5.1,sa,,,, cisco,BBSM MSDE Administrator,,Admin,sa,,,, cisco,BBSM MSDE Administrator,5.0 and 5.1,IP and Named Pipes,sa,,Admin,, cisco,BBSM,,5.0 and 5.1,bbsd-client,changeme2,,, cisco,BBSM,,database,bbsd-client,changeme2,,, cisco,BBSM,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,changeme2,database,The BBSD Windows Client password will match the BBSD MSDE Client password, cisco,CNR,,Admin,admin,changeme,,, cisco,CNR,,All,admin,changeme,,, cisco,CNR,All,CNR GUI,admin,changeme,Admin,This is the default password for Cisco Network Registrar, cisco,Cache Engine,,,admin,diamond,,, cisco,Cache Engine,,Admin,admin,diamond,,, cisco,Cache Engine,,Console,admin,diamond,Admin,, cisco,Catalyst 4000/5000/6000,,All,,public/private/secret,,, cisco,Catalyst 4000/5000/6000,,RO/RW/RW+change SNMP config,,public/private/secret,,, cisco,Catalyst 4000/5000/6000,All,SNMP,,public/private/secret,RO/RW/RW+change SNMP config,default on All Cat switches running the native CatOS CLI software., cisco,Cisco Broadband Troubleshooter,,,admin,changeme,,, cisco,Cisco Guard,,SNMP,,riverhead,,, cisco,Cisco IDS,,,root,attack,,, cisco,Cisco Works,,,admin,admin,,, cisco,CiscoWorks 2000,,,admin,cisco,,, cisco,CiscoWorks 2000,,,admin,cisco,Admin,, cisco,CiscoWorks 2000,,,guest,,,, cisco,CiscoWorks 2000,,,guest,,User,, cisco,CiscoWorks 2000,,Admin,admin,cisco,,, cisco,CiscoWorks 2000,,User,guest,,,, cisco,CiscoWorks,,Multi,admin,admin,,, cisco,Ciso Aironet 1100 series,Rev. 01,HTTP,,Cisco,Admin,, cisco,ConfigMaker Software,,,,cmaker,,any?, cisco,ConfigMaker,,,cmaker,cmaker,,, cisco,ConfigMaker,,,cmaker,cmaker,Admin,, cisco,ConfigMaker,,Admin,cmaker,cmaker,,, cisco,Content Engine,,Telnet,admin,default,Admin,, cisco,E3000,,192.168.1.1,admin,admin,admin,, cisco,GSR,,Telnet,admin,admin,admin,, cisco,HSE,,Multi,hsa,hsadb,Admin,, cisco,HSE,,Multi,root,blender,Admin,, cisco,IDS (netranger),,,root,attack,,, cisco,IOS,,,,Cisco router,,, cisco,IOS,,,,c,,, cisco,IOS,,,,cc,,, cisco,IOS,,,,cisco,,, cisco,IOS,,,cisco,cisco,,, cisco,IOS,,,enable,cisco,,, cisco,IOS,,,private ReadWrite access,secret,,, cisco,IOS,,,public ReadOnly access,secret,,, cisco,IOS,,,ripeop,(no pw),,, cisco,IOS,,11.x-12.x,,ILMI,,, cisco,IOS,,12.1(3),,cable-docsis,,, cisco,IOS,,2600 series,,c,,, cisco,IOS,,Admin,,c,,, cisco,IOS,,Multi,,Cisco router,,, cisco,IOS,,Multi,,c,Admin,, cisco,IOS,,Multi,,cc,,, cisco,IOS,,Multi,,cisco,,, cisco,IOS,,Multi,cisco,cisco,,, cisco,IOS,,Multi,enable,cisco,,, cisco,IOS,,Multi,ripeop,,,, cisco,IOS,,SNMP read-write,,cable-docsis,,, cisco,IOS,,SNMP,private ReadWrite access,secret,Read/write,, cisco,IOS,,SNMP,public ReadOnly access,secret,Read,, cisco,IOS,,limited READ/WRITE,,ILMI,,, cisco,IOS,11.x-12.x,SNMP,,ILMI,limited READ/WRITE,, cisco,IOS,12.1(3),SNMP,,cable-docsis,SNMP read-write,, cisco,IOS,2600 Series,Multi,,c,Admin,, cisco,IP Conference Station,7936,HTTP,End User,7936,,, cisco,MGX,,,superuser,superuser,,*, cisco,NA,,,prixadmin,prixadmin,,NA, cisco,Net Ranger 2.2.1,,,root,attack,,Sol 5.6, cisco,Netranger/secure IDS,,,netrangr,attack,,, cisco,Netranger/secure IDS,,3.0(5)S17,root,attack,,, cisco,Netranger/secure IDS,,Admin,root,attack,,, cisco,Netranger/secure IDS,,Multi,netrangr,attack,,, cisco,Netranger/secure IDS,3.0(5)S17,Multi,root,attack,Admin,must be changed at the first connection, cisco,Network Registrar (CNR),,,admin,changeme,,, cisco,PIX firewall,,Telnet,,cisco,UID=pix,, cisco,PIX,,,,cisco,,, cisco,Traffic Anomaly Detector,,SNMP,,riverhead,,, cisco,Trailhead,,4.0,admin,admin,,, cisco,Trailhead,4.0,HTTP,admin,admin,Admin,, cisco,Unity,,,EAdmin,,,, cisco,Unity,,,ESubscriber,,,, cisco,Unity,,,UAMIS_,,,, cisco,Unity,,,UNITY_,,,, cisco,Unity,,,UOMNI_,,,, cisco,Unity,,,UVPIM_,,,, cisco,Unity,,1.3.2,bubba,,,, cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba, cisco,VPN 3000 Concentrator,,,admin,admin,,, cisco,VPN Concentrator 3000 series,3,Multi,admin,admin,Admin,, cisco,WLSE,,Multi,root,blender,Admin,, cisco,WLSE,,Multi,wlse,wlsedb,Admin,, cisco,any,,,no default login,no default password,,any IOS, cisco,cva 122,,,admin,admin,,, cisco,cva 122,,Admin,admin,admin,,, cisco,cva 122,,Telnet,admin,admin,Admin,, cisco-arrowpoint,Arrowpoint,,,admin,system,,, cisco-arrowpoint,Arrowpoint,,Admin,admin,system,,, claris,At-Ease,,,,familymacintosh,,, cnet,804-nf,,Admin,Admin,epicrouter,,, cnet,804-nf,,HTTP,Admin,epicrouter,Admin,, cnet,804-nf,,HTTP,admin,password,http://,, cnet,804-nf,,http:// ,admin,password,,, cnet,CNET 4PORT ADSL MODEM,CNAD NF400,Multi,admin,epicrouter,Admin,, cobalt,RaQ * Qube*,,,admin,admin,,Any, cobalt,Unknown,,,admin,admin,,, colubris,MSC,5100,user,admin,admin,admin,continue with https, colubrisnetworks,MSC 5100,5100,http -> https,admin,admin,Admin,make exception for invalid certificate to continue with https, comersus,Comersus Shopping Cart,3.2,,,admin,dmr99,, comersus,Shopping Cart,,,admin,dmr99,,, compaq,Familiar Linux,,,root,rootme,,, compaq,Familiar Linux,,telnet/ssh/con,root,rootme,Admin,, compaq,Insight Manager,,,PFCUser,240653C9467E45,,, compaq,Insight Manager,,,PFCUser,240653C9467E45,User,, compaq,Insight Manager,,,administrator,administrator,,, compaq,Insight Manager,,,administrator,administrator,Admin,, compaq,Insight Manager,,,anonymous,,,, compaq,Insight Manager,,,anonymous,,User,, compaq,Insight Manager,,,operator,operator,,, compaq,Insight Manager,,,user,public,,, compaq,Insight Manager,,,user,public,User,, compaq,Insight Manager,,,user,user,,, compaq,Insight Manager,,,user,user,User,, compaq,Insight Manager,,Admin,administrator,administrator,,, compaq,Insight Manager,,User,PFCUser,240653C9467E45,,, compaq,Insight Manager,,User,anonymous,,,, compaq,Insight Manager,,User,user,public,,, compaq,Insight Manager,,User,user,user,,, compaq,Management Agents,,,administrator,,,All, compaq,Networth FastPipes,,,root,manager,,, compaq,Networth FastPipes,,Console,root,manager,,, compaq,PC BIOS,,,,Compaq,,, compaq,PC BIOS,,Admin,,Compaq,,, compaq,PC BIOS,,Console,,Compaq,Admin,, compaq,T1010,,@ , ,use ALT+G at boot to reset config,,, compaq,T1010,,Multi,,use ALT+G at boot to reset config,@,, compaq,WBEM,,,administrator,administrator,,, compaq,WBEM,,HTTP 2301 / HTTPS 2381,administrator,administrator,Admin,, compex,NetPassage 15BR,,http://192.168.168.1,,password,Administration,, compex,NetPassage 18,,http://192.168.168.1,,password,Administration,, compualynx,Cmail Server,,All Versions,administrator,asecret,,, compualynx,Cmail Server,all,multi,administrator,asecret,Admin,, compualynx,Cproxy Server,,All Versions,administrator,asecret,,, compualynx,Cproxy Server,all,multi,administrator,asecret,Admin,, compualynx,SCM,,All Versions,administrator,asecret,,, compualynx,SCM,all,multi,administrator,asecret,Admin,, computer associates,ControlIT,,,DEFAULT,default,,, computer associates,ControlIT,,Desktop/console access,DEFAULT,default,,, computerassociates,ControlIT,,ControlIT,DEFAULT,default,Desktop/console access,, comtrend,CT-5361T,,192.168.1.1,root,12345,,, comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info, and Error Log., comtrend,CT560,,http://192.168.1.1,aolbb,setup,Admin,, comtrend,ct536+,,Multi,admin,,Admin,, conceptronic,C100BRS4H,,,admin,1234,,, conceptronic,C100BRS4H,,HTTP,admin,1234,,, conceptronic,CADSLR4,,HTTP/telnet,admin,password,Admin,Default IP 192.168.1.254, conceptronic,CADSLR4,,HTTP/telnet,anonymous,password,anon,Default IP 192.168.1.254, conceptronic,CFULLHDMAi,,telnet port 4836,,conceptronic2008,,, conceptronic,cdeskcam,1.0,,conceptronic,,,camera, concord,PC BIOS,,,,last,,, concord,PC BIOS,,,,last,Admin,, concord,PC BIOS,,Admin,,last,,, conexant,ACCESS RUNNER ADSL CONSOLE PORT 3.27,,Telnet,Administrator,admin,Admin,, conexant,PAE-CE81,,,admin,epicrouter,,, conexant,PAE-CE81,,Multi,admin,epicrouter,,, conexant,Router,,HTTP,,admin,Admin,yes, conexant,Router,,HTTP,,epicrouter,Admin,, conexant,Router,,HTTP,admin,amigosw1,Admin,, conexant,Router,,HTTP,admin,conexant,Admin,, conexant,Router,,HTTP,admin,epicrouter,Admin,, conexant,Router,,HTTP,admin,password,Admin,, conexant,four port ethernet switch,,,admin,epicrouter,,, conitec,3D Gamestudio,,Capek,Adam,29111991,,, conitec,3D Gamestudio,6.22,Serial,Adam,29111991,Capek,, corecess,3113,,Multi,admin,,Admin,, corecess,6808 APC,,Telnet,corecess,corecess,User,, corecess,Corecess 3112,,HTTP,Administrator,admin,Admin,, coyotepoint,Equaliser 4,,,eqadmin - Serial port only,equalizer,,Free BSD, coyotepoint,Equaliser 4,,,look,look,,Free BSD - Web Browser only, coyotepoint,Equaliser 4,,,root ,,,Free BSD - Serial port only, coyotepoint,Equaliser 4,,,touch,touch,,Free BSD - Web Browser only, creative,2015U,,Multi,,,Admin,, crystalview,OutsideView 32,,,,Crystal,,, crystalview,OutsideView 32,,,,Crystal,Admin,, crystalview,OutsideView 32,,Admin,,Crystal,,, ctcunion,ATU-R130,81001a,Multi,root,root,Admin,, ctx international,PC BIOS,,,,CTX_123,,, ctx international,PC BIOS,,Admin,,CTX_123,,, ctxinternational,PC BIOS,,Console,,CTX_123,Admin,, cyberguard,Firewall,,,cgadmin,cgadmin,,, cyberguard,SG300,,http://192.168.0.1,root,default,Administration,, cyberguard,SG560,,http://192.168.0.1,root,default,Administration,, cyberguard,SG565,,http://192.168.0.1,root,default,Administration,, cyberguard,all firewalls,all,console + passport1,cgadmin,cgadmin,Admin,, cybermax,PC BIOS,,,,Congress,,, cybermax,PC BIOS,,Admin,,Congress,,, cybermax,PC BIOS,,Console,,Congress,Admin,, cyclades,Cyclades-TS800,,TS800,root,tslinux,,, cyclades,MP/RT,,,super,surt,,, cyclades,PR-1000,,,super,surt,,, cyclades,PR-1000,,Telnet,super,surt,Admin,, cyclades,PR1000,,,super,surt,,, cyclades,TS800,,HTTP,root,tslinux,Admin,, cyclades,TS800,,telnet/ssh/http,root,,Admin,, d-link,604,,,Admin,,,, d-link,Cable/DSL Routers/Switches,,Admin,,admin,,, d-link,D-704P,,rev b,admin,,,, d-link,DCS-1000,,admin,,,,, d-link,DI-524,,Admin,admin,,,, d-link,DI-604,,Admin,user,,,, d-link,DI-604,,rev a rev b rev c rev e,admin,,,, d-link,DI-614+,,Admin,admin,,,, d-link,DI-614+,,User,user,,,, d-link,DI-624,,,admin,,,, d-link,DI-624,,192.168.0.1,Admin,,,, d-link,DI-701,,Admin,admin,year2000,,, d-link,DI-704,,rev a,,admin,,, d-link,DI-714P+,,192.168.0.1,admin,____BLANK___,,, d-link,DI-804,,Admin,admin,,,, d-link,DI-804,,v2.03,admin,,,, d-link,DSL-300,,,,private,,, d-link,DSL-300G+,,admin?,,private,,, d-link,DSL-504,,,,private,,, d-link,DSL-G664T,,,admin,admin,,, d-link,DWL 900AP,,,,public,,, d-link,DWL 900AP,,Admin,admin,public,,, d-link,Routers,,DI-764,admin,,,, d-link,hubs/switches,,,D-Link,D-Link,,, daewoo,PC BIOS,,,,Daewuu,,, daewoo,PC BIOS,,Admin,,Daewuu,,, daewoo,PC BIOS,,Console,,Daewuu,Admin,, dallas semiconductors,TINI embedded JAVA Module,,<= 1.0,root,tini,,, dallas semiconductors,TINI embedded JAVA Module,,Admin,root,tini,,, dallas semiconductors,TINI embedded JAVA Module,,tini,Telnet,root,,, dallassemiconductors,TINI embedded JAVA Module,1.0 or lower,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,1.0,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,below 1.0,Telnet,root,tini,Admin,, darkman,ioFTPD,,root,ioFTPD,ioFTPD,,, darkman,ioFTPD,all,Other,ioFTPD,ioFTPD,root,, data general,AOS/VS,,,op,operator,,, data general,AOS/VS,,,operator,operator,,, datacom,BSASX/101,,,,letmein,,, datacom,BSASX/101,,,,letmein,Admin,, datacom,BSASX/101,,Admin,,letmein,,, datacom,NSBrowse,,,sysadm,sysadm,,, datacom,NSBrowse,,,sysadm,sysadm,Admin,, datageneral,AOS/VS,,multi,op,op,Admin,, datageneral,AOS/VS,,multi,op,operator,Admin,, datageneral,AOS/VS,,multi,operator,operator,Admin,, datawizard.net,FTPXQ server,,,anonymous,any@,,, datawizard.net,FTPXQ server,,read/write,anonymous,any,,, datawizardtechnologiesinc,FtpQX server,,FTP,anonymous,(any),Read only on C: by default,, datawizardtechnologiesinc,FtpQX server,,FTP,test,test,Test user has R/W permission on C: drive by default,, davolink,DV2020,,Http://192.168.1.1,user,user,user settings,, davox,Unison,,Multi,admin,admin,User,, davox,Unison,,Multi,davox,davox,User,, davox,Unison,,Multi,root,davox,Admin,, davox,Unison,,Sybase,sa,,Admin,, daytek,PC BIOS,,,,Daytec,,, daytek,PC BIOS,,Admin,,Daytec,,, daytek,PC BIOS,,Console,,Daytec,Admin,, debian,Linux LILO Default,,2.2,,tatercounter2000,,, debian,Linux LILO Default,2.2,console,,tatercounter2000,Admin,, decnet,decnet,,,operator,admin,,, decnet,decnet,,Guest,operator,admin,,, deerfield,MDaemon,,HTTP,MDaemon,MServer,Admin,web interface to manage MDaemon. fixed June 2002, deerfield,WorldClient and MDaemon,,5.0.5.0,MDaemon,MServer,,, deerfield,WorldClient,5.0.5.0,,MDaemon,MServer,,Can be used to send/recv mail remotely, dell latitude cpx,dell,,,admin,admin,,, dell,CSr500xt,,,,admin,,, dell,CSr500xt,,Admin,,admin,,, dell,CSr500xt,,Multi,,admin,Admin,, dell,DRAC,,,root,calvin,management,, dell,ERA,,,root,calvin,,, dell,ERA,,,root,calvin,Admin - Embedded remote access,, dell,Inspiron,,Multi,,admin,Admin,, dell,Laser Printer 3000cn / 3100cn,,HTTP,admin,password,Admin,, dell,Latitude CMOS,CPi,console,,nx0nu4bbe,,Enter password then CTRL+Enter, dell,Latitude,,Admin,,1RRWTTOOI,,, dell,Latitude,,Bios D35B,,1RRWTTOOI,,, dell,Latitude,Bios D35B,Multi,,1RRWTTOOI,Admin,, dell,Lattitude CMOS,,CPi,,nz0u4bbe,,, dell,OpenManage Server Console,,,root,calvin,,, dell,OpenManage Server Console,,Admin,root,calvin,,, dell,OpenManage Server Console,,Console,root,calvin,Admin,, dell,PC BIOS,,,,Dell,,, dell,PC BIOS,,Admin,,Dell,,, dell,PC BIOS,,Console,,Dell,Admin,, dell,PowerEdge 1655MC,,,admin,admin,Admin,, dell,PowerEdge 2650 RAC,,,root,calvin,,, dell,PowerEdge 2650 RAC,,HTTP,root,calvin,,, dell,PowerVault 35F,,,root,calvin,,, dell,PowerVault 50F,,,root,calvin,,, dell,PowerVault TL-2000/4000,,http://,Admin,secure,,, dell,Powerapp Web 100 Linux,,,root,powerapp,,RedHat 6.2, dell,Poweredge,,1655MC,admin,admin,,, dell,RAC,,,root,calvin,,, dell,Remote Access Card,,HTTP,root,calvin,Admin,, dell,Switch PowerConnect,,,admin,admin,,, dell,Switch PowerConnect,,,admin,admin,Admin,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,,Admin,admin,admin,,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,,unknown,admin,admin,,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,unknown,HTTP,admin,admin,Admin,, dell,TrueMobile 2300 Router,,,admin,admin,,, dell,inspiron,,,,admin,,, dell,inspiron,,Admin,,admin,,, dell,latitude,,a05,,admin,,, demarc,Network Monitor,,,admin,my_DEMARC,,, demarc,Network Monitor,,Admin,admin,my_DEMARC,,, demarc,Network Monitor,,multi,admin,my_DEMARC,Admin,, deutschetelekom,T-Sinus 130 DSL,,HTTP,,0,Admin,, deutschetelekom,T-Sinus 154 DSL,13.9.38,HTTP,,0,Admin,thx to AwdCzAb, deutschetelekom,T-Sinus DSL 130,,HTTP,admin,,Admin,Usuallay also a WirelessLan AP :), develcon,Orbitor Default Console,,,,BRIDGE,,, develcon,Orbitor Default Console,,,,BRIDGE,Admin,, develcon,Orbitor Default Console,,,,password,,, develcon,Orbitor Default Console,,,,password,Admin,, develcon,Orbitor Default Console,,Admin,,BRIDGE,,, develcon,Orbitor Default Console,,Admin,,password,,, dictaphone,ProLog,,,NETOP,,,, dictaphone,ProLog,,,NETWORK,NETWORK,,, dictaphone,ProLog,,,PBX,PBX,,, digiboard,Portserver 8 & 16,,,root,dbps,,any, digicom,Michelangelo,,Multi,admin,michelangelo,Admin,, digicom,Michelangelo,,Multi,user,password,User,, digicorp,Router,,,,BRIDGE,Admin,, digicorp,Router,,,,password,Admin,, digicorp,Viper,,,,BRIDGE,,, digicorp,Viper,,Admin,,BRIDGE,,, digicorp,Viper,,Admin,,password,,, digicorp,Viper,,Telnet,,BRIDGE,Admin,, digicorp,Viper,,Telnet,,password,Admin,, digicraft software,Yak!,,2.0.1,Yak,asd123,,, digicraftsoftware,Yak!,2.0.1,FTP (default port 3535),Yak,asd123,,, digiinternational,Digi One SP,all versions,http,root,dbps,Full configuration,Device default to DHCP for IP address., digital equipment,10-Dec,,,1,manager,,, digital equipment,10-Dec,,,2,maintain,,, digital equipment,10-Dec,,,2,operator,,, digital equipment,10-Dec,,,30,games,,, digital equipment,10-Dec,,,5,games,,, digital equipment,10-Dec,,,7,maintain,,, digital equipment,DEC-10,,,1,manager,,, digital equipment,DEC-10,,,2,operator,,, digital equipment,DEC-10,,,30,games,,, digital equipment,DEC-10,,,5,games,,, digital equipment,DEC-10,,,7,maintain,,, digital equipment,DEC-10,,Admin,1,manager,,, digital equipment,DEC-10,,Admin,1,operator,,, digital equipment,DEC-10,,Admin,1,syslib,,, digital equipment,DEC-10,,Admin,2,maintain,,, digital equipment,DEC-10,,Admin,2,manager,,, digital equipment,DEC-10,,Admin,2,operator,,, digital equipment,DEC-10,,Admin,2,syslib,,, digital equipment,DEC-10,,User,30,games,,, digital equipment,DEC-10,,User,5,games,,, digital equipment,DEC-10,,User,7,maintain,,, digital equipment,DecServer,,,,ACCESS,,, digital equipment,DecServer,,Admin,,ACCESS,,, digital equipment,DecServer,,Admin,,SYSTEM,,, digital equipment,IRIS,,,PDP11,PDP11,,, digital equipment,IRIS,,,PDP8,PDP8,,, digital equipment,IRIS,,,accounting,accounting,,, digital equipment,IRIS,,,boss,boss,,, digital equipment,IRIS,,,demo,demo,,, digital equipment,IRIS,,,manager,manager,,, digital equipment,IRIS,,,software,software,,, digital equipment,IRIS,,Admin,accounting,accounting,,, digital equipment,IRIS,,Admin,boss,boss,,, digital equipment,IRIS,,Admin,manager,manager,,, digital equipment,IRIS,,User,PDP11,PDP11,,, digital equipment,IRIS,,User,PDP8,PDP8,,, digital equipment,IRIS,,User,demo,demo,,, digital equipment,IRIS,,User,software,software,,, digital equipment,PC BIOS,,,,komprie,,, digital equipment,PC BIOS,,Admin,,komprie,,, digital equipment,RSX,,,,1,,, digital equipment,RSX,,,1.1,SYSTEM,,, digital equipment,RSX,,,BATCH,BATCH,,, digital equipment,RSX,,,SYSTEM,MANAGER,,, digital equipment,RSX,,,USER,USER,,, digital equipment,RSX,,Admin,1.1,SYSTEM,,, digital equipment,RSX,,Admin,SYSTEM,MANAGER,,, digital equipment,RSX,,Admin,SYSTEM,SYSTEM,,, digital equipment,RSX,,User,BATCH,BATCH,,, digital equipment,RSX,,User,USER,USER,,, digital equipment,Terminal Server,,,,access,,, digital equipment,Terminal Server,,,,system,,, digital equipment,Terminal Server,,Admin,,system,,, digital equipment,Terminal Server,,User,,access,,, digital equipment,VMS,,,ALLIN1,ALLIN1,,, digital equipment,VMS,,,ALLIN1MAIL,ALLIN1MAIL,,, digital equipment,VMS,,,ALLINONE,ALLINONE,,, digital equipment,VMS,,,BACKUP,BACKUP,,, digital equipment,VMS,,,DCL,DCL,,, digital equipment,VMS,,,DECMAIL,DECMAIL,,, digital equipment,VMS,,,DECNET,DECNET,,, digital equipment,VMS,,,DECNET,NONPRIV,,, digital equipment,VMS,,,DEFAULT,DEFAULT,,, digital equipment,VMS,,,DEFAULT,USER,,, digital equipment,VMS,,,DEMO,DEMO,,, digital equipment,VMS,,,FIELD,DIGITAL,,, digital equipment,VMS,,,FIELD,FIELD,,, digital equipment,VMS,,,FIELD,SERVICE,,, digital equipment,VMS,,,FIELD,TEST,,, digital equipment,VMS,,,GUEST,GUEST,,, digital equipment,VMS,,,HELP,HELP,,, digital equipment,VMS,,,HELPDESK,HELPDESK,,, digital equipment,VMS,,,HOST,HOST,,, digital equipment,VMS,,,INFO,INFO,,, digital equipment,VMS,,,INGRES,INGRES,,, digital equipment,VMS,,,LINK,LINK,,, digital equipment,VMS,,,MAILER,MAILER,,, digital equipment,VMS,,,MBMANAGER,MBMANAGER,,, digital equipment,VMS,,,MBWATCH,MBWATCH,,, digital equipment,VMS,,,NETCON,NETCON,,, digital equipment,VMS,,,NETMGR,NETMGR,,, digital equipment,VMS,,,NETNONPRIV,NETNONPRIV,,, digital equipment,VMS,,,NETPRIV,NETPRIV,,, digital equipment,VMS,,,NETSERVER,NETSERVER,,, digital equipment,VMS,,,NETWORK,NETWORK,,, digital equipment,VMS,,,NEWINGRES,NEWINGRES,,, digital equipment,VMS,,,NEWS,NEWS,,, digital equipment,VMS,,,OPERVAX,OPERVAX,,, digital equipment,VMS,,,POSTMASTER,POSTMASTER,,, digital equipment,VMS,,,PRIV,PRIV,,, digital equipment,VMS,,,REPORT,REPORT,,, digital equipment,VMS,,,RJE,RJE,,, digital equipment,VMS,,,STUDENT,STUDENT,,, digital equipment,VMS,,,SYS,SYS,,, digital equipment,VMS,,,SYSMAINT,DIGITAL,,, digital equipment,VMS,,,SYSMAINT,SERVICE,,, digital equipment,VMS,,,SYSMAINT,SYSMAINT,,, digital equipment,VMS,,,SYSTEM,MANAGER,,, digital equipment,VMS,,,SYSTEM,OPERATOR,,, digital equipment,VMS,,,SYSTEM,SYSLIB,,, digital equipment,VMS,,,SYSTEM,SYSTEM,,, digital equipment,VMS,,,SYSTEST,UETP,,, digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST,,, digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST_CLIG,,, digital equipment,VMS,,,TELEDEMO,TELEDEMO,,, digital equipment,VMS,,,TEST,TEST,,, digital equipment,VMS,,,UETP,UETP,,, digital equipment,VMS,,,USER,PASSWORD,,, digital equipment,VMS,,,USERP,USERP,,, digital equipment,VMS,,,VAX,VAX,,, digital equipment,VMS,,,VMS,VMS,,, digitalequipment,DEC-10,,Multi,1,manager,Admin,, digitalequipment,DEC-10,,Multi,1,operator,Admin,, digitalequipment,DEC-10,,Multi,1,syslib,Admin,, digitalequipment,DEC-10,,Multi,2,maintain,Admin,, digitalequipment,DEC-10,,Multi,2,manager,Admin,, digitalequipment,DEC-10,,Multi,2,operator,Admin,, digitalequipment,DEC-10,,Multi,2,syslib,Admin,, digitalequipment,DEC-10,,Multi,30,games,User,, digitalequipment,DEC-10,,Multi,5,games,User,, digitalequipment,DEC-10,,Multi,7,maintain,User,, digitalequipment,DecServer,,Multi,,ACCESS,Admin,, digitalequipment,DecServer,,Multi,,SYSTEM,Admin,, digitalequipment,IRIS,,Multi,PDP11,PDP11,User,, digitalequipment,IRIS,,Multi,PDP8,PDP8,User,, digitalequipment,IRIS,,Multi,accounting,accounting,Admin,, digitalequipment,IRIS,,Multi,boss,boss,Admin,, digitalequipment,IRIS,,Multi,demo,demo,User,, digitalequipment,IRIS,,Multi,manager,manager,Admin,, digitalequipment,IRIS,,Multi,software,software,User,, digitalequipment,PC BIOS,,Console,,komprie,Admin,, digitalequipment,RSX,,Multi,1,,Level 1,, digitalequipment,RSX,,Multi,1.1,SYSTEM,Admin,, digitalequipment,RSX,,Multi,BATCH,BATCH,User,, digitalequipment,RSX,,Multi,SYSTEM,MANAGER,Admin,, digitalequipment,RSX,,Multi,SYSTEM,SYSTEM,Admin,, digitalequipment,RSX,,Multi,USER,USER,User,, digitalequipment,Terminal Server,,Port 7000,,access,User,, digitalequipment,Terminal Server,,Port 7000,,system,Admin,, digitalequipment,VMS,,Multi,ALLIN1,ALLIN1,,, digitalequipment,VMS,,Multi,ALLIN1MAIL,ALLIN1MAIL,,, digitalequipment,VMS,,Multi,ALLINONE,ALLINONE,,, digitalequipment,VMS,,Multi,BACKUP,BACKUP,,, digitalequipment,VMS,,Multi,DCL,DCL,,, digitalequipment,VMS,,Multi,DECMAIL,DECMAIL,,, digitalequipment,VMS,,Multi,DECNET,DECNET,,, digitalequipment,VMS,,Multi,DECNET,NONPRIV,,, digitalequipment,VMS,,Multi,DEFAULT,DEFAULT,,, digitalequipment,VMS,,Multi,DEFAULT,USER,,, digitalequipment,VMS,,Multi,DEMO,DEMO,,, digitalequipment,VMS,,Multi,FIELD,DIGITAL,,, digitalequipment,VMS,,Multi,FIELD,FIELD,,, digitalequipment,VMS,,Multi,FIELD,SERVICE,,, digitalequipment,VMS,,Multi,FIELD,TEST,,, digitalequipment,VMS,,Multi,GUEST,GUEST,,, digitalequipment,VMS,,Multi,HELP,HELP,,, digitalequipment,VMS,,Multi,HELPDESK,HELPDESK,,, digitalequipment,VMS,,Multi,HOST,HOST,,, digitalequipment,VMS,,Multi,INFO,INFO,,, digitalequipment,VMS,,Multi,INGRES,INGRES,,, digitalequipment,VMS,,Multi,LINK,LINK,,, digitalequipment,VMS,,Multi,MAILER,MAILER,,, digitalequipment,VMS,,Multi,MBMANAGER,MBMANAGER,,, digitalequipment,VMS,,Multi,MBWATCH,MBWATCH,,, digitalequipment,VMS,,Multi,NETCON,NETCON,,, digitalequipment,VMS,,Multi,NETMGR,NETMGR,,, digitalequipment,VMS,,Multi,NETNONPRIV,NETNONPRIV,,, digitalequipment,VMS,,Multi,NETPRIV,NETPRIV,,, digitalequipment,VMS,,Multi,NETSERVER,NETSERVER,,, digitalequipment,VMS,,Multi,NETWORK,NETWORK,,, digitalequipment,VMS,,Multi,NEWINGRES,NEWINGRES,,, digitalequipment,VMS,,Multi,NEWS,NEWS,,, digitalequipment,VMS,,Multi,OPERVAX,OPERVAX,,, digitalequipment,VMS,,Multi,POSTMASTER,POSTMASTER,,, digitalequipment,VMS,,Multi,PRIV,PRIV,,, digitalequipment,VMS,,Multi,REPORT,REPORT,,, digitalequipment,VMS,,Multi,RJE,RJE,,, digitalequipment,VMS,,Multi,STUDENT,STUDENT,,, digitalequipment,VMS,,Multi,SYS,SYS,,, digitalequipment,VMS,,Multi,SYSMAINT,DIGITAL,,, digitalequipment,VMS,,Multi,SYSMAINT,SERVICE,,, digitalequipment,VMS,,Multi,SYSMAINT,SYSMAINT,,, digitalequipment,VMS,,Multi,SYSTEM,MANAGER,,, digitalequipment,VMS,,Multi,SYSTEM,OPERATOR,,, digitalequipment,VMS,,Multi,SYSTEM,SYSLIB,,, digitalequipment,VMS,,Multi,SYSTEM,SYSTEM,,, digitalequipment,VMS,,Multi,SYSTEST,UETP,,, digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST,,, digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST_CLIG,,, digitalequipment,VMS,,Multi,TELEDEMO,TELEDEMO,,, digitalequipment,VMS,,Multi,TEST,TEST,,, digitalequipment,VMS,,Multi,UETP,UETP,,, digitalequipment,VMS,,Multi,USER,PASSWORD,,, digitalequipment,VMS,,Multi,USERP,USERP,,, digitalequipment,VMS,,Multi,VAX,VAX,,, digitalequipment,VMS,,Multi,VMS,VMS,,, digitalequipment,decnet,,Multi,operator,admin,Guest,, discar,PMC30,,,SUPERVISOR,DISCAR,,, discar,PMC30,TODAS,Multi,SUPERVISOR,DISCAR,,, dlink,,dir 655,,admin,blank,,, dlink,All Models,All Versions,192.168.0.1,,211cmw91765,user,, dlink,Cable/DSL Routers/Switches,,Multi,,admin,Admin,, dlink,D-704P,,Multi,admin,admin,Admin,, dlink,D-704P,rev b,Multi,admin,,Admin,, dlink,DCS-1000,,HTTP,,,admin,, dlink,DFL-1100 firewall,,HTTP,admin,,Admin,, dlink,DFL-1600 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, dlink,DFL-200 firewall,,HTTP,admin,,Admin,, dlink,DFL-200 firewall,,HTTP,admin,admin,Admin,, dlink,DFL-210 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, dlink,DFL-300 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DFL-700 firewall,,HTTP,admin,,Admin,, dlink,DFL-80 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DFL-CP310 firewall,,http://my.firewall,admin,Management Interface Admin,, dlink,DFL-CPG310 firewall,,http://my.firewall,admin,Management Interface Admin,, dlink,DFL-M510 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DGL-4100,,http://192.168.0.1,,,Administration,, dlink,DGL-4300,,http://192.168.0.1,,,Administration,, dlink,DGL-4500,,http://192.168.0.1,,,Administration,, dlink,DI-106,,,administrator,@*nigU^D.ha,,winnt, dlink,DI-206 ISDN router,,,Admin,Admin,,1.*, dlink,DI-514 Router,,HTTP,admin,,,, dlink,DI-514,,Multi,user,,Admin,, dlink,DI-524,all,HTTP,admin,,Admin,http://192.168.0.1, dlink,DI-524,all,HTTP,user,,User,, dlink,DI-604,,HTTP,user,,Admin,, dlink,DI-604,1.62b+,HTTP,admin,,Admin,, dlink,DI-604,2.02,HTTP,admin,admin,Admin,, dlink,DI-604,rev a rev b rev c rev e,Multi,admin,,Admin,http://192.168.0.1, dlink,DI-614+,,HTTP,admin,,Admin,, dlink,DI-614+,,HTTP,admin,admin,Admin,, dlink,DI-614+,,HTTP,user,,User,, dlink,DI-614+,any,HTTP,admin,,Admin,all access :D, dlink,DI-614,,HTTP,admin,,Admin,, dlink,DI-624+,,HTTP,admin,,,, dlink,DI-624+,A3,HTTP,admin,admin,Admin,, dlink,DI-624,,http://192.168.0.1,Admin,,admin,, dlink,DI-624,all,HTTP,User,,Admin,, dlink,DI-624M,,http://192.168.0.1,admin,,Administration,, dlink,DI-624S,,http://192.168.0.1,admin,,Administration,, dlink,DI-634M,,http://192.168.0.1,admin,,Administration,, dlink,DI-701,unknown,Multi,admin,year2000,Admin,, dlink,DI-704,,Multi,,admin,Admin,, dlink,DI-704,rev a,Multi,,admin,Admin,Cable/DSL Routers/Switches, dlink,DI-704P,,http://192.168.0.1,admin,,Administration,, dlink,DI-704UP,,http://192.168.0.1,admin,,Administration,, dlink,DI-707P,,HTTP,admin,,Admin,, dlink,DI-714 Router,,HTTP,admin,,,, dlink,DI-714P+,,Multi,admin,,192.168.0.1,, dlink,DI-724GU,,http://192.168.0.1,admin,,Administration,, dlink,DI-724P+ Router,,HTTP,admin,,,, dlink,DI-724U,,http://192.168.0.1,admin,,Administration,, dlink,DI-764,,HTTP,admin,,Admin,, dlink,DI-784 Router,,HTTP,admin,,,, dlink,DI-804,v2.03,Multi,admin,,Admin,, dlink,DI-804HV,,http://192.168.0.1,admin,,Administration,, dlink,DI-808HV,,http://192.168.0.1,admin,,Administration,, dlink,DI-824VUP Airplus G Wireless VPN Router,,http://192.168.0.1,admin,,Administrator,, dlink,DI-LB604,,http://192.168.0.1,admin,,Administration,, dlink,DIR-130,,http://192.168.0.1,admin,,administrator,, dlink,DIR-300,,192.168.0.1,admin,blank,administrator,, dlink,DIR-300,,telnet 192.168.0.1,root,,shell,, dlink,DIR-330,,http://192.168.0.1,admin,,administrator,, dlink,DIR-450,,http://192.168.0.1,admin,,administrator,, dlink,DIR-451,,http://192.168.0.1,admin,,administrator,, dlink,DIR-615 ,3.01,192.168.01 ,,family,family,, dlink,DIR-615,,http://192.168.0.1,admin,,administrator,, dlink,DIR-615,Ver.1.10(I),http://192.168.0.1). ,Admin,,Admin,mantra88dotcom, dlink,DIR-625,,http://192.168.0.1,admin,,administrator,, dlink,DIR-635,,http://192.168.0.1,Admin,,Administration,, dlink,DIR-655,,http://192.168.0.1,admin,,Administration,, dlink,DIR-660,,http://192.168.0.1,admin,,Administration,, dlink,DIR-855,,http://192.168.0.1,admin,,Administration,, dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,00000000,,, dlink,DSL Router,,,root,admin,Administrator,, dlink,DSL-2640T,1.00(1),192.168.I.I,88612421,2421D,ADMIN,ADMIN, dlink,DSL-300,?,Telnet,,private,,, dlink,DSL-300G+,7.1.0.30,Telnet,,private,admin?,, dlink,DSL-300g+,Teo,HTTP,admin,admin,Admin,, dlink,DSL-300g+,Teo,Telnet,,private,Admin,, dlink,DSL-302G,,Multi,admin,admin,Admin,, dlink,DSL-500,,Multi,admin,admin,Admin,, dlink,DSL-504,,HTTP,,private,Admin,, dlink,DSL-504T,,http://10.1.1.1,admin,admin,Admin,, dlink,DSL-604+,,,admin,admin,Admin,, dlink,DSL-G604T,,http://10.1.1.1,admin,admin,Admin,, dlink,DSL-G624T,?,? via WAN ...,root,admin,Admin,, dlink,DSL-G664T,A1,HTTP,admin,admin,Admin,SSID : G664T_WIRELESS, dlink,DSL500G,,Multi,admin,admin,Admin,, dlink,DWL-1000+,,HTTP,admin,,Admin,, dlink,DWL-1000,,HTTP,admin,,Admin,, dlink,DWL-1000AP+,,http://192.168.0.50,admin,,Admin,, dlink,DWL-1700AP,,http://192.168.0.50:2000,admin,root,,, dlink,DWL-1750,,http://192.168.0.50:2000,admin,root,,, dlink,DWL-2000AP+,1.13,HTTP,admin,,Admin,Wireless Access Point, dlink,DWL-2100AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, dlink,DWL-210AP,1.03,Wireless,admin,,,, dlink,DWL-2200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, dlink,DWL-2210AP,,http://192.168.0.50,admin,admin,,, dlink,DWL-2700AP,,MIB or AP Mgr or D-View Module or http://192.168.0.50,admin,,,, dlink,DWL-3150,,http://192.168.0.30,admin,,Administration,default SSID is 'dlink', dlink,DWL-3200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, dlink,DWL-3200AP,,http://192.168.1.199,,,admin,, dlink,DWL-5000AP,,http://192.168.0.50,admin,,,, dlink,DWL-6000AP,Rev.A and Rev.B,multi interfaces incl. http://192.168.0.50,admin,,,, dlink,DWL-614+,2.03,HTTP,admin,,Admin,, dlink,DWL-614+,rev a rev b,HTTP,admin,,Admin,http://192.168.0.1, dlink,DWL-7000AP,,http://192.168.0.50 or AP Mgr,admin,,,, dlink,DWL-700AP,,http://192.168.0.50,admin,,Admin,, dlink,DWL-7100AP,,http://192.168.0.50,admin,,Administration,, dlink,DWL-7200AP,,http://192.168.0.50,admin,,Administration,, dlink,DWL-7700AP,Rev. A and Rev. B,mutli console,admin,,Administration,default IP 192.168.0.50, dlink,DWL-810+,,http://192.168.0.30,admin,,Admin,, dlink,DWL-810,,http://192.168.0.30,admin,,Admin,, dlink,DWL-8200AP,,multi console,admin,,,default IP 192.160.0.50, dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/! Previous indication in the page is false!), dlink,DWL-900+,,HTTP,admin,,Admin,, dlink,DWL-900,,,admin,public,Admin,, dlink,DWL-900AP+,,,Admin,1970,,, dlink,DWL-900AP+,rev a rev b rev c,HTTP,admin,,Admin,http://192.168.0.50, dlink,DWL-900AP,,Multi,,public,Admin,, dlink,DWL-900AP,,Multi,admin,public,Admin,, dlink,DWL-900AP,,USB/SNMP,,public,Admin,default IP 192.168.0.20, dlink,DWL-AG700AP,,http://192.168.0.50,admin,,Administration,, dlink,DWL-G700AP,,HTTP,admin,,,, dlink,DWL-G700AP,,http://192.168.0.50/,admin,olinda,,, dlink,DWL-G710,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G730AP,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G800AP,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G820,,http://192.168.0.35,admin,,Administration,, dlink,EBR-2310,,http://192.168.0.1,admin,,Administration,, dlink,WBR-1310,,http://192.168.0.1,admin,,Administration,, dlink,WBR-2310,,http://192.168.0.1,admin,,Administration,, dlink,WBR-2310,revB,http://192.168.0.1,admin,,Administration,, dlink,Windows XP,Windows XP,192.168.0.1,admin,password,admin,amdin, dlink,hubs/switches,,Telnet,D-Link,D-Link,,, dlink,wbr-2310,a1 1.02,192.168.0.1,D Link 25,,,, dlink,windows xp,all,192.168.0.1,admin,,,, draytek,Vigor 2200 USB,,,admin,,Admin,, draytek,Vigor 2600 Plus Series,Annex A,HTTP,admin,,Admin,, draytek,Vigor 2600,,HTTP,admin,,Admin,, draytek,Vigor 2900+,,HTTP,admin,admin,Admin,, draytek,Vigor,all,HTTP,admin,admin,Admin,, dreambox,All models,all versions,http, telnet,root,dreambox,, drupal.org,Drupal,,administrator,admin,admin,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, dynalink,RTA020,,Multi,admin,private,Admin,, dynalink,RTA1025W,,console,http//192.168.1.1,admin,admin,, dynalink,RTA1320,,console,http//192.168.1.1,admin,admin,, dynalink,RTA1335,,console,http//192.168.1.1,admin,admin,, dynalink,RTA230,,,userNotUsed,userNotU,,, dynalink,RTA230,,,userNotUsed,userNotU,Admin,, dynalink,RTA230,,Multi,admin,admin,Admin,, dynamode,BR-6004,,http,guest,guest,Standard admin access,, dynix library systems,Dynix,,,LIBRARY,,,, dynix library systems,Dynix,,,SETUP,,,, dynix library systems,Dynix,,,circ,,,, dynix library systems,Dynix,,,circ,,,, dynix library systems,Dynix,,Admin,SETUP,,,, dynix library systems,Dynix,,User,LIBRARY,,,, dynixlibrarysystems,Dynix,,Multi,LIBRARY,,User,, dynixlibrarysystems,Dynix,,Multi,SETUP,,Admin,, dynixlibrarysystems,Dynix,,Multi,circ,(social security number),User,, e-tech,Router,,Admin,,admin,,, econ,Econ DSL Router,,Router,admin,epicrouter,Admin,DSL Router, edimax,.,,,admin,1234,,, edimax,.,,Multi,admin,1234,,, edimax,6114wg,1.83,192.168.2.1,admin,1234,,, edimax,7205APL,,,guest,1234,,, edimax,7205APL,,,guest,1234,Guest - allows backup of config.bin,attacker can gain all passwords, edimax,AR-6004,,,admin,1234,,, edimax,AR-7024,,,admin,epicrouter,,, edimax,AR-7024WG,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, edimax,AR-7024Wg,,Admin,admin,epicrouter,,, edimax,AR-7084A,,192.168.2.1,admin,1234,Admin,, edimax,AR-7084gA,3.0A,http://192.168.2.1,admin,1234,Admin,, edimax,BR 4000+ Router,,,admin,password,,, edimax,BR 4000+ Router,all,HTTP,admin,password,,, edimax,BR-6204WG,,Default IP: 192.168.2.1,admin,1234,,, edimax,BR-7209WG,,Default IP: 192.168.2.1,admin,1234,,, edimax,Broadband Router,Hardware: Rev A. Boot Code: 1.0 Runtime Code 2.63,HTTP,admin,1234,Admin,, edimax,ES-5224RXM,,Multi,admin,123,Admin,, edimax,EW-7205APL,Firmware release 2.40a-00,Multi,guest,,Admin,, edimax,Wireless ADSL Router,AR-7024,Multi,admin,epicrouter,Admin,, edimax,br-6204,wg,http://192.168.2.1,admin,1234,admin,, efficient networks,5851 SDSL Router,,,,hs7mwxkk,,, efficient networks,5851 SDSL Router,,Admin,,hs7mwxkk,,, efficient networks,EN 5861,,,login,admin,,, efficient networks,EN 5861,,Admin,login,admin,,, efficient networks,Speedstream 5711,,Admin,,4getme2,,, efficient networks,Speedstream 5711,,Teledanmark version (only .dk),,4getme2,,, efficient,5871 DSL Router,,Admin,login,admin,,, efficient,5871 DSL Router,,v 5.3.3-0,login,admin,,, efficient,Speedstream DSL,,,,admin,,, efficient,Speedstream DSL,,Admin,,admin,,, efficientnetworks,5800 Class DSL Routers,all,Multi,login,admin,Admin,, efficientnetworks,5851 SDSL Router,N/A,Console,,hs7mwxkk,Admin,On some Covad Routers, efficientnetworks,5851,,Telnet,login,password,Admin,might be all 5800 series, efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,, efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,This is for access to HTTP admin console., efficientnetworks,EN 5861,,Telnet,login,admin,Admin,, efficientnetworks,Speedstream DSL,,Telnet,,admin,Admin,, efficientnetworks,Speedstream,5200,http/telnet,,,,Default IP 10.0.0.1/8, efficientnetworks,Speedstream,5600,http/telnet,,,,Default IP 10.0.0.1/8, efficientnetworks,Speedstream,5711 Teledanmark version (only .dk),Console,,4getme2,Admin,, efficientnetworks,Speedstream,57xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, efficientnetworks,Speedstream,59xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, efficientnetworks,Speedstream,various,http/telnet,superuser,admin,Admin,, efficinet networks,5800 Class DSL Routers,,Admin,login,admin,,, efficinet networks,5800 Class DSL Routers,,all,login,admin,,, egenera,all models,all version,http, ssh, console,root,root, elron,Firewall,,,(hostname/ipaddress),sysadmin,,, elronsoftware,Elron Firewall,2.5c,,hostname/ip address,sysadmin,Admin,, elsa,LANCom Office ISDN Router,,800/1000/1100,,,,, elsa,LANCom Office ISDN Router,,Admin,,,,, elsa,LANCom Office ISDN Router,,Admin,,cisco,,, elsa,LANCom Office ISDN Router,1000,Telnet,,,Admin,, elsa,LANCom Office ISDN Router,1000,Telnet,,cisco,Admin,, elsa,LANCom Office ISDN Router,1100,Telnet,,,Admin,, elsa,LANCom Office ISDN Router,1100,Telnet,,cisco,Admin,, elsa,LANCom Office ISDN Router,800,Telnet,,,Admin,, elsa,LANCom Office ISDN Router,800,Telnet,,cisco,Admin,, emachines,notebook,,,emaq,4133,,, eminent,EM4114,,,admin,admin,Administrator,, encad,XPO,,,,,,, encad,XPO,,Admin,,,,, encad,XPO,,Multi,,,Admin,, enhydra,Multiserver,,,admin,enhydra,,, enhydra,Multiserver,,,admin,enhydra,Admin,, enox,PC BIOS,,,,xo11nE,,, enox,PC BIOS,,Admin,,xo11nE,,, enox,PC BIOS,,Console,,xo11nE,Admin,, enterasys,ANG-1105,,Admin,,netadmin,,, enterasys,ANG-1105,,Admin,admin,netadmin,,, enterasys,ANG-1105,,unknown,,netadmin,,, enterasys,ANG-1105,,unknown,admin,netadmin,,, enterasys,ANG-1105,unknown,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, enterasys,ANG-1105,unknown,Telnet,,netadmin,Admin,default IP is 192.168.1.1, enterasys,Vertical Horizon,ANY,Multi,admin,,Admin,this works in telnet or http, enterasys,Vertical Horizon,VH-2402S,Multi,tiger,tiger123,Admin,, entrust,Get Access Service Control Agent,,4.x,admin,admin,,, entrust,GetAccess,4.x,http,admin,admin,Admin,, entrust,GetAccess,4.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, entrust,GetAccess,7.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, epox,PC BIOS,,,,central,,, epox,PC BIOS,,Admin,,central,,, epox,PC BIOS,,Console,,central,Admin,, ericsson,ACC,,,netman,netman,,, ericsson,Any router,,,netman,netman,,all, ericsson,Ericsson ACC,,,netman,netman,,, ericsson,Ericsson ACC,,Multi,,,Admin,, ericsson,Ericsson Acc,,,netman,netman,,, ericsson,Tigris Platform,All,Multi,public,,Guest,, ericsson,W20,,,user,user,,, ericsson,md110 pabx,,up-to-bc9,,help,,, ericsson,md110 pabx,,varies depending on config minimal list access by default,,help,,, ericsson,md110 pabx,up-to-bc9,Multi,,help,varies depending on config minimal list access by default,, esesixcomputergmbh,Thintune,2.4.38-32-D,Connect port 25072,root,jstwo,Admin,, etech,ADSL Ethernet Router,Annex A v2,HTTP,admin,epicrouter,Admin,Password can also be password, etech,Router,RTBR03,HTTP,,admin,Admin,1wan/4ports switch router, etech,Router,v1,HTTP,,admin,Admin,, etech,Wireless 11Mbps Router Model:WLRT03,,HTTP,,admin,Admin,, etech,rtbr03,rtbr03,Admin,admin,admin,,, everfocus,ECOR 8F,,,admin,11111111,,, everfocus,PowerPlex,,Admin,admin,admin,,, everfocus,PowerPlex,,Admin,operator,operator,,, everfocus,PowerPlex,,Admin,supervisor,supervisor,,, everfocus,PowerPlex,,EDR1600,admin,admin,,, everfocus,PowerPlex,,EDR1600,operator,operator,,, everfocus,PowerPlex,,EDR1600,supervisor,supervisor,,, everfocus,PowerPlex,EDR1600,Multi,admin,admin,Admin,, everfocus,PowerPlex,EDR1600,Multi,operator,operator,Admin,, everfocus,PowerPlex,EDR1600,Multi,supervisor,supervisor,Admin,, everfocus,edsr400,,,Admin,admin,,, exabyte,Magnum20,,FTP,anonymous,Exabyte,Admin,, exindanetworks,1700,,Default login http://172.14.1.57,admin,exinda,Admin,, extended systems,Firewall,,,admin,admin,,, extended systems,Print Server,,,admin,extendnet,,, extendedsystems,ExtendNet 4000 / Firewall,,,admin,admin,,all Versions, extendedsystems,Print Servers,,,admin,extendnet,,, extreme networks,All Switches,,,admin,,,, extreme networks,All Switches,,Admin,admin,,,, extreme networks,Alpine,,,admin,,,, extreme networks,BlackDiamond,,,admin,,,, extreme networks,Summit,,,admin,,,, extreme networks,Switches,,,admin,,,, extreme networks,Switches,,Admin,admin,,,, extreme networks,Swithces,,,admin,,,, extreme networks,Swithces,,Admin,admin,,,, extremenetworks,All Switches,,Multi,admin,,Admin,, extremenetworks,Alpine,,,admin,,Admin,, extremenetworks,BlackDiamond,,,admin,,Admin,, extremenetworks,Summit,,,admin,,Admin,, extremenetworks,Switches,,,admin,,Admin,, extremenetworks,Swithces,,Multi,admin,,Admin,, f5,Big-IP 540,,Multi,root,default,Admin,, f5,Big-IP,9.12,http,admin,admin,Administrator,, fastwire,Fastwire Bank Transfer,,,fastwire,fw,,, firebird,FirebirdSQL,,,SYSDBA,masterkey,,, flowpoint,100 IDSN,,,admin,admin,,, flowpoint,100 IDSN,,Admin,admin,admin,,, flowpoint,100 IDSN,,Telnet,admin,admin,Admin,, flowpoint,2200 SDSL,,,admin,admin,,, flowpoint,2200 SDSL,,Admin,admin,admin,,, flowpoint,2200 SDSL,,Telnet,admin,admin,Admin,, flowpoint,40 IDSL,,,admin,admin,,, flowpoint,40 IDSL,,Admin,admin,admin,,, flowpoint,40 IDSL,,Telnet,admin,admin,Admin,, flowpoint,DSL,,,,password,,, flowpoint,DSL,,2000,admin,admin,,, flowpoint,DSL,,Admin,,password,,, flowpoint,DSL,,Admin,admin,admin,,, flowpoint,DSL,,Telnet,,password,Admin,Installed by Covad, flowpoint,DSL,2000,Telnet,admin,admin,Admin,, flowpoint,Flowpoint DSL,,,admin,admin,Admin,, flowpoint,Flowpoint/2000 ADSL,,,,,,, flowpoint,Flowpoint/2000 ADSL,,Admin,,,,, flowpoint,Flowpoint/2000 ADSL,,Telnet,,,Admin,, fortigate,Fortinet firewall,,,admin,no password,,, fortinet,FortiGate 300A,n/d,Multi,admin,no password,HTTP,, fortinet,FortiGate firewall,,Multi,admin,no password,,, fortinet,FortiGate,,Telnet,admin,,Admin,, fortinet,FortiGate,,serial console,maintainer,pbcpbn(add serial number),Admin,, fortinet,Fortigate 300A,,HTTP SSH,admin,no password,,, foundry networks,IronView Network Manager,,Version 01.6.00a(service pack) 0620031754,admin,admin,,, foundry networks,ServerIron,,,,,,, foundrynetworks,IronView Network Manager,Version 01.6.00a(service pack) 0620031754,HTTP,admin,admin,Admin,, foundrynetworks,ServerIron,,,,,Admin,, freetech,PC BIOS,,,,Posterie,,, freetech,PC BIOS,,Admin,,Posterie,,, freetech,PC BIOS,,Console,,Posterie,Admin,, fujitsusiemens,Routers,,HTTP,,connect,Admin,, fujixerox,DocuPrint 3055,200911121222,http://10.0.14.50,,,admin,, fujixerox,Document Centre C450,,console,11111,x-admin,,http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, funk software,Steel Belted Radius,,3.x,admin,radius,,, funk software,Steel Belted Radius,,Admin,admin,radius,,, funksoftware,Steel Belted Radius,3.x,Proprietary,admin,radius,Admin,, funksoftware,Steel Belted Radius,450,,admin,radius,Admin,, galacticomm,Major BBS,,,Sysop,Sysop,,, galacticomm,Major BBS,,Admin,Sysop,Sysop,,, galacticomm,Major BBS,,Multi,Sysop,Sysop,Admin,, gandalf,XMUX,,,,console,,, gandalf,XMUX,,,,gandalf,,, gandalf,XMUX,,,,system,,, gandalf,XMUX,,,,xmux,,, gateway,WGR-200 Router,,,admin,admin,Admin,, gateway,WGR-250 Router,,,admin,admin,Admin,, ge,Data management system,,,administrator,Never!Mind,,, ge,Data management system,,,museadmin,Muse!Admin,,, ge,Data management system,1/2/3,Console,administrator,Never!Mind,,, ge,Data management system,1/2/3,Console,museadmin,Muse!Admin,,, ge,Enterprise Archive,,,administrator,eaadmin,,, ge,Enterprise Archive,1/2,Console,administrator,eaadmin,,, ge,Image management system,,,administrator,gemnet,,, ge,Image management system,1/2/3,Console,administrator,gemnet,,, ge,Maclab,,,mlcltechuser,mlcl!techuser,,, ge,Maclab,1,Console,mlcltechuser,mlcl!techuser,,, geeklog,Geeklog,,1.3.x,username,password,,, geeklog,Geeklog,1.3.x,MySQL,username,password,,, general instruments,Cable Modem,,,test,test,,, generalinstruments,SB2100D Cable Modem,,,test,test,,, gericom,Phoenix,,Multi,Administrator,,Admin,, giga,8ippro1000,,Multi,Administrator,admin,Admin,, gigabyte,GN-B49G,,,admin,admin,,, gigabyte,GN-B49G,,HTTP,admin,admin,,, gigabyte,GN-BR01G,,ip address,admin,admin,,, glftpd,glftpd,1.32,Other,glftpd,glftpd,ftp,, globespanvirata,GS8100,,,DSL,DSL,Admin,, globespanvirata,Viking,,Telnet,root,root,admin,, globespanvirata,Viking,,admin,root,root,,, globespanvirata,all models,all versions,http://192.168.1.1,WebAdmin,,,, gonet,,,,fast,abd234,,, gossamerthreads,dbMan,,,admin,admin,Change/Delete Data in Database,, gossamerthreads,dbMan,,,author,author,Change/Delete Data in Database,, gossamerthreads,dbMan,,,guest,guest,Change/Delete Data in Database,, grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,123,Config (End User),, grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,admin,Config (Advanced User),, grandstreamnetworks,HandyTone 286,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 286,,HTTP,End User,,,, grandstreamnetworks,HandyTone 286,,HTTP,End User,123,,, grandstreamnetworks,HandyTone 386,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 386,,HTTP,End User,,,, grandstreamnetworks,HandyTone 386,,HTTP,End User,123,,, grandstreamnetworks,HandyTone 486,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 486,,HTTP,End User,,,, grandstreamnetworks,HandyTone 486,,HTTP,End User,123,,, grandstreamnetworks,HandyTone 488,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 488,,HTTP,End User,,,, grandstreamnetworks,HandyTone 488,,HTTP,End User,123,,, grandstreamnetworks,HandyTone 496,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 496,,HTTP,End User,,,, grandstreamnetworks,HandyTone 496,,HTTP,End User,123,,, grandstreamnetworks,HandyTone Budgetone-100 IP Phone,,HTTP,,admin,administrator,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,,,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,123,,, greatspeed,DUO,,,admin,broadband,,, greatspeed,DUO,,HTTP,admin,broadband,,, guardone,BizGuard,,,n.a,guardone,,, guardone,BizGuard,,multi,,guardone,Admin,, guardone,Restrictor,,,,guardone,,, guardone,Restrictor,,multi,,guardone,Admin,, gvc,e800/rb4,,HTTP,Administrator,admin,Admin,, h2o project,Medialibrary,,,admin,admin,,, h2oproject,Medialibrary,,HTTP,admin,admin,Admin,, harris,DATU,,DTMF,,1111,,, harris,DATU,,DTMF,,1234,,, harris,DATU,,DTMF,,2345,,, harris,DATU,,DTMF,,4300,,, harris,DATU,,DTMF,,7373,,, harris,MAU,,Modem,,4372266,,, harris,SASS,,DTMF,,1111,,, harris,SASS,,DTMF,,1122,,, hawlett-packard,HP Omnibook 2100,,,,,,, hayes,Century,,MR200,system,isp,,, hayes,Century,MR200,,system,isp,Admin,, hewlett-packard,CommandView SDM,,Secure Manager,,AUTORAID,,, hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HPOFFICE DATA,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPONLY,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPP187 SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPWORD PUB,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,LOTUS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MANAGER,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MGR,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SERVICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SUPPORT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,FIELD.SUPPORT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MANAGER.SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MGR.SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,OP.OPERATOR,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,HPOFFICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MAIL,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MPE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,REMOTE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,TELESUP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,COGNOS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,HPOFFICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,ITF3000,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SECURITY,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TCH,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TELESUP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGE,VESOFT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CAROLIAN,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CCC,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CNAS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,COGNOS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CONV,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPDESK,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPOFFICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPONLY,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP187,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP189,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP196,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,INTX3,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ITF3000,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,NETBASE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,REGO,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,RJE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ROBELLE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SECURITY,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,TELESUP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,VESOFT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,WORD,,, hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,XLSERVER,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,COGNOS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,DISC,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SUPPORT,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYSTEM,,, hewlett-packard,HP 2000/3000 MPE/xx,,,PCUSER,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,RSBCMON,SYS,,, hewlett-packard,HP 2000/3000 MPE/xx,,,SPOOLMAN,HPOFFICE,,, hewlett-packard,HP 2000/3000 MPE/xx,,,WP,HPOFFICE,,, hewlett-packard,LaserJet Net Printers,,Admin,,,,, hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,,,,, hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,Anonymous,,,, hewlett-packard,LaserJet Net Printers,,User,,,,, hewlett-packard,LaserJet Net Printers,,User,Anonymous,,,, hewlett-packard,Vectra,,,,hewlpack,,, hewlett-packard,Vectra,,Admin,,hewlpack,,, hewlett-packard,Webmin,,0.84,admin,hp.com,,, hewlettpackard,CommandView SDM,,Multi,N/A,AUTORAID,Secure Manager,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HP,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HPOFFICE DATA,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPONLY,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPP187 SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPWORD PUB,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,LOTUS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MANAGER,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MGR,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SERVICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SUPPORT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,FIELD.SUPPORT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MANAGER.SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MGR.SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,OP.OPERATOR,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,HPOFFICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MAIL,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MPE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,REMOTE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,TELESUP,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,COGNOS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,HPOFFICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,ITF3000,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SECURITY,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TCH,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TELESUP,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGE,VESOFT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CAROLIAN,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CCC,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CNAS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,COGNOS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CONV,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPDESK,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPOFFICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPONLY,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP187,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP189,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP196,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,INTX3,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ITF3000,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,NETBASE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,REGO,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,RJE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ROBELLE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SECURITY,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,TELESUP,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,VESOFT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,WORD,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,XLSERVER,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,COGNOS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,DISC,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SUPPORT,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYSTEM,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,PCUSER,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,RSBCMON,SYS,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,SPOOLMAN,HPOFFICE,,, hewlettpackard,HP 2000/3000 MPE/xx,,Multi,WP,HPOFFICE,,, hewlettpackard,HP Jetdirect (All Models),,,,,,Any, hewlettpackard,ISEE,,Multi,admin,isee,Admin,, hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,9100,,,User,Type what you want and close telnet session to print it out, hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,FTP,Anonymous,,User,send files to be printed, hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,HTTP,,,Admin,HTTP interface, hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,Telnet,,,Admin,press enter twice if no response in telnet, hewlettpackard,MPE-XL,,,HELLO,FIELD.SUPPORT,,, hewlettpackard,MPE-XL,,,HELLO,MANAGER.SYS,,, hewlettpackard,MPE-XL,,,HELLO,MGR.SYS,,, hewlettpackard,MPE-XL,,,MANAGER,HPOFFICE,,, hewlettpackard,MPE-XL,,,MGR,CAROLIAN,,, hewlettpackard,MPE-XL,,,MGR,CCC,,, hewlettpackard,MPE-XL,,,OPERATOR,COGNOS,,, hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, hewlettpackard,iLo,,http,oper,oper,,, hewlettpackard,sa7200,,Multi,admin,,Admin,, hewlettpackard,sa7200,,Multi,admin,admin,Admin,, hewlettpackard,webmin,0.84,HTTP,admin,hp.com,Admin,, honeywell,Experion,,,LocalComServer,LCS pwd 03,,, honeywell,Experion,,,TPSLocalServer,TLS pwd 03,,, horizon datasys,FoolProof,,,,foolproof,,, horizondatasys,FoolProof,,,,foolproof,Admin,, hosting controller,Hosting Controller,,,AdvWebadmin,advcomm500349,,, hp,sa7200,,,admin,,,, hp,sa7200,,Admin,admin,,,, hp,sa7200,,Admin,admin,admin,,, huawei,B932,,http:192.168.1.1,,,,, huawei,MT880r,,Multi,TMAR#HWMT8007079,,Admin,, huawei,SmartAX MT882,,,admin,admin,,, huawei,e226,,,admin,admin,,, huwai,Modem,,,Admin,admin,,, huwai,Modem,,Multi,Admin,admin,,, iblitzz,BWA711/All Models,All,HTTP,admin,admin,Admin,This Information Works On All Models Of The Blitzz Line, ibm,2210,,,def,trade,,RIP, ibm,3534 F08 Fibre Switch,,,admin,password,,, ibm,3534 F08 Fibre Switch,,Admin,admin,password,,, ibm,3534 F08 Fibre Switch,,Multi,admin,password,Admin,, ibm,3583 Tape Library,,HTTP,admin,secure,Admin,, ibm,390e,,,,admin,,, ibm,390e,,Admin,,admin,,, ibm,390e,,Multi,,admin,Admin,, ibm,600x,,,,admin,,, ibm,600x,,Admin,,admin,,, ibm,600x,,Multi,,admin,Admin,, ibm,8224 HUB,,,vt100,public,,, ibm,8224 HUB,,Admin,vt100,public,,, ibm,8224 HUB,,Multi,vt100,public,Admin,Swap MAC address chip from other 8224, ibm,8225,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, ibm,8225,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, ibm,8225,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, ibm,8237,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, ibm,8237,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, ibm,8237,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, ibm,8239 Token Ring HUB,,2.5,,R1QTPS,,, ibm,8239 Token Ring HUB,,Utility Program,,R1QTPS,,, ibm,8239 Token Ring HUB,2.5,Console,,R1QTPS,Utility Program,, ibm,A21m,,,,,,, ibm,A21m,,Admin,,,,, ibm,A21m,,Multi,,,Admin,, ibm,AIX,,,guest,guest,,, ibm,AIX,,4.X,admin,admin,,, ibm,AIX,,Multi,guest,,User,, ibm,AIX,,Multi,guest,guest,User,, ibm,AIX,,User,admin,admin,,, ibm,AIX,,User,guest,,,, ibm,AIX,,User,guest,guest,,, ibm,AIX,4.X,Multi,admin,admin,User,, ibm,AS/400,,,QSECOFR,QSECOFR,,Any, ibm,AS/400,,,QSRV,QSRV,,, ibm,AS/400,,,QSRVBAS,QSRVBAS,,, ibm,AS/400,,,QUSER,QUSER,,OS/400, ibm,AS/400,,,qpgmr,qpgmr,,, ibm,AS/400,,,qsysopr,qsysopr,,, ibm,Aptiva,,,,,CMOS,Press both mouse buttons repeatedly during boot to bypass CMOS password, ibm,Ascend OEM Routers,,,,ascend,,, ibm,Ascend OEM Routers,,Admin,,ascend,,, ibm,Ascend OEM Routers,,Telnet,,ascend,Admin,, ibm,BladeCenter Mgmt Console,,HTTP,USERID,PASSW0RD,Admin,, ibm,CICS,,,$SRV,$SRV,,, ibm,CICS,,,CICSUSER,CISSUS,,, ibm,CICS,,,DBDCCICS,DBDCCIC,,, ibm,CICS,,,FORSE,FORSE,,, ibm,CICS,,,OPER,OPER,,, ibm,CICS,,,POST,BASE,,, ibm,CICS,,,PRODCICS,PRODCICS,,, ibm,CICS,,,PROG,PROG,,, ibm,CICS,,,SYSA,SYSA,,, ibm,CICS,,,VCSRV,VCSRV,,, ibm,DB2,,,db2admin,db2admin,,WinNT, ibm,DB2,,,db2fenc1,db2fenc1,,, ibm,Directory - Web Administration Tool,5.1,HTTP,superadmin,secret,Admin,Documented in Web Administration Guide, ibm,Fibre Switch,,3534 F08,admin,password,,, ibm,Hardware Management Console,3,ssh,hscroot,abc123,Admin,, ibm,IBM,,Multi,,,Admin,, ibm,Infoprint 6700,,Multi,root,,Admin,Also works for older 4400 printers and probably Printronics equivalents as well., ibm,LAN Server / OS/2,,,username,password,,2.1 3.0 4., ibm,Lotus Domino Go WebServer (net.commerce edition),,,webadmin,webibm,,ANY ?, ibm,NetCommerce PRO,,,ncadmin,ncadmin,,3.2, ibm,OS/400,,,11111111,11111111,,, ibm,OS/400,,,22222222,22222222,,, ibm,OS/400,,,QSECOFR,QSECOFR,,OS/400, ibm,OS/400,,,ibm,2222,,, ibm,OS/400,,,ibm,password,,, ibm,OS/400,,,ibm,service,,, ibm,OS/400,,,qpgmr,qpgmr,,, ibm,OS/400,,,qsecofr,11111111,,, ibm,OS/400,,,qsecofr,22222222,,, ibm,OS/400,,,qsecofr,qsecofr,,, ibm,OS/400,,,qserv,qserv,,, ibm,OS/400,,,qsrv,qsrv,,, ibm,OS/400,,,qsrvbas,qsrvbas,,, ibm,OS/400,,,qsvr,ibmcel,,, ibm,OS/400,,,qsvr,qsvr,,, ibm,OS/400,,,qsysopr,qsysopr,,, ibm,OS/400,,,quser,quser,,, ibm,OS/400,,,secofr,secofr,,, ibm,OS/400,,,sedacm,secacm,,, ibm,OS/400,,,sysopr,sysopr,,, ibm,OS/400,,,user,USERP,,, ibm,OS/400,,Multi,11111111,11111111,,, ibm,OS/400,,Multi,22222222,22222222,,, ibm,OS/400,,Multi,ibm,2222,,, ibm,OS/400,,Multi,ibm,password,,, ibm,OS/400,,Multi,ibm,service,,, ibm,OS/400,,Multi,qpgmr,qpgmr,,, ibm,OS/400,,Multi,qsecofr,11111111,,, ibm,OS/400,,Multi,qsecofr,22222222,,, ibm,OS/400,,Multi,qsecofr,qsecofr,,, ibm,OS/400,,Multi,qserv,qserv,,, ibm,OS/400,,Multi,qsrv,11111111,,, ibm,OS/400,,Multi,qsrv,22222222,,, ibm,OS/400,,Multi,qsrv,qsrv,,, ibm,OS/400,,Multi,qsrvbas,qsrvbas,,, ibm,OS/400,,Multi,qsvr,ibmcel,,, ibm,OS/400,,Multi,qsvr,qsvr,,, ibm,OS/400,,Multi,qsysopr,qsysopr,,, ibm,OS/400,,Multi,quser,quser,,, ibm,OS/400,,Multi,secofr,secofr,,, ibm,OS/400,,Multi,sedacm,sedacm,,, ibm,OS/400,,Multi,sysopr,sysopr,,, ibm,OS/400,,Multi,userp,,No,, ibm,PC BIOS,,,,IBM,,, ibm,PC BIOS,,,,sertafu,,, ibm,PC BIOS,,Admin,,IBM,,, ibm,PC BIOS,,Admin,,MBIU0,,, ibm,PC BIOS,,Admin,,sertafu,,, ibm,PC BIOS,,Console,,IBM,Admin,, ibm,PC BIOS,,Console,,MBIU0,Admin,, ibm,PC BIOS,,Console,,merlin,No,, ibm,PC BIOS,,Console,,sertafu,Admin,, ibm,POS CMOS,,,ESSEX,,,, ibm,POS CMOS,,,IPC,,,, ibm,POS CMOS,,Console,ESSEX,,,, ibm,POS CMOS,,Console,IPC,,,, ibm,RACF,,,IBMUSER,SYS1,,, ibm,RS/6000,,,root,ibm,,AIX, ibm,RSA,,9091,wpsadmin,wpsadmin,,, ibm,RSA,5.0,HTTP,wpsadmin,wpsadmin,9091,, ibm,Remote Supervisor Adapter (RSA),,HTTP,USERID,PASSW0RD,Admin,, ibm,T20,,Multi,,admin,Admin,, ibm,T42,,HTTP,Administrator,admin,Admin,, ibm,TS3100(3573-L2U),,http,admin,secure,,, ibm,TS3100,,,admin,secure,,, ibm,Tivoli,,,admin,admin,,, ibm,Tivoli,,HTTP,admin,admin,Admin,, ibm,TotalStorage Enterprise Server,,,storwatch,specialist,,, ibm,TotalStorage Enterprise Server,,Admin,storwatch,specialist,,, ibm,TotalStorage Enterprise Server,,Multi,storwatch,specialist,Admin,, ibm,TotalStorage,,,storwatch,specialist,,, ibm,VM/CMS,,,$ALOC$,,,, ibm,VM/CMS,,,ADMIN,,,, ibm,VM/CMS,,,AP2SVP,,,, ibm,VM/CMS,,,APL2PP,,,, ibm,VM/CMS,,,AUTOLOG1,,,, ibm,VM/CMS,,,BATCH,,,, ibm,VM/CMS,,,BATCH1,,,, ibm,VM/CMS,,,BATCH2,,,, ibm,VM/CMS,,,CCC,,,, ibm,VM/CMS,,,CMSBATCH,,,, ibm,VM/CMS,,,CMSUSER,,,, ibm,VM/CMS,,,CPNUC,,,, ibm,VM/CMS,,,CPRM,,,, ibm,VM/CMS,,,CSPUSER,,,, ibm,VM/CMS,,,CVIEW,,,, ibm,VM/CMS,,,DATAMOVE,,,, ibm,VM/CMS,,,DEMO1,,,, ibm,VM/CMS,,,DEMO2,,,, ibm,VM/CMS,,,DEMO3,,,, ibm,VM/CMS,,,DEMO4,,,, ibm,VM/CMS,,,DIRECT,,,, ibm,VM/CMS,,,DIRMAINT,,,, ibm,VM/CMS,,,DISKCNT,,,, ibm,VM/CMS,,,EREP,,,, ibm,VM/CMS,,,FSFADMIN,,,, ibm,VM/CMS,,,FSFTASK1,,,, ibm,VM/CMS,,,FSFTASK2,,,, ibm,VM/CMS,,,GCS,,,, ibm,VM/CMS,,,IDMS,,,, ibm,VM/CMS,,,IDMSSE,,,, ibm,VM/CMS,,,IIPS,,,, ibm,VM/CMS,,,IPFSERV,,,, ibm,VM/CMS,,,ISPVM,,,, ibm,VM/CMS,,,IVPM1,,,, ibm,VM/CMS,,,IVPM2,,,, ibm,VM/CMS,,,MAINT,,,, ibm,VM/CMS,,,MOESERV,,,, ibm,VM/CMS,,,NEVIEW,,,, ibm,VM/CMS,,,OLTSEP,,,, ibm,VM/CMS,,,OP1,,,, ibm,VM/CMS,,,OPERATIONS,OPERATIONS,,, ibm,VM/CMS,,,OPERATNS,,,, ibm,VM/CMS,,,OPERATOR,,,, ibm,VM/CMS,,,PDMREMI,,,, ibm,VM/CMS,,,PENG,,,, ibm,VM/CMS,,,PROCAL,,,, ibm,VM/CMS,,,PRODBM,,,, ibm,VM/CMS,,,PROMAIL,,,, ibm,VM/CMS,,,PSFMAINT,,,, ibm,VM/CMS,,,PVM,,,, ibm,VM/CMS,,,RDM470,,,, ibm,VM/CMS,,,ROUTER,,,, ibm,VM/CMS,,,RSCS,,,, ibm,VM/CMS,,,RSCSV2,,,, ibm,VM/CMS,,,SAVSYS,,,, ibm,VM/CMS,,,SFCMI,,,, ibm,VM/CMS,,,SFCNTRL,,,, ibm,VM/CMS,,,SMART,,,, ibm,VM/CMS,,,SQLDBA,,,, ibm,VM/CMS,,,SQLUSER,,,, ibm,VM/CMS,,,SYSADMIN,,,, ibm,VM/CMS,,,SYSCKP,,,, ibm,VM/CMS,,,SYSDUMP1,,,, ibm,VM/CMS,,,SYSERR,,,, ibm,VM/CMS,,,SYSWRM,,,, ibm,VM/CMS,,,TDISK,,,, ibm,VM/CMS,,,TEMP,,,, ibm,VM/CMS,,,TSAFVM,,,, ibm,VM/CMS,,,VASTEST,,,, ibm,VM/CMS,,,VM3812,,,, ibm,VM/CMS,,,VMARCH,,,, ibm,VM/CMS,,,VMASMON,,,, ibm,VM/CMS,,,VMASSYS,,,, ibm,VM/CMS,,,VMBACKUP,,,, ibm,VM/CMS,,,VMBSYSAD,,,, ibm,VM/CMS,,,VMMAP,,,, ibm,VM/CMS,,,VMTAPE,,,, ibm,VM/CMS,,,VMTLIBR,,,, ibm,VM/CMS,,,VMUTIL,,,, ibm,VM/CMS,,,VSEIPO,,,, ibm,VM/CMS,,,VSEMAINT,,,, ibm,VM/CMS,,,VSEMAN,,,, ibm,VM/CMS,,,VTAM,,,, ibm,VM/CMS,,,VTAM,VTAM,,, ibm,VM/CMS,,,VTAMUSER,,,, ibm,VM/CMS,,Multi,$ALOC$,,,, ibm,VM/CMS,,Multi,ADMIN,,,, ibm,VM/CMS,,Multi,AP2SVP,,,, ibm,VM/CMS,,Multi,APL2PP,,,, ibm,VM/CMS,,Multi,AUTOLOG1,,,, ibm,VM/CMS,,Multi,BATCH,,,, ibm,VM/CMS,,Multi,BATCH1,,,, ibm,VM/CMS,,Multi,BATCH2,,,, ibm,VM/CMS,,Multi,CCC,,,, ibm,VM/CMS,,Multi,CMSBATCH,,,, ibm,VM/CMS,,Multi,CMSBATCH,CMSBATCH,,, ibm,VM/CMS,,Multi,CMSUSER,,,, ibm,VM/CMS,,Multi,CPNUC,,,, ibm,VM/CMS,,Multi,CPRM,,,, ibm,VM/CMS,,Multi,CSPUSER,,,, ibm,VM/CMS,,Multi,CVIEW,,,, ibm,VM/CMS,,Multi,DATAMOVE,,,, ibm,VM/CMS,,Multi,DEMO1,,,, ibm,VM/CMS,,Multi,DEMO2,,,, ibm,VM/CMS,,Multi,DEMO3,,,, ibm,VM/CMS,,Multi,DEMO4,,,, ibm,VM/CMS,,Multi,DIRECT,,,, ibm,VM/CMS,,Multi,DIRMAINT,,,, ibm,VM/CMS,,Multi,DISKCNT,,,, ibm,VM/CMS,,Multi,EREP,,,, ibm,VM/CMS,,Multi,FSFADMIN,,,, ibm,VM/CMS,,Multi,FSFTASK1,,,, ibm,VM/CMS,,Multi,FSFTASK2,,,, ibm,VM/CMS,,Multi,GCS,,,, ibm,VM/CMS,,Multi,IDMS,,,, ibm,VM/CMS,,Multi,IDMSSE,,,, ibm,VM/CMS,,Multi,IIPS,,,, ibm,VM/CMS,,Multi,IPFSERV,,,, ibm,VM/CMS,,Multi,ISPVM,,,, ibm,VM/CMS,,Multi,IVPM1,,,, ibm,VM/CMS,,Multi,IVPM2,,,, ibm,VM/CMS,,Multi,MAINT,,,, ibm,VM/CMS,,Multi,MAINT,MAINT,,, ibm,VM/CMS,,Multi,MOESERV,,,, ibm,VM/CMS,,Multi,NEVIEW,,,, ibm,VM/CMS,,Multi,OLTSEP,,,, ibm,VM/CMS,,Multi,OP1,,,, ibm,VM/CMS,,Multi,OPERATNS,,,, ibm,VM/CMS,,Multi,OPERATNS,OPERATNS,,, ibm,VM/CMS,,Multi,OPERATOR,,,, ibm,VM/CMS,,Multi,OPERATOR,OPERATOR,,, ibm,VM/CMS,,Multi,PDMREMI,,,, ibm,VM/CMS,,Multi,PENG,,,, ibm,VM/CMS,,Multi,PROCAL,,,, ibm,VM/CMS,,Multi,PRODBM,,,, ibm,VM/CMS,,Multi,PROMAIL,,,, ibm,VM/CMS,,Multi,PSFMAINT,,,, ibm,VM/CMS,,Multi,PVM,,,, ibm,VM/CMS,,Multi,RDM470,,,, ibm,VM/CMS,,Multi,ROUTER,,,, ibm,VM/CMS,,Multi,RSCS,,,, ibm,VM/CMS,,Multi,RSCSV2,,,, ibm,VM/CMS,,Multi,SAVSYS,,,, ibm,VM/CMS,,Multi,SFCMI,,,, ibm,VM/CMS,,Multi,SFCNTRL,,,, ibm,VM/CMS,,Multi,SMART,,,, ibm,VM/CMS,,Multi,SQLDBA,,,, ibm,VM/CMS,,Multi,SQLUSER,,,, ibm,VM/CMS,,Multi,SYSADMIN,,,, ibm,VM/CMS,,Multi,SYSCKP,,,, ibm,VM/CMS,,Multi,SYSDUMP1,,,, ibm,VM/CMS,,Multi,SYSERR,,,, ibm,VM/CMS,,Multi,SYSWRM,,,, ibm,VM/CMS,,Multi,TDISK,,,, ibm,VM/CMS,,Multi,TEMP,,,, ibm,VM/CMS,,Multi,TSAFVM,,,, ibm,VM/CMS,,Multi,VASTEST,,,, ibm,VM/CMS,,Multi,VM3812,,,, ibm,VM/CMS,,Multi,VMARCH,,,, ibm,VM/CMS,,Multi,VMASMON,,,, ibm,VM/CMS,,Multi,VMASSYS,,,, ibm,VM/CMS,,Multi,VMBACKUP,,,, ibm,VM/CMS,,Multi,VMBSYSAD,,,, ibm,VM/CMS,,Multi,VMMAP,,,, ibm,VM/CMS,,Multi,VMTAPE,,,, ibm,VM/CMS,,Multi,VMTLIBR,,,, ibm,VM/CMS,,Multi,VMUTIL,,,, ibm,VM/CMS,,Multi,VSEIPO,,,, ibm,VM/CMS,,Multi,VSEMAINT,,,, ibm,VM/CMS,,Multi,VSEMAN,,,, ibm,VM/CMS,,Multi,VTAM,,,, ibm,VM/CMS,,Multi,VTAM,VTAM,,, ibm,VM/CMS,,Multi,VTAMUSER,,,, ibm,a20m,,,,admin,,, ibm,a20m,,Admin,,admin,,, ibm,a20m,,Multi,,admin,Admin,, ibm,management hw,,Multi,USERID,PASSW0RD,admin,, ibm,management hw,,admin,USERID,PASSW0RD,,, ibm,routers,,router,msmadhuastro@gmail.com,06725A1201,,, ibm,switch,8275-217,Telnet,admin,,Admin,, imai,Traffic Shaper,TS-1012,HTTP,,,Admin,default IP 1.2.3.4, imperiasoftware,Imperia Content Managment System,,,superuser,superuser,,Unix/NT, informix,Database,,,informix,informix,,, infosmart,SOHO router,,HTTP,admin,0,Admin,, infotec,ISC2525,System v1.67 / NIB v5.14 / WIM v1.10,http://192.168.0.100,admin,,Admin,, infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,admin,infrant1,administrator,, infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,root,see note,,root password is generated on each boot with a hardcoded algorithm and the password cannot be permanently changed - once discovered it will always work after the device is rebooted, innovaphone,IP20,,Admin,admin,ip20,,, innovaphone,IP20,,Multi,admin,ip20,Admin,, innovaphone,IP3000,,Admin,admin,ip3000,,, innovaphone,IP3000,,Multi,admin,ip3000,Admin,, innovaphone,IP305,,,admin,ip305Beheer,,, innovaphone,IP400,,Admin,admin,ip400,,, innovaphone,IP400,,Multi,admin,ip400,Admin,, integraltechnologies,RemoteView,4,Console,Administrator,letmein,Admin,, integratednetworks,IP Phone,IN1002,HTTP,Administrator,1234,Admin,, integratednetworks,IP Phone,IN1002,HTTP,Administrator,12345678,Admin,, integratednetworks,IP Phone,IN1002,HTTP,Administrator,19750407,Admin,, intel,Express 520T Switch,,,setup,setup,,, intel,Express 520T Switch,,Multi,setup,setup,User,, intel,Express 520T Switch,,User,setup,setup,,, intel,Express 9520 Router,,,NICONEX,NICONEX,,, intel,Express 9520 Router,,Multi,NICONEX,NICONEX,User,, intel,Express 9520 Router,,User,NICONEX,NICONEX,,, intel,LanRover VPN Gateway,,6.0 >,,shiva,,, intel,LanRover VPN Gateway,,< 6.0,,isolation,,, intel,LanRover VPN Gateway,6.0+,multi,,shiva,Admin,, intel,LanRover VPN Gateway,below 6.0,multi,,isolation,Admin,, intel,LanRover,6.7,Console,root,admin,Admin,, intel,NetporrExpress,,,,,,, intel,NetporrExpress,,Admin,,,,, intel,Netstructure,480t,Telnet,admin,,Admin,, intel,Shiva Access Port,All,Telnet,admin,hello,Admin,, intel,Shiva LanRover,,,Guest,,User,, intel,Shiva LanRover,,Multi,root,,Admin,, intel,Shiva Lanrovers,,,root,,,, intel,Shiva Lanrovers,,Admin,root,,,, intel,Shiva Mezza ISDN Router,All,Telnet,admin,hello,Admin,, intel,Shiva,,,Guest,,,, intel,Shiva,,,root,,,, intel,Shiva,,Admin,root,,,, intel,Shiva,,Multi,Guest,,User,, intel,Shiva,,User,Guest,,,, intel,Wireless AP 2011,,2.21,,Intel,,, intel,Wireless AP 2011,,Admin,,Intel,,, intel,Wireless AP 2011,2.21,Multi,,Intel,Admin,, intel,Wireless Gateway,,3.x,intel,intel,,, intel,Wireless Gateway,,Admin,intel,intel,,, intel,Wireless Gateway,3.x,HTTP,intel,intel,Admin,, intel,intel,,,khan,kahn,,, intel,intel,1,Multi,khan,kahn,,, intel,lan rover,,6.7,root,admin,,, intel,lan rover,,Admin,root,admin,,, intel,netstructure,,480t,admin,,,, intel,netstructure,,Admin,admin,,,, intellitouch,ITC3002 VoIP Telephone Deskset,,HTTP/phone,administrator,1234,Admin,, interbase,Interbase Database Server,,Admin,SYSDBA,masterkey,,, interbase,Interbase Database Server,,All,SYSDBA,masterkey,,, interbase,Interbase Database Server,All,Multi,SYSDBA,masterkey,Admin,, intermec,EasyLAN,,10i2,,intermec,,, intermec,EasyLAN,10i2,HTTP,,intermec,Admin,, intermec,Mobile LAN,5.25,Multi,intermec,intermec,Admin,, intermec,PF2i,,Multi,admin,pass,Admin,, internetarchive,Heritrix,1.6.0,,admin,letmein,Admin,, intershop,Intershop,,4,operator,$chwarzepumpe,,, intershop,Intershop,,Admin,operator,$chwarzepumpe,,, intershop,Intershop,4,HTTP,operator,$chwarzepumpe,Admin,, intersystems,Cache Post-RDMS,,Console,system,sys,Admin,Change immediately, intex,organizer,,,,,,, intex,organizer,,Admin,,,,, intex,organizer,,Multi,,,Admin,, intuit,Quickbooks,,1.0,admin,(no-default-password),,, intuit,Quickbooks,,2.0,admin,(no-default-password),,, intuit,Quickbooks,,2004,admin,(no-default-password),,, intuit,Quickbooks,,2005,admin,(no-default-password),,, intuit,Quickbooks,,2006,admin,(no-default-password),,, intuit,Quickbooks,,2007,admin,(no-default-password),,, intuit,Quickbooks,,2008,admin,(no-default-password),,, intuit,Quickbooks,,2009,admin,(no-default-password),,, intuit,Quickbooks,,2010,admin,(no-default-password),,, intuit,Quickbooks,,2011,admin,(no-default-password),,, intuit,Quickbooks,,3.0,admin,(no-default-password),,, intuit,Quickbooks,,4.0,admin,(no-default-password),,, intuit,Quickbooks,,5.0,admin,(no-default-password),,, intuit,Quickbooks,,6.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 1.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 10.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 11.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 4.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 5.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 6.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 7.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 8.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 9.0,admin,(no-default-password),,, inventelwanadoo,LiveBox,D34A,,Admin,Admin,Admin,, ipstar,iPSTAR Network Box,v.2+,HTTP,admin,operator,Admin,iPSTAR Network Box is used by the CSLoxInfo Broadband Satellite system., ipstar,iPSTAR Satellite Router/Radio,v2,HTTP,admin,operator,Admin,For CSLoxInfo and iPSTAR Customers, ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,,, ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,Admin,User's realname: Local Session Manager, ipswitch,Whats up Gold 6.0,,,admin,admin,,Windows 9x a, irc,IRC Daemon,,,,FOOBAR,,, irc,IRC Daemon,,IRC,,FOOBAR,,, ironport,C30,,,admin,ironport,,, ironport,C30,,http,admin,ironport,Admin,, ironport,Messaging Gateway Appliance,,Multi,admin,ironport,Admin,, ironport,S650,,https,admin,ironport,,, iso sistemi,winwork,,,,,,, iso sistemi,winwork,,Admin,,,,, iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, jd edwards,WorldVision/OneWorld,,Admin/SECOFR,JDE,JDE,,, jd edwards,WorldVision/OneWorld,,All(?),JDE,JDE,,, jdedwards,WorldVision/OneWorld,,Multi,PRODDTA,PRODDTA,Admin,Owner of database tables and objects, jdedwards,WorldVision/OneWorld,All(?),Console,JDE,JDE,Admin/SECOFR,, jdedwards,WorldVision/OneWorld,All(?),TCP 1964,JDE,JDE,Admin/SECOFR,, jds microprocessing,Hydra 3000,,Admin,hydrasna,,,, jds microprocessing,Hydra 3000,,r2.02,hydrasna,,,, jdsmicroprocessing,Hydra 3000,r2.02,Console,hydrasna,,Admin,, jetform,Jetform Design,,,Jetform,,,, jetform,Jetform Design,,Admin,Jetform,,,, jetform,Jetform Design,,HTTP,Jetform,,Admin,, jetway,PC BIOS,,,,spooml,,, jetway,PC BIOS,,Admin,,spooml,,, jetway,PC BIOS,,Console,,spooml,Admin,, johnson controls,HVAC System,,,johnson,control,,, johnsoncontrols,HVAC System,,modem,johnson,control,,, joss technology,PC BIOS,,,,57gbzb,,, joss technology,PC BIOS,,,,technolgi,,, joss technology,PC BIOS,,Admin,,57gbzb,,, joss technology,PC BIOS,,Admin,,technolgi,,, josstechnology,PC BIOS,,Console,,57gbzb,Admin,, josstechnology,PC BIOS,,Console,,technolgi,Admin,, juniper,All,,,root,,,Junos 4.4, juniper,CMS,All versions,https,root,juniper,admin access,, juniper,ISG2000,,Multi,netscreen,netscreen,Admin,Just a note - netscreen is now made by Juniper - otherwise no change, juniper,Peribit,,,admin,peribit,Admin,, juniper,ScreenOS,All,ssh or http,netscreen,netscreen,admin,, juniper,all mode,7.6R1.9,http://118.98.171.65,,,root,administrator juniper, justin hagstrom,AutoIndex,,1.3.2,admin,admin,,, justin hagstrom,AutoIndex,,1.3.2,test,test,,, justinhagstrom,AutoIndex,1.3.2,,admin,admin,Admin,, justinhagstrom,AutoIndex,1.3.2,,test,test,,, kalatel,Calibur DSR-2000e,,Multi,,3477,Admin,, kalatel,Calibur DSR-2000e,,on-screen menu system,,8111,restore factory defaults,, kaptest,usmle,,,admin,,,, kaptest,usmle,,Admin,admin,,,, kaptest,usmle,,HTTP,admin,,Admin,, kethinov,Kboard Forum,,0.3.x,root,password,,, kethinov,Kboard Forum,0.3.x,SQL,root,password,Admin,, keyscan,Keyscan System V,,admin,keyscan,KEYSCAN,,, keyscan,Keyscan System V,5.2,Console,keyscan,KEYSCAN,admin,, konica minolta,7255,,admin,,sysadm,,, konicaminolta,1690MF,1.0,web,,sysAdmin,root,, konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is "administrator" fully spelled out all lower case., konicaminolta,4650,,HTTP,admin,administrator,admin,, konicaminolta,7216,7216,http,,sysadm,Admin,, konicaminolta,7255,,Multi,,sysadm,admin,, konicaminolta,BIZHUB 7272 / IP-511A,Type A,IP,,sysadm,admin,, konicaminolta,BizHUB 160(f),,HTTP,N/A,sysadm,,, konicaminolta,Bizhub C10,,http,,MagiMFP,Admin,, konicaminolta,Bizhub C20,,,,000000,,, konicaminolta,C20,,http://xxx.xxx.xxx.xxx,Administrator,Administrator,from the login webpage,, konicaminolta,C253,,Console,,12345678,admin,Tried what was listed at url and it worked on device :http://www.fixya.com/support/t888192-konica_minolta_bizbub_c253, konicaminolta,C350,,,,00000000,,often either 00000000 or 12345678 on all KM printers, konicaminolta,C352,,console/network,,12345678,,, konicaminolta,Di 2010f,,HTTP,,0,Admin,Printer configuration interface, konicaminolta,Di3510,,web,,00000000,,, konicaminolta,Di470,,Admin Panel,,0000,admin,, konicaminolta,Magiccolor 4690MF,all,http,,sysadm,Administrator,, konicaminolta,Magicolor 2450,,front panel,,KM2450,,, konicaminolta,Magicolor 2530DL,,,,administrator,,, konicaminolta,Magicolor 5450D,All versions,HTTP,admin,,,, konicaminolta,bizhub 163/211,bizhub 163/211,http,,sysadm,administrator,, konicaminolta,bizhub 420,,console,,12345678,,, konicaminolta,bizhub c203,all,all,,12345678,,, konicaminolta,magicolor 2300 DL,,Multi,,1234,Admin,, konicaminolta,magicolor 2430DL,All,Multi,,,Admin,Taken from reference manual for product, kragerenergibredbnd,mozilla firefoz,802.11G - 2,4ghz,BREDBNDKABEL,ADMIN,,11G 2, kti,KS-2260,,Telnet,superuser,123456,special CLI,can be disabled by renaming the regular login name to superuser, kti,KS2260,,Console,admin,123,Admin,, kti,KS2600,,Console,admin,123456,Admin,, kyocera,EcoLink,,7.2,,PASSWORD,,, kyocera,EcoLink,,Admin,,PASSWORD,,, kyocera,EcoLink,7.2,HTTP,,PASSWORD,Admin,, kyocera,FS- 5XXX,,http://,,admin00,,, kyocera,FS-1020D,,HTTP,admin,,Admin,, kyocera,FS-1020D,,HTTP,admin,admin,Admin,, kyocera,FS-1028MFP,,http,,admin00,,, kyocera,FS-1128MFP,,,,admin00,,, kyocera,FS-1350DN,,http://,,admin00,,, kyocera,FS-3920DN,,Web,,admin00,,, kyocera,FS-4020 DN,,HTTP,/,admin00,,, kyocera,FS-C5100DN,,http,,admin00,,, kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, kyocera,TASKalfa 250ci,,IP,,admin00,,, kyocera,TaskAlfa 520i,All versions,Console,5200,5200,Machine Administrator,, kyocera,Taskalfa i300,,web-access/tray,admin00/3000,admin00/3000,admin,, kyocera,Telnet Server IB-20/21,,,root,root,,, kyocera,Telnet Server IB-20/21,,Admin,root,root,,, kyocera,Telnet Server IB-20/21,,multi,root,root,Admin,, lacie,2Big Network,,,admin,admin,admin console,, lacie,Ethernet Big Disk,,ftp://EthernetBD,admin,admin,Big Disk Administration,, lacie,Ethernet Disk Mini 500GB,,,admin,admin,Admin,, lacie,Ethernet Disk Mini,all sizes,http://edmini,admin,admin,Administrator's Console,, lacie,Ethernet Disk RAID,1.4,HTTP,admin,storage,Manager console,, lacie,Ethernet Disk,,multi,,admin,Administrator password,, lacie,Ethernet Disk,,multi,myuser,myuser,Default user has access to default public folder,, lacie,lacie ethernet Disk,,,administrator,admin,,, lancom,IL11,,Multi,,,Admin,, lanier,5618,,,,sysadm,,, lanier,5618,,Multi,,sysadm,,, lanier,LD120d,,web,Administrator,password,admin,, lanier,mpc 2500,1.,Deault ip,admin,LEAVE ME BLANK,,, lantronics,Lantronics Terminal Server,,,,access,,, lantronics,Lantronics Terminal Server,,Admin,,access,,, lantronics,Lantronics Terminal Server,,Admin,,system,,, lantronix,ETS16P,,,,,,, lantronix,ETS16P,,Multi,,,Admin,secondary priv. password: system, lantronix,ETS16PR,,,,,,, lantronix,ETS32PR,,,,,,, lantronix,ETS32PR,,Multi,,,Admin,secondary priv. password: system, lantronix,ETS422PR,,,,,,, lantronix,ETS422PR,,Multi,,,Admin,secondary priv. password: system, lantronix,ETS4P,,,,,,, lantronix,ETS4P,,Multi,,,Admin,secondary priv. password: system, lantronix,LPS1-T Print Server,,,any,system,,j11-16, lantronix,LSB4,,,any,system,,any, lantronix,Lantronix Terminal,,,,lantronix,,, lantronix,Lantronix Terminal,,Admin,,lantronix,,, lantronix,SCS100,,,,access,,, lantronix,SCS100,,Multi,,access,Admin,secondary priv. password: system, lantronix,SCS1620,,,sysadmin,PASS,,, lantronix,SCS1620,,Multi,sysadmin,PASS,Admin,9600/N/8/1 XON/XOFF, lantronix,SCS200,,,,admin,,, lantronix,SCS200,,Multi,,admin,Admin,secondary priv. password: system, lantronix,SCS3200,,,login,access,,, lantronix,SCS3200,,,login,access,Admin,secondary port settings login: root password: system, lantronix,SCS400,,,,admin,,, lantronix,SCS400,,Multi,,admin,Admin,secondary priv. password: system, lantronix,SecureLinux Console Manager (SLC),,http/ssh,sysadmin,PASS,Admin,, lantronix,Terminal Server,,TCP 7000,,access,Admin,, lantronix,Terminal Server,,TCP 7000,,lantronix,Admin,, latisnetwork,border guard,,Multi,,,Admin,, leading edge,PC BIOS,,,,MASTER,,, leading edge,PC BIOS,,Admin,,MASTER,,, leadingedge,PC BIOS,,Console,,MASTER,Admin,, lenel,OnGuard,,http - tcp 9999,admin,admin,Admin,, level1,WAP_002,,,admin,admin,Administrator,, lg,Aria iPECS,All,Console,,jannie,maintenance,dealer backdoor password, lg,LAM200E / LAM200R,,Multi,admin,epicrouter,Admin,, lg,LAM200E / LAM200R,,Multi,admin,epicrouter,admin,, lg,lsp340,,,,6278,,, lgic,Goldstream,,,LR-ISDN,LR-ISDN,,, lgic,Goldstream,,2.5.1,LR-ISDN,LR-ISDN,,, lgic,Goldstream,2.5.1,,LR-ISDN,LR-ISDN,,, linksys,2700v ADSL Router,,,,epicrouter,Admin,, linksys,ADSL Router,,2700v,,epicrouter,,, linksys,AG 241 - ADSL2 Gateway with 4-Port Switch,,Multi,admin,admin,Admin,, linksys,AP 1120,,Multi,,,Admin,, linksys,BEFSR41,,,,admin,,, linksys,BEFSR41,2,HTTP,,admin,Admin,, linksys,BEFSR7(1) OR (4),,,blank,admin,,, linksys,BEFSR81,,http://192.168.0.1,admin,password,Administration,, linksys,BEFW11S4 Router,,,,admin,,, linksys,BEFW11S4,,1,admin,,,, linksys,BEFW11S4,,Admin,admin,,,, linksys,BEFW11S4,1,HTTP,admin,,Admin,, linksys,BEFW11S4,4,http://192.168.1.245,,,,, linksys,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics,192.168.0.1/docsisdevicestatus.asp, linksys,DSL,,,,admin,,, linksys,DSL,,Admin,,admin,,, linksys,DSL,,Telnet,,admin,Admin,, linksys,E3000,,,admin,admin,,, linksys,E3000,,192.168.1.1,admin,admin,admin,, linksys,EF1324,,multi,admin,,,, linksys,EF1704,,multi,admin,,,, linksys,EFG250,,,admin,admin,,, linksys,EFG250,2,HTTP,admin,admin,,, linksys,EtherFast Cable/DSL ROuter,,,Administrator,admin,,, linksys,EtherFast Cable/DSL ROuter,,Admin,Administrator,admin,,, linksys,EtherFast Cable/DSL ROuter,,Multi,Administrator,admin,Admin,, linksys,EtherFast Cable/DSL Router,,,admin,,,, linksys,EtherFast Cable/DSL Router,,Admin,admin,,,, linksys,EtherFast Cable/DSL Router,,HTTP,admin,,Admin,, linksys,Linksys Router DSL/Cable,,,,admin,,, linksys,Linksys Router DSL/Cable,,Admin,,admin,,, linksys,Linksys Router DSL/Cable,,HTTP,,admin,Admin,, linksys,PC22224,1.0,multi,admin,,Admin,, linksys,PC22604,1.0,multi,admin,,Admin,, linksys,PSUS4 USB Print Server,,,admin,admin,Administrator,, linksys,RT31P2,,http://192.168.15.1,,admin,Administration,, linksys,RT31P2-AT,,http://192.168.15.1,,admin,Administration,, linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,admin,admin,Admin,, linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,user,tivonpw,update access,use for flashing firmware, linksys,RV0041,,http://192.168.1.1,admin,admin,Administration,, linksys,RVS4000,,http://192.168.1.1,admin,admin,,, linksys,SFE2000,,http,admin,,Admin,, linksys,SFE2000,,http,l1_admin,,Admin,, linksys,SFE2000P,,http,admin,,Admin,, linksys,SFE2000P,,http,l1_admin,,Admin,, linksys,SGE2000,,http,admin,,Admin,, linksys,SGE2000,,http,l1_admin,,Admin,, linksys,SGE2000P,,http,admin,,Admin,, linksys,SGE2000P,,http,l1_admin,,Admin,, linksys,SPA400,,http,Admin,,Admin,, linksys,SPA9000,,http,Admin,,Admin,, linksys,SRW2008,,http://192.168.1.254,admin,,Admin,, linksys,SRW2008MP,,http://192.168.1.254,admin,,Admin,, linksys,SRW2008P,,http://192.168.1.254,admin,,Admin,, linksys,SRW2016,,http://192.168.1.254,admin,,Admin,, linksys,SRW2024,,http://192.168.1.254,admin,,Admin,, linksys,SRW2048,,http://192.168.1.254,admin,,Admin,, linksys,SRW208,,http://192.168.1.254,admin,,Admin,, linksys,SRW208G,,http://192.168.1.254,admin,,Admin,, linksys,SRW208L,,http://192.168.1.254,admin,,Admin,, linksys,SRW208MP,,http://192.168.1.254,admin,,Admin,, linksys,SRW208P,,http://192.168.1.254,admin,,Admin,, linksys,SRW224,,http://192.168.1.254,admin,,Admin,, linksys,SRW224G4,,http://192.168.1.254,admin,,Admin,, linksys,SRW248G4,,http://192.168.1.254,admin,,Admin,, linksys,SVR200,,,(AA Admin number),4x98,Autoattendant,, linksys,SVR200,,,(AA Admin number),4x99,Autoattendant,, linksys,SVR200,,,(username),3+(extension),User Access,, linksys,SVR200,,,,3450,Operator voicemailbox,, linksys,SVR200,,,,498,Autoattendant,, linksys,SVR3000,,,(AA Admin number),4x98,Autoattendant,, linksys,SVR3000,,,(AA Admin number),4x99,Autoattendant,, linksys,SVR3000,,,(username),3+(extension),User Access,, linksys,SVR3000,,,,3450,Operator voicemailbox,, linksys,SVR3000,,,,498,Autoattendant,, linksys,SVR3500,,,(AA Admin number),4x98,Autoattendant,, linksys,SVR3500,,,(AA Admin number),4x99,Autoattendant,, linksys,SVR3500,,,(username),3+(extension),User Access,, linksys,SVR3500,,,,3450,Operator voicemailbox,, linksys,SVR3500,,,,498,Autoattendant,, linksys,WAG54G,,HTTP,admin,admin,Admin,, linksys,WAG54GS,,Multi,admin,admin,Admin,, linksys,WAP Router,,4 Port 2.4GHz,,admin,,, linksys,WAP11,,,admin,admin,,, linksys,WAP11,,Multi,,,Admin,, linksys,WAP200,,http://192.168.1.245,,admin,Admin,, linksys,WAP4400N,,http://192.168.1.245,,admin,Admin,, linksys,WAP4400N,business series,192.168.1.245,admin,admin,admin,, linksys,WAP44OON,2,4-GHZ,http://192.168.1.245,Admin,Admin,, linksys,WAP51AB,,console,,Admin,Admin,, linksys,WAP54A,,http://192.168.1.252,,admin,Web-Based Config Utility,, linksys,WAP54G Router,,http://192.168.1.245,,admin,,, linksys,WAP54G,,,,admin,,, linksys,WAP54G,2,http://192.168.1.245,,admin,Admin,, linksys,WAP54GP,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GPE,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GX,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GX,1.0,web ,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., linksys,WAP55AG,1.0, 2.0 ,http://192.168.1.246,,admin,, linksys,WCG200,,http://192.168.0.1,,admin,Administration,, linksys,WET11,,,,admin,Admin,, linksys,WET54G,,,,admin,Admin,, linksys,WGA11B,,,,admin,Admin,, linksys,WMB54G,,,,admin,Admin,, linksys,WRK54G Router,,,,admin,,, linksys,WRT160n,V2,http://192.168.1.1,admin,admin,admin,, linksys,WRT300N,,http://192.168.1.1,,admin,Administration,, linksys,WRT54G Router,,,,admin,,, linksys,WRT54G v4,2.4,http:192.168.1.245,,admin,,, linksys,WRT54G,,Admin,admin,admin,,, linksys,WRT54G,,HTTP,admin,admin,Admin,, linksys,WRT54G,2.4,http:192.168.1.245,,admin,,, linksys,WRT54GC,,,admin,admin,,, linksys,WRT54GC,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GL,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GP2,,http://192.168.15.1,,admin,Administration,, linksys,WRT54GP2A-AT,,http://192.168.15.1,,admin,Administration,, linksys,WRT54GR,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GS Router,,,,admin,,, linksys,WRT54GS,,Admin,admin,admin,,, linksys,WRT54GS,1.1,HTTP,admin,admin,Admin,, linksys,WRT54GX,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GX2,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GX4,,http://192.168.1.1,,admin,Administration,, linksys,WRT55AG Router,,,,admin,,, linksys,WRTP54G-ER,,http://192.168.15.1,admin,admin,Admin,, linksys,WRTSL54GS,,http://192.168.1.1,,admin,Administration,, linksys,WRV54G,,,admin,admin,,, linksys,WRV54G,,Multi,admin,admin,,, linksys,WTR54GS,,http://192.168.16.1,,admin,Administration,, linksys,wrt110,,admin,admin,admin,,, linunx,Linux,,,Administrator,admin,,, linux,Slackware,,,gonzo,,,, linux,Slackware,,,satan,,,, linux,Slackware,,,snake,,,, linux,Slackware,,Multi,gonzo,,User,, linux,Slackware,,Multi,satan,,User,, linux,Slackware,,Multi,snake,,User,, linux,Slackware,,User,gonzo,,,, linux,Slackware,,User,satan,,,, linux,Slackware,,User,snake,,,, linux,UCLinux for UCSIMM,,,root,uClinux,,, linux,UCLinux for UCSIMM,,Admin,root,uClinux,,, linux,UCLinux for UCSIMM,,Multi,root,uClinux,Admin,, linux,back trak,3 and 4,,root,toor,,penetration version hacking WiFi, livingston,IRX Router,,,!root,,,, livingston,IRX Router,,Telnet,!root,,,, livingston,Livingston Portmaster 3,,,!root,,,, livingston,Officerouter,,,!root,,,, livingston,Officerouter,,,!root,blank,,, livingston,Officerouter,,Telnet,!root,,,, livingston,Portmaster 2R,,Telnet,root,,Admin,, livingston,Portmaster 3,,Telnet,!root,,,, livingston,Portmaster,2/3,,!root,blank,,, livingstone,Portmaster 2R,,,root,,,, livingstone,Portmaster 2R,,Admin,root,,,, lockdownnetworks,All Lockdown Products,up to 2.7,Console,setup,changeme(exclamation),User,, logitech,Logitech Mobile Headset,,Bluetooth,,0,audio access,, longshine,isscfg,,HTTP,admin,0,Admin,, lucent,AP-1000,,,public,public,,, lucent,Anymedia,,,LUCENT01,UI-PSWD-01,,, lucent,Anymedia,,,LUCENT02,UI-PSWD-02,,, lucent,Anymedia,,Admin,LUCENT01,UI-PSWD-01,,, lucent,Anymedia,,Admin,LUCENT02,UI-PSWD-02,,, lucent,Anymedia,,Console,LUCENT01,UI-PSWD-01,Admin,requires GSI software, lucent,Anymedia,,Console,LUCENT02,UI-PSWD-02,Admin,requires GSI software, lucent,B-STDX9000,,,(any 3 characters),cascade,,, lucent,B-STDX9000,,,,cascade,,, lucent,B-STDX9000,,Multi,(any 3 characters),cascade,,, lucent,B-STDX9000,,SNMP readwrite,,cascade,,, lucent,B-STDX9000,,all,,cascade,,, lucent,B-STDX9000,,debug mode,,cascade,,, lucent,B-STDX9000,all,SNMP,,cascade,Admin,, lucent,CBX 500,,,(any 3 characters),cascade,,, lucent,CBX 500,,,,cascade,,, lucent,CBX 500,,Multi,(any 3 characters),cascade,,, lucent,CBX 500,,SNMP readwrite,,cascade,,, lucent,CBX 500,,debug mode,,cascade,,, lucent,Cajun Family,,,root,root,,, lucent,Cellpipe 22A-BX-AR USB D,,Console,admin,AitbISP4eCiG,Admin,, lucent,GX 550,,,(any 3 characters),cascade,,, lucent,GX 550,,,,cascade,,, lucent,GX 550,,Multi,(any 3 characters),cascade,,, lucent,GX 550,,SNMP readwrite,,cascade,,, lucent,GX 550,,debug mode,,cascade,,, lucent,M770,,Telnet,super,super,Admin,, lucent,MAX-TNT,,,admin,Ascend,,, lucent,MAX-TNT,,Multi,admin,Ascend,,, lucent,Max TNT,,9.1.3,,admin,,, lucent,PSAX 1200 and below,,,root,ascend,,, lucent,PSAX 1200 and below,,Multi,root,ascend,,, lucent,PSAX 1250 and above,,,readonly,lucenttech2,,, lucent,PSAX 1250 and above,,,readwrite,lucenttech1,,, lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,,, lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,Admin,, lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,,, lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,Admin,, lucent,PacketStar,,Multi,Administrator,,Admin,, lucent,Packetstar (PSAX),,,readwrite,lucenttech1,,, lucent,Portmaster 2,,,!root,,,, lucent,Portmaster 3,,,!root,!ishtar,,unknown, lucent,Stinger,,,admin,Ascend,,, lucent,System 75,,,bciim,bciimpw,,, lucent,System 75,,,bcim,bcimpw,,, lucent,System 75,,,bcms,bcmspw,,, lucent,System 75,,,bcnas,bcnaspw,,, lucent,System 75,,,blue,bluepw,,, lucent,System 75,,,browse,browsepw,,, lucent,System 75,,,browse,looker,,, lucent,System 75,,,craft,craft,,, lucent,System 75,,,craft,craftpw,,, lucent,System 75,,,cust,custpw,,, lucent,System 75,,,enquiry,enquirypw,,, lucent,System 75,,,field,support,,, lucent,System 75,,,inads,inads,,, lucent,System 75,,,inads,indspw,,, lucent,System 75,,,init,initpw,,, lucent,System 75,,,locate,locatepw,,, lucent,System 75,,,maint,maintpw,,, lucent,System 75,,,maint,rwmaint,,, lucent,System 75,,,nms,nmspw,,, lucent,System 75,,,pw,pwpw,,, lucent,System 75,,,rcust,rcustpw,,, lucent,System 75,,,support,supportpw,,, lucent,System 75,,,sysadm,sysadmpw,,, lucent,System 75,,,tech,field,,, lucent,System 75,,Multi,bciim,bciimpw,,, lucent,System 75,,Multi,bcim,bcimpw,,, lucent,System 75,,Multi,bcms,bcmspw,,, lucent,System 75,,Multi,bcnas,bcnaspw,,, lucent,System 75,,Multi,blue,bluepw,,, lucent,System 75,,Multi,browse,browsepw,,, lucent,System 75,,Multi,browse,looker,,, lucent,System 75,,Multi,craft,craft,,, lucent,System 75,,Multi,craft,craftpw,,, lucent,System 75,,Multi,cust,custpw,,, lucent,System 75,,Multi,enquiry,enquirypw,,, lucent,System 75,,Multi,field,support,,, lucent,System 75,,Multi,inads,inads,,, lucent,System 75,,Multi,inads,indspw,,, lucent,System 75,,Multi,init,initpw,,, lucent,System 75,,Multi,locate,locatepw,,, lucent,System 75,,Multi,maint,maintpw,,, lucent,System 75,,Multi,maint,rwmaint,,, lucent,System 75,,Multi,nms,nmspw,,, lucent,System 75,,Multi,pw,pwpw,,, lucent,System 75,,Multi,rcust,rcustpw,,, lucent,System 75,,Multi,support,supportpw,,, lucent,System 75,,Multi,sysadm,admpw,,, lucent,System 75,,Multi,sysadm,sysadmpw,,, lucent,System 75,,Multi,sysadm,syspw,,, lucent,System 75,,Multi,tech,field,,, luxoncommunications,IP Phone,,http,administrator,19750407,Admin,, m technology,PC BIOS,,,,mMmM,,, m technology,PC BIOS,,Admin,,mMmM,,, machspeed,PC BIOS,,,,sp99dd,,, machspeed,PC BIOS,,Admin,,sp99dd,,, machspeed,PC BIOS,,Console,,sp99dd,Admin,, macromedia,Dreamweaver,,,,admin,,, macromedia,Dreamweaver,,FTP,,admin,Guest,, macromedia,Dreamweaver,,Guest,,admin,,, macsense,X-Router Pro,,,admin,admin,,, magic-pro,PC BIOS,,,,prost,,, magic-pro,PC BIOS,,Admin,,prost,,, magicpro,PC BIOS,,Console,,prost,Admin,, main street softworks,MCVE,,2.5,MCVEADMIN,password,,, main street softworks,MCVE,,Admin,MCVEADMIN,password,,, mainstreetsoftworks,MCVE,2.5,Multi,MCVEADMIN,password,Admin,, mambo,Site Server,,4.x,admin,admin,,, mambo,Site Server,4.x,HTTP,admin,admin,Admin,, mantis,Mantis,,,administrator,root,,, mantis,Mantis,,,administrator,root,Admin,, manufactor,Product,,Access_Validated,User,Password,,, marconi,Fore ATM Switches,,,ami,,,, marconi,Fore ATM Switches,,Admin,ami,,,, marconi,Fore ATM Switches,,Multi,ami,,Admin,, maxdata,ms2137,,Multi,,,Admin,, mcafee,3100,4.x, 5.x,local, ssh,root,root, mcafee,IntruShield IPS Sensor,,,admin,admin123,,, mcafee,IntruShield IPS Sensor,1.8,SSH,admin,admin123,,, mcafee,IntruShield IPS Sensor,1.9,SSH,admin,admin123,,, mcafee,IntruShield IPS Sensor,2.1,SSH,admin,admin123,,, mcafee,IntruShield IPS Sensor,3.1,SSH,admin,admin123,,, mcafee,IntruShield Manager,,,admin,admin123,,, mcafee,IntruShield Manager,1.8,HTTP,admin,admin123,,, mcafee,IntruShield Manager,1.9,HTTP,admin,admin123,,, mcafee,IntruShield Manager,2.1,HTTP,admin,admin123,,, mcafee,IntruShield Manager,3.1,HTTP,admin,admin123,,, mcafee,SCM 3100,4.1,Multi,scmadmin,scmchangeme,Admin,, mcafee,SCM 3200,,http,scmadmin,changeme,Admin,, mcafee,e250,,,webshield,webshieldchangeme,,, mcafee,e250,,HTTP,webshield,webshieldchangeme,,, mcdata,FC Switches/Directors,,Multi,Administrator,password,Admin,, mediatrix,2102,,http://x.x.x.x:8080,root,5678,,, mediatrix2102,,,http://192.168.1.102,admin,1234,,, mediatrix2102,mediatrix 2102,,HTTP,admin,1234,Admin,, medion,Routers,,HTTP,,medion,Admin,, megastar,BIOS,,Console,,star,Admin,, megastar,PC BIOS,,,,star,,, megastar,PC BIOS,,Admin,,star,,, megastar,PC BIOS,,Console,,star,Admin,, melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, memotec,CX Line,,Console,memotec,supervisor,,, memotec,CX Line,Any,Multi,memotec,supervisor,Console,, mentec,Micro/RSX,,,MICRO,RSX,,, mentec,Micro/RSX,,,MICRO,RSX,Admin,, mentec,Micro/RSX,,Admin,MICRO,RSX,,, mentec,Micro/RSX,,Multi,MICRO,RSX,Admin,, mercury interactive,Topaz Prism,,,admin,admin,,, mercury,234234,,234234,Administrator,admin,,, mercury,234234,,Admin,Administrator,admin,,, mercury,234234,234234,SNMP,Administrator,admin,Admin,, mercury,KT133A/686B,,,Administrator,admin,,, mercury,KT133A/686B,,Admin,Administrator,admin,,, mercury,KT133A/686B,,SNMP,Administrator,admin,Admin,, mercury,Topaz Prism,,http,admin,admin,Admin,, meridian,PBX,ANY,Telnet,service,smile,System,This is the default password on most Meridian systems., metro,phone,,voicemail,client,client,,, michiel,PHPList,2.6.4,http,admin,phplist,Admin,, michiel,PHPlist,,2.6.4,admin,phplist,,, micro soft,yahoo messenger,,,sherzad420,pakistan,,, microcom,ADSL Routers,,,admin,epicrouter,Admin,, microcom,ADSL Routers,,,user,password,Admin,, microcom,Unknown,,,admin,superuser,,, microcom,hdms,,,system,hdms,,unknown, micron,PC BIOS,,,,sldkj754,,, micron,PC BIOS,,,,xyzall,,, micron,PC BIOS,,Admin,,sldkj754,,, micron,PC BIOS,,Admin,,xyzall,,, micron,PC BIOS,,Console,,sldkj754,Admin,, micron,PC BIOS,,Console,,xyzall,Admin,, micronet,3351 / 3354,,Multi,admin,epicrouter,Admin,, micronet,Access Point,,Admin,root,default,,, micronet,Access Point,,SP912,root,default,,, micronet,SP3356,,,admin,epicrouter,,, micronet,SP3356,,HTTP,admin,epicrouter,,, micronet,SP3357,,HTTP,admin,epicrouter,admin,, micronet,SP3357,,admin,admin,epicrouter,,, micronet,SP5002,,Console,mac,,Admin,, micronet,SP912 Access Point,,Telnet,root,default,Admin,, micronet,SP916BM Wireless Broadband Router,,http,admin,admin,Admin,, micronet,SP916GK,V2,HTTP,admin,,Admin,, micronet,Wireless Broadband Router,,SP916BM,admin,admin,,, micronics,PC BIOS,,,,dn_04rjc,,, micronics,PC BIOS,,Admin,,dn_04rjc,,, micronics,PC BIOS,,Console,,dn_04rjc,Admin,, microplex,Print Server,,,root,root,,, microplex,Print Server,,Admin,root,root,,, microplex,Print Server,,Telnet,root,root,Admin,, microrouter,900i,,,,letmein,,, microrouter,900i,,Admin,,letmein,,, microrouter,900i,,Console/Multi,,letmein,Admin,, microsoft,200 server,,,,,,, microsoft,Great Plains,,,LessonUser1,,,, microsoft,Great Plains,,,LessonUser2,,,, microsoft,Great Plains,All,Multi,LessonUser1,,,, microsoft,Great Plains,All,Multi,LessonUser2,,,, microsoft,MN-100,,http://192.168.2.1,,admin,Administration,, microsoft,MN-500,,http://192.168.2.1,,admin,Administration,, microsoft,MN-700,,http://192.168.2.1,,admin,Administration,, microsoft,MN500 Base Station,,,,admin,Admin,, microsoft,MN700 Wireless AP/Router,,,MSHOME,MSHOME,,, microsoft,NT,,,,start,,, microsoft,NT,,,free user,user,,4, microsoft,SQL Server 2000,,SP3,sa,,,, microsoft,SQL Server,,,,sa,,, microsoft,SQL Server,,7,sa,,,, microsoft,SQL Server,,Admin,sa,,,, microsoft,SQL Server,7,Multi,sa,,Admin,, microsoft,SiteServer,,3.x,LDAP_Anonymous,LdapPassword_1,,, microsoft,SiteServer,3.x,http,LDAP_Anonymous,LdapPassword_1,,, microsoft,Windows NT,,,,,,, microsoft,Windows NT,,,Administrator,,,, microsoft,Windows NT,,,Administrator,,,All, microsoft,Windows NT,,,Administrator,Administrator,,, microsoft,Windows NT,,,Guest,,,All, microsoft,Windows NT,,,Guest,Guest,,, microsoft,Windows NT,,,IS_$hostname,(same),,, microsoft,Windows NT,,,Mail,,,All, microsoft,Windows NT,,,User,User,,, microsoft,Windows NT,,,pkoolt,pkooltPS,,4, microsoft,Windows NT,,Admin,Administrator,,,, microsoft,Windows NT,,Admin,Administrator,Administrator,,, microsoft,Windows NT,,Multi,Administrator,,Admin,, microsoft,Windows NT,,Multi,Administrator,Administrator,Admin,, microsoft,Windows NT,,Multi,Guest,,User,, microsoft,Windows NT,,Multi,Guest,Guest,User,, microsoft,Windows NT,,Multi,IS_$hostname,(same),User,hostname is your servername, microsoft,Windows NT,,Multi,User,User,User,, microsoft,Windows NT,,User,Guest,,,, microsoft,Windows NT,,User,Guest,Guest,,, microsoft,Windows NT,,User,IS_$hostname,(same),,, microsoft,Windows NT,,User,User,User,,, microsoft,Windows Storage Server 2008,,,Administrator,wSS2008!,,, mike peters,BasiliX,,1.1.1,bsxuser,bsxpass,,, mikepeters,BasiliX,1.1.1,sql,bsxuser,bsxpass,Admin,, mikrotik,,2.27,,admin,,172.16.11.1,, mikrotik,,2.9.27,,admin,admin,,, mikrotik,,2.9.27,http://10.0.0.138,admin,,,, mikrotik,,3.20,192.168.2.2,admin,0111313071,,MikroTik, mikrotik,,MikroTik v3.25,telnet,admin,admin,root,hello, mikrotik,MKE-3.28, 3.28 ,http://189.150.32.11/,admin,admin,root,, mikrotik,MicroTik,2.9.27,,admin,123,,, mikrotik,Mikrotik,2.95,,multilink,,,, mikrotik,Mikrotik2.9.42 windows xp,2.9.42,,admin,admin,admin,, mikrotik,Router OS,2.9.17,HTTP,admin,,Admin,, mikrotik,Router OS,all,Telnet,admin,,Admin,also for SSH and Web access, mikrotik,Windows XP,3.2,10.15.113.1,admin,admin,,, mikrotik,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,admin,admin,admin,admin, mikrotik,wbr-2310,1.0,192.168.7.103,admin,,admin,, mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,12345, mikrotik,windows xp,2.9.27,192.168.0.5,admin,18022011,root,, mikrotik,windows xp,2.9.34,http://10.1.11.1,admin,admin,Admin,, mikrotik,windows xp,webbox 2.9.27 login,192.168.2.1,admin,admin,root,, milan,mil-sm801p,,Multi,root,root,Admin,, minoltaqms,Magicolor 3100,3.0.0,HTTP,admin,,Admin,Gives access to Accounting, minoltaqms,Magicolor 3100,3.0.0,HTTP,operator,,Admin,, mintel,Mintel PBX,,,,SYSTEM,,, mintel,Mintel PBX,,,,SYSTEM,Admin,, mintel,Mintel PBX,,Admin,,SYSTEM,,, mitel,3300 ICP,all,HTTP,system,password,Admin,, mitel,MN3100ICP,,,system,mnet,,, mitel,MN3100ICP,,HTTP,system,mnet,,, mitel,SX200,All,Maint Port/attendant console,installer,1000,unlimited,This access controlls all other levels, mitel,SX2000,all,Multi,,,Admin,, mitel,sx2000,light,console,system,sx2000,Full installer,, mklencke,Forumtalk,1.0rc2,,root,blablabla,Admin,, mobotix,M10,,192.168.x.x,admin,meinsm,,, mobotix,M10,,HTTP,admin,meinsm,192.168.x.x,, mobotix,MOBOTIX M12,,http,admin,meinsm,http,, mobotix,Windows XP,all versions,http://192.168.0.1,,ronda_atocha,guest,, mobotix,abosalem,1,aaa,abosalem,1407,,, motive,Chorus,,,admin,isee,Admin,, motorola,Cablerouter,,,cablecom,router,,, motorola,Cablerouter,,Admin,cablecom,router,,, motorola,Cablerouter,,Telnet,cablecom,router,Admin,, motorola,DPC-550 cell phone,,keypad,,000000000000,unlocks the phone,, motorola,DPC-550 cell phone,,keypad,,123456123456,unlocks the phone,, motorola,Motorola Cablerouter,,,cablecom,router,Admin,, motorola,SB5120,,http://192.168.100.1,,,Administration,, motorola,SBG900,,HTTP,admin,motorola,Admin,, motorola,Various,,,service,smile,,, motorola,Various,,,setup,,,, motorola,WR850G Router,,,admin,password,,, motorola,WR850G,4.03,HTTP,admin,motorola,Admin,higher revisions likely the same, motorola,WR850R,,HTTP,admin,motorola,,, motorola,Wireless Router,WR850G,HTTP,admin,motorola,Admin,, motorola,vanguard,,Multi,,,Admin,, motorola,wr850r,,,admin,motorola,,, mp3mystic,MP3Mystic,,,admin,mp3mystic,,, mp3mystic,MP3Mystic,,http,admin,mp3mystic,Admin,, mro software,maximo,,Admin,SYSADM,sysadm,,, mro software,maximo,,v4.1,SYSADM,sysadm,,, mrosoftware,maximo,v4.1,Multi,SYSADM,sysadm,Admin,, mrv,3312-4c,,Multi,admin,admin,all,, mrv,3312-4c,,all,admin,admin,,, mtechnology,PC BIOS,,Console,,mMmM,Admin,, multitech,RASExpress Server,,,guest,,,5.30a, mutare software,EVM Admin,,All,,admin,,, mutaresoftware,EVM Admin,All,HTTP,,admin,Admin,, muze,Ariadne,,2.2.1,admin,muze,,, muze,Ariadne,2.2.1,http,admin,muze,Admin,, my test,1.0,,You,Loser,1234,,, mysql,Eventum,,,admin@example.com,admin,,, mysql,Eventum,,http,admin@example.com,admin,Admin,, mysql,MySQL,,,root,,,, mysql,MySQL,all,,root,,Admin,, nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin, : must be changed at 1st connection, nai,Intrushield IPS,1200/2600/4000,SSH + Web console,admin,admin123,Admin,, nanoteq,NetSeq firewall,,,admin,NetSeq,,*, nanoteq,NetSeq,,,admin,NetSeq,,, ncr,NCR UNIX,,,ncrm,ncrm,,, ncr,NCR UNIX,,Admin,ncrm,ncrm,,, ncr,NCR UNIX,,Multi,ncrm,ncrm,Admin,, nec,WARPSTAR-BaseStation,,Telnet,,,Admin,, netapp,NetCache,,,admin,NetCache,,any, netapp,SANscreen,5.1.3,http,admin,admin123,Admin,, netbotz,Netbotz Appliances,,,netbotz,netbotz,,, netcomm,NB1300+4,,,admin,password,,, netcomm,NB1300+4,all,Multi,admin,password,,, netcomm,NB1300,,,admin,password,,, netcomm,NB1300,all,Multi,admin,password,,, netcomm,NB5580 / NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, netcordia,NetMRI,,http,admin,admin,Admin,, netgear fr314,Firewall router,,,admin,password,,, netgear fr314,Firewall router,,Admin,admin,password,,, netgear,802.11b Wireless Cable/DSL router,,MR814,admin,password,,, netgear,CG814GCMR,,http://192.168.0.1,admin,password,admin,charter communications, netgear,CG814WG,v2,192.168.0.1,comcast,1234,setup,, netgear,Cable/DSL Router,,RT-314,admin,1234,,, netgear,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics page,192.168.0.1/docsisdevicestatus.html, netgear,DG632 ADSL Modem,V3.3.0a_cx,HTTP,admin,password,Admin,, netgear,DG632,,http://192.168.0.1,admin,password,Administration,, netgear,DG814 Router,,,admin,password,Admin,, netgear,DG824G,,,admin,password,Admin,, netgear,DG824M,,,admin,password,Admin,, netgear,DG834,,http://192.168.0.1,admin,password,Administration,, netgear,DG834G,,,,admin,Admin,, netgear,DG834G,,,,zebra,,, netgear,DG834G,,http://192.168.0.1,admin,password,Administration,, netgear,DG834G,,telnet,,zebra,Admin,, netgear,DG834GT,V1.03.87,http://192.168.0.1,,,root,, netgear,DG934G,,,admin,sky,admin,, netgear,DM602,,FTP Telnet and HTTP,admin,password,Admin,, netgear,FM114P,,Multi,,,Admin,, netgear,FR114P,,HTTP,admin,password,Admin,, netgear,FR314,,HTTP,admin,password,Admin,, netgear,FVS318,,HTTP,admin,password,Admin,, netgear,FVS338,,HTTP,admin,password,Admin,, netgear,FWG114P,,Multi,,admin,password,, netgear,GS724t,V1.0.1_1104,HTTP,,password,Admin,, netgear,GSM7224,,HTTP,admin,,Admin,, netgear,ME102 ,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, netgear,MR-314,,3.26,admin,1234,,, netgear,MR-314,,Admin,admin,1234,,, netgear,MR-314,3.26,HTTP,admin,1234,Admin,, netgear,MR314,,Multi,admin,1234,Admin,, netgear,MR814,,HTTP,admin,password,Admin,, netgear,RM356,,Admin,,1234,,, netgear,RM356,,None,,1234,,, netgear,RM356,None,Telnet,,1234,Admin,shutdown the router via internet, netgear,RP114,,,admin,1234,,, netgear,RP114,,3.26,,1234,,, netgear,RP114,,Admin,admin,1234,,, netgear,RP114,,Multi,admin,1234,admin,, netgear,RP114,,Telnet,admin,1234,Admin,, netgear,RP114,,admin,admin,1234,,, netgear,RP114,3.20-3.26,HTTP,admin,1234,Admin,default http://192.168.0.1, netgear,RP114,3.26,Telnet,,1234,Admin,telnet 192.168.0.1, netgear,RP614,,,admin,password,,, netgear,RP614,,Admin,admin,password,,, netgear,RP614,,HTTP,admin,password,Admin,, netgear,RT-311,,Admin,Admin,1234,,, netgear,RT-311,,HTTP,Admin,1234,Admin,, netgear,RT311,,,Admin,1234,,Any, netgear,RT311/RT314,,,admin,1234,,, netgear,RT314,,,admin,admin,,, netgear,RT314,,Admin,admin,1234,,, netgear,RT314,,Admin,admin,admin,,, netgear,RT314,,HTTP and Telnet,admin,1234,Admin,, netgear,RT314,,HTTP,admin,admin,Admin,, netgear,Router,,DG814,admin,password,,, netgear,Router/Modem,,Multi,admin,password,Admin,, netgear,WAP54G,,,,admin,Admin,, netgear,WG302,,,admin,password,,, netgear,WG302,,HTTP,admin,password,,, netgear,WG602 Router,2,,admin,password,,, netgear,WG602,,Firmware Version 1.04.0,super,5777364,,, netgear,WG602,,Firmware Version 1.5.67,super,5777364,,, netgear,WG602,,Firmware Version 1.7.14,superman,21241036,,, netgear,WG602,Firmware Version 1.04.0,HTTP,super,5777364,Admin,, netgear,WG602,Firmware Version 1.5.67,HTTP,super,5777364,Admin,, netgear,WG602,Firmware Version 1.7.14,HTTP,superman,21241036,Admin,, netgear,WGE101,,,admin,password,Admin,, netgear,WGR-614,,admin,admin,password,,, netgear,WGR101 Router,,,admin,password,,, netgear,WGR614 Router,v4,,admin,setup,Admin,, netgear,WGR614,v5,http://192.168.0.1 or http://routerlogin.net/,admin,password,Administration,, netgear,WGR624 Router,,,admin,password,,, netgear,WGT624,,http://192.168.0.1,admin,password,Administration,, netgear,WGT634U,,HTTP,admin,password,Admin,, netgear,wpn824,,,edel,1234567,,, netgeatr,RP114,,3.20-3.26,admin,1234,,, netgenesis,NetAnalysis Web Reporting,,,naadmin,naadmin,,, netgenesis,NetAnalysis Web Reporting,,Admin,naadmin,naadmin,,, netgenesis,NetAnalysis Web Reporting,,HTTP,naadmin,naadmin,Admin,, netopia,3351,,Multi,,,Admin,, netopia,4542,,Multi,admin,noway,Admin,, netopia,Caiman 3200,3200,http://192.168.1.1,admin,1234,,, netopia,Netopia 7100,,,,,,, netopia,Netopia 7100,,Admin,,,,, netopia,Netopia 7100,,Telnet,,,Admin,, netopia,Netopia 9500,,,netopia,netopia,,, netopia,Netopia 9500,,Admin,netopia,netopia,,, netopia,Netopia 9500,,Telnet,netopia,netopia,Admin,, netopia,R7100,,,admin,admin,,4.6.2, netopia,R910,,Multi,admin,,Admin,, netport,Express 10/100,,,setup,setup,,, netport,Express 10/100,,Admin,setup,setup,,, netport,Express 10/100,,multi,setup,setup,Admin,, netscape,Enterprise Server,,http,admin,admin,Admin,, netscape,Netscape Enterprise Server,,,admin,admin,,, netscreen,Firewall,,,netscreen,netscreen,,, netscreen,Firewall,,Admin,netscreen,netscreen,,, netscreen,Firewall,,multi,netscreen,netscreen,Admin,, netscreen,IDP,,2.0p1,admin,netscreen,,, netscreen,IDP,2.0p1,,admin,netscreen,Admin,, netscreen,NS-5 NS10 NS-100,,,netscreen,netscreen,,, netscreen,Netscreen,,,netscreen,netscreen,,, netscreen,all firewalls,,all,netscreen,netscreen,,, netscreen,firewall,,HTTP,Administrator,,Admin,, netscreen,firewall,,Telnet,Administrator,,Admin,, netscreen,firewall,,Telnet,admin,,Admin,, netscreen,firewall,,Telnet,operator,,Admin,, netscreen,ns-25,,,,,,, netscreen,ns-25,,Admin,,,,, netscreen,ns-25,,Multi,,,Admin,, netstar,Netpilot,,Multi,admin,password,Admin,, network appliance,NetCache,,Admin,admin,NetCache,,, network appliance,NetCache,,any,admin,NetCache,,, network associates,WebShield Security Appliance e250,,,e250,e250changeme,,, network associates,WebShield Security Appliance e250,,Admin,e250,e250changeme,,, network associates,WebShield Security Appliance e500,,,e500,e500changeme,,, network associates,WebShield Security Appliance e500,,Admin,e500,e500changeme,,, networkappliance,NetCache,any,Multi,admin,NetCache,Admin,, networkassociates,WebShield Security Appliance e250,,HTTP,e250,e250changeme,Admin,, networkassociates,WebShield Security Appliance e500,,HTTP,e500,e500changeme,Admin,, networkeverywhere,NWR11B,,HTTP,,admin,Admin,, networkice,ICECap Manager,,2.0.22 <,iceman,,,, networkice,ICECap Manager,below 2.0.22,port 8081,iceman,,Admin,, newbridge,Congo/Amazon/Tigris,,,netman,netman,,All versions, nexland,ISB SOHO,,http://192.168.0.1,admin,,Administration,, nexland,ISB2LAN,,http://192.168.0.1,user:,,Administration,, nexland,Pro100,,http://192.168.0.1,user:,,Administration,, nexland,Pro400,,http://192.168.0.1,user:,,Administration,, nexland,Pro800 Turbo,,http://192.168.0.1,admin,,Administration,, nexsan,ATABoy2F,8.10f,http,ADMIN,PASSWORD,Admin,, next,NeXTStep,,,me,,,, next,NeXTStep,,,root,NeXT,,, next,NeXTStep,,,signa,signa,,, next,NeXTStep,,Admin,root,NeXT,,, next,NeXTStep,,Multi,me,,User,, next,NeXTStep,,Multi,root,NeXT,Admin,, next,NeXTStep,,Multi,signa,signa,User,, next,NeXTStep,,User,me,,,, next,NeXTStep,,User,signa,signa,,, ngsec,NGSecureWeb,,HTTP,admin,,Admin,, ngsec,NGSecureWeb,,HTTP,admin,asd,Admin,, ngsecure,The Hooy,,1,admin,admin,,, ngsecure,The Hooy,,Admin,admin,admin,,, nicesystemsltd,NICELog,,,Administrator,nicecti,Admin,, nicesystemsltd,NICELog,,,Nice-admin,nicecti,Admin,, niksun,NetDetector,,Multi,vcr,NetVCR,Admin,su after login with empty password, nimble,BIOS,,Console,,xdfk9874t3,Admin,, nimble,PC BIOS,,,,xdfk9874t3,,, nimble,PC BIOS,,Admin,,xdfk9874t3,,, nimble,PC BIOS,,Console,,xdfk9874t3,Admin,, nixdorf,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, no,no,,microsoft,9000,1234567890,,, nokia,7360,,Multi,,9999,Admin,, nokia,770,,,root,rootme,Admin,, nokia,DSL Router M1122,,1.1 - 1.2,m1122,m1122,,, nokia,DSL Router M1122,,Administrator,Telecom,Telecom,,, nokia,DSL Router M1122,,Multi,Telecom,Telecom,Administrator,, nokia,DSL Router M1122,,User,m1122,m1122,,, nokia,DSL Router M1122,1.1 - 1.2,Multi,m1122,m1122,User,, nokia,M10,,,Telecom,Telecom,,, nokia,MW1122,,Multi,telecom,telecom,Admin,Only in New Zealand., nokia,all mobiles,,Security Code,nop,12345,,, nokia,all mobiles,nop,Multi,nop,12345,Security Code,, nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,, can be reset., nokia,n800,all,ssh (remote or localhost),root,rootme,root user,by default ssh not installed, nokia,nokia,,,root,nokia,,, nokia,nokia,,security code,nop,123454,,, nokia,phone,,voicemail,client,client,,, norstar,Meridian KSU,,Admin,**23646,23646,,, norstar,Meridian KSU,,Config,**266344,266344,,, nortel,Accelar (Passport) 1000 series routing switches,,,l2,l2,,, nortel,Accelar (Passport) 1000 series routing switches,,,l3,l3,,, nortel,Accelar (Passport) 1000 series routing switches,,,ro,ro,,, nortel,Accelar (Passport) 1000 series routing switches,,,rw,rw,,, nortel,Accelar (Passport) 1000 series routing switches,,,rwa,rwa,,, nortel,Accelar (Passport) 1000 series routing switches,,Layer 2 Read Write,l2,l2,,, nortel,Accelar (Passport) 1000 series routing switches,,Layer 3 (and layer 2) Read Write,l3,l3,,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,l2,l2,Layer 2 Read Write,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,l3,l3,Layer 3 (and layer 2) Read Write,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,ro,ro,Read Only,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,rw,rw,Read Write,, nortel,Accelar (Passport) 1000 series routing switches,,Multi,rwa,rwa,Read Write All,, nortel,Accelar (Passport) 1000 series routing switches,,Read Only,ro,ro,,, nortel,Accelar (Passport) 1000 series routing switches,,Read Write All,rwa,rwa,,, nortel,Accelar (Passport) 1000 series routing switches,,Read Write,rw,rw,,, nortel,BCM,,3.5 - 3-7,administrator,PlsChgMe!,,, nortel,BCM,,3.5 - 3-7,supervisor,visor,,, nortel,BayStack,,310/303,,secure,,, nortel,Baystack 350-24T,,,,secure,,, nortel,Baystack 350-24T,,Admin,,secure,,, nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RO,user,Read Only,, nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RW,secure,Admin,, nortel,Baystack,310/303,,,,Admin,, nortel,Baystack,310/303,,,secure,Admin,, nortel,Baystack,350-24T,Telnet,,secure,Admin,, nortel,Business Communications Manager,3.5 and 3.6,https,supervisor,PlsChgMe!,Admin,Note exclamation in password, nortel,Business Communications Manager,3.5-3.7,,administrator,PlsChgMe!,Admin,Note exclamation in password, nortel,Business Communications Manager,3.5-3.7,,supervisor,visor,Admin,, nortel,Contivity Extranet Switches,2.x,,admin,setup,,, nortel,Contivity Switch,,,admin,setup,,, nortel,Contivity,,Admin,admin,setup,,, nortel,Contivity,,Extranet/VPN switches,admin,setup,,, nortel,Contivity,Extranet/VPN switches,HTTP,admin,setup,Admin,, nortel,Extranet Switches,,,admin,setup,,, nortel,Extranet Switches,,Admin,admin,setup,,, nortel,Extranet Switches,,Multi,admin,setup,Admin,, nortel,MIPCD,1.04,,user,,Admin,, nortel,MIPCD,1.04,FTP,user,user,r/w,, nortel,MIPCD,1.04,http,admin,admin,Admin,, nortel,MIPCD,1.5,,,,,, nortel,MIPCD,1.5,,user,,Admin,, nortel,MIPCD,1.5,,user,user,,, nortel,MIRAN,,,distrib,distrib0,Admin,, nortel,MIRAN,,,user,user0000,Admin,, nortel,MIRAN,3.xx,serial,admin,admin000,Admin,, nortel,Matra 6501 PBX,,,,0,,, nortel,Matra 6501 PBX,,Admin,,0000,,, nortel,Matra 6501 PBX,,Console,,0,Admin,, nortel,Matra 6501 PBX,,Console,,0000,Admin,, nortel,Meridian 1 PBX,,,0,0,,OS Release 2, nortel,Meridian CCR,,,ccrusr,ccrusr,,, nortel,Meridian CCR,,,disttech,4tas,,, nortel,Meridian CCR,,,maint,maint,,, nortel,Meridian CCR,,,service,smile,,, nortel,Meridian CCR,,Maintenance account,maint,maint,,, nortel,Meridian CCR,,Multi,disttech,4tas,engineer account,, nortel,Meridian CCR,,Multi,disttech,etas,engineer account,, nortel,Meridian CCR,,Multi,maint,maint,Maintenance account,, nortel,Meridian CCR,,Multi,service,smile,general engineer account,, nortel,Meridian CCR,,User account,ccrusr,ccrusr,,, nortel,Meridian CCR,,engineer account,disttech,4tas,,, nortel,Meridian CCR,,general engineer account,service,smile,,, nortel,Meridian CCR,,telnet/modem,ccrusr,ccrusr,User account,, nortel,Meridian CCR,,telnet/modem,mlusr,mlusr,user account,, nortel,Meridian CCR,,telnet/modem,trmcnfg,trmcnfg,,, nortel,Meridian KSU,,Console,**23646,23646,Admin,, nortel,Meridian KSU,,Console,**266344,266344,Config,, nortel,Meridian Link,,,disttech,4tas,,, nortel,Meridian Link,,,maint,maint,,, nortel,Meridian Link,,,mlusr,mlusr,,, nortel,Meridian Link,,,service,smile,,, nortel,Meridian Link,,Maintenance account,maint,maint,,, nortel,Meridian Link,,Multi,disttech,4tas,engineer account,, nortel,Meridian Link,,Multi,disttech,etas,engineer account,, nortel,Meridian Link,,Multi,maint,maint,Maintenance account,, nortel,Meridian Link,,Multi,service,smile,general engineer account,, nortel,Meridian Link,,engineer account,disttech,4tas,,, nortel,Meridian Link,,general engineer account,service,smile,,, nortel,Meridian Link,,telnet/modem,ccrusr,ccrusr,User account,, nortel,Meridian Link,,telnet/modem,mlusr,mlusr,user account,, nortel,Meridian Link,,telnet/modem,trmcnfg,trmcnfg,,, nortel,Meridian Link,,user account,mlusr,mlusr,,, nortel,Meridian Link/CCR/Max,,,ccrusr,ccrusr,,, nortel,Meridian Link/CCR/Max,,,disttech,4tas,,, nortel,Meridian Link/CCR/Max,,,disttech,disttech,,, nortel,Meridian Link/CCR/Max,,,maint,maint,,, nortel,Meridian Link/CCR/Max,,,mlusr,mlusr,,, nortel,Meridian Link/CCR/Max,,,service,smile,,, nortel,Meridian Link/CCR/Max,,,trmcnfg,trmcnfg,,, nortel,Meridian MAX,,,maint,ntacdmax,,, nortel,Meridian MAX,,,root,3ep5w2u,,, nortel,Meridian MAX,,,service,smile,,, nortel,Meridian MAX,,Admin,root,3ep5w2u,,, nortel,Meridian MAX,,Maintenance account,maint,ntacdmax,,, nortel,Meridian MAX,,general engineer account,service,smile,,, nortel,Meridian Mail,10.xx,AX in serial,admin,admin,Admin,, nortel,Meridian Mail,13.xx,AX in serial,system,adminpwd,Admin,, nortel,Meridian Max,,Multi,maint,maint,Maintenance account,, nortel,Meridian Max,,Multi,maint,ntacdmax,Maintenance account,, nortel,Meridian Max,,Multi,root,3ep5w2u,Admin,, nortel,Meridian Max,,Multi,service,smile,general engineer account,, nortel,Meridian Max,,telnet/modem,disttech,4tas,,, nortel,Meridian Max,,telnet/modem,disttech,etas,,, nortel,Meridian Max,,telnet/modem,mlusr,mlusr,user account,, nortel,Meridian Max,,telnet/modem,trmcnfg,trmcnfg,,, nortel,Meridian Max,,telnet/moden,ccrusr,ccrusr,User account,, nortel,Meridian PBX,,,login,0,,, nortel,Meridian PBX,,,login,0000,,, nortel,Meridian PBX,,,login,1111,,, nortel,Meridian PBX,,,login,8429,,, nortel,Meridian PBX,,,spcl,0,,, nortel,Meridian PBX,,,spcl,0000,,, nortel,Meridian PBX,,Serial,login,0,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,login,0000,,, nortel,Meridian PBX,,Serial,login,1111,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,login,8429,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,spcl,0,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,spcl,0000,,, nortel,Meridian,,,,,,, nortel,Meridian,,Admin,,,,, nortel,Meridian,,Multi,,,Admin,, nortel,Millennium,,keypad while hung up,,2727378,Maintenance,, nortel,Norstar Modular ICS,,,**ADMIN (**23646),ADMIN (23646),,Any, nortel,Norstar Modular ICS,,,**CONFIG (266344),CONFIG (266344),,Any, nortel,Norstar,,Console,266344,266344,Admin,, nortel,Phone System,All,From Phone,,266344,Installers,, nortel,Remote Office 9150,,,admin,root,,, nortel,Remote Office 9150,,Admin,admin,root,,, nortel,Remote Office 9150,,Client,admin,root,Admin,, nortel,Shasta,,,admin,admin,,any, nortel,Symposium,,,sysadmin,nortel,,, nortel,Symposium,,,sysadmin,nortel,Admin,, nortel,dms,,Multi,,,Admin,, nortel,p8600,,Multi,,,Admin,, novell,Groupwise 5.5 Enhancement Pack,,,servlet,manager,,, novell,Groupwise 6.0,,,servlet,manager,,, novell,Groupwise,,5.5 Enhancement Pack,servlet,manager,,, novell,Groupwise,,6,servlet,manager,,, novell,Groupwise,,Servlet Mgr,servlet,manager,,, novell,Groupwise,5.5 Enhancement Pack,HTTP,servlet,manager,Servlet Mgr,, novell,Groupwise,6.0,HTTP,servlet,manager,Servlet Mgr,, novell,NDS iMonitor,,,sadmin,,,, novell,NDS iMonitor,,http,sadmin,,Admin,, novell,NetWare,,,BACKUP,,,Any, novell,NetWare,,,CHEY_ARCHSVR,WONDERLAND,,Arcserve, novell,NetWare,,,GATE,,,Any, novell,NetWare,,,GATEWAY,,,Any, novell,NetWare,,,HPLASER,,,Any, novell,NetWare,,,LASER,,,Any, novell,NetWare,,,LASERWRITER,,,Any, novell,NetWare,,,MAIL,,,Any, novell,NetWare,,,POST,,,Any, novell,NetWare,,,PRINT,,,any, novell,NetWare,,,PRINTER,,,Any, novell,NetWare,,,ROUTER,,,Any, novell,NetWare,,,WINDOWS_PASSTHRU,,,Any, novell,NetWare,,,guest,,,Any, novell,Netware,,,ADMIN,,,, novell,Netware,,,ADMIN,ADMIN,,, novell,Netware,,,ARCHIVIST,,,, novell,Netware,,,ARCHIVIST,ARCHIVIST,,, novell,Netware,,,BACKUP,,,, novell,Netware,,,BACKUP,BACKUP,,, novell,Netware,,,CHEY_ARCHSVR,,,, novell,Netware,,,CHEY_ARCHSVR,CHEY_ARCHSVR,,, novell,Netware,,,FAX,,,, novell,Netware,,,FAX,FAX,,, novell,Netware,,,FAXUSER,,,, novell,Netware,,,FAXUSER,FAXUSER,,, novell,Netware,,,FAXWORKS,,,, novell,Netware,,,FAXWORKS,FAXWORKS,,, novell,Netware,,,GATEWAY,,,, novell,Netware,,,GATEWAY,GATEWAY,,, novell,Netware,,,GUEST,,,, novell,Netware,,,GUEST,GUEST,,, novell,Netware,,,GUEST,GUESTGUE,,, novell,Netware,,,GUEST,GUESTGUEST,,, novell,Netware,,,GUEST,TSEUG,,, novell,Netware,,,HPLASER,,,, novell,Netware,,,HPLASER,HPLASER,,, novell,Netware,,,LASER,,,, novell,Netware,,,LASER,LASER,,, novell,Netware,,,LASERWRITER,,,, novell,Netware,,,LASERWRITER,LASERWRITER,,, novell,Netware,,,MAIL,,,, novell,Netware,,,MAIL,MAIL,,, novell,Netware,,,POST,,,, novell,Netware,,,POST,POST,,, novell,Netware,,,PRINT,,,, novell,Netware,,,PRINT,PRINT,,, novell,Netware,,,PRINTER,,,, novell,Netware,,,PRINTER,PRINTER,,, novell,Netware,,,ROOT,,,, novell,Netware,,,ROOT,ROOT,,, novell,Netware,,,ROUTER,,,, novell,Netware,,,SABRE,,,, novell,Netware,,,SUPERVISOR,,,, novell,Netware,,,SUPERVISOR,HARRIS,,, novell,Netware,,,SUPERVISOR,NETFRAME,,, novell,Netware,,,SUPERVISOR,NF,,, novell,Netware,,,SUPERVISOR,NFI,,, novell,Netware,,,SUPERVISOR,SUPERVISOR,,, novell,Netware,,,SUPERVISOR,SYSTEM,,, novell,Netware,,,TEST,,,, novell,Netware,,,TEST,TEST,,, novell,Netware,,,USER_TEMPLATE,,,, novell,Netware,,,USER_TEMPLATE,USER_TEMPLATE,,, novell,Netware,,,WANGTEK,,,, novell,Netware,,,WANGTEK,WANGTEK,,, novell,Netware,,,WINDOWS_PASSTHRU,,,, novell,Netware,,,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, novell,Netware,,,WINSABRE,SABRE,,, novell,Netware,,,WINSABRE,WINSABRE,,, novell,Netware,,Multi,ADMIN,,,, novell,Netware,,Multi,ADMIN,ADMIN,,, novell,Netware,,Multi,ARCHIVIST,,,, novell,Netware,,Multi,ARCHIVIST,ARCHIVIST,,, novell,Netware,,Multi,BACKUP,,,, novell,Netware,,Multi,BACKUP,BACKUP,,, novell,Netware,,Multi,CHEY_ARCHSVR,,,, novell,Netware,,Multi,CHEY_ARCHSVR,CHEY_ARCHSVR,,, novell,Netware,,Multi,FAX,,,, novell,Netware,,Multi,FAX,FAX,,, novell,Netware,,Multi,FAXUSER,,,, novell,Netware,,Multi,FAXUSER,FAXUSER,,, novell,Netware,,Multi,FAXWORKS,,,, novell,Netware,,Multi,FAXWORKS,FAXWORKS,,, novell,Netware,,Multi,GATEWAY,,,, novell,Netware,,Multi,GATEWAY,GATEWAY,,, novell,Netware,,Multi,GUEST,,,, novell,Netware,,Multi,GUEST,GUEST,,, novell,Netware,,Multi,GUEST,GUESTGUE,,, novell,Netware,,Multi,GUEST,GUESTGUEST,,, novell,Netware,,Multi,GUEST,TSEUG,,, novell,Netware,,Multi,HPLASER,,,, novell,Netware,,Multi,HPLASER,HPLASER,,, novell,Netware,,Multi,LASER,,,, novell,Netware,,Multi,LASER,LASER,,, novell,Netware,,Multi,LASERWRITER,,,, novell,Netware,,Multi,LASERWRITER,LASERWRITER,,, novell,Netware,,Multi,MAIL,,,, novell,Netware,,Multi,MAIL,MAIL,,, novell,Netware,,Multi,POST,,,, novell,Netware,,Multi,POST,POST,,, novell,Netware,,Multi,PRINT,,,, novell,Netware,,Multi,PRINT,PRINT,,, novell,Netware,,Multi,PRINTER,,,, novell,Netware,,Multi,PRINTER,PRINTER,,, novell,Netware,,Multi,ROOT,,,, novell,Netware,,Multi,ROOT,ROOT,,, novell,Netware,,Multi,ROUTER,,,, novell,Netware,,Multi,SABRE,,,, novell,Netware,,Multi,SUPERVISOR,,,, novell,Netware,,Multi,SUPERVISOR,HARRIS,,, novell,Netware,,Multi,SUPERVISOR,NETFRAME,,, novell,Netware,,Multi,SUPERVISOR,NF,,, novell,Netware,,Multi,SUPERVISOR,NFI,,, novell,Netware,,Multi,SUPERVISOR,SUPERVISOR,,, novell,Netware,,Multi,SUPERVISOR,SYSTEM,,, novell,Netware,,Multi,TEST,,,, novell,Netware,,Multi,TEST,TEST,,, novell,Netware,,Multi,USER_TEMPLATE,,,, novell,Netware,,Multi,USER_TEMPLATE,USER_TEMPLATE,,, novell,Netware,,Multi,WANGTEK,,,, novell,Netware,,Multi,WANGTEK,WANGTEK,,, novell,Netware,,Multi,WINDOWS_PASSTHRU,,,, novell,Netware,,Multi,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, novell,Netware,,Multi,WINSABRE,SABRE,,, novell,Netware,,Multi,WINSABRE,WINSABRE,,, novell,iChain,,1.5,,san fran 8,,, novell,iChain,,2,,cr0wmt 911,,, novell,iChain,,Admin,,cr0wmt 911,,, novell,iChain,,Admin,,san fran 8,,, novell,iChain,1.5,Console,,san fran 8,Admin,, novell,iChain,2.0,Console,,cr0wmt 911,Admin,, novell,iChain/ICS,,1.2 2.0,,root,,, novell,iChain/ICS,,Admin,,root,,, novell,iChain/ICS,1.2 2.0,Telnet,,root,Admin,, novell,iManager,,2.0.1,admin,novell,,, novell,iManager,2.0.1,,,admin,novell,, nrg,DSC338 Printer,1.19,HTTP,,password,Admin,no user, nrg,SP C312DN,1.03,,Admin,,Administrator,, nsi,vmXfw,,,root,nsi,Admin,, nullsoft,Shoutcast,1.9.5,PLS,admin,changeme,Admin,, nurit,PC BIOS,,,$system,,,, nurit,PC BIOS,,Admin,$system,,,, nurit,PC BIOS,,Console,$system,,Admin,, oce,Printers,,Admin,,0 and the number of OCE printer,,, oce,Printers,Hardware,HTTP,,0 and the number of OCE printer,Admin,, oce,TCS500,All Versions,Console,oceservice,ser4OCE!,Technical/Admin,Reboot for normal user mode., oce,TDS300,ALL,Direct,guest,RtFM!,,, oce,TDS450,,,oceservice,ser4OCE!,tech/admin,, oce,cm4010,,Web Console via IP Address,Administrator,admin,administrator level,, oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, oki,B6300,,,root,last six charachter of mac address,root,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, oki,C5550 MFP,,http,,*blank*,Admin,, oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,C610,,,admin,aaaaaa,admin,, oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, oki,C830,all,web,root,last 6 digits of the MAC address,,, oki,C8800,,Web or Console,root,Last six characters of MAC address,,, oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, oki,ES8460,,http,admin,aaaaaa,,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,MC560,,Printer Menu,,,,When asked for password, oki,MC860,,Web interface,admin,aaaaaa,admin,, oki,ML491n,,http://,Admin,OkiLAN,Admin,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, olicom,8600,,9600,-,AaBbCcDd,,, olicom,8600,all,Serial,-,AaBbCcDd,9600,, olitec,sx 200 adsl modem router,,Multi,admin,adslolitec,Admin,default ip 192.168.0.250, olitec,sx 202 adsl modem router,,HTTP,admin,admin,Admin,Firmware: 2.7.0.9(UE0.B1C)3.3.0.23, omnitronix,Data-Link,DL150,Multi,,SMDR,Admin,, omnitronix,Data-Link,DL150,Multi,,SUPER,Admin,, omron,MR104FH,,Multi,,,Admin,, oodie.com,odfaq,,admin,admin,admin,,, oodiecom,odfaq,2.1.0,HTTP,admin,admin,admin,, openconnect,OC://WebConnect Pro,,Multi,admin,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminstat,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminuser,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminview,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,helpdesk,OCS,Admin,, openmarket,Content Server,,,Bobo,hello,,, openmarket,Content Server,,,Coco,hello,,, openmarket,Content Server,,,Flo,hello,,, openmarket,Content Server,,,Joe,hello,,, openmarket,Content Server,,,Moe,hello,,, openmarket,Content Server,,,admin,demo,,, openmarket,Content Server,,,user_analyst,demo,,, openmarket,Content Server,,,user_approver,demo,,, openmarket,Content Server,,,user_author,demo,,, openmarket,Content Server,,,user_checker,demo,,, openmarket,Content Server,,,user_designer,demo,,, openmarket,Content Server,,,user_editor,demo,,, openmarket,Content Server,,,user_expert,demo,,, openmarket,Content Server,,,user_marketer,demo,,, openmarket,Content Server,,,user_pricer,demo,,, openmarket,Content Server,,,user_publisher,demo,,, openmarket,Content Server,,http,Admin,demo,Admin,, openmarket,Content Server,,http,Bobo,hello,,, openmarket,Content Server,,http,Coco,hello,,, openmarket,Content Server,,http,Flo,hello,,, openmarket,Content Server,,http,Joe,hello,,, openmarket,Content Server,,http,Moe,hello,,, openmarket,Content Server,,http,user_analyst,demo,,, openmarket,Content Server,,http,user_approver,demo,,, openmarket,Content Server,,http,user_author,demo,,, openmarket,Content Server,,http,user_checker,demo,,, openmarket,Content Server,,http,user_designer,demo,,, openmarket,Content Server,,http,user_editor,demo,,, openmarket,Content Server,,http,user_expert,demo,,, openmarket,Content Server,,http,user_marketer,demo,,, openmarket,Content Server,,http,user_pricer,demo,,, openmarket,Content Server,,http,user_publisher,demo,,, openwave,MSP,,Admin,cac_admin,cacadmin,,, openwave,MSP,,Any,cac_admin,cacadmin,,, openwave,MSP,Any,HTTP,cac_admin,cacadmin,Admin,, openwave,WAP Gateway,,Admin,sys,uplink,,, openwave,WAP Gateway,,Any,sys,uplink,,, openwave,WAP Gateway,Any,HTTP,sys,uplink,Admin,, openxchange,Open-Xchange LDAP,Open source versions below 0.8.2,,mailadmin,secret,high risk,, openxchange,Open-Xchange Server,5,,mailadmin,secret,Admin,, optivision,Nac 3000 & 4000,,,root,mpegvideo,,any, optivision,Nac 3000,,,root,mpegvideo,,, optus,Counter-Strike,,1.3,Administrator,admin,,, optus,Counter-Strike,,Admin,Administrator,admin,,, optus,Counter-Strike,1.3,Multi,Administrator,admin,Admin,, oracle corporation,Oracle,,,ABM,ABM,,, oracle corporation,Oracle,,,ADAMS,WOOD,,, oracle corporation,Oracle,,,ADLDEMO,ADLDEMO,,, oracle corporation,Oracle,,,ADMIN,JETSPEED,,, oracle corporation,Oracle,,,ADMINISTRATOR,ADMIN,,, oracle corporation,Oracle,,,AHL,AHL,,, oracle corporation,Oracle,,,AHM,AHM,,, oracle corporation,Oracle,,,AK,AK,,, oracle corporation,Oracle,,,ALHRO,XXX,,, oracle corporation,Oracle,,,ALHRW,XXX,,, oracle corporation,Oracle,,,ALR,ALR,,, oracle corporation,Oracle,,,AMS,AMS,,, oracle corporation,Oracle,,,AMV,AMV,,, oracle corporation,Oracle,,,ANDY,SWORDFISH,,, oracle corporation,Oracle,,,ANONYMOUS,ANONYMOUS,,, oracle corporation,Oracle,,,AP,AP,,, oracle corporation,Oracle,,,APPLMGR,APPLMGR,,, oracle corporation,Oracle,,,APPLSYS,FND,,, oracle corporation,Oracle,,,APPLSYSPUB,FNDPUB,,, oracle corporation,Oracle,,,APPLYSYSPUB,PUB,,, oracle corporation,Oracle,,,APPS,APPS,,, oracle corporation,Oracle,,,APPS_MRC,APPS,,, oracle corporation,Oracle,,,APPUSER,APPPASSWORD,,, oracle corporation,Oracle,,,AQ,AQ,,, oracle corporation,Oracle,,,AQDEMO,AQDEMO,,, oracle corporation,Oracle,,,AQJAVA,AQJAVA,,, oracle corporation,Oracle,,,AQUSER,AQUSER,,, oracle corporation,Oracle,,,AR,AR,,, oracle corporation,Oracle,,,ASF,ASF,,, oracle corporation,Oracle,,,ASG,ASG,,, oracle corporation,Oracle,,,ASL,ASL,,, oracle corporation,Oracle,,,ASO,ASO,,, oracle corporation,Oracle,,,ASP,ASP,,, oracle corporation,Oracle,,,AST,AST,,, oracle corporation,Oracle,,,ATM,SAMPLEATM,,, oracle corporation,Oracle,,,AUDIOUSER,AUDIOUSER,,, oracle corporation,Oracle,,,AURORA$JIS$UTILITY$,INVALID,,, oracle corporation,Oracle,,,AURORA$ORB$UNAUTHENTICATED,,,, oracle corporation,Oracle,,,AX,AX,,, oracle corporation,Oracle,,,AZ,AZ,,, oracle corporation,Oracle,,,BC4J,BC4J,,, oracle corporation,Oracle,,,BEN,BEN,,, oracle corporation,Oracle,,,BIC,BIC,,, oracle corporation,Oracle,,,BIL,BIL,,, oracle corporation,Oracle,,,BIM,BIM,,, oracle corporation,Oracle,,,BIS,BIS,,, oracle corporation,Oracle,,,BIV,BIV,,, oracle corporation,Oracle,,,BIX,BIX,,, oracle corporation,Oracle,,,BLAKE,PAPER,,, oracle corporation,Oracle,,,BLEWIS,BLEWIS,,, oracle corporation,Oracle,,,BOM,BOM,,, oracle corporation,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, oracle corporation,Oracle,,,BRUGERNAVN,ADGANGSKODE,,, oracle corporation,Oracle,,,BRUKERNAVN,PASSWORD,,, oracle corporation,Oracle,,,BSC,BSC,,, oracle corporation,Oracle,,,BUG_REPORTS,BUG_REPORTS,,, oracle corporation,Oracle,,,CALVIN,HOBBES,,, oracle corporation,Oracle,,,CATALOG,CATALOG,,, oracle corporation,Oracle,,,CCT,CCT,,, oracle corporation,Oracle,,,CDEMO82,UNKNOWN,,, oracle corporation,Oracle,,,CDEMOCOR,CDEMOCOR,,, oracle corporation,Oracle,,,CDEMORID,CDEMORID,,, oracle corporation,Oracle,,,CDEMOUCB,CDEMOUCB,,, oracle corporation,Oracle,,,CDOUGLAS,CDOUGLAS,,, oracle corporation,Oracle,,,CE,CE,,, oracle corporation,Oracle,,,CENTRA,CENTRA,,, oracle corporation,Oracle,,,CENTRAL,CENTRAL,,, oracle corporation,Oracle,,,CIDS,CIDS,,, oracle corporation,Oracle,,,CIS,ZWERG,,, oracle corporation,Oracle,,,CISINFO,ZWERG,,, oracle corporation,Oracle,,,CLARK,CLOTH,,, oracle corporation,Oracle,,,CLKANA,,,, oracle corporation,Oracle,,,CLKRT,,,, oracle corporation,Oracle,,,CN,CN,,, oracle corporation,Oracle,,,COMPANY,COMPANY,,, oracle corporation,Oracle,,,COMPIERE,COMPIERE,,, oracle corporation,Oracle,,,CQSCHEMAUSER,PASSWORD,,, oracle corporation,Oracle,,,CQUSERDBUSER,PASSWORD,,, oracle corporation,Oracle,,,CRP,CRP,,, oracle corporation,Oracle,,,CS,CS,,, oracle corporation,Oracle,,,CSC,CSC,,, oracle corporation,Oracle,,,CSD,CSD,,, oracle corporation,Oracle,,,CSE,CSE,,, oracle corporation,Oracle,,,CSF,CSF,,, oracle corporation,Oracle,,,CSI,CSI,,, oracle corporation,Oracle,,,CSL,CSL,,, oracle corporation,Oracle,,,CSMIG,CSMIG,,, oracle corporation,Oracle,,,CSP,CSP,,, oracle corporation,Oracle,,,CSR,CSR,,, oracle corporation,Oracle,,,CSS,CSS,,, oracle corporation,Oracle,,,CTXDEMO,CTXDEMO,,, oracle corporation,Oracle,,,CTXSYS,UNKNOWN,,, oracle corporation,Oracle,,,CUA,CUA,,, oracle corporation,Oracle,,,CUE,CUE,,, oracle corporation,Oracle,,,CUF,CUF,,, oracle corporation,Oracle,,,CUG,CUG,,, oracle corporation,Oracle,,,CUI,CUI,,, oracle corporation,Oracle,,,CUN,CUN,,, oracle corporation,Oracle,,,CUP,CUP,,, oracle corporation,Oracle,,,CUS,CUS,,, oracle corporation,Oracle,,,CZ,CZ,,, oracle corporation,Oracle,,,DATA_SCHEMA,LASKJDF098KSDAF09,,, oracle corporation,Oracle,,,DBI,MUMBLEFRATZ,,, oracle corporation,Oracle,,,DBSNMP,DBSNMP,,, oracle corporation,Oracle,,,DBVISION,DBVISION,,, oracle corporation,Oracle,,,DCM,,,, oracle corporation,Oracle,,,DDIC,199220706,,, oracle corporation,Oracle,,,DEMO,DEMO,,, oracle corporation,Oracle,,,DEMO8,DEMO8,,, oracle corporation,Oracle,,,DEMO9,DEMO9,,, oracle corporation,Oracle,,,DES,DES,,, oracle corporation,Oracle,,,DES2K,DES2K,,, oracle corporation,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, oracle corporation,Oracle,,,DIANE,PASSWO1,,, oracle corporation,Oracle,,,DIP,DIP,,, oracle corporation,Oracle,,,DISCOVERER5,,,, oracle corporation,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, oracle corporation,Oracle,,,DMSYS,DMSYS,,, oracle corporation,Oracle,,,DPF,DPFPASS,,, oracle corporation,Oracle,,,DSGATEWAY,,,, oracle corporation,Oracle,,,DSSYS,DSSYS,,, oracle corporation,Oracle,,,DTSP,DTSP,,, oracle corporation,Oracle,,,EAA,EAA,,, oracle corporation,Oracle,,,EAM,EAM,,, oracle corporation,Oracle,,,EARLYWATCH,SUPPORT,,, oracle corporation,Oracle,,,EAST,EAST,,, oracle corporation,Oracle,,,EC,EC,,, oracle corporation,Oracle,,,ECX,ECX,,, oracle corporation,Oracle,,,EJB,EJB,,, oracle corporation,Oracle,,,EJSADMIN,EJSADMIN,,, oracle corporation,Oracle,,,EMP,EMP,,, oracle corporation,Oracle,,,ENG,ENG,,, oracle corporation,Oracle,,,ENI,ENI,,, oracle corporation,Oracle,,,ESTOREUSER,ESTORE,,, oracle corporation,Oracle,,,EVENT,EVENT,,, oracle corporation,Oracle,,,EVM,EVM,,, oracle corporation,Oracle,,,EXAMPLE,EXAMPLE,,, oracle corporation,Oracle,,,EXFSYS,EXFSYS,,, oracle corporation,Oracle,,,EXTDEMO,EXTDEMO,,, oracle corporation,Oracle,,,EXTDEMO2,EXTDEMO2,,, oracle corporation,Oracle,,,FA,FA,,, oracle corporation,Oracle,,,FEM,FEM,,, oracle corporation,Oracle,,,FII,FII,,, oracle corporation,Oracle,,,FINANCE,FINANCE,,, oracle corporation,Oracle,,,FINPROD,FINPROD,,, oracle corporation,Oracle,,,FLM,FLM,,, oracle corporation,Oracle,,,FND,FND,,, oracle corporation,Oracle,,,FOO,BAR,,, oracle corporation,Oracle,,,FPT,FPT,,, oracle corporation,Oracle,,,FRM,FRM,,, oracle corporation,Oracle,,,FROSTY,SNOWMAN,,, oracle corporation,Oracle,,,FTE,FTE,,, oracle corporation,Oracle,,,FV,FV,,, oracle corporation,Oracle,,,GL,GL,,, oracle corporation,Oracle,,,GMA,GMA,,, oracle corporation,Oracle,,,GMD,GMD,,, oracle corporation,Oracle,,,GME,GME,,, oracle corporation,Oracle,,,GMF,GMF,,, oracle corporation,Oracle,,,GMI,GMI,,, oracle corporation,Oracle,,,GML,GML,,, oracle corporation,Oracle,,,GMP,GMP,,, oracle corporation,Oracle,,,GMS,GMS,,, oracle corporation,Oracle,,,GPFD,GPFD,,, oracle corporation,Oracle,,,GPLD,GPLD,,, oracle corporation,Oracle,,,GR,GR,,, oracle corporation,Oracle,,,HADES,HADES,,, oracle corporation,Oracle,,,HCPARK,HCPARK,,, oracle corporation,Oracle,,,HLW,HLW,,, oracle corporation,Oracle,,,HR,HR,,, oracle corporation,Oracle,,,HRI,HRI,,, oracle corporation,Oracle,,,HVST,HVST,,, oracle corporation,Oracle,,,HXC,HXC,,, oracle corporation,Oracle,,,HXT,HXT,,, oracle corporation,Oracle,,,IBA,IBA,,, oracle corporation,Oracle,,,IBE,IBE,,, oracle corporation,Oracle,,,IBP,IBP,,, oracle corporation,Oracle,,,IBU,IBU,,, oracle corporation,Oracle,,,IBY,IBY,,, oracle corporation,Oracle,,,ICDBOWN,ICDBOWN,,, oracle corporation,Oracle,,,ICX,ICX,,, oracle corporation,Oracle,,,IDEMO_USER,IDEMO_USER,,, oracle corporation,Oracle,,,IEB,IEB,,, oracle corporation,Oracle,,,IEC,IEC,,, oracle corporation,Oracle,,,IEM,IEM,,, oracle corporation,Oracle,,,IEO,IEO,,, oracle corporation,Oracle,,,IES,IES,,, oracle corporation,Oracle,,,IEU,IEU,,, oracle corporation,Oracle,,,IEX,IEX,,, oracle corporation,Oracle,,,IFSSYS,IFSSYS,,, oracle corporation,Oracle,,,IGC,IGC,,, oracle corporation,Oracle,,,IGF,IGF,,, oracle corporation,Oracle,,,IGI,IGI,,, oracle corporation,Oracle,,,IGS,IGS,,, oracle corporation,Oracle,,,IGW,IGW,,, oracle corporation,Oracle,,,IMAGEUSER,IMAGEUSER,,, oracle corporation,Oracle,,,IMC,IMC,,, oracle corporation,Oracle,,,IMEDIA,IMEDIA,,, oracle corporation,Oracle,,,IMT,IMT,,, oracle corporation,Oracle,,,INTERNAL,SYS_STNT,,, oracle corporation,Oracle,,,INV,INV,,, oracle corporation,Oracle,,,IPA,IPA,,, oracle corporation,Oracle,,,IPD,IPD,,, oracle corporation,Oracle,,,IPLANET,IPLANET,,, oracle corporation,Oracle,,,ISC,ISC,,, oracle corporation,Oracle,,,ITG,ITG,,, oracle corporation,Oracle,,,JA,JA,,, oracle corporation,Oracle,,,JAKE,PASSWO4,,, oracle corporation,Oracle,,,JE,JE,,, oracle corporation,Oracle,,,JG,JG,,, oracle corporation,Oracle,,,JILL,PASSWO2,,, oracle corporation,Oracle,,,JL ,JL ,,, oracle corporation,Oracle,,,JMUSER,JMUSER,,, oracle corporation,Oracle,,,JOHN,JOHN,,, oracle corporation,Oracle,,,JONES,STEEL,,, oracle corporation,Oracle,,,JTF,JTF,,, oracle corporation,Oracle,,,JTM,JTM,,, oracle corporation,Oracle,,,JTS,JTS,,, oracle corporation,Oracle,,,JWARD,AIROPLANE,,, oracle corporation,Oracle,,,KWALKER,KWALKER,,, oracle corporation,Oracle,,,L2LDEMO,L2LDEMO,,, oracle corporation,Oracle,,,LBACSYS,LBACSYS,,, oracle corporation,Oracle,,,LIBRARIAN,SHELVES,,, oracle corporation,Oracle,,,MANPROD,MANPROD,,, oracle corporation,Oracle,,,MARK,PASSWO3,,, oracle corporation,Oracle,,,MASCARM,MANAGER,,, oracle corporation,Oracle,,,MASTER,PASSWORD,,, oracle corporation,Oracle,,,MDDATA,MDDATA,,, oracle corporation,Oracle,,,MDDEMO,MDDEMO,,, oracle corporation,Oracle,,,MDDEMO_CLERK,MGR,,, oracle corporation,Oracle,,,MDDEMO_MGR,MGR,,, oracle corporation,Oracle,,,MDSYS,MDSYS,,, oracle corporation,Oracle,,,ME,ME,,, oracle corporation,Oracle,,,MFG,MFG,,, oracle corporation,Oracle,,,MGR,MGR,,, oracle corporation,Oracle,,,MGWUSER,MGWUSER,,, oracle corporation,Oracle,,,MIGRATE,MIGRATE,,, oracle corporation,Oracle,,,MILLER,MILLER,,, oracle corporation,Oracle,,,MMO2,UNKNOWN,,, oracle corporation,Oracle,,,MODTEST,YES,,, oracle corporation,Oracle,,,MOREAU,MOREAU,,, oracle corporation,Oracle,,,MRP,MRP,,, oracle corporation,Oracle,,,MSC,MSC,,, oracle corporation,Oracle,,,MSD,MSD,,, oracle corporation,Oracle,,,MSO,MSO,,, oracle corporation,Oracle,,,MSR,MSR,,, oracle corporation,Oracle,,,MTSSYS,MTSSYS,,, oracle corporation,Oracle,,,MTS_USER,MTS_PASSWORD,,, oracle corporation,Oracle,,,MWA,MWA,,, oracle corporation,Oracle,,,MXAGENT,MXAGENT,,, oracle corporation,Oracle,,,NAMES,NAMES,,, oracle corporation,Oracle,,,NEOTIX_SYS,NEOTIX_SYS,,, oracle corporation,Oracle,,,NNEUL,NNEULPASS,,, oracle corporation,Oracle,,,NOMEUTENTE,PASSWORD,,, oracle corporation,Oracle,,,NOME_UTILIZADOR,SENHA,,, oracle corporation,Oracle,,,NOM_UTILISATEUR,MOT_DE_PASSE,,, oracle corporation,Oracle,,,NUME_UTILIZATOR,PAROL,,, oracle corporation,Oracle,,,OAIHUB902,,,, oracle corporation,Oracle,,,OAS_PUBLIC,,,, oracle corporation,Oracle,,,OCITEST,OCITEST,,, oracle corporation,Oracle,,,OCM_DB_ADMIN,OCM_DB_ADMIN,,, oracle corporation,Oracle,,,ODM,ODM,,, oracle corporation,Oracle,,,ODM_MTR,MTRPW,,, oracle corporation,Oracle,,,ODS,ODS,,, oracle corporation,Oracle,,,ODSCOMMON,ODSCOMMON,,, oracle corporation,Oracle,,,ODS_SERVER,ODS_SERVER,,, oracle corporation,Oracle,,,OE,OE,,, oracle corporation,Oracle,,,OEMADM,OEMADM,,, oracle corporation,Oracle,,,OEMREP,OEMREP,,, oracle corporation,Oracle,,,OEM_REPOSITORY,,,, oracle corporation,Oracle,,,OKB,OKB,,, oracle corporation,Oracle,,,OKC,OKC,,, oracle corporation,Oracle,,,OKE,OKE,,, oracle corporation,Oracle,,,OKI,OKI,,, oracle corporation,Oracle,,,OKO,OKO,,, oracle corporation,Oracle,,,OKR,OKR,,, oracle corporation,Oracle,,,OKS,OKS,,, oracle corporation,Oracle,,,OKX,OKX,,, oracle corporation,Oracle,,,OLAPDBA,OLAPDBA,,, oracle corporation,Oracle,,,OLAPSVR,INSTANCE,,, oracle corporation,Oracle,,,OLAPSYS,MANAGER,,, oracle corporation,Oracle,,,OMWB_EMULATION,ORACLE,,, oracle corporation,Oracle,,,ONT,ONT,,, oracle corporation,Oracle,,,OO,OO,,, oracle corporation,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, oracle corporation,Oracle,,,OPI,OPI,,, oracle corporation,Oracle,,,ORACACHE,,,, oracle corporation,Oracle,,,ORACLE,ORACLE,,, oracle corporation,Oracle,,,ORADBA,ORADBAPASS,,, oracle corporation,Oracle,,,ORANGE,,,, oracle corporation,Oracle,,,ORAPROBE,ORAPROBE,,, oracle corporation,Oracle,,,ORAREGSYS,ORAREGSYS,,, oracle corporation,Oracle,,,ORASSO,ORASSO,,, oracle corporation,Oracle,,,ORASSO_DS,ORASSO_DS,,, oracle corporation,Oracle,,,ORASSO_PA,ORASSO_PA,,, oracle corporation,Oracle,,,ORASSO_PS,ORASSO_PS,,, oracle corporation,Oracle,,,ORASSO_PUBLIC,ORASSO_PUBLIC,,, oracle corporation,Oracle,,,ORASTAT,ORASTAT,,, oracle corporation,Oracle,,,ORCLADMIN,WELCOME,,, oracle corporation,Oracle,,,ORDCOMMON,ORDCOMMON,,, oracle corporation,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, oracle corporation,Oracle,,,ORDSYS,ORDSYS,,, oracle corporation,Oracle,,,OSE$HTTP$ADMIN,INVALID,,, oracle corporation,Oracle,,,OSM,OSM,,, oracle corporation,Oracle,,,OSP22,OSP22,,, oracle corporation,Oracle,,,OSSAQ_HOST,,,, oracle corporation,Oracle,,,OSSAQ_PUB,,,, oracle corporation,Oracle,,,OSSAQ_SUB,,,, oracle corporation,Oracle,,,OTA,OTA,,, oracle corporation,Oracle,,,OUTLN,OUTLN,,, oracle corporation,Oracle,,,OWA,OWA,,, oracle corporation,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, oracle corporation,Oracle,,,OWF_MGR,OWF_MGR,,, oracle corporation,Oracle,,,OWNER,OWNER,,, oracle corporation,Oracle,,,OZF,OZF,,, oracle corporation,Oracle,,,OZP,OZP,,, oracle corporation,Oracle,,,OZS,OZS,,, oracle corporation,Oracle,,,PA,PA,,, oracle corporation,Oracle,,,PANAMA,PANAMA,,, oracle corporation,Oracle,,,PATROL,PATROL,,, oracle corporation,Oracle,,,PAUL,PAUL,,, oracle corporation,Oracle,,,PERFSTAT,PERFSTAT,,, oracle corporation,Oracle,,,PERSTAT,PERSTAT,,, oracle corporation,Oracle,,,PJM,PJM,,, oracle corporation,Oracle,,,PLANNING,PLANNING,,, oracle corporation,Oracle,,,PLEX,PLEX,,, oracle corporation,Oracle,,,PLSQL,SUPERSECRET,,, oracle corporation,Oracle,,,PM,PM,,, oracle corporation,Oracle,,,PMI,PMI,,, oracle corporation,Oracle,,,PN,PN,,, oracle corporation,Oracle,,,PO,PO,,, oracle corporation,Oracle,,,PO7,PO7,,, oracle corporation,Oracle,,,PO8,PO8,,, oracle corporation,Oracle,,,POA,POA,,, oracle corporation,Oracle,,,POM,POM,,, oracle corporation,Oracle,,,PORTAL,,,, oracle corporation,Oracle,,,PORTAL30,PORTAL31,,, oracle corporation,Oracle,,,PORTAL30_ADMIN,PORTAL30_ADMIN,,, oracle corporation,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, oracle corporation,Oracle,,,PORTAL30_PS,PORTAL30_PS,,, oracle corporation,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, oracle corporation,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, oracle corporation,Oracle,,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,,, oracle corporation,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, oracle corporation,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, oracle corporation,Oracle,,,PORTAL_APP,,,, oracle corporation,Oracle,,,PORTAL_DEMO,,,, oracle corporation,Oracle,,,PORTAL_PUBLIC,,,, oracle corporation,Oracle,,,PORTAL_SSO_PS,PORTAL_SSO_PS,,, oracle corporation,Oracle,,,POS,POS,,, oracle corporation,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, oracle corporation,Oracle,,,PRIMARY,PRIMARY,,, oracle corporation,Oracle,,,PSA,PSA,,, oracle corporation,Oracle,,,PSB,PSB,,, oracle corporation,Oracle,,,PSP,PSP,,, oracle corporation,Oracle,,,PUBSUB,PUBSUB,,, oracle corporation,Oracle,,,PUBSUB1,PUBSUB1,,, oracle corporation,Oracle,,,PV,PV,,, oracle corporation,Oracle,,,QA,QA,,, oracle corporation,Oracle,,,QDBA,QDBA,,, oracle corporation,Oracle,,,QP,QP,,, oracle corporation,Oracle,,,QS,CHANGE_ON_INSTALL,,, oracle corporation,Oracle,,,QS_ADM,UNKNOWN,,, oracle corporation,Oracle,,,QS_CB,QS_CB,,, oracle corporation,Oracle,,,QS_CBADM,UNKNOWN,,, oracle corporation,Oracle,,,QS_CS,UNKNOWN,,, oracle corporation,Oracle,,,QS_ES,CHANGE_ON_INSTALL,,, oracle corporation,Oracle,,,QS_OS,CHANGE_ON_INSTALL,,, oracle corporation,Oracle,,,QS_WS,UNKNOWN,,, oracle corporation,Oracle,,,RE,RE,,, oracle corporation,Oracle,,,REPADMIN,REPADMIN,,, oracle corporation,Oracle,,,REPORTS,REPORTS,,, oracle corporation,Oracle,,,REPORTS_USER,OEM_TEMP,,, oracle corporation,Oracle,,,REP_MANAGER,DEMO,,, oracle corporation,Oracle,,,REP_OWNER,REP_OWNER,,, oracle corporation,Oracle,,,REP_USER,DEMO,,, oracle corporation,Oracle,,,RG,RG,,, oracle corporation,Oracle,,,RHX,RHX,,, oracle corporation,Oracle,,,RLA,RLA,,, oracle corporation,Oracle,,,RLM,RLM,,, oracle corporation,Oracle,,,RMAIL,RMAIL,,, oracle corporation,Oracle,,,RMAN,RMAN,,, oracle corporation,Oracle,,,RRS,RRS,,, oracle corporation,Oracle,,,SAMPLE,SAMPLE,,, oracle corporation,Oracle,,,SAP,SAPR3,,, oracle corporation,Oracle,,,SAPR3,SAP,,, oracle corporation,Oracle,,,SCOTT,TIGGER,,, oracle corporation,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, oracle corporation,Oracle,,,SECDEMO,SECDEMO,,, oracle corporation,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, oracle corporation,Oracle,,,SH,SH,,, oracle corporation,Oracle,,,SITEMINDER,SITEMINDER,,, oracle corporation,Oracle,,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,,, oracle corporation,Oracle,,,SLIDE,SLIDEPW,,, oracle corporation,Oracle,,,SPIERSON,SPIERSON,,, oracle corporation,Oracle,,,SSP,SSP,,, oracle corporation,Oracle,,,STARTER,STARTER,,, oracle corporation,Oracle,,,STRAT_USER,STRAT_PASSWD,,, oracle corporation,Oracle,,,SWPRO,SWPRO,,, oracle corporation,Oracle,,,SWUSER,SWUSER,,, oracle corporation,Oracle,,,SYMPA,SYMPA,,, oracle corporation,Oracle,,,SYS,MANAGER,,, oracle corporation,Oracle,,,SYSADM,SYSADM,,, oracle corporation,Oracle,,,SYSADMIN,SYSADMIN,,, oracle corporation,Oracle,,,SYSMAN,OEM_TEMP,,, oracle corporation,Oracle,,,SYSTEM,ORACLE,,, oracle corporation,Oracle,,,TAHITI,TAHITI,,, oracle corporation,Oracle,,,TALBOT,MT6CH5,,, oracle corporation,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, oracle corporation,Oracle,,,TEC,TECTEC,,, oracle corporation,Oracle,,,TEST,TEST,,, oracle corporation,Oracle,,,TESTPILOT,TESTPILOT,,, oracle corporation,Oracle,,,TEST_USER,TEST_USER,,, oracle corporation,Oracle,,,THINSAMPLE,THINSAMPLEPW,,, oracle corporation,Oracle,,,TIBCO,TIBCO,,, oracle corporation,Oracle,,,TIP37,TIP37,,, oracle corporation,Oracle,,,TRACESVR,TRACE,,, oracle corporation,Oracle,,,TRAVEL,TRAVEL,,, oracle corporation,Oracle,,,TSDEV,TSDEV,,, oracle corporation,Oracle,,,TSUSER,TSUSER,,, oracle corporation,Oracle,,,TURBINE,TURBINE,,, oracle corporation,Oracle,,,UDDISYS,,,, oracle corporation,Oracle,,,ULTIMATE,ULTIMATE,,, oracle corporation,Oracle,,,UM_ADMIN,UM_ADMIN,,, oracle corporation,Oracle,,,UM_CLIENT,UM_CLIENT,,, oracle corporation,Oracle,,,USER,USER,,, oracle corporation,Oracle,,,USER0,USER0,,, oracle corporation,Oracle,,,USER1,USER1,,, oracle corporation,Oracle,,,USER2,USER2,,, oracle corporation,Oracle,,,USER3,USER3,,, oracle corporation,Oracle,,,USER4,USER4,,, oracle corporation,Oracle,,,USER5,USER5,,, oracle corporation,Oracle,,,USER6,USER6,,, oracle corporation,Oracle,,,USER7,USER7,,, oracle corporation,Oracle,,,USER8,USER8,,, oracle corporation,Oracle,,,USER9,USER9,,, oracle corporation,Oracle,,,USER_NAME,PASSWORD,,, oracle corporation,Oracle,,,USUARIO,CLAVE,,, oracle corporation,Oracle,,,UTILITY,UTILITY,,, oracle corporation,Oracle,,,UTLBSTATU,UTLESTAT,,, oracle corporation,Oracle,,,VEA,VEA,,, oracle corporation,Oracle,,,VEH,VEH,,, oracle corporation,Oracle,,,VERTEX_LOGIN,VERTEX_LOGIN,,, oracle corporation,Oracle,,,VIDEOUSER,VIDEOUSER,,, oracle corporation,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, oracle corporation,Oracle,,,VIRUSER,VIRUSER,,, oracle corporation,Oracle,,,VPD_ADMIN,AKF7D98S2,,, oracle corporation,Oracle,,,VRR1,UNKNOWN,,, oracle corporation,Oracle,,,WEBCAL01,WEBCAL01,,, oracle corporation,Oracle,,,WEBDB,WEBDB,,, oracle corporation,Oracle,,,WEBREAD,WEBREAD,,, oracle corporation,Oracle,,,WEBSYS,MANAGER,,, oracle corporation,Oracle,,,WEBUSER,YOUR_PASS,,, oracle corporation,Oracle,,,WEST,WEST,,, oracle corporation,Oracle,,,WFADMIN,WFADMIN,,, oracle corporation,Oracle,,,WH,WH,,, oracle corporation,Oracle,,,WIP,WIP,,, oracle corporation,Oracle,,,WIRELESS,,,, oracle corporation,Oracle,,,WKADMIN,WKADMIN,,, oracle corporation,Oracle,,,WKPROXY,UNKNOWN,,, oracle corporation,Oracle,,,WKSYS,WKSYS,,, oracle corporation,Oracle,,,WKUSER,WKUSER,,, oracle corporation,Oracle,,,WK_PROXY,,,, oracle corporation,Oracle,,,WK_SYS,,,, oracle corporation,Oracle,,,WK_TEST,WK_TEST,,, oracle corporation,Oracle,,,WMS,WMS,,, oracle corporation,Oracle,,,WMSYS,WMSYS,,, oracle corporation,Oracle,,,WOB,WOB,,, oracle corporation,Oracle,,,WPS,WPS,,, oracle corporation,Oracle,,,WSH,WSH,,, oracle corporation,Oracle,,,WSM,WSM,,, oracle corporation,Oracle,,,WWW,WWW,,, oracle corporation,Oracle,,,WWWUSER,WWWUSER,,, oracle corporation,Oracle,,,XADEMO,XADEMO,,, oracle corporation,Oracle,,,XDB,CHANGE_ON_INSTALL,,, oracle corporation,Oracle,,,XDP,XDP,,, oracle corporation,Oracle,,,XLA,XLA,,, oracle corporation,Oracle,,,XNC,XNC,,, oracle corporation,Oracle,,,XNI,XNI,,, oracle corporation,Oracle,,,XNM,XNM,,, oracle corporation,Oracle,,,XNP,XNP,,, oracle corporation,Oracle,,,XNS,XNS,,, oracle corporation,Oracle,,,XPRT,XPRT,,, oracle corporation,Oracle,,,XTR,XTR,,, oracle,7 or later,,,Scott,Tiger,,Any, oracle,7 or later,,,sys,change_on_install,,, oracle,7 or later,,,system,manager,,, oracle,8.1.7,,,,,,, oracle,8.1.7,,Admin,,,,, oracle,8.1.7,,Multi,,,Admin,, oracle,8i,,,internal,oracle,,all, oracle,8i,,,sys,change_on_install,,8.1.6, oracle,Database,Any,,#INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,#INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ABM,ABM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ADAMS,WOOD,Threatcon 4 (least serious),, oracle,Database,Any,,ADLDEMO,ADLDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ADMIN,JETSPEED,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ADMIN,WELCOME,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ADMINISTRATOR,ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ADMINISTRATOR,ADMINISTRATOR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AHL,AHL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AHM,AHM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AK,AK,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ALHRO,XXX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ALHRW,XXX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ALR,ALR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AMS,AMS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,AMV,AMV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ANDY,SWORDFISH,Threatcon 4 (least serious),, oracle,Database,Any,,ANONYMOUS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ANONYMOUS,ANONYMOUS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AP,AP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLMGR,APPLMGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYS,APPLSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYS,APPS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYS,FND,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYSPUB,APPLSYSPUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYSPUB,PUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLYSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLYSYSPUB,PUB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPS,APPS,Threatcon 1 (most serious),, oracle,Database,Any,,APPS_MRC,APPS,Threatcon 1 (most serious),, oracle,Database,Any,,APPUSER,APPPASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AQ,AQ,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AQDEMO,AQDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AQJAVA,AQJAVA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AQUSER,AQUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AR,AR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ASF,ASF,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ASG,ASG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ASL,ASL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ASO,ASO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ASP,ASP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AST,AST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ATM,SAMPLEATM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AUDIOUSER,AUDIOUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$JIS$UTILITY$,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$JIS$UTILITY$,INVALID,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,INVALID,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AX,AX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AZ,AZ,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BC4J,BC4J,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BEN,BEN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIC,BIC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIL,BIL,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIM,BIM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIS,BIS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BIV,BIV,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BIX,BIX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BLAKE,PAPER,Threatcon 4 (least serious),, oracle,Database,Any,,BLEWIS,BLEWIS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BOM,BOM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BRIO_ADMIN,BRIO_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BRUGERNAVN,ADGANGSKODE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BRUKERNAVN,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BSC,BSC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,BUG_REPORTS,BUG_REPORTS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CALVIN,HOBBES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CATALOG,CATALOG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CCT,CCT,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CDEMO82,CDEMO82,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,CDEMO83,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMOCOR,CDEMOCOR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMORID,CDEMORID,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMOUCB,CDEMOUCB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDOUGLAS,CDOUGLAS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CE,CE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CENTRA,CENTRA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CENTRAL,CENTRAL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CIDS,CIDS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CIS,CIS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CIS,ZWERG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CISINFO,CISINFO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CISINFO,ZWERG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CLARK,CLOTH,Threatcon 4 (least serious),, oracle,Database,Any,,CLKANA,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CLKRT,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CN,CN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,COMPANY,COMPANY,Threatcon 1 (most serious),, oracle,Database,Any,,COMPIERE,COMPIERE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CQSCHEMAUSER,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CQUSERDBUSER,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CRP,CRP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CS,CS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSC,CSC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSD,CSD,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSE,CSE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CSF,CSF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSI,CSI,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CSL,CSL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CSMIG,CSMIG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CSP,CSP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSR,CSR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSS,CSS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CTXDEMO,CTXDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,CTXSYS,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,UNKNOWN,Threatcon 1 (most serious),, oracle,Database,Any,,CUA,CUA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUE,CUE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUF,CUF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUG,CUG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CUI,CUI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUN,CUN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUP,CUP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUS,CUS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CZ,CZ,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DATA_SCHEMA,LASKJDF098KSDAF09,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DBI,MUMBLEFRATZ,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DBSNMP,DBSNMP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DBVISION,DBVISION,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DCM,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DDIC,199220706,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO8,DEMO8,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO9,DEMO9,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DES,DES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DES2K,DES2K,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEV2000_DEMOS,DEV2000_DEMOS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DIANE,PASSWO1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DIP,DIP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DISCOVERER5,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DMSYS,DMSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DPF,DPFPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSGATEWAY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSGATEWAY,DSGATEWAY,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSSYS,DSSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DTSP,DTSP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EAA,EAA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EAM,EAM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EARLYWATCH,SUPPORT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EAST,EAST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EC,EC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ECX,ECX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EJB,EJB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EJSADMIN,EJSADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EJSADMIN,EJSADMIN_PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EMP,EMP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ENG,ENG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ENI,ENI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ESTOREUSER,ESTORE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EVENT,EVENT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EVM,EVM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EXAMPLE,EXAMPLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EXFSYS,EXFSYS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,EXTDEMO,EXTDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EXTDEMO2,EXTDEMO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FA,FA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FEM,FEM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FII,FII,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FINANCE,FINANCE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FINPROD,FINPROD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FLM,FLM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FND,FND,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FOO,BAR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FPT,FPT,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FRM,FRM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FROSTY,SNOWMAN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,FTE,FTE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,FV,FV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GL,GL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,GMA,GMA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMD,GMD,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GME,GME,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMF,GMF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMI,GMI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GML,GML,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMP,GMP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GMS,GMS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,GPFD,GPFD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,GPLD,GPLD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,GR,GR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HADES,HADES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HCPARK,HCPARK,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HLW,HLW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,HR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HRI,HRI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HVST,HVST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HXC,HXC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HXT,HXT,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBA,IBA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBE,IBE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBP,IBP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBU,IBU,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IBY,IBY,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ICDBOWN,ICDBOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ICX,ICX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IDEMO_USER,IDEMO_USER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IEB,IEB,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IEC,IEC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IEM,IEM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IEO,IEO,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IES,IES,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IEU,IEU,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IEX,IEX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IFSSYS,IFSSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IGC,IGC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IGF,IGF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IGI,IGI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IGS,IGS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IGW,IGW,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IMAGEUSER,IMAGEUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IMC,IMC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IMEDIA,IMEDIA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,IMT,IMT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,INV,INV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IPA,IPA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IPD,IPD,Threatcon 2 (1 is most serious),, oracle,Database,Any,,IPLANET,IPLANET,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ISC,ISC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ITG,ITG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JA,JA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JAKE,PASSWO4,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JE,JE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JG,JG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JILL,PASSWO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JL ,JL ,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JMUSER,JMUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JOHN,JOHN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JONES,STEEL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JTF,JTF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JTM,JTM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JTS,JTS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JWARD,AIROPLANE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,KWALKER,KWALKER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,L2LDEMO,L2LDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,LBACSYS,LBACSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,LIBRARIAN,SHELVES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MANPROD,MANPROD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MARK,PASSWO3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MASCARM,MANAGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MASTER,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDATA,MDDATA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO,MDDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO_CLERK,CLERK,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO_CLERK,MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO_MGR,MDDEMO_MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDDEMO_MGR,MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MDSYS,MDSYS,Threatcon 1 (most serious),, oracle,Database,Any,,ME,ME,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MFG,MFG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MGR,MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MGWUSER,MGWUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MIGRATE,MIGRATE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MILLER,MILLER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,MMO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,MMO3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MODTEST,YES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MOREAU,MOREAU,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MRP,MRP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MSC,MSC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MSD,MSD,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MSO,MSO,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MSR,MSR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MTSSYS,MTSSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MTS_USER,MTS_PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MWA,MWA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,MXAGENT,MXAGENT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NAMES,NAMES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NEOTIX_SYS,NEOTIX_SYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NNEUL,NNEULPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NOMEUTENTE,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NOME_UTILIZADOR,SENHA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NOM_UTILISATEUR,MOT_DE_PASSE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NUME_UTILIZATOR,PAROL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OAIHUB902,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OAS_PUBLIC,OAS_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OCITEST,OCITEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OCM_DB_ADMIN,OCM_DB_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODM,ODM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODM_MTR,MTRPW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODS,ODS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODSCOMMON,ODSCOMMON,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODS_SERVER,ODS_SERVER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OE,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OE,OE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OE,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEMADM,OEMADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEMREP,OEMREP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEM_REPOSITORY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKB,OKB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKC,OKC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKE,OKE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKI,OKI,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKO,OKO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKR,OKR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKS,OKS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKX,OKX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OLAPDBA,OLAPDBA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OLAPSVR,INSTANCE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OLAPSVR,OLAPSVR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OLAPSYS,MANAGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OLAPSYS,OLAPSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OMWB_EMULATION,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ONT,ONT,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OO,OO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OPENSPIRIT,OPENSPIRIT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OPI,OPI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ORACACHE,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORACACHE,ORACACHE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORACLE,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORADBA,ORADBAPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORANGE,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORAPROBE,ORAPROBE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORAREGSYS,ORAREGSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO,ORASSO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO_DS,ORASSO_DS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO_PA,ORASSO_PA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO_PS,ORASSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO_PUBLIC,ORASSO_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASTAT,ORASTAT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORCLADMIN,WELCOME,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORDCOMMON,ORDCOMMON,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORDPLUGINS,ORDPLUGINS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORDSYS,ORDSYS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OSE$HTTP$ADMIN,INVALID,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSE$HTTP$ADMIN,Invalid password,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSM,OSM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OSP22,OSP22,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_HOST,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_PUB,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_SUB,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OTA,OTA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OUTLN,OUTLN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OWA,OWA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWA_PUBLIC,OWA_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWF_MGR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWF_MGR,OWF_MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWNER,OWNER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OZF,OZF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OZP,OZP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OZS,OZS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PA,PA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PANAMA,PANAMA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PATROL,PATROL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PAUL,PAUL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PERFSTAT,PERFSTAT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PERSTAT,PERSTAT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PJM,PJM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PLANNING,PLANNING,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PLEX,PLEX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PLSQL,SUPERSECRET,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,PM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PMI,PMI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PN,PN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PO,PO,Threatcon 1 (most serious),, oracle,Database,Any,,PO7,PO7,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PO8,PO8,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POA,POA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,POM,POM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PORTAL,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30,PORTAL30,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30,PORTAL31,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_ADMIN,PORTAL30_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_DEMO,PORTAL30_DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_PS,PORTAL30_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO,PORTAL30_SSO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_APP,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_DEMO,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_DEMO,PORTAL_DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_PUBLIC,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_SSO_PS,PORTAL_SSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POS,POS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POWERCARTUSER,POWERCARTUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PRIMARY,PRIMARY,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PSA,PSA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PSB,PSB,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PSP,PSP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PUBSUB,PUBSUB,Threatcon 1 (most serious),, oracle,Database,Any,,PUBSUB1,PUBSUB1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PV,PV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QA,QA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QDBA,QDBA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QP,QP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,QS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,QS_ADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,QS_CB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,QS_CBADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,QS_CS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,QS_ES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,QS_OS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,QS_WS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,RE,RE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REPADMIN,REPADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REPORTS,REPORTS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REPORTS_USER,OEM_TEMP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REP_MANAGER,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REP_OWNER,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REP_OWNER,REP_OWNER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,REP_USER,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,RG,RG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RHX,RHX,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RLA,RLA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RLM,RLM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RMAIL,RMAIL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,RMAN,RMAN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,RRS,RRS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SAMPLE,SAMPLE,Threatcon 1 (most serious),, oracle,Database,Any,,SAP,6071992,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SAP,SAPR3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SAPR3,SAP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SCOTT,TIGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SCOTT,TIGGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SDOS_ICSAP,SDOS_ICSAP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SECDEMO,SECDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SERVICECONSUMER1,SERVICECONSUMER1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,SH,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SITEMINDER,SITEMINDER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SLIDE,SLIDEPW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SPIERSON,SPIERSON,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SSP,SSP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,STARTER,STARTER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,STRAT_USER,STRAT_PASSWD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SWPRO,SWPRO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SWUSER,SWUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYMPA,SYMPA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYS,0RACL3,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACL38,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACL38I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACL39,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACL39I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE8,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE8I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE9,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,0RACLE9I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,D_SYSPW,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,MANAG3R,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,MANAGER,Threatcon 2 (1 is most serious),, oracle,Database,Any,,SYS,ORACL3,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE8,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE8I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE9,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,ORACLE9I,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,SYS,Threatcon 1 (most serious),, oracle,Database,Any,,SYS,SYSPASS,Threatcon 1 (most serious),, oracle,Database,Any,,SYSADM,SYSADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSADMIN,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSADMIN,SYSADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSMAN,OEM_TEMP,Threatcon 1 (most serious),, oracle,Database,Any,,SYSMAN,SYSMAN,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL3,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL38,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL38I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL39,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL39I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE8,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE8I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE9,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACLE9I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,CHANGE_ON_INSTALL,Threatcon 2 (1 is most serious),, oracle,Database,Any,,SYSTEM,D_SYSPW,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,D_SYSTPW,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,MANAG3R,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,MANAGER,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACL3,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE8,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE8I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE9,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,ORACLE9I,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,SYSTEM,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,SYSTEMPASS,Threatcon 1 (most serious),, oracle,Database,Any,,TAHITI,TAHITI,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TALBOT,MT6CH5,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TDOS_ICSAP,TDOS_ICSAP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TEC,TECTEC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TEST,PASSWD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TEST,TEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TESTPILOT,TESTPILOT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TEST_USER,TEST_USER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,THINSAMPLE,THINSAMPLEPW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TIBCO,TIBCO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TIP37,TIP37,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TRACESVR,TRACE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TRAVEL,TRAVEL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TSDEV,TSDEV,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TSUSER,TSUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TURBINE,TURBINE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UDDISYS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ULTIMATE,ULTIMATE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UM_ADMIN,UM_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UM_CLIENT,UM_CLIENT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER,USER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER0,USER0,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER1,USER1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER2,USER2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER3,USER3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER4,USER4,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER5,USER5,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER6,USER6,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER7,USER7,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER8,USER8,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER9,USER9,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USER_NAME,PASSWORD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,USUARIO,CLAVE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UTILITY,UTILITY,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UTLBSTATU,UTLESTAT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VEA,VEA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,VEH,VEH,Threatcon 2 (1 is most serious),, oracle,Database,Any,,VERTEX_LOGIN,VERTEX_LOGIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIDEOUSER,VIDEOUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIF_DEVELOPER,VIF_DEV_PWD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIRUSER,VIRUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VPD_ADMIN,AKF7D98S2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,VRR1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,VRR2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBCAL01,WEBCAL01,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBDB,WEBDB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBREAD,WEBREAD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBSYS,MANAGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEBUSER,YOUR_PASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WEST,WEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WFADMIN,WFADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WH,WH,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WIP,WIP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WIRELESS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKADMIN,WKADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,WKPROXY,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKSYS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKSYS,WKSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKUSER,WKUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_PROXY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_SYS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_TEST,WK_TEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WMS,WMS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WMSYS,WMSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WOB,WOB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WPS,WPS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WSH,WSH,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WSM,WSM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WWW,WWW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WWWUSER,WWWUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XADEMO,XADEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XDB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XDP,XDP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XLA,XLA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNC,XNC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNI,XNI,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XNM,XNM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNP,XNP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNS,XNS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XPRT,XPRT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XTR,XTR,Threatcon 2 (1 is most serious),, oracle,Internet Directory Service,,,cn=orcladmin,welcome,,, oracle,Internet Directory Service,,,cn=orcladmin,welcome,,any, oracle,Oracle RDBMS,,,ADAMS,WOOD,,, oracle,Oracle RDBMS,,,APPLSYS,APPLSYS,,, oracle,Oracle RDBMS,,,APPS,APPS,,, oracle,Oracle RDBMS,,,AQDEMO,AQDEMO,,, oracle,Oracle RDBMS,,,AQUSER,AQUSER,,, oracle,Oracle RDBMS,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,,,AURORA@ORB@UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,,,BLAKE,PAPER,,, oracle,Oracle RDBMS,,,CATALOG,CATALOG,,, oracle,Oracle RDBMS,,,CDEMO82,CDEMO82,,, oracle,Oracle RDBMS,,,CDEMOCOR,CDEMOCOR,,, oracle,Oracle RDBMS,,,CDEMORID,CDEMORID,,, oracle,Oracle RDBMS,,,CDEMOUCB,CDEMOUCB,,, oracle,Oracle RDBMS,,,CLARK,CLOTH,,, oracle,Oracle RDBMS,,,CTXDEMO,CTXDEMO,,, oracle,Oracle RDBMS,,,CTXSYS,,,, oracle,Oracle RDBMS,,,DEMO,DEMO,,, oracle,Oracle RDBMS,,,DEMO8,DEMO8,,, oracle,Oracle RDBMS,,,EMP,EMP,,, oracle,Oracle RDBMS,,,FND,FND,,, oracle,Oracle RDBMS,,,GPFD,GPFD,,, oracle,Oracle RDBMS,,,GPLD,GPLD,,, oracle,Oracle RDBMS,,,JONES,STEEL,,, oracle,Oracle RDBMS,,,MILLER,MILLER,,, oracle,Oracle RDBMS,,,MMO2,MMO2,,, oracle,Oracle RDBMS,,,MOREAU,MOREAU,,, oracle,Oracle RDBMS,,,MTYSYS,MTYSYS,,, oracle,Oracle RDBMS,,,NAMES,NAMES,,, oracle,Oracle RDBMS,,,OCITEST,OCITEST,,, oracle,Oracle RDBMS,,,ORDPLUGINS,ORDPLUGINS,,, oracle,Oracle RDBMS,,,ORDSYS,ORDSYS,,, oracle,Oracle RDBMS,,,OUTLN,OUTLN,,, oracle,Oracle RDBMS,,,POWERCARTUSER,POWERCARTUSER,,, oracle,Oracle RDBMS,,,PRIMARY,PRIMARY,,, oracle,Oracle RDBMS,,,RE,RE,,, oracle,Oracle RDBMS,,,RMAIL,RMAIL,,, oracle,Oracle RDBMS,,,RMAN,RMAN,,, oracle,Oracle RDBMS,,,SCOTT,TIGER,,, oracle,Oracle RDBMS,,,SECDEMO,SECDEMO,,, oracle,Oracle RDBMS,,,SYSADM,SYSADM,,, oracle,Oracle RDBMS,,,SYSTEM,MANAGER,,, oracle,Oracle RDBMS,,,TRACESRV,TRACE,,, oracle,Oracle RDBMS,,,TSDEV,TSDEV,,, oracle,Oracle RDBMS,,,TSUSER,TSUSER,,, oracle,Oracle RDBMS,,,USER0,USER0,,, oracle,Oracle RDBMS,,,USER1,USER1,,, oracle,Oracle RDBMS,,,USER2,USER2,,, oracle,Oracle RDBMS,,,USER3,USER3,,, oracle,Oracle RDBMS,,,USER4,USER4,,, oracle,Oracle RDBMS,,,USER5,USER5,,, oracle,Oracle RDBMS,,,USER6,USER6,,, oracle,Oracle RDBMS,,,USER7,USER7,,, oracle,Oracle RDBMS,,,USER8,USER8,,, oracle,Oracle RDBMS,,,USER9,USER9,,, oracle,Oracle RDBMS,,7 and 8,ADAMS,WOOD,,, oracle,Oracle RDBMS,,7 and 8,APPLSYS,APPLSYS,,, oracle,Oracle RDBMS,,7 and 8,APPS,APPS,,, oracle,Oracle RDBMS,,7 and 8,AURORA$ORB$UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,,7 and 8,AURORA@ORB@UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,,7 and 8,BLAKE,PAPER,,, oracle,Oracle RDBMS,,7 and 8,CLARK,CLOTH,,, oracle,Oracle RDBMS,,7 and 8,CTXDEMO,CTXDEMO,,, oracle,Oracle RDBMS,,7 and 8,CTXSYS,CTXSYS,,, oracle,Oracle RDBMS,,7 and 8,DBSNMP,DBSNMP,,, oracle,Oracle RDBMS,,7 and 8,DEMO,DEMO,,, oracle,Oracle RDBMS,,7 and 8,JONES,STEEL,,, oracle,Oracle RDBMS,,7 and 8,MDSYS,MDSYS,,, oracle,Oracle RDBMS,,7 and 8,NAMES,NAMES,,, oracle,Oracle RDBMS,,7 and 8,ORDPLUGINS,ORDPLUGINS,,, oracle,Oracle RDBMS,,7 and 8,ORDSYS,ORDSYS,,, oracle,Oracle RDBMS,,7 and 8,OUTLN,OUTLN,,, oracle,Oracle RDBMS,,7 and 8,RMAN,RMAN,,, oracle,Oracle RDBMS,,7 and 8,SCOTT,TIGER,,, oracle,Oracle RDBMS,,7 and 8,SYS,CHANGE_ON_INSTALL,,, oracle,Oracle RDBMS,,7 and 8,SYSADM,SYSADM,,, oracle,Oracle RDBMS,,7 and 8,SYSTEM,MANAGER,,, oracle,Oracle RDBMS,,7 and 8,TRACESRV,TRACE,,, oracle,Oracle RDBMS,,8i Linux,MODTEST,YES,,, oracle,Oracle RDBMS,,8i WinNT,MTYSYS,MTYSYS,,, oracle,Oracle RDBMS,,8i WinNT,RE,RE,,, oracle,Oracle RDBMS,,8i WinNT,RMAIL,RMAIL,,, oracle,Oracle RDBMS,,8i WinNT,SAMPLE,SAMPLE,,, oracle,Oracle RDBMS,,8i,AQDEMO,AQDEMO,,, oracle,Oracle RDBMS,,8i,AQUSER,AQUSER,,, oracle,Oracle RDBMS,,8i,CATALOG,CATALOG,,, oracle,Oracle RDBMS,,8i,CDEMO82,CDEMO82,,, oracle,Oracle RDBMS,,8i,CDEMOCOR,CDEMOCOR,,, oracle,Oracle RDBMS,,8i,CDEMORID,CDEMORID,,, oracle,Oracle RDBMS,,8i,CDEMOUCB,CDEMOUCB,,, oracle,Oracle RDBMS,,8i,COMPANY,COMPANY,,, oracle,Oracle RDBMS,,8i,DEMO8,DEMO8,,, oracle,Oracle RDBMS,,8i,EMP,EMP,,, oracle,Oracle RDBMS,,8i,EVENT,EVENT,,, oracle,Oracle RDBMS,,8i,FINANCE,FINANCE,,, oracle,Oracle RDBMS,,8i,FND,FND,,, oracle,Oracle RDBMS,,8i,GPFD,GPFD,,, oracle,Oracle RDBMS,,8i,GPLD,GPLD,,, oracle,Oracle RDBMS,,8i,MFG,MFG,,, oracle,Oracle RDBMS,,8i,MILLER,MILLER,,, oracle,Oracle RDBMS,,8i,MMO2,MMO2,,, oracle,Oracle RDBMS,,8i,MOREAU,MOREAU,,, oracle,Oracle RDBMS,,8i,OCITEST,OCITEST,,, oracle,Oracle RDBMS,,8i,PO,PO,,, oracle,Oracle RDBMS,,8i,POWERCARTUSER,POWERCARTUSER,,, oracle,Oracle RDBMS,,8i,PRIMARY,PRIMARY,,, oracle,Oracle RDBMS,,8i,PUBSUB,PUBSUB,,, oracle,Oracle RDBMS,,8i,SECDEMO,SECDEMO,,, oracle,Oracle RDBMS,,8i,SYSMAN,oem_temp,,, oracle,Oracle RDBMS,,8i,TSDEV,TSDEV,,, oracle,Oracle RDBMS,,8i,TSUSER,TSUSER,,, oracle,Oracle RDBMS,,8i,USER0,USER0,,, oracle,Oracle RDBMS,,8i,USER1,USER1,,, oracle,Oracle RDBMS,,8i,USER2,USER2,,, oracle,Oracle RDBMS,,8i,USER3,USER3,,, oracle,Oracle RDBMS,,8i,USER4,USER4,,, oracle,Oracle RDBMS,,8i,USER5,USER5,,, oracle,Oracle RDBMS,,8i,USER6,USER6,,, oracle,Oracle RDBMS,,8i,USER7,USER7,,, oracle,Oracle RDBMS,,8i,USER8,USER8,,, oracle,Oracle RDBMS,,8i,USER9,USER9,,, oracle,Oracle RDBMS,,8i,VRR1,VRR1,,, oracle,Oracle RDBMS,,All Privileges with Admin,MDSYS,MDSYS,,, oracle,Oracle RDBMS,,All Privileges,COMPANY,COMPANY,,, oracle,Oracle RDBMS,,All Privileges,FINANCE,FINANCE,,, oracle,Oracle RDBMS,,All Privileges,MFG,MFG,,, oracle,Oracle RDBMS,,DBA +,SYS,CHANGE_ON_INSTALL,,, oracle,Oracle RDBMS,,DBA,CTXSYS,CTXSYS,,, oracle,Oracle RDBMS,,DBA,EVENT,EVENT,,, oracle,Oracle RDBMS,,DBA,MODTEST,YES,,, oracle,Oracle RDBMS,,DBA,PO,PO,,, oracle,Oracle RDBMS,,DBA,PUBSUB,PUBSUB,,, oracle,Oracle RDBMS,,DBA,SAMPLE,SAMPLE,,, oracle,Oracle RDBMS,,DBA,SYSMAN,oem_temp,,, oracle,Oracle RDBMS,,DBA,VRR1,VRR1,,, oracle,Oracle RDBMS,,RESOURCE and CONNECT roles,DBSNMP,DBSNMP,,, oracle,Oracle RDBMS,7 and 8,Multi,ADAMS,WOOD,,, oracle,Oracle RDBMS,7 and 8,Multi,APPLSYS,APPLSYS,,, oracle,Oracle RDBMS,7 and 8,Multi,APPS,APPS,,, oracle,Oracle RDBMS,7 and 8,Multi,AURORA$ORB$UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,7 and 8,Multi,AURORA@ORB@UNAUTHENTICATED,INVALID,,, oracle,Oracle RDBMS,7 and 8,Multi,BLAKE,PAPER,,, oracle,Oracle RDBMS,7 and 8,Multi,CLARK,CLOTH,,, oracle,Oracle RDBMS,7 and 8,Multi,CTXDEMO,CTXDEMO,,, oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,,,, oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,CTXSYS,DBA,, oracle,Oracle RDBMS,7 and 8,Multi,DBSNMP,DBSNMP,RESOURCE and CONNECT roles,, oracle,Oracle RDBMS,7 and 8,Multi,DEMO,DEMO,,, oracle,Oracle RDBMS,7 and 8,Multi,JONES,STEEL,,, oracle,Oracle RDBMS,7 and 8,Multi,MDSYS,MDSYS,All Privileges with Admin,, oracle,Oracle RDBMS,7 and 8,Multi,NAMES,NAMES,,, oracle,Oracle RDBMS,7 and 8,Multi,ORDPLUGINS,ORDPLUGINS,,, oracle,Oracle RDBMS,7 and 8,Multi,ORDSYS,ORDSYS,,, oracle,Oracle RDBMS,7 and 8,Multi,OUTLN,OUTLN,,, oracle,Oracle RDBMS,7 and 8,Multi,RMAN,RMAN,,, oracle,Oracle RDBMS,7 and 8,Multi,SCOTT,TIGER,,, oracle,Oracle RDBMS,7 and 8,Multi,SYS,CHANGE_ON_INSTALL,DBA +,, oracle,Oracle RDBMS,7 and 8,Multi,SYSADM,SYSADM,,, oracle,Oracle RDBMS,7 and 8,Multi,SYSTEM,MANAGER,,, oracle,Oracle RDBMS,7 and 8,Multi,TRACESRV,TRACE,,, oracle,Oracle RDBMS,8i Linux,Multi,MODTEST,YES,DBA,, oracle,Oracle RDBMS,8i WinNT,Multi,MTYSYS,MTYSYS,,, oracle,Oracle RDBMS,8i WinNT,Multi,RE,RE,,, oracle,Oracle RDBMS,8i WinNT,Multi,RMAIL,RMAIL,,, oracle,Oracle RDBMS,8i WinNT,Multi,SAMPLE,SAMPLE,DBA,, oracle,Oracle RDBMS,8i,Multi,AQDEMO,AQDEMO,,, oracle,Oracle RDBMS,8i,Multi,AQUSER,AQUSER,,, oracle,Oracle RDBMS,8i,Multi,CATALOG,CATALOG,,, oracle,Oracle RDBMS,8i,Multi,CDEMO82,CDEMO82,,, oracle,Oracle RDBMS,8i,Multi,CDEMOCOR,CDEMOCOR,,, oracle,Oracle RDBMS,8i,Multi,CDEMORID,CDEMORID,,, oracle,Oracle RDBMS,8i,Multi,CDEMOUCB,CDEMOUCB,,, oracle,Oracle RDBMS,8i,Multi,COMPANY,COMPANY,All Privileges,, oracle,Oracle RDBMS,8i,Multi,DEMO8,DEMO8,,, oracle,Oracle RDBMS,8i,Multi,EMP,EMP,,, oracle,Oracle RDBMS,8i,Multi,EVENT,EVENT,DBA,, oracle,Oracle RDBMS,8i,Multi,FINANCE,FINANCE,All Privileges,, oracle,Oracle RDBMS,8i,Multi,FND,FND,,, oracle,Oracle RDBMS,8i,Multi,GPFD,GPFD,,, oracle,Oracle RDBMS,8i,Multi,GPLD,GPLD,,, oracle,Oracle RDBMS,8i,Multi,MFG,MFG,All Privileges,, oracle,Oracle RDBMS,8i,Multi,MILLER,MILLER,,, oracle,Oracle RDBMS,8i,Multi,MMO2,MMO2,,, oracle,Oracle RDBMS,8i,Multi,MOREAU,MOREAU,,, oracle,Oracle RDBMS,8i,Multi,OCITEST,OCITEST,,, oracle,Oracle RDBMS,8i,Multi,PO,PO,DBA,, oracle,Oracle RDBMS,8i,Multi,POWERCARTUSER,POWERCARTUSER,,, oracle,Oracle RDBMS,8i,Multi,PRIMARY,PRIMARY,,, oracle,Oracle RDBMS,8i,Multi,PUBSUB,PUBSUB,DBA,, oracle,Oracle RDBMS,8i,Multi,SECDEMO,SECDEMO,,, oracle,Oracle RDBMS,8i,Multi,SYSMAN,oem_temp,DBA,, oracle,Oracle RDBMS,8i,Multi,TSDEV,TSDEV,,, oracle,Oracle RDBMS,8i,Multi,TSUSER,TSUSER,,, oracle,Oracle RDBMS,8i,Multi,USER0,USER0,,, oracle,Oracle RDBMS,8i,Multi,USER1,USER1,,, oracle,Oracle RDBMS,8i,Multi,USER2,USER2,,, oracle,Oracle RDBMS,8i,Multi,USER3,USER3,,, oracle,Oracle RDBMS,8i,Multi,USER4,USER4,,, oracle,Oracle RDBMS,8i,Multi,USER5,USER5,,, oracle,Oracle RDBMS,8i,Multi,USER6,USER6,,, oracle,Oracle RDBMS,8i,Multi,USER7,USER7,,, oracle,Oracle RDBMS,8i,Multi,USER8,USER8,,, oracle,Oracle RDBMS,8i,Multi,USER9,USER9,,, oracle,Oracle RDBMS,8i,Multi,VRR1,VRR1,DBA,, oracle,Oracle RDBMS,Any,Multi,system/manager,sys/change_on_install,Admin,, oracle,Oracle,,,ADAMS,WOOD,,, oracle,Oracle,,,ADLDEMO,ADLDEMO,,, oracle,Oracle,,,ADMIN,JETSPEED,,, oracle,Oracle,,,ADMINISTRATOR,ADMINISTRATOR,,, oracle,Oracle,,,ANDY,SWORDFISH,,, oracle,Oracle,,,AP,AP,,, oracle,Oracle,,,APPLSYS,FND,,, oracle,Oracle,,,APPLSYSPUB,FNDPUB,,, oracle,Oracle,,,APPS,APPS,,, oracle,Oracle,,,APPUSER,APPUSER,,, oracle,Oracle,,,AQ,AQ,,, oracle,Oracle,,,AQDEMO,AQDEMO,,, oracle,Oracle,,,AQJAVA,AQJAVA,,, oracle,Oracle,,,AQUSER,AQUSER,,, oracle,Oracle,,,AUDIOUSER,AUDIOUSER,,, oracle,Oracle,,,AURORA$JIS$UTILITY$,,,, oracle,Oracle,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, oracle,Oracle,,,BC4J,BC4J,,, oracle,Oracle,,,BLAKE,PAPER,,, oracle,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, oracle,Oracle,,,CATALOG,CATALOG,,, oracle,Oracle,,,CDEMO82,CDEMO82,,, oracle,Oracle,,,CDEMOCOR,CDEMOCOR,,, oracle,Oracle,,,CDEMORID,CDEMORID,,, oracle,Oracle,,,CDEMOUCB,CDEMOUCB,,, oracle,Oracle,,,CENTRA,CENTRA,,, oracle,Oracle,,,CIDS,CIDS,,, oracle,Oracle,,,CIS,CIS,,, oracle,Oracle,,,CISINFO,CISINFO,,, oracle,Oracle,,,CLARK,CLOTH,,, oracle,Oracle,,,COMPANY,COMPANY,,, oracle,Oracle,,,COMPIERE,COMPIERE,,, oracle,Oracle,,,CQSCHEMAUSER,PASSWORD,,, oracle,Oracle,,,CSMIG,CSMIG,,, oracle,Oracle,,,CTXDEMO,CTXDEMO,,, oracle,Oracle,,,CTXSYS,CTXSYS,,, oracle,Oracle,,,DBI,MUMBLEFRATZ,,, oracle,Oracle,,,DBSNMP,DBSNMP,,, oracle,Oracle,,,DEMO8,DEMO8,,, oracle,Oracle,,,DEMO9,DEMO9,,, oracle,Oracle,,,DES,DES,,, oracle,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, oracle,Oracle,,,DIP,DIP,,, oracle,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, oracle,Oracle,,,DSGATEWAY,DSGATEWAY,,, oracle,Oracle,,,DSSYS,DSSYS,,, oracle,Oracle,,,EJSADMIN,EJSADMIN,,, oracle,Oracle,,,EMP,EMP,,, oracle,Oracle,,,ESTOREUSER,ESTORE,,, oracle,Oracle,,,EVENT,EVENT,,, oracle,Oracle,,,EXFSYS,EXFSYS,,, oracle,Oracle,,,FINANCE,FINANCE,,, oracle,Oracle,,,FND,FND,,, oracle,Oracle,,,FROSTY,SNOWMAN,,, oracle,Oracle,,,GL,GL,,, oracle,Oracle,,,GPFD,GPFD,,, oracle,Oracle,,,GPLD,GPLD,,, oracle,Oracle,,,HCPARK,HCPARK,,, oracle,Oracle,,,HLW,HLW,,, oracle,Oracle,,,HR,HR,,, oracle,Oracle,,,IMAGEUSER,IMAGEUSER,,, oracle,Oracle,,,IMEDIA,IMEDIA,,, oracle,Oracle,,,JMUSER,JMUSER,,, oracle,Oracle,,,JONES,STEEL,,, oracle,Oracle,,,JWARD,AIROPLANE,,, oracle,Oracle,,,L2LDEMO,L2LDEMO,,, oracle,Oracle,,,LBACSYS,LBACSYS,,, oracle,Oracle,,,LIBRARIAN,SHELVES,,, oracle,Oracle,,,MASTER,PASSWORD,,, oracle,Oracle,,,MDDEMO,MDDEMO,,, oracle,Oracle,,,MDDEMO_CLERK,CLERK,,, oracle,Oracle,,,MDDEMO_MGR,MGR,,, oracle,Oracle,,,MDSYS,MDSYS,,, oracle,Oracle,,,MFG,MFG,,, oracle,Oracle,,,MGWUSER,MGWUSER,,, oracle,Oracle,,,MIGRATE,MIGRATE,,, oracle,Oracle,,,MILLER,MILLER,,, oracle,Oracle,,,MMO2,MMO2,,, oracle,Oracle,,,MODTEST,YES,,, oracle,Oracle,,,MOREAU,MOREAU,,, oracle,Oracle,,,MTSSYS,MTSSYS,,, oracle,Oracle,,,MTS_USER,MTS_PASSWORD,,, oracle,Oracle,,,MXAGENT,MXAGENT,,, oracle,Oracle,,,NAMES,NAMES,,, oracle,Oracle,,,OAS_PUBLIC,OAS_PUBLIC,,, oracle,Oracle,,,OCITEST,OCITEST,,, oracle,Oracle,,,ODM,ODM,,, oracle,Oracle,,,ODM_MTR,MTRPW,,, oracle,Oracle,,,ODS,ODS,,, oracle,Oracle,,,ODSCOMMON,ODSCOMMON,,, oracle,Oracle,,,OE,OE,,, oracle,Oracle,,,OEMADM,OEMADM,,, oracle,Oracle,,,OEMREP,OEMREP,,, oracle,Oracle,,,OLAPDBA,OLAPDBA,,, oracle,Oracle,,,OLAPSVR,INSTANCE,,, oracle,Oracle,,,OLAPSYS,MANAGER,,, oracle,Oracle,,,OMWB_EMULATION,ORACLE,,, oracle,Oracle,,,OO,OO,,, oracle,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, oracle,Oracle,,,ORACACHE,(random password),,, oracle,Oracle,,,ORAREGSYS,ORAREGSYS,,, oracle,Oracle,,,ORASSO,ORASSO,,, oracle,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, oracle,Oracle,,,ORDSYS,ORDSYS,,, oracle,Oracle,,,OSE$HTTP$ADMIN,(random password),,, oracle,Oracle,,,OSP22,OSP22,,, oracle,Oracle,,,OUTLN,OUTLN,,, oracle,Oracle,,,OWA,OWA,,, oracle,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, oracle,Oracle,,,OWNER,OWNER,,, oracle,Oracle,,,PANAMA,PANAMA,,, oracle,Oracle,,,PATROL,PATROL,,, oracle,Oracle,,,PERFSTAT,PERFSTAT,,, oracle,Oracle,,,PLEX,PLEX,,, oracle,Oracle,,,PLSQL,SUPERSECRET,,, oracle,Oracle,,,PM,PM,,, oracle,Oracle,,,PO,PO,,, oracle,Oracle,,,PO7,PO7,,, oracle,Oracle,,,PORTAL30,PORTAL30,,, oracle,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, oracle,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, oracle,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, oracle,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, oracle,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, oracle,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, oracle,Oracle,,,PRIMARY,PRIMARY,,, oracle,Oracle,,,PUBSUB,PUBSUB,,, oracle,Oracle,,,PUBSUB1,PUBSUB1,,, oracle,Oracle,,,QDBA,QDBA,,, oracle,Oracle,,,QS,QS,,, oracle,Oracle,,,QS_ADM,QS_ADM,,, oracle,Oracle,,,QS_CB,QS_CB,,, oracle,Oracle,,,QS_CBADM,QS_CBADM,,, oracle,Oracle,,,QS_CS,QS_CS,,, oracle,Oracle,,,QS_ES,QS_ES,,, oracle,Oracle,,,QS_OS,QS_OS,,, oracle,Oracle,,,QS_WS,QS_WS,,, oracle,Oracle,,,RE,RE,,, oracle,Oracle,,,REPADMIN,REPADMIN,,, oracle,Oracle,,,REPORTS_USER,OEM_TEMP,,, oracle,Oracle,,,REP_MANAGER,DEMO,,, oracle,Oracle,,,REP_OWNER,REP_OWNER,,, oracle,Oracle,,,RMAIL,RMAIL,,, oracle,Oracle,,,RMAN,RMAN,,, oracle,Oracle,,,SAMPLE,SAMPLE,,, oracle,Oracle,,,SAP,SAPR3,,, oracle,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, oracle,Oracle,,,SECDEMO,SECDEMO,,, oracle,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, oracle,Oracle,,,SH,SH,,, oracle,Oracle,,,SITEMINDER,SITEMINDER,,, oracle,Oracle,,,SLIDE,SLIDEPW,,, oracle,Oracle,,,STARTER,STARTER,,, oracle,Oracle,,,STRAT_USER,STRAT_PASSWD,,, oracle,Oracle,,,SWPRO,SWPRO,,, oracle,Oracle,,,SWUSER,SWUSER,,, oracle,Oracle,,,SYMPA,SYMPA,,, oracle,Oracle,,,SYS,D_SYSPW,,, oracle,Oracle,,,SYSADM,SYSADM,,, oracle,Oracle,,,SYSMAN,OEM_TEMP,,, oracle,Oracle,,,SYSTEM,D_SYSTPW,,, oracle,Oracle,,,TAHITI,TAHITI,,, oracle,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, oracle,Oracle,,,TESTPILOT,TESTPILOT,,, oracle,Oracle,,,TRACESVR,TRACE,,, oracle,Oracle,,,TRAVEL,TRAVEL,,, oracle,Oracle,,,TSDEV,TSDEV,,, oracle,Oracle,,,TSUSER,TSUSER,,, oracle,Oracle,,,TURBINE,TURBINE,,, oracle,Oracle,,,ULTIMATE,ULTIMATE,,, oracle,Oracle,,,USER,USER,,, oracle,Oracle,,,USER0,USER0,,, oracle,Oracle,,,USER1,USER1,,, oracle,Oracle,,,USER2,USER2,,, oracle,Oracle,,,USER3,USER3,,, oracle,Oracle,,,USER4,USER4,,, oracle,Oracle,,,USER5,USER5,,, oracle,Oracle,,,USER6,USER6,,, oracle,Oracle,,,USER7,USER7,,, oracle,Oracle,,,USER8,USER8,,, oracle,Oracle,,,USER9,USER9,,, oracle,Oracle,,,UTLBSTATU,UTLESTAT,,, oracle,Oracle,,,VIDEOUSER,VIDEO USER,,, oracle,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, oracle,Oracle,,,VIRUSER,VIRUSER,,, oracle,Oracle,,,VRR1,VRR1,,, oracle,Oracle,,,WEBCAL01,WEBCAL01,,, oracle,Oracle,,,WEBDB,WEBDB,,, oracle,Oracle,,,WEBREAD,WEBREAD,,, oracle,Oracle,,,WKSYS,WKSYS,,, oracle,Oracle,,,WWW,WWW,,, oracle,Oracle,,,WWWUSER,WWWUSER,,, oracle,Oracle,,,XPRT,XPRT,,, oracle,Oracle,,,demo,demo,,, oracle,Oracle,,,internal,oracle,,, oracle,Oracle,,,oracle,oracle,,, oracle,Oracle,,,scott,tiger or tigger,,, oracle,Oracle,,,sys,sys,,, oracle,Oracle,,,system,manager,,, oracle,Personal Oracle,,,PO8,PO8,,, oracle,Personal Oracle,,8,PO8,PO8,,, oracle,Personal Oracle,8,Multi,PO8,PO8,,, oracle,Web DB,,,webdb,webdb,,, oracle,Web DB,,Admin,webdb,webdb,,, oracle,Web DB,,HTTP,webdb,webdb,Admin,, orange,livebox,,,admin,admin,,, osicom,JETXPrint,,1000E/B,sysadm,sysadm,,, osicom,JETXPrint,,1000E/N,sysadm,sysadm,,, osicom,JETXPrint,,1000T/N,sysadm,sysadm,,, osicom,JETXPrint,,500 E/B,sysadm,sysadm,,, osicom,JETXPrint,,Admin,sysadm,sysadm,,, osicom,JETXPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, osicom,JETXPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, osicom,JETXPrint,1000T/N,Telnet,sysadm,sysadm,Admin,, osicom,JETXPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETCommuter Remote Access Server,,,Manager,Manager,,, osicom,NETCommuter Remote Access Server,,,debug,d.e.b.u.g,,, osicom,NETCommuter Remote Access Server,,,echo,echo,,, osicom,NETCommuter Remote Access Server,,,guest,guest,,, osicom,NETCommuter Remote Access Server,,,sysadm,sysadm,,, osicom,NETCommuter Remote Access Server,,Admin,Manager,Manager,,, osicom,NETCommuter Remote Access Server,,Admin,sysadm,sysadm,,, osicom,NETCommuter Remote Access Server,,Telnet,Manager,Manager,Admin,, osicom,NETCommuter Remote Access Server,,Telnet,debug,d.e.b.u.g,User,, osicom,NETCommuter Remote Access Server,,Telnet,echo,echo,User,, osicom,NETCommuter Remote Access Server,,Telnet,guest,guest,User,, osicom,NETCommuter Remote Access Server,,Telnet,sysadm,sysadm,Admin,, osicom,NETCommuter Remote Access Server,,User,debug,d.e.b.u.g,,, osicom,NETCommuter Remote Access Server,,User,echo,echo,,, osicom,NETCommuter Remote Access Server,,User,guest,guest,,, osicom,NETPrint and JETX Print,500 1000 1500 and 2000 Series,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,,1000 T/B,sysadm,sysadm,,, osicom,NETPrint,,1000 T/N,sysadm,sysadm,,, osicom,NETPrint,,1000E/B,sysadm,sysadm,,, osicom,NETPrint,,1000E/D,Manager,Manager,,, osicom,NETPrint,,1000E/D,debug,d.e.b.u.g,,, osicom,NETPrint,,1000E/D,echo,echo,,, osicom,NETPrint,,1000E/D,guest,guest,,, osicom,NETPrint,,1000E/D,sysadm,sysadm,,, osicom,NETPrint,,1000E/N,sysadm,sysadm,,, osicom,NETPrint,,1000E/NDS,Manager,Manager,,, osicom,NETPrint,,1000E/NDS,debug,d.e.b.u.g,,, osicom,NETPrint,,1000E/NDS,echo,echo,,, osicom,NETPrint,,1000E/NDS,guest,guest,,, osicom,NETPrint,,1000E/NDS,sysadm,sysadm,,, osicom,NETPrint,,1500 E/B,Manager,Manager,,, osicom,NETPrint,,1500 E/B,debug,d.e.b.u.g,,, osicom,NETPrint,,1500 E/B,echo,echo,,, osicom,NETPrint,,1500 E/B,guest,guest,,, osicom,NETPrint,,1500 E/B,sysadm,sysadm,,, osicom,NETPrint,,1500E/N,Manager,Manager,,, osicom,NETPrint,,1500E/N,debug,d.e.b.u.g,,, osicom,NETPrint,,1500E/N,echo,echo,,, osicom,NETPrint,,1500E/N,guest,guest,,, osicom,NETPrint,,1500E/N,sysadm,sysadm,,, osicom,NETPrint,,1500T/N,sysadm,sysadm,,, osicom,NETPrint,,2000 T/B,sysadm,sysadm,,, osicom,NETPrint,,2000 T/N,sysadm,sysadm,,, osicom,NETPrint,,2000E/B,sysadm,sysadm,,, osicom,NETPrint,,2000E/N,Manager,Manager,,, osicom,NETPrint,,2000E/N,debug,d.e.b.u.g,,, osicom,NETPrint,,2000E/N,echo,echo,,, osicom,NETPrint,,2000E/N,guest,guest,,, osicom,NETPrint,,2000E/N,sysadm,sysadm,,, osicom,NETPrint,,500 E/B,sysadm,sysadm,,, osicom,NETPrint,,500 E/N,sysadm,sysadm,,, osicom,NETPrint,,500 T/B,sysadm,sysadm,,, osicom,NETPrint,,500 T/N,sysadm,sysadm,,, osicom,NETPrint,,Admin,Manager,Manager,,, osicom,NETPrint,,Admin,sysadm,sysadm,,, osicom,NETPrint,,User,debug,d.e.b.u.g,,, osicom,NETPrint,,User,echo,echo,,, osicom,NETPrint,,User,guest,guest,,, osicom,NETPrint,1000 T/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000 T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000E/D,Telnet,Manager,Manager,Admin,, osicom,NETPrint,1000E/D,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,1000E/D,Telnet,echo,echo,User,, osicom,NETPrint,1000E/D,Telnet,guest,guest,User,, osicom,NETPrint,1000E/D,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1000E/NDS,Telnet,Manager,Manager,Admin,, osicom,NETPrint,1000E/NDS,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,1000E/NDS,Telnet,echo,echo,User,, osicom,NETPrint,1000E/NDS,Telnet,guest,guest,User,, osicom,NETPrint,1000E/NDS,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1500 E/B,Telnet,Manager,Manager,Admin,, osicom,NETPrint,1500 E/B,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,1500 E/B,Telnet,echo,echo,User,, osicom,NETPrint,1500 E/B,Telnet,guest,guest,User,, osicom,NETPrint,1500 E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1500E/N,Telnet,Manager,Manager,Admin,, osicom,NETPrint,1500E/N,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,1500E/N,Telnet,echo,echo,User,, osicom,NETPrint,1500E/N,Telnet,guest,guest,User,, osicom,NETPrint,1500E/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,1500T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,2000 T/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,2000 T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,2000E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,2000E/N,Telnet,Manager,Manager,Admin,, osicom,NETPrint,2000E/N,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,2000E/N,Telnet,echo,echo,User,, osicom,NETPrint,2000E/N,Telnet,guest,guest,User,, osicom,NETPrint,2000E/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500 1000 1500 and 2000 Series,Telnet,Manager,Manager,Admin,, osicom,NETPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500 E/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500 T/B,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500 T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,Manager,Manager,Admin,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,echo,echo,User,, osicom,NetPrint,500,1000,1500, and 2000 Series,Telnet,guest,guest,User,, osicom,Osicom Plus T1/PLUS 56k,,,write,private,,, osicom,Osicom Plus T1/PLUS 56k,,Telnet,write,private,,, osicom,Osicom(Datacom),,,sysadm,sysadm,,, ovislink,1184AR,all,multi,admin,12345,admin,, ovislink,AirLive WIAS-1000G,,console,admin,admin,Admin,, ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,123,Config (End User),, ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,123,Config (End User),, ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),, ovislink,GXP-2000 IP Phone,1.0.1.9,http,,admin,Config (Advanced User),, ovislink,HandyTone-286 analog telephone adaptor,,,,123,config,, ovislink,HandyTone-286 analog telephone adaptor,,,,admin,config,, ovislink,HandyTone-486 analog telephone adaptor,,,,123,config,, ovislink,HandyTone-486 analog telephone adaptor,,,,admin,config,, ovislink,HandyTone-488 analog telephone adaptor,,,,123,Config (End User),, ovislink,HandyTone-488 analog telephone adaptor,,,,admin,Config (Advanced User),, ovislink,HandyTone-496 analog telephone adaptor,,,,123,Config (End User),, ovislink,HandyTone-496 analog telephone adaptor,,,,admin,Config (Advanced User),, ovislink,IWE1100 WLAN to LAN Bridge,,,root,root,Admin,, ovislink,SHDSL Modem,B5.1 5-15-2002,,root,root,Admin,, ovislink,SHDSL Modem,B5.1 5-15-2002,,user,user,Admin,, ovislink,SR200 Router,,console,,,config,, ovislink,SR500 Broadband IP Gateway,5.0 and up,http://192.168.1.254,,,config,, ovislink,WL-1000UR,,http,admin,airlive,admin,, ovislink,WL-1120AP,,Multi,root,,Admin,, ovislink,WL-8000AP Wireless G,,http,12345,12345,Admin,, pachco,AeGIS 9000,All,Console,,0000,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops, pacific micro data,MAST 9500 Universal Disk Array,,Admin,pmd,,,, pacific micro data,MAST 9500 Universal Disk Array,,ESM ver. 2.11 / 1,pmd,,,, pacificmicrodata,MAST 9500 Universal Disk Array,ESM ver. 2.11 / 1,Console,pmd,,Admin,, packard bell,PC BIOS,,,,bell9,,, packard bell,PC BIOS,,Admin,,bell9,,, packardbell,,EasyNote_MX37-U-103SP ,,administrador,1234,,, packardbell,PC BIOS,,,459441,459441,,, packardbell,PC BIOS,,Console,,bell9,Admin,, packeteer,Packetshaper,,,,touchpwd=,,, panasonic,CF-27,4,Multi,,,Admin,, panasonic,CF-28,,Multi,,,Admin,, panasonic,CF-45,,Multi,,,Admin,, panasonic,KX-TD1232,,Multi,admin,1234,Admin,, panasonic,KX-TDA 100,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,KX-TDA 200,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,KX-TDA 30,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,WV-NP240/244,V1.25-V1.50,http://192.168.0.10,admin,12345,,, pandatel,EMUX,,,admin,admin,,, pandatel,EMUX,,,admin,admin,,all, patton,RAS,,2,monitor,monitor,,, patton,RAS,,2,superuser,superuser,,, patton,RAS,2,,monitor,monitor,,, patton,RAS,2,,superuser,superuser,,, pbx,PBX (Generic),,,tech,nician,,, penril datability,vcp300 terminal server,,,,system,,, penril datability,vcp300 terminal server,,Admin,,system,,, penrildatability,vcp300 terminal server,,Multi,,system,Admin,, pentagram,Cerberus ADSL modem + router,,HTTP,admin,password,Admin,, pentaoffice,Sat Router,,Telnet,,pento,Admin,, pentasafe,VigilEnt Security Manager,,3,PSEAdmin,$secure$,,, pentasafe,VigilEnt Security Manager,,Admin,PSEAdmin,$secure$,,, pentasafe,VigilEnt Security Manager,3,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, pentasafe,VigilEnt Security Manager,3.0,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, perle,CS9000,any,Console,admin,superuser,Admin,, philips,Praesideo PA System,,Admin,admin,admin,,, philips,Praesideo PA System,,All versions,admin,admin,,, philips,Praesideo PA System,All versions,Multi,admin,admin,Admin,, phoenix,4.0,,Admin,,admin,,, phoenix,4.0,6.0.2,Multi,,admin,Admin,, phoenix,PC BIOS,,console,,BIOS,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,CMOS,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,PHOENIX,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,phoenix,Admin,Default/backdoor CMOS password, phoenix,Phoenix v1.14,,Multi,Administrator,admin,Admin,, phpreactor,PHPReactor,,1.2.7,core,phpreactor,,, phpreactor,PHPReactor,1.2.7,http,core,phpreactor,,, phptest,phpTest,,0.5.6,admin,1234,,, phptest,phpTest,,0.5.6,guest,guest,,, phptest,phpTest,0.5.6,http,admin,1234,Admin,, phptest,phpTest,0.5.6,http,guest,guest,,, pirelli,,,,on,on,Admin,Used for OnTelecom, pirelli,AGE ADSL Router,,Multi,admin,microbusiness,Admin,, pirelli,AGE ADSL Router,,Multi,user,password,User,, pirelli,DRG A225G,,,3play,3play,admin,, pirelli,DRG A225G,SAPO,192.168.1.1,user,user,admin,, pirelli,PRGAV4202N,,10.0.0.138,Telek0m,Austria&Eur0,,for Telekom Austria, pirelli,Pirelli AGE-SB,,HTTP,admin,smallbusiness,Admin,, pirelli,Pirelli AGE-UB,,HTTP,admin,microbusiness,Admin,, pirelli,Pirelli Router,,Multi,admin,microbusiness,Admin,, pirelli,Pirelli Router,,Multi,admin,mu,Admin,, pirelli,Pirelli Router,,Multi,user,password,Admin,, plaintree,Waveswitch,,,,default.password,,, planet,ADE-4000,,Multi,admin,epicrouter,Admin,, planet,ADE-4110,,HTTP,admin,epicrouter,Admin,, planet,Adsl router,,,admin,epicrouter,,, planet,Adsl router,,Multi,admin,epicrouter,,, planet,Akcess Point,,HTTP,admin,admin,Admin,, planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, planet,FNSW-2402S,,,admin, just hit ENTER ,,, planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, planet,GRT-501,,http,root,root,full,, planet,WAP-1900/1950/2000,,2.5.0,,default,,, planet,WAP-1900/1950/2000,,Admin,,default,,, planet,WAP-1900/1950/2000,2.5.0,Multi,,default,Admin,, planet,XRT-401D,,HTTP,admin,1234,Admin,, pollsafe,Pollsafe,,,SMDR,SECONDARY,,, pollsafe,Pollsafe,,modem,SMDR,SECONDARY,,, polycom,SoundPoint IP 601,,,Polycom,456,Device Admin (Web),Admin credentials for Web interface, polycom,Soundpoint VoIP phones,,HTTP,Polycom,SpIp,User,, polycom,Soundstation IP 3000,,http,administrator,**#,Admin,, polycom,ViewStation 4000,,v.35,,,,, polycom,ViewStation 4000,3.5,Multi,,admin,Admin,, polycom,ViewStation 4000,3.5,Multi,,x6zynd56,update software,, polycom,iPower 9000,,Multi,,,Admin,, postgresql,PostgreSQL,,,postgres,,,, postgresql,PostgreSQL,,CLI,postgres,,Administrator,, powerchute,UPS,,,pwrchute,pwrchute,,, prestige,650,,,admin,1234,Admin,, prestigio,Nobile,156,Multi,,,Admin,, prime,PrimeOS,,,dos,dos,,, prime,PrimeOS,,,fam,fam,,, prime,PrimeOS,,,guest,guest,,, prime,PrimeOS,,,guest1,guest,,, prime,PrimeOS,,,mail,mail,,, prime,PrimeOS,,,maint,maint,,, prime,PrimeOS,,,mfd,mfd,,, prime,PrimeOS,,,netlink,netlink,,, prime,PrimeOS,,,prime,prime,,, prime,PrimeOS,,,primenet,primeos,,, prime,PrimeOS,,,primeos,primeos,,, prime,PrimeOS,,,primos_cs,prime,,, prime,PrimeOS,,,system,prime,,, prime,PrimeOS,,,system,system,,, prime,PrimeOS,,,tele,tele,,, prime,PrimeOS,,,test,test,,, prime,PrimeOS,,Admin,system,prime,,, prime,PrimeOS,,Admin,system,system,,, prime,PrimeOS,,Multi,dos,dos,User,, prime,PrimeOS,,Multi,fam,fam,User,, prime,PrimeOS,,Multi,guest,guest,User,, prime,PrimeOS,,Multi,guest1,guest,User,, prime,PrimeOS,,Multi,guest1,guest1,User,, prime,PrimeOS,,Multi,mail,mail,User,, prime,PrimeOS,,Multi,maint,maint,User,, prime,PrimeOS,,Multi,mfd,mfd,User,, prime,PrimeOS,,Multi,netlink,netlink,User,, prime,PrimeOS,,Multi,prime,prime,User,, prime,PrimeOS,,Multi,prime,primeos,User,, prime,PrimeOS,,Multi,primenet,primenet,User,, prime,PrimeOS,,Multi,primenet,primeos,User,, prime,PrimeOS,,Multi,primeos,prime,User,, prime,PrimeOS,,Multi,primeos,primeos,User,, prime,PrimeOS,,Multi,primos_cs,prime,User,, prime,PrimeOS,,Multi,primos_cs,primos,User,, prime,PrimeOS,,Multi,system,prime,Admin,, prime,PrimeOS,,Multi,system,system,Admin,, prime,PrimeOS,,Multi,tele,tele,User,, prime,PrimeOS,,Multi,test,test,User,, prime,PrimeOS,,User,guest,guest,,, prime,PrimeOS,,User,guest1,guest,,, prime,PrimeOS,,User,guest1,guest1,,, prime,PrimeOS,,User,mail,mail,,, prime,PrimeOS,,User,mfd,mfd,,, prime,PrimeOS,,User,netlink,netlink,,, prime,PrimeOS,,User,prime,prime,,, prime,PrimeOS,,User,primenet,primenet,,, prime,PrimeOS,,User,primenet,primeos,,, prime,PrimeOS,,User,primos_cs,prime,,, prime,PrimeOS,,User,primos_cs,primos,,, prime,PrimeOS,,User,tele,tele,,, prime,PrimeOS,,User,test,test,,, primebase,SQL Database Server,,4.2,Administrator,,,, primebase,SQL Server,4.2,,Administrator,,,, prolite,Tru-Color II,version 5,Remote Control,,,,, prolite,Tru-Color II,version 6,Remote Control,,,,, prolite,Tru-Color XP,version 8,Remote Control,,,,, promise,FastTrak TX4310,,HTTP,admin,admin,admin,, promise,FastTrak TX4310,,admin,admin,admin,,, prostar,1224,,,,4321,,, prostar,1224,,Other,,4321,,, protocraft,authentic train whistle,,,musi1921,Musi%1921,,, proxim,AP-2000,,,,public,,, proxim,AP-2000,,,,public,Admin,, proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se ,no se,se me perdio el pass quiero recuperarlo, proxim,ORiNOCO AP-600,,http://169.254.128.132,,public,Administration,, proxim,ORiNOCO AP-600,all version,192.168.0.2,,,admin,, proxim,ORiNOCO AP-700,,http://169.254.128.132,,public,Administration,, proxim,Orinoco 600/2000,All,HTTP,,,Admin,WLAN accesspoint, proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215) ,TELNET/HTTP,,public,admin,, psionteklogix,9150,,HTTP,support,h179350,Admin,, pyramid computer,BenHur,,Admin,admin,admin,,, pyramid computer,BenHur,,Admin,admin,gnumpf,,, pyramid computer,BenHur,,all,admin,admin,,, pyramidcomputer,BenHur,all,HTTP,admin,admin,Admin,, pyramidcomputer,BenHur,all,HTTP,admin,gnumpf,Admin,, qdi,Broadband Gateway 100,,,,password,,, qdi,Broadband Gateway 100,,Admin,,password,,, qdi,Broadband Gateway 100,,Telnet/HTTP,,password,Admin,, qdi,PC BIOS,,,,QDI,,, qdi,PC BIOS,,Admin,,QDI,,, qdi,PC BIOS,,Console,,QDI,Admin,, qdi,SpeedEasy BIOS,,,,lesarotl,,, qdi,SpeedEasy BIOS,,Admin,,lesarotl,,, qdi,SpeedEasy BIOS,,Console,,lesarotl,Admin,, qtec,790RH,,http://192.168.1.1,Admin,,Administration,, quake,Quake Server,,,,tms,,rcon password; appears to require that you masquerade as 192.246.40.* to use, qualiteam,X-Cart,,,master,master,,, quantex,PC BIOS,,,,xljlbj,,, quantex,PC BIOS,,Admin,,teX1,,, quantex,PC BIOS,,Admin,,xljlbj,,, quantex,PC BIOS,,Console,,teX1,Admin,, quantex,PC BIOS,,Console,,xljlbj,Admin,, quantum,File Servers,,Most of them,,,,, quantum,File Servers,,User,,,,, quantum,File Servers,Most of them,HTTP,,,User,, quintumtechnologiesinc,Tenor Series,all,Multi,admin,admin,Admin,, radio shack,TAD-1004,,keypad,,744,,, radioshack,In-Store Demo PC Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., radioshack,In-Store Demo PC Windows Screen Savers,,,,RS,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., radioshack,TAD-1004,,Multi,,744,keypad,, radware,Linkproof,,ssh,lp,lp,Admin,, radware,Linkproof,3.73.03,Multi,radware,radware,Admin,, raidzone,raid arrays,,,,raidzone,,, rainbow,IKEY 1000,,,,rainbow,Admin,, rainbow,IKEY 2000,,,,PASSWORD,,, rainbow,IKEY,,1000,,rainbow,,, rainbow,IKEY,,2000,,PASSWORD,,, ramp networks,WebRamp,,,wradmin,trancell,,, rampnetworks,WebRamp,,,wradmin,trancell,,, rapidstream,RS4000-RS8000,,,rsadmin,rsadmin,,Linux, rapidstream,RapidStream Appliances,,,rsadmin,,,, raritan,KVM Switches,,,admin,raritan,,, raritan,KVM Switches,,,admin,raritan,Admin,, raytalk,RB-300,,,root,root,,, raytalk,RB-300,,,root,root,Admin,, rca,DCW615R,,http://192.168.100.1 or http://192.168.0.1,,admin,Administration,, redhat,Redhat 6.2,,,piranha,piranha,,, redhat,Redhat 6.2,,,piranha,q,,, redhat,Redhat 6.2,,HTTP,piranha,piranha,User,, redhat,Redhat 6.2,,HTTP,piranha,q,User,, redhat,Redhat 6.2,,User,piranha,piranha,,, redhat,Redhat 6.2,,User,piranha,q,,, redline,,,,user,user,192.168.25.2,, redline,an50,,,admin,admin,,, redline,an50,02.02,Multi,admin,admin,,, remedy,Remedy,,,ARAdmin,AR#Admin#,,, remedy,Remedy,,Multi,Demo,,,, remedy,Remedy,,multi,ARAdmin,AR#Admin#,Admin,, remedy,Remedy,,multi,Demo,,,, research machines,Classroom Assistant,,,manager,changeme,,, research,PC BIOS,,,,Col2ogro2,,, research,PC BIOS,,Admin,,Col2ogro2,,, research,PC BIOS,,Console,,Col2ogro2,Admin,, researchmachines,Classroom Assistant,,,manager,changeme,,Windows 95, resumix,Resumix,,,root,resumix,,, ricoh,1013F,,,,sysadm,,, ricoh,1224c,,http,,password,,, ricoh,1232c,-,http,admin,password,admin,, ricoh,1301f,,,,sysadm,,, ricoh,2035e,,web,admin,password,,no entry ta administrator, ricoh,2060,,HTTP,admin,,Admin,, ricoh,2500,,,admin,blank,admin,, ricoh,3245C,,,admin,blank,admin,, ricoh,650,,,,sysadm,http,, ricoh,AP410N,1.13,HTTP,admin,,Admin,, ricoh,AP610N,,telnet,admin,,admin,, ricoh,Aficio 1013 1515 2013 120,,,sysadm,sysadm,,, ricoh,Aficio 1022,,,Admin,password,,, ricoh,Aficio 1027,,http://,admin,password,admin,, ricoh,Aficio 1045,,HTTP,admin,password,,, ricoh,Aficio 2015,,http,admin,password,,, ricoh,Aficio 2018D,,http,admin,password,Admin,, ricoh,Aficio 2020D,,HTTP,admin,password,Admin,, ricoh,Aficio 2035,,,sisadm,password,,, ricoh,Aficio 2045e,,http,admin,password,Admin,, ricoh,Aficio 2075,,,admin,,Admin,, ricoh,Aficio 2228c,,Multi,sysadmin,password,Admin,Webpage admin, ricoh,Aficio 2232C,,Telnet,,password,Admin,, ricoh,Aficio 3025,,,admin,,Admin,, ricoh,Aficio 3035,,,admin,,Admin,, ricoh,Aficio 3228,,,admin,,Admin,, ricoh,Aficio AP3800C,2.17,HTTP,,password,Admin,alternative to sysadmin and Admin, ricoh,Aficio MP 171,,http or telnet,admin,,,, ricoh,Aficio MP 2000,,,admin,,root acces,, ricoh,Aficio MP 2500,1.03,HTTP,admin,,Administrator,, ricoh,Aficio MP 2550,,web interface,admin,,admin,, ricoh,Aficio MP 3350,,,admin,,administrator,, ricoh,Aficio MP 4500,,,admin,,,, ricoh,Aficio MP 5500,2.08,Telnet / HTTP,admin,,Admin,, ricoh,Aficio MP C2050,,,admin,,Administrator,, ricoh,Aficio MP C2800,,,admin,,,, ricoh,Aficio MP C4000,,,admin,,,, ricoh,Aficio MP C4500,,HTTP,admin,,admin,, ricoh,Aficio SP 4210N,,Web Interface,admin,,,, ricoh,Aficio SP C220N,,http,Admin,,,case sensitive must have upper case A, ricoh,Aficio,1515,http,administrator,password,administrator access,, ricoh,Aficio,2027,,admin,password,,, ricoh,Aficio,AP3800C,HTTP,sysadmin,password,Admin,, ricoh,Aficio,CL100N,Web,admin,password,,, ricoh,Aficioh,,Administrator,admin,,,, ricoh,Africo MP 161,,Telnet/HTTP,admin,,Administrator,, ricoh,C231N,,,Admin,password,,A must be capitalized in username, ricoh,CL2000N,,,admin,password,,, ricoh,CL3500N,,GUI,admin,leave blank,,, ricoh,DSC338 Printer,1.19,HTTP,,password,Admin,no user, ricoh,MFP 2550,,web interface,admin,,admin,, ricoh,MP 161SPF,,Http://,admin,,,, ricoh,MP 7500,2.02.1,HTTP,admin,,Admin,Webpage admin, ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica, ricoh,MP C4000,,http,admin,,Admin Access,, ricoh,MP C6000,,HTTP,admin,N/A,Web admin,, ricoh,MP4000,,web,admin,,,, ricoh,SP 4100N,,web interface,admin,,,leave password black, ricoh,SP C232DN,,,Admin,password,,note A is capitalized, ricoh,SP C311N,,HTTP,Admin,,Config.-Admin,Username is case-sensitive, ricoh,SP C311N,,http,Admin,,,, ricoh,SP C311N,,http,Admin,password,,, ricoh,SPC232,all versions,http,Admin,,admin,, ricoh,afcio mp 161,,telnet http,admin,,,, ricoh,aficio 650 windows xp,all versions,http//192.168.1.4,,,admin,, riverbed,Acelerador,,http,Admin,password,,, rizen,WebGUI,,,Admin,123qwe,,, rizen,WebGUI,,,Admin,123qwe,Admin,, rm,RM Connect,,,RMUser1,password,,, rm,RM Connect,,,admin,rmnetlm,,, rm,RM Connect,,,admin2,changeme,,, rm,RM Connect,,,adminstrator,changeme,,, rm,RM Connect,,,deskalt,password,,, rm,RM Connect,,,deskman,changeme,,, rm,RM Connect,,,desknorm,password,,, rm,RM Connect,,,deskres,password,,, rm,RM Connect,,,guest,,,, rm,RM Connect,,,replicator,replicator,,, rm,RM Connect,,,setup,changeme,,, rm,RM Connect,,,teacher,password,,, rm,RM Connect,,,temp1,password,,, rm,RM Connect,,,topicalt,password,,, rm,RM Connect,,,topicnorm,password,,, rm,RM Connect,,,topicres,password,,, rm,RM Connect,,Main Login,PROPAGATE,APPLICATION,Full,used in school, rm,RM Connect,,Multi,RMUser1,password,,, rm,RM Connect,,Multi,admin,rmnetlm,,, rm,RM Connect,,Multi,admin2,changeme,,, rm,RM Connect,,Multi,adminstrator,changeme,,, rm,RM Connect,,Multi,deskalt,password,,, rm,RM Connect,,Multi,deskman,changeme,,, rm,RM Connect,,Multi,desknorm,password,,, rm,RM Connect,,Multi,deskres,password,,, rm,RM Connect,,Multi,guest,,,, rm,RM Connect,,Multi,replicator,replicator,,, rm,RM Connect,,Multi,setup,changeme,,, rm,RM Connect,,Multi,teacher,password,,, rm,RM Connect,,Multi,temp1,password,,, rm,RM Connect,,Multi,topicalt,password,,, rm,RM Connect,,Multi,topicnorm,password,,, rm,RM Connect,,Multi,topicres,password,,, rm,RM Connect,,Propagating!,PROPAGATE,APPLICATION,Full,used in school, rm,Server BIOS,,,,RM,,, rm,Server BIOS,,Console,,RM,,, rm,computer,,Other,administrator,password/changeme or secret,l:/ and take of restrictions,, rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,, roamabout,RoamAbout R2 Wireless Access Platform,,Multi,admin,password,Admin,, rodopi,Rodopi billing software 'AbacBill' sql database,,,rodopi,rodopi,,, rodopi,Unknown,,,Rodopi,Rodopi,,, safecom,Router,,Admin,admin,epicrouter,,, safecom,Router,,Multi,admin,epicrouter,Admin,, sagem,F@ST ,2404,Telnet , SSH , HTTP,admin,administrator, sagem,Fast 1200 (Fast 1200),,Telnet,root,1234,User,root/1234, sagem,Fast 1400,,Multi,admin,epicrouter,Admin,, sagem,Fast 1400w,,Multi,root,1234,Admin,, sambar technologies,Sambar Server,,,admin,,,, sambar technologies,Sambar Server,,,anonymous,,,, sambar technologies,Sambar Server,,,billy-bob,,,, sambar technologies,Sambar Server,,,ftp,,,, sambar technologies,Sambar Server,,,guest,guest,,, sambartechnologies,Sambar Server,,http,admin,,Admin,, sambartechnologies,Sambar Server,,http,anonymous,,,, sambartechnologies,Sambar Server,,http,billy-bob,,,, sambartechnologies,Sambar Server,,http,ftp,,Admin,, sambartechnologies,Sambar Server,,http,guest,guest,Admin,, samsung,AHT-E300,Multi,admin,password,Admin,,, samsung,E700,,Password,Moeketsik,874434,,, samsung,N620,,Multi,,,Admin,, samsung,SGH E700,,,,874434,User,Sms, samsung,SGH E700,,,Samsung,,,Sms, samsung,SWL-3500RG,2.15,HTTP,public,public,Admin,def. WEP keys: 0123456789 1518896203, samuel abels,Ammerum,,0.6-1,user,password,,, samuelabels,Ammerum,0.6-1,,user,password,,, sap,Business Connector,,4.7,Administrator,manage,,, sap,Business Connector,,4.7,Developer,isdev,,, sap,Business Connector,,4.7,Replicator,iscopy,,, sap,Business Connector,4.7,,Administrator,manage,Admin,, sap,Business Connector,4.7,,Developer,isdev,Admin,, sap,Business Connector,4.7,,Replicator,iscopy,Admin,, sap,ITS,,,itsadmin,init,,, sap,SAP Local Database,,,SAPR3,SAP,,, sap,SAP,,,DDIC,19920706,,, sap,SAP,,,EARLYWATCH,SUPPORT,,, sap,SAP,,,SAP*,7061992,,, sap,SAP,,,SAPCPIC,ADMIN,,, sap,SAP,,000 001 066,SAP*,06071992,,, sap,SAP,,000 001,DDIC,19920706,,, sap,SAP,,000,SAPCPIC,ADMIN,,, sap,SAP,,066,EARLYWATCH,SUPPORT,,, sap,SAP,,Admin,SAPCPIC,ADMIN,,, sap,SAP,,Mandant 066,SAP,SAP internal,,, sap,SAP,,R/3,DDIC,19920706,,, sap,SAP,,R/3,EARLYWATCH,SUPPORT,,, sap,SAP,,R/3,SAP*,06071992,,, sap,SAP,,R/3,SAPCPIC,ADMIN,,, sap,SAP,,R/3,TMSADM,,,, sap,SAP,,SAP internal,DDIC,19920706,,, sap,SAP,,SAP internal,EARLYWATCH,SUPPORT,,, sap,SAP,,SAP internal,SAP*,07061992,,, sap,SAP,,SAP internal,SAP*,PASS,,, sap,SAP,R/3,,SAP*,06071992,,, sap,SAP,R/3,,TMSADM,,,, sap,SAP,R/3,SAP client,DDIC,19920706,SAP internal; Mandant 001,, sap,SAP,R/3,SAP client,EARLYWATCH,SUPPORT,SAP internal; Mandant 066,, sap,SAP,R/3,SAP client,SAP*,07061992,SAP internal; Mandant 066,, sap,SAP,R/3,SAP client,SAP*,PASS,SAP internal; all Mandants,, sap,SAP,R/3,SAP client,SAPCPIC,ADMIN,Admin,, savin,C2525,,HTTP,admin,blank,Admin,, schneider electric,PowerLogic Ethernet Communications Card,,,,admin,,, schneiderelectric,PowerLogic ethernet card,,http,,admin,Admin,, scientificatlanta,2100,comcast-supplied,http,admin,w2402,diagnostics page,192.168.100.1, scientificatlanta,2320,,http://192.168.0.1./,admin,W2402,,, scientificatlanta,2320,,http://192.168.100.1,,,,, scientificatlanta,DPR2325R3,3.0,192.168.0.1,admin,W2402,Admin,, scientificatlanta,DPX2100,Comcast-supplied,HTTP,admin,w2402,diagnostics page,192.168.100.1, scientificatlanta,EPC2100R2,HW Rev 2.1,modem,,,admin,, scientificatlanta,EPC2505,1.0,http://192.168.100.1,admin,W2402,status,, scientificatlanta,EPR2320R2,2.0,192.168.0.1,,Admin,,, scientificatlanta,EPR2320R2,v2.0.2r1262-070212,192.168.0.1,admin,admin,admin,nao consigo entra no router, scientificatlanta,EPR2325R3,3.0,http://192.168.100.1,admin,admin,admin,, scientificatlanta,SERVICE ELECTRIC CABLE (SECABLE),SERVICE ELECTRIC CABLE (SECABLE),http://192.168.100.1/,admin,W2402,Status,Status Page, scientificatlanta,WebSTAR EPC2100R2, 2.0,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, scientificatlanta,epr2325r3,all,http://192.168.100.1/,,,Admin,, seagullscientific,Track'Em,,,ADMIN,admin,Admin,, seagullscientific,Track'Em,,,USER,USER,Admin,, securicor3net,Cezanne,,,manager,friend,,, securicor3net,Cezzanne,,,manager,friend,,any, securicor3net,Monet,,,manager,friend,,any, security.org,lockpicking,,,admin,,,, securstar,ikey,,admin,admin,rainbow,,, securstar,ikey,1000,Multi,admin,rainbow,admin,, semaphore,PICK O/S,,,DESQUETOP,,,, semaphore,PICK O/S,,,DS,,,, semaphore,PICK O/S,,,DSA,,,, semaphore,PICK O/S,,,PHANTOM,,,, senao,2611CB3+D (802.11b Wireless AP),,HTTP,admin,,Admin,Default IP: 192.168.1.1, server technology,Sentry Remote Power Manager,,,ADMN,admn,,, server technology,Sentry Remote Power Manager,,,GEN1,gen1,,, server technology,Sentry Remote Power Manager,,,GEN2,gen2,,, server technology,Sentry Remote Power Manager,,Admin,ADMN,admn,,, server technology,Sentry Remote Power Manager,,view/control,GEN1,gen1,,, server technology,Sentry Remote Power Manager,,view/control,GEN2,gen2,,, servertechnology,Sentry Remote Power Manager,,Multi,ADMN,admn,Admin,Telnet port 2001, servertechnology,Sentry Remote Power Manager,,Multi,GEN1,gen1,view/control,Telnet port 2001, servertechnology,Sentry Remote Power Manager,,Multi,GEN2,gen2,view/control,Telnet port 2001, sgi,Embedded Support Partner,,,Administrator,Partner,,IRIX 6.5.6, sgi,IRIX,,,EZsetup,,,ALL, sgi,IRIX,,,lp,lp,,ALL, sgi,all,,,root,,,all, sharp,AR-201,,http,,sysadm,,, sharp,AR-280,,Full,,sysadm,,, sharp,AR-280,,HTTP,,sysadm,Full,, sharp,AR-336,,HTTP,,sysadm,admin,, sharp,AR-336,,admin,,sysadm,,, sharp,AR-407/S402 ,,Multi,,,Admin,, sharp,AR-M205,,Web,admin,Sharp,full,, sharp,AR-M257,,WEB Interface,admin,Sharp,,, sharp,AR-M355N,,,admin,Sharp,Admin,, sharp,AR-M550,,,admin,Sharp,HTTP,, sharp,AR507/S507,,HTTP,,sysadm,,, shiva,AccessPort,,,hello,hello,,, shiva,AccessPort,,,hello,hello,,Any, shiva,Any?,,,Guest,blank,,, shiva,Integrator,,Admin,admin,hello,,, shiva,Integrator,150/200/500,Multi,admin,hello,Admin,, shiva,LanRover,,,guest,,,, shiva,LanRover,,,root,,,, shiva,ShivaPort,,console,admin,hello,Admin,, shoretel,Conference Bridge,,,Admin,admin1,,, shoretel,ShoreTel Call Manager,,,admin,changeme,,, shoretel,ShoreWare Director,,,admin,changeme,,, shuttle,PC BIOS,,,,Spacve,,, shuttle,PC BIOS,,,,Spacve,Admin,, shuttle,PC BIOS,,Admin,,Spacve,,, siemens nixdorf,Hicom 100E PBX,,,31994,31994,,, siemens nixdorf,Hicom 150E PBX,,,31994,31994,,, siemens nixdorf,PBX,,8818,,uboot,,, siemens nixdorf,PC BIOS,,,,SKY_FOX,,, siemens nixdorf,PC BIOS,,Admin,,SKY_FOX,,, siemens nixdorf,PhoneMail,,,poll,poll,,, siemens nixdorf,PhoneMail,,,sysadmin,sysadmin,,, siemens nixdorf,PhoneMail,,,system,system,,, siemens nixdorf,PhoneMail,,,tech,tech,,, siemens nixdorf,ROLM PBX,,,admin,pwp,,, siemens nixdorf,ROLM PBX,,,eng,engineer,,, siemens nixdorf,ROLM PBX,,,op,operator,,, siemens nixdorf,ROLM PBX,,,su,super,,, siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, siemens,APACS,,ACM Controller,,gubed,,, siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, siemens,HiPath 3000,,,31994,31994,,, siemens,HiPath 3000,,Manager,office,office,,, siemens,HiPath 3000,,Multi,31994,31994,,, siemens,Optipoint,,,,123456,,, siemens,Optipoint,,Multi,,123456,,, siemens,PC BIOS,,,,SKY_FOX,CMOS,, siemens,PhoneMail,,,poll,tech,,, siemens,PhoneMail,,,sysadmin,sysadmin,,, siemens,PhoneMail,,,tech,tech,,, siemens,Phonemail,,,tech,field,,, siemens,Phonemail,,Multi,tech,field,,, siemens,QUADLOG,,CCM Controller,,gubed,,, siemens,ROLM PBX,,,admin,pwp,,, siemens,ROLM PBX,,,eng,engineer,,, siemens,ROLM PBX,,,op,op,,, siemens,ROLM PBX,,,op,operator,,, siemens,ROLM PBX,,,su,super,,, siemens,SE515,,,admin,,,, siemens,SE515,,HTTP,admin,,,, siemens,Siemens Nixdorf 8818 PBX,,,,uboot,,, siemens,Siemens Nixdorf Hicom 100E PBX,,,31994,31994,,, siemens,Siemens Nixdorf Hicom 150E PBX,,,31994,31994,,, siemens,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, siemens,Siemens Pro C5,,Multi,,,Admin,, siemens,SpeedStream 4100,,HTTP,admin,hagpolm1,Admin,DSL Modem and Router, siemens,WinCC,,,WinCCAdmin,2WSXcde.,,, siemens,WinCC,,,WinCCConnect,2WSXcder,,, siemens,hipath,,,,,,, siemens,hipath,,Admin,,,,, siemens,hipath,,Multi,,,Admin,, sigma,Sigmacoma IPshare,Sigmacom router v1.0,HTTP,admin,admin,Admin,, sigmatel,s3+,s3+,,,1221,,can be change, siips,Trojan,,8974202,Administrator,ganteng,,, siips,Trojan,,Admin,Administrator,ganteng,,, siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,, siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,Thx, silextechnology,PRICOM (Printserver),,Multi,root,,Admin,for telnet / HTTP, silicon graphics,IRIX,,,4Dgifts,,,, silicon graphics,IRIX,,,6.x,,,, silicon graphics,IRIX,,,Ezsetup,,,, silicon graphics,IRIX,,,OutOfBox,,,, silicon graphics,IRIX,,,demos,,,, silicon graphics,IRIX,,,field,field,,, silicon graphics,IRIX,,,tour,tour,,, silicon graphics,IRIX,,,tutor,,,, silicon graphics,IRIX,,5.x 6.x,guest,,,, silicon graphics,IRIX,,5.x 6.x,lp,,,, silicon graphics,IRIX,,Admin,4Dgifts,,,, silicon graphics,IRIX,,Admin,4Dgifts,4Dgifts,,, silicon graphics,IRIX,,Admin,Ezsetup,,,, silicon graphics,IRIX,,Admin,OutOfBox,,,, silicon graphics,IRIX,,Admin,demos,,,, silicon graphics,IRIX,,Admin,field,field,,, silicon graphics,IRIX,,Admin,tour,tour,,, silicon graphics,IRIX,,Admin,tutor,,,, silicon graphics,IRIX,,Admin,tutor,tutor,,, silicon graphics,IRIX,,CLI,guest,,,, silicon graphics,IRIX,,CLI,lp,,,, silicongraphics,IRIX,,Multi,4Dgifts,,Admin,, silicongraphics,IRIX,,Multi,4Dgifts,4Dgifts,Admin,, silicongraphics,IRIX,,Multi,Ezsetup,,Admin,, silicongraphics,IRIX,,Multi,OutOfBox,,Admin,, silicongraphics,IRIX,,Multi,demos,,Admin,, silicongraphics,IRIX,,Multi,field,field,Admin,, silicongraphics,IRIX,,Multi,tour,tour,Admin,, silicongraphics,IRIX,,Multi,tutor,,Admin,, silicongraphics,IRIX,,Multi,tutor,tutor,Admin,, silicongraphics,IRIX,5.x 6.x,Multi,guest,,CLI; UID guest,, silicongraphics,IRIX,5.x 6.x,Multi,lp,,CLI; UID lp,, sipura,SPA-3000,,prot:,admin,admin,Administration,, sitara,qosworks,,Console,root,,Admin,, site interactive,Auction Weaver Lite,,,admin,pass,,, sitecom,All WiFi routers,,Multi,,sitecom,Admin,, sitecom,DC-207,,,admin,admin,Admin,, sitecom,WL-108,,,admin,password,Admin,, sitecom,WL-109,,,admin,password,Admin,, sitecom,WL-114v2,,,admin,admin,Admin,, sitecom,WL-122,,,,sitecom,Admin,, sitecom,WL-607,,http://192.168.0.1,admin,admin,,, sitecom,WR-1133,,,,damin,Admin,, sitecom,wl-108,,192.168.0.1,,,,, siteinteractive,Auction Weaver Lite,,,admin,pass,Admin,, smartbridges,airBridge,,admin,admin,public,,, smartbridges,airBridge,2.x,Multi,admin,public,admin,, smartswitch,Router 250 ssr2500,,Admin,admin,,,, smartswitch,Router 250 ssr2500,,v3.0.9,admin,,,, smartswitch,Router 250 ssr2500,v3.0.9,Multi,admin,,Admin,, smc,2804WR,,HTTP,,smcadmin,Admin,, smc,7004FW,,Admin,,,,, smc,7004FW,,HTTP,,,Admin,, smc,7004VBR,V.2,http://192.168.2.1.,,smcadmin,Admin,192.168.2.1., smc,7204BRA,,HTTP,smc,smcadmin,web,, smc,7204BRA,,Multi,smc,smcadmin,Admin,, smc,7204bra,,web,smc,smcadmin,,, smc,7401BRA,1,HTTP,admin,barricade,Admin,, smc,7401BRA,2,HTTP,smc,smcadmin,Admin,, smc,7901W/BRA,,,admin,smcadmin,,, smc,7901W/BRA,,HTTP,admin,smcadmin,,, smc,7901W/BRA,,Multi,admin,smcadmin,,, smc,8014,Comcast,,cusadmin,highspeed,Admin,, smc,Barricade 7004 AWBR,,,admin,,,, smc,Barricade 7004 AWBR,,Admin,admin,,,, smc,Barricade 7004ABR,,,,0000,Admin,, smc,Barricade 7004AWBR,,Multi,admin,,Admin,192.168.123.254 (WiFi AP), smc,Barricade 7004VBR,V.2,,,smcadmin,Admin,, smc,Barricade 7004VWBR,,Multi,,,Admin,Connect to 192.168.2.1 or 192.168.2.1:88, smc,Barricade 7204BRB,,HTTP,admin,smcadmin,Admin,, smc,Barricade Router,,,Admin,Barricade,,, smc,Barricade Router,,7004ABR,,0000,,, smc,Barricade Routers,,,Admin,Barricade,Admin,, smc,Modem/Router,,HTTP,cusadmin,highspeed,Customer Admin,Comcast Commercial High Speed Modem model number 8013WG, smc,Modem/Wireless Router,,http://192.168.0.1,cusadmin,password,root,, smc,Router,,Admin,admin,admin,,, smc,Router,,All,admin,admin,,, smc,Router,All,HTTP,admin,admin,Admin,, smc,Router/Modem,BR7401,Multi,admin,barricade,Admin,, smc,SMB2804WBR,V2,Multi,Administrator,smcadmin,Admin,, smc,SMC broadband router,,HTTP,admin,admin,Admin,, smc,SMC2304 Router,,,,smcadmin,,, smc,SMC2304WBR-AG,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC2404 Router,,,,smcadmin,,, smc,SMC2652W,,,default,WLAN_AP,Admin,, smc,SMC2804 Router,,,,smcadmin,,, smc,SMC2804WBR,,HTTP,admin,smcadmin,Admin,, smc,SMC2804WBR,v.1,HTTP,,smcadmin,Admin,, smc,SMC2804WBRP-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC2804WBRP-G,BARRICADE g,192.168.2.1,,,house hold names,, smc,SMC7004VBR,,http://192.168.2.1,,,Administration,, smc,SMC7904BRA,,Multi,,smcadmin,Admin,, smc,SMC7904BRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC7904WBRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC7908VoWBRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC8014,1B,http://192.168.0.1,cusadmin,password,user,Brighthouse CFL, smc,SMC8014W-G,2A,http://192.168.0.1,cusadmin,password,Admin,This is a Cable Modem / Wireless Router., smc,SMCBR14UP,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR14VPN,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR18VPN,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR24Q,,http://192.168.2.1,smcadmin,smcadmin,Administration,, smc,SMCD3G-CCR,,http://10.1.10.1,cusadmin,highspeed,admin,Comcast small business modem, smc,SMCWBR-14N,,http://192.168.2.1,admin,smcadmin,,, smc,SMCWBR14-G,,HTTP,,smcadmin,Admin,mentioned password (no passwd) on your webpage is wrong, smc,SMCWBR14-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWBR14-GM,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWBR14-N2,,http:192.168.2.1,Admin,smcadmin,Admin,, smc,SMCWBR14T-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWEBT-G,,http://192.168.2.25,,smcadmin,Administration,, smc,WiFi Router,All,HTTP,,smcadmin,Admin,model #2804WBRP-G, smc,Wireless Router 2655W,,Initial Password,None Needed,MiniAP,,, smc,Wireless Router 2655W,1.4h.9,HTTP,None Needed,MiniAP,Initial Password,, smc,all models,all versions,cable,,highspeed,user,, smc,smcwbr14-3gn,,192.168.2.1.,admin,smcadmin,,, smc,wbr14-3gn,,192.168.2.1.,admin,123465,,, smith & bentzen,InstantWebMail (IWM),,,username,password,,, smithbentzen,Instant Web Mail (IWM),,http,username,password,,, snapgear,Pro, Lite, and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., snapgear,SnapGear,,,root,default,,, snapgear,SnapGear,,Multi,root,default,,, snapgear,firewall,,Multi,root,admin,tcp-ip,, snapgear,firewall,,tcp-ip,root,admin,,, snom,320,,http,Administrator,0000,,, snom,360,,http,Administrator,0000,,, softwarehouse,CCURE Access Control System,(all),Console,manager,manager,Admin,, softwarehouse,CCURE Access Control System,,Admin,manager,manager,,, soho,nbg800,,,admin,1234,,unknown, solution6,Viztopia Accounts,,Multi,aaa,often blank,Admin,, sonicwall,ALL,,ALL,admin,password,,, sonicwall,ALL,,Admin,admin,password,,, sonicwall,Any Firewall Device,,,admin,password,,, sonicwall,Firewall,,,admin,password,,, sonicwall,Firewall,,HTTP,admin,password,root,, sonicwall,Firewall,,root,admin,password,,, sonicwall,Most UTM Devices (TZ/PRO/NSA),,http://192.168.168.168:80/,admin,password,,, sonicwall,SOHO TELE TZ and PRO,,,admin,password,,, sonicwall,TZ 190,,Https://10.10.10.206,admin,,,, sonicwall,TZ1000,1.03,,admin,depp,,, sonicx,SonicAnime,on,Telnet,root,admin,Admin,1.0101E+14, sony,Network Camera SNC-RZ30,,,admin,admin,,, sony,Network Camera SNC-RZ30,,HTTP,admin,admin,,, sonyericsson,T290i,,,,0000,default to reset the phone,, sonyericsson,T68i,,,,0000,default to reset the phone,, sonyericsson,sony ericsson xperia,x1,,apex,ccg425,,, sophiaschweizag,Protector,,HTTPS,admin,Protector,Admin,, sophiaschweizag,Protector,,SSH,root,root,Admin,, sorenson,SR-200,,HTTP,,admin,Admin,, sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., sourcefire,RNA Sensor,,,admin,password,,, sourcefire,RNA Sensor,,,root,password,,, sourcefire,RNA Sensor,,http,admin,password,Admin,, sourcefire,RNA Sensor,,ssh/console,root,password,Admin,, sovereign hill,InQuery,,,Admin,shs,,, sovereignhill,InQuery,,,Admin,shs,Admin,, soyo,PC BIOS,,console,,SY_MB,Admin,, speco,CCTV Digital Video Recorder,all,web interface,admin,1234,admin operator,, speco,CCTV Digital Video Recorder,all,web interface,user,4321,viewing user,, speedstream,5660,,Telnet,,adminttd,Admin,, speedstream,5667,R4.0.1 ,HTTP,,admin,Admin,, speedstream,5861 SMT Router,,,admin,admin,,, speedstream,5861 SMT Router,,Admin,admin,admin,,, speedstream,5861 SMT Router,,Multi,admin,admin,Admin,, speedstream,5871 IDSL Router,,,admin,admin,,, speedstream,5871 IDSL Router,,Admin,admin,admin,,, speedstream,5871 IDSL Router,,Multi,admin,admin,Admin,, speedstream,DSL,,,admin,admin,,, speedstream,DSL,,Admin,admin,admin,,, speedstream,DSL,,Multi,admin,admin,Admin,, speedstream,Router 250 ssr250,,,admin,admin,,, speedstream,Router 250 ssr250,,Admin,admin,admin,,, speedstream,Router 250 ssr250,,Multi,admin,admin,Admin,, speedxess,HASE-120,,,,speedxess,,, speedxess,HASE-120,,Admin,,speedxess,,, speedxess,HASE-120,,Multi,,speedxess,Admin,, spider systems,M250,,,,hello,,, spidersystems,M250,,,,hello,,, spike,CPE,,,enable,,,, spike,CPE,,Admin,enable,,,, spike,CPE,,Console,enable,,Admin,, sprint,PCS,,Other,self,system,remote voicemail,, sprint,pcs,,remote voicemail,self,system,,, ssangyoung,SR2501,,,,2501,,, stratitec,TimeIPS,,root,root,ahetzip8,,, stratitec,TimeIPS,All,Console,root,ahetzip8,root,, sun,,,,root,,,SunOS 4.1.4, sun,Cobalt,,HTTP,admin,admin,Admin,, sun,E10000 System Service Processor,,multi,ssp,ssp,Admin,, sun,JavaServer,,,admin,admin,,, sun,JavaWebServer,,1.x 2.x,admin,admin,,, sun,JavaWebServer,,Admin,admin,admin,,, sun,JavaWebServer,1.x 2.x,AdminSrv,admin,admin,Admin,, sun,Sun E10000 System Service Processor,,,ssp,ssp,,, sun,SunOS,,,root,t00lk1t,,, sun,SunOS,,,root,t00lk1t,Admin,, sun,SunScreen,,3.1 Lite,admin,admin,,, sun,SunScreen,3.1 Lite,http (with java) port 3852,admin,admin,Admin,, sun,many,,,root,sun123,,, sun,many,,Other,root,sun123,,, sunmicrosystems,ILOM of X4100,1,HTTP,root,changeme,Admin,, supermicro,PC BIOS,,,,ksdjfg934t,,, supermicro,PC BIOS,,Admin,,ksdjfg934t,,, supermicro,PC BIOS,,Console,,ksdjfg934t,Admin,, surecom,EP3501/3506,,,admin,surecom,,own os, surecom,Unknown,,,admin,surecom,,, surecom,Wireless Broadband Router 11Mbps,,,admin,admin,Administrator,, suse gmbh,Emailserver,,1.x,root,root,,, suse gmbh,Emailserver,,Admin,root,root,,, susegmbh,Emailserver,1.x,Telnet,root,root,Admin,, sweex,,,,sweex,mysweex,,, sweex,Broadband Router,,Admin,,blank,,, sweex,Broadband Router,LB000020,HTTP,,blank,Admin,, sweex,LW055,,192.168.55.1,sweex,mysweex,admin,, sweex,MO200,,http://192.168.200.1,sweex,mysweex,,, swissvoice,IP 10S,,Telnet,target,password,Admin,, sybase (datev),Adaptive Server Enterprise,,12,sa,sasasa,,, sybase (datev),Adaptive Server Enterprise,,Admin,sa,sasasa,,, sybase,Adaptive Server Enterprise,,,12.x,,,, sybase,Adaptive Server Enterprise,,11.x 12.x,sa,,,, sybase,Adaptive Server Enterprise,,SA and SSO roles,sa,,,, sybase,Adaptive Server Enterprise,11.x 12.x,Multi,sa,,SA and SSO roles,, sybase,EAServer,,HTTP,jagadmin,,Admin,Source : Manufactor documentation, sybase,Sybase,,8,DBA,SQL,,, sybase,Sybase,,Admin,DBA,SQL,,, sybase,Sybase,8.0,Multi,DBA,SQL,Admin,, sybasedatev,Adaptive Server Enterprise,12.0,Multi,sa,sasasa,Admin,, symantec,Brightmail Anti-Spam,,,root,brightmail,,, symantec,NAV CORP / ALL,,,admin,symantec,,, symantec,NAV CORP / ALL,,Admin,admin,symantec,,, symantec,NAV CORP / ALL,,HTTP,admin,symantec,Admin,, symantec,Norton Antivirus Corp Ed.,,Admin,,symantec,,, symantec,Norton Antivirus Corp Ed.,,all,,symantec,,, symantec,Norton Antivirus Corp Ed.,all,Multi,,symantec,Admin,, symantec,VPN-Firewall,,,admin,,,, symantec,VPN/Firewall Appliance,100/200,http,admin,,Admin,, symbol,AP-2412,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, symbol,AP-3020,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, symbol,AP-4111,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, symbol,AP-4121,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, symbol,AP-4131,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, symbol,AP-5131,,Multi,admin,motorola,https,, symbol,Spectrum 24 Access Point,,,Symbol,Symbol,,, symbol,Spectrum 24 Access Point,,HTTP,Symbol,Symbol,,, symbol,Spectrum 24 Access Point,,http,symbol,Symbol,Admin,, symbol,Spectrum,series 4100-4121,HTTP,,Symbol,Admin,Access Point Wireless, symbol,ap5131,,,admin,symbol,,, syskonnect,6616,,,default.password,,,, system32,VOS,,Multi,install,secret,Admin,, tandberg,Border Controller,,Telnet/ssh/http,admin,TANDBERG,Admin,, tandberg,DLT8000 Autoloader 10x,,Console,,10023,Maintenance,, tandberg,Gatekeeper,,,admin,TANDBERG,Admin,, tandberg,TANDBERG,,8000,,TANDBERG,,, tandberg,Tandberg,8000,Multi,,TANDBERG,Admin,http://www.tandberg.net/collateral/user_manuals/TANDBERG_8000_UserMan.pdf, tandem,TACL,,Multi,super.super,,Admin,, tandem,TACL,,Multi,super.super,master,Admin,, tasman,T1,1000 Series,console,Tasman,Tasmannet,Admin,, tasman,T1,4000 Series,console,Tasman,Tasmannet,Admin,, tasman,T1,6000 Series,console,Tasman,Tasmannet,Admin,, tasman,T1,7000 Series,console,Tasman,Tasmannet,Admin,, tcomfort,Routers,,HTTP,Administrator,,Admin,, teamxodus,XeniumOS,2.3,FTP,xbox,xbox,Admin,, tecom,Titan,,admin,TECOM MASTER,4346,,, tecom,Titan,2.06,Other,TECOM MASTER,4346,admin,, tekelec,Eagle STP,,,eagle,eagle,,, teklogix,Accesspoint,,Multi,Administrator,,Admin,, telappliant,IP2006 SIP Phone,,http,admin,1234,Admin,, telcosystems,Edge Link 100,,Console,telco,telco,telco,, telebit,Netblazer,,,setup,setup,,, telebit,Netblazer,,,snmp,nopasswd,,, telebit,netblazer 3.*,,,setup,setup,,, telebit,netblazer 3.*,,,snmp,nopasswd,,, telecomnz,Nokia M10,,,Telecom,Telecom,,, teledat,Routers,,HTTP,admin,1234,Admin,, telelec,Eagle,,,eagle,eagle,,, teletronics,WL-CPE-Router,3.05.2,HTTPS,admin,1234,Admin,, telewell,TW-EA200,,Multi,admin,password,Admin,, telewell,TW-EA510,,http://192.168.0.254,admin,admin,Admin,, telindus,1124,,HTTP,,,Admin,, telindus,SHDSL1421,yes,HTTP,admin,admin,Admin,, telindus,telindus,2002,Telnet,admin,admin,Admin,, tellabs,7120,,Multi,root,admin_1,Admin,telnet on port 3083, tellabs,Titan 5500,,Admin,tellabs,tellabs#1,,, tellabs,Titan 5500,,FP 6.x,tellabs,tellabs#1,,, tellabs,Titan 5500,FP 6.x,Multi,tellabs,tellabs#1,Admin,, teltronic s.a.u.,NEBULA,,,admin,tetra,,, telus,Telephony Services,,,(created),telus00,,, telus,Telephony and internet services,,,(username),telus00,User,Initial password if issued in 2000, telus,Telephony and internet services,,,(username),telus01,User,Initial password if issued in 2001, telus,Telephony and internet services,,,(username),telus02,User,Initial password if issued in 2002, telus,Telephony and internet services,,,(username),telus03,User,Initial password if issued in 2003, telus,Telephony and internet services,,,(username),telus04,User,Initial password if issued in 2004, telus,Telephony and internet services,,,(username),telus05,User,Initial password if issued in 2005, telus,Telephony and internet services,,,(username),telus06,User,Initial password if issued in 2006, telus,Telephony and internet services,,,(username),telus07,User,Initial password if issued in 2007, telus,Telephony and internet services,,,(username),telus08,User,Initial password if issued in 2008, telus,Telephony and internet services,,,(username),telus09,User,Initial password if issued in 2009, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, terayon,TeraLink 1000 Controller,,,admin,password,,, terayon,TeraLink 1000 Controller,,,user,password,,, terayon,TeraLink Getaway,,,admin,password,,, terayon,TeraLink Getaway,,,user,password,,, terayon,TeraLink,,,admin,password,,, terayon,Unknown,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, textportal,TextPortal,,,god1,12345,,, textportal,TextPortal,,,god2,12345,,, thomson,,,,D8AA0,12345678,,, thomson,585,7,192.168.254,,,admin,, thomson,782i,,http://192.168.1.254,Administrator,CPE.hgw.12,Administrator,Made in Macedonia! BaDxBoY, thomson,SpeedTouch ,,125.24.231.95,admin,suadmin,,, thomson,SpeedTouch 530,,http://10.0.0.138,,,Administration,, thomson,SpeedTouch 536,,http://192.168.1.254,Administrator,,Administration,, thomson,SpeedTouch 546,,http://192.168.1.254 or http://speedtouch.lan,Administrator,,Administration,, thomson,SpeedTouch 580,,http://192.168.1.254,Administrator,,Administration,, thomson,SpeedTouch 585,,http://192.168.1.254,Administrator,,Administration,, thomson,SpeedTouch 780 WL,SSID.SpeedTouchB,192.168.1.254,,,,, thomson,SpeedTouch Home,,http://10.0.0.138,admin,admin,Administration,, thomson,SpeedTouch Pro,,http://10.0.0.138,admin,admin,Administration,, thomson,SpeedTouch261A3E,SpeedTouch585v6,,administrator,administrator,,, thomson,SpeedTouch580,,,admin,admin,,, thomson,SpeedTouch580,4.3.19,HTTP,admin,admin,,, thomson,TG585,7,192.168.1.254,jalvarez,pc2119,Poniente 29,, thomson,speed touch,780i wl,,szilizs,keszeg,,, thomson,speedtouch 585V6,,,Admin,23698,,, thomson,xp,all versions,http://192.168.1.254/,administrator,,administrator,, tiara networks,(router???),,1400 6100 6200,,tiara,,, tiara networks,(router???),,tiaranet,,tiara,,, tiara,1400,3.x,Console,tiara,tiaranet,Admin,also known as Tasman Networks routers, tiara,Tiara,,,tiara,tiaranet,,, tiaranetworks,(router???),1400 6100 6200,Multi,,tiara,tiaranet,, tim schaab,Mad.Thought,,2.0.1,theman,changeit,,, timschaab,Mad.Thought,2.0.1,http,theman,changeit,Admin,, tiny,PC BIOS,,,,Tiny,,, tiny,PC BIOS,,Console,,Tiny,Admin,, tinys,PC BIOS,,,,Tiny,,, tinys,PC BIOS,,,,tiny,,, tinys,PC BIOS,,Admin,,Tiny,,, tmc,PC BIOS,,,,BIGO,,, tmc,PC BIOS,,Admin,,BIGO,,, tmc,PC BIOS,,Console,,BIGO,Admin,, toplayer,AppSwitch 2500,,,siteadmin,toplayer,,Any, toplayer,AppSwitch,,,siteadmin,toplayer,,, topsec,firewall,,Multi,superman,talent,Admin,, toshiba 8000,Laptop,,,,,,, toshiba 8000,Laptop,,Admin,,,,, toshiba,Most laptops,,console,,,,, toshiba,PC BIOS,,,,24Banc81,,, toshiba,PC BIOS,,,,toshy99,,, toshiba,PC BIOS,,Admin,,24Banc81,,, toshiba,PC BIOS,,Admin,,Toshiba,,, toshiba,PC BIOS,,Admin,,toshy99,,, toshiba,PC BIOS,,Console,,24Banc81,Admin,, toshiba,PC BIOS,,Console,,Toshiba,Admin,, toshiba,PC BIOS,,Console,,toshy99,Admin,, toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes, toshiba,TR-650,,,admin,tr650,,V2.01.00, toshiba,Toshiba 8000 Laptop,,Multi,,,Admin,, toshiba,eStudio,All versions,http://,admin,123456,admin,, tp link,Tp link,,,admin,admin,,, trend micro,InterScan VirusWall,,,admin,admin,,, trend micro,Trend Micro,,,admin,admin,,, trend micro,Viruswall,,Admin,admin,admin,,, trend micro,Viruswall,,all versions,admin,admin,,, trendmicro,,7.3,,admin,admin,,, trendmicro,ISVW (VirusWall),,,admin,admin,,any, trendmicro,Viruswall,all versions,HTTP on port 1812,admin,admin,Admin,, trendnet,TEW 432 BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,, trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,konya, trendnet,TEW-432BRP,,http://192.168.0.1,,,,, trendnet,TEW-432BRP,TEW-432BRP,,hiua,xurxure,blank,, trendnet,TEW-450APB,,,admin,admin,,, trendnet,TEW-452BRP,,http://192.168.1.1,admin,admin,,, trendnet,TEW-510APB,,http://192.168.1.250,,admin,,, trendnet,TEW-511BRP,,http://192.168.1.1,,admin,,, trendnet,TEW-631BRP,,http://192.168.1.1,admin,admin,,, trendnet,TEW-639GR,,192.168.10.1,admin,payago,,, trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,AMIN,ADMIN,ADMIN,, trendnet,TK1601R,,,,00000000,,, trendnet,TK1602R,,,,00000000,,, trendnet,TK801R,,,,00000000,,, trendnet,TK802R,,,,00000000,,, trendnet,TPL110AP,,http://10.0.0.3,admin,admin,,, trendnet,TRENDNET TEW411BRP,,198.162.1.1,,admin,Admin access,, trendnet,TW100-BRF114,,http://192.168.0.1,,,,, trendnet,TW100-BRV204,,,,,,, trendnet,TW100-BRV304,,,,,,, trendnet,TW100-S4W1CA,,http://192.168.1.1,,,,, trendnet,tew-432brp,windows7,http://192.168.10,1,,admin,, trendnet,tw100-s4w1ca,,http://192.168.0.1,admini,admini,admin,nnu stiu parola si numele vechi de la trendnet, trintech,eAcquirer App/Data Servers,,,t3admin,Trintech,,, trintech,eAcquirer,,,t3admin,Trintech,,, triumphadler,DC2116,1.0,http://,admin,0000,admin,, troy,ExtendNet 100zx,,Multi,admin,extendnet,Admin,dizphunKt, tsunami,Tsunami-45,,,managers,managers,,, tsunami,Tsunami-45,1.0,Multi,managers,managers,,, tvt system,Expresse G5 DS1 Module,,,,enter,,, tvt system,Expresse G5 DS1 Module,,Admin,,enter,,, tvt system,Expresse G5,,,craft,,,, tvt system,Expresse G5,,Admin,craft,,,, tvtsystem,Expresse G5 DS1 Module,,Multi,,enter,Admin,, tvtsystem,Expresse G5,,Multi,craft,,Admin,, type3,Typo3,3.6,,admin,password,Admin,, typo3,TYPO3,,3.6,admin,password,,, unex,NexIP Routers,,,,password,,, unex,NexIP Routers,,HTTP,,password,Admin,, uniden,UIP1868P,,http://192.168.15.1,admin,UnidEn79!,Configuration,password is case sensitive, uniden,UIP1869V,,http://192.168.15.1,admin,admin,,, uniden,UIP300,,HTTP,user,123456,,, uniden,WNR2004,,http://192.168.1.1,UNIDEN,,,, unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, unix,Generic,,,administrator,,,, unix,Generic,,,administrator,administrator,,, unix,Generic,,,anon,anon,,, unix,Generic,,,bbs,,,, unix,Generic,,,bbs,bbs,,, unix,Generic,,,bin,sys,,, unix,Generic,,,checkfs,checkfs,,, unix,Generic,,,checkfsys,checkfsys,,, unix,Generic,,,checksys,checksys,,, unix,Generic,,,daemon,daemon,,, unix,Generic,,,demo,,,, unix,Generic,,,demo,demo,,, unix,Generic,,,demos,,,, unix,Generic,,,demos,demos,,, unix,Generic,,,dni,,,, unix,Generic,,,fal,,,, unix,Generic,,,fal,fal,,, unix,Generic,,,fax,fax,,, unix,Generic,,,ftp,,,, unix,Generic,,,ftp,ftp,,, unix,Generic,,,games,games,,, unix,Generic,,,gopher,gopher,,, unix,Generic,,,gropher,,,, unix,Generic,,,guest,,,, unix,Generic,,,guest,guestgue,,, unix,Generic,,,halt,,,, unix,Generic,,,halt,halt,,, unix,Generic,,,informix,informix,,, unix,Generic,,,install,install,,, unix,Generic,,,lp,,,, unix,Generic,,,lp,lp,,, unix,Generic,,,lpadm,lpadm,,, unix,Generic,,,lpadmin,lpadmin,,, unix,Generic,,,lynx,,,, unix,Generic,,,mail,,,, unix,Generic,,,mail,mail,,, unix,Generic,,,man,man,,, unix,Generic,,,me,,,, unix,Generic,,,mountfs,mountfs,,, unix,Generic,,,mountfsys,mountfsys,,, unix,Generic,,,mountsys,mountsys,,, unix,Generic,,,news,news,,, unix,Generic,,,nobody,,,, unix,Generic,,,nobody,nobody,,, unix,Generic,,,nuucp,,,, unix,Generic,,,operator,,,, unix,Generic,,,operator,operator,,, unix,Generic,,,oracle,,,, unix,Generic,,,postmaster,postmast,,, unix,Generic,,,powerdown,powerdown,,, unix,Generic,,,rje,rje,,, unix,Generic,,,root,root,,, unix,Generic,,,setup,setup,,, unix,Generic,,,shutdown,,,, unix,Generic,,,shutdown,shutdown,,, unix,Generic,,,sync,,,, unix,Generic,,,sync,sync,,, unix,Generic,,,sys,sys,,, unix,Generic,,,sys,system,,, unix,Generic,,,sysadm,admin,,, unix,Generic,,,sysadm,sysadm,,, unix,Generic,,,sysadmin,sysadmin,,, unix,Generic,,,sysbin,sysbin,,, unix,Generic,,,system_admin,,,, unix,Generic,,,system_admin,system_admin,,, unix,Generic,,,trouble,trouble,,, unix,Generic,,,umountfs,umountfs,,, unix,Generic,,,umountfsys,umountfsys,,, unix,Generic,,,umountsys,umountsys,,, unix,Generic,,,unix,unix,,, unix,Generic,,,user,user,,, unix,Generic,,,uucp,uucp,,, unix,Generic,,,uucpadm,uucpadm,,, unix,Generic,,,web,,,, unix,Generic,,,web,web,,, unix,Generic,,,webmaster,,,, unix,Generic,,,www,,,, unix,Generic,,Admin,adm,,,, unix,Generic,,Admin,adm,adm,,, unix,Generic,,Admin,bin,sys,,, unix,Generic,,Admin,install,install,,, unix,Generic,,Admin,mountfs,mountfs,,, unix,Generic,,Admin,mountfsys,mountfsys,,, unix,Generic,,Admin,mountsys,mountsys,,, unix,Generic,,Admin,root,,,, unix,Generic,,Admin,root,hp,,, unix,Generic,,Admin,root,root,,, unix,Generic,,Admin,setup,setup,,, unix,Generic,,Admin,sys,bin,,, unix,Generic,,Admin,sys,sys,,, unix,Generic,,Admin,sys,system,,, unix,Generic,,Admin,sysadm,admin,,, unix,Generic,,Admin,sysadm,sysadm,,, unix,Generic,,Admin,sysadmin,sysadmin,,, unix,Generic,,Admin,sysbin,sysbin,,, unix,Generic,,Admin,system_admin,,,, unix,Generic,,Admin,system_admin,system_admin,,, unix,Generic,,HP-UX,root,hp,,, unix,Generic,,Multi,adm,,Admin,, unix,Generic,,Multi,adm,adm,Admin,, unix,Generic,,Multi,admin,admin,User,, unix,Generic,,Multi,administrator,,User,, unix,Generic,,Multi,administrator,administrator,User,, unix,Generic,,Multi,anon,anon,User,, unix,Generic,,Multi,bbs,,User,, unix,Generic,,Multi,bbs,bbs,User,, unix,Generic,,Multi,bin,sys,Admin,, unix,Generic,,Multi,checkfs,checkfs,User,, unix,Generic,,Multi,checkfsys,checkfsys,User,, unix,Generic,,Multi,checksys,checksys,User,, unix,Generic,,Multi,daemon,,User,, unix,Generic,,Multi,daemon,daemon,User,, unix,Generic,,Multi,demo,,User,, unix,Generic,,Multi,demo,demo,User,, unix,Generic,,Multi,demos,,User,, unix,Generic,,Multi,demos,demos,User,, unix,Generic,,Multi,dni,,User,, unix,Generic,,Multi,dni,dni,User,, unix,Generic,,Multi,fal,,User,, unix,Generic,,Multi,fal,fal,User,, unix,Generic,,Multi,fax,,User,, unix,Generic,,Multi,fax,fax,User,, unix,Generic,,Multi,ftp,,User,, unix,Generic,,Multi,ftp,ftp,User,, unix,Generic,,Multi,games,,User,, unix,Generic,,Multi,games,games,User,, unix,Generic,,Multi,gopher,gopher,User,, unix,Generic,,Multi,gropher,,User,, unix,Generic,,Multi,guest,,User,, unix,Generic,,Multi,guest,guest,User,, unix,Generic,,Multi,guest,guestgue,User,, unix,Generic,,Multi,halt,,User,, unix,Generic,,Multi,halt,halt,User,, unix,Generic,,Multi,informix,informix,User,, unix,Generic,,Multi,install,install,Admin,, unix,Generic,,Multi,lp,,User,, unix,Generic,,Multi,lp,bin,User,, unix,Generic,,Multi,lp,lineprin,User,, unix,Generic,,Multi,lp,lp,User,, unix,Generic,,Multi,lpadm,lpadm,User,, unix,Generic,,Multi,lpadmin,lpadmin,User,, unix,Generic,,Multi,lynx,,User,, unix,Generic,,Multi,lynx,lynx,User,, unix,Generic,,Multi,mail,,User,, unix,Generic,,Multi,mail,mail,User,, unix,Generic,,Multi,man,,User,, unix,Generic,,Multi,man,man,User,, unix,Generic,,Multi,me,,User,, unix,Generic,,Multi,me,me,User,, unix,Generic,,Multi,mountfs,mountfs,Admin,, unix,Generic,,Multi,mountfsys,mountfsys,Admin,, unix,Generic,,Multi,mountsys,mountsys,Admin,, unix,Generic,,Multi,news,,User,, unix,Generic,,Multi,news,news,User,, unix,Generic,,Multi,nobody,,User,, unix,Generic,,Multi,nobody,nobody,User,, unix,Generic,,Multi,nuucp,,User,, unix,Generic,,Multi,operator,,User,, unix,Generic,,Multi,operator,operator,User,, unix,Generic,,Multi,oracle,,User,, unix,Generic,,Multi,postmaster,,User,, unix,Generic,,Multi,postmaster,postmast,User,, unix,Generic,,Multi,powerdown,powerdown,User,, unix,Generic,,Multi,root,,Admin,, unix,Generic,,Multi,root,root,Admin,, unix,Generic,,Multi,setup,setup,Admin,, unix,Generic,,Multi,shutdown,,User,, unix,Generic,,Multi,shutdown,shutdown,User,, unix,Generic,,Multi,sync,,User,, unix,Generic,,Multi,sync,sync,User,, unix,Generic,,Multi,sys,bin,Admin,, unix,Generic,,Multi,sys,sys,Admin,, unix,Generic,,Multi,sys,system,Admin,, unix,Generic,,Multi,sysadm,admin,Admin,, unix,Generic,,Multi,sysadm,sysadm,Admin,, unix,Generic,,Multi,sysadmin,sysadmin,Admin,, unix,Generic,,Multi,sysbin,sysbin,Admin,, unix,Generic,,Multi,system_admin,,Admin,, unix,Generic,,Multi,system_admin,system_admin,Admin,, unix,Generic,,Multi,trouble,trouble,User,, unix,Generic,,Multi,umountfs,umountfs,User,, unix,Generic,,Multi,umountfsys,umountfsys,User,, unix,Generic,,Multi,umountsys,umountsys,User,, unix,Generic,,Multi,unix,unix,User,, unix,Generic,,Multi,user,user,User,, unix,Generic,,Multi,uucp,uucp,User,, unix,Generic,,Multi,uucpadm,uucpadm,User,, unix,Generic,,Multi,web,,User,, unix,Generic,,Multi,web,web,User,, unix,Generic,,Multi,webmaster,,User,, unix,Generic,,Multi,webmaster,webmaster,User,, unix,Generic,,Multi,www,,User,, unix,Generic,,Multi,www,www,User,, unix,Generic,,User,admin,admin,,, unix,Generic,,User,administrator,,,, unix,Generic,,User,administrator,administrator,,, unix,Generic,,User,anon,anon,,, unix,Generic,,User,bbs,,,, unix,Generic,,User,bbs,bbs,,, unix,Generic,,User,checkfs,checkfs,,, unix,Generic,,User,checkfsys,checkfsys,,, unix,Generic,,User,checksys,checksys,,, unix,Generic,,User,daemon,,,, unix,Generic,,User,daemon,daemon,,, unix,Generic,,User,demo,,,, unix,Generic,,User,demo,demo,,, unix,Generic,,User,demos,,,, unix,Generic,,User,demos,demos,,, unix,Generic,,User,dni,,,, unix,Generic,,User,dni,dni,,, unix,Generic,,User,fal,,,, unix,Generic,,User,fal,fal,,, unix,Generic,,User,fax,,,, unix,Generic,,User,fax,fax,,, unix,Generic,,User,ftp,,,, unix,Generic,,User,ftp,ftp,,, unix,Generic,,User,games,,,, unix,Generic,,User,games,games,,, unix,Generic,,User,gopher,gopher,,, unix,Generic,,User,gropher,,,, unix,Generic,,User,guest,,,, unix,Generic,,User,guest,guest,,, unix,Generic,,User,guest,guestgue,,, unix,Generic,,User,halt,,,, unix,Generic,,User,halt,halt,,, unix,Generic,,User,informix,informix,,, unix,Generic,,User,lp,,,, unix,Generic,,User,lp,bin,,, unix,Generic,,User,lp,lineprin,,, unix,Generic,,User,lp,lp,,, unix,Generic,,User,lpadm,lpadm,,, unix,Generic,,User,lpadmin,lpadmin,,, unix,Generic,,User,lynx,,,, unix,Generic,,User,lynx,lynx,,, unix,Generic,,User,mail,,,, unix,Generic,,User,mail,mail,,, unix,Generic,,User,man,,,, unix,Generic,,User,man,man,,, unix,Generic,,User,me,,,, unix,Generic,,User,me,me,,, unix,Generic,,User,news,,,, unix,Generic,,User,news,news,,, unix,Generic,,User,nobody,,,, unix,Generic,,User,nobody,nobody,,, unix,Generic,,User,nuucp,,,, unix,Generic,,User,operator,,,, unix,Generic,,User,operator,operator,,, unix,Generic,,User,oracle,,,, unix,Generic,,User,postmaster,,,, unix,Generic,,User,postmaster,postmast,,, unix,Generic,,User,powerdown,powerdown,,, unix,Generic,,User,rje,rje,,, unix,Generic,,User,shu|own,,,, unix,Generic,,User,shu|own,shu|own,,, unix,Generic,,User,sync,,,, unix,Generic,,User,sync,sync,,, unix,Generic,,User,trouble,trouble,,, unix,Generic,,User,umountfs,umountfs,,, unix,Generic,,User,umountfsys,umountfsys,,, unix,Generic,,User,umountsys,umountsys,,, unix,Generic,,User,unix,unix,,, unix,Generic,,User,user,user,,, unix,Generic,,User,uucp,uucp,,, unix,Generic,,User,uucpadm,uucpadm,,, unix,Generic,,User,web,,,, unix,Generic,,User,web,web,,, unix,Generic,,User,webmaster,,,, unix,Generic,,User,webmaster,webmaster,,, unix,Generic,,User,www,,,, unix,Generic,,User,www,www,,, unix,Generic,HP-UX,Multi,root,hp,Admin,, unix,Generic,early versions,console or telnet,root,gnomes,Admin,early backdoor password that likely is no longer in use anywhere except by nostalgic old-school admins running much newer systems, unix,UNIX,,,setup,,,, unix,Unix,,,service,smile,,, unknown,POCSAG Radio Paging,,2.05,,password,,, unknown,System 88,,,operator,operator,,, unknown,System 88,,,overseer,overseer,,, unknown,System 88,,,test,test,,, us robotics,USR8000,,1.23 / 1.25,root,admin,,, us robotics,USR8000,,Admin,root,admin,,, us robotics,USR8550,,3.0.5,Any,12345,,, usrobotics,805451,805451,,usr54321,usr54321,full,access, usrobotics,ADSL Ethernet Modem,,HTTP,,12345,Admin,, usrobotics,SureConnect 9003 ADSL Ethernet/USB Router,,Multi,root,12345,Admin,, usrobotics,SureConnect 9105 ADSL 4-Port Router,,HTTP,admin,admin,Admin,, usrobotics,SureConnect ADSL ,SureConnect ADSL ,Telnet,support,support,User,works after 3rd login trial, usrobotics,TOTALswitch,,,,amber,,, usrobotics,TOTALswitch,,,,amber,,Any, usrobotics,USR5450,,,admin,,Admin,, usrobotics,USR8000,1.23 / 1.25,Multi,root,admin,Admin,DSL-Router. Web-Login always uses user root, usrobotics,USR8054 Router,,,admin,,,, usrobotics,USR8550,,Any,Any,12345,,, usrobotics,USR8550,3.0.5,Multi,Any,12345,Any,Best Modem, usrobotics,adsl gateway wireless router,,wireless router,support,support,super user access,I find it on a manual, utlexar,Telephone Switches,,,DESIGNED_BY_IC_KF,,Backdoor,, utlexar,Telephone Switches,,,lexar,,maintenance default,, utstar,UT300R,,Multi,admin,utstar,root,, utstar,UT300R,,root,admin,utstar,,, utstarcom,B-NAS B-RAS,,1000,dbase,dbase,,, utstarcom,B-NAS B-RAS,,1000,field,field,,, utstarcom,B-NAS B-RAS,,1000,guru,*3noguru,,, utstarcom,B-NAS B-RAS,,1000,snmp,snmp,,, utstarcom,B-NAS,B-RAS,1000,,dbase,dbase,, utstarcom,B-NAS,B-RAS,1000,,field,field,, utstarcom,B-NAS,B-RAS,1000,,guru,*3noguru,, utstarcom,B-NAS,B-RAS,1000,,snmp,snmp,, vasco,VACMAN Middleware,2.x,Multi,admin,,Admin,strong authentication server, veenman,Linium C353,all versions,console and IP,,12345678,admin,, vendor,Product,Revision,Protocol,User,Password,Access,Notes, vendor,system,,verified,password,level,,, vendor,system,,version,login,password,,, veramark,eCAS,,Administrative,admin,password,,, verifone,Verifone Junior,,,,166816,,, verifone,Verifone Junior,,2.05,,166816,,, verifone,Verifone Junior,2.05,,,166816,,, verilink,NE6100-4 NetEngine,IAD 3.4.8,Telnet,,,Guest,, veritas,Cluster Server,,,admin,password,,, veritas,Cluster Server,,http,admin,password,Admin,, verity,Ultraseek,,http,admin,admin,Admin,, vertex,VERTEX 1501,,5.05,root,vertex25,,, vertex,Vertex 1501,5.05,,root,vertex25,Admin,, vextrec technology,PC BIOS,,,,Vextrex,,, vextrectechnology,PC BIOS,,Console,,Vextrex,,, vienuke,VieBoard,,2.6,admin,admin,,, vienuke,VieBoard,2.6,,admin,admin,Administrator,, vina technologies,ConnectReach,,,,,,, vinatechnologies,ConnectReach,,,,,,3.6.2, virtual programming,VP-ASP Shopping Cart,,5.0,admin,admin,,, virtual programming,VP-ASP Shopping Cart,,5.0,vpasp,vpasp,,, virtualprogramming,VP-ASP Shopping Cart,5.0,,admin,admin,Admin,, virtualprogramming,VP-ASP Shopping Cart,5.0,,vpasp,vpasp,Admin,, visa vap,VAP,,,root,QNX,,, visa,Visa VAP,,Telnet/modem,root,QNX,root,, visualnetworks,Visual Uptime T1 CSU/DSU,1,Console,admin,visual,Admin,, vobis,PC BIOS,,,,merlin,,, vobis,PC BIOS,,Console,,merlin,,, voicegenietechnologies,VoiceGenie,,,pw,pw,Admin,, vpasp,VP-ASP Shopping Cart,,,admin,admin,,, vpasp,VP-ASP Shopping Cart,,,vpasp,vpasp,,, vxworks,misc,,Multi,admin,admin,Admin,, vxworks,misc,,Multi,guest,guest,Guest,, waav,X2,,Admin,admin,waav,,, wanadoo,Livebox,,Multi,admin,admin,Admin,, wang,Wang,,Multi,CSG,SESAME,Admin,, warracorp,janon,,guest,pepino,pepino,,, warracorp,janon,2.1,HTTP,pepino,pepino,guest,, watch guard,firebox 1000,,,admin,,,, watch guard,firebox 1000,,Admin,admin,,,, watchguard,FireBox,,,,wg,,, watchguard,SOHO and SOHO6,all versions,FTP,user,pass,Admin,works only from the inside LAN, watchguard,firebox 1000,,Multi,admin,,Admin,, web wiz,Forums,,7.x,Administrator,letmein,,, weblogic,weblogic,,yes,system,weblogic,,, webmin,Webmin,,,admin,,,default linux install, webmin,Webmin,,,admin,hp.com,,, webmin,Webmin,,http,admin,hp.com,Admin,, webramp,410i etc...,,,wradmin,trancell,,, webramp,Unknown,,,wradmin,trancell,,, webwiz,Forums,7.x,http,Administrator,letmein,Admin,, westell,2200,,Multi,admin,password,Admin,, westell,Versalink 2200,,,admin,password,,, westell,Versalink 327,,,admin,password,,, westell,Versalink 327,,Multi,admin,,Admin,, westell,Versalink 6100,,,admin,password,,, westell,Wang,,Multi,CSG,SESAME,Admin,, westell,Wirespeed wireless router,,Multi,admin,sysAdmin,Admin,, westell,Wirespeed,,Multi,admin,password,Admin,, westell,Wirespeed,,Multi,admin,sysAdmin,Admin,, wim bervoets,WIMBIOSnbsp BIOS,,,,Compleri,,, wim bervoets,WIMBIOSnbsp BIOS,,Admin,,Compleri,,, wimbervoets,WIMBIOSnbsp BIOS,,Console,,Compleri,Admin,, winwork,iso sistemi,,,operator,,,, winwork,iso sistemi,,Admin,operator,,,, wireless inc.,WaveNet,,,root,rootpass,,, wirelessinc,WaveNet 2458,,,root,rootpass,,, worldclient,AdminServer,,,WebAdmin,Admin,,, worldclient,AdminServer,,HTTP:2001,WebAdmin,Admin,WorldClient,, worldclient,AdminServer,,WorldClient,WebAdmin,Admin,,, www.soft.vip600.com,123,,,anonymous,anonymous,,, wwwboard,WWWADMIN.PL,,,WebAdmin,WebBoard,,, wwwboard,WWWADMIN.PL,,Admin,WebAdmin,WebBoard,,, wwwboard,WWWADMIN.PL,,HTTP,WebAdmin,WebBoard,Admin,, wyse,V90 series thin client,all,BIOS,,Fireport,BIOS,, wyse,V90,,VNC,,Wyse,,, wyse,WT 1125 SE,,,user,user,,, wyse,WT9235LE,XPe (XP embedded),console login,Administrator,Administrator,local Admin,(case sensitive), wyse,Winterm 3150,,VNC,,password,Admin,, wyse,Winterm,,5440XL,VNC,winterm,,, wyse,Winterm,,5440XL,root,wyse,,, wyse,Winterm,,Admin,root,wyse,,, wyse,Winterm,,VNC,VNC,winterm,,, wyse,Winterm,5440XL,Console,root,wyse,Admin,, wyse,Winterm,5440XL,VNC,VNC,winterm,VNC,, wyse,Winterm,9455XL,BIOS,,Fireport,BIOS,Case Sensitive, wyse,rapport,4.4,FTP,rapport,r@p8p0r+,ftp logon to controlling ftp server.,, wyse,v90le,unknown,console,Administrator,Administrator,,, wyse,winterm,,Multi,root,,Admin,, x-micro,WLAN 11b Broadband Router,,,1502,1502,,, x-micro,WLAN 11b Broadband Router,,,super,super,,, xavi,7000-ABA-ST1,,Console,,,Admin,, xavi,7001,,Console,,,Admin,, xavi,X7722r,,192.168.1.1,admin,admin,,, xavi,X7722r,all,HTTP,admin,admin,192.168.1.1,, xerox,61xx,All,DocuSP,Administrator,administ,,, xerox,7232,,,11111,x-admin,,, xerox,77xx,,http,admin,1111,,, xerox,ApeosIII 4300,,HTTP,11111,x-admin,Admin,, xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,source http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, xerox,DocuColor 1632,,console,,11111,Admin,, xerox,DocuColor 1632,,http,admin,admin,Admin,, xerox,DocuColor,,1632,,11111,,, xerox,DocuColor,,1632,admin,admin,,, xerox,Document Centre 405,-,HTTP,admin,admin,Admin,, xerox,Document Centre 425,,HTTP,admin,,Admin,, xerox,Document Centre 425,,HTTP,admin,22222,Admin,works for access panel 2, xerox,Document Centre 432,,,admin,22222,,, xerox,Document Centre 432,,http,admin,22222,Admin,, xerox,Document Centre c320,,HTTP,admin,admin,,Default machine admin password: 11111, xerox,Fiery,,,Administrator,Fiery.1,,, xerox,Fiery,,HTTP,Administrator,Fiery.1,,, xerox,Fiery,2.0,remove desktop,Administrator,fiery.1,,, xerox,Multi Function Equipment,,,admin,2222,,, xerox,Multi Function Equipment,,Admin,admin,2222,,, xerox,Multi Function Equipment,,Multi,admin,2222,Admin,combo fax/scanner/printer with network access, xerox,Phaser 3600,,,admin,1111,,, xerox,Work Center Pro C2128,,http,admin,1111,,, xerox,WorkCenter 2640,,http://,admin,1111,,, xerox,WorkCenter Pro 428,,,admin,admin,,, xerox,WorkCenter Pro 428,,Admin,admin,admin,,, xerox,WorkCentre 265,v1,http,admin,1111,,, xerox,WorkCentre 5230,all,web,11111,x-admin,,, xerox,WorkCentre 5675,All,Console, HTTP,admin,1111,, xerox,WorkCentre 57xx,,http,admin,1111,,, xerox,WorkCentre 7245,,http,11111,x-admin,Admin,, xerox,WorkCentre 7328,,http,11111,x-admin,,, xerox,WorkCentre 7335,,,11111,x-admin,,, xerox,WorkCentre 7345,,,11111,x-admin,,, xerox,WorkCentre 7425,,http or console,admin,1111,,, xerox,WorkCentre 7665,,,admin,1111,,, xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\192.168.0.1admintool, xerox,WorkCentre M20i,,http,admin,1111,Admin,, xerox,WorkCentre PE 120i,,IP address,admin,1111,,, xerox,WorkCentre Pro 35,,HTTP,admin,1111,Admin,, xerox,WorkCentre Pro 420,,,admin,sysadm,,, xerox,WorkCentre Pro 428,,HTTP,admin,admin,Admin,, xerox,WorkCentre Pro 45,,HTTP,admin,1111,Admin,, xerox,WorkCentre Pro,,45,admin,1111,,, xerox,WorkCentre and DocumentCentre,,,savelogs,crash,,, xerox,WorkCentre,7232/7242,http,11111,x-admin,Administrator,, xerox,WorkCentre/DocumentCentre,,,savelogs,crash,,, xerox,Workcenter 245 Pro,,HTTP,admin,1111,,, xerox,Workcentre 7120,All,Http,admin,1111,Admin,, xerox,xerox,,Multi,,admin,Admin,, xerox,xerox,,Multi,admin,admin,Admin,, xincom,XC-DPG402,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG502,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG503,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG602,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG603,,http://192.168.1.1,admin,,Administration,, xmicro,WLAN 11b Access Point,1.2.2,Multi,super,super,Admin,, xmicro,X-Micro WLAN 11b Broadband Router,1.2.2 1.2.2.3 1.2.2.4 1.6.0.0,Multi,super,super,Admin,From BUGTRAQ, xmicro,X-Micro WLAN 11b Broadband Router,1.6.0.1,HTTP,1502,1502,Admin,From BUGTRAQ, xylan,Omnistack 1032CF,,,admin,password,,3.2.8, xylan,Omnistack 4024,,,admin,password,,3.4.9, xylan,Omniswitch,,,admin,switch,,, xylan,Omniswitch,,,admin,switch,,3.1.8, xylan,Omniswitch,,,diag,switch,,, xylan,Omniswitch,,Admin,admin,switch,,, xylan,Omniswitch,,Telnet,admin,switch,Admin,, xylan,Omniswitch,,Telnet,diag,switch,Admin,, xyplex,Routers,,,,system,,, xyplex,Routers,,Admin,,system,,, xyplex,Routers,,Port 7000,,access,User,, xyplex,Routers,,Port 7000,,system,Admin,, xyplex,Routers,,User,,access,,, xyplex,Terminal Server,,,,access,,, xyplex,Terminal Server,,,,system,,, xyplex,Terminal Server,,Admin,,system,,, xyplex,Terminal Server,,Port 7000,,access,User,, xyplex,Terminal Server,,Port 7000,,system,Admin,, xyplex,Terminal Server,,User,,access,,, xyplex,mx-16xx,,,setpriv,system,,, xyplex,switch,3.2,Console,,,Admin,, yahoo,mail,yes,Multi,1234567890,bloggs,yes,, yahoo,messenger,messenger,Multi,handsome_123_handsome,plsdontguess,password,, yahoo,messenger,messenger,Multi,intelligent_guy_priyank,passwordguy,password,, yakumo,Routers,,HTTP,admin,admin,Admin,, yuxin,YWH10 IP Phone,,http,User,1234,Admin,, yuxin,YWH10 IP Phone,,http,User,19750407,Admin,, yuxin,YWH100 IP Phone,,http,User,1234,Admin,, yuxin,YWH100 IP Phone,,http,User,19750407,Admin,, yuxin,YWH200 IP Phone,,http,User,1234,Admin,, yuxin,YWH200 IP Phone,,http,User,19750407,Admin,, yuxin,YWH300 IP Phone,,http,User,1234,Admin,, yuxin,YWH300 IP Phone,,http,User,19750407,Admin,, zcom,Wireless,,SNMP,root,admin,Admin,, zcom,XG1021 N,,,admin,password,,, zebra,10/100 Print Server,,Multi,admin,1234,Admin,, zenith,PC BIOS,,,,3098z,,, zenith,PC BIOS,,,,Zenith,,, zenith,PC BIOS,,Admin,,3098z,,, zenith,PC BIOS,,Admin,,Zenith,,, zenith,PC BIOS,,Console,,3098z,Admin,, zenith,PC BIOS,,Console,,Zenith,Admin,, zeos,PC BIOS,,,,zeosx,,, zeos,PC BIOS,,Admin,,zeosx,,, zeos,PC BIOS,,Console,,zeosx,Admin,, zeus,Zeus Admin Server,,4.1r2,admin,,,, zeus,Zeus Admin Server,4.1r2,http,admin,,,, zoom,ADSL X3,,,admin,zoomadsl,,, zoom,ADSL X3,,HTTP,admin,zoomadsl,,, zoom,IG-4165,,http://192.168.123.254,,admin,Administration,, zoom,ZOOM ADSL Modem,,Console,admin,zoomadsl,Admin,, zyxel,641 ADSL,,,,1234,,, zyxel,642R,,Admin,,1234,,, zyxel,642R,,Telnet,,1234,Admin,, zyxel,660,,,1234,1234,,, zyxel,660R-61C,1.0,http://192.168.1.1/,mikucha,abadaifice,root,abadaifice, zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,abadaifice, zyxel,ADSL routers,All ZyNOS Firmwares,Multi,admin,1234,Admin,this is default for dsl routers provided by the ISP firstmile.no, zyxel,G-1000,,http://192.168.1.2,,1234,Administration,, zyxel,G-2000 Plus,,http://192.168.1.1,,1234,Administration,, zyxel,G-3000H,,http://192.168.1.2,,1234,Administration,, zyxel,G-560,,http://192.168.1.2,,1234,Administration,, zyxel,G-570S,,http://192.168.1.2,,1234,Administration,, zyxel,Generic Routers,,,,1234,,, zyxel,Generic Routers,,Admin,,1234,,, zyxel,Generic Routers,,Telnet,,1234,Admin,, zyxel,Generic,,Admin,Admin,atc456,,, zyxel,ISDN Router Prestige 100IH,,,,1234,,, zyxel,ISDN-Router Prestige 1000,,,,1234,,, zyxel,P-320W,,,user11,@12345,,, zyxel,P-330 W EE,4312,,admin,1234,,, zyxel,P-623,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-645,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-650,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-660HW,,http://192.168.1.1,,1234,Administration,, zyxel,P-660RU,,http://192.168.1.1,,1234,Administration,, zyxel,P-660h-t1 v2,ALL VERSIONS ETC,192.168.1.1,,,,, zyxel,P-794M,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-964APR,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-964CM,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-964CR,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-971M,,http://192.168.1001,webadmin,1234,Administration,, zyxel,P-974,,,admin,1234,,, zyxel,P861H,,Multi,admin,1234,Web + Telnet,, zyxel,P861H,,Web + Telnet,admin,1234,,, zyxel,Prestige ,660R-61C,,,1234,,, zyxel,Prestige 100IH,,,,1234,,, zyxel,Prestige 100IH,,Console,,1234,Admin,, zyxel,Prestige 128 modem-router,,,,1234,,any, zyxel,Prestige 300 series,,,,1234,,zynos 2.*, zyxel,Prestige 643,,,,1234,,, zyxel,Prestige 643,,Console,,1234,Admin,, zyxel,Prestige 645,,HTTP,admin,1234,Admin,, zyxel,Prestige 650,,Multi,1234,1234,Admin,, zyxel,Prestige 652HW-31 ADSL Router,,,admin,1234,,, zyxel,Prestige 652HW-31 ADSL Router,,HTTP,admin,1234,Admin,http://192.168.1.1, zyxel,Prestige 652HW-31,,,admin,1234,,, zyxel,Prestige 660HW,,Multi,admin,admin,Admin,, zyxel,Prestige 900,,HTTP,webadmin,1234,Admin,192.168.1.1:8080, zyxel,Prestige P660HW,,Multi,admin,1234,Admin,, zyxel,Prestige,,,,1234,,, zyxel,Prestige,,,root,1234,,, zyxel,Prestige,,Admin,,1234,,, zyxel,Prestige,,Admin,root,1234,,, zyxel,Prestige,,FTP,root,1234,Admin,, zyxel,Prestige,,HTTP,,1234,Admin,http://192.168.1.1, zyxel,Prestige,,Telnet,,1234,Admin,, zyxel,Switch,,Web/Telnet/CLI,admin,1234,,, zyxel,Switch,ES-2108-G,Multi,admin,1234,Web/Telnet/CLI,, zyxel,Windows Vista,P- 2602HWN-D7A,192.168.1.1.,anatoij,1234,1234,, zyxel,ZyWALL Series Prestige 660R-61C,,Multi,,admin,Admin,, zyxel,ZyWall 2,,HTTP,,,Admin,, zyxel,Zywall,,Admin,admin,1234,,, zyxel,Zywall,,Multi,admin,1234,Admin,, zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, siemens s7-300,,,,,',,, siemens s7-300,,,,,'',,, siemens s7-300,,,,,''',,, siemens s7-300,,,,,'''',,, siemens s7-300,,,,,''''',,, siemens s7-300,,,,,'''''',,, siemens s7-300,,,,,''''''',,, siemens s7-300,,,,,'''''''',,, siemens s7-300,,,,,-,,, siemens s7-300,,,,,--,,, siemens s7-300,,,,,---,,, siemens s7-300,,,,,----,,, siemens s7-300,,,,,-----,,, siemens s7-300,,,,,------,,, siemens s7-300,,,,,-------,,, siemens s7-300,,,,,--------,,, siemens s7-300,,,,,!manage,,, siemens s7-300,,,,,!MANAGE,,, siemens s7-300,,,,,$secure$,,, siemens s7-300,,,,,*,,, siemens s7-300,,,,,**,,, siemens s7-300,,,,,***,,, siemens s7-300,,,,,****,,, siemens s7-300,,,,,*****,,, siemens s7-300,,,,,******,,, siemens s7-300,,,,,*******,,, siemens s7-300,,,,,********,,, siemens s7-300,,,,,,,,, siemens s7-300,,,,,,,,,, siemens s7-300,,,,,,,,,,, siemens s7-300,,,,,,,,,,,, siemens s7-300,,,,,,,,,,,,, siemens s7-300,,,,,,,,,,,,,, siemens s7-300,,,,,,,,,,,,,,, siemens s7-300,,,,,,,,,,,,,,,, siemens s7-300,,,,,.,,, siemens s7-300,,,,,..,,, siemens s7-300,,,,,...,,, siemens s7-300,,,,,....,,, siemens s7-300,,,,,.....,,, siemens s7-300,,,,,......,,, siemens s7-300,,,,,.......,,, siemens s7-300,,,,,........,,, siemens s7-300,,,,,/,,, siemens s7-300,,,,,//,,, siemens s7-300,,,,,///,,, siemens s7-300,,,,,////,,, siemens s7-300,,,,,/////,,, siemens s7-300,,,,,//////,,, siemens s7-300,,,,,///////,,, siemens s7-300,,,,,////////,,, siemens s7-300,,,,,;,,, siemens s7-300,,,,,;;,,, siemens s7-300,,,,,;;;,,, siemens s7-300,,,,,;;;;,,, siemens s7-300,,,,,;;;;;,,, siemens s7-300,,,,,;;;;;;,,, siemens s7-300,,,,,;;;;;;;,,, siemens s7-300,,,,,;;;;;;;;,,, siemens s7-300,,,,,@#$123,,, siemens s7-300,,,,,[,,, siemens s7-300,,,,,[[,,, siemens s7-300,,,,,[[[,,, siemens s7-300,,,,,[[[[,,, siemens s7-300,,,,,[[[[[,,, siemens s7-300,,,,,[[[[[[,,, siemens s7-300,,,,,[[[[[[[,,, siemens s7-300,,,,,[[[[[[[[,,, siemens s7-300,,,,,],,, siemens s7-300,,,,,]],,, siemens s7-300,,,,,]]],,, siemens s7-300,,,,,]]]],,, siemens s7-300,,,,,]]]]],,, siemens s7-300,,,,,]]]]]],,, siemens s7-300,,,,,]]]]]]],,, siemens s7-300,,,,,]]]]]]]],,, siemens s7-300,,,,,_Cisco,,, siemens s7-300,,,,,`,,, siemens s7-300,,,,,``,,, siemens s7-300,,,,,```,,, siemens s7-300,,,,,````,,, siemens s7-300,,,,,`````,,, siemens s7-300,,,,,``````,,, siemens s7-300,,,,,```````,,, siemens s7-300,,,,,````````,,, siemens s7-300,,,,,+,,, siemens s7-300,,,,,++,,, siemens s7-300,,,,,+++,,, siemens s7-300,,,,,++++,,, siemens s7-300,,,,,+++++,,, siemens s7-300,,,,,++++++,,, siemens s7-300,,,,,+++++++,,, siemens s7-300,,,,,++++++++,,, siemens s7-300,,,,,=,,, siemens s7-300,,,,,==,,, siemens s7-300,,,,,===,,, siemens s7-300,,,,,====,,, siemens s7-300,,,,,=====,,, siemens s7-300,,,,,======,,, siemens s7-300,,,,,=======,,, siemens s7-300,,,,,========,,, siemens s7-300,,,,,0,,, siemens s7-300,,,,,00,,, siemens s7-300,,,,,000,,, siemens s7-300,,,,,0000,,, siemens s7-300,,,,,00000,,, siemens s7-300,,,,,000000,,, siemens s7-300,,,,,0000000,,, siemens s7-300,,,,,00000000,,, siemens s7-300,,,,,00000001,,, siemens s7-300,,,,,0000001,,, siemens s7-300,,,,,000001,,, siemens s7-300,,,,,00001,,, siemens s7-300,,,,,0001,,, siemens s7-300,,,,,001,,, siemens s7-300,,,,,050952,,, siemens s7-300,,,,,0P3N,,, siemens s7-300,,,,,1,,, siemens s7-300,,,,,100,,, siemens s7-300,,,,,1000,,, siemens s7-300,,,,,10000,,, siemens s7-300,,,,,100000,,, siemens s7-300,,,,,1000000,,, siemens s7-300,,,,,10000000,,, siemens s7-300,,,,,10041979,,, siemens s7-300,,,,,1064,,, siemens s7-300,,,,,11,,, siemens s7-300,,,,,111,,, siemens s7-300,,,,,1111,,, siemens s7-300,,,,,11111,,, siemens s7-300,,,,,111111,,, siemens s7-300,,,,,1111111,,, siemens s7-300,,,,,11111111,,, siemens s7-300,,,,,11112222,,, siemens s7-300,,,,,112233,,, siemens s7-300,,,,,11223344,,, siemens s7-300,,,,,123,,, siemens s7-300,,,,,123123,,, siemens s7-300,,,,,12314500,,, siemens s7-300,,,,,123321,,, siemens s7-300,,,,,1234,,, siemens s7-300,,,,,12344321,,, siemens s7-300,,,,,12345,,, siemens s7-300,,,,,123456,,, siemens s7-300,,,,,1234567,,, siemens s7-300,,,,,12345678,,, siemens s7-300,,,,,12348765,,, siemens s7-300,,,,,123654,,, siemens s7-300,,,,,123asd,,, siemens s7-300,,,,,123ASD,,, siemens s7-300,,,,,123qwe,,, siemens s7-300,,,,,123QWE,,, siemens s7-300,,,,,1246,,, siemens s7-300,,,,,128bit,,, siemens s7-300,,,,,128BIT,,, siemens s7-300,,,,,1313,,, siemens s7-300,,,,,1502,,, siemens s7-300,,,,,151298,,, siemens s7-300,,,,,166816,,, siemens s7-300,,,,,180497,,, siemens s7-300,,,,,1890agb,,, siemens s7-300,,,,,1890AGB,,, siemens s7-300,,,,,1954,,, siemens s7-300,,,,,1G2W3E,,, siemens s7-300,,,,,1q2w3e,,, siemens s7-300,,,,,2,,, siemens s7-300,,,,,21,,, siemens s7-300,,,,,21241036,,, siemens s7-300,,,,,2128506,,, siemens s7-300,,,,,22,,, siemens s7-300,,,,,222,,, siemens s7-300,,,,,2222,,, siemens s7-300,,,,,22222,,, siemens s7-300,,,,,222222,,, siemens s7-300,,,,,2222222,,, siemens s7-300,,,,,22222222,,, siemens s7-300,,,,,266344,,, siemens s7-300,,,,,281067,,, siemens s7-300,,,,,281068,,, siemens s7-300,,,,,2BW9,,, siemens s7-300,,,,,2WSXcder,,, siemens s7-300,,,,,3,,, siemens s7-300,,,,,31994,,, siemens s7-300,,,,,321,,, siemens s7-300,,,,,33,,, siemens s7-300,,,,,333,,, siemens s7-300,,,,,3333,,, siemens s7-300,,,,,33333,,, siemens s7-300,,,,,333333,,, siemens s7-300,,,,,3333333,,, siemens s7-300,,,,,33333333,,, siemens s7-300,,,,,3477,,, siemens s7-300,,,,,355025,,, siemens s7-300,,,,,3597,,, siemens s7-300,,,,,3ascotel,,, siemens s7-300,,,,,3ASCOTEL,,, siemens s7-300,,,,,3ep5w2u,,, siemens s7-300,,,,,3orro,,, siemens s7-300,,,,,3ORRO,,, siemens s7-300,,,,,3ware,,, siemens s7-300,,,,,3WARE,,, siemens s7-300,,,,,4,,, siemens s7-300,,,,,42296795,,, siemens s7-300,,,,,4321,,, siemens s7-300,,,,,44,,, siemens s7-300,,,,,444,,, siemens s7-300,,,,,4444,,, siemens s7-300,,,,,44444,,, siemens s7-300,,,,,444444,,, siemens s7-300,,,,,4444444,,, siemens s7-300,,,,,44444444,,, siemens s7-300,,,,,4ert,,, siemens s7-300,,,,,4ERT,,, siemens s7-300,,,,,4G5K,,, siemens s7-300,,,,,4G7S,,, siemens s7-300,,,,,4getme2,,, siemens s7-300,,,,,4tas,,, siemens s7-300,,,,,4TAS,,, siemens s7-300,,,,,5,,, siemens s7-300,,,,,5001,,, siemens s7-300,,,,,5150,,, siemens s7-300,,,,,5201314,,, siemens s7-300,,,,,54321,,, siemens s7-300,,,,,55,,, siemens s7-300,,,,,55055,,, siemens s7-300,,,,,555,,, siemens s7-300,,,,,5555,,, siemens s7-300,,,,,55555,,, siemens s7-300,,,,,555555,,, siemens s7-300,,,,,5555555,,, siemens s7-300,,,,,55555555,,, siemens s7-300,,,,,56789,,, siemens s7-300,,,,,5693,,, siemens s7-300,,,,,5777364,,, siemens s7-300,,,,,5860,,, siemens s7-300,,,,,589589,,, siemens s7-300,,,,,6,,, siemens s7-300,,,,,60587,,, siemens s7-300,,,,,654321,,, siemens s7-300,,,,,66,,, siemens s7-300,,,,,666,,, siemens s7-300,,,,,6666,,, siemens s7-300,,,,,66666,,, siemens s7-300,,,,,666666,,, siemens s7-300,,,,,6666666,,, siemens s7-300,,,,,66666666,,, siemens s7-300,,,,,66808920,,, siemens s7-300,,,,,6969,,, siemens s7-300,,,,,7,,, siemens s7-300,,,,,7654321,,, siemens s7-300,,,,,77,,, siemens s7-300,,,,,777,,, siemens s7-300,,,,,7777,,, siemens s7-300,,,,,77777,,, siemens s7-300,,,,,777777,,, siemens s7-300,,,,,7777777,,, siemens s7-300,,,,,77777777,,, siemens s7-300,,,,,7SH4,,, siemens s7-300,,,,,8,,, siemens s7-300,,,,,8111,,, siemens s7-300,,,,,8429,,, siemens s7-300,,,,,851141,,, siemens s7-300,,,,,86844,,, siemens s7-300,,,,,8746550,,, siemens s7-300,,,,,87654321,,, siemens s7-300,,,,,88,,, siemens s7-300,,,,,888,,, siemens s7-300,,,,,8888,,, siemens s7-300,,,,,88888,,, siemens s7-300,,,,,888888,,, siemens s7-300,,,,,8888888,,, siemens s7-300,,,,,88888888,,, siemens s7-300,,,,,88981684,,, siemens s7-300,,,,,9,,, siemens s7-300,,,,,901100,,, siemens s7-300,,,,,99,,, siemens s7-300,,,,,999,,, siemens s7-300,,,,,9999,,, siemens s7-300,,,,,99999,,, siemens s7-300,,,,,999999,,, siemens s7-300,,,,,9999999,,, siemens s7-300,,,,,99999999,,, siemens s7-300,,,,,9W5K,,, siemens s7-300,,,,,a,,, siemens s7-300,,,,,A,,, siemens s7-300,,,,,a/d,,, siemens s7-300,,,,,A/D,,, siemens s7-300,,,,,aa,,, siemens s7-300,,,,,AA,,, siemens s7-300,,,,,aaa,,, siemens s7-300,,,,,AAA,,, siemens s7-300,,,,,aaaa,,, siemens s7-300,,,,,AAAA,,, siemens s7-300,,,,,aaaaa,,, siemens s7-300,,,,,AAAAA,,, siemens s7-300,,,,,aaaaaa,,, siemens s7-300,,,,,AAAAAA,,, siemens s7-300,,,,,aaaaaaa,,, siemens s7-300,,,,,AAAAAAA,,, siemens s7-300,,,,,aaaaaaaa,,, siemens s7-300,,,,,AAAAAAAA,,, siemens s7-300,,,,,aabbcc,,, siemens s7-300,,,,,AABBCC,,, siemens s7-300,,,,,aaeon,,, siemens s7-300,,,,,AAEON,,, siemens s7-300,,,,,aavid,,, siemens s7-300,,,,,AAVID,,, siemens s7-300,,,,,ab,,, siemens s7-300,,,,,AB,,, siemens s7-300,,,,,abb,,, siemens s7-300,,,,,ABB,,, siemens s7-300,,,,,abc,,, siemens s7-300,,,,,ABC,,, siemens s7-300,,,,,abc123,,, siemens s7-300,,,,,ABC123,,, siemens s7-300,,,,,abcd,,, siemens s7-300,,,,,ABCD,,, siemens s7-300,,,,,abcde,,, siemens s7-300,,,,,ABCDE,,, siemens s7-300,,,,,ABCDEF,,, siemens s7-300,,,,,abcdefg,,, siemens s7-300,,,,,ABCDEFG,,, siemens s7-300,,,,,abcdefgh,,, siemens s7-300,,,,,ABCDEFGH,,, siemens s7-300,,,,,abelconn,,, siemens s7-300,,,,,ABELCONN,,, siemens s7-300,,,,,abov,,, siemens s7-300,,,,,ABOV,,, siemens s7-300,,,,,abracon,,, siemens s7-300,,,,,ABRACON,,, siemens s7-300,,,,,absopuls,,, siemens s7-300,,,,,ABSOPULS,,, siemens s7-300,,,,,abtech,,, siemens s7-300,,,,,ABTECH,,, siemens s7-300,,,,,abunlock,,, siemens s7-300,,,,,ABUNLOCK,,, siemens s7-300,,,,,acam,,, siemens s7-300,,,,,ACAM,,, siemens s7-300,,,,,acc,,, siemens s7-300,,,,,ACC,,, siemens s7-300,,,,,access,,, siemens s7-300,,,,,ACCESS,,, siemens s7-300,,,,,accord,,, siemens s7-300,,,,,ACCORD,,, siemens s7-300,,,,,acon,,, siemens s7-300,,,,,ACON,,, siemens s7-300,,,,,acopian,,, siemens s7-300,,,,,ACOPIAN,,, siemens s7-300,,,,,acp,,, siemens s7-300,,,,,ACP,,, siemens s7-300,,,,,actel,,, siemens s7-300,,,,,ACTEL,,, siemens s7-300,,,,,activex,,, siemens s7-300,,,,,ACTIVEX,,, siemens s7-300,,,,,adactus,,, siemens s7-300,,,,,ADACTUS,,, siemens s7-300,,,,,adam,,, siemens s7-300,,,,,ADAM,,, siemens s7-300,,,,,adc,,, siemens s7-300,,,,,ADC,,, siemens s7-300,,,,,adcdef,,, siemens s7-300,,,,,adda,,, siemens s7-300,,,,,ADDA,,, siemens s7-300,,,,,adels,,, siemens s7-300,,,,,ADELS,,, siemens s7-300,,,,,adfexc,,, siemens s7-300,,,,,ADFEXC,,, siemens s7-300,,,,,adi,,, siemens s7-300,,,,,ADI,,, siemens s7-300,,,,,admin,,, siemens s7-300,,,,,ADMIN,,, siemens s7-300,,,,,admin123,,, siemens s7-300,,,,,ADMIN123,,, siemens s7-300,,,,,adminttd,,, siemens s7-300,,,,,ADMINTTD,,, siemens s7-300,,,,,adslroot,,, siemens s7-300,,,,,ADSLROOT,,, siemens s7-300,,,,,adtran,,, siemens s7-300,,,,,ADTRAN,,, siemens s7-300,,,,,advanced,,, siemens s7-300,,,,,ADVANCED,,, siemens s7-300,,,,,advantec,,, siemens s7-300,,,,,ADVANTEC,,, siemens s7-300,,,,,aeg mis,,, siemens s7-300,,,,,AEG MIS,,, siemens s7-300,,,,,aeg,,, siemens s7-300,,,,,AEG,,, siemens s7-300,,,,,AEM,,, siemens s7-300,,,,,aem,,, siemens s7-300,,,,,aeroflex,,, siemens s7-300,,,,,Aeroflex,,, siemens s7-300,,,,,AEROFLEX,,, siemens s7-300,,,,,aft,,, siemens s7-300,,,,,AFT,,, siemens s7-300,,,,,aitech,,, siemens s7-300,,,,,AITECH,,, siemens s7-300,,,,,akiwa,,, siemens s7-300,,,,,AKIWA,,, siemens s7-300,,,,,albright,,, siemens s7-300,,,,,ALBRIGHT,,, siemens s7-300,,,,,alcor,,, siemens s7-300,,,,,ALCOR,,, siemens s7-300,,,,,aleph,,, siemens s7-300,,,,,ALEPH,,, siemens s7-300,,,,,ALFA,,, siemens s7-300,,,,,alfaMag,,, siemens s7-300,,,,,ALFAMAG,,, siemens s7-300,,,,,alfa'r,,, siemens s7-300,,,,,ALFA'R,,, siemens s7-300,,,,,alfatron,,, siemens s7-300,,,,,ALFATRON,,, siemens s7-300,,,,,ali,,, siemens s7-300,,,,,ALI,,, siemens s7-300,,,,,all,,, siemens s7-300,,,,,ALL,,, siemens s7-300,,,,,allegro,,, siemens s7-300,,,,,ALLEGRO,,, siemens s7-300,,,,,allen,,, siemens s7-300,,,,,ALLEN,,, siemens s7-300,,,,,alliance,,, siemens s7-300,,,,,ALLIANCE,,, siemens s7-300,,,,,allied,,, siemens s7-300,,,,,ALLIED,,, siemens s7-300,,,,,alpha,,, siemens s7-300,,,,,alpha,,, siemens s7-300,,,,,alpine,,, siemens s7-300,,,,,ALPINE,,, siemens s7-300,,,,,alps,,, siemens s7-300,,,,,ALPS,,, siemens s7-300,,,,,altera,,, siemens s7-300,,,,,ALTERA,,, siemens s7-300,,,,,amber,,, siemens s7-300,,,,,AMBER,,, siemens s7-300,,,,,amd,,, siemens s7-300,,,,,AMD,,, siemens s7-300,,,,,american,,, siemens s7-300,,,,,AMERICAN,,, siemens s7-300,,,,,ametherm,,, siemens s7-300,,,,,AMETHERM,,, siemens s7-300,,,,,ami,,, siemens s7-300,,,,,AMI,,, siemens s7-300,,,,,amic,,, siemens s7-300,,,,,AMIC,,, siemens s7-300,,,,,amis,,, siemens s7-300,,,,,AMIS,,, siemens s7-300,,,,,ammc,,, siemens s7-300,,,,,AMMC,,, siemens s7-300,,,,,amp,,, siemens s7-300,,,,,AMP,,, siemens s7-300,,,,,amperite,,, siemens s7-300,,,,,AMPERITE,,, siemens s7-300,,,,,amphenol,,, siemens s7-300,,,,,AMPHENOL,,, siemens s7-300,,,,,ampire,,, siemens s7-300,,,,,AMPIRE,,, siemens s7-300,,,,,amt,,, siemens s7-300,,,,,AMT,,, siemens s7-300,,,,,anachip,,, siemens s7-300,,,,,ANACHIP,,, siemens s7-300,,,,,anadigic,,, siemens s7-300,,,,,ANADIGIC,,, siemens s7-300,,,,,anadigm,,, siemens s7-300,,,,,ANADIGM,,, siemens s7-300,,,,,analog,,, siemens s7-300,,,,,ANALOG,,, siemens s7-300,,,,,analogic,,, siemens s7-300,,,,,ANALOGIC,,, siemens s7-300,,,,,anaren,,, siemens s7-300,,,,,ANAREN,,, siemens s7-300,,,,,angel,,, siemens s7-300,,,,,ANGEL,,, siemens s7-300,,,,,angle,,, siemens s7-300,,,,,ANGLE,,, siemens s7-300,,,,,anicust,,, siemens s7-300,,,,,ANICUST,,, siemens s7-300,,,,,anla,,, siemens s7-300,,,,,ANLA,,, siemens s7-300,,,,,anleim,,, siemens s7-300,,,,,Anleim,,, siemens s7-300,,,,,ANLEIM,,, siemens s7-300,,,,,anritsu,,, siemens s7-300,,,,,ANRITSU,,, siemens s7-300,,,,,ANS#150,,, siemens s7-300,,,,,anshan,,, siemens s7-300,,,,,ANSHAN,,, siemens s7-300,,,,,ansmann,,, siemens s7-300,,,,,ANSMANN,,, siemens s7-300,,,,,any@,,, siemens s7-300,,,,,anycom,,, siemens s7-300,,,,,ANYCOM,,, siemens s7-300,,,,,anydata,,, siemens s7-300,,,,,ANYDATA,,, siemens s7-300,,,,,anyone,,, siemens s7-300,,,,,ANYONE,,, siemens s7-300,,,,,anyway,,, siemens s7-300,,,,,ANYWAY,,, siemens s7-300,,,,,apbodiur,,, siemens s7-300,,,,,APBODIUR,,, siemens s7-300,,,,,apc,,, siemens s7-300,,,,,APC,,, siemens s7-300,,,,,apem,,, siemens s7-300,,,,,APEM,,, siemens s7-300,,,,,apex,,, siemens s7-300,,,,,APEX,,, siemens s7-300,,,,,api,,, siemens s7-300,,,,,API,,, siemens s7-300,,,,,aplus,,, siemens s7-300,,,,,APLUS,,, siemens s7-300,,,,,apm,,, siemens s7-300,,,,,APM,,, siemens s7-300,,,,,a-power,,, siemens s7-300,,,,,A-POWER,,, siemens s7-300,,,,,app,,, siemens s7-300,,,,,APP,,, siemens s7-300,,,,,applied,,, siemens s7-300,,,,,APPLIED,,, siemens s7-300,,,,,apra,,, siemens s7-300,,,,,APRA,,, siemens s7-300,,,,,arsenal,,, siemens s7-300,,,,,ARSENAL,,, siemens s7-300,,,,,articon,,, siemens s7-300,,,,,ARTICON,,, siemens s7-300,,,,,asante,,, siemens s7-300,,,,,Asante,,, siemens s7-300,,,,,ASANTE,,, siemens s7-300,,,,,ascend,,, siemens s7-300,,,,,Ascend,,, siemens s7-300,,,,,ASCEND,,, siemens s7-300,,,,,asd,,, siemens s7-300,,,,,ASD,,, siemens s7-300,,,,,asdf,,, siemens s7-300,,,,,ASDF,,, siemens s7-300,,,,,asdfg,,, siemens s7-300,,,,,ASDFG,,, siemens s7-300,,,,,asdfgh,,, siemens s7-300,,,,,asdfgh,,, siemens s7-300,,,,,ASDFGH,,, siemens s7-300,,,,,asdfghj,,, siemens s7-300,,,,,ASDFGHJ,,, siemens s7-300,,,,,asdfghjk,,, siemens s7-300,,,,,ASDFGHJK,,, siemens s7-300,,,,,asi,,, siemens s7-300,,,,,ASI,,, siemens s7-300,,,,,asutp,,, siemens s7-300,,,,,ASUTP,,, siemens s7-300,,,,,at4400,,, siemens s7-300,,,,,AT4400,,, siemens s7-300,,,,,atc,,, siemens s7-300,,,,,atc,,, siemens s7-300,,,,,ATC,,, siemens s7-300,,,,,atc123,,, siemens s7-300,,,,,ATC123,,, siemens s7-300,,,,,atlantis,,, siemens s7-300,,,,,ATLANTIS,,, siemens s7-300,,,,,attack,,, siemens s7-300,,,,,ATTACK,,, siemens s7-300,,,,,autohors,,, siemens s7-300,,,,,AUTOHORS,,, siemens s7-300,,,,,azsxdc,,, siemens s7-300,,,,,AZSXDC,,, siemens s7-300,,,,,b,,, siemens s7-300,,,,,B,,, siemens s7-300,,,,,b&r,,, siemens s7-300,,,,,B&R,,, siemens s7-300,,,,,B2H4,,, siemens s7-300,,,,,B9W3,,, siemens s7-300,,,,,back,,, siemens s7-300,,,,,BACK,,, siemens s7-300,,,,,backdoor,,, siemens s7-300,,,,,BACKDOOR,,, siemens s7-300,,,,,badboy,,, siemens s7-300,,,,,BADBOY,,, siemens s7-300,,,,,barricade,,, siemens s7-300,,,,,BARRICADE,,, siemens s7-300,,,,,baseball,,, siemens s7-300,,,,,BASEBALL,,, siemens s7-300,,,,,bb,,, siemens s7-300,,,,,BB,,, siemens s7-300,,,,,bbb,,, siemens s7-300,,,,,BBB,,, siemens s7-300,,,,,bbbb,,, siemens s7-300,,,,,BBBB,,, siemens s7-300,,,,,bbbbb,,, siemens s7-300,,,,,BBBBB,,, siemens s7-300,,,,,bbbbbb,,, siemens s7-300,,,,,BBBBBB,,, siemens s7-300,,,,,bbbbbbb,,, siemens s7-300,,,,,BBBBBBB,,, siemens s7-300,,,,,bbbbbbbb,,, siemens s7-300,,,,,BBBBBBBB,,, siemens s7-300,,,,,bciimpw,,, siemens s7-300,,,,,BCIIMPW,,, siemens s7-300,,,,,bcimpw,,, siemens s7-300,,,,,BCIMPW,,, siemens s7-300,,,,,bcnaspw,,, siemens s7-300,,,,,BCNASPW,,, siemens s7-300,,,,,beatch,,, siemens s7-300,,,,,BEATCH,,, siemens s7-300,,,,,beerbeer,,, siemens s7-300,,,,,BEERBEER,,, siemens s7-300,,,,,betera,,, siemens s7-300,,,,,BETERA,,, siemens s7-300,,,,,bible,,, siemens s7-300,,,,,BIBLE,,, siemens s7-300,,,,,bintec,,, siemens s7-300,,,,,BINTEC,,, siemens s7-300,,,,,birdie,,, siemens s7-300,,,,,BIRDIE,,, siemens s7-300,,,,,black,,, siemens s7-300,,,,,BLACK,,, siemens s7-300,,,,,blaster,,, siemens s7-300,,,,,BLASTER,,, siemens s7-300,,,,,blender,,, siemens s7-300,,,,,BLENDER,,, siemens s7-300,,,,,blink,,, siemens s7-300,,,,,BLINK,,, siemens s7-300,,,,,blink182,,, siemens s7-300,,,,,BLINK182,,, siemens s7-300,,,,,bluepw,,, siemens s7-300,,,,,BLUEPW,,, siemens s7-300,,,,,bowling,,, siemens s7-300,,,,,BOWLING,,, siemens s7-300,,,,,bradley,,, siemens s7-300,,,,,BRADLEY,,, siemens s7-300,,,,,bridge,,, siemens s7-300,,,,,BRIDGE,,, siemens s7-300,,,,,bright,,, siemens s7-300,,,,,BRIGHT,,, siemens s7-300,,,,,c,,, siemens s7-300,,,,,C,,, siemens s7-300,,,,,ca01,,, siemens s7-300,,,,,CA01,,, siemens s7-300,,,,,cacadmin,,, siemens s7-300,,,,,CACADMIN,,, siemens s7-300,,,,,cactus,,, siemens s7-300,,,,,CACTUS,,, siemens s7-300,,,,,calvin,,, siemens s7-300,,,,,CALVIN,,, siemens s7-300,,,,,can,,, siemens s7-300,,,,,CAN,,, siemens s7-300,,,,,canbus,,, siemens s7-300,,,,,CANBUS,,, siemens s7-300,,,,,carolian,,, siemens s7-300,,,,,CAROLIAN,,, siemens s7-300,,,,,cascade,,, siemens s7-300,,,,,CASCADE,,, siemens s7-300,,,,,cc,,, siemens s7-300,,,,,CC,,, siemens s7-300,,,,,ccc,,, siemens s7-300,,,,,CCC,,, siemens s7-300,,,,,cccc,,, siemens s7-300,,,,,CCCC,,, siemens s7-300,,,,,ccccc,,, siemens s7-300,,,,,CCCCC,,, siemens s7-300,,,,,cccccc,,, siemens s7-300,,,,,CCCCCC,,, siemens s7-300,,,,,ccccccc,,, siemens s7-300,,,,,CCCCCCC,,, siemens s7-300,,,,,cccccccc,,, siemens s7-300,,,,,CCCCCCCC,,, siemens s7-300,,,,,ccrusr,,, siemens s7-300,,,,,CCRUSR,,, siemens s7-300,,,,,cellit,,, siemens s7-300,,,,,CELLIT,,, siemens s7-300,,,,,cfc,,, siemens s7-300,,,,,CFC,,, siemens s7-300,,,,,CHABGEME,,, siemens s7-300,,,,,changeme,,, siemens s7-300,,,,,CHANGEME,,, siemens s7-300,,,,,changit,,, siemens s7-300,,,,,CHANGIT,,, siemens s7-300,,,,,charlie,,, siemens s7-300,,,,,CHARLIE,,, siemens s7-300,,,,,cisco,,, siemens s7-300,,,,,Cisco,,, siemens s7-300,,,,,CISCO,,, siemens s7-300,,,,,citel,,, siemens s7-300,,,,,CITEL,,, siemens s7-300,,,,,client,,, siemens s7-300,,,,,CLIENT,,, siemens s7-300,,,,,cmaker,,, siemens s7-300,,,,,CMAKER,,, siemens s7-300,,,,,cms500,,, siemens s7-300,,,,,CMS500,,, siemens s7-300,,,,,cnas,,, siemens s7-300,,,,,CNAS,,, siemens s7-300,,,,,cody,,, siemens s7-300,,,,,CODY,,, siemens s7-300,,,,,cognos,,, siemens s7-300,,,,,COGNOS,,, siemens s7-300,,,,,Col2ogro2,,, siemens s7-300,,,,,computer,,, siemens s7-300,,,,,COMPUTER,,, siemens s7-300,,,,,connect,,, siemens s7-300,,,,,CONNECT,,, siemens s7-300,,,,,conv,,, siemens s7-300,,,,,CONV,,, siemens s7-300,,,,,cool,,, siemens s7-300,,,,,COOL,,, siemens s7-300,,,,,corecess,,, siemens s7-300,,,,,CORECESS,,, siemens s7-300,,,,,cosmos,,, siemens s7-300,,,,,COSMOS,,, siemens s7-300,,,,,craft,,, siemens s7-300,,,,,CRAFT,,, siemens s7-300,,,,,craftpw,,, siemens s7-300,,,,,CRAFTPW,,, siemens s7-300,,,,,crftpw,,, siemens s7-300,,,,,CRFTPW,,, siemens s7-300,,,,,crystal,,, siemens s7-300,,,,,CRYSTAL,,, siemens s7-300,,,,,ct/1,,, siemens s7-300,,,,,customer,,, siemens s7-300,,,,,CUSTOMER,,, siemens s7-300,,,,,custpw,,, siemens s7-300,,,,,CUSTPW,,, siemens s7-300,,,,,d,,, siemens s7-300,,,,,D,,, siemens s7-300,,,,,d.e.b.u.g,,, siemens s7-300,,,,,d00m,,, siemens s7-300,,,,,D00M,,, siemens s7-300,,,,,dadmin01,,, siemens s7-300,,,,,DADMIN01,,, siemens s7-300,,,,,danger,,, siemens s7-300,,,,,DANGER,,, siemens s7-300,,,,,database,,, siemens s7-300,,,,,DATABASE,,, siemens s7-300,,,,,davox,,, siemens s7-300,,,,,dbps,,, siemens s7-300,,,,,DBPS,,, siemens s7-300,,,,,dd,,, siemens s7-300,,,,,DD,,, siemens s7-300,,,,,ddd,,, siemens s7-300,,,,,DDD,,, siemens s7-300,,,,,dddd,,, siemens s7-300,,,,,DDDD,,, siemens s7-300,,,,,ddddd,,, siemens s7-300,,,,,DDDDD,,, siemens s7-300,,,,,dddddd,,, siemens s7-300,,,,,DDDDDD,,, siemens s7-300,,,,,ddddddd,,, siemens s7-300,,,,,DDDDDDD,,, siemens s7-300,,,,,dddddddd,,, siemens s7-300,,,,,DDDDDDDD,,, siemens s7-300,,,,,dean,,, siemens s7-300,,,,,DEAN,,, siemens s7-300,,,,,default,,, siemens s7-300,,,,,DEFAULT,,, siemens s7-300,,,,,delevan,,, siemens s7-300,,,,,demo,,, siemens s7-300,,,,,DEMO,,, siemens s7-300,,,,,denise,,, siemens s7-300,,,,,DENISE,,, siemens s7-300,,,,,derparol,,, siemens s7-300,,,,,DERPAROL,,, siemens s7-300,,,,,DEVEVAN,,, siemens s7-300,,,,,device,,, siemens s7-300,,,,,DEVICE,,, siemens s7-300,,,,,devices,,, siemens s7-300,,,,,DEVICES,,, siemens s7-300,,,,,dhs3mt,,, siemens s7-300,,,,,DHS3MT,,, siemens s7-300,,,,,dhs3pms,,, siemens s7-300,,,,,DHS3PMS,,, siemens s7-300,,,,,diabl0,,, siemens s7-300,,,,,DIABL0,,, siemens s7-300,,,,,diablo,,, siemens s7-300,,,,,DIABLO,,, siemens s7-300,,,,,diamond,,, siemens s7-300,,,,,DIAMOND,,, siemens s7-300,,,,,digital,,, siemens s7-300,,,,,DIGITAL,,, siemens s7-300,,,,,DL20,,, siemens s7-300,,,,,dlink,,, siemens s7-300,,,,,D-Link,,, siemens s7-300,,,,,DLINK,,, siemens s7-300,,,,,dollar,,, siemens s7-300,,,,,DOLLAR,,, siemens s7-300,,,,,doom,,, siemens s7-300,,,,,DOOM,,, siemens s7-300,,,,,draadloos,,, siemens s7-300,,,,,DRAADLOOS,,, siemens s7-300,,,,,drivees,,, siemens s7-300,,,,,DRIVEES,,, siemens s7-300,,,,,e,,, siemens s7-300,,,,,E,,, siemens s7-300,,,,,echo,,, siemens s7-300,,,,,ECHO,,, siemens s7-300,,,,,ee,,, siemens s7-300,,,,,EE,,, siemens s7-300,,,,,eee,,, siemens s7-300,,,,,EEE,,, siemens s7-300,,,,,eeee,,, siemens s7-300,,,,,EEEE,,, siemens s7-300,,,,,eeeee,,, siemens s7-300,,,,,EEEEE,,, siemens s7-300,,,,,eeeeee,,, siemens s7-300,,,,,EEEEEE,,, siemens s7-300,,,,,eeeeeee,,, siemens s7-300,,,,,EEEEEEE,,, siemens s7-300,,,,,eeeeeeee,,, siemens s7-300,,,,,EEEEEEEE,,, siemens s7-300,,,,,EGDFV,,, siemens s7-300,,,,,electrin,,, siemens s7-300,,,,,ELECTRIN,,, siemens s7-300,,,,,elvis,,, siemens s7-300,,,,,ELVIS,,, siemens s7-300,,,,,enable,,, siemens s7-300,,,,,ENABLE,,, siemens s7-300,,,,,energy,,, siemens s7-300,,,,,ENERGY,,, siemens s7-300,,,,,engineer,,, siemens s7-300,,,,,ENGINEER,,, siemens s7-300,,,,,eqdfv,,, siemens s7-300,,,,,err0r,,, siemens s7-300,,,,,ERR0R,,, siemens s7-300,,,,,error,,, siemens s7-300,,,,,evening,,, siemens s7-300,,,,,EVENING,,, siemens s7-300,,,,,Exabyte,,, siemens s7-300,,,,,EXABYTE,,, siemens s7-300,,,,,expert03,,, siemens s7-300,,,,,EXPERT03,,, siemens s7-300,,,,,f,,, siemens s7-300,,,,,F,,, siemens s7-300,,,,,father,,, siemens s7-300,,,,,FATHER,,, siemens s7-300,,,,,fbd,,, siemens s7-300,,,,,FBD,,, siemens s7-300,,,,,ff,,, siemens s7-300,,,,,FF,,, siemens s7-300,,,,,fff,,, siemens s7-300,,,,,FFF,,, siemens s7-300,,,,,ffff,,, siemens s7-300,,,,,FFFF,,, siemens s7-300,,,,,fffff,,, siemens s7-300,,,,,FFFFF,,, siemens s7-300,,,,,ffffff,,, siemens s7-300,,,,,FFFFFF,,, siemens s7-300,,,,,fffffff,,, siemens s7-300,,,,,FFFFFFF,,, siemens s7-300,,,,,ffffffff,,, siemens s7-300,,,,,FFFFFFFF,,, siemens s7-300,,,,,field,,, siemens s7-300,,,,,FIELD,,, siemens s7-300,,,,,fire,,, siemens s7-300,,,,,FIRE,,, siemens s7-300,,,,,Fireport,,, siemens s7-300,,,,,FIREPORT,,, siemens s7-300,,,,,fish,,, siemens s7-300,,,,,FISH,,, siemens s7-300,,,,,fivranne,,, siemens s7-300,,,,,FIVRANNE,,, siemens s7-300,,,,,flash,,, siemens s7-300,,,,,FLASH,,, siemens s7-300,,,,,flex,,, siemens s7-300,,,,,FLEX,,, siemens s7-300,,,,,flexible,,, siemens s7-300,,,,,FLEXIBLE,,, siemens s7-300,,,,,football,,, siemens s7-300,,,,,FOOTBALL,,, siemens s7-300,,,,,friend,,, siemens s7-300,,,,,FRIEND,,, siemens s7-300,,,,,fuck,,, siemens s7-300,,,,,FUCK,,, siemens s7-300,,,,,fuckoff,,, siemens s7-300,,,,,FUCKOFF,,, siemens s7-300,,,,,fuckyou,,, siemens s7-300,,,,,FUCKYOU,,, siemens s7-300,,,,,g,,, siemens s7-300,,,,,G,,, siemens s7-300,,,,,g00gle,,, siemens s7-300,,,,,G00GLE,,, siemens s7-300,,,,,G0F9,,, siemens s7-300,,,,,G0K1,,, siemens s7-300,,,,,G6K6,,, siemens s7-300,,,,,gama,,, siemens s7-300,,,,,GAMA,,, siemens s7-300,,,,,ganteng,,, siemens s7-300,,,,,GAWSED,,, siemens s7-300,,,,,Geardog,,, siemens s7-300,,,,,GEARDOG,,, siemens s7-300,,,,,gen1,,, siemens s7-300,,,,,gen2,,, siemens s7-300,,,,,gfcc,,, siemens s7-300,,,,,GFCC,,, siemens s7-300,,,,,gfccdjhl,,, siemens s7-300,,,,,GFCCDJHL,,, siemens s7-300,,,,,gfhjkm,,, siemens s7-300,,,,,gfhjkm,,, siemens s7-300,,,,,GFHJKM,,, siemens s7-300,,,,,gg,,, siemens s7-300,,,,,GG,,, siemens s7-300,,,,,ggg,,, siemens s7-300,,,,,GGG,,, siemens s7-300,,,,,gggg,,, siemens s7-300,,,,,GGGG,,, siemens s7-300,,,,,ggggg,,, siemens s7-300,,,,,GGGGG,,, siemens s7-300,,,,,gggggg,,, siemens s7-300,,,,,GGGGGG,,, siemens s7-300,,,,,ggggggg,,, siemens s7-300,,,,,GGGGGGG,,, siemens s7-300,,,,,gggggggg,,, siemens s7-300,,,,,GGGGGGGG,,, siemens s7-300,,,,,ghbdtn,,, siemens s7-300,,,,,GHBDTN,,, siemens s7-300,,,,,GHOST,,, siemens s7-300,,,,,ghost,,, siemens s7-300,,,,,goal,,, siemens s7-300,,,,,GOAL,,, siemens s7-300,,,,,golf,,, siemens s7-300,,,,,GOLF,,, siemens s7-300,,,,,google,,, siemens s7-300,,,,,GOOGLE,,, siemens s7-300,,,,,got,,, siemens s7-300,,,,,GOT,,, siemens s7-300,,,,,guest,,, siemens s7-300,,,,,GUEST,,, siemens s7-300,,,,,h,,, siemens s7-300,,,,,H,,, siemens s7-300,,,,,hardware,,, siemens s7-300,,,,,HARDWARE,,, siemens s7-300,,,,,harley,,, siemens s7-300,,,,,helen,,, siemens s7-300,,,,,HELEN,,, siemens s7-300,,,,,hello,,, siemens s7-300,,,,,HELLO,,, siemens s7-300,,,,,help,,, siemens s7-300,,,,,HELP,,, siemens s7-300,,,,,help1954,,, siemens s7-300,,,,,HELP1954,,, siemens s7-300,,,,,Helpdesk,,, siemens s7-300,,,,,HELPDESK,,, siemens s7-300,,,,,hexseal,,, siemens s7-300,,,,,HEXSEAL,,, siemens s7-300,,,,,hh,,, siemens s7-300,,,,,HH,,, siemens s7-300,,,,,hhh,,, siemens s7-300,,,,,HHH,,, siemens s7-300,,,,,hhhh,,, siemens s7-300,,,,,HHHH,,, siemens s7-300,,,,,hhhhh,,, siemens s7-300,,,,,HHHHH,,, siemens s7-300,,,,,hhhhhh,,, siemens s7-300,,,,,HHHHHH,,, siemens s7-300,,,,,hhhhhhh,,, siemens s7-300,,,,,HHHHHHH,,, siemens s7-300,,,,,hhhhhhhh,,, siemens s7-300,,,,,HHHHHHHH,,, siemens s7-300,,,,,highspeed,,, siemens s7-300,,,,,HIGHSPEED,,, siemens s7-300,,,,,hinear,,, siemens s7-300,,,,,HINEAR,,, siemens s7-300,,,,,home,,, siemens s7-300,,,,,HOME,,, siemens s7-300,,,,,homeplug,,, siemens s7-300,,,,,HomePlug,,, siemens s7-300,,,,,HOMEPLUG,,, siemens s7-300,,,,,honda,,, siemens s7-300,,,,,HONDA,,, siemens s7-300,,,,,HP,,, siemens s7-300,,,,,hp.com,,, siemens s7-300,,,,,hpoffice,,, siemens s7-300,,,,,HPOFFICE,,, siemens s7-300,,,,,hponly,,, siemens s7-300,,,,,HPONLY,,, siemens s7-300,,,,,HPP187,,, siemens s7-300,,,,,HPP189,,, siemens s7-300,,,,,HPP196,,, siemens s7-300,,,,,hrloo,,, siemens s7-300,,,,,HRLOO,,, siemens s7-300,,,,,hsadb,,, siemens s7-300,,,,,http,,, siemens s7-300,,,,,HTTP,,, siemens s7-300,,,,,i,,, siemens s7-300,,,,,I,,, siemens s7-300,,,,,iDirect,,, siemens s7-300,,,,,IDIRECT,,, siemens s7-300,,,,,ii,,, siemens s7-300,,,,,II,,, siemens s7-300,,,,,iii,,, siemens s7-300,,,,,III,,, siemens s7-300,,,,,iiii,,, siemens s7-300,,,,,IIII,,, siemens s7-300,,,,,iiiii,,, siemens s7-300,,,,,IIIII,,, siemens s7-300,,,,,iiiiii,,, siemens s7-300,,,,,IIIIII,,, siemens s7-300,,,,,iiiiiii,,, siemens s7-300,,,,,IIIIIII,,, siemens s7-300,,,,,iiiiiiii,,, siemens s7-300,,,,,IIIIIIII,,, siemens s7-300,,,,,ILMI,,, siemens s7-300,,,,,iloveyou,,, siemens s7-300,,,,,ILOVEYOU,,, siemens s7-300,,,,,images,,, siemens s7-300,,,,,IMAGES,,, siemens s7-300,,,,,inads,,, siemens s7-300,,,,,INADS,,, siemens s7-300,,,,,inc,,, siemens s7-300,,,,,INC,,, siemens s7-300,,,,,indspw,,, siemens s7-300,,,,,INDSPW,,, siemens s7-300,,,,,inferno,,, siemens s7-300,,,,,INFERNO,,, siemens s7-300,,,,,initpw,,, siemens s7-300,,,,,INITPW,,, siemens s7-300,,,,,Inmet,,, siemens s7-300,,,,,inmet,,, siemens s7-300,,,,,INMET,,, siemens s7-300,,,,,Intel,,, siemens s7-300,,,,,INTEL,,, siemens s7-300,,,,,internet,,, siemens s7-300,,,,,Internet,,, siemens s7-300,,,,,INTERNET,,, siemens s7-300,,,,,INTX3,,, siemens s7-300,,,,,ironport,,, siemens s7-300,,,,,IRONPORT,,, siemens s7-300,,,,,isee,,, siemens s7-300,,,,,ISEE,,, siemens s7-300,,,,,isp,,, siemens s7-300,,,,,ISP,,, siemens s7-300,,,,,ITF3000,,, siemens s7-300,,,,,j,,, siemens s7-300,,,,,J,,, siemens s7-300,,,,,J6R6,,, siemens s7-300,,,,,J6W8,,, siemens s7-300,,,,,jack,,, siemens s7-300,,,,,JACK,,, siemens s7-300,,,,,janet,,, siemens s7-300,,,,,JANET,,, siemens s7-300,,,,,jannie,,, siemens s7-300,,,,,JANNIE,,, siemens s7-300,,,,,jasmine,,, siemens s7-300,,,,,JASMINE,,, siemens s7-300,,,,,JDE,,, siemens s7-300,,,,,jj,,, siemens s7-300,,,,,JJ,,, siemens s7-300,,,,,jjj,,, siemens s7-300,,,,,JJJ,,, siemens s7-300,,,,,jjjj,,, siemens s7-300,,,,,JJJJ,,, siemens s7-300,,,,,jjjjj,,, siemens s7-300,,,,,JJJJJ,,, siemens s7-300,,,,,jjjjjj,,, siemens s7-300,,,,,JJJJJJ,,, siemens s7-300,,,,,jjjjjjj,,, siemens s7-300,,,,,JJJJJJJ,,, siemens s7-300,,,,,jjjjjjjj,,, siemens s7-300,,,,,JJJJJJJJ,,, siemens s7-300,,,,,JOCKER,,, siemens s7-300,,,,,john,,, siemens s7-300,,,,,JOHN,,, siemens s7-300,,,,,joker,,, siemens s7-300,,,,,jordan,,, siemens s7-300,,,,,JORDAN,,, siemens s7-300,,,,,jordan23,,, siemens s7-300,,,,,JORDAN23,,, siemens s7-300,,,,,JR58,,, siemens s7-300,,,,,JR59,,, siemens s7-300,,,,,k,,, siemens s7-300,,,,,K,,, siemens s7-300,,,,,kermit,,, siemens s7-300,,,,,KERMIT,,, siemens s7-300,,,,,killer,,, siemens s7-300,,,,,KILLER,,, siemens s7-300,,,,,killme,,, siemens s7-300,,,,,kilo1987,,, siemens s7-300,,,,,KILO1987,,, siemens s7-300,,,,,kk,,, siemens s7-300,,,,,KK,,, siemens s7-300,,,,,kkk,,, siemens s7-300,,,,,KKK,,, siemens s7-300,,,,,kkkk,,, siemens s7-300,,,,,KKKK,,, siemens s7-300,,,,,kkkkk,,, siemens s7-300,,,,,KKKKK,,, siemens s7-300,,,,,kkkkkk,,, siemens s7-300,,,,,KKKKKK,,, siemens s7-300,,,,,kkkkkkk,,, siemens s7-300,,,,,KKKKKKK,,, siemens s7-300,,,,,kkkkkkkk,,, siemens s7-300,,,,,KKKKKKKK,,, siemens s7-300,,,,,korn,,, siemens s7-300,,,,,KORN,,, siemens s7-300,,,,,l,,, siemens s7-300,,,,,L,,, siemens s7-300,,,,,lad,,, siemens s7-300,,,,,LAD,,, siemens s7-300,,,,,laflaf,,, siemens s7-300,,,,,LAFLAF,,, siemens s7-300,,,,,letacla,,, siemens s7-300,,,,,LETACLA,,, siemens s7-300,,,,,letmein,,, siemens s7-300,,,,,letmein,,, siemens s7-300,,,,,LETMEIN,,, siemens s7-300,,,,,level1,,, siemens s7-300,,,,,LEVEL1,,, siemens s7-300,,,,,leviton,,, siemens s7-300,,,,,LEVITON,,, siemens s7-300,,,,,LILLME,,, siemens s7-300,,,,,linga,,, siemens s7-300,,,,,LINGA,,, siemens s7-300,,,,,linux,,, siemens s7-300,,,,,LINUX,,, siemens s7-300,,,,,lisa,,, siemens s7-300,,,,,LISA,,, siemens s7-300,,,,,ll,,, siemens s7-300,,,,,LL,,, siemens s7-300,,,,,llatsni,,, siemens s7-300,,,,,LLATSNI,,, siemens s7-300,,,,,lll,,, siemens s7-300,,,,,LLL,,, siemens s7-300,,,,,llll,,, siemens s7-300,,,,,LLLL,,, siemens s7-300,,,,,lllll,,, siemens s7-300,,,,,LLLLL,,, siemens s7-300,,,,,llllll,,, siemens s7-300,,,,,LLLLLL,,, siemens s7-300,,,,,lllllll,,, siemens s7-300,,,,,LLLLLLL,,, siemens s7-300,,,,,llllllll,,, siemens s7-300,,,,,LLLLLLLL,,, siemens s7-300,,,,,locatepw,,, siemens s7-300,,,,,LOCATEPW,,, siemens s7-300,,,,,lock,,, siemens s7-300,,,,,LOCK,,, siemens s7-300,,,,,login,,, siemens s7-300,,,,,LOGIN,,, siemens s7-300,,,,,looker,,, siemens s7-300,,,,,LOOKER,,, siemens s7-300,,,,,lotus,,, siemens s7-300,,,,,LOTUS,,, siemens s7-300,,,,,love,,, siemens s7-300,,,,,LOVE,,, siemens s7-300,,,,,ltd,,, siemens s7-300,,,,,LTD,,, siemens s7-300,,,,,lucky,,, siemens s7-300,,,,,LUCKY,,, siemens s7-300,,,,,m,,, siemens s7-300,,,,,M,,, siemens s7-300,,,,,m1122,,, siemens s7-300,,,,,M1122,,, siemens s7-300,,,,,mail,,, siemens s7-300,,,,,MAIL,,, siemens s7-300,,,,,maint,,, siemens s7-300,,,,,MAINT,,, siemens s7-300,,,,,maintpw,,, siemens s7-300,,,,,MAINTPW,,, siemens s7-300,,,,,manager,,, siemens s7-300,,,,,Manager,,, siemens s7-300,,,,,MANAGER,,, siemens s7-300,,,,,maniac,,, siemens s7-300,,,,,MANIAC,,, siemens s7-300,,,,,master,,, siemens s7-300,,,,,Master,,, siemens s7-300,,,,,MASTER,,, siemens s7-300,,,,,masterkey,,, siemens s7-300,,,,,MASTERKEY,,, siemens s7-300,,,,,Mau'dib,,, siemens s7-300,,,,,mediator,,, siemens s7-300,,,,,MEDIATOR,,, siemens s7-300,,,,,medion,,, siemens s7-300,,,,,MEDION,,, siemens s7-300,,,,,MGR,,, siemens s7-300,,,,,micro,,, siemens s7-300,,,,,MICRO,,, siemens s7-300,,,,,microwav,,, siemens s7-300,,,,,MICROWAV,,, siemens s7-300,,,,,miller,,, siemens s7-300,,,,,MILLLER,,, siemens s7-300,,,,,MiniAP,,, siemens s7-300,,,,,mis,,, siemens s7-300,,,,,MIS,,, siemens s7-300,,,,,MJSSSJJ,,, siemens s7-300,,,,,MJSSSJJ,,, siemens s7-300,,,,,MJSSSJJ_,,, siemens s7-300,,,,,mlusr,,, siemens s7-300,,,,,MLUSR,,, siemens s7-300,,,,,mm,,, siemens s7-300,,,,,MM,,, siemens s7-300,,,,,mmm,,, siemens s7-300,,,,,MMM,,, siemens s7-300,,,,,mmmm,,, siemens s7-300,,,,,MMMM,,, siemens s7-300,,,,,mmmmm,,, siemens s7-300,,,,,MMMMM,,, siemens s7-300,,,,,mmmmmm,,, siemens s7-300,,,,,MMMMMM,,, siemens s7-300,,,,,mmmmmmm,,, siemens s7-300,,,,,MMMMMMM,,, siemens s7-300,,,,,mmmmmmmm,,, siemens s7-300,,,,,MMMMMMMM,,, siemens s7-300,,,,,modul,,, siemens s7-300,,,,,MODUL,,, siemens s7-300,,,,,module,,, siemens s7-300,,,,,MODULE,,, siemens s7-300,,,,,money,,, siemens s7-300,,,,,MONEY,,, siemens s7-300,,,,,monitor,,, siemens s7-300,,,,,MONITOR,,, siemens s7-300,,,,,monkey,,, siemens s7-300,,,,,MONKEY,,, siemens s7-300,,,,,mosmatic,,, siemens s7-300,,,,,MOSMATIC,,, siemens s7-300,,,,,mother,,, siemens s7-300,,,,,MOTHER,,, siemens s7-300,,,,,motorola,,, siemens s7-300,,,,,MOTOROLA,,, siemens s7-300,,,,,mouse,,, siemens s7-300,,,,,MOUSE,,, siemens s7-300,,,,,MPE,,, siemens s7-300,,,,,MServer,,, siemens s7-300,,,,,mtch,,, siemens s7-300,,,,,MTCH,,, siemens s7-300,,,,,Multi,,, siemens s7-300,,,,,mustang,,, siemens s7-300,,,,,MUSTANG,,, siemens s7-300,,,,,mypass,,, siemens s7-300,,,,,MYPASS,,, siemens s7-300,,,,,mypass123,,, siemens s7-300,,,,,MYPASS123,,, siemens s7-300,,,,,mypc,,, siemens s7-300,,,,,MYPC,,, siemens s7-300,,,,,mypc123,,, siemens s7-300,,,,,MYPC123,,, siemens s7-300,,,,,myspace,,, siemens s7-300,,,,,MYSPACE,,, siemens s7-300,,,,,myspace1,,, siemens s7-300,,,,,MYSPACE1,,, siemens s7-300,,,,,n,,, siemens s7-300,,,,,N,,, siemens s7-300,,,,,n/a,,, siemens s7-300,,,,,N/A,,, siemens s7-300,,,,,naadmin,,, siemens s7-300,,,,,NAADMIN,,, siemens s7-300,,,,,naranja,,, siemens s7-300,,,,,NARANJA,,, siemens s7-300,,,,,NAU,,, siemens s7-300,,,,,Net,,, siemens s7-300,,,,,NET,,, siemens s7-300,,,,,netadmin,,, siemens s7-300,,,,,NETADMIN,,, siemens s7-300,,,,,netbase,,, siemens s7-300,,,,,NETBASE,,, siemens s7-300,,,,,NetCache,,, siemens s7-300,,,,,NETCACHE,,, siemens s7-300,,,,,NetICs,,, siemens s7-300,,,,,netman,,, siemens s7-300,,,,,NETMAN,,, siemens s7-300,,,,,netopia,,, siemens s7-300,,,,,NETOPIA,,, siemens s7-300,,,,,netscreen,,, siemens s7-300,,,,,NETSCREEN,,, siemens s7-300,,,,,netutil,,, siemens s7-300,,,,,NETUTIL,,, siemens s7-300,,,,,NetVCR,,, siemens s7-300,,,,,NETVCR,,, siemens s7-300,,,,,network,,, siemens s7-300,,,,,NETWORK,,, siemens s7-300,,,,,newpass,,, siemens s7-300,,,,,NEWPASS,,, siemens s7-300,,,,,niconex,,, siemens s7-300,,,,,NICONEX,,, siemens s7-300,,,,,nimdaten,,, siemens s7-300,,,,,NIMDATEN,,, siemens s7-300,,,,,nmspw,,, siemens s7-300,,,,,NMSPW,,, siemens s7-300,,,,,nn,,, siemens s7-300,,,,,NN,,, siemens s7-300,,,,,nnn,,, siemens s7-300,,,,,NNN,,, siemens s7-300,,,,,nnnn,,, siemens s7-300,,,,,NNNN,,, siemens s7-300,,,,,nnnnn,,, siemens s7-300,,,,,NNNNN,,, siemens s7-300,,,,,nnnnnn,,, siemens s7-300,,,,,NNNNNN,,, siemens s7-300,,,,,nnnnnnn,,, siemens s7-300,,,,,NNNNNNN,,, siemens s7-300,,,,,nnnnnnnn,,, siemens s7-300,,,,,NNNNNNNN,,, siemens s7-300,,,,,nokai,,, siemens s7-300,,,,,NOKAI,,, siemens s7-300,,,,,notused,,, siemens s7-300,,,,,NOTUSED,,, siemens s7-300,,,,,noway,,, siemens s7-300,,,,,NOWAY,,, siemens s7-300,,,,,NSADB,,, siemens s7-300,,,,,ntacdmax,,, siemens s7-300,,,,,NTACDMAX,,, siemens s7-300,,,,,null,,, siemens s7-300,,,,,NULL,,, siemens s7-300,,,,,o,,, siemens s7-300,,,,,O,,, siemens s7-300,,,,,OCS,,, siemens s7-300,,,,,oem,,, siemens s7-300,,,,,OEM,,, siemens s7-300,,,,,OkiLAN,,, siemens s7-300,,,,,OKILAN,,, siemens s7-300,,,,,omron,,, siemens s7-300,,,,,OMRON,,, siemens s7-300,,,,,oo,,, siemens s7-300,,,,,OO,,, siemens s7-300,,,,,ooo,,, siemens s7-300,,,,,OOO,,, siemens s7-300,,,,,oooo,,, siemens s7-300,,,,,OOOO,,, siemens s7-300,,,,,ooooo,,, siemens s7-300,,,,,OOOOO,,, siemens s7-300,,,,,oooooo,,, siemens s7-300,,,,,OOOOOO,,, siemens s7-300,,,,,ooooooo,,, siemens s7-300,,,,,OOOOOOO,,, siemens s7-300,,,,,oooooooo,,, siemens s7-300,,,,,OOOOOOOO,,, siemens s7-300,,,,,op3n,,, siemens s7-300,,,,,operator,,, siemens s7-300,,,,,OPERATOR,,, siemens s7-300,,,,,Opto,,, siemens s7-300,,,,,OPTO,,, siemens s7-300,,,,,owner,,, siemens s7-300,,,,,OWNER,,, siemens s7-300,,,,,p,,, siemens s7-300,,,,,P,,, siemens s7-300,,,,,P@55w0rd!,,, siemens s7-300,,,,,pas,,, siemens s7-300,,,,,PAS,,, siemens s7-300,,,,,pass,,, siemens s7-300,,,,,PASS,,, siemens s7-300,,,,,PASSAGE,,, siemens s7-300,,,,,passage,,, siemens s7-300,,,,,passw,,, siemens s7-300,,,,,PASSW,,, siemens s7-300,,,,,passwd,,, siemens s7-300,,,,,PASSWD,,, siemens s7-300,,,,,passwo,,, siemens s7-300,,,,,PASSWO,,, siemens s7-300,,,,,passwor,,, siemens s7-300,,,,,PASSWOR,,, siemens s7-300,,,,,password,,, siemens s7-300,,,,,PASSWORD,,, siemens s7-300,,,,,pat,,, siemens s7-300,,,,,PAT,,, siemens s7-300,,,,,paterna,,, siemens s7-300,,,,,PATERNA,,, siemens s7-300,,,,,patrick,,, siemens s7-300,,,,,PATRICK,,, siemens s7-300,,,,,patrol,,, siemens s7-300,,,,,PATROL,,, siemens s7-300,,,,,PBX,,, siemens s7-300,,,,,pbxk1064,,, siemens s7-300,,,,,PBXK1064,,, siemens s7-300,,,,,pcs7,,, siemens s7-300,,,,,PCS7,,, siemens s7-300,,,,,pentium,,, siemens s7-300,,,,,PENTIUM,,, siemens s7-300,,,,,pento,,, siemens s7-300,,,,,PENTO,,, siemens s7-300,,,,,pepper,,, siemens s7-300,,,,,PEPPER,,, siemens s7-300,,,,,pepsi,,, siemens s7-300,,,,,PEPSI,,, siemens s7-300,,,,,permit,,, siemens s7-300,,,,,PERMIT,,, siemens s7-300,,,,,personal,,, siemens s7-300,,,,,PERSONAL,,, siemens s7-300,,,,,pfsense,,, siemens s7-300,,,,,PFSENSE,,, siemens s7-300,,,,,photonix,,, siemens s7-300,,,,,PHOTONIX,,, siemens s7-300,,,,,pilou,,, siemens s7-300,,,,,PILOU,,, siemens s7-300,,,,,piranha,,, siemens s7-300,,,,,PIRANHA,,, siemens s7-300,,,,,plc,,, siemens s7-300,,,,,PLC,,, siemens s7-300,,,,,plcsim,,, siemens s7-300,,,,,PLCSIM,,, siemens s7-300,,,,,PlsChgMe,,, siemens s7-300,,,,,poerty,,, siemens s7-300,,,,,POERTY,,, siemens s7-300,,,,,policy,,, siemens s7-300,,,,,POLICY,,, siemens s7-300,,,,,Posterie,,, siemens s7-300,,,,,POSTERIE,,, siemens s7-300,,,,,power,,, siemens s7-300,,,,,POWER,,, siemens s7-300,,,,,pp,,, siemens s7-300,,,,,PP,,, siemens s7-300,,,,,ppp,,, siemens s7-300,,,,,PPP,,, siemens s7-300,,,,,pppp,,, siemens s7-300,,,,,PPPP,,, siemens s7-300,,,,,ppppp,,, siemens s7-300,,,,,PPPPP,,, siemens s7-300,,,,,pppppp,,, siemens s7-300,,,,,PPPPPP,,, siemens s7-300,,,,,ppppppp,,, siemens s7-300,,,,,PPPPPPP,,, siemens s7-300,,,,,pppppppp,,, siemens s7-300,,,,,PPPPPPPP,,, siemens s7-300,,,,,princess,,, siemens s7-300,,,,,PRINCESS,,, siemens s7-300,,,,,private,,, siemens s7-300,,,,,PRIVATE,,, siemens s7-300,,,,,proddta,,, siemens s7-300,,,,,PRODDTA,,, siemens s7-300,,,,,profibus,,, siemens s7-300,,,,,PROFIBUS,,, siemens s7-300,,,,,Protector,,, siemens s7-300,,,,,PROTECTOR,,, siemens s7-300,,,,,protool,,, siemens s7-300,,,,,PROTOOL,,, siemens s7-300,,,,,public,,, siemens s7-300,,,,,PUBLIC,,, siemens s7-300,,,,,pusy,,, siemens s7-300,,,,,PUSY,,, siemens s7-300,,,,,pw123,,, siemens s7-300,,,,,PW123,,, siemens s7-300,,,,,pwd,,, siemens s7-300,,,,,PWD,,, siemens s7-300,,,,,q,,, siemens s7-300,,,,,Q,,, siemens s7-300,,,,,qawsed,,, siemens s7-300,,,,,qq,,, siemens s7-300,,,,,QQ,,, siemens s7-300,,,,,qq520,,, siemens s7-300,,,,,QQ520,,, siemens s7-300,,,,,qqq,,, siemens s7-300,,,,,QQQ,,, siemens s7-300,,,,,qqqq,,, siemens s7-300,,,,,QQQQ,,, siemens s7-300,,,,,qqqqq,,, siemens s7-300,,,,,QQQQQ,,, siemens s7-300,,,,,qqqqqq,,, siemens s7-300,,,,,QQQQQQ,,, siemens s7-300,,,,,qqqqqqq,,, siemens s7-300,,,,,QQQQQQQ,,, siemens s7-300,,,,,qqqqqqqq,,, siemens s7-300,,,,,QQQQQQQQ,,, siemens s7-300,,,,,qwe,,, siemens s7-300,,,,,qwer,,, siemens s7-300,,,,,QWER,,, siemens s7-300,,,,,QWERT,,, siemens s7-300,,,,,qwerty,,, siemens s7-300,,,,,QWERTY,,, siemens s7-300,,,,,qwerty1,,, siemens s7-300,,,,,qwertyu,,, siemens s7-300,,,,,QWERTYU,,, siemens s7-300,,,,,qwertyui,,, siemens s7-300,,,,,QWERTYUI,,, siemens s7-300,,,,,r,,, siemens s7-300,,,,,R,,, siemens s7-300,,,,,r@p8p0r+,,, siemens s7-300,,,,,R1QTPS,,, siemens s7-300,,,,,rade0n,,, siemens s7-300,,,,,RADE0N,,, siemens s7-300,,,,,RADEON,,, siemens s7-300,,,,,radius,,, siemens s7-300,,,,,RADIUS,,, siemens s7-300,,,,,radware,,, siemens s7-300,,,,,RADWARE,,, siemens s7-300,,,,,rdfhnbhf,,, siemens s7-300,,,,,RDFHNBHF,,, siemens s7-300,,,,,recovery,,, siemens s7-300,,,,,RECOVERY,,, siemens s7-300,,,,,rego,,, siemens s7-300,,,,,REGO,,, siemens s7-300,,,,,remote,,, siemens s7-300,,,,,REMOTE,,, siemens s7-300,,,,,rip000,,, siemens s7-300,,,,,RIP000,,, siemens s7-300,,,,,rittal,,, siemens s7-300,,,,,RITTAL,,, siemens s7-300,,,,,robele,,, siemens s7-300,,,,,ROBELLE,,, siemens s7-300,,,,,root,,, siemens s7-300,,,,,ROOT,,, siemens s7-300,,,,,ROOT500,,, siemens s7-300,,,,,router,,, siemens s7-300,,,,,ROUTER,,, siemens s7-300,,,,,rr,,, siemens s7-300,,,,,RR,,, siemens s7-300,,,,,rrr,,, siemens s7-300,,,,,RRR,,, siemens s7-300,,,,,rrrr,,, siemens s7-300,,,,,RRRR,,, siemens s7-300,,,,,rrrrr,,, siemens s7-300,,,,,RRRRR,,, siemens s7-300,,,,,rrrrrr,,, siemens s7-300,,,,,RRRRRR,,, siemens s7-300,,,,,rrrrrrr,,, siemens s7-300,,,,,RRRRRRR,,, siemens s7-300,,,,,rrrrrrrr,,, siemens s7-300,,,,,RRRRRRRR,,, siemens s7-300,,,,,rs4igoy,,, siemens s7-300,,,,,RS4IGOY,,, siemens s7-300,,,,,RSX,,, siemens s7-300,,,,,rtyhn,,, siemens s7-300,,,,,RTYHN,,, siemens s7-300,,,,,run-p,,, siemens s7-300,,,,,RUN-P,,, siemens s7-300,,,,,russia,,, siemens s7-300,,,,,RUSSIA,,, siemens s7-300,,,,,rwmaint,,, siemens s7-300,,,,,RWMAINT,,, siemens s7-300,,,,,s,,, siemens s7-300,,,,,S,,, siemens s7-300,,,,,s7,,, siemens s7-300,,,,,S7,,, siemens s7-300,,,,,s7-300,,, siemens s7-300,,,,,S7-300,,, siemens s7-300,,,,,s7-400,,, siemens s7-300,,,,,S7-400,,, siemens s7-300,,,,,scout,,, siemens s7-300,,,,,SCOUT,,, siemens s7-300,,,,,search,,, siemens s7-300,,,,,SEARCH,,, siemens s7-300,,,,,secret,,, siemens s7-300,,,,,SECRET,,, siemens s7-300,,,,,secure,,, siemens s7-300,,,,,SECURE,,, siemens s7-300,,,,,security,,, siemens s7-300,,,,,SECURITY,,, siemens s7-300,,,,,sekret,,, siemens s7-300,,,,,SEKRET,,, siemens s7-300,,,,,Sensor,,, siemens s7-300,,,,,serco,,, siemens s7-300,,,,,SERCO,,, siemens s7-300,,,,,serial#,,, siemens s7-300,,,,,serovox,,, siemens s7-300,,,,,SEROVOX,,, siemens s7-300,,,,,server,,, siemens s7-300,,,,,SERVER,,, siemens s7-300,,,,,SESAME,,, siemens s7-300,,,,,setherco,,, siemens s7-300,,,,,SETHERCO,,, siemens s7-300,,,,,setup,,, siemens s7-300,,,,,SETUP,,, siemens s7-300,,,,,sex,,, siemens s7-300,,,,,SEX,,, siemens s7-300,,,,,sgena,,, siemens s7-300,,,,,SGENA,,, siemens s7-300,,,,,sgilent,,, siemens s7-300,,,,,SGILENT,,, siemens s7-300,,,,,shadow,,, siemens s7-300,,,,,SHADOW,,, siemens s7-300,,,,,Sharp,,, siemens s7-300,,,,,sicostart,,, siemens s7-300,,,,,SICOSTART,,, siemens s7-300,,,,,siemens,,, siemens s7-300,,,,,SIEMENS,,, siemens s7-300,,,,,simatic,,, siemens s7-300,,,,,SIMATIC,,, siemens s7-300,,,,,simens,,, siemens s7-300,,,,,SIMENS,,, siemens s7-300,,,,,simo,,, siemens s7-300,,,,,SIMO,,, siemens s7-300,,,,,simocode,,, siemens s7-300,,,,,SIMOCODE,,, siemens s7-300,,,,,simoreg,,, siemens s7-300,,,,,SIMOREG,,, siemens s7-300,,,,,simovert,,, siemens s7-300,,,,,SIMOVERT,,, siemens s7-300,,,,,simtec,,, siemens s7-300,,,,,SIMTEC,,, siemens s7-300,,,,,sirborn,,, siemens s7-300,,,,,SIRBORN,,, siemens s7-300,,,,,sitop,,, siemens s7-300,,,,,SITOP,,, siemens s7-300,,,,,SKY_FOX,,, siemens s7-300,,,,,slave,,, siemens s7-300,,,,,SLAVE,,, siemens s7-300,,,,,slipknot,,, siemens s7-300,,,,,SLIPKNOT,,, siemens s7-300,,,,,SMDR,,, siemens s7-300,,,,,smile,,, siemens s7-300,,,,,SMILE,,, siemens s7-300,,,,,smuser,,, siemens s7-300,,,,,SMUSER,,, siemens s7-300,,,,,snoopy,,, siemens s7-300,,,,,SNOOPY,,, siemens s7-300,,,,,soccer,,, siemens s7-300,,,,,SOCCER,,, siemens s7-300,,,,,solution,,, siemens s7-300,,,,,SOLUTION,,, siemens s7-300,,,,,SpIp,,, siemens s7-300,,,,,ss,,, siemens s7-300,,,,,SS,,, siemens s7-300,,,,,SSA,,, siemens s7-300,,,,,sss,,, siemens s7-300,,,,,SSS,,, siemens s7-300,,,,,ssss,,, siemens s7-300,,,,,SSSS,,, siemens s7-300,,,,,sssss,,, siemens s7-300,,,,,SSSSS,,, siemens s7-300,,,,,ssssss,,, siemens s7-300,,,,,SSSSSS,,, siemens s7-300,,,,,sssssss,,, siemens s7-300,,,,,SSSSSSS,,, siemens s7-300,,,,,ssssssss,,, siemens s7-300,,,,,SSSSSSSS,,, siemens s7-300,,,,,stan,,, siemens s7-300,,,,,STAN,,, siemens s7-300,,,,,star,,, siemens s7-300,,,,,STAR,,, siemens s7-300,,,,,starwar,,, siemens s7-300,,,,,STARWAR,,, siemens s7-300,,,,,step5,,, siemens s7-300,,,,,STEP5,,, siemens s7-300,,,,,step7,,, siemens s7-300,,,,,STEP7,,, siemens s7-300,,,,,stimpy,,, siemens s7-300,,,,,STIMPY,,, siemens s7-300,,,,,stl,,, siemens s7-300,,,,,STL,,, siemens s7-300,,,,,stop,,, siemens s7-300,,,,,STOP,,, siemens s7-300,,,,,ststic,,, siemens s7-300,,,,,STSTIC,,, siemens s7-300,,,,,summer,,, siemens s7-300,,,,,SUMMER,,, siemens s7-300,,,,,sunrise,,, siemens s7-300,,,,,SUNRISE,,, siemens s7-300,,,,,Super,,, siemens s7-300,,,,,superid,,, siemens s7-300,,,,,SUPERID,,, siemens s7-300,,,,,superman,,, siemens s7-300,,,,,SUPERMAN,,, siemens s7-300,,,,,support,,, siemens s7-300,,,,,SUPPORT,,, siemens s7-300,,,,,surt,,, siemens s7-300,,,,,SURT,,, siemens s7-300,,,,,switch,,, siemens s7-300,,,,,SWITCH,,, siemens s7-300,,,,,sybase,,, siemens s7-300,,,,,SYBASE,,, siemens s7-300,,,,,Symbol,,, siemens s7-300,,,,,SYMBOL,,, siemens s7-300,,,,,synnet,,, siemens s7-300,,,,,SYNNET,,, siemens s7-300,,,,,sysadm,,, siemens s7-300,,,,,SYSADM,,, siemens s7-300,,,,,SYSDISC,,, siemens s7-300,,,,,sysdisk,,, siemens s7-300,,,,,system,,, siemens s7-300,,,,,SYSTEM,,, siemens s7-300,,,,,t,,, siemens s7-300,,,,,T,,, siemens s7-300,,,,,talent,,, siemens s7-300,,,,,TALENT,,, siemens s7-300,,,,,TALINUZ,,, siemens s7-300,,,,,talisman,,, siemens s7-300,,,,,TALISMAN,,, siemens s7-300,,,,,TANDBERG,,, siemens s7-300,,,,,TCH,,, siemens s7-300,,,,,tech,,, siemens s7-300,,,,,TECH,,, siemens s7-300,,,,,telco,,, siemens s7-300,,,,,TELCO,,, siemens s7-300,,,,,telecom,,, siemens s7-300,,,,,Telecom,,, siemens s7-300,,,,,TELECOM,,, siemens s7-300,,,,,telesup,,, siemens s7-300,,,,,TELESUP,,, siemens s7-300,,,,,tellabs#1,,, siemens s7-300,,,,,telus,,, siemens s7-300,,,,,TELUS,,, siemens s7-300,,,,,temp,,, siemens s7-300,,,,,TEMP,,, siemens s7-300,,,,,temp123,,, siemens s7-300,,,,,TEMP123,,, siemens s7-300,,,,,test,,, siemens s7-300,,,,,TEST,,, siemens s7-300,,,,,test123,,, siemens s7-300,,,,,TEST123,,, siemens s7-300,,,,,thomas,,, siemens s7-300,,,,,Thomas,,, siemens s7-300,,,,,THOMAS,,, siemens s7-300,,,,,tiaranet,,, siemens s7-300,,,,,TIARANET,,, siemens s7-300,,,,,tiger123,,, siemens s7-300,,,,,TIGER123,,, siemens s7-300,,,,,timely,,, siemens s7-300,,,,,TIMELY,,, siemens s7-300,,,,,tini,,, siemens s7-300,,,,,TINI,,, siemens s7-300,,,,,tivonpw,,, siemens s7-300,,,,,TIVONPW,,, siemens s7-300,,,,,tjm,,, siemens s7-300,,,,,TJM,,, siemens s7-300,,,,,tlah,,, siemens s7-300,,,,,TLAH,,, siemens s7-300,,,,,toolset,,, siemens s7-300,,,,,TOOLSET,,, siemens s7-300,,,,,trancell,,, siemens s7-300,,,,,TRANCELL,,, siemens s7-300,,,,,tratata,,, siemens s7-300,,,,,TRATATA,,, siemens s7-300,,,,,tslinux,,, siemens s7-300,,,,,TSLINUX,,, siemens s7-300,,,,,tt,,, siemens s7-300,,,,,TT,,, siemens s7-300,,,,,ttt,,, siemens s7-300,,,,,TTT,,, siemens s7-300,,,,,tttt,,, siemens s7-300,,,,,TTTT,,, siemens s7-300,,,,,ttttt,,, siemens s7-300,,,,,TTTTT,,, siemens s7-300,,,,,tttttt,,, siemens s7-300,,,,,TTTTTT,,, siemens s7-300,,,,,ttttttt,,, siemens s7-300,,,,,TTTTTTT,,, siemens s7-300,,,,,tttttttt,,, siemens s7-300,,,,,TTTTTTTT,,, siemens s7-300,,,,,tuborg,,, siemens s7-300,,,,,TUBORG,,, siemens s7-300,,,,,tuxalize,,, siemens s7-300,,,,,TUXALIZE,,, siemens s7-300,,,,,tx100,,, siemens s7-300,,,,,TX100,,, siemens s7-300,,,,,u,,, siemens s7-300,,,,,U,,, siemens s7-300,,,,,uplink,,, siemens s7-300,,,,,UPLINK,,, siemens s7-300,,,,,user,,, siemens s7-300,,,,,USER,,, siemens s7-300,,,,,uu,,, siemens s7-300,,,,,UU,,, siemens s7-300,,,,,uuu,,, siemens s7-300,,,,,UUU,,, siemens s7-300,,,,,uuuu,,, siemens s7-300,,,,,UUUU,,, siemens s7-300,,,,,uuuuu,,, siemens s7-300,,,,,UUUUU,,, siemens s7-300,,,,,uuuuuu,,, siemens s7-300,,,,,UUUUUU,,, siemens s7-300,,,,,uuuuuuu,,, siemens s7-300,,,,,UUUUUUU,,, siemens s7-300,,,,,uuuuuuuu,,, siemens s7-300,,,,,UUUUUUUU,,, siemens s7-300,,,,,v,,, siemens s7-300,,,,,V,,, siemens s7-300,,,,,vesoft,,, siemens s7-300,,,,,VESOFT,,, siemens s7-300,,,,,visual,,, siemens s7-300,,,,,VISUAL,,, siemens s7-300,,,,,vjqgfhjkm,,, siemens s7-300,,,,,VJQGFHJKM,,, siemens s7-300,,,,,vodka,,, siemens s7-300,,,,,VODKA,,, siemens s7-300,,,,,volition,,, siemens s7-300,,,,,VOLITION,,, siemens s7-300,,,,,vv,,, siemens s7-300,,,,,VV,,, siemens s7-300,,,,,vvv,,, siemens s7-300,,,,,VVV,,, siemens s7-300,,,,,vvvv,,, siemens s7-300,,,,,VVVV,,, siemens s7-300,,,,,vvvvv,,, siemens s7-300,,,,,VVVVV,,, siemens s7-300,,,,,vvvvvv,,, siemens s7-300,,,,,VVVVVV,,, siemens s7-300,,,,,vvvvvvv,,, siemens s7-300,,,,,VVVVVVV,,, siemens s7-300,,,,,vvvvvvvv,,, siemens s7-300,,,,,VVVVVVVV,,, siemens s7-300,,,,,w,,, siemens s7-300,,,,,W,,, siemens s7-300,,,,,W9F3,,, siemens s7-300,,,,,webadmin,,, siemens s7-300,,,,,WEBADMIN,,, siemens s7-300,,,,,win,,, siemens s7-300,,,,,WIN,,, siemens s7-300,,,,,wincc,,, siemens s7-300,,,,,WINCC,,, siemens s7-300,,,,,winterm,,, siemens s7-300,,,,,WINTERM,,, siemens s7-300,,,,,Wireless,,, siemens s7-300,,,,,WIRELESS,,, siemens s7-300,,,,,wizard,,, siemens s7-300,,,,,WIZARD,,, siemens s7-300,,,,,wlsedb,,, siemens s7-300,,,,,WLSEDB,,, siemens s7-300,,,,,wolf,,, siemens s7-300,,,,,WONF,,, siemens s7-300,,,,,ww,,, siemens s7-300,,,,,WW,,, siemens s7-300,,,,,www,,, siemens s7-300,,,,,WWW,,, siemens s7-300,,,,,wwww,,, siemens s7-300,,,,,WWWW,,, siemens s7-300,,,,,wwwww,,, siemens s7-300,,,,,WWWWW,,, siemens s7-300,,,,,wwwwww,,, siemens s7-300,,,,,WWWWWW,,, siemens s7-300,,,,,wwwwwww,,, siemens s7-300,,,,,WWWWWWW,,, siemens s7-300,,,,,wwwwwwww,,, siemens s7-300,,,,,WWWWWWWW,,, siemens s7-300,,,,,wyse,,, siemens s7-300,,,,,WYSE,,, siemens s7-300,,,,,x,,, siemens s7-300,,,,,X,,, siemens s7-300,,,,,x40rocks,,, siemens s7-300,,,,,X40ROCKS,,, siemens s7-300,,,,,x-admin,,, siemens s7-300,,,,,X-ADMIN,,, siemens s7-300,,,,,xbox,,, siemens s7-300,,,,,XBOX,,, siemens s7-300,,,,,xlserver,,, siemens s7-300,,,,,XLSERVER,,, siemens s7-300,,,,,xx,,, siemens s7-300,,,,,XX,,, siemens s7-300,,,,,xxx,,, siemens s7-300,,,,,XXX,,, siemens s7-300,,,,,xxxx,,, siemens s7-300,,,,,XXXX,,, siemens s7-300,,,,,xxxxx,,, siemens s7-300,,,,,XXXXX,,, siemens s7-300,,,,,xxxxxx,,, siemens s7-300,,,,,XXXXXX,,, siemens s7-300,,,,,xxxxxxx,,, siemens s7-300,,,,,XXXXXXX,,, siemens s7-300,,,,,xxxxxxxx,,, siemens s7-300,,,,,XXXXXXXX,,, siemens s7-300,,,,,xxyyzz,,, siemens s7-300,,,,,XXYYZZ,,, siemens s7-300,,,,,y,,, siemens s7-300,,,,,Y,,, siemens s7-300,,,,,yxcv,,, siemens s7-300,,,,,YXCV,,, siemens s7-300,,,,,yy,,, siemens s7-300,,,,,YY,,, siemens s7-300,,,,,yyy,,, siemens s7-300,,,,,YYY,,, siemens s7-300,,,,,yyyy,,, siemens s7-300,,,,,YYYY,,, siemens s7-300,,,,,yyyyy,,, siemens s7-300,,,,,YYYYY,,, siemens s7-300,,,,,yyyyyy,,, siemens s7-300,,,,,YYYYYY,,, siemens s7-300,,,,,yyyyyyy,,, siemens s7-300,,,,,YYYYYYY,,, siemens s7-300,,,,,yyyyyyyy,,, siemens s7-300,,,,,YYYYYYYY,,, siemens s7-300,,,,,z,,, siemens s7-300,,,,,Z,,, siemens s7-300,,,,,z0ne,,, siemens s7-300,,,,,Z0NE,,, siemens s7-300,,,,,zettler,,, siemens s7-300,,,,,ZETTLER,,, siemens s7-300,,,,,zippo,,, siemens s7-300,,,,,ZIPPO,,, siemens s7-300,,,,,zone,,, siemens s7-300,,,,,ZONE,,, siemens s7-300,,,,,zoomadsl,,, siemens s7-300,,,,,ZOOMADSL,,, siemens s7-300,,,,,zorro,,, siemens s7-300,,,,,ZORRO,,, siemens s7-300,,,,,zorromen,,, siemens s7-300,,,,,ZORROMEN,,, siemens s7-300,,,,,zxc,,, siemens s7-300,,,,,ZXC,,, siemens s7-300,,,,,zxcv,,, siemens s7-300,,,,,ZXCV,,, siemens s7-300,,,,,zxcvb,,, siemens s7-300,,,,,ZXCVB,,, siemens s7-300,,,,,zxcvbn,,, siemens s7-300,,,,,ZXCVBN,,, siemens s7-300,,,,,zxcvbnm,,, siemens s7-300,,,,,ZXCVBNM,,, siemens s7-300,,,,,zxcvbnm,,,, siemens s7-300,,,,,ZXCVBNM,,,, siemens s7-300,,,,,zz,,, siemens s7-300,,,,,ZZ,,, siemens s7-300,,,,,zzz,,, siemens s7-300,,,,,ZZZ,,, siemens s7-300,,,,,zzzz,,, siemens s7-300,,,,,ZZZZ,,, siemens s7-300,,,,,zzzzz,,, siemens s7-300,,,,,ZZZZZ,,, siemens s7-300,,,,,zzzzzz,,, siemens s7-300,,,,,ZZZZZZ,,, siemens s7-300,,,,,zzzzzzz,,, siemens s7-300,,,,,ZZZZZZZ,,, siemens s7-300,,,,,zzzzzzzz,,, siemens s7-300,,,,,ZZZZZZZZ,,, hydra-8.1/hmacmd5.c0000644000175000010010000001002612441064454012546 0ustar marcNone /* Unix SMB/CIFS implementation. HMAC MD5 code for use in NTLMv2 Copyright (C) Luke Kenneth Casson Leighton 1996-2000 Copyright (C) Andrew Tridgell 1992-2000 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* taken direct from rfc2104 implementation and modified for suitable use * for ntlmv2. */ #ifdef LIBOPENSSL #include #include "hmacmd5.h" #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) /*********************************************************************** the rfc 2104 version of hmac_md5 initialisation. ***********************************************************************/ void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) { int i; unsigned char tk[16]; /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { MD5_CTX tctx; MD5_Init(&tctx); MD5_Update(&tctx, (void *) key, key_len); MD5_Final(tk, &tctx); key = tk; key_len = 16; } /* start out by storing key in pads */ ZERO_STRUCT(ctx->k_ipad); ZERO_STRUCT(ctx->k_opad); memcpy(ctx->k_ipad, key, key_len); memcpy(ctx->k_opad, key, key_len); /* XOR key with ipad and opad values */ for (i = 0; i < 64; i++) { ctx->k_ipad[i] ^= 0x36; ctx->k_opad[i] ^= 0x5c; } MD5_Init(&ctx->ctx); MD5_Update(&ctx->ctx, ctx->k_ipad, 64); } /*********************************************************************** the microsoft version of hmac_md5 initialisation. ***********************************************************************/ void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) { int i; /* if key is longer than 64 bytes truncate it */ if (key_len > 64) { key_len = 64; } /* start out by storing key in pads */ ZERO_STRUCT(ctx->k_ipad); ZERO_STRUCT(ctx->k_opad); memcpy(ctx->k_ipad, key, key_len); memcpy(ctx->k_opad, key, key_len); /* XOR key with ipad and opad values */ for (i = 0; i < 64; i++) { ctx->k_ipad[i] ^= 0x36; ctx->k_opad[i] ^= 0x5c; } MD5_Init(&ctx->ctx); MD5_Update(&ctx->ctx, ctx->k_ipad, 64); } /*********************************************************************** update hmac_md5 "inner" buffer ***********************************************************************/ void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) { MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */ } /*********************************************************************** finish off hmac_md5 "inner" buffer and generate outer one. ***********************************************************************/ void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) { MD5_CTX ctx_o; MD5_Final(digest, &ctx->ctx); MD5_Init(&ctx_o); MD5_Update(&ctx_o, ctx->k_opad, 64); MD5_Update(&ctx_o, digest, 16); MD5_Final(digest, &ctx_o); } /*********************************************************** single function to calculate an HMAC MD5 digest from data. use the microsoft hmacmd5 init method because the key is 16 bytes. ************************************************************/ void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) { HMACMD5Context ctx; hmac_md5_init_limK_to_64(key, 16, &ctx); if (data_len != 0) { hmac_md5_update(data, data_len, &ctx); } hmac_md5_final(digest, &ctx); } #endif hydra-8.1/hmacmd5.h0000644000175000010010000000272112441064454012556 0ustar marcNone/* Unix SMB/CIFS implementation. Interface header: Scheduler service Copyright (C) Luke Kenneth Casson Leighton 1996-1999 Copyright (C) Andrew Tridgell 1992-1999 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include #ifndef _HMAC_MD5_H typedef struct { MD5_CTX ctx; unsigned char k_ipad[65]; unsigned char k_opad[65]; } HMACMD5Context; #endif /* _HMAC_MD5_H */ void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx); void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,HMACMD5Context *ctx); void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx); void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx); void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest); hydra-8.1/hydra-afp.c0000644000175000010010000001155712441064454013115 0ustar marcNone /* * Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com * * tested with afpfs-ng 0.8.1 * AFPFS-NG: http://alexthepuffin.googlepages.com/home * */ #include "hydra-mod.h" #ifndef LIBAFP void dummy_afp() { printf("\n"); } #else #define FREE(x) \ if (x != NULL) { \ free(x); \ x = NULL; \ } #include #include #include extern char *HYDRA_EXIT; void stdout_fct(void *priv, enum loglevels loglevel, int logtype, const char *message) { //fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); } static struct libafpclient afpclient = { .unmount_volume = NULL, .log_for_client = stdout_fct, .forced_ending_hook = NULL, .scan_extra_fds = NULL, .loop_started = NULL, }; static int server_subconnect(struct afp_url url) { struct afp_connection_request *conn_req; struct afp_server *server = NULL; conn_req = malloc(sizeof(struct afp_connection_request)); // server = malloc(sizeof(struct afp_server)); memset(conn_req, 0, sizeof(struct afp_connection_request)); conn_req->url = url; conn_req->url.requested_version = 31; //fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername); if (strlen(url.uamname) > 0) { if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) { fprintf(stderr, "[ERROR] Unknown UAM: %s", url.uamname); FREE(conn_req); FREE(server); return -1; } } else { conn_req->uam_mask = default_uams_mask(); } //fprintf(stderr, "Initiating connection attempt.\n"); if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) { FREE(conn_req); // FREE(server); return -1; } //fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam)); FREE(conn_req); FREE(server); return 0; } int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN]; struct afp_url tmpurl; /* Build AFP authentication request */ libafpclient_register(&afpclient); afp_main_quick_startup(NULL); init_uams(); afp_default_url(&tmpurl); if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; strncpy(tmpurl.servername, hydra_address2string(ip), AFP_SERVER_NAME_LEN - 1); tmpurl.servername[AFP_SERVER_NAME_LEN] = 0; strncpy(mlogin, login, AFP_MAX_USERNAME_LEN - 1); mlogin[AFP_MAX_USERNAME_LEN - 1] = 0; strncpy(mpass, pass, AFP_MAX_PASSWORD_LEN - 1); mpass[AFP_MAX_PASSWORD_LEN - 1] = 0; memcpy(&tmpurl.username, mlogin, AFP_MAX_USERNAME_LEN); memcpy(&tmpurl.password, mpass, AFP_MAX_PASSWORD_LEN); if (server_subconnect(tmpurl) == 0) { hydra_report_found_host(port, ip, "afp", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } else { hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; } return 1; } void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_AFP; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* * Here we start the password cracking process */ next_run = start_afp(sock, ip, port, options, miscptr, fp); break; case 3: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } #endif int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-asterisk.c0000644000175000010010000000762112441064454014171 0ustar marcNone//This plugin was written by david@ // //This plugin is written for Asterisk Call Manager //which is running by default on TCP/5038 // #include "hydra-mod.h" extern char *HYDRA_EXIT; char *buf; int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[1024]; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; while (hydra_data_ready(s) > 0) { if ((buf = hydra_receive_line(s)) == NULL) return (1); free(buf); } memset(buffer, 0, sizeof(buffer)); sprintf(buffer, "Action: Login\r\nUsername: %.250s\r\nSecret: %.250s\r\n\r\n", login, pass); if (debug) hydra_report(stderr, "[DEBUG] C: %s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (debug) hydra_report(stderr, "[DEBUG] S: %s\n", buf); if (buf == NULL || (strstr(buf, "Response: ") == NULL)) { hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf); free(buf); return 4; } if (strstr(buf, "Response: Success") != NULL) { hydra_report_found_host(port, ip, "asterisk", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); //fprintf(stderr, "%s\n",buf); //banner should look like: //Asterisk Call Manager/1.1 if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } free(buf); next_run = 2; break; case 2: /* run the cracking function */ next_run = start_asterisk(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-cisco-enable.c0000644000175000010010000001547312441064454014674 0ustar marcNone#include "hydra-mod.h" extern char *HYDRA_EXIT; char *buf; int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass, buffer[300]; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; sprintf(buffer, "%.250s\r\n", pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); if (buf != NULL && strstr(buf, "assw") != NULL) { hydra_completed_pair(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; sprintf(buffer, "%.250s\r\n", pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); if (strstr(buf, "assw") != NULL) { hydra_completed_pair(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; sprintf(buffer, "%.250s\r\n", pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); } } if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) { free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } if (buf != NULL) free(buf); hydra_report_found_host(port, ip, "cisco-enable", fp); hydra_completed_pair_found(); return 3; } void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; char buffer[300]; char *login; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } /* Cisco AAA Support */ if (strlen(login = hydra_get_next_login()) != 0) { while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) { if (hydra_strcasestr(buf, "ress ENTER") != NULL) hydra_send(sock, "\r\n", 2, 0); free(buf); } sprintf(buffer, "%.250s\r\n", login); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); hydra_child_exit(2); } } if (miscptr != NULL) { if (buf != NULL) free(buf); while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { if (hydra_strcasestr(buf, "ress ENTER") != NULL) hydra_send(sock, "\r\n", 2, 0); free(buf); } sprintf(buffer, "%.250s\r\n", miscptr); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); hydra_child_exit(2); } } if (buf != NULL) free(buf); buf = hydra_receive_line(sock); if (hydra_strcasestr(buf, "ress ENTER") != NULL) { hydra_send(sock, "\r\n", 2, 0); free(buf); buf = hydra_receive_line(sock); } if (strstr(buf, "assw") != NULL) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid()); hydra_child_exit(2); } free(buf); next_run = 2; break; } case 2: /* run the cracking function */ { unsigned char *buf2; int f = 0; sprintf(buffer, "%.250s\r\n", "ena"); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid()); hydra_child_exit(2); } do { if (f != 0) free(buf2); else f = 1; if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { if (failc < retry) { next_run = 1; failc++; if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); sleep(3); break; } else { fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); hydra_child_exit(0); } } } while (strstr((char *) buf2, "assw") == NULL); free(buf2); if (next_run != 0) break; failc = 0; next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp); break; } case 3: /* clean exit */ sprintf(buffer, "%.250s\r\n", "exit"); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid()); hydra_child_exit(0); } if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); hydra_child_exit(2); } run = next_run; } } int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-cisco.c0000644000175000010010000001371712441064460013444 0ustar marcNone#ifdef PALM #include "palm/hydra-mod.h" #else #include "hydra-mod.h" #endif extern char *HYDRA_EXIT; char *buf = NULL; int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass, buffer[300]; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; #ifdef PALM sprintf(buffer, "%s\r\n", pass); #else sprintf(buffer, "%.250s\r\n", pass); #endif if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } sleep(1); buf = NULL; do { if (buf != NULL) free(buf); if ((buf = hydra_receive_line(s)) == NULL) return 3; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; } while (strlen(buf) <= 1); if (strstr(buf, "assw") != NULL) { hydra_completed_pair(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; #ifdef PALM sprintf(buffer, "%s\r\n", pass); #else sprintf(buffer, "%.250s\r\n", pass); #endif if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = NULL; do { if (buf != NULL) free(buf); if ((buf = hydra_receive_line(s)) == NULL) return 3; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; } while (strlen(buf) <= 1); if (buf != NULL && strstr(buf, "assw") != NULL) { hydra_completed_pair(); free(buf); buf = NULL; if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; #ifdef PALM sprintf(buffer, "%s\r\n", pass); #else sprintf(buffer, "%.250s\r\n", pass); #endif if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = NULL; do { if (buf != NULL) free(buf); buf = hydra_receive_line(s); if (buf != NULL) { if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; } } while (buf != NULL && strlen(buf) <= 1); } } if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) { free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } hydra_report_found_host(port, ip, "cisco", fp); hydra_completed_pair_found(); if (buf != NULL) free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { unsigned char *buf2; int f = 0; if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL) hydra_send(sock, "\r\n", 2, 0); } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } do { if (f != 0) free(buf2); else f = 1; if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { if (failc < retry) { next_run = 1; failc++; if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); sleep(3); break; } else { if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); hydra_child_exit(0); } } if (buf2 != NULL && hydra_strcasestr((char*)buf2, "ress ENTER") != NULL) hydra_send(sock, "\r\n", 2, 0); } while (strstr((char *) buf2, "assw") == NULL); free(buf2); if (next_run != 0) break; failc = 0; next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_cisco(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); #ifdef PALM return; #else hydra_child_exit(2); #endif } run = next_run; } } int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-cvs.c0000644000175000010010000001112012441064454013124 0ustar marcNone#include "hydra-mod.h" extern int hydra_data_ready_timed(int socket, long sec, long usec); extern char *HYDRA_EXIT; char *buf; int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[1024], pass2[513]; int i; char *directory = miscptr; /* evil cvs encryption sheme... 0 111 P 125 p 58 ! 120 1 52 A 57 Q 55 a 121 q 113 " 53 2 75 B 83 R 54 b 117 r 32 3 119 C 43 S 66 c 104 s 90 4 49 D 46 T 124 d 101 t 44 % 109 5 34 E 102 U 126 e 100 u 98 & 72 6 82 F 40 V 59 f 69 v 60 ' 108 7 81 G 89 W 47 g 73 w 51 ( 70 8 95 H 38 X 92 h 99 x 33 ) 64 9 65 I 103 Y 71 i 63 y 97 * 76 : 112 J 45 Z 115 j 94 z 62 + 67 ; 86 K 50 k 93 , 116 < 118 L 42 l 39 - 74 = 110 M 123 m 37 . 68 > 122 N 91 n 61 / 87 ? 105 O 35 _ 56 o 48 */ char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62 }; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; memset(pass2, 0, sizeof(pass2)); strncpy(pass2, pass, 512); for (i = 0; i < strlen(pass); i++) { pass2[i] = key[pass2[i] - 0x20]; } snprintf(buffer, sizeof(buffer), "BEGIN VERIFICATION REQUEST\n%s\n%s\nA%s\nEND VERIFICATION REQUEST\n", directory, login, pass2); i = 57 + strlen(directory) + strlen(login) + strlen(pass2); if (hydra_send(s, buffer, i - 1, 0) < 0) { return 1; } if (hydra_data_ready_timed(s, 5, 0) > 0) { buf = hydra_receive_line(s); if (strstr(buf, "I LOVE YOU\n")) { hydra_report_found_host(port, ip, "cvs", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { return 3; } } else if (strstr(buf, "no such user") || strstr(buf, "E PAM start error: Critical error - immediate abort\n")) { if (verbose) { hydra_report(stderr, "[VERBOSE] User %s does not exist\n", login); } hydra_completed_pair_skip(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { return 3; } } /* "I HATE YOU\n" case */ free(buf); return 3; } return 3; } void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_CVS, mysslport = PORT_CVS_SSL; hydra_register_socket(sp); if ((miscptr == NULL) || (strlen(miscptr) == 0)) { miscptr = "/root"; } while (1) { if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = start_cvs(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-firebird.c0000644000175000010010000001037512441064454014132 0ustar marcNone /* Firebird Support - by David Maciejak @ GMAIL dot com you need to pass full path to the fdb file as argument default account is SYSDBA/masterkey on Firebird 2.0, access to the database file directly is not possible anymore, in verbose mode you will see the msg: "no permission for direct access to security database" */ #include "hydra-mod.h" #ifndef LIBFIREBIRD void dummy_firebird() { printf("\n"); } #else #include #include #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb" extern char *HYDRA_EXIT; int start_firebird(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char database[256]; char connection_string[1024]; isc_db_handle db; /* database handle */ ISC_STATUS_ARRAY status; /* status vector */ char *dpb = NULL; /* DB parameter buffer */ short dpb_length = 0; if (miscptr) strncpy(database, miscptr, sizeof(database)); else strncpy(database, DEFAULT_DB, sizeof(database)); database[sizeof(database) - 1] = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2); if ((dpb = (char *) malloc(dpb_length)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } /* Add user and password to dpb */ *dpb = isc_dpb_version1; dpb_length = 1; isc_modify_dpb(&dpb, &dpb_length, isc_dpb_user_name, login, strlen(login)); isc_modify_dpb(&dpb, &dpb_length, isc_dpb_password, pass, strlen(pass)); /* Create connection string */ snprintf(connection_string, sizeof(connection_string), "%s:%s", hydra_address2string(ip), database); if (isc_attach_database(status, 0, connection_string, &db, dpb_length, dpb)) { /* for debugging perpose */ if (verbose) { hydra_report(stderr, "[VERBOSE] "); isc_print_status(status); } isc_free(dpb); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; } else { isc_detach_database(status, &db); isc_free(dpb); hydra_report_found_host(port, ip, "firebird", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } return 1; } void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* * Here we start the password cracking process */ next_run = start_firebird(sock, ip, port, options, miscptr, fp); break; case 3: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } #endif int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-ftp.c0000644000175000010010000001316412441064454013134 0ustar marcNone#include "hydra-mod.h" extern char *HYDRA_EXIT; char *buf; int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[510]; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; sprintf(buffer, "USER %.250s\r\n", login); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; /* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */ if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') { hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 4; free(buf); return 1; } // for servers supporting anon access without password if (buf[0] == '2') { hydra_report_found_host(port, ip, "ftp", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 4; free(buf); return 1; } if (buf[0] != '3') { if (buf) { if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); free(buf); } return 3; } free(buf); sprintf(buffer, "PASS %.250s\r\n", pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; if (buf[0] == '2') { hydra_report_found_host(port, ip, "ftp", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 4; free(buf); return 1; } free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 4; return 2; } void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { int run = 1, next_run = 1, sock = -1; int myport = PORT_FTP, mysslport = PORT_FTP_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) hydra_child_exit(0); while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } usleep(250); buf = hydra_receive_line(sock); if (buf == NULL || buf[0] != '2') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); hydra_child_exit(2); if (buf != NULL) free(buf); hydra_child_exit(2); } while (buf != NULL && strncmp(buf, "220 ", 4) != 0 && strstr(buf, "\n220 ") == NULL) { free(buf); buf = hydra_receive_line(sock); } free(buf); //this mode is manually chosen, so if it fails we giving up if (tls) { if (hydra_send(sock, "AUTH TLS\r\n", strlen("AUTH TLS\r\n"), 0) < 0) { hydra_child_exit(2); } buf = hydra_receive_line(sock); if (buf == NULL) { if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } if (buf[0] == '2') { if ((hydra_connect_to_ssl(sock) == -1) && verbose) { hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_child_exit(2); } else { if (verbose) hydra_report(stderr, "[VERBOSE] TLS connection done\n"); } } else { hydra_report(stderr, "[ERROR] TLS negotiation failed %s\n", buf); hydra_child_exit(2); } free(buf); } next_run = 2; break; case 2: /* run the cracking function */ next_run = start_ftp(sock, ip, port, options, miscptr, fp); break; case 3: /* error exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { service_ftp_core(ip, sp, options, miscptr, fp, port, 0); } void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { service_ftp_core(ip, sp, options, miscptr, fp, port, 1); } int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-gtk/0000755000175000010010000000000012441064457012762 5ustar marcNonehydra-8.1/hydra-gtk/acconfig.h0000755000175000010010000000021612441064457014706 0ustar marcNone#undef ENABLE_NLS #undef HAVE_CATGETS #undef HAVE_GETTEXT #undef GETTEXT_PACKAGE #undef HAVE_LC_MESSAGES #undef HAVE_STPCPY #undef HAVE_LIBSM hydra-8.1/hydra-gtk/aclocal.m40000755000175000010010000002774712441064457014646 0ustar marcNonednl aclocal.m4 generated automatically by aclocal 1.4-p6 dnl Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl This program is distributed in the hope that it will be useful, dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A dnl PARTICULAR PURPOSE. # Do all the work for Automake. This macro actually does too much -- # some checks are only needed if your package does certain things. # But this isn't really a big deal. # serial 1 dnl Usage: dnl AM_INIT_AUTOMAKE(package,version, [no-define]) AC_DEFUN([AM_INIT_AUTOMAKE], [AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL]) PACKAGE=[$1] AC_SUBST(PACKAGE) VERSION=[$2] AC_SUBST(VERSION) dnl test to see if srcdir already configured if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi ifelse([$3],, AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])) AC_REQUIRE([AM_SANITY_CHECK]) AC_REQUIRE([AC_ARG_PROGRAM]) dnl FIXME This is truly gross. missing_dir=`cd $ac_aux_dir && pwd` AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}, $missing_dir) AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}, $missing_dir) AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) AC_REQUIRE([AC_PROG_MAKE_SET])]) # Copyright 2002 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. AC_DEFUN([AM_AUTOMAKE_VERSION],[am__api_version="1.4"]) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION so it can be traced. # This function is AC_REQUIREd by AC_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.4-p6])]) # # Check to make sure that the build environment is sane. # AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Just in case sleep 1 echo timestamp > conftestfile # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` if test "[$]*" = "X"; then # -L didn't work. set X `ls -t $srcdir/configure conftestfile` fi if test "[$]*" != "X $srcdir/configure conftestfile" \ && test "[$]*" != "X conftestfile $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi test "[$]2" = conftestfile ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi rm -f conftest* AC_MSG_RESULT(yes)]) dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY) dnl The program must properly implement --version. AC_DEFUN([AM_MISSING_PROG], [AC_MSG_CHECKING(for working $2) # Run test in a subshell; some versions of sh will print an error if # an executable is not found, even if stderr is redirected. # Redirect stdin to placate older versions of autoconf. Sigh. if ($2 --version) < /dev/null > /dev/null 2>&1; then $1=$2 AC_MSG_RESULT(found) else $1="$3/missing $2" AC_MSG_RESULT(missing) fi AC_SUBST($1)]) # Like AC_CONFIG_HEADER, but automatically create stamp file. AC_DEFUN([AM_CONFIG_HEADER], [AC_PREREQ([2.12]) AC_CONFIG_HEADER([$1]) dnl When config.status generates a header, we must update the stamp-h file. dnl This file resides in the same directory as the config header dnl that is generated. We must strip everything past the first ":", dnl and everything past the last "/". AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>, <>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>, <>; do case " <<$>>CONFIG_HEADERS " in *" <<$>>am_file "*<<)>> echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx ;; esac am_indx=`expr "<<$>>am_indx" + 1` done<<>>dnl>>) changequote([,]))]) # Add --enable-maintainer-mode option to configure. # From Jim Meyering # serial 1 AC_DEFUN([AM_MAINTAINER_MODE], [AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) dnl maintainer-mode is disabled by default AC_ARG_ENABLE(maintainer-mode, [ --enable-maintainer-mode enable make rules and dependencies not useful (and sometimes confusing) to the casual installer], USE_MAINTAINER_MODE=$enableval, USE_MAINTAINER_MODE=no) AC_MSG_RESULT($USE_MAINTAINER_MODE) AM_CONDITIONAL(MAINTAINER_MODE, test $USE_MAINTAINER_MODE = yes) MAINT=$MAINTAINER_MODE_TRUE AC_SUBST(MAINT)dnl ] ) # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_SUBST($1_TRUE) AC_SUBST($1_FALSE) if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi]) # isc-posix.m4 serial 2 (gettext-0.11.2) dnl Copyright (C) 1995-2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. # This file is not needed with autoconf-2.53 and newer. Remove it in 2005. # This test replaces the one in autoconf. # Currently this macro should have the same name as the autoconf macro # because gettext's gettext.m4 (distributed in the automake package) # still uses it. Otherwise, the use in gettext.m4 makes autoheader # give these diagnostics: # configure.in:556: AC_TRY_COMPILE was called before AC_ISC_POSIX # configure.in:556: AC_TRY_RUN was called before AC_ISC_POSIX undefine([AC_ISC_POSIX]) AC_DEFUN([AC_ISC_POSIX], [ dnl This test replaces the obsolescent AC_ISC_POSIX kludge. AC_CHECK_LIB(cposix, strerror, [LIBS="$LIBS -lcposix"]) ] ) # serial 1 # @defmac AC_PROG_CC_STDC # @maindex PROG_CC_STDC # @ovindex CC # If the C compiler in not in ANSI C mode by default, try to add an option # to output variable @code{CC} to make it so. This macro tries various # options that select ANSI C on some system or another. It considers the # compiler to be in ANSI C mode if it handles function prototypes correctly. # # If you use this macro, you should check after calling it whether the C # compiler has been set to accept ANSI C; if not, the shell variable # @code{am_cv_prog_cc_stdc} is set to @samp{no}. If you wrote your source # code in ANSI C, you can make an un-ANSIfied copy of it by using the # program @code{ansi2knr}, which comes with Ghostscript. # @end defmac AC_DEFUN([AM_PROG_CC_STDC], [AC_REQUIRE([AC_PROG_CC]) AC_BEFORE([$0], [AC_C_INLINE]) AC_BEFORE([$0], [AC_C_CONST]) dnl Force this before AC_PROG_CPP. Some cpp's, eg on HPUX, require dnl a magic option to avoid problems with ANSI preprocessor commands dnl like #elif. dnl FIXME: can't do this because then AC_AIX won't work due to a dnl circular dependency. dnl AC_BEFORE([$0], [AC_PROG_CPP]) AC_MSG_CHECKING(for ${CC-cc} option to accept ANSI C) AC_CACHE_VAL(am_cv_prog_cc_stdc, [am_cv_prog_cc_stdc=no ac_save_CC="$CC" # Don't try gcc -ansi; that turns off useful extensions and # breaks some systems' header files. # AIX -qlanglvl=ansi # Ultrix and OSF/1 -std1 # HP-UX -Aa -D_HPUX_SOURCE # SVR4 -Xc -D__EXTENSIONS__ for ac_arg in "" -qlanglvl=ansi -std1 "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" AC_TRY_COMPILE( [#include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; ], [ return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ], [am_cv_prog_cc_stdc="$ac_arg"; break]) done CC="$ac_save_CC" ]) if test -z "$am_cv_prog_cc_stdc"; then AC_MSG_RESULT([none needed]) else AC_MSG_RESULT($am_cv_prog_cc_stdc) fi case "x$am_cv_prog_cc_stdc" in x|xno) ;; *) CC="$CC $am_cv_prog_cc_stdc" ;; esac ]) dnl PKG_CHECK_MODULES(GSTUFF, gtk+-2.0 >= 1.3 glib = 1.3.4, action-if, action-not) dnl defines GSTUFF_LIBS, GSTUFF_CFLAGS, see pkg-config man page dnl also defines GSTUFF_PKG_ERRORS on error AC_DEFUN(PKG_CHECK_MODULES, [ succeeded=no if test -z "$PKG_CONFIG"; then AC_PATH_PROG(PKG_CONFIG, pkg-config, no) fi if test "$PKG_CONFIG" = "no" ; then echo "*** The pkg-config script could not be found. Make sure it is" echo "*** in your path, or set the PKG_CONFIG environment variable" echo "*** to the full path to pkg-config." echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." else PKG_CONFIG_MIN_VERSION=0.9.0 if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then AC_MSG_CHECKING(for $2) if $PKG_CONFIG --exists "$2" ; then AC_MSG_RESULT(yes) succeeded=yes AC_MSG_CHECKING($1_CFLAGS) $1_CFLAGS=`$PKG_CONFIG --cflags "$2"` AC_MSG_RESULT($$1_CFLAGS) AC_MSG_CHECKING($1_LIBS) $1_LIBS=`$PKG_CONFIG --libs "$2"` AC_MSG_RESULT($$1_LIBS) else $1_CFLAGS="" $1_LIBS="" ## If we have a custom action on failure, don't print errors, but ## do set a variable so people can do so. $1_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` ifelse([$4], ,echo $$1_PKG_ERRORS,) fi AC_SUBST($1_CFLAGS) AC_SUBST($1_LIBS) else echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." echo "*** See http://www.freedesktop.org/software/pkgconfig" fi fi if test $succeeded = yes; then ifelse([$3], , :, [$3]) else ifelse([$4], , AC_MSG_ERROR([Library requirements ($2) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them.]), [$4]) fi ]) hydra-8.1/hydra-gtk/AUTHORS0000755000175000010010000000000012441064457014023 0ustar marcNonehydra-8.1/hydra-gtk/autogen.sh0000755000175000010010000001063012441064457014763 0ustar marcNone#!/bin/sh # Run this to generate all the initial makefiles, etc. srcdir=`dirname $0` test -z "$srcdir" && srcdir=. DIE=0 if [ -n "$GNOME2_DIR" ]; then ACLOCAL_FLAGS="-I $GNOME2_DIR/share/aclocal $ACLOCAL_FLAGS" LD_LIBRARY_PATH="$GNOME2_DIR/lib:$LD_LIBRARY_PATH" PATH="$GNOME2_DIR/bin:$PATH" export PATH export LD_LIBRARY_PATH fi (test -f $srcdir/configure.in) || { echo -n "**Error**: Directory "\`$srcdir\'" does not look like the" echo " top-level package directory" exit 1 } (autoconf --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have \`autoconf' installed." echo "Download the appropriate package for your distribution," echo "or get the source tarball at ftp://ftp.gnu.org/pub/gnu/" DIE=1 } (grep "^AC_PROG_INTLTOOL" $srcdir/configure.in >/dev/null) && { (intltoolize --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have \`intltool' installed." echo "You can get it from:" echo " ftp://ftp.gnome.org/pub/GNOME/" DIE=1 } } (grep "^AM_PROG_XML_I18N_TOOLS" $srcdir/configure.in >/dev/null) && { (xml-i18n-toolize --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have \`xml-i18n-toolize' installed." echo "You can get it from:" echo " ftp://ftp.gnome.org/pub/GNOME/" DIE=1 } } (grep "^AM_PROG_LIBTOOL" $srcdir/configure.in >/dev/null) && { (libtool --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have \`libtool' installed." echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/" DIE=1 } } (grep "^AM_GLIB_GNU_GETTEXT" $srcdir/configure.in >/dev/null) && { (grep "sed.*POTFILES" $srcdir/configure.in) > /dev/null || \ (glib-gettextize --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have \`glib' installed." echo "You can get it from: ftp://ftp.gtk.org/pub/gtk" DIE=1 } } (automake --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have \`automake' installed." echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/" DIE=1 NO_AUTOMAKE=yes } # if no automake, don't bother testing for aclocal test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: Missing \`aclocal'. The version of \`automake'" echo "installed doesn't appear recent enough." echo "You can get automake from ftp://ftp.gnu.org/pub/gnu/" DIE=1 } if test "$DIE" -eq 1; then exit 1 fi if test -z "$*"; then echo "**Warning**: I am going to run \`configure' with no arguments." echo "If you wish to pass any to it, please specify them on the" echo \`$0\'" command line." echo fi case $CC in xlc ) am_opt=--include-deps;; esac for coin in `find $srcdir -path $srcdir/CVS -prune -o -name configure.in -print` do dr=`dirname $coin` if test -f $dr/NO-AUTO-GEN; then echo skipping $dr -- flagged as no auto-gen else echo processing $dr ( cd $dr aclocalinclude="$ACLOCAL_FLAGS" if grep "^AM_GLIB_GNU_GETTEXT" configure.in >/dev/null; then echo "Creating $dr/aclocal.m4 ..." test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 echo "Running glib-gettextize... Ignore non-fatal messages." echo "no" | glib-gettextize --force --copy echo "Making $dr/aclocal.m4 writable ..." test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 fi if grep "^AC_PROG_INTLTOOL" configure.in >/dev/null; then echo "Running intltoolize..." intltoolize --copy --force --automake fi if grep "^AM_PROG_XML_I18N_TOOLS" configure.in >/dev/null; then echo "Running xml-i18n-toolize..." xml-i18n-toolize --copy --force --automake fi if grep "^AM_PROG_LIBTOOL" configure.in >/dev/null; then if test -z "$NO_LIBTOOLIZE" ; then echo "Running libtoolize..." libtoolize --force --copy fi fi echo "Running aclocal $aclocalinclude ..." aclocal $aclocalinclude if grep "^AM_CONFIG_HEADER" configure.in >/dev/null; then echo "Running autoheader..." autoheader fi echo "Running automake --gnu $am_opt ..." automake --add-missing --gnu $am_opt echo "Running autoconf ..." autoconf ) fi done conf_flags="--enable-maintainer-mode" if test x$NOCONFIGURE = x; then echo Running $srcdir/configure $conf_flags "$@" ... $srcdir/configure $conf_flags "$@" \ && echo Now type \`make\' to compile. || exit 1 else echo Skipping configure process. fi hydra-8.1/hydra-gtk/ChangeLog0000755000175000010010000000000012441064457014525 0ustar marcNonehydra-8.1/hydra-gtk/config.h0000755000175000010010000000160312441064457014403 0ustar marcNone/* config.h. Generated by configure. */ /* config.h.in. Generated from configure.in by autoheader. */ /* #undef ENABLE_NLS */ /* #undef HAVE_CATGETS */ /* #undef HAVE_GETTEXT */ /* #undef GETTEXT_PACKAGE */ /* #undef HAVE_LC_MESSAGES */ /* #undef HAVE_STPCPY */ /* #undef HAVE_LIBSM */ /* Name of package */ #define PACKAGE "xhydra" /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "" /* Define to the full name of this package. */ #define PACKAGE_NAME "" /* Define to the full name and version of this package. */ #define PACKAGE_STRING "" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "" /* Define to the version of this package. */ #define PACKAGE_VERSION "" /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 /* Version number of package */ #define VERSION "0.1" hydra-8.1/hydra-gtk/config.h.in0000755000175000010010000000140712441064457015012 0ustar marcNone/* config.h.in. Generated from configure.in by autoheader. */ #undef ENABLE_NLS #undef HAVE_CATGETS #undef HAVE_GETTEXT #undef GETTEXT_PACKAGE #undef HAVE_LC_MESSAGES #undef HAVE_STPCPY #undef HAVE_LIBSM /* Name of package */ #undef PACKAGE /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the version of this package. */ #undef PACKAGE_VERSION /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Version number of package */ #undef VERSION hydra-8.1/hydra-gtk/configure0000755000175000010010000045643512441064457014712 0ustar marcNone#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.59. # # Copyright (C) 2003 Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then set -o posix fi DUALCASE=1; export DUALCASE # for MKS sh # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # Work around bugs in pre-3.0 UWIN ksh. $as_unset ENV MAIL MAILPATH PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. for as_var in \ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ LC_TELEPHONE LC_TIME do if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then eval $as_var=C; export $as_var else $as_unset $as_var fi done # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1; then as_expr=expr else as_expr=false fi if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)$' \| \ . : '\(.\)' 2>/dev/null || echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } /^X\/\(\/\/\)$/{ s//\1/; q; } /^X\/\(\/\).*/{ s//\1/; q; } s/.*/./; q'` # PATH needs CR, and LINENO needs CR and PATH. # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi as_lineno_1=$LINENO as_lineno_2=$LINENO as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` test "x$as_lineno_1" != "x$as_lineno_2" && test "x$as_lineno_3" = "x$as_lineno_2" || { # Find who we are. Look in the path if we contain no path at all # relative or not. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2 { (exit 1); exit 1; }; } fi case $CONFIG_SHELL in '') as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for as_base in sh bash ksh sh5; do case $as_dir in /*) if ("$as_dir/$as_base" -c ' as_lineno_1=$LINENO as_lineno_2=$LINENO as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` test "x$as_lineno_1" != "x$as_lineno_2" && test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } CONFIG_SHELL=$as_dir/$as_base export CONFIG_SHELL exec "$CONFIG_SHELL" "$0" ${1+"$@"} fi;; esac done done ;; esac # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line before each line; the second 'sed' does the real # work. The second script uses 'N' to pair each line-number line # with the numbered line, and appends trailing '-' during # substitution so that $LINENO is not a special case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) sed '=' <$as_myself | sed ' N s,$,-, : loop s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, t loop s,-$,, s,^['$as_cr_digits']*\n,, ' >$as_me.lineno && chmod +x $as_me.lineno || { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensible to this). . ./$as_me.lineno # Exit status is that of the last command. exit } case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in *c*,-n*) ECHO_N= ECHO_C=' ' ECHO_T=' ' ;; *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; *) ECHO_N= ECHO_C='\c' ECHO_T= ;; esac if expr a : '\(a\)' >/dev/null 2>&1; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file echo >conf$$.file if ln -s conf$$.file conf$$ 2>/dev/null; then # We could just check for DJGPP; but this test a) works b) is more generic # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). if test -f conf$$.exe; then # Don't use ln at all; we don't have any links as_ln_s='cp -p' else as_ln_s='ln -s' fi elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.file if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_executable_p="test -f" # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" # IFS # We need space, tab and new line, in precisely that order. as_nl=' ' IFS=" $as_nl" # CDPATH. $as_unset CDPATH # Name of the host. # hostname on some systems (SVR3.2, Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` exec 6>&1 # # Initializations. # ac_default_prefix=/usr/local ac_config_libobj_dir=. cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= SHELL=${CONFIG_SHELL-/bin/sh} # Maximum number of lines to put in a shell here document. # This variable seems obsolete. It should probably be removed, and # only ac_max_sed_lines should be used. : ${ac_max_here_lines=38} # Identity of this package. PACKAGE_NAME= PACKAGE_TARNAME= PACKAGE_VERSION= PACKAGE_STRING= PACKAGE_BUGREPORT= ac_unique_file="configure.in" ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO SET_MAKE MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP PKG_CONFIG PACKAGE_CFLAGS PACKAGE_LIBS LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. ac_init_help= ac_init_version=false # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datadir='${prefix}/share' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' libdir='${exec_prefix}/lib' includedir='${prefix}/include' oldincludedir='/usr/include' infodir='${prefix}/info' mandir='${prefix}/man' ac_prev= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" ac_prev= continue fi ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_option in -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad | --data | --dat | --da) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ | --da=*) datadir=$ac_optarg ;; -disable-* | --disable-*) ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid feature name: $ac_feature" >&2 { (exit 1); exit 1; }; } ac_feature=`echo $ac_feature | sed 's/-/_/g'` eval "enable_$ac_feature=no" ;; -enable-* | --enable-*) ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid feature name: $ac_feature" >&2 { (exit 1); exit 1; }; } ac_feature=`echo $ac_feature | sed 's/-/_/g'` case $ac_option in *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac eval "enable_$ac_feature='$ac_optarg'" ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ | --locals | --local | --loca | --loc | --lo) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid package name: $ac_package" >&2 { (exit 1); exit 1; }; } ac_package=`echo $ac_package| sed 's/-/_/g'` case $ac_option in *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac eval "with_$ac_package='$ac_optarg'" ;; -without-* | --without-*) ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid package name: $ac_package" >&2 { (exit 1); exit 1; }; } ac_package=`echo $ac_package | sed 's/-/_/g'` eval "with_$ac_package=no" ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) { echo "$as_me: error: unrecognized option: $ac_option Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 { (exit 1); exit 1; }; } ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` eval "$ac_envvar='$ac_optarg'" export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` { echo "$as_me: error: missing argument to $ac_option" >&2 { (exit 1); exit 1; }; } fi # Be sure to have absolute paths. for ac_var in exec_prefix prefix do eval ac_val=$`echo $ac_var` case $ac_val in [\\/$]* | ?:[\\/]* | NONE | '' ) ;; *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 { (exit 1); exit 1; }; };; esac done # Be sure to have absolute paths. for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ localstatedir libdir includedir oldincludedir infodir mandir do eval ac_val=$`echo $ac_var` case $ac_val in [\\/$]* | ?:[\\/]* ) ;; *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 { (exit 1); exit 1; }; };; esac done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then its parent. ac_confdir=`(dirname "$0") 2>/dev/null || $as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$0" : 'X\(//\)[^/]' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$0" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` srcdir=$ac_confdir if test ! -r $srcdir/$ac_unique_file; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r $srcdir/$ac_unique_file; then if test "$ac_srcdir_defaulted" = yes; then { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2 { (exit 1); exit 1; }; } else { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 { (exit 1); exit 1; }; } fi fi (cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null || { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2 { (exit 1); exit 1; }; } srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` ac_env_build_alias_set=${build_alias+set} ac_env_build_alias_value=$build_alias ac_cv_env_build_alias_set=${build_alias+set} ac_cv_env_build_alias_value=$build_alias ac_env_host_alias_set=${host_alias+set} ac_env_host_alias_value=$host_alias ac_cv_env_host_alias_set=${host_alias+set} ac_cv_env_host_alias_value=$host_alias ac_env_target_alias_set=${target_alias+set} ac_env_target_alias_value=$target_alias ac_cv_env_target_alias_set=${target_alias+set} ac_cv_env_target_alias_value=$target_alias ac_env_CC_set=${CC+set} ac_env_CC_value=$CC ac_cv_env_CC_set=${CC+set} ac_cv_env_CC_value=$CC ac_env_CFLAGS_set=${CFLAGS+set} ac_env_CFLAGS_value=$CFLAGS ac_cv_env_CFLAGS_set=${CFLAGS+set} ac_cv_env_CFLAGS_value=$CFLAGS ac_env_LDFLAGS_set=${LDFLAGS+set} ac_env_LDFLAGS_value=$LDFLAGS ac_cv_env_LDFLAGS_set=${LDFLAGS+set} ac_cv_env_LDFLAGS_value=$LDFLAGS ac_env_CPPFLAGS_set=${CPPFLAGS+set} ac_env_CPPFLAGS_value=$CPPFLAGS ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} ac_cv_env_CPPFLAGS_value=$CPPFLAGS ac_env_CPP_set=${CPP+set} ac_env_CPP_value=$CPP ac_cv_env_CPP_set=${CPP+set} ac_cv_env_CPP_value=$CPP # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures this package to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] _ACEOF cat <<_ACEOF Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --datadir=DIR read-only architecture-independent data [PREFIX/share] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --infodir=DIR info documentation [PREFIX/info] --mandir=DIR man documentation [PREFIX/man] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names _ACEOF fi if test -n "$ac_init_help"; then cat <<\_ACEOF Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-maintainer-mode enable make rules and dependencies not useful (and sometimes confusing) to the casual installer Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. _ACEOF fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. ac_popdir=`pwd` for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d $ac_dir || continue ac_builddir=. if test "$ac_dir" != .; then ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` # A "../" for each directory in $ac_dir_suffix. ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` else ac_dir_suffix= ac_top_builddir= fi case $srcdir in .) # No --srcdir option. We are building in place. ac_srcdir=. if test -z "$ac_top_builddir"; then ac_top_srcdir=. else ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` fi ;; [\\/]* | ?:[\\/]* ) # Absolute path. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ;; *) # Relative path. ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_builddir$srcdir ;; esac # Do not use `cd foo && pwd` to compute absolute paths, because # the directories may not exist. case `pwd` in .) ac_abs_builddir="$ac_dir";; *) case "$ac_dir" in .) ac_abs_builddir=`pwd`;; [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; *) ac_abs_builddir=`pwd`/"$ac_dir";; esac;; esac case $ac_abs_builddir in .) ac_abs_top_builddir=${ac_top_builddir}.;; *) case ${ac_top_builddir}. in .) ac_abs_top_builddir=$ac_abs_builddir;; [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; esac;; esac case $ac_abs_builddir in .) ac_abs_srcdir=$ac_srcdir;; *) case $ac_srcdir in .) ac_abs_srcdir=$ac_abs_builddir;; [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; esac;; esac case $ac_abs_builddir in .) ac_abs_top_srcdir=$ac_top_srcdir;; *) case $ac_top_srcdir in .) ac_abs_top_srcdir=$ac_abs_builddir;; [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; esac;; esac cd $ac_dir # Check for guested configure; otherwise get Cygnus style configure. if test -f $ac_srcdir/configure.gnu; then echo $SHELL $ac_srcdir/configure.gnu --help=recursive elif test -f $ac_srcdir/configure; then echo $SHELL $ac_srcdir/configure --help=recursive elif test -f $ac_srcdir/configure.ac || test -f $ac_srcdir/configure.in; then echo $ac_configure --help else echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi cd $ac_popdir done fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF Copyright (C) 2003 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit 0 fi exec 5>config.log cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by $as_me, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ _ACEOF { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` hostinfo = `(hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. echo "PATH: $as_dir" done } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_sep= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; 2) ac_configure_args1="$ac_configure_args1 '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" # Get rid of the leading space. ac_sep=" " ;; esac done done $as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } $as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Be sure not to use single quotes in there, as some shells, # such as our DU 5.0 friend, will then `close' the trap. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo cat <<\_ASBOX ## ---------------- ## ## Cache variables. ## ## ---------------- ## _ASBOX echo # The following way of writing the cache mishandles newlines in values, { (set) 2>&1 | case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in *ac_space=\ *) sed -n \ "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" ;; *) sed -n \ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" ;; esac; } echo cat <<\_ASBOX ## ----------------- ## ## Output variables. ## ## ----------------- ## _ASBOX echo for ac_var in $ac_subst_vars do eval ac_val=$`echo $ac_var` echo "$ac_var='"'"'$ac_val'"'"'" done | sort echo if test -n "$ac_subst_files"; then cat <<\_ASBOX ## ------------- ## ## Output files. ## ## ------------- ## _ASBOX echo for ac_var in $ac_subst_files do eval ac_val=$`echo $ac_var` echo "$ac_var='"'"'$ac_val'"'"'" done | sort echo fi if test -s confdefs.h; then cat <<\_ASBOX ## ----------- ## ## confdefs.h. ## ## ----------- ## _ASBOX echo sed "/^$/d" confdefs.h | sort echo fi test "$ac_signal" != 0 && echo "$as_me: caught signal $ac_signal" echo "$as_me: exit $exit_status" } >&5 rm -f core *.core && rm -rf conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -rf conftest* confdefs.h # AIX cpp loses on an empty file, so make sure it contains at least a newline. echo >confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer explicitly selected file to automatically selected ones. if test -z "$CONFIG_SITE"; then if test "x$prefix" != xNONE; then CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" else CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then { echo "$as_me:$LINENO: loading cache $cache_file" >&5 echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . $cache_file;; *) . ./$cache_file;; esac fi else { echo "$as_me:$LINENO: creating cache $cache_file" >&5 echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in `(set) 2>&1 | sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val="\$ac_cv_env_${ac_var}_value" eval ac_new_val="\$ac_env_${ac_var}_value" case $ac_old_set,$ac_new_set in set,) { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 echo "$as_me: former value: $ac_old_val" >&2;} { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 echo "$as_me: current value: $ac_new_val" >&2;} ac_cache_corrupted=: fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 echo "$as_me: error: changes in the environment can compromise the build" >&2;} { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu am__api_version="1.4" ac_aux_dir= for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do if test -f $ac_dir/install-sh; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f $ac_dir/install.sh; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f $ac_dir/shtool; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} { (exit 1); exit 1; }; } fi ac_config_guess="$SHELL $ac_aux_dir/config.guess" ac_config_sub="$SHELL $ac_aux_dir/config.sub" ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6 if test -z "$INSTALL"; then if test "${ac_cv_path_install+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in ./ | .// | /cC/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi done done ;; esac done fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. We don't cache a # path for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the path is relative. INSTALL=$ac_install_sh fi fi echo "$as_me:$LINENO: result: $INSTALL" >&5 echo "${ECHO_T}$INSTALL" >&6 # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' echo "$as_me:$LINENO: checking whether build environment is sane" >&5 echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6 # Just in case sleep 1 echo timestamp > conftestfile # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t $srcdir/configure conftestfile` fi if test "$*" != "X $srcdir/configure conftestfile" \ && test "$*" != "X conftestfile $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken alias in your environment" >&5 echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken alias in your environment" >&2;} { (exit 1); exit 1; }; } fi test "$2" = conftestfile ) then # Ok. : else { { echo "$as_me:$LINENO: error: newly created file is older than distributed files! Check your system clock" >&5 echo "$as_me: error: newly created file is older than distributed files! Check your system clock" >&2;} { (exit 1); exit 1; }; } fi rm -f conftest* echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 test "$program_prefix" != NONE && program_transform_name="s,^,$program_prefix,;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s,\$,$program_suffix,;$program_transform_name" # Double any \ or $. echo might interpret backslashes. # By default was `s,x,x', remove it if useless. cat <<\_ACEOF >conftest.sed s/[\\$]/&&/g;s/;s,x,x,$// _ACEOF program_transform_name=`echo $program_transform_name | sed -f conftest.sed` rm conftest.sed echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6 set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'` if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.make <<\_ACEOF all: @echo 'ac_maketemp="$(MAKE)"' _ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=` if test -n "$ac_maketemp"; then eval ac_cv_prog_make_${ac_make}_set=yes else eval ac_cv_prog_make_${ac_make}_set=no fi rm -f conftest.make fi if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 SET_MAKE= else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 SET_MAKE="MAKE=${MAKE-make}" fi PACKAGE=xhydra VERSION=0.1 if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} { (exit 1); exit 1; }; } fi cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF missing_dir=`cd $ac_aux_dir && pwd` echo "$as_me:$LINENO: checking for working aclocal-${am__api_version}" >&5 echo $ECHO_N "checking for working aclocal-${am__api_version}... $ECHO_C" >&6 # Run test in a subshell; some versions of sh will print an error if # an executable is not found, even if stderr is redirected. # Redirect stdin to placate older versions of autoconf. Sigh. if (aclocal-${am__api_version} --version) < /dev/null > /dev/null 2>&1; then ACLOCAL=aclocal-${am__api_version} echo "$as_me:$LINENO: result: found" >&5 echo "${ECHO_T}found" >&6 else ACLOCAL="$missing_dir/missing aclocal-${am__api_version}" echo "$as_me:$LINENO: result: missing" >&5 echo "${ECHO_T}missing" >&6 fi echo "$as_me:$LINENO: checking for working autoconf" >&5 echo $ECHO_N "checking for working autoconf... $ECHO_C" >&6 # Run test in a subshell; some versions of sh will print an error if # an executable is not found, even if stderr is redirected. # Redirect stdin to placate older versions of autoconf. Sigh. if (autoconf --version) < /dev/null > /dev/null 2>&1; then AUTOCONF=autoconf echo "$as_me:$LINENO: result: found" >&5 echo "${ECHO_T}found" >&6 else AUTOCONF="$missing_dir/missing autoconf" echo "$as_me:$LINENO: result: missing" >&5 echo "${ECHO_T}missing" >&6 fi echo "$as_me:$LINENO: checking for working automake-${am__api_version}" >&5 echo $ECHO_N "checking for working automake-${am__api_version}... $ECHO_C" >&6 # Run test in a subshell; some versions of sh will print an error if # an executable is not found, even if stderr is redirected. # Redirect stdin to placate older versions of autoconf. Sigh. if (automake-${am__api_version} --version) < /dev/null > /dev/null 2>&1; then AUTOMAKE=automake-${am__api_version} echo "$as_me:$LINENO: result: found" >&5 echo "${ECHO_T}found" >&6 else AUTOMAKE="$missing_dir/missing automake-${am__api_version}" echo "$as_me:$LINENO: result: missing" >&5 echo "${ECHO_T}missing" >&6 fi echo "$as_me:$LINENO: checking for working autoheader" >&5 echo $ECHO_N "checking for working autoheader... $ECHO_C" >&6 # Run test in a subshell; some versions of sh will print an error if # an executable is not found, even if stderr is redirected. # Redirect stdin to placate older versions of autoconf. Sigh. if (autoheader --version) < /dev/null > /dev/null 2>&1; then AUTOHEADER=autoheader echo "$as_me:$LINENO: result: found" >&5 echo "${ECHO_T}found" >&6 else AUTOHEADER="$missing_dir/missing autoheader" echo "$as_me:$LINENO: result: missing" >&5 echo "${ECHO_T}missing" >&6 fi echo "$as_me:$LINENO: checking for working makeinfo" >&5 echo $ECHO_N "checking for working makeinfo... $ECHO_C" >&6 # Run test in a subshell; some versions of sh will print an error if # an executable is not found, even if stderr is redirected. # Redirect stdin to placate older versions of autoconf. Sigh. if (makeinfo --version) < /dev/null > /dev/null 2>&1; then MAKEINFO=makeinfo echo "$as_me:$LINENO: result: found" >&5 echo "${ECHO_T}found" >&6 else MAKEINFO="$missing_dir/missing makeinfo" echo "$as_me:$LINENO: result: missing" >&5 echo "${ECHO_T}missing" >&6 fi ac_config_headers="$ac_config_headers config.h" ac_config_commands="$ac_config_commands default-1" echo "$as_me:$LINENO: checking whether to enable maintainer-specific portions of Makefiles" >&5 echo $ECHO_N "checking whether to enable maintainer-specific portions of Makefiles... $ECHO_C" >&6 # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given. if test "${enable_maintainer_mode+set}" = set; then enableval="$enable_maintainer_mode" USE_MAINTAINER_MODE=$enableval else USE_MAINTAINER_MODE=no fi; echo "$as_me:$LINENO: result: $USE_MAINTAINER_MODE" >&5 echo "${ECHO_T}$USE_MAINTAINER_MODE" >&6 if test $USE_MAINTAINER_MODE = yes; then MAINTAINER_MODE_TRUE= MAINTAINER_MODE_FALSE='#' else MAINTAINER_MODE_TRUE='#' MAINTAINER_MODE_FALSE= fi MAINT=$MAINTAINER_MODE_TRUE ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi CC=$ac_ct_CC else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi CC=$ac_ct_CC else CC="$ac_cv_prog_CC" fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$ac_ct_CC" && break done CC=$ac_ct_CC fi fi test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&5 echo "$as_me: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } # Provide some information about the compiler. echo "$as_me:$LINENO:" \ "checking for C compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 (eval $ac_compiler --version &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5 (eval $ac_compiler -v &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5 (eval $ac_compiler -V &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6 ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5 (eval $ac_link_default) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # Find the output, starting from the most likely. This scheme is # not robust to junk in `.', hence go to wildcards (a.*) only as a last # resort. # Be careful to initialize this variable, since it used to be cached. # Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile. ac_cv_exeext= # b.out is created by i960 compilers. for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; conftest.$ac_ext ) # This is the source file. ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` # FIXME: I believe we export ac_cv_exeext for Libtool, # but it would be cool to find out if it's true. Does anybody # maintain Libtool? --akim. export ac_cv_exeext break;; * ) break;; esac done else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { echo "$as_me:$LINENO: error: C compiler cannot create executables See \`config.log' for more details." >&5 echo "$as_me: error: C compiler cannot create executables See \`config.log' for more details." >&2;} { (exit 77); exit 77; }; } fi ac_exeext=$ac_cv_exeext echo "$as_me:$LINENO: result: $ac_file" >&5 echo "${ECHO_T}$ac_file" >&6 # Check the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. echo "$as_me:$LINENO: checking whether the C compiler works" >&5 echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 # FIXME: These cross compiler hacks should be removed for Autoconf 3.0 # If not cross compiling, check that we can run a simple program. if test "$cross_compiling" != yes; then if { ac_try='./$ac_file' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { echo "$as_me:$LINENO: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&5 echo "$as_me: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi fi fi echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 rm -f a.out a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save # Check the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 echo "$as_me:$LINENO: result: $cross_compiling" >&5 echo "${ECHO_T}$cross_compiling" >&6 echo "$as_me:$LINENO: checking for suffix of executables" >&5 echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6 if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` export ac_cv_exeext break;; * ) break;; esac done else { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&5 echo "$as_me: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi rm -f conftest$ac_cv_exeext echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 echo "${ECHO_T}$ac_cv_exeext" >&6 rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT echo "$as_me:$LINENO: checking for suffix of object files" >&5 echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6 if test "${ac_cv_objext+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&5 echo "$as_me: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 echo "${ECHO_T}$ac_cv_objext" >&6 OBJEXT=$ac_cv_objext ac_objext=$OBJEXT echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 if test "${ac_cv_c_compiler_gnu+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_compiler_gnu=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 GCC=`test $ac_compiler_gnu = yes && echo yes` ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS CFLAGS="-g" echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 if test "${ac_cv_prog_cc_g+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_prog_cc_g=no fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 if test "${ac_cv_prog_cc_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_prog_cc_stdc=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std1 is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std1. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF # Don't try gcc -ansi; that turns off useful extensions and # breaks some systems' header files. # AIX -qlanglvl=ansi # Ultrix and OSF/1 -std1 # HP-UX 10.20 and later -Ae # HP-UX older versions -Aa -D_HPUX_SOURCE # SVR4 -Xc -D__EXTENSIONS__ for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_stdc=$ac_arg break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.err conftest.$ac_objext done rm -f conftest.$ac_ext conftest.$ac_objext CC=$ac_save_CC fi case "x$ac_cv_prog_cc_stdc" in x|xno) echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6 ;; *) echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 CC="$CC $ac_cv_prog_cc_stdc" ;; esac # Some people use a C++ compiler to compile C. Since we use `exit', # in C++ we need to declare it. In case someone uses the same compiler # for both compiling C and C++ we need to have the C++ compiler decide # the declaration of exit, since it's the most demanding environment. cat >conftest.$ac_ext <<_ACEOF #ifndef __cplusplus choke me #endif _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then for ac_declaration in \ '' \ 'extern "C" void std::exit (int) throw (); using std::exit;' \ 'extern "C" void std::exit (int); using std::exit;' \ 'extern "C" void exit (int) throw ();' \ 'extern "C" void exit (int);' \ 'void exit (int);' do cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_declaration #include int main () { exit (42); ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 continue fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_declaration int main () { exit (42); ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext done rm -f conftest* if test -n "$ac_declaration"; then echo '#ifdef __cplusplus' >>confdefs.h echo $ac_declaration >>confdefs.h echo '#endif' >>confdefs.h fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu echo "$as_me:$LINENO: checking for strerror in -lcposix" >&5 echo $ECHO_N "checking for strerror in -lcposix... $ECHO_C" >&6 if test "${ac_cv_lib_cposix_strerror+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcposix $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char strerror (); int main () { strerror (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_cposix_strerror=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_cposix_strerror=no fi rm -f conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_lib_cposix_strerror" >&5 echo "${ECHO_T}$ac_cv_lib_cposix_strerror" >&6 if test $ac_cv_lib_cposix_strerror = yes; then LIBS="$LIBS -lcposix" fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi CC=$ac_ct_CC else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi CC=$ac_ct_CC else CC="$ac_cv_prog_CC" fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$ac_ct_CC" && break done CC=$ac_ct_CC fi fi test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&5 echo "$as_me: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } # Provide some information about the compiler. echo "$as_me:$LINENO:" \ "checking for C compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 (eval $ac_compiler --version &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5 (eval $ac_compiler -v &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5 (eval $ac_compiler -V &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 if test "${ac_cv_c_compiler_gnu+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_compiler_gnu=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 GCC=`test $ac_compiler_gnu = yes && echo yes` ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS CFLAGS="-g" echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 if test "${ac_cv_prog_cc_g+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_prog_cc_g=no fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 if test "${ac_cv_prog_cc_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_prog_cc_stdc=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std1 is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std1. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF # Don't try gcc -ansi; that turns off useful extensions and # breaks some systems' header files. # AIX -qlanglvl=ansi # Ultrix and OSF/1 -std1 # HP-UX 10.20 and later -Ae # HP-UX older versions -Aa -D_HPUX_SOURCE # SVR4 -Xc -D__EXTENSIONS__ for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_stdc=$ac_arg break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.err conftest.$ac_objext done rm -f conftest.$ac_ext conftest.$ac_objext CC=$ac_save_CC fi case "x$ac_cv_prog_cc_stdc" in x|xno) echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6 ;; *) echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 CC="$CC $ac_cv_prog_cc_stdc" ;; esac # Some people use a C++ compiler to compile C. Since we use `exit', # in C++ we need to declare it. In case someone uses the same compiler # for both compiling C and C++ we need to have the C++ compiler decide # the declaration of exit, since it's the most demanding environment. cat >conftest.$ac_ext <<_ACEOF #ifndef __cplusplus choke me #endif _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then for ac_declaration in \ '' \ 'extern "C" void std::exit (int) throw (); using std::exit;' \ 'extern "C" void std::exit (int); using std::exit;' \ 'extern "C" void exit (int) throw ();' \ 'extern "C" void exit (int);' \ 'void exit (int);' do cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_declaration #include int main () { exit (42); ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 continue fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_declaration int main () { exit (42); ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext done rm -f conftest* if test -n "$ac_declaration"; then echo '#ifdef __cplusplus' >>confdefs.h echo $ac_declaration >>confdefs.h echo '#endif' >>confdefs.h fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu echo "$as_me:$LINENO: checking for ${CC-cc} option to accept ANSI C" >&5 echo $ECHO_N "checking for ${CC-cc} option to accept ANSI C... $ECHO_C" >&6 if test "${am_cv_prog_cc_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else am_cv_prog_cc_stdc=no ac_save_CC="$CC" # Don't try gcc -ansi; that turns off useful extensions and # breaks some systems' header files. # AIX -qlanglvl=ansi # Ultrix and OSF/1 -std1 # HP-UX -Aa -D_HPUX_SOURCE # SVR4 -Xc -D__EXTENSIONS__ for ac_arg in "" -qlanglvl=ansi -std1 "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then am_cv_prog_cc_stdc="$ac_arg"; break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext done CC="$ac_save_CC" fi if test -z "$am_cv_prog_cc_stdc"; then echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6 else echo "$as_me:$LINENO: result: $am_cv_prog_cc_stdc" >&5 echo "${ECHO_T}$am_cv_prog_cc_stdc" >&6 fi case "x$am_cv_prog_cc_stdc" in x|xno) ;; *) CC="$CC $am_cv_prog_cc_stdc" ;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if test "${ac_cv_prog_CPP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag ac_cpp_err=$ac_cpp_err$ac_c_werror_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether non-existent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag ac_cpp_err=$ac_cpp_err$ac_c_werror_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi echo "$as_me:$LINENO: result: $CPP" >&5 echo "${ECHO_T}$CPP" >&6 ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag ac_cpp_err=$ac_cpp_err$ac_c_werror_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether non-existent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag ac_cpp_err=$ac_cpp_err$ac_c_werror_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&5 echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu echo "$as_me:$LINENO: checking for egrep" >&5 echo $ECHO_N "checking for egrep... $ECHO_C" >&6 if test "${ac_cv_prog_egrep+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if echo a | (grep -E '(a|b)') >/dev/null 2>&1 then ac_cv_prog_egrep='grep -E' else ac_cv_prog_egrep='egrep' fi fi echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5 echo "${ECHO_T}$ac_cv_prog_egrep" >&6 EGREP=$ac_cv_prog_egrep echo "$as_me:$LINENO: checking for ANSI C header files" >&5 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 if test "${ac_cv_header_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_header_stdc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_stdc=no fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } _ACEOF rm -f conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_header_stdc=no fi rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi fi echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 echo "${ECHO_T}$ac_cv_header_stdc" >&6 if test $ac_cv_header_stdc = yes; then cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 _ACEOF fi pkg_modules="gtk+-2.0 >= 2.0.0" succeeded=no if test -z "$PKG_CONFIG"; then # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PKG_CONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no" ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 echo "${ECHO_T}$PKG_CONFIG" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test "$PKG_CONFIG" = "no" ; then echo "*** The pkg-config script could not be found. Make sure it is" echo "*** in your path, or set the PKG_CONFIG environment variable" echo "*** to the full path to pkg-config." echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." else PKG_CONFIG_MIN_VERSION=0.9.0 if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then echo "$as_me:$LINENO: checking for $pkg_modules" >&5 echo $ECHO_N "checking for $pkg_modules... $ECHO_C" >&6 if $PKG_CONFIG --exists "$pkg_modules" ; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 succeeded=yes echo "$as_me:$LINENO: checking PACKAGE_CFLAGS" >&5 echo $ECHO_N "checking PACKAGE_CFLAGS... $ECHO_C" >&6 PACKAGE_CFLAGS=`$PKG_CONFIG --cflags "$pkg_modules"` echo "$as_me:$LINENO: result: $PACKAGE_CFLAGS" >&5 echo "${ECHO_T}$PACKAGE_CFLAGS" >&6 echo "$as_me:$LINENO: checking PACKAGE_LIBS" >&5 echo $ECHO_N "checking PACKAGE_LIBS... $ECHO_C" >&6 PACKAGE_LIBS=`$PKG_CONFIG --libs "$pkg_modules"` echo "$as_me:$LINENO: result: $PACKAGE_LIBS" >&5 echo "${ECHO_T}$PACKAGE_LIBS" >&6 else PACKAGE_CFLAGS="" PACKAGE_LIBS="" ## If we have a custom action on failure, don't print errors, but ## do set a variable so people can do so. PACKAGE_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$pkg_modules"` echo $PACKAGE_PKG_ERRORS fi else echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." echo "*** See http://www.freedesktop.org/software/pkgconfig" fi fi if test $succeeded = yes; then : else { { echo "$as_me:$LINENO: error: Library requirements ($pkg_modules) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them." >&5 echo "$as_me: error: Library requirements ($pkg_modules) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them." >&2;} { (exit 1); exit 1; }; } fi ac_config_files="$ac_config_files Makefile src/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, don't put newlines in cache variables' values. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. { (set) 2>&1 | case `(ac_space=' '; set | grep ac_space) 2>&1` in *ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote # substitution turns \\\\ into \\, and sed turns \\ into \). sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n \ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" ;; esac; } | sed ' t clear : clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ : end' >>confcache if diff $cache_file confcache >/dev/null 2>&1; then :; else if test -w $cache_file; then test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" cat confcache >$cache_file else echo "not updating unwritable cache $cache_file" fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # VPATH may cause trouble with some makes, so we remove $(srcdir), # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=/{ s/:*\$(srcdir):*/:/; s/:*\${srcdir}:*/:/; s/:*@srcdir@:*/:/; s/^\([^=]*=[ ]*\):*/\1/; s/:*$//; s/^[^=]*=[ ]*$//; }' fi DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_i=`echo "$ac_i" | sed 's/\$U\././;s/\.o$//;s/\.obj$//'` # 2. Add them. ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 echo "$as_me: creating $CONFIG_STATUS" >&6;} cat >$CONFIG_STATUS <<_ACEOF #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then set -o posix fi DUALCASE=1; export DUALCASE # for MKS sh # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # Work around bugs in pre-3.0 UWIN ksh. $as_unset ENV MAIL MAILPATH PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. for as_var in \ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ LC_TELEPHONE LC_TIME do if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then eval $as_var=C; export $as_var else $as_unset $as_var fi done # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1; then as_expr=expr else as_expr=false fi if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)$' \| \ . : '\(.\)' 2>/dev/null || echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } /^X\/\(\/\/\)$/{ s//\1/; q; } /^X\/\(\/\).*/{ s//\1/; q; } s/.*/./; q'` # PATH needs CR, and LINENO needs CR and PATH. # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi as_lineno_1=$LINENO as_lineno_2=$LINENO as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` test "x$as_lineno_1" != "x$as_lineno_2" && test "x$as_lineno_3" = "x$as_lineno_2" || { # Find who we are. Look in the path if we contain no path at all # relative or not. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} { (exit 1); exit 1; }; } fi case $CONFIG_SHELL in '') as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for as_base in sh bash ksh sh5; do case $as_dir in /*) if ("$as_dir/$as_base" -c ' as_lineno_1=$LINENO as_lineno_2=$LINENO as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` test "x$as_lineno_1" != "x$as_lineno_2" && test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } CONFIG_SHELL=$as_dir/$as_base export CONFIG_SHELL exec "$CONFIG_SHELL" "$0" ${1+"$@"} fi;; esac done done ;; esac # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line before each line; the second 'sed' does the real # work. The second script uses 'N' to pair each line-number line # with the numbered line, and appends trailing '-' during # substitution so that $LINENO is not a special case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) sed '=' <$as_myself | sed ' N s,$,-, : loop s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, t loop s,-$,, s,^['$as_cr_digits']*\n,, ' >$as_me.lineno && chmod +x $as_me.lineno || { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensible to this). . ./$as_me.lineno # Exit status is that of the last command. exit } case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in *c*,-n*) ECHO_N= ECHO_C=' ' ECHO_T=' ' ;; *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; *) ECHO_N= ECHO_C='\c' ECHO_T= ;; esac if expr a : '\(a\)' >/dev/null 2>&1; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file echo >conf$$.file if ln -s conf$$.file conf$$ 2>/dev/null; then # We could just check for DJGPP; but this test a) works b) is more generic # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). if test -f conf$$.exe; then # Don't use ln at all; we don't have any links as_ln_s='cp -p' else as_ln_s='ln -s' fi elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.file if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_executable_p="test -f" # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" # IFS # We need space, tab and new line, in precisely that order. as_nl=' ' IFS=" $as_nl" # CDPATH. $as_unset CDPATH exec 6>&1 # Open the log real soon, to keep \$[0] and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. Logging --version etc. is OK. exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX } >&5 cat >&5 <<_CSEOF This file was extended by $as_me, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ _CSEOF echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 echo >&5 _ACEOF # Files that config.status was made for. if test -n "$ac_config_files"; then echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS fi if test -n "$ac_config_headers"; then echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS fi if test -n "$ac_config_links"; then echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS fi if test -n "$ac_config_commands"; then echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS fi cat >>$CONFIG_STATUS <<\_ACEOF ac_cs_usage="\ \`$as_me' instantiates files from templates according to the current configuration. Usage: $0 [OPTIONS] [FILE]... -h, --help print this help, then exit -V, --version print version number, then exit -q, --quiet do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ config.status configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" Copyright (C) 2003 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." srcdir=$srcdir INSTALL="$INSTALL" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # If no file are specified by the user, then we need to provide default # value. By we need to know if files were specified by the user. ac_need_defaults=: while test $# != 0 do case $1 in --*=*) ac_option=`expr "x$1" : 'x\([^=]*\)='` ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` ac_shift=: ;; -*) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; *) # This is not an option, so the user has probably given explicit # arguments. ac_option=$1 ac_need_defaults=false;; esac case $ac_option in # Handling of the options. _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --vers* | -V ) echo "$ac_cs_version"; exit 0 ;; --he | --h) # Conflict between --help and --header { { echo "$as_me:$LINENO: error: ambiguous option: $1 Try \`$0 --help' for more information." >&5 echo "$as_me: error: ambiguous option: $1 Try \`$0 --help' for more information." >&2;} { (exit 1); exit 1; }; };; --help | --hel | -h ) echo "$ac_cs_usage"; exit 0 ;; --debug | --d* | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift CONFIG_FILES="$CONFIG_FILES $ac_optarg" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" ac_need_defaults=false;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 Try \`$0 --help' for more information." >&5 echo "$as_me: error: unrecognized option: $1 Try \`$0 --help' for more information." >&2;} { (exit 1); exit 1; }; } ;; *) ac_config_targets="$ac_config_targets $1" ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF if \$ac_cs_recheck; then echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF # # INIT-COMMANDS section. # _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF for ac_config_target in $ac_config_targets do case "$ac_config_target" in # Handling of arguments. "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "default-1" ) CONFIG_COMMANDS="$CONFIG_COMMANDS default-1" ;; "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 echo "$as_me: error: invalid argument: $ac_config_target" >&2;} { (exit 1); exit 1; }; };; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason to put it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Create a temporary directory, and hook for its removal unless debugging. $debug || { trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 trap '{ (exit 1); exit 1; }' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" } || { tmp=./confstat$$-$RANDOM (umask 077 && mkdir $tmp) } || { echo "$me: cannot create a temporary directory in ." >&2 { (exit 1); exit 1; } } _ACEOF cat >>$CONFIG_STATUS <<_ACEOF # # CONFIG_FILES section. # # No need to generate the scripts if there are no CONFIG_FILES. # This happens for instance when ./config.status config.h if test -n "\$CONFIG_FILES"; then # Protect against being on the right side of a sed subst in config.status. sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF s,@SHELL@,$SHELL,;t t s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t s,@exec_prefix@,$exec_prefix,;t t s,@prefix@,$prefix,;t t s,@program_transform_name@,$program_transform_name,;t t s,@bindir@,$bindir,;t t s,@sbindir@,$sbindir,;t t s,@libexecdir@,$libexecdir,;t t s,@datadir@,$datadir,;t t s,@sysconfdir@,$sysconfdir,;t t s,@sharedstatedir@,$sharedstatedir,;t t s,@localstatedir@,$localstatedir,;t t s,@libdir@,$libdir,;t t s,@includedir@,$includedir,;t t s,@oldincludedir@,$oldincludedir,;t t s,@infodir@,$infodir,;t t s,@mandir@,$mandir,;t t s,@build_alias@,$build_alias,;t t s,@host_alias@,$host_alias,;t t s,@target_alias@,$target_alias,;t t s,@DEFS@,$DEFS,;t t s,@ECHO_C@,$ECHO_C,;t t s,@ECHO_N@,$ECHO_N,;t t s,@ECHO_T@,$ECHO_T,;t t s,@LIBS@,$LIBS,;t t s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t s,@INSTALL_DATA@,$INSTALL_DATA,;t t s,@PACKAGE@,$PACKAGE,;t t s,@VERSION@,$VERSION,;t t s,@ACLOCAL@,$ACLOCAL,;t t s,@AUTOCONF@,$AUTOCONF,;t t s,@AUTOMAKE@,$AUTOMAKE,;t t s,@AUTOHEADER@,$AUTOHEADER,;t t s,@MAKEINFO@,$MAKEINFO,;t t s,@SET_MAKE@,$SET_MAKE,;t t s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t s,@MAINT@,$MAINT,;t t s,@CC@,$CC,;t t s,@CFLAGS@,$CFLAGS,;t t s,@LDFLAGS@,$LDFLAGS,;t t s,@CPPFLAGS@,$CPPFLAGS,;t t s,@ac_ct_CC@,$ac_ct_CC,;t t s,@EXEEXT@,$EXEEXT,;t t s,@OBJEXT@,$OBJEXT,;t t s,@CPP@,$CPP,;t t s,@EGREP@,$EGREP,;t t s,@PKG_CONFIG@,$PKG_CONFIG,;t t s,@PACKAGE_CFLAGS@,$PACKAGE_CFLAGS,;t t s,@PACKAGE_LIBS@,$PACKAGE_LIBS,;t t s,@LIBOBJS@,$LIBOBJS,;t t s,@LTLIBOBJS@,$LTLIBOBJS,;t t CEOF _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # Split the substitutions into bite-sized pieces for seds with # small command number limits, like on Digital OSF/1 and HP-UX. ac_max_sed_lines=48 ac_sed_frag=1 # Number of current file. ac_beg=1 # First line for current file. ac_end=$ac_max_sed_lines # Line after last line for current file. ac_more_lines=: ac_sed_cmds= while $ac_more_lines; do if test $ac_beg -gt 1; then sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag else sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag fi if test ! -s $tmp/subs.frag; then ac_more_lines=false else # The purpose of the label and of the branching condition is to # speed up the sed processing (if there are no `@' at all, there # is no need to browse any of the substitutions). # These are the two extra sed commands mentioned above. (echo ':t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed if test -z "$ac_sed_cmds"; then ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" else ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" fi ac_sed_frag=`expr $ac_sed_frag + 1` ac_beg=$ac_end ac_end=`expr $ac_end + $ac_max_sed_lines` fi done if test -z "$ac_sed_cmds"; then ac_sed_cmds=cat fi fi # test -n "$CONFIG_FILES" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". case $ac_file in - | *:- | *:-:* ) # input from stdin cat >$tmp/stdin ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; * ) ac_file_in=$ac_file.in ;; esac # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. ac_dir=`(dirname "$ac_file") 2>/dev/null || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` { if $as_mkdir_p; then mkdir -p "$ac_dir" else as_dir="$ac_dir" as_dirs= while test ! -d "$as_dir"; do as_dirs="$as_dir $as_dirs" as_dir=`(dirname "$as_dir") 2>/dev/null || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` done test ! -n "$as_dirs" || mkdir $as_dirs fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} { (exit 1); exit 1; }; }; } ac_builddir=. if test "$ac_dir" != .; then ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` # A "../" for each directory in $ac_dir_suffix. ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` else ac_dir_suffix= ac_top_builddir= fi case $srcdir in .) # No --srcdir option. We are building in place. ac_srcdir=. if test -z "$ac_top_builddir"; then ac_top_srcdir=. else ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` fi ;; [\\/]* | ?:[\\/]* ) # Absolute path. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ;; *) # Relative path. ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_builddir$srcdir ;; esac # Do not use `cd foo && pwd` to compute absolute paths, because # the directories may not exist. case `pwd` in .) ac_abs_builddir="$ac_dir";; *) case "$ac_dir" in .) ac_abs_builddir=`pwd`;; [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; *) ac_abs_builddir=`pwd`/"$ac_dir";; esac;; esac case $ac_abs_builddir in .) ac_abs_top_builddir=${ac_top_builddir}.;; *) case ${ac_top_builddir}. in .) ac_abs_top_builddir=$ac_abs_builddir;; [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; esac;; esac case $ac_abs_builddir in .) ac_abs_srcdir=$ac_srcdir;; *) case $ac_srcdir in .) ac_abs_srcdir=$ac_abs_builddir;; [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; esac;; esac case $ac_abs_builddir in .) ac_abs_top_srcdir=$ac_top_srcdir;; *) case $ac_top_srcdir in .) ac_abs_top_srcdir=$ac_abs_builddir;; [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; esac;; esac case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_builddir$INSTALL ;; esac if test x"$ac_file" != x-; then { echo "$as_me:$LINENO: creating $ac_file" >&5 echo "$as_me: creating $ac_file" >&6;} rm -f "$ac_file" fi # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ if test x"$ac_file" = x-; then configure_input= else configure_input="$ac_file. " fi configure_input=$configure_input"Generated from `echo $ac_file_in | sed 's,.*/,,'` by configure." # First look for the input files in the build tree, otherwise in the # src tree. ac_file_inputs=`IFS=: for f in $ac_file_in; do case $f in -) echo $tmp/stdin ;; [\\/$]*) # Absolute (can't be DOS-style, as IFS=:) test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } echo "$f";; *) # Relative if test -f "$f"; then # Build tree echo "$f" elif test -f "$srcdir/$f"; then # Source tree echo "$srcdir/$f" else # /dev/null tree { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } fi;; esac done` || { (exit 1); exit 1; } _ACEOF cat >>$CONFIG_STATUS <<_ACEOF sed "$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s,@configure_input@,$configure_input,;t t s,@srcdir@,$ac_srcdir,;t t s,@abs_srcdir@,$ac_abs_srcdir,;t t s,@top_srcdir@,$ac_top_srcdir,;t t s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t s,@builddir@,$ac_builddir,;t t s,@abs_builddir@,$ac_abs_builddir,;t t s,@top_builddir@,$ac_top_builddir,;t t s,@abs_top_builddir@,$ac_abs_top_builddir,;t t s,@INSTALL@,$ac_INSTALL,;t t " $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out rm -f $tmp/stdin if test x"$ac_file" != x-; then mv $tmp/out $ac_file else cat $tmp/out rm -f $tmp/out fi done _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # # CONFIG_HEADER section. # # These sed commands are passed to sed as "A NAME B NAME C VALUE D", where # NAME is the cpp macro being defined and VALUE is the value it is being given. # # ac_d sets the value in "#define NAME VALUE" lines. ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' ac_dB='[ ].*$,\1#\2' ac_dC=' ' ac_dD=',;t' # ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' ac_uB='$,\1#\2define\3' ac_uC=' ' ac_uD=',;t' for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". case $ac_file in - | *:- | *:-:* ) # input from stdin cat >$tmp/stdin ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; * ) ac_file_in=$ac_file.in ;; esac test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 echo "$as_me: creating $ac_file" >&6;} # First look for the input files in the build tree, otherwise in the # src tree. ac_file_inputs=`IFS=: for f in $ac_file_in; do case $f in -) echo $tmp/stdin ;; [\\/$]*) # Absolute (can't be DOS-style, as IFS=:) test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } # Do quote $f, to prevent DOS paths from being IFS'd. echo "$f";; *) # Relative if test -f "$f"; then # Build tree echo "$f" elif test -f "$srcdir/$f"; then # Source tree echo "$srcdir/$f" else # /dev/null tree { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } fi;; esac done` || { (exit 1); exit 1; } # Remove the trailing spaces. sed 's/[ ]*$//' $ac_file_inputs >$tmp/in _ACEOF # Transform confdefs.h into two sed scripts, `conftest.defines' and # `conftest.undefs', that substitutes the proper values into # config.h.in to produce config.h. The first handles `#define' # templates, and the second `#undef' templates. # And first: Protect against being on the right side of a sed subst in # config.status. Protect against being in an unquoted here document # in config.status. rm -f conftest.defines conftest.undefs # Using a here document instead of a string reduces the quoting nightmare. # Putting comments in sed scripts is not portable. # # `end' is used to avoid that the second main sed command (meant for # 0-ary CPP macros) applies to n-ary macro definitions. # See the Autoconf documentation for `clear'. cat >confdef2sed.sed <<\_ACEOF s/[\\&,]/\\&/g s,[\\$`],\\&,g t clear : clear s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp t end s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp : end _ACEOF # If some macros were called several times there might be several times # the same #defines, which is useless. Nevertheless, we may not want to # sort them, since we want the *last* AC-DEFINE to be honored. uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs rm -f confdef2sed.sed # This sed command replaces #undef with comments. This is necessary, for # example, in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. cat >>conftest.undefs <<\_ACEOF s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, _ACEOF # Break up conftest.defines because some shells have a limit on the size # of here documents, and old seds have small limits too (100 cmds). echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS echo ' :' >>$CONFIG_STATUS rm -f conftest.tail while grep . conftest.defines >/dev/null do # Write a limited-size here document to $tmp/defines.sed. echo ' cat >$tmp/defines.sed <>$CONFIG_STATUS # Speed up: don't consider the non `#define' lines. echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS # Work around the forget-to-reset-the-flag bug. echo 't clr' >>$CONFIG_STATUS echo ': clr' >>$CONFIG_STATUS sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS echo 'CEOF sed -f $tmp/defines.sed $tmp/in >$tmp/out rm -f $tmp/in mv $tmp/out $tmp/in ' >>$CONFIG_STATUS sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail rm -f conftest.defines mv conftest.tail conftest.defines done rm -f conftest.defines echo ' fi # grep' >>$CONFIG_STATUS echo >>$CONFIG_STATUS # Break up conftest.undefs because some shells have a limit on the size # of here documents, and old seds have small limits too (100 cmds). echo ' # Handle all the #undef templates' >>$CONFIG_STATUS rm -f conftest.tail while grep . conftest.undefs >/dev/null do # Write a limited-size here document to $tmp/undefs.sed. echo ' cat >$tmp/undefs.sed <>$CONFIG_STATUS # Speed up: don't consider the non `#undef' echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS # Work around the forget-to-reset-the-flag bug. echo 't clr' >>$CONFIG_STATUS echo ': clr' >>$CONFIG_STATUS sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS echo 'CEOF sed -f $tmp/undefs.sed $tmp/in >$tmp/out rm -f $tmp/in mv $tmp/out $tmp/in ' >>$CONFIG_STATUS sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail rm -f conftest.undefs mv conftest.tail conftest.undefs done rm -f conftest.undefs cat >>$CONFIG_STATUS <<\_ACEOF # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ if test x"$ac_file" = x-; then echo "/* Generated by configure. */" >$tmp/config.h else echo "/* $ac_file. Generated by configure. */" >$tmp/config.h fi cat $tmp/in >>$tmp/config.h rm -f $tmp/in if test x"$ac_file" != x-; then if diff $ac_file $tmp/config.h >/dev/null 2>&1; then { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 echo "$as_me: $ac_file is unchanged" >&6;} else ac_dir=`(dirname "$ac_file") 2>/dev/null || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` { if $as_mkdir_p; then mkdir -p "$ac_dir" else as_dir="$ac_dir" as_dirs= while test ! -d "$as_dir"; do as_dirs="$as_dir $as_dirs" as_dir=`(dirname "$as_dir") 2>/dev/null || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` done test ! -n "$as_dirs" || mkdir $as_dirs fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} { (exit 1); exit 1; }; }; } rm -f $ac_file mv $tmp/config.h $ac_file fi else cat $tmp/config.h rm -f $tmp/config.h fi done _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # # CONFIG_COMMANDS section. # for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue ac_dest=`echo "$ac_file" | sed 's,:.*,,'` ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'` ac_dir=`(dirname "$ac_dest") 2>/dev/null || $as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_dest" : 'X\(//\)[^/]' \| \ X"$ac_dest" : 'X\(//\)$' \| \ X"$ac_dest" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$ac_dest" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` { if $as_mkdir_p; then mkdir -p "$ac_dir" else as_dir="$ac_dir" as_dirs= while test ! -d "$as_dir"; do as_dirs="$as_dir $as_dirs" as_dir=`(dirname "$as_dir") 2>/dev/null || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` done test ! -n "$as_dirs" || mkdir $as_dirs fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} { (exit 1); exit 1; }; }; } ac_builddir=. if test "$ac_dir" != .; then ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` # A "../" for each directory in $ac_dir_suffix. ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` else ac_dir_suffix= ac_top_builddir= fi case $srcdir in .) # No --srcdir option. We are building in place. ac_srcdir=. if test -z "$ac_top_builddir"; then ac_top_srcdir=. else ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` fi ;; [\\/]* | ?:[\\/]* ) # Absolute path. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ;; *) # Relative path. ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_builddir$srcdir ;; esac # Do not use `cd foo && pwd` to compute absolute paths, because # the directories may not exist. case `pwd` in .) ac_abs_builddir="$ac_dir";; *) case "$ac_dir" in .) ac_abs_builddir=`pwd`;; [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; *) ac_abs_builddir=`pwd`/"$ac_dir";; esac;; esac case $ac_abs_builddir in .) ac_abs_top_builddir=${ac_top_builddir}.;; *) case ${ac_top_builddir}. in .) ac_abs_top_builddir=$ac_abs_builddir;; [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; esac;; esac case $ac_abs_builddir in .) ac_abs_srcdir=$ac_srcdir;; *) case $ac_srcdir in .) ac_abs_srcdir=$ac_abs_builddir;; [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; esac;; esac case $ac_abs_builddir in .) ac_abs_top_srcdir=$ac_top_srcdir;; *) case $ac_top_srcdir in .) ac_abs_top_srcdir=$ac_abs_builddir;; [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; esac;; esac { echo "$as_me:$LINENO: executing $ac_dest commands" >&5 echo "$as_me: executing $ac_dest commands" >&6;} case $ac_dest in default-1 ) test -z "$CONFIG_HEADERS" || echo timestamp > stamp-h ;; esac done _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF { (exit 0); exit 0; } _ACEOF chmod +x $CONFIG_STATUS ac_clean_files=$ac_clean_files_save # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || { (exit 1); exit 1; } fi hydra-8.1/hydra-gtk/configure.in0000755000175000010010000000060112441064457015273 0ustar marcNonednl Process this file with autoconf to produce a configure script. AC_INIT(configure.in) AM_INIT_AUTOMAKE(xhydra, 0.1) AM_CONFIG_HEADER(config.h) AM_MAINTAINER_MODE AC_ISC_POSIX AC_PROG_CC AM_PROG_CC_STDC AC_HEADER_STDC pkg_modules="gtk+-2.0 >= 2.0.0" PKG_CHECK_MODULES(PACKAGE, [$pkg_modules]) AC_SUBST(PACKAGE_CFLAGS) AC_SUBST(PACKAGE_LIBS) AC_OUTPUT([ Makefile src/Makefile ]) hydra-8.1/hydra-gtk/COPYING0000755000175000010010000004311012441064457014017 0ustar marcNone GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. hydra-8.1/hydra-gtk/INSTALL0000755000175000010010000001722712441064457014027 0ustar marcNoneBasic Installation ================== These are generic installation instructions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that you can run in the future to recreate the current configuration, a file `config.cache' that saves the results of its tests to speed up reconfiguring, and a file `config.log' containing compiler output (useful mainly for debugging `configure'). If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If at some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.in' is used to create `configure' by a program called `autoconf'. You only need `configure.in' if you want to change it or regenerate `configure' using a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. If you're using `csh' on an old version of System V, you might need to type `sh ./configure' instead to prevent `csh' from trying to execute `configure' itself. Running `configure' takes awhile. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with the package. 4. Type `make install' to install the programs and any data files and documentation. 5. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is also a `make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. Compilers and Options ===================== Some systems require unusual options for compilation or linking that the `configure' script does not know about. You can give `configure' initial values for variables by setting them in the environment. Using a Bourne-compatible shell, you can do that on the command line like this: CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure Or on systems that have the `env' program, you can do it like this: env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you must use a version of `make' that supports the `VPATH' variable, such as GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. If you have to use a `make' that does not supports the `VPATH' variable, you have to compile the package for one architecture at a time in the source code directory. After you have installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. Installation Names ================== By default, `make install' will install the package's files in `/usr/local/bin', `/usr/local/man', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PATH'. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you give `configure' the option `--exec-prefix=PATH', the package will use PATH as the prefix for installing programs and libraries. Documentation and other data files will still use the regular prefix. In addition, if you use an unusual directory layout you can give options like `--bindir=PATH' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. Optional Features ================= Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The `README' should mention any `--enable-' and `--with-' options that the package recognizes. For packages that use the X Window System, `configure' can usually find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. Specifying the System Type ========================== There may be some features `configure' can not figure out automatically, but needs to determine by the type of host the package will run on. Usually `configure' can figure that out, but if it prints a message saying it can not guess the host type, give it the `--host=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name with three fields: CPU-COMPANY-SYSTEM See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the host type. If you are building compiler tools for cross-compiling, you can also use the `--target=TYPE' option to select the type of system they will produce code for and the `--build=TYPE' option to select the type of system on which you are compiling the package. Sharing Defaults ================ If you want to set default values for `configure' scripts to share, you can create a site shell script called `config.site' that gives default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. Operation Controls ================== `configure' recognizes the following options to control how it operates. `--cache-file=FILE' Use and save the results of the tests in FILE instead of `./config.cache'. Set FILE to `/dev/null' to disable caching, for debugging `configure'. `--help' Print a summary of the options to `configure', and exit. `--quiet' `--silent' `-q' Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. `--version' Print the version of Autoconf used to generate the `configure' script, and exit. `configure' also accepts some other, not widely useful, options. hydra-8.1/hydra-gtk/install-sh0000755000175000010010000001273612441064457014777 0ustar marcNone#!/bin/sh # # install - install a program, script, or datafile # This comes from X11R5 (mit/util/scripts/install.sh). # # Copyright 1991 by the Massachusetts Institute of Technology # # Permission to use, copy, modify, distribute, and sell this software and its # documentation for any purpose is hereby granted without fee, provided that # the above copyright notice appear in all copies and that both that # copyright notice and this permission notice appear in supporting # documentation, and that the name of M.I.T. not be used in advertising or # publicity pertaining to distribution of the software without specific, # written prior permission. M.I.T. makes no representations about the # suitability of this software for any purpose. It is provided "as is" # without express or implied warranty. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. It can only install one file at a time, a restriction # shared with many OS's install programs. # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" transformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd="$cpprog" shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd="$stripprog" shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "install: no input file specified" exit 1 else true fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d $dst ]; then instcmd=: chmodcmd="" else instcmd=mkdir fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] then true else echo "install: $src does not exist" exit 1 fi if [ x"$dst" = x ] then echo "install: no destination specified" exit 1 else true fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d $dst ] then dst="$dst"/`basename $src` else true fi fi ## this sed command emulates the dirname command dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-${defaultIFS}}" oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" pathcomp='' while [ $# -ne 0 ] ; do pathcomp="${pathcomp}${1}" shift if [ ! -d "${pathcomp}" ] ; then $mkdirprog "${pathcomp}" else true fi pathcomp="${pathcomp}/" done fi if [ x"$dir_arg" != x ] then $doit $instcmd $dst && if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename $dst` else dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename $dst` else true fi # Make a temp file name in the proper directory. dsttmp=$dstdir/#inst.$$# # Move or copy the file name to the temp name $doit $instcmd $src $dsttmp && trap "rm -f ${dsttmp}" 0 && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && $doit $mvcmd $dsttmp $dstdir/$dstfile fi && exit 0 hydra-8.1/hydra-gtk/Makefile.am0000755000175000010010000000120112441064457015013 0ustar marcNone## Process this file with automake to produce Makefile.in SUBDIRS = src EXTRA_DIST = \ autogen.sh \ xhydra.glade \ xhydra.gladep install-data-local: @$(NORMAL_INSTALL) if test -d $(srcdir)/pixmaps; then \ $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/pixmaps; \ for pixmap in $(srcdir)/pixmaps/*; do \ if test -f $$pixmap; then \ $(INSTALL_DATA) $$pixmap $(DESTDIR)$(pkgdatadir)/pixmaps; \ fi \ done \ fi dist-hook: if test -d pixmaps; then \ mkdir $(distdir)/pixmaps; \ for pixmap in pixmaps/*; do \ if test -f $$pixmap; then \ cp -p $$pixmap $(distdir)/pixmaps; \ fi \ done \ fi hydra-8.1/hydra-gtk/Makefile.in0000755000175000010010000002703712441064457015043 0ustar marcNone# Makefile.in generated automatically by automake 1.4-p6 from Makefile.am # Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. SHELL = @SHELL@ srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ libexecdir = @libexecdir@ datadir = @datadir@ sysconfdir = @sysconfdir@ sharedstatedir = @sharedstatedir@ localstatedir = @localstatedir@ libdir = @libdir@ infodir = @infodir@ mandir = @mandir@ includedir = @includedir@ oldincludedir = /usr/include DESTDIR = pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ top_builddir = . ACLOCAL = @ACLOCAL@ AUTOCONF = @AUTOCONF@ AUTOMAKE = @AUTOMAKE@ AUTOHEADER = @AUTOHEADER@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ transform = @program_transform_name@ NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : CC = @CC@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ PACKAGE_LIBS = @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ SUBDIRS = src EXTRA_DIST = autogen.sh xhydra.glade xhydra.gladep ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = DIST_COMMON = README ./stamp-h.in AUTHORS COPYING ChangeLog INSTALL \ Makefile.am Makefile.in NEWS acconfig.h aclocal.m4 config.h.in \ configure configure.in install-sh missing mkinstalldirs DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) TAR = tar GZIP_ENV = --best all: all-redirect .SUFFIXES: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES) cd $(top_builddir) \ && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ configure.in cd $(srcdir) && $(ACLOCAL) config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(srcdir)/configure: @MAINTAINER_MODE_TRUE@$(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES) cd $(srcdir) && $(AUTOCONF) config.h: stamp-h @if test ! -f $@; then \ rm -f stamp-h; \ $(MAKE) stamp-h; \ else :; fi stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status cd $(top_builddir) \ && CONFIG_FILES= CONFIG_HEADERS=config.h \ $(SHELL) ./config.status @echo timestamp > stamp-h 2> /dev/null $(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@$(srcdir)/stamp-h.in @if test ! -f $@; then \ rm -f $(srcdir)/stamp-h.in; \ $(MAKE) $(srcdir)/stamp-h.in; \ else :; fi $(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) acconfig.h cd $(top_srcdir) && $(AUTOHEADER) @echo timestamp > $(srcdir)/stamp-h.in 2> /dev/null mostlyclean-hdr: clean-hdr: distclean-hdr: -rm -f config.h maintainer-clean-hdr: # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. @SET_MAKE@ all-recursive install-data-recursive install-exec-recursive \ installdirs-recursive install-recursive uninstall-recursive \ check-recursive installcheck-recursive info-recursive dvi-recursive: @set fnord $(MAKEFLAGS); amf=$$2; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" mostlyclean-recursive clean-recursive distclean-recursive \ maintainer-clean-recursive: @set fnord $(MAKEFLAGS); amf=$$2; \ dot_seen=no; \ rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \ rev="$$subdir $$rev"; \ test "$$subdir" != "." || dot_seen=yes; \ done; \ test "$$dot_seen" = "no" && rev=". $$rev"; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done tags: TAGS ID: $(HEADERS) $(SOURCES) $(LISP) list='$(SOURCES) $(HEADERS)'; \ unique=`for i in $$list; do echo $$i; done | \ awk ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ here=`pwd` && cd $(srcdir) \ && mkid -f$$here/ID $$unique $(LISP) TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) $(LISP) tags=; \ here=`pwd`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS)'; \ unique=`for i in $$list; do echo $$i; done | \ awk ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ test -z "$(ETAGS_ARGS)config.h.in$$unique$(LISP)$$tags" \ || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags config.h.in $$unique $(LISP) -o $$here/TAGS) mostlyclean-tags: clean-tags: distclean-tags: -rm -f TAGS ID maintainer-clean-tags: distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist -rm -rf $(distdir) GZIP=$(GZIP_ENV) $(TAR) zxf $(distdir).tar.gz mkdir $(distdir)/=build mkdir $(distdir)/=inst dc_install_base=`cd $(distdir)/=inst && pwd`; \ cd $(distdir)/=build \ && ../configure --srcdir=.. --prefix=$$dc_install_base \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) dist -rm -rf $(distdir) @banner="$(distdir).tar.gz is ready for distribution"; \ dashes=`echo "$$banner" | sed s/./=/g`; \ echo "$$dashes"; \ echo "$$banner"; \ echo "$$dashes" dist: distdir -chmod -R a+r $(distdir) GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir) -rm -rf $(distdir) dist-all: distdir -chmod -R a+r $(distdir) GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir) -rm -rf $(distdir) distdir: $(DISTFILES) -rm -rf $(distdir) mkdir $(distdir) -chmod 777 $(distdir) here=`cd $(top_builddir) && pwd`; \ top_distdir=`cd $(distdir) && pwd`; \ distdir=`cd $(distdir) && pwd`; \ cd $(top_srcdir) \ && $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --gnu Makefile @for file in $(DISTFILES); do \ d=$(srcdir); \ if test -d $$d/$$file; then \ cp -pr $$d/$$file $(distdir)/$$file; \ else \ test -f $(distdir)/$$file \ || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ || cp -p $$d/$$file $(distdir)/$$file || :; \ fi; \ done for subdir in $(SUBDIRS); do \ if test "$$subdir" = .; then :; else \ test -d $(distdir)/$$subdir \ || mkdir $(distdir)/$$subdir \ || exit 1; \ chmod 777 $(distdir)/$$subdir; \ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir=../$(distdir) distdir=../$(distdir)/$$subdir distdir) \ || exit 1; \ fi; \ done $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook info-am: info: info-recursive dvi-am: dvi: dvi-recursive check-am: all-am check: check-recursive installcheck-am: installcheck: installcheck-recursive all-recursive-am: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive install-exec-am: install-exec: install-exec-recursive install-data-am: install-data-local install-data: install-data-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am install: install-recursive uninstall-am: uninstall: uninstall-recursive all-am: Makefile config.h all-redirect: all-recursive-am install-strip: $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install installdirs: installdirs-recursive installdirs-am: mostlyclean-generic: clean-generic: distclean-generic: -rm -f Makefile $(CONFIG_CLEAN_FILES) -rm -f config.cache config.log stamp-h stamp-h[0-9]* maintainer-clean-generic: mostlyclean-am: mostlyclean-hdr mostlyclean-tags mostlyclean-generic mostlyclean: mostlyclean-recursive clean-am: clean-hdr clean-tags clean-generic mostlyclean-am clean: clean-recursive distclean-am: distclean-hdr distclean-tags distclean-generic clean-am distclean: distclean-recursive -rm -f config.status maintainer-clean-am: maintainer-clean-hdr maintainer-clean-tags \ maintainer-clean-generic distclean-am @echo "This command is intended for maintainers to use;" @echo "it deletes files that may require special tools to rebuild." maintainer-clean: maintainer-clean-recursive -rm -f config.status .PHONY: mostlyclean-hdr distclean-hdr clean-hdr maintainer-clean-hdr \ install-data-recursive uninstall-data-recursive install-exec-recursive \ uninstall-exec-recursive installdirs-recursive uninstalldirs-recursive \ all-recursive check-recursive installcheck-recursive info-recursive \ dvi-recursive mostlyclean-recursive distclean-recursive clean-recursive \ maintainer-clean-recursive tags tags-recursive mostlyclean-tags \ distclean-tags clean-tags maintainer-clean-tags distdir info-am info \ dvi-am dvi check check-am installcheck-am installcheck all-recursive-am \ install-exec-am install-exec install-data-local install-data-am \ install-data install-am install uninstall-am uninstall all-redirect \ all-am all installdirs-am installdirs mostlyclean-generic \ distclean-generic clean-generic maintainer-clean-generic clean \ mostlyclean distclean maintainer-clean install-data-local: @$(NORMAL_INSTALL) if test -d $(srcdir)/pixmaps; then \ $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/pixmaps; \ for pixmap in $(srcdir)/pixmaps/*; do \ if test -f $$pixmap; then \ $(INSTALL_DATA) $$pixmap $(DESTDIR)$(pkgdatadir)/pixmaps; \ fi \ done \ fi dist-hook: if test -d pixmaps; then \ mkdir $(distdir)/pixmaps; \ for pixmap in pixmaps/*; do \ if test -f $$pixmap; then \ cp -p $$pixmap $(distdir)/pixmaps; \ fi \ done \ fi # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: hydra-8.1/hydra-gtk/make_xhydra.sh0000755000175000010010000000116212441064457015615 0ustar marcNone#!/bin/bash PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/gnome/lib/pkgconfig export PKG_CONFIG_PATH echo "Trying to compile xhydra now (hydra gtk gui) - dont worry if this fails, this is really optional ..." ./configure > /dev/null 2> errors test -e Makefile || { echo "Error: configure wasnt happy. Analyse this:" cat errors exit 1 } make > /dev/null 2> errors test -e src/xhydra || { echo "Error: could not compile. Analyse this:" cat errors echo echo 'Do not worry, as I said, xhydra is really optional. ./hydra is ready to go!' exit 0 } cp -v src/xhydra .. echo "The GTK GUI is ready, type \"./xhydra\" to start" hydra-8.1/hydra-gtk/missing0000755000175000010010000001452012441064457014363 0ustar marcNone#! /bin/sh # Common stub for a few missing GNU programs while installing. # Copyright (C) 1996, 1997, 2001, 2002 Free Software Foundation, Inc. # Franc,ois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA. if test $# -eq 0; then echo 1>&2 "Try \`$0 --help' for more information" exit 1 fi # In the cases where this matters, `missing' is being run in the # srcdir already. if test -f configure.in; then configure_ac=configure.ac else configure_ac=configure.in fi case "$1" in -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an error status if there is no known handling for PROGRAM. Options: -h, --help display this help and exit -v, --version output version information and exit Supported PROGRAM values: aclocal touch file \`aclocal.m4' autoconf touch file \`configure' autoheader touch file \`config.h.in' automake touch all \`Makefile.in' files bison create \`y.tab.[ch]', if possible, from existing .[ch] flex create \`lex.yy.c', if possible, from existing .c lex create \`lex.yy.c', if possible, from existing .c makeinfo touch the output file yacc create \`y.tab.[ch]', if possible, from existing .[ch]" ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing - GNU libit 0.0" ;; -*) echo 1>&2 "$0: Unknown \`$1' option" echo 1>&2 "Try \`$0 --help' for more information" exit 1 ;; aclocal*) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`acinclude.m4' or \`$configure_ac'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." touch aclocal.m4 ;; autoconf) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`$configure_ac'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." touch configure ;; autoheader) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`acconfig.h' or \`$configure_ac'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' $configure_ac` test -z "$files" && files="config.h" touch_files= for f in $files; do case "$f" in *:*) touch_files="$touch_files "`echo "$f" | sed -e 's/^[^:]*://' -e 's/:.*//'`;; *) touch_files="$touch_files $f.in";; esac done touch $touch_files ;; automake*) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`Makefile.am', \`acinclude.m4' or \`$configure_ac'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." find . -type f -name Makefile.am -print | sed 's/\.am$/.in/' | while read f; do touch "$f"; done ;; bison|yacc) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a \`.y' file. You may need the \`Bison' package in order for those modifications to take effect. You can get \`Bison' from any GNU archive site." rm -f y.tab.c y.tab.h if [ $# -ne 1 ]; then eval LASTARG="\${$#}" case "$LASTARG" in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" y.tab.c fi SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" y.tab.h fi ;; esac fi if [ ! -f y.tab.h ]; then echo >y.tab.h fi if [ ! -f y.tab.c ]; then echo 'main() { return 0; }' >y.tab.c fi ;; lex|flex) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a \`.l' file. You may need the \`Flex' package in order for those modifications to take effect. You can get \`Flex' from any GNU archive site." rm -f lex.yy.c if [ $# -ne 1 ]; then eval LASTARG="\${$#}" case "$LASTARG" in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" lex.yy.c fi ;; esac fi if [ ! -f lex.yy.c ]; then echo 'main() { return 0; }' >lex.yy.c fi ;; makeinfo) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a \`.texi' or \`.texinfo' file, or any other file indirectly affecting the aspect of the manual. The spurious call might also be the consequence of using a buggy \`make' (AIX, DU, IRIX). You might want to install the \`Texinfo' package or the \`GNU make' package. Grab either from any GNU archive site." file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` if test -z "$file"; then file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` fi touch $file ;; *) echo 1>&2 "\ WARNING: \`$1' is needed, and you do not seem to have it handy on your system. You might have modified some files without having the proper tools for further handling them. Check the \`README' file, it often tells you about the needed prerequirements for installing this package. You may also peek at any GNU archive site, in case some other package would contain this missing \`$1' program." exit 1 ;; esac exit 0 hydra-8.1/hydra-gtk/mkinstalldirs0000755000175000010010000000132212441064457015566 0ustar marcNone#! /bin/sh # mkinstalldirs --- make directory hierarchy # Author: Noah Friedman # Created: 1993-05-16 # Public domain # $Id: mkinstalldirs,v 1.13 1999/01/05 03:18:55 bje Exp $ errstatus=0 for file do set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` shift pathcomp= for d do pathcomp="$pathcomp$d" case "$pathcomp" in -* ) pathcomp=./$pathcomp ;; esac if test ! -d "$pathcomp"; then echo "mkdir $pathcomp" mkdir "$pathcomp" || lasterr=$? if test ! -d "$pathcomp"; then errstatus=$lasterr fi fi pathcomp="$pathcomp/" done done exit $errstatus # mkinstalldirs ends here hydra-8.1/hydra-gtk/NEWS0000755000175000010010000000000012441064457013452 0ustar marcNonehydra-8.1/hydra-gtk/README0000755000175000010010000000043312441064457013645 0ustar marcNone Hydra-GTK Gtk+2 frontend for thc-hydra To install just do a: ./configure make su root make install Easy at it can be... You need thc-hydra installed to make this work. This is my second gtk+2 program, so I am waiting for a lot of patches :) Mail them to snakebyte@gmx.de hydra-8.1/hydra-gtk/src/0000755000175000010010000000000012441064457013551 5ustar marcNonehydra-8.1/hydra-gtk/src/callbacks.c0000600000175000010010000005262512441064457015636 0ustar marcNone /* * This file handles all that needs to be done... * Some stuff is stolen from gcombust since I never used pipes... ok, i * only used them in reallife :) */ #ifdef HAVE_CONFIG_H #include #endif #include #include "callbacks.h" #include "interface.h" #include "support.h" #include #include #include #include #include #include #include #include #include #include #include int hydra_pid = 0; char port[10]; char tasks[10]; char timeout[10]; char smbparm[12]; char snmpparm[4]; char sapr3id[4]; char passLoginNull[4]; #define BUF_S 1024 void hydra_select_file(GtkEntry * widget, char *text) { #ifdef GTK_TYPE_FILE_CHOOSER GtkWidget *dialog; char *filename; dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); gtk_entry_set_text(widget, filename); g_free(filename); } gtk_widget_destroy(dialog); #endif } int hydra_get_options(char *options[]) { /* get the stuff from the gtk entries... */ int i = 1; GtkWidget *widget; GtkWidget *widget2; int j; gchar *tmp; GString *a; options[0] = HYDRA_BIN; /* get the port */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnPort"); j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); if (j != 0) { snprintf(port, 10, "%d", j); options[i++] = "-s"; options[i++] = port; } /* prefer ipv6 */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkIPV6"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-6"; } /* use SSL? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkSSL"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-S"; } /* be verbose? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-v"; } /* show attempts */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkAttempts"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-V"; } /* debug mode? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkDebug"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-d"; } /* COMPLETE HELP */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkCompleteHelp"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-h"; } /* Service Module Usage Details */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkServiceDetails"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-U"; } /* use colon separated list? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkColon"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-C"; widget = lookup_widget(GTK_WIDGET(wndMain), "entColonFile"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else { /* get the username, or username list */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-l"; widget = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else { options[i++] = "-L"; widget = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } /* get the pass, pass list, or generate */ /* The "generate" button was implemented by Petar Kaleychev */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-p"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPass"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-P"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-x"; widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } } /* empty passes / login as pass / reversed login? */ memset(passLoginNull, 0, 4); widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { passLoginNull[0] = 'n'; } widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassLogin"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { if (passLoginNull[0] == 0) { passLoginNull[0] = 's'; } else { passLoginNull[1] = 's'; } } /* The "Try reversed login" button was implemented by Petar Kaleychev */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassReverse"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { if (passLoginNull[0] == 0) { passLoginNull[0] = 'r'; } else if (passLoginNull[1] == 0) { passLoginNull[1] = 'r'; } else { passLoginNull[2] = 'r'; } } if (passLoginNull[0] != 0) { options[i++] = "-e"; options[i++] = passLoginNull; } /* #of tasks */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnTasks"); j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); if (j != 40) { snprintf(tasks, 10, "%d", j); options[i++] = "-t"; options[i++] = tasks; } /* timeout */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnTimeout"); j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); if (j != 30) { snprintf(timeout, 10, "%d", j); options[i++] = "-w"; options[i++] = timeout; } /* loop around users? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkUsernameLoop"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-u"; } /* exit after first found pair? */ /* per host */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitf"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-f"; } /* global */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitF"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-F"; } /* Do not print messages about connection errors */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkNoErr"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { options[i++] = "-q"; } /* get additional parameters */ widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); tmp = (char *) gtk_entry_get_text((GtkEntry *) widget); if (!strncmp(tmp, "http-proxy", 10)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxyURL"); options[i++] = "-m"; options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else if (!strncmp(tmp, "http-", 5) || !strncmp(tmp, "https-", 6)) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPURL"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else if (!strcmp(tmp, "cisco-enable")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entCiscoPass"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else if (!strcmp(tmp, "ldap3-crammd5")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else if (!strcmp(tmp, "ldap3-digestmd5")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else if (!strcmp(tmp, "smb")) { memset(smbparm, 0, 12); widget = lookup_widget(GTK_WIDGET(wndMain), "chkDomain"); widget2 = lookup_widget(GTK_WIDGET(wndMain), "chkLocal"); options[i++] = "-m"; strncpy(smbparm, "Both", sizeof(smbparm)); smbparm[strlen("Both")] = '\0'; if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { strncpy(smbparm, "Domain", sizeof(smbparm)); smbparm[strlen("Domain")] = '\0'; } if (gtk_toggle_button_get_active((GtkToggleButton *) widget2)) { if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { strncpy(smbparm, "Both", sizeof(smbparm)); smbparm[strlen("Both")] = '\0'; } else { strncpy(smbparm, "Local", sizeof(smbparm)); smbparm[strlen("Local")] = '\0'; } } widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { strcat(smbparm, "Hash"); } options[i++] = smbparm; } else if (!strcmp(tmp, "sapr3")) { widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3"); j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); snprintf(sapr3id, sizeof(sapr3id), "%d", j); options[i++] = "-m"; options[i++] = sapr3id; } else if (!strcmp(tmp, "cvs") || !strcmp(tmp, "svn")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entCVS"); options[i++] = "-m"; options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else if (!strcmp(tmp, "snmp")) { memset(snmpparm, 0, 4); widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPVer1"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { snmpparm[0] = '1'; } else { snmpparm[0] = '2'; } widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPWrite"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { snmpparm[0] = 'w'; } else { snmpparm[0] = 'r'; } options[i++] = "-m"; options[i++] = snmpparm; } else if (!strcmp(tmp, "telnet")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet"); if ((char *) gtk_entry_get_text((GtkEntry *) widget) != NULL) { options[i++] = "-m"; options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } } /* clean up proxy settings */ unsetenv("HYDRA_PROXY_HTTP"); unsetenv("HYDRA_PROXY_CONNECT"); unsetenv("HYDRA_PROXY_AUTH"); /* proxy support */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy"); if (!gtk_toggle_button_get_active((GtkToggleButton *) widget)) { widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy"); widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2"); /* which variable do we set? */ if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *) widget))) { setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *) widget2), 1); } else { setenv("HYDRA_PROXY_CONNECT", (char *) gtk_entry_get_text((GtkEntry *) widget2), 1); } /* do we need to provide user and pass? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkProxyAuth"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entProxyUser"); widget2 = lookup_widget(GTK_WIDGET(wndMain), "entProxyPass"); a = g_string_new((gchar *) gtk_entry_get_text((GtkEntry *) widget)); a = g_string_append_c(a, ':'); a = g_string_append(a, gtk_entry_get_text((GtkEntry *) widget2)); setenv("HYDRA_PROXY_AUTH", a->str, 1); (void) g_string_free(a, TRUE); } } /* get the target, or target list */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioTarget1"); if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entTarget"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } else { options[i++] = "-M"; widget = lookup_widget(GTK_WIDGET(wndMain), "entTargetFile"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); } /* get the service */ widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); options[i] = NULL; return i; } int update_statusbar() { int i, j; char *options[128]; guint context_id; GtkStatusbar *statusbar; extern guint message_id; GString *statustext = g_string_new("hydra "); i = hydra_get_options(options); for (j = 1; j < i; j++) { statustext = g_string_append(statustext, options[j]); statustext = g_string_append_c(statustext, ' '); } statusbar = (GtkStatusbar *) lookup_widget(GTK_WIDGET(wndMain), "statusbar"); context_id = gtk_statusbar_get_context_id(statusbar, "status"); /* an old message in stack? */ if (message_id != 0) { gtk_statusbar_remove(statusbar, context_id, message_id); } message_id = gtk_statusbar_push(statusbar, context_id, (gchar *) statustext->str); (void) g_string_free(statustext, TRUE); return TRUE; } int read_into(int fd) { char in_buf[BUF_S]; char *passline; char *start, *end; int result; GtkWidget *output; GtkTextBuffer *outputbuf; GtkTextIter outputiter; if ((result = read(fd, in_buf, BUF_S - 1)) < 0) { g_warning("%s::%i: read returned negative!", __FILE__, __LINE__); return FALSE; } else if (result == 0) { return FALSE; } else { in_buf[result] = 0; } output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1); if ((passline = strstr(in_buf, "password: ")) == NULL) { gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result); } else { start = in_buf; end = in_buf; while ((end = (strchr(end + 1, '\n'))) < passline) { start = end; } if (start != in_buf) { gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, (start - in_buf + 1)); } gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, start, (end - start + 1), "bold", NULL); if (end - in_buf - result > 0) { gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1); } } if (strstr(in_buf, " finished at ") != NULL) { gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "\n\n", -1, "bold", NULL); } if (result == BUF_S - 1) /* there might be more available, recurse baby! */ return read_into(fd); else return TRUE; } /* wait for hydra output */ static int wait_hydra_output(gpointer data) { static int stdout_ok = TRUE, stderr_ok = TRUE; fd_set rset; struct timeval tv; int result, max; int *fd = data; int status; g_assert((stdout_ok == TRUE) || (stderr_ok == TRUE)); tv.tv_sec = 0; tv.tv_usec = 0; FD_ZERO(&rset); max = -1; if (stdout_ok) { FD_SET(fd[0], &rset); max = fd[0]; } if (stderr_ok) { FD_SET(fd[1], &rset); if (-1 == max) max = fd[1]; else max = fd[0] > fd[1] ? fd[0] : fd[1]; } result = select(max + 1, &rset, NULL, NULL, &tv); if (result < 0) g_error("wait_hydra_output: select returned negative!"); else if (result == 0) return TRUE; if (stdout_ok && FD_ISSET(fd[0], &rset)) stdout_ok = read_into(fd[0]); if (stderr_ok && FD_ISSET(fd[1], &rset)) stderr_ok = read_into(fd[1]); if (!(stdout_ok || stderr_ok)) { waitpid(hydra_pid, &status, 0); hydra_pid = 0; stdout_ok = stderr_ok = TRUE; return FALSE; } else return TRUE; } /* assumes a successfull pipe() won't set the fd's to -1 */ static void close_pipe(int *pipe) { if (-1 != pipe[0]) { close(pipe[0]); pipe[0] = -1; } if (-1 != pipe[1]) { close(pipe[1]); pipe[1] = -1; } } /* executes the command stored in command->elemets (which is suitable for execv()) * returns an int *pfd with file descriptors: * pfd[0] STDOUT output of the command and * pfd[1] STDERR output of the command */ int *popen_re_unbuffered(char *command) { static int p_r[2] = { -1, -1 }, p_e[2] = { -1, -1}; static int *pfd = NULL; char *options[128]; hydra_pid = 0; update_statusbar(); /* only allocate once */ if (NULL == pfd) pfd = malloc(sizeof(int) * 2); /* clean up from last command */ close_pipe(p_r); close_pipe(p_e); if (pipe(p_r) < 0 || pipe(p_e) < 0) { g_warning("popen_rw_unbuffered: Error creating pipe!"); return NULL; } if ((hydra_pid = fork()) < 0) { g_warning("popen_rw_unbuffered: Error forking!"); return NULL; } else if (hydra_pid == 0) { /* child */ int k; if (setpgid(getpid(), getpid()) < 0) g_warning("popen_rw_unbuffered: setpgid() failed"); if (close(p_r[0]) < 0) g_warning("popen_rw_unbuffered: close(p_r[0]) failed"); if (p_r[1] != STDOUT_FILENO) if (dup2(p_r[1], STDOUT_FILENO) < 0) g_warning("popen_rw_unbuffered: child dup2 STDOUT failed!"); if (close(p_r[1]) < 0) g_warning("popen_rw_unbuffered: close(p_r[1]) failed"); if (close(p_e[0]) < 0) g_warning("popen_rw_unbuffered: close(p_e[0]) failed"); if (p_e[1] != STDERR_FILENO) if (dup2(p_e[1], STDERR_FILENO) < 0) g_warning("popen_rw_unbuffered: child dup2 STDERR failed!"); if (close(p_e[1]) < 0) g_warning("popen_rw_unbuffered: close(p_e[1]) failed"); (void) hydra_get_options(options); execv(HYDRA_BIN, options); g_warning("%s %i: popen_rw_unbuffered: execv() returned", __FILE__, __LINE__); for (k = 0; options[k] != NULL; k++) { g_warning("%s", options[k]); } gtk_main_quit(); } else { /* parent */ if (close(p_r[1]) < 0) g_warning("popen_rw_unbuffered: close(p_r[1]) (parent) failed"); if (close(p_e[1]) < 0) g_warning("popen_rw_unbuffered: close(p_e[1]) (parent) failed"); pfd[0] = p_r[0]; pfd[1] = p_e[0]; return pfd; } g_assert_not_reached(); return pfd; } void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) { gtk_main_quit(); } void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) { } void on_btnStart_clicked(GtkButton * button, gpointer user_data) { int *fd = NULL; fd = popen_re_unbuffered(NULL); g_timeout_add(200, wait_hydra_output, fd); } void on_btnStop_clicked(GtkButton * button, gpointer user_data) { if (hydra_pid != 0) { kill(hydra_pid, SIGTERM); hydra_pid = 0; } } void on_wndMain_destroy(GtkObject * object, gpointer user_data) { if (hydra_pid != 0) { kill(hydra_pid, SIGTERM); hydra_pid = 0; } gtk_main_quit(); } gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { hydra_select_file((GtkEntry *) widget, "Select target list"); gtk_widget_grab_focus(widget); return TRUE; } gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { hydra_select_file((GtkEntry *) widget, "Select username list"); gtk_widget_grab_focus(widget); return TRUE; } gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { hydra_select_file((GtkEntry *) widget, "Select password list"); gtk_widget_grab_focus(widget); return TRUE; } gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { hydra_select_file((GtkEntry *) widget, "Select colon separated user,password list"); gtk_widget_grab_focus(widget); return TRUE; } void on_btnSave_clicked(GtkButton * button, gpointer user_data) { #ifdef GTK_TYPE_FILE_CHOOSER GtkWidget *dialog; char *filename; gchar *text; int fd; GtkWidget *output; GtkTextBuffer *outputbuf; GtkTextIter start; GtkTextIter end; dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); gtk_text_buffer_get_start_iter(outputbuf, &start); gtk_text_buffer_get_end_iter(outputbuf, &end); text = gtk_text_buffer_get_text(outputbuf, &start, &end, TRUE); fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644); if (fd > 0) { write(fd, text, strlen(text)); close(fd); } g_free(text); g_free(filename); } gtk_widget_destroy(dialog); #endif } void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { GtkWidget *user, *pass; user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");; pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass"); if (gtk_toggle_button_get_active(togglebutton)) { gtk_widget_set_sensitive(user, FALSE); gtk_widget_set_sensitive(pass, FALSE); } else { gtk_widget_set_sensitive(user, TRUE); gtk_widget_set_sensitive(pass, TRUE); } } void on_btnClear_clicked(GtkButton * button, gpointer user_data) { GtkWidget *output; GtkTextBuffer *outputbuf; output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); gtk_text_buffer_set_text(outputbuf, "", -1); } hydra-8.1/hydra-gtk/src/callbacks.h0000755000175000010010000000201712441064457015644 0ustar marcNone#include int update_statusbar(); void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data); void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data); void on_btnStart_clicked(GtkButton * button, gpointer user_data); void on_wndMain_destroy(GtkObject * object, gpointer user_data); void on_btnStop_clicked(GtkButton * button, gpointer user_data); gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); void on_btnSave_clicked(GtkButton * button, gpointer user_data); gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data); void on_btnClear_clicked(GtkButton * button, gpointer user_data); hydra-8.1/hydra-gtk/src/interface.c0000644000175000010010000015643512441064457015673 0ustar marcNone /* * DO NOT EDIT THIS FILE - it is generated by Glade. */ #ifdef HAVE_CONFIG_H #include #endif #include #include #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include "callbacks.h" #include "interface.h" #include "support.h" #define GLADE_HOOKUP_OBJECT(component,widget,name) \ g_object_set_data_full (G_OBJECT (component), name, \ gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref) #define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \ g_object_set_data (G_OBJECT (component), name, widget) GtkWidget *create_wndMain(void) { GtkWidget *wndMain; GtkWidget *vbox1; GtkWidget *menubar1; GtkWidget *quit1; GtkWidget *ntbMain; GtkWidget *vbox5; GtkWidget *frame11; GtkWidget *table8; GtkWidget *cmbProtocol; GList *cmbProtocol_items = NULL; GtkWidget *entProtocol; GtkWidget *label7; GtkObject *spnPort_adj; GtkWidget *spnPort; GtkWidget *label6; GtkWidget *radioTarget2; GSList *radioTarget2_group = NULL; GtkWidget *entTargetFile; GtkWidget *entTarget; GtkWidget *radioTarget1; GtkWidget *label28; GtkWidget *frame12; GtkWidget *table9; GtkWidget *chkVerbose; GtkWidget *chkDebug; GtkWidget *chkAttempts; GtkWidget *chkIPV6; GtkWidget *chkSSL; GtkWidget *chkServiceDetails; GtkWidget *chkCompleteHelp; GtkWidget *label29; GtkWidget *label1; GtkWidget *vbox2; GtkWidget *frmUsername; GtkWidget *table2; GtkWidget *entUsernameFile; GtkWidget *entUsername; GtkWidget *chkUsernameLoop; GtkWidget *radioUsername1; GSList *radioUsername1_group = NULL; GtkWidget *radioUsername2; GtkWidget *label8; GtkWidget *frmPass; GtkWidget *table3; GtkWidget *entPassFile; GtkWidget *entPass; GtkWidget *radioPass1; GSList *radioPass1_group = NULL; GtkWidget *radioPass2; GtkWidget *radioGenerate; GtkWidget *entGeneration; GtkWidget *labelpass; GtkWidget *frame8; GtkWidget *table5; GtkWidget *chkColon; GtkWidget *entColonFile; GtkWidget *label20; GtkWidget *table6; GtkWidget *chkPassLogin; GtkWidget *chkPassNull; GtkWidget *chkPassReverse; GtkWidget *label2; GtkWidget *table4; GtkWidget *frame9; GtkWidget *table7; GtkWidget *label22; GtkWidget *entHTTPProxy; GtkWidget *chkProxyAuth; GtkWidget *label23; GtkWidget *entProxyUser; GtkWidget *label24; GtkWidget *entProxyPass; GtkWidget *label26; GtkWidget *hbox3; GtkWidget *radioProxy; GSList *radioProxy_group = NULL; GtkWidget *radioProxy2; GtkWidget *radioProxy3; GtkWidget *label21; GtkWidget *frame13; GtkWidget *table10; GtkWidget *chkExitf; GtkObject *spnTimeout_adj; GtkWidget *spnTimeout; GtkObject *spnTasks_adj; GtkWidget *spnTasks; GtkWidget *label32; GtkWidget *label31; GtkWidget *chkExitF; GtkWidget *chkNoErr; GtkWidget *label30; GtkWidget *label3; GtkWidget *vbox4; GtkWidget *frame10; GtkWidget *entHTTPProxyURL; GtkWidget *label27; GtkWidget *frame3; GtkWidget *entHTTPURL; GtkWidget *label15; GtkWidget *frame4; GtkWidget *entCiscoPass; GtkWidget *label16; GtkWidget *frame5; GtkWidget *entLDAPDN; GtkWidget *label17; GtkWidget *frame6; GtkWidget *hbox2; GtkWidget *chkLocal; GtkWidget *chkDomain; GtkWidget *chkNTLM; GtkWidget *label18; GtkWidget *frame7; GtkObject *spnSAPR3_adj; GtkWidget *spnSAPR3; GtkWidget *label19; GtkWidget *frame15; GtkWidget *entCVS; GtkWidget *label34; GtkWidget *frame17; GtkWidget *alignment1; GtkWidget *entTelnet; GtkWidget *label36; GtkWidget *frame16; GtkWidget *table11; GtkWidget *radioSNMPRead; GSList *radioSNMPRead_group = NULL; GtkWidget *radioSNMPWrite; GtkWidget *radioSNMPVer2; GSList *radioSNMPVer2_group = NULL; GtkWidget *radioSNMPVer1; GtkWidget *label35; GtkWidget *label14; GtkWidget *vbox3; GtkWidget *scrolledwindow1; GtkWidget *viewport1; GtkWidget *frame14; GtkWidget *txtOutput; GtkWidget *label33; GtkWidget *hbox1; GtkWidget *btnStart; GtkWidget *btnStop; GtkWidget *btnSave; GtkWidget *btnClear; GtkWidget *label4; GtkWidget *statusbar; GtkAccelGroup *accel_group; GtkTooltips *tooltips; tooltips = gtk_tooltips_new(); accel_group = gtk_accel_group_new(); wndMain = gtk_window_new(GTK_WINDOW_TOPLEVEL); gtk_widget_set_name(wndMain, "wndMain"); gtk_window_set_title(GTK_WINDOW(wndMain), "xHydra"); vbox1 = gtk_vbox_new(FALSE, 0); gtk_widget_set_name(vbox1, "vbox1"); gtk_widget_show(vbox1); gtk_container_add(GTK_CONTAINER(wndMain), vbox1); menubar1 = gtk_menu_bar_new(); gtk_widget_set_name(menubar1, "menubar1"); gtk_widget_show(menubar1); gtk_box_pack_start(GTK_BOX(vbox1), menubar1, FALSE, FALSE, 0); quit1 = gtk_image_menu_item_new_from_stock("gtk-quit", accel_group); gtk_widget_set_name(quit1, "quit1"); gtk_widget_show(quit1); gtk_container_add(GTK_CONTAINER(menubar1), quit1); ntbMain = gtk_notebook_new(); gtk_widget_set_name(ntbMain, "ntbMain"); gtk_widget_show(ntbMain); gtk_box_pack_start(GTK_BOX(vbox1), ntbMain, TRUE, TRUE, 0); vbox5 = gtk_vbox_new(FALSE, 0); gtk_widget_set_name(vbox5, "vbox5"); gtk_widget_show(vbox5); gtk_container_add(GTK_CONTAINER(ntbMain), vbox5); frame11 = gtk_frame_new(NULL); gtk_widget_set_name(frame11, "frame11"); gtk_widget_show(frame11); gtk_box_pack_start(GTK_BOX(vbox5), frame11, TRUE, TRUE, 0); table8 = gtk_table_new(5, 2, FALSE); gtk_widget_set_name(table8, "table8"); gtk_widget_show(table8); gtk_container_add(GTK_CONTAINER(frame11), table8); cmbProtocol = gtk_combo_new(); g_object_set_data(G_OBJECT(GTK_COMBO(cmbProtocol)->popwin), "GladeParentKey", cmbProtocol); gtk_widget_set_name(cmbProtocol, "cmbProtocol"); gtk_widget_show(cmbProtocol); gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco-enable"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cvs"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "firebird"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ftp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ftps"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-head"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-get"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-get-form"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-post-form"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-proxy"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-proxy-urlenum"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-head"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-get"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-get-form"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-post-form"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "icq"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "irc"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "imap"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap2"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-crammd5"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-digestmd5"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mssql"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mysql"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ncp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "nntp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "oracle"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "oracle-listener"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "oracle-sid"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pcnfs"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pop3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pcanywhere"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "postgres"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rdp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smtp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ssh"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sshkey"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "svn"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "teamspeak"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "telnet"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "vnc"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "vmauthd"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "xmpp"); gtk_combo_set_popdown_strings(GTK_COMBO(cmbProtocol), cmbProtocol_items); g_list_free(cmbProtocol_items); entProtocol = GTK_COMBO(cmbProtocol)->entry; gtk_widget_set_name(entProtocol, "entProtocol"); gtk_widget_show(entProtocol); gtk_tooltips_set_tip(tooltips, entProtocol, "The protocol to use for the login/password cracking attempt", NULL); label7 = gtk_label_new("Protocol"); gtk_widget_set_name(label7, "label7"); gtk_widget_show(label7); gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label7), 0, 0.5); spnPort_adj = gtk_adjustment_new(0, 0, 65535, 1, 10, 0); spnPort = gtk_spin_button_new(GTK_ADJUSTMENT(spnPort_adj), 1, 0); gtk_widget_set_name(spnPort, "spnPort"); gtk_widget_show(spnPort); gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnPort, "select the port on which the daemon you want to brute force runs, 0 means default", NULL); label6 = gtk_label_new("Port"); gtk_widget_set_name(label6, "label6"); gtk_widget_show(label6); gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5); chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6"); gtk_widget_set_name(chkIPV6, "chkIPV6"); gtk_widget_show(chkIPV6); gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkIPV6, "Enable to use IPV6", NULL); radioTarget2 = gtk_radio_button_new_with_mnemonic(NULL, "Target List"); gtk_widget_set_name(radioTarget2, "radioTarget2"); gtk_widget_show(radioTarget2); gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget2), radioTarget2_group); radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget2)); entTargetFile = gtk_entry_new(); gtk_widget_set_name(entTargetFile, "entTargetFile"); gtk_widget_show(entTargetFile); gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entTargetFile, "A file which contains the targets to attack. One entry per line. IP\naddresses and/or DNS names.", NULL); entTarget = gtk_entry_new(); gtk_widget_set_name(entTarget, "entTarget"); gtk_widget_show(entTarget); gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entTarget, "The target to attack - DNS name or IP address", NULL); gtk_entry_set_text(GTK_ENTRY(entTarget), "127.0.0.1"); radioTarget1 = gtk_radio_button_new_with_mnemonic(NULL, "Single Target"); gtk_widget_set_name(radioTarget1, "radioTarget1"); gtk_widget_show(radioTarget1); gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget1), radioTarget2_group); radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioTarget1), TRUE); label28 = gtk_label_new("Target"); gtk_widget_set_name(label28, "label28"); gtk_widget_show(label28); gtk_frame_set_label_widget(GTK_FRAME(frame11), label28); frame12 = gtk_frame_new(NULL); gtk_widget_set_name(frame12, "frame12"); gtk_widget_show(frame12); gtk_box_pack_start(GTK_BOX(vbox5), frame12, TRUE, TRUE, 0); table9 = gtk_table_new(3, 2, FALSE); gtk_widget_set_name(table9, "table9"); gtk_widget_show(table9); gtk_container_add(GTK_CONTAINER(frame12), table9); chkVerbose = gtk_check_button_new_with_mnemonic("Be Verbose"); gtk_widget_set_name(chkVerbose, "chkVerbose"); gtk_widget_show(chkVerbose); gtk_table_attach(GTK_TABLE(table9), chkVerbose, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkVerbose, "be verbose", NULL); chkDebug = gtk_check_button_new_with_mnemonic("Debug"); gtk_widget_set_name(chkDebug, "chkDebug"); gtk_widget_show(chkDebug); gtk_table_attach(GTK_TABLE(table9), chkDebug, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkDebug, "Enable debug mode", NULL); chkAttempts = gtk_check_button_new_with_mnemonic("Show Attempts"); gtk_widget_set_name(chkAttempts, "chkAttempts"); gtk_widget_show(chkAttempts); gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkAttempts, "Show attempts", NULL); chkSSL = gtk_check_button_new_with_mnemonic("Use SSL"); gtk_widget_set_name(chkSSL, "chkSSL"); gtk_widget_show(chkSSL); gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!", NULL); chkServiceDetails = gtk_check_button_new_with_mnemonic ("Service Module Usage Details"); gtk_widget_set_name (chkServiceDetails, "chkServiceDetails"); gtk_widget_show (chkServiceDetails); gtk_table_attach (GTK_TABLE (table9), chkServiceDetails, 1, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip (tooltips, chkServiceDetails, "Service Module Usage Details", NULL); chkCompleteHelp = gtk_check_button_new_with_mnemonic ("COMPLETE HELP"); gtk_widget_set_name (chkCompleteHelp, "chkCompleteHelp"); gtk_widget_show (chkCompleteHelp); gtk_table_attach (GTK_TABLE (table9), chkCompleteHelp, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip (tooltips, chkCompleteHelp, "Complete Help", NULL); label29 = gtk_label_new("Output Options"); gtk_widget_set_name(label29, "label29"); gtk_widget_show(label29); gtk_frame_set_label_widget(GTK_FRAME(frame12), label29); label1 = gtk_label_new("Target"); gtk_widget_set_name(label1, "label1"); gtk_widget_show(label1); gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 0), label1); vbox2 = gtk_vbox_new(FALSE, 0); gtk_widget_set_name(vbox2, "vbox2"); gtk_widget_show(vbox2); gtk_container_add(GTK_CONTAINER(ntbMain), vbox2); frmUsername = gtk_frame_new(NULL); gtk_widget_set_name(frmUsername, "frmUsername"); gtk_widget_show(frmUsername); gtk_box_pack_start(GTK_BOX(vbox2), frmUsername, TRUE, TRUE, 0); table2 = gtk_table_new(3, 2, FALSE); gtk_widget_set_name(table2, "table2"); gtk_widget_show(table2); gtk_container_add(GTK_CONTAINER(frmUsername), table2); entUsernameFile = gtk_entry_new(); gtk_widget_set_name(entUsernameFile, "entUsernameFile"); gtk_widget_show(entUsernameFile); gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entUsernameFile, "File with user logins, one entry per line", NULL); entUsername = gtk_entry_new(); gtk_widget_set_name(entUsername, "entUsername"); gtk_widget_show(entUsername); gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entUsername, "The login to use", NULL); gtk_entry_set_text(GTK_ENTRY(entUsername), "yourname"); radioUsername1 = gtk_radio_button_new_with_mnemonic(NULL, "Username"); gtk_widget_set_name(radioUsername1, "radioUsername1"); gtk_widget_show(radioUsername1); gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername1), radioUsername1_group); radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioUsername1), TRUE); radioUsername2 = gtk_radio_button_new_with_mnemonic(NULL, "Username List"); gtk_widget_set_name(radioUsername2, "radioUsername2"); gtk_widget_show(radioUsername2); gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername2), radioUsername1_group); radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername2)); chkUsernameLoop = gtk_check_button_new_with_mnemonic("Loop around users"); gtk_widget_set_name(chkUsernameLoop, "chkUsernameLoop"); gtk_widget_show(chkUsernameLoop); gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkUsernameLoop, "Enable this option to loop around users not passwords", NULL); label8 = gtk_label_new("Username"); gtk_widget_set_name(label8, "label8"); gtk_widget_show(label8); gtk_frame_set_label_widget(GTK_FRAME(frmUsername), label8); frmPass = gtk_frame_new(NULL); gtk_widget_set_name(frmPass, "frmPass"); gtk_widget_show(frmPass); gtk_box_pack_start(GTK_BOX(vbox2), frmPass, TRUE, TRUE, 0); table3 = gtk_table_new (3, 2, FALSE); gtk_widget_set_name(table3, "table3"); gtk_widget_show(table3); gtk_container_add(GTK_CONTAINER(frmPass), table3); entPassFile = gtk_entry_new(); gtk_widget_set_name(entPassFile, "entPassFile"); gtk_widget_show(entPassFile); gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entPassFile, "File with passwords to try, one entry per line", NULL); entPass = gtk_entry_new(); gtk_widget_set_name(entPass, "entPass"); gtk_widget_show(entPass); gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entPass, "The password to try", NULL); gtk_entry_set_text(GTK_ENTRY(entPass), "yourpass"); radioPass1 = gtk_radio_button_new_with_mnemonic(NULL, "Password"); gtk_widget_set_name(radioPass1, "radioPass1"); gtk_widget_show(radioPass1); gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass1), radioPass1_group); radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioPass1), TRUE); radioPass2 = gtk_radio_button_new_with_mnemonic(NULL, "Password List"); gtk_widget_set_name(radioPass2, "radioPass2"); gtk_widget_show(radioPass2); gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass2), radioPass1_group); radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass2)); radioGenerate = gtk_radio_button_new_with_mnemonic (NULL, "Generate"); gtk_widget_set_name (radioGenerate, "radioGenerate"); gtk_widget_show (radioGenerate); gtk_table_attach (GTK_TABLE (table3), radioGenerate, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group (GTK_RADIO_BUTTON (radioGenerate), radioPass1_group); radioPass1_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (radioGenerate)); entGeneration = gtk_entry_new (); gtk_widget_set_name (entGeneration, "entGeneration"); gtk_widget_show (entGeneration); gtk_table_attach (GTK_TABLE (table3), entGeneration, 1, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip (tooltips, entGeneration, "Generate passwords", NULL); gtk_entry_set_text (GTK_ENTRY (entGeneration), "1:1:a"); labelpass = gtk_label_new("Password"); gtk_widget_set_name(labelpass, "labelpass"); gtk_widget_show(labelpass); gtk_frame_set_label_widget(GTK_FRAME(frmPass), labelpass); frame8 = gtk_frame_new(NULL); gtk_widget_set_name(frame8, "frame8"); gtk_widget_show(frame8); gtk_box_pack_start(GTK_BOX(vbox2), frame8, TRUE, TRUE, 0); table5 = gtk_table_new(1, 2, FALSE); gtk_widget_set_name(table5, "table5"); gtk_widget_show(table5); gtk_container_add(GTK_CONTAINER(frame8), table5); chkColon = gtk_check_button_new_with_mnemonic("Use Colon separated file"); gtk_widget_set_name(chkColon, "chkColon"); gtk_widget_show(chkColon); gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkColon, "\"Enable this option to use a colon file for login/password attempts", NULL); entColonFile = gtk_entry_new(); gtk_widget_set_name(entColonFile, "entColonFile"); gtk_widget_show(entColonFile); gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entColonFile, "The colon file to use, each line has to be structured like \"mylogin:mypass\"", NULL); label20 = gtk_label_new("Colon separated file"); gtk_widget_set_name(label20, "label20"); gtk_widget_show(label20); gtk_frame_set_label_widget(GTK_FRAME(frame8), label20); table6 = gtk_table_new(1, 3, FALSE); gtk_widget_set_name(table6, "table6"); gtk_widget_show(table6); gtk_box_pack_start(GTK_BOX(vbox2), table6, TRUE, TRUE, 0); chkPassLogin = gtk_check_button_new_with_mnemonic("Try login as password"); gtk_widget_set_name(chkPassLogin, "chkPassLogin"); gtk_widget_show(chkPassLogin); gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkPassLogin, "Enable this option to try the login as password, in addition to the password/file", NULL); chkPassNull = gtk_check_button_new_with_mnemonic("Try empty password"); gtk_widget_set_name(chkPassNull, "chkPassNull"); gtk_widget_show(chkPassNull); gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkPassNull, "Enable this option to try an empty password, in addition to the password/file", NULL); chkPassReverse = gtk_check_button_new_with_mnemonic ("Try reversed login"); gtk_widget_set_name (chkPassReverse, "chkPassReverse"); gtk_widget_show (chkPassReverse); gtk_table_attach (GTK_TABLE (table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip (tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL); label2 = gtk_label_new("Passwords"); gtk_widget_set_name(label2, "label2"); gtk_widget_show(label2); gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 1), label2); table4 = gtk_table_new(2, 1, FALSE); gtk_widget_set_name(table4, "table4"); gtk_widget_show(table4); gtk_container_add(GTK_CONTAINER(ntbMain), table4); frame9 = gtk_frame_new(NULL); gtk_widget_set_name(frame9, "frame9"); gtk_widget_show(frame9); gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0); table7 = gtk_table_new(5, 2, FALSE); gtk_widget_set_name(table7, "table7"); gtk_widget_show(table7); gtk_container_add(GTK_CONTAINER(frame9), table7); label22 = gtk_label_new("Proxy "); gtk_widget_set_name(label22, "label22"); gtk_widget_show(label22); gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label22), 0, 0.5); entHTTPProxy = gtk_entry_new(); gtk_widget_set_name(entHTTPProxy, "entHTTPProxy"); gtk_widget_show(entHTTPProxy); gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entHTTPProxy, "The address of the proxy. Syntax: \"http://123.45.67.89:8080\"", NULL); gtk_entry_set_text(GTK_ENTRY(entHTTPProxy), "http://127.0.0.1:8080"); chkProxyAuth = gtk_check_button_new_with_mnemonic("Proxy needs authentication"); gtk_widget_set_name(chkProxyAuth, "chkProxyAuth"); gtk_widget_show(chkProxyAuth); gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkProxyAuth, "Enable this if the proxy requires authenticatio", NULL); label23 = gtk_label_new("Username"); gtk_widget_set_name(label23, "label23"); gtk_widget_show(label23); gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label23), 0, 0.5); entProxyUser = gtk_entry_new(); gtk_widget_set_name(entProxyUser, "entProxyUser"); gtk_widget_show(entProxyUser); gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entProxyUser, "The user name for proxy authentication", NULL); gtk_entry_set_text(GTK_ENTRY(entProxyUser), "yourname"); label24 = gtk_label_new("Password"); gtk_widget_set_name(label24, "label24"); gtk_widget_show(label24); gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label24), 0, 0.5); entProxyPass = gtk_entry_new(); gtk_widget_set_name(entProxyPass, "entProxyPass"); gtk_widget_show(entProxyPass); gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entProxyPass, "The password for proxy authentication", NULL); gtk_entry_set_text(GTK_ENTRY(entProxyPass), "yourpass"); label26 = gtk_label_new(""); gtk_widget_set_name(label26, "label26"); gtk_widget_show(label26); gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (0), 0, 0); gtk_misc_set_alignment(GTK_MISC(label26), 0, 0.5); hbox3 = gtk_hbox_new(FALSE, 0); gtk_widget_set_name(hbox3, "hbox3"); gtk_widget_show(hbox3); gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); radioProxy = gtk_radio_button_new_with_mnemonic(NULL, "No Proxy"); gtk_widget_set_name(radioProxy, "radioProxy"); gtk_widget_show(radioProxy); gtk_box_pack_start(GTK_BOX(hbox3), radioProxy, TRUE, TRUE, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioProxy), radioProxy_group); radioProxy_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioProxy)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioProxy), TRUE); radioProxy2 = gtk_radio_button_new_with_mnemonic(NULL, "HTTP Method"); gtk_widget_set_name(radioProxy2, "radioProxy2"); gtk_widget_show(radioProxy2); gtk_box_pack_start(GTK_BOX(hbox3), radioProxy2, TRUE, TRUE, 0); gtk_tooltips_set_tip(tooltips, radioProxy2, "Enable this to use a proxy for scanning ( Only for HTTP Module )", NULL); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioProxy2), radioProxy_group); radioProxy_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioProxy2)); radioProxy3 = gtk_radio_button_new_with_mnemonic(NULL, "CONNECT Method"); gtk_widget_set_name(radioProxy3, "radioProxy3"); gtk_widget_show(radioProxy3); gtk_box_pack_start(GTK_BOX(hbox3), radioProxy3, TRUE, TRUE, 0); gtk_tooltips_set_tip(tooltips, radioProxy3, "Enable this to use a proxy for scanning", NULL); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioProxy3), radioProxy_group); radioProxy_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioProxy3)); label21 = gtk_label_new("Use a HTTP/HTTPS Proxy"); gtk_widget_set_name(label21, "label21"); gtk_widget_show(label21); gtk_frame_set_label_widget(GTK_FRAME(frame9), label21); frame13 = gtk_frame_new(NULL); gtk_widget_set_name(frame13, "frame13"); gtk_widget_show(frame13); gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); table10 = gtk_table_new(5, 2, FALSE); gtk_widget_set_name(table10, "table10"); gtk_widget_show(table10); gtk_container_add(GTK_CONTAINER(frame13), table10); chkExitf = gtk_check_button_new_with_mnemonic("Exit after first found pair (per host)"); gtk_widget_set_name(chkExitf, "chkExitf"); gtk_widget_show(chkExitf); gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkExitf, "Enable this to stop all attacking processes once a valid login/password pair is found (per host)", NULL); spnTimeout_adj = gtk_adjustment_new(30, 0, 295, 1, 10, 0); spnTimeout = gtk_spin_button_new(GTK_ADJUSTMENT(spnTimeout_adj), 1, 0); gtk_widget_set_name(spnTimeout, "spnTimeout"); gtk_widget_show(spnTimeout); gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnTimeout, "The maximum timeout an attack process is waiting for a response from the target", NULL); spnTasks_adj = gtk_adjustment_new(16, 0, 128, 1, 10, 0); spnTasks = gtk_spin_button_new(GTK_ADJUSTMENT(spnTasks_adj), 1, 0); gtk_widget_set_name(spnTasks, "spnTasks"); gtk_widget_show(spnTasks); gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnTasks, "The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice", NULL); label32 = gtk_label_new("Timeout"); gtk_widget_set_name(label32, "label32"); gtk_widget_show(label32); gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label32), 0, 0.5); label31 = gtk_label_new("Number of Tasks"); gtk_widget_set_name(label31, "label31"); gtk_widget_show(label31); gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label31), 0, 0.5); chkExitF = gtk_check_button_new_with_mnemonic ("Exit after first found pair (global)"); gtk_widget_set_name (chkExitF, "chkExitF"); gtk_widget_show (chkExitF); gtk_table_attach (GTK_TABLE (table10), chkExitF, 0, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip (tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL); chkNoErr = gtk_check_button_new_with_mnemonic ("Do not print messages about connection errors"); gtk_widget_set_name (chkNoErr, "chkNoErr"); gtk_widget_show (chkNoErr); gtk_table_attach (GTK_TABLE (table10), chkNoErr, 0, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_tooltips_set_tip (tooltips, chkNoErr, "Do not print messages about connection errors", NULL); label30 = gtk_label_new("Performance Options"); gtk_widget_set_name(label30, "label30"); gtk_widget_show(label30); gtk_frame_set_label_widget(GTK_FRAME(frame13), label30); label3 = gtk_label_new("Tuning"); gtk_widget_set_name(label3, "label3"); gtk_widget_show(label3); gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 2), label3); vbox4 = gtk_vbox_new(FALSE, 0); gtk_widget_set_name(vbox4, "vbox4"); gtk_widget_show(vbox4); gtk_container_add(GTK_CONTAINER(ntbMain), vbox4); frame10 = gtk_frame_new(NULL); gtk_widget_set_name(frame10, "frame10"); gtk_widget_show(frame10); gtk_box_pack_start(GTK_BOX(vbox4), frame10, TRUE, TRUE, 0); entHTTPProxyURL = gtk_entry_new(); gtk_widget_set_name(entHTTPProxyURL, "entHTTPProxyURL"); gtk_widget_show(entHTTPProxyURL); gtk_container_add(GTK_CONTAINER(frame10), entHTTPProxyURL); gtk_tooltips_set_tip(tooltips, entHTTPProxyURL, "URL to connect to via the proxy", NULL); gtk_entry_set_text(GTK_ENTRY(entHTTPProxyURL), "www.suse.com"); label27 = gtk_label_new("http-proxy url / http-proxy-urlenum credential module"); gtk_widget_set_name(label27, "label27"); gtk_widget_show(label27); gtk_frame_set_label_widget(GTK_FRAME(frame10), label27); frame3 = gtk_frame_new(NULL); gtk_widget_set_name(frame3, "frame3"); gtk_widget_show(frame3); gtk_box_pack_start(GTK_BOX(vbox4), frame3, TRUE, TRUE, 0); entHTTPURL = gtk_entry_new(); gtk_widget_set_name(entHTTPURL, "entHTTPURL"); gtk_widget_show(entHTTPURL); gtk_container_add(GTK_CONTAINER(frame3), entHTTPURL); gtk_tooltips_set_tip(tooltips, entHTTPURL, "The protected URL you want to access", NULL); gtk_entry_set_text(GTK_ENTRY(entHTTPURL), "/foo/bar/protected.html"); label15 = gtk_label_new("http / https url"); gtk_widget_set_name(label15, "label15"); gtk_widget_show(label15); gtk_frame_set_label_widget(GTK_FRAME(frame3), label15); frame4 = gtk_frame_new(NULL); gtk_widget_set_name(frame4, "frame4"); gtk_widget_show(frame4); gtk_box_pack_start(GTK_BOX(vbox4), frame4, TRUE, TRUE, 0); entCiscoPass = gtk_entry_new(); gtk_widget_set_name(entCiscoPass, "entCiscoPass"); gtk_widget_show(entCiscoPass); gtk_container_add(GTK_CONTAINER(frame4), entCiscoPass); gtk_tooltips_set_tip(tooltips, entCiscoPass, "The password to the cisco device", NULL); gtk_entry_set_text(GTK_ENTRY(entCiscoPass), "password"); label16 = gtk_label_new("Cisco Enable, Login for Cisco device"); gtk_widget_set_name(label16, "label16"); gtk_widget_show(label16); gtk_frame_set_label_widget(GTK_FRAME(frame4), label16); frame5 = gtk_frame_new(NULL); gtk_widget_set_name(frame5, "frame5"); gtk_widget_show(frame5); gtk_box_pack_start(GTK_BOX(vbox4), frame5, TRUE, TRUE, 0); entLDAPDN = gtk_entry_new(); gtk_widget_set_name(entLDAPDN, "entLDAPDN"); gtk_widget_show(entLDAPDN); gtk_container_add(GTK_CONTAINER(frame5), entLDAPDN); gtk_tooltips_set_tip(tooltips, entLDAPDN, "The DN scope of ldap to authenticate against", NULL); gtk_entry_set_text(GTK_ENTRY(entLDAPDN), "dn-scope"); label17 = gtk_label_new("LDAP DN"); gtk_widget_set_name(label17, "label17"); gtk_widget_show(label17); gtk_frame_set_label_widget(GTK_FRAME(frame5), label17); frame6 = gtk_frame_new(NULL); gtk_widget_set_name(frame6, "frame6"); gtk_widget_show(frame6); gtk_box_pack_start(GTK_BOX(vbox4), frame6, TRUE, TRUE, 0); hbox2 = gtk_hbox_new(FALSE, 0); gtk_widget_set_name(hbox2, "hbox2"); gtk_widget_show(hbox2); gtk_container_add(GTK_CONTAINER(frame6), hbox2); chkLocal = gtk_check_button_new_with_mnemonic("local accounts"); gtk_widget_set_name(chkLocal, "chkLocal"); gtk_widget_show(chkLocal); gtk_box_pack_start(GTK_BOX(hbox2), chkLocal, TRUE, TRUE, 0); gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts", NULL); chkDomain = gtk_check_button_new_with_mnemonic("domain accounts"); gtk_widget_set_name(chkDomain, "chkDomain"); gtk_widget_show(chkDomain); gtk_box_pack_start(GTK_BOX(hbox2), chkDomain, TRUE, TRUE, 0); gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts", NULL); chkNTLM = gtk_check_button_new_with_mnemonic("Interpret passes as NTLM hashes"); gtk_widget_set_name(chkNTLM, "chkNTLM"); gtk_widget_show(chkNTLM); gtk_box_pack_start(GTK_BOX(hbox2), chkNTLM, FALSE, FALSE, 0); gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes", NULL); label18 = gtk_label_new("SMB"); gtk_widget_set_name(label18, "label18"); gtk_widget_show(label18); gtk_frame_set_label_widget(GTK_FRAME(frame6), label18); frame7 = gtk_frame_new(NULL); gtk_widget_set_name(frame7, "frame7"); gtk_widget_show(frame7); gtk_box_pack_start(GTK_BOX(vbox4), frame7, TRUE, TRUE, 0); spnSAPR3_adj = gtk_adjustment_new(1, 0, 99, 1, 10, 0); spnSAPR3 = gtk_spin_button_new(GTK_ADJUSTMENT(spnSAPR3_adj), 1, 0); gtk_widget_set_name(spnSAPR3, "spnSAPR3"); gtk_widget_show(spnSAPR3); gtk_container_add(GTK_CONTAINER(frame7), spnSAPR3); gtk_tooltips_set_tip(tooltips, spnSAPR3, "The client id you want to attack, something between 0 and 99", NULL); label19 = gtk_label_new("sapr3 client id"); gtk_widget_set_name(label19, "label19"); gtk_widget_show(label19); gtk_frame_set_label_widget(GTK_FRAME(frame7), label19); frame15 = gtk_frame_new(NULL); gtk_widget_set_name(frame15, "frame15"); gtk_widget_show(frame15); gtk_box_pack_start(GTK_BOX(vbox4), frame15, TRUE, TRUE, 0); entCVS = gtk_entry_new(); gtk_widget_set_name(entCVS, "entCVS"); gtk_widget_show(entCVS); gtk_container_add(GTK_CONTAINER(frame15), entCVS); gtk_tooltips_set_tip(tooltips, entCVS, "Directory of the CVS/SVN repository", NULL); gtk_entry_set_text(GTK_ENTRY(entCVS), "trunk"); label34 = gtk_label_new("CVS/SVN Repository"); gtk_widget_set_name(label34, "label34"); gtk_widget_show(label34); gtk_frame_set_label_widget(GTK_FRAME(frame15), label34); frame17 = gtk_frame_new(NULL); gtk_widget_set_name(frame17, "frame17"); gtk_widget_show(frame17); gtk_box_pack_start(GTK_BOX(vbox4), frame17, TRUE, TRUE, 0); alignment1 = gtk_alignment_new(0.5, 0.5, 1, 1); gtk_widget_set_name(alignment1, "alignment1"); gtk_widget_show(alignment1); gtk_container_add(GTK_CONTAINER(frame17), alignment1); entTelnet = gtk_entry_new(); gtk_widget_set_name(entTelnet, "entTelnet"); gtk_widget_show(entTelnet); gtk_container_add(GTK_CONTAINER(alignment1), entTelnet); gtk_tooltips_set_tip(tooltips, entTelnet, "Insert the return string for a succesfull login", NULL); label36 = gtk_label_new("Telnet - Successful Login String"); gtk_widget_set_name(label36, "label36"); gtk_widget_show(label36); gtk_frame_set_label_widget(GTK_FRAME(frame17), label36); gtk_label_set_use_markup(GTK_LABEL(label36), TRUE); frame16 = gtk_frame_new(NULL); gtk_widget_set_name(frame16, "frame16"); gtk_widget_show(frame16); gtk_box_pack_start(GTK_BOX(vbox4), frame16, TRUE, TRUE, 0); table11 = gtk_table_new(2, 2, FALSE); gtk_widget_set_name(table11, "table11"); gtk_widget_show(table11); gtk_container_add(GTK_CONTAINER(frame16), table11); radioSNMPRead = gtk_radio_button_new_with_mnemonic(NULL, "Write Password"); gtk_widget_set_name(radioSNMPRead, "radioSNMPRead"); gtk_widget_show(radioSNMPRead); gtk_table_attach(GTK_TABLE(table11), radioSNMPRead, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPRead), radioSNMPRead_group); radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPRead)); radioSNMPWrite = gtk_radio_button_new_with_mnemonic(NULL, "Read Password"); gtk_widget_set_name(radioSNMPWrite, "radioSNMPWrite"); gtk_widget_show(radioSNMPWrite); gtk_table_attach(GTK_TABLE(table11), radioSNMPWrite, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPWrite), radioSNMPRead_group); radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPWrite)); radioSNMPVer2 = gtk_radio_button_new_with_mnemonic(NULL, "Version 2"); gtk_widget_set_name(radioSNMPVer2, "radioSNMPVer2"); gtk_widget_show(radioSNMPVer2); gtk_table_attach(GTK_TABLE(table11), radioSNMPVer2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer2), radioSNMPVer2_group); radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer2)); radioSNMPVer1 = gtk_radio_button_new_with_mnemonic(NULL, "Version 1"); gtk_widget_set_name(radioSNMPVer1, "radioSNMPVer1"); gtk_widget_show(radioSNMPVer1); gtk_table_attach(GTK_TABLE(table11), radioSNMPVer1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer1), radioSNMPVer2_group); radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer1)); label35 = gtk_label_new("SNMP"); gtk_widget_set_name(label35, "label35"); gtk_widget_show(label35); gtk_frame_set_label_widget(GTK_FRAME(frame16), label35); label14 = gtk_label_new("Specific"); gtk_widget_set_name(label14, "label14"); gtk_widget_show(label14); gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 3), label14); vbox3 = gtk_vbox_new(FALSE, 0); gtk_widget_set_name(vbox3, "vbox3"); gtk_widget_show(vbox3); gtk_container_add(GTK_CONTAINER(ntbMain), vbox3); scrolledwindow1 = gtk_scrolled_window_new(NULL, NULL); gtk_widget_set_name(scrolledwindow1, "scrolledwindow1"); gtk_widget_show(scrolledwindow1); gtk_box_pack_start(GTK_BOX(vbox3), scrolledwindow1, TRUE, TRUE, 0); gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolledwindow1), GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC); viewport1 = gtk_viewport_new(NULL, NULL); gtk_widget_set_name(viewport1, "viewport1"); gtk_widget_show(viewport1); gtk_container_add(GTK_CONTAINER(scrolledwindow1), viewport1); frame14 = gtk_frame_new(NULL); gtk_widget_set_name(frame14, "frame14"); gtk_widget_show(frame14); gtk_container_add(GTK_CONTAINER(viewport1), frame14); txtOutput = gtk_text_view_new(); gtk_widget_set_name(txtOutput, "txtOutput"); gtk_widget_show(txtOutput); gtk_container_add(GTK_CONTAINER(frame14), txtOutput); gtk_text_view_set_editable(GTK_TEXT_VIEW(txtOutput), FALSE); label33 = gtk_label_new("Output"); gtk_widget_set_name(label33, "label33"); gtk_widget_show(label33); gtk_frame_set_label_widget(GTK_FRAME(frame14), label33); hbox1 = gtk_hbox_new(FALSE, 0); gtk_widget_set_name(hbox1, "hbox1"); gtk_widget_show(hbox1); gtk_box_pack_start(GTK_BOX(vbox3), hbox1, FALSE, TRUE, 0); btnStart = gtk_button_new_with_mnemonic("Start"); gtk_widget_set_name(btnStart, "btnStart"); gtk_widget_show(btnStart); gtk_box_pack_start(GTK_BOX(hbox1), btnStart, TRUE, FALSE, 0); gtk_tooltips_set_tip(tooltips, btnStart, "start hydra", NULL); btnStop = gtk_button_new_with_mnemonic("Stop"); gtk_widget_set_name(btnStop, "btnStop"); gtk_widget_show(btnStop); gtk_box_pack_start(GTK_BOX(hbox1), btnStop, TRUE, FALSE, 0); gtk_tooltips_set_tip(tooltips, btnStop, "stop hydra", NULL); btnSave = gtk_button_new_with_mnemonic("Save Output"); gtk_widget_set_name(btnSave, "btnSave"); gtk_widget_show(btnSave); gtk_box_pack_start(GTK_BOX(hbox1), btnSave, TRUE, FALSE, 0); gtk_tooltips_set_tip(tooltips, btnSave, "save output", NULL); btnClear = gtk_button_new_with_mnemonic("Clear Output"); gtk_widget_set_name(btnClear, "btnClear"); gtk_widget_show(btnClear); gtk_box_pack_start(GTK_BOX(hbox1), btnClear, TRUE, FALSE, 0); gtk_tooltips_set_tip(tooltips, btnClear, "clear screen", NULL); label4 = gtk_label_new("Start"); gtk_widget_set_name(label4, "label4"); gtk_widget_show(label4); gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 4), label4); statusbar = gtk_statusbar_new(); gtk_widget_set_name(statusbar, "statusbar"); gtk_widget_show(statusbar); gtk_box_pack_start(GTK_BOX(vbox1), statusbar, FALSE, FALSE, 0); g_signal_connect((gpointer) wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL); g_signal_connect((gpointer) quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL); g_signal_connect((gpointer) entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL); g_signal_connect((gpointer) entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL); g_signal_connect((gpointer) entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL); g_signal_connect((gpointer) chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL); g_signal_connect((gpointer) entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL); g_signal_connect((gpointer) btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL); g_signal_connect((gpointer) btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL); g_signal_connect((gpointer) btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL); g_signal_connect((gpointer) btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL); /* Store pointers to all widgets, for use by lookup_widget(). */ GLADE_HOOKUP_OBJECT_NO_REF(wndMain, wndMain, "wndMain"); GLADE_HOOKUP_OBJECT(wndMain, vbox1, "vbox1"); GLADE_HOOKUP_OBJECT(wndMain, menubar1, "menubar1"); GLADE_HOOKUP_OBJECT(wndMain, quit1, "quit1"); GLADE_HOOKUP_OBJECT(wndMain, ntbMain, "ntbMain"); GLADE_HOOKUP_OBJECT(wndMain, vbox5, "vbox5"); GLADE_HOOKUP_OBJECT(wndMain, frame11, "frame11"); GLADE_HOOKUP_OBJECT(wndMain, table8, "table8"); GLADE_HOOKUP_OBJECT(wndMain, cmbProtocol, "cmbProtocol"); GLADE_HOOKUP_OBJECT(wndMain, entProtocol, "entProtocol"); GLADE_HOOKUP_OBJECT(wndMain, label7, "label7"); GLADE_HOOKUP_OBJECT(wndMain, spnPort, "spnPort"); GLADE_HOOKUP_OBJECT(wndMain, label6, "label6"); GLADE_HOOKUP_OBJECT(wndMain, radioTarget2, "radioTarget2"); GLADE_HOOKUP_OBJECT(wndMain, entTargetFile, "entTargetFile"); GLADE_HOOKUP_OBJECT(wndMain, entTarget, "entTarget"); GLADE_HOOKUP_OBJECT(wndMain, radioTarget1, "radioTarget1"); GLADE_HOOKUP_OBJECT(wndMain, label28, "label28"); GLADE_HOOKUP_OBJECT(wndMain, frame12, "frame12"); GLADE_HOOKUP_OBJECT(wndMain, table9, "table9"); GLADE_HOOKUP_OBJECT(wndMain, chkVerbose, "chkVerbose"); GLADE_HOOKUP_OBJECT(wndMain, chkDebug, "chkDebug"); GLADE_HOOKUP_OBJECT(wndMain, chkAttempts, "chkAttempts"); GLADE_HOOKUP_OBJECT(wndMain, chkIPV6, "chkIPV6"); GLADE_HOOKUP_OBJECT(wndMain, chkSSL, "chkSSL"); GLADE_HOOKUP_OBJECT(wndMain, chkServiceDetails, "chkServiceDetails"); GLADE_HOOKUP_OBJECT(wndMain, chkCompleteHelp, "chkCompleteHelp"); GLADE_HOOKUP_OBJECT(wndMain, label29, "label29"); GLADE_HOOKUP_OBJECT(wndMain, label1, "label1"); GLADE_HOOKUP_OBJECT(wndMain, vbox2, "vbox2"); GLADE_HOOKUP_OBJECT(wndMain, frmUsername, "frmUsername"); GLADE_HOOKUP_OBJECT(wndMain, table2, "table2"); GLADE_HOOKUP_OBJECT(wndMain, entUsernameFile, "entUsernameFile"); GLADE_HOOKUP_OBJECT(wndMain, entUsername, "entUsername"); GLADE_HOOKUP_OBJECT(wndMain, radioUsername1, "radioUsername1"); GLADE_HOOKUP_OBJECT(wndMain, chkUsernameLoop, "chkUsernameLoop"); GLADE_HOOKUP_OBJECT(wndMain, radioUsername2, "radioUsername2"); GLADE_HOOKUP_OBJECT(wndMain, label8, "label8"); GLADE_HOOKUP_OBJECT(wndMain, frmPass, "frmPass"); GLADE_HOOKUP_OBJECT(wndMain, table3, "table3"); GLADE_HOOKUP_OBJECT(wndMain, entPassFile, "entPassFile"); GLADE_HOOKUP_OBJECT(wndMain, entPass, "entPass"); GLADE_HOOKUP_OBJECT(wndMain, radioPass1, "radioPass1"); GLADE_HOOKUP_OBJECT(wndMain, radioPass2, "radioPass2"); GLADE_HOOKUP_OBJECT(wndMain, radioGenerate, "radioGenerate"); GLADE_HOOKUP_OBJECT(wndMain, entGeneration, "entGeneration"); GLADE_HOOKUP_OBJECT(wndMain, labelpass, "labelpass"); GLADE_HOOKUP_OBJECT(wndMain, frame8, "frame8"); GLADE_HOOKUP_OBJECT(wndMain, table5, "table5"); GLADE_HOOKUP_OBJECT(wndMain, chkColon, "chkColon"); GLADE_HOOKUP_OBJECT(wndMain, entColonFile, "entColonFile"); GLADE_HOOKUP_OBJECT(wndMain, label20, "label20"); GLADE_HOOKUP_OBJECT(wndMain, table6, "table6"); GLADE_HOOKUP_OBJECT(wndMain, chkPassLogin, "chkPassLogin"); GLADE_HOOKUP_OBJECT(wndMain, chkPassNull, "chkPassNull"); GLADE_HOOKUP_OBJECT(wndMain, chkPassReverse, "chkPassReverse"); GLADE_HOOKUP_OBJECT(wndMain, label2, "label2"); GLADE_HOOKUP_OBJECT(wndMain, table4, "table4"); GLADE_HOOKUP_OBJECT(wndMain, frame9, "frame9"); GLADE_HOOKUP_OBJECT(wndMain, table7, "table7"); GLADE_HOOKUP_OBJECT(wndMain, label22, "label22"); GLADE_HOOKUP_OBJECT(wndMain, entHTTPProxy, "entHTTPProxy"); GLADE_HOOKUP_OBJECT(wndMain, chkProxyAuth, "chkProxyAuth"); GLADE_HOOKUP_OBJECT(wndMain, label23, "label23"); GLADE_HOOKUP_OBJECT(wndMain, entProxyUser, "entProxyUser"); GLADE_HOOKUP_OBJECT(wndMain, label24, "label24"); GLADE_HOOKUP_OBJECT(wndMain, entProxyPass, "entProxyPass"); GLADE_HOOKUP_OBJECT(wndMain, label26, "label26"); GLADE_HOOKUP_OBJECT(wndMain, hbox3, "hbox3"); GLADE_HOOKUP_OBJECT(wndMain, radioProxy, "radioProxy"); GLADE_HOOKUP_OBJECT(wndMain, radioProxy2, "radioProxy2"); GLADE_HOOKUP_OBJECT(wndMain, radioProxy3, "radioProxy3"); GLADE_HOOKUP_OBJECT(wndMain, label21, "label21"); GLADE_HOOKUP_OBJECT(wndMain, frame13, "frame13"); GLADE_HOOKUP_OBJECT(wndMain, table10, "table10"); GLADE_HOOKUP_OBJECT(wndMain, chkExitf, "chkExitf"); GLADE_HOOKUP_OBJECT(wndMain, spnTimeout, "spnTimeout"); GLADE_HOOKUP_OBJECT(wndMain, spnTasks, "spnTasks"); GLADE_HOOKUP_OBJECT(wndMain, label32, "label32"); GLADE_HOOKUP_OBJECT(wndMain, label31, "label31"); GLADE_HOOKUP_OBJECT(wndMain, chkExitF, "chkExitF"); GLADE_HOOKUP_OBJECT(wndMain, chkNoErr, "chkNoErr"); GLADE_HOOKUP_OBJECT(wndMain, label30, "label30"); GLADE_HOOKUP_OBJECT(wndMain, label3, "label3"); GLADE_HOOKUP_OBJECT(wndMain, vbox4, "vbox4"); GLADE_HOOKUP_OBJECT(wndMain, frame10, "frame10"); GLADE_HOOKUP_OBJECT(wndMain, entHTTPProxyURL, "entHTTPProxyURL"); GLADE_HOOKUP_OBJECT(wndMain, label27, "label27"); GLADE_HOOKUP_OBJECT(wndMain, frame3, "frame3"); GLADE_HOOKUP_OBJECT(wndMain, entHTTPURL, "entHTTPURL"); GLADE_HOOKUP_OBJECT(wndMain, label15, "label15"); GLADE_HOOKUP_OBJECT(wndMain, frame4, "frame4"); GLADE_HOOKUP_OBJECT(wndMain, entCiscoPass, "entCiscoPass"); GLADE_HOOKUP_OBJECT(wndMain, label16, "label16"); GLADE_HOOKUP_OBJECT(wndMain, frame5, "frame5"); GLADE_HOOKUP_OBJECT(wndMain, entLDAPDN, "entLDAPDN"); GLADE_HOOKUP_OBJECT(wndMain, label17, "label17"); GLADE_HOOKUP_OBJECT(wndMain, frame6, "frame6"); GLADE_HOOKUP_OBJECT(wndMain, hbox2, "hbox2"); GLADE_HOOKUP_OBJECT(wndMain, chkLocal, "chkLocal"); GLADE_HOOKUP_OBJECT(wndMain, chkDomain, "chkDomain"); GLADE_HOOKUP_OBJECT(wndMain, chkNTLM, "chkNTLM"); GLADE_HOOKUP_OBJECT(wndMain, label18, "label18"); GLADE_HOOKUP_OBJECT(wndMain, frame7, "frame7"); GLADE_HOOKUP_OBJECT(wndMain, spnSAPR3, "spnSAPR3"); GLADE_HOOKUP_OBJECT(wndMain, label19, "label19"); GLADE_HOOKUP_OBJECT(wndMain, frame15, "frame15"); GLADE_HOOKUP_OBJECT(wndMain, entCVS, "entCVS"); GLADE_HOOKUP_OBJECT(wndMain, label34, "label34"); GLADE_HOOKUP_OBJECT(wndMain, frame17, "frame17"); GLADE_HOOKUP_OBJECT(wndMain, alignment1, "alignment1"); GLADE_HOOKUP_OBJECT(wndMain, entTelnet, "entTelnet"); GLADE_HOOKUP_OBJECT(wndMain, label36, "label36"); GLADE_HOOKUP_OBJECT(wndMain, frame16, "frame16"); GLADE_HOOKUP_OBJECT(wndMain, table11, "table11"); GLADE_HOOKUP_OBJECT(wndMain, radioSNMPRead, "radioSNMPRead"); GLADE_HOOKUP_OBJECT(wndMain, radioSNMPWrite, "radioSNMPWrite"); GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer2, "radioSNMPVer2"); GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer1, "radioSNMPVer1"); GLADE_HOOKUP_OBJECT(wndMain, label35, "label35"); GLADE_HOOKUP_OBJECT(wndMain, label14, "label14"); GLADE_HOOKUP_OBJECT(wndMain, vbox3, "vbox3"); GLADE_HOOKUP_OBJECT(wndMain, scrolledwindow1, "scrolledwindow1"); GLADE_HOOKUP_OBJECT(wndMain, viewport1, "viewport1"); GLADE_HOOKUP_OBJECT(wndMain, frame14, "frame14"); GLADE_HOOKUP_OBJECT(wndMain, txtOutput, "txtOutput"); GLADE_HOOKUP_OBJECT(wndMain, label33, "label33"); GLADE_HOOKUP_OBJECT(wndMain, hbox1, "hbox1"); GLADE_HOOKUP_OBJECT(wndMain, btnStart, "btnStart"); GLADE_HOOKUP_OBJECT(wndMain, btnStop, "btnStop"); GLADE_HOOKUP_OBJECT(wndMain, btnSave, "btnSave"); GLADE_HOOKUP_OBJECT(wndMain, btnClear, "btnClear"); GLADE_HOOKUP_OBJECT(wndMain, label4, "label4"); GLADE_HOOKUP_OBJECT(wndMain, statusbar, "statusbar"); GLADE_HOOKUP_OBJECT_NO_REF(wndMain, tooltips, "tooltips"); gtk_window_add_accel_group(GTK_WINDOW(wndMain), accel_group); return wndMain; } hydra-8.1/hydra-gtk/src/interface.h0000755000175000010010000000013712441064457015666 0ustar marcNone /* * DO NOT EDIT THIS FILE - it is generated by Glade. */ GtkWidget *create_wndMain(void); hydra-8.1/hydra-gtk/src/main.c0000755000175000010010000000412512441064457014646 0ustar marcNone /* * Initial main.c file generated by Glade. Edit as required. * Glade will not overwrite this file. */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include "interface.h" #include "support.h" #include "callbacks.h" char *hydra_path1 = "./hydra"; char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra"; int main(int argc, char *argv[]) { extern GtkWidget *wndMain; int i; extern guint message_id; GtkWidget *output; GtkTextBuffer *outputbuf; gtk_set_locale(); gtk_init(&argc, &argv); add_pixmap_directory(PACKAGE_DATA_DIR "/" PACKAGE "/pixmaps"); /* initialize the message id */ message_id = 0; /* locate the hydra binary */ HYDRA_BIN = NULL; for (i = 0; i < argc - 1; i++) { if (!strcmp(argv[i], "--hydra-path")) { HYDRA_BIN = argv[i + 1]; break; } } if ((HYDRA_BIN != NULL) && (g_file_test(HYDRA_BIN, G_FILE_TEST_IS_EXECUTABLE))) { /* just for obfuscation *g* */ } else if (g_file_test(hydra_path1, G_FILE_TEST_IS_EXECUTABLE)) { HYDRA_BIN = hydra_path1; } else if (g_file_test(hydra_path2, G_FILE_TEST_IS_EXECUTABLE)) { HYDRA_BIN = hydra_path2; } else if (g_file_test(hydra_path3, G_FILE_TEST_IS_EXECUTABLE)) { HYDRA_BIN = hydra_path3; } else { g_error("Please tell me where hydra is, use --hydra-path\n"); return -1; } /* create window and show it */ wndMain = create_wndMain(); gtk_widget_show(wndMain); /* if we cant use the new cool file chooser, the save button gets disabled */ #ifndef GTK_TYPE_FILE_CHOOSER GtkWidget *btnSave; btnSave = lookup_widget(GTK_WIDGET(wndMain), "btnSave"); gtk_widget_set_sensitive(btnSave, FALSE); #endif /* update the statusbar every now and then */ g_timeout_add(600, update_statusbar, NULL); /* we want bold text in the output window */ output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); gtk_text_buffer_create_tag(outputbuf, "bold", "weight", PANGO_WEIGHT_BOLD, NULL); /* he ho, lets go! */ gtk_main(); return 0; } hydra-8.1/hydra-gtk/src/Makefile.am0000755000175000010010000000053712441064457015615 0ustar marcNone## Process this file with automake to produce Makefile.in INCLUDES = \ -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ -DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \ @PACKAGE_CFLAGS@ bin_PROGRAMS = xhydra xhydra_SOURCES = \ main.c \ support.c support.h \ interface.c interface.h \ callbacks.c callbacks.h xhydra_LDADD = @PACKAGE_LIBS@ hydra-8.1/hydra-gtk/src/Makefile.in0000755000175000010010000002107612441064457015627 0ustar marcNone# Makefile.in generated automatically by automake 1.4-p6 from Makefile.am # Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. SHELL = @SHELL@ srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ libexecdir = @libexecdir@ datadir = @datadir@ sysconfdir = @sysconfdir@ sharedstatedir = @sharedstatedir@ localstatedir = @localstatedir@ libdir = @libdir@ infodir = @infodir@ mandir = @mandir@ includedir = @includedir@ oldincludedir = /usr/include DESTDIR = pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ top_builddir = .. ACLOCAL = @ACLOCAL@ AUTOCONF = @AUTOCONF@ AUTOMAKE = @AUTOMAKE@ AUTOHEADER = @AUTOHEADER@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ transform = @program_transform_name@ NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : CC = @CC@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ PACKAGE_LIBS = @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ INCLUDES = -DPACKAGE_DATA_DIR=\""$(datadir)"\" -DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" @PACKAGE_CFLAGS@ bin_PROGRAMS = xhydra xhydra_SOURCES = main.c support.c support.h interface.c interface.h callbacks.c callbacks.h xhydra_LDADD = @PACKAGE_LIBS@ mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = ../config.h CONFIG_CLEAN_FILES = PROGRAMS = $(bin_PROGRAMS) DEFS = @DEFS@ -I. -I$(srcdir) -I.. CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ LIBS = @LIBS@ xhydra_OBJECTS = main.o support.o interface.o callbacks.o xhydra_DEPENDENCIES = xhydra_LDFLAGS = CFLAGS = @CFLAGS@ COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ DIST_COMMON = Makefile.am Makefile.in DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) TAR = tar GZIP_ENV = --best DEP_FILES = .deps/callbacks.P .deps/interface.P .deps/main.P \ .deps/support.P SOURCES = $(xhydra_SOURCES) OBJECTS = $(xhydra_OBJECTS) all: all-redirect .SUFFIXES: .SUFFIXES: .S .c .o .s $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES) cd $(top_builddir) \ && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status mostlyclean-binPROGRAMS: clean-binPROGRAMS: -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) distclean-binPROGRAMS: maintainer-clean-binPROGRAMS: install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(bindir) @list='$(bin_PROGRAMS)'; for p in $$list; do \ if test -f $$p; then \ echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ else :; fi; \ done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) list='$(bin_PROGRAMS)'; for p in $$list; do \ rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ done .s.o: $(COMPILE) -c $< .S.o: $(COMPILE) -c $< mostlyclean-compile: -rm -f *.o core *.core clean-compile: distclean-compile: -rm -f *.tab.c maintainer-clean-compile: xhydra: $(xhydra_OBJECTS) $(xhydra_DEPENDENCIES) @rm -f xhydra $(LINK) $(xhydra_LDFLAGS) $(xhydra_OBJECTS) $(xhydra_LDADD) $(LIBS) tags: TAGS ID: $(HEADERS) $(SOURCES) $(LISP) list='$(SOURCES) $(HEADERS)'; \ unique=`for i in $$list; do echo $$i; done | \ awk ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ here=`pwd` && cd $(srcdir) \ && mkid -f$$here/ID $$unique $(LISP) TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS)'; \ unique=`for i in $$list; do echo $$i; done | \ awk ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) mostlyclean-tags: clean-tags: distclean-tags: -rm -f TAGS ID maintainer-clean-tags: distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) subdir = src distdir: $(DISTFILES) here=`cd $(top_builddir) && pwd`; \ top_distdir=`cd $(top_distdir) && pwd`; \ distdir=`cd $(distdir) && pwd`; \ cd $(top_srcdir) \ && $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --gnu src/Makefile @for file in $(DISTFILES); do \ d=$(srcdir); \ if test -d $$d/$$file; then \ cp -pr $$d/$$file $(distdir)/$$file; \ else \ test -f $(distdir)/$$file \ || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ || cp -p $$d/$$file $(distdir)/$$file || :; \ fi; \ done DEPS_MAGIC := $(shell mkdir .deps > /dev/null 2>&1 || :) -include $(DEP_FILES) mostlyclean-depend: clean-depend: distclean-depend: -rm -rf .deps maintainer-clean-depend: %.o: %.c @echo '$(COMPILE) -c $<'; \ $(COMPILE) -Wp,-MD,.deps/$(*F).pp -c $< @-cp .deps/$(*F).pp .deps/$(*F).P; \ tr ' ' '\012' < .deps/$(*F).pp \ | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \ >> .deps/$(*F).P; \ rm .deps/$(*F).pp %.lo: %.c @echo '$(LTCOMPILE) -c $<'; \ $(LTCOMPILE) -Wp,-MD,.deps/$(*F).pp -c $< @-sed -e 's/^\([^:]*\)\.o[ ]*:/\1.lo \1.o :/' \ < .deps/$(*F).pp > .deps/$(*F).P; \ tr ' ' '\012' < .deps/$(*F).pp \ | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \ >> .deps/$(*F).P; \ rm -f .deps/$(*F).pp info-am: info: info-am dvi-am: dvi: dvi-am check-am: all-am check: check-am installcheck-am: installcheck: installcheck-am install-exec-am: install-binPROGRAMS install-exec: install-exec-am install-data-am: install-data: install-data-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am install: install-am uninstall-am: uninstall-binPROGRAMS uninstall: uninstall-am all-am: Makefile $(PROGRAMS) all-redirect: all-am install-strip: $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install installdirs: $(mkinstalldirs) $(DESTDIR)$(bindir) mostlyclean-generic: clean-generic: distclean-generic: -rm -f Makefile $(CONFIG_CLEAN_FILES) -rm -f config.cache config.log stamp-h stamp-h[0-9]* maintainer-clean-generic: mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-compile \ mostlyclean-tags mostlyclean-depend mostlyclean-generic mostlyclean: mostlyclean-am clean-am: clean-binPROGRAMS clean-compile clean-tags clean-depend \ clean-generic mostlyclean-am clean: clean-am distclean-am: distclean-binPROGRAMS distclean-compile distclean-tags \ distclean-depend distclean-generic clean-am distclean: distclean-am maintainer-clean-am: maintainer-clean-binPROGRAMS \ maintainer-clean-compile maintainer-clean-tags \ maintainer-clean-depend maintainer-clean-generic \ distclean-am @echo "This command is intended for maintainers to use;" @echo "it deletes files that may require special tools to rebuild." maintainer-clean: maintainer-clean-am .PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \ maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \ mostlyclean-compile distclean-compile clean-compile \ maintainer-clean-compile tags mostlyclean-tags distclean-tags \ clean-tags maintainer-clean-tags distdir mostlyclean-depend \ distclean-depend clean-depend maintainer-clean-depend info-am info \ dvi-am dvi check check-am installcheck-am installcheck install-exec-am \ install-exec install-data-am install-data install-am install \ uninstall-am uninstall all-redirect all-am all installdirs \ mostlyclean-generic distclean-generic clean-generic \ maintainer-clean-generic clean mostlyclean distclean maintainer-clean # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: hydra-8.1/hydra-gtk/src/support.c0000755000175000010010000000606512441064457015443 0ustar marcNone /* * DO NOT EDIT THIS FILE - it is generated by Glade. */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include #include "support.h" GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { GtkWidget *parent, *found_widget; for (;;) { if (GTK_IS_MENU(widget)) parent = gtk_menu_get_attach_widget(GTK_MENU(widget)); else parent = widget->parent; if (!parent) parent = (GtkWidget *) g_object_get_data(G_OBJECT(widget), "GladeParentKey"); if (parent == NULL) break; widget = parent; } found_widget = (GtkWidget *) g_object_get_data(G_OBJECT(widget), widget_name); if (!found_widget) g_warning("Widget not found: %s", widget_name); return found_widget; } static GList *pixmaps_directories = NULL; /* Use this function to set the directory containing installed pixmaps. */ void add_pixmap_directory(const gchar * directory) { pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); } /* This is an internally used function to find pixmap files. */ static gchar *find_pixmap_file(const gchar * filename) { GList *elem; /* We step through each of the pixmaps directory to find it. */ elem = pixmaps_directories; while (elem) { gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data, G_DIR_SEPARATOR_S, filename); if (g_file_test(pathname, G_FILE_TEST_EXISTS)) return pathname; g_free(pathname); elem = elem->next; } return NULL; } /* This is an internally used function to create pixmaps. */ GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) { gchar *pathname = NULL; GtkWidget *pixmap; if (!filename || !filename[0]) return gtk_image_new(); pathname = find_pixmap_file(filename); if (!pathname) { g_warning("Couldn't find pixmap file: %s", filename); return gtk_image_new(); } pixmap = gtk_image_new_from_file(pathname); g_free(pathname); return pixmap; } /* This is an internally used function to create pixmaps. */ GdkPixbuf *create_pixbuf(const gchar * filename) { gchar *pathname = NULL; GdkPixbuf *pixbuf; GError *error = NULL; if (!filename || !filename[0]) return NULL; pathname = find_pixmap_file(filename); if (!pathname) { g_warning("Couldn't find pixmap file: %s", filename); return NULL; } pixbuf = gdk_pixbuf_new_from_file(pathname, &error); if (!pixbuf) { fprintf(stderr, "Failed to load pixbuf file: %s: %s\n", pathname, error->message); g_error_free(error); } g_free(pathname); return pixbuf; } /* This is used to set ATK action descriptions. */ void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description) { gint n_actions, i; n_actions = atk_action_get_n_actions(action); for (i = 0; i < n_actions; i++) { if (!strcmp(atk_action_get_name(action, i), action_name)) atk_action_set_description(action, i, description); } } hydra-8.1/hydra-gtk/src/support.h0000755000175000010010000000213412441064457015441 0ustar marcNone /* * DO NOT EDIT THIS FILE - it is generated by Glade. */ #ifdef HAVE_CONFIG_H #include #endif #include /* * Public Functions. */ /* * This function returns a widget in a component created by Glade. * Call it with the toplevel widget in the component (i.e. a window/dialog), * or alternatively any widget in the component, and the name of the widget * you want returned. */ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name); /* Use this function to set the directory containing installed pixmaps. */ void add_pixmap_directory(const gchar * directory); /* * Private Functions. */ /* This is used to create the pixmaps used in the interface. */ GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename); /* This is used to create the pixbufs used in the interface. */ GdkPixbuf *create_pixbuf(const gchar * filename); /* This is used to set ATK action descriptions. */ void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description); GtkWidget *wndMain; char *HYDRA_BIN; guint message_id; hydra-8.1/hydra-gtk/stamp-h.in0000755000175000010010000000001212441064457014657 0ustar marcNonetimestamp hydra-8.1/hydra-gtk/xhydra.glade0000755000175000010010000032043712441064457015273 0ustar marcNone True HydraGTK GTK_WINDOW_TOPLEVEL GTK_WIN_POS_NONE False True False True False False GDK_WINDOW_TYPE_HINT_NORMAL GDK_GRAVITY_NORTH_WEST True False 0 True True gtk-quit True 0 False False True True True True GTK_POS_TOP False False True False 0 True 0 0.5 GTK_SHADOW_ETCHED_IN True 5 2 False 0 0 True False True False True False True The protocol to use for the login/password cracking attempt True True True 0 True * False True GTK_SELECTION_BROWSE True True cisco True True cisco-enable True True cvs True True firebird True True ftp True True http-head True True http-get True True http-form-get True True http-form-post True True http-proxy True True https-head True True https-get True True icq True True imap True True ldap2 True True ldap3 True True mysql True True ncp True True nntp True True pcnfs True True pop3 True True postgres True True pcanywhere True True vmauthd True True rexec True True rlogin True True rsh True True sapr3 True True sip True True smb True True smtp True True snmp True True socks5 True True ssh2 True True svn True True teamspeak True True telnet True True vnc True True sshkey True True s7-300 True True True True afp True True ftps True True http-get-form True True http-post-form True True http-proxy-url True True https-get-form True True https-post-form True True irc True True ldap3-crammd5 True True ldap3-digestmd5 True True mssql True True oracle True True oracle-sid True True oracle-listener True True rdp True True ssh True True xmpp 1 2 4 5 expand|shrink expand True Protocol False False GTK_JUSTIFY_LEFT False False 0 0.5 0 0 0 1 4 5 expand|shrink expand True select the port on which the daemon you want to brute force runs, 0 means default True 1 0 False GTK_UPDATE_ALWAYS False False 0 0 100 1 10 10 1 2 3 4 expand|shrink expand True Port False False GTK_JUSTIFY_LEFT False False 0 0.5 0 0 0 1 2 4 expand|shrink expand True Prefer IPV6 True Use IPV6 True GTK_RELIEF_NORMAL True False False True 0 2 2 3 expand|shrink expand True True Target List True GTK_RELIEF_NORMAL True False False True 0 1 1 2 expand|shrink expand True A file which contains the targets to attack. One entry per line. IP addresses and/or DNS names. True True True 0 True * False 1 2 1 2 expand|shrink expand True The target to attack - DNS name or IP address True True True 0 127.0.0.1 True * False 1 2 0 1 expand|shrink expand True True Single Target True GTK_RELIEF_NORMAL True True False True radioTarget2 0 1 0 1 expand|shrink expand True Target False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True 2 2 False 0 0 True be verbose True Be Verbose True GTK_RELIEF_NORMAL True False False True 1 2 0 1 expand|shrink expand True Enable debug mode True Debug True GTK_RELIEF_NORMAL True False False True 1 2 1 2 expand|shrink expand True Show attempts True Show Attempts True GTK_RELIEF_NORMAL True False False True 0 1 1 2 expand|shrink expand True Enable to use SSL (the target must have SSL enabled! True Use SSL True GTK_RELIEF_NORMAL True False False True 0 1 0 1 expand|shrink expand True Output Options False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True False True True Target False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 tab True False 0 True 0 0.5 GTK_SHADOW_ETCHED_IN True 2 2 False 0 0 True File with user logins, one entry per line True True True 0 True * False 1 2 1 2 expand|shrink expand|shrink True The login to use True True True 0 yourname True * False 1 2 0 1 expand|shrink expand|shrink True True Username True GTK_RELIEF_NORMAL True True False True 0 1 0 1 expand|shrink expand|shrink True True Username List True GTK_RELIEF_NORMAL True False False True radioUsername1 0 1 1 2 expand|shrink expand|shrink True Username False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True 2 2 False 0 0 True File with passwords to try, one entry per line True True True 0 True * False 1 2 1 2 expand|shrink expand|shrink True The password to try True True True 0 yourpass True * False 1 2 0 1 expand|shrink expand|shrink True True Password True GTK_RELIEF_NORMAL True True False True 0 1 0 1 expand|shrink expand|shrink True True Password List True GTK_RELIEF_NORMAL True False False True radioPass1 0 1 1 2 expand|shrink expand|shrink True Password False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True 1 2 False 0 0 True "Enable this option to use a colon file for login/password attempts True Use Colon separated file True GTK_RELIEF_NORMAL True False False True 0 1 0 1 expand|shrink expand True The colon file to use, each line has to be structured like "mylogin:mypass" True True True 0 True * False 1 2 0 1 expand|shrink expand True Colon separated file False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 1 2 False 0 0 True Enable this option to try the login as password, in addition to the password/file True Try login as password True GTK_RELIEF_NORMAL True False False True 0 1 0 1 expand|shrink expand True Enable this option to try an empty password, in addition to the password/file True Try empty password True GTK_RELIEF_NORMAL True False False True 1 2 0 1 expand|shrink expand 0 True True False True True Passwords False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 tab True 2 1 False 0 0 True 0 0.5 GTK_SHADOW_ETCHED_IN True 5 2 False 0 0 True Proxy False False GTK_JUSTIFY_LEFT False False 0 0.5 0 0 0 1 1 2 expand|shrink expand True The address of the proxy. Syntax: "http://123.45.67.89:8080" True True True 0 http://127.0.0.1:8080 True * False 1 2 1 2 expand|shrink expand True Enable this if the proxy requires authenticatio True Proxy needs authentication True GTK_RELIEF_NORMAL True False False True 0 1 2 3 expand|shrink expand True Username False False GTK_JUSTIFY_LEFT False False 0 0.5 0 0 0 1 3 4 expand|shrink expand True The user name for proxy authentication True True True 0 yourname True * False 1 2 3 4 expand|shrink expand True Password False False GTK_JUSTIFY_LEFT False False 0 0.5 0 0 0 1 4 5 expand|shrink expand True The password for proxy authentication True True True 0 yourpass True * False 1 2 4 5 expand|shrink expand True False False GTK_JUSTIFY_LEFT False False 0 0.5 0 0 1 2 2 3 fill True False 0 True True No Proxy True GTK_RELIEF_NORMAL True True False True 0 True True True Enable this to use a proxy for scanning ( Only for HTTP Module ) True HTTP Method True GTK_RELIEF_NORMAL True False False True radioProxy 0 True True True Enable this to use a proxy for scanning True CONNECT Method True GTK_RELIEF_NORMAL True False False True radioProxy 0 True True 0 2 0 1 expand|shrink|fill True Use a HTTP/HTTPS Proxy False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 1 1 2 expand|shrink|fill expand|shrink|fill True 0 0.5 GTK_SHADOW_ETCHED_IN True 3 2 False 0 0 True Enable this to stop all attacking processes once a valid login/password pair is found True Exit after first found pair True GTK_RELIEF_NORMAL True False False True 0 2 2 3 expand|shrink expand True The maximum timeout an attack process is waiting for a response from the target True 1 0 False GTK_UPDATE_ALWAYS False False 30 0 100 1 10 10 1 2 1 2 expand|shrink expand True The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice True 1 0 False GTK_UPDATE_ALWAYS False False 40 0 100 1 10 10 1 2 0 1 expand|shrink expand True Timeout False False GTK_JUSTIFY_LEFT False False 0 0.5 0 0 0 1 1 2 expand|shrink expand True Number of Tasks False False GTK_JUSTIFY_LEFT False False 0 0.5 0 0 0 1 0 1 expand|shrink expand True Performance Options False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 1 0 1 fill False True True Tuning False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 tab True False 0 True 0 0.5 GTK_SHADOW_ETCHED_IN True URL to connect to via the proxy True True True 0 www.suse.com True * False True http-proxy module False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True The protected URL you want to access True True True 0 /foo/bar/protected.html True * False True http / https url False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True The password to the cisco device True True True 0 password True * False True Cisco Enable, Login for Cisco device False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True The DN scope of ldap to authenticate against True True True 0 dn-scope True * False True LDAP DN False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True False 0 True Just attack local accounts True local accounts True GTK_RELIEF_NORMAL True False False True 0 True True True Attack domain and local accounts True domain accounts True GTK_RELIEF_NORMAL True False False True 0 True True True Interpret passes as NTML hashes True Interpret passes as NTLM hashes True GTK_RELIEF_NORMAL True False False True 0 False False True SMBNT False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True The client id you want to attack, something between 0 and 99 True 1 0 False GTK_UPDATE_ALWAYS False False 1 0 99 1 10 10 True sapr3 client id False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True Directory of the CVS repository True True True 0 /hydra-gtk True * False True CVS/SVN Repository False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True 0.5 0.5 1 1 0 0 0 0 True Insert the return string for a succesfull login True True True 0 True * False True Telnet - Successful Login String False True GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True 0 0.5 GTK_SHADOW_ETCHED_IN True 2 2 False 0 0 True True Write Password True GTK_RELIEF_NORMAL True False False True 1 2 0 1 expand|shrink expand True True Read Password True GTK_RELIEF_NORMAL True False False True radioSNMPRead 1 2 1 2 expand|shrink expand True True Version 2 True GTK_RELIEF_NORMAL True False False True 0 1 1 2 expand|shrink expand True True Version 1 True GTK_RELIEF_NORMAL True False False True radioSNMPVer2 0 1 0 1 expand|shrink expand True SNMP False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True False True True Specific False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 tab True False 0 True True GTK_POLICY_AUTOMATIC GTK_POLICY_AUTOMATIC GTK_SHADOW_NONE GTK_CORNER_TOP_LEFT True GTK_SHADOW_IN True 0 0.5 GTK_SHADOW_ETCHED_IN True True False False True GTK_JUSTIFY_LEFT GTK_WRAP_NONE True 0 0 0 0 0 0 True Output False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 label_item 0 True True True False 0 True start hydra True Start True GTK_RELIEF_NORMAL True 0 True False True stop hydra True Stop True GTK_RELIEF_NORMAL True 0 True False True save output True Save Output True GTK_RELIEF_NORMAL True 0 True False True clear screen True Clear Output True GTK_RELIEF_NORMAL True 0 True False 0 False True False True True Start False False GTK_JUSTIFY_LEFT False False 0.5 0.5 0 0 tab 0 True True True True 0 False False hydra-8.1/hydra-gtk/xhydra.gladep0000755000175000010010000000055312441064457015445 0ustar marcNone Hydra_gtk xhydra FALSE FALSE TRUE hydra-8.1/hydra-http-form.c0000644000175000010010000010745712441064454014274 0ustar marcNone/* Hydra Form Module ----------------- The hydra form can be used to carry out a brute-force attack on simple web-based login forms that require username and password variables via either a GET or POST request. The module works similarly to the HTTP basic auth module and will honour proxy mode (with authenticaion) as well as SSL. The module can be invoked with the service names of "http-get-form", "http-post-form", "https-get-form" and "https-post-form". Here's a couple of examples: - ./hydra -l "" -P pass.txt 10.221.64.12 http-post-form "/irmlab2/testsso-auth.do:ID=^USER^&Password=^PASS^:Invalid Password" ./hydra -S -s 443 -l "" -P pass.txt 10.221.64.2 https-get-form "/irmlab1/vulnapp.php:username=^USER^&pass=^PASS^:incorrect" The option field (following the service field) takes three ":" separated values and an optional fourth value, the first is the page on the server to GET or POST to, the second is the POST/GET variables (taken from either the browser, or a proxy such as PAROS) with the varying usernames and passwords in the "^USER^" and "^PASS^" placeholders, the third is the string that it checks for an *invalid* or *valid* login - any exception to this is counted as a success. So please: * invalid condition login should be preceded by "F=" * valid condition login should be preceded by "S=". By default, if no header is found the condition is assume to be a fail, so checking for *invalid* login. The fourth optional value, can be a 'C' to define a different page to GET initial cookies from. If you specify the verbose flag (-v) it will show you the response from the HTTP server which is useful for checking the result of a failed login to find something to pattern match against. Module initially written by Phil Robinson, IRM Plc (releases@irmplc.com), rewritten by David Maciejak Fix and issue with strtok use and implement 1 step location follow if HTTP 3xx code is returned (david dot maciejak at gmail dot com) Added fail or success condition, getting cookies, and allow 5 redirections by david */ #include "hydra-mod.h" /* HTTP Header Types */ #define HEADER_TYPE_USERHEADER 'h' #define HEADER_TYPE_USERHEADER_REPL 'H' #define HEADER_TYPE_DEFAULT 'D' extern char *HYDRA_EXIT; char *buf; char *cond; typedef struct header_node { char *header; char *value; char type; struct header_node *next; } t_header_node, *ptr_header_node; int success_cond = 0; int getcookie = 1; int auth_flag = 0; char cookie[4096] = "", cmiscptr[1024]; extern char *webtarget; extern char *slash; int webport, freemischttpform = 0; char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1; #define MAX_REDIRECT 8 #define MAX_CONTENT_LENGTH 20 #define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; int redirected_flag = 0; int redirected_cpt = MAX_REDIRECT; char *cookie_request, *normal_request; // Buffers for HTTP headers /* * Function to perform some initial setup. */ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr); /* * Returns 1 if specified header exists, or 0 otherwise. */ ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, char type) { ptr_header_node cur_ptr = *ptr_head, found_header = NULL; for (cur_ptr = *ptr_head; cur_ptr && !found_header; cur_ptr = cur_ptr->next) if (cur_ptr->header && strcmp(cur_ptr->header, header_name) == 0 && cur_ptr->type == type) found_header = cur_ptr; return found_header; } /* * List layout: * +----------+ +--------+ +--------+ +--------+ * | ptr_head | --> | next | --> | next | --> | NULL | * | | | header | | header | | NULL | * | | | value | | value | | NULL | * +----------+ +--------+ +--------+ +--------+ * * Returns 1 if success, or 0 otherwise (out of memory). */ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) { ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; // get to the last header for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next); char *new_header = strdup(header); char *new_value = strdup(value); if (new_header && new_value) { if ((type == HEADER_TYPE_USERHEADER) || (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) { /* * We are in one of the following scenarios: * 1. A default header with no user-supplied headers that replace it. * 2. A user-supplied header that must be appended (option 'h'). * 3. A user-supplied header that must replace a default header (option 'h'), * but no default headers exist with that name. * * In either case we just add the header to the list. */ new_ptr = (ptr_header_node) malloc(sizeof(t_header_node)); if (!new_ptr) return 0; new_ptr->header = new_header; new_ptr->value = new_value; new_ptr->type = type; new_ptr->next = NULL; if (cur_ptr) cur_ptr->next = new_ptr; else { // head is NULL, so the list is empty *ptr_head = new_ptr; } } else if (type == HEADER_TYPE_USERHEADER_REPL && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) { // It's a user-supplied header that must replace a default one // Replace the default header's value with this new value free(existing_hdr->value); existing_hdr->value = new_value; existing_hdr->type = type; } } else { // we're out of memory, so forcefully end return 0; } return 1; } /* * Replace in all headers' values every occurrence of oldvalue by newvalue. * Only user-defined headers are considered. */ void hdrrep(ptr_header_node * ptr_head, char *oldvalue, char *newvalue) { ptr_header_node cur_ptr = NULL; for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) { cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue)); if (cur_ptr->value) strcpy(cur_ptr->value, newvalue); else { hydra_report(stderr, "[ERROR] Out of memory."); hydra_child_exit(0); } } } } /* * Replace the value of the default header named 'hdrname'. */ void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) { ptr_header_node cur_ptr = NULL; for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0) { cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value)); if (cur_ptr->value) strcpy(cur_ptr->value, new_value); else { hydra_report(stderr, "[ERROR] Out of memory"); hydra_child_exit(0); } } } } void cleanup(ptr_header_node * ptr_head) { ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr; while (next_ptr) { free(cur_ptr->header); free(cur_ptr->value); next_ptr = cur_ptr->next; } *ptr_head = NULL; } /* * Concat all the headers in the list in a single string. * Leave the list itself intact: do not clean it here. */ char *stringify_headers(ptr_header_node * ptr_head) { char *headers_str = NULL; ptr_header_node cur_ptr = *ptr_head; int ttl_size = 0; for (; cur_ptr; cur_ptr = cur_ptr->next) ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4; headers_str = (char *) malloc(ttl_size + 1); if (headers_str) { memset(headers_str, 0, ttl_size + 1); for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { strcat(headers_str, cur_ptr->header); strcat(headers_str, ": "); strcat(headers_str, cur_ptr->value); strcat(headers_str, "\r\n"); } } return headers_str; } char *prepare_http_request(char *type, char *path, char *params, char *headers) { unsigned int reqlen = 0; char *http_request = NULL; if (type && path && headers) { reqlen = strlen(path) + strlen(headers) + 20; if (params) reqlen += strlen(params); http_request = (char *) malloc(reqlen); if (http_request) { memset(http_request, 0, reqlen); // append the request verb (GET or POST) if (strcmp(type, "GET") == 0) strcat(http_request, "GET "); else strcat(http_request, "POST "); // append the request path strcat(http_request, path); // if GET, append the params now if (params && strcmp(type, "GET") == 0) { strcat(http_request, "?"); strcat(http_request, params); } // append the headers strcat(http_request, " HTTP/1.0\r\n"); strcat(http_request, headers); strcat(http_request, "\r\n"); // if POST, append the params now if (params && strcmp(type, "POST") == 0) strcat(http_request, params); } } return http_request; } int strpos(char *str, char *target) { char *res = strstr(str, target); if (res == NULL) return -1; else return res - str; } char *html_encode(char *string) { char *ret = string; if (ret == NULL) return NULL; if (index(ret, '%') != NULL) ret = hydra_strrep(ret, "%", "%25"); if (index(ret, ' ') != NULL) ret = hydra_strrep(ret, " ", "%20"); if (index(ret, '&') != NULL) ret = hydra_strrep(ret, "&", "%26"); if (index(ret, '#') != NULL) ret = hydra_strrep(ret, "&", "%23"); return ret; } /* int analyze_server_response(int socket) return 0 or 1 when the cond regex is matched return -1 if no response from server */ int analyze_server_response(int s) { int runs = 0; while ((buf = hydra_receive_line(s)) != NULL) { runs++; //check for http redirection if (strstr(buf, "HTTP/1.1 3") != NULL || strstr(buf, "HTTP/1.0 3") != NULL || strstr(buf, "Status: 3") != NULL) { redirected_flag = 1; } else if (strstr(buf, "HTTP/1.1 401") != NULL || strstr(buf, "HTTP/1.0 401") != NULL) { auth_flag = 1; } else if ((strstr(buf, "HTTP/1.1 403") != NULL) || (strstr(buf, "HTTP/1.1 404") != NULL) || (strstr(buf, "HTTP/1.0 403") != NULL) || (strstr(buf, "HTTP/1.0 404") != NULL)) { return 0; } if (hydra_strcasestr(buf, "Location: ") != NULL) { char *startloc, *endloc; char str[2048]; startloc = hydra_strcasestr(buf, "Location: ") + strlen("Location: "); strncpy(str, startloc, sizeof(str) - 1); str[sizeof(str) - 1] = 0; endloc = strchr(str, '\n'); if (endloc != NULL) *endloc = 0; endloc = strchr(str, '\r'); if (endloc != NULL) *endloc = 0; strcpy(redirected_url_buff, str); } //there can be multiple cookies if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) { char *cookiebuf = buf; do { char *startcookie, *endcookie1, *endcookie2; char str[1024], tmpcookie[4096] = "", tmpname[128] = "", *ptr, *ptr2; memset(str, 0, sizeof(str)); startcookie = hydra_strcasestr(cookiebuf, "Set-Cookie: ") + strlen("Set-Cookie: "); strncpy(str, startcookie, sizeof(str) - 1); str[sizeof(str) - 1] = 0; endcookie1 = strchr(str, '\n'); endcookie2 = strchr(str, ';'); //terminate string after cookie data if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))) { if (*(endcookie1 - 1) == '\r') endcookie1--; *endcookie1 = 0; } else if (endcookie2 != NULL) *endcookie2 = 0; // is the cookie already there? if yes, remove it! if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { strncpy(tmpname, startcookie, sizeof(tmpname) - 2); tmpname[sizeof(tmpname) - 2] = 0; ptr = index(tmpname, '='); *(++ptr) = 0; // is the cookie already in the cookiejar? (so, does it have to be replaced?) if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) { // yes it is. // if the cookie is not in the beginning of the cookiejar, copy the ones before if (ptr != cookie && *(ptr - 1) == ' ') { strncpy(tmpcookie, cookie, ptr - cookie - 2); tmpcookie[ptr - cookie - 2] = 0; } ptr += strlen(tmpname); // if there are any cookies after this one in the cookiejar, copy them over if ((ptr2 = strstr(ptr, "; ")) != NULL) { ptr2 += 2; strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1); } if (debug) printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie); strcpy(cookie, tmpcookie); } } ptr = index(str, '='); // only copy the cookie if it has a value (otherwise the server wants to delete the cookie) if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') { if (strlen(cookie) > 0) strncat(cookie, "; ", sizeof(cookie) - strlen(cookie) - 1); strncat(cookie, str, sizeof(cookie) - strlen(cookie) - 1); } cookiebuf = startcookie; } while (hydra_strcasestr(cookiebuf, "Set-Cookie: ") != NULL); } #ifdef HAVE_PCRE if (hydra_string_match(buf, cond) == 1) { #else if (strstr(buf, cond) != NULL) { #endif free(buf); // printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf); return 1; } // else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf); free(buf); } if (runs == 0) { if (debug) hydra_report(stderr, "DEBUG: no response from server\n"); return -1; } return 0; } void hydra_reconnect(int s, char *ip, int port, unsigned char options) { if (s >= 0) s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); } else { s = hydra_connect_ssl(ip, port); } } int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) { char *empty = ""; char *login, *pass, clogin[256], cpass[256]; char header[8096], *upd3variables; char *http_request; int found = !success_cond, i, j; char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); cookie[0] = 0; // reset cookies from potential previous attempt // Take the next login/pass pair if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; strncpy(clogin, html_encode(login), sizeof(clogin) - 1); clogin[sizeof(clogin) - 1] = 0; strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); cpass[sizeof(cpass) - 1] = 0; upd3variables = hydra_strrep(variables, "^USER^", clogin); upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); // Replace the user/pass placeholders in the user-supplied headers hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^PASS^", cpass); /* again: no snprintf to be portable. dont worry, buffer cant overflow */ if (use_proxy == 1 && proxy_authentication != NULL) { if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); hydra_reconnect(s, ip, port, options); } // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } } else { if (use_proxy == 1) { // proxy without authentication if (getcookie) { //doing a GET to get cookies memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); hydra_reconnect(s, ip, port, options); } // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } } else { // direct web server, no proxy if (getcookie) { //doing a GET to save cookies http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) { add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); normal_request = stringify_headers(&ptr_head); } hydra_reconnect(s, ip, port, options); } // now prepare for the "real" request if (strcmp(type, "POST") == 0) { snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("POST", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } } } if (debug) hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request); found = analyze_server_response(s); if (auth_flag) { // we received a 401 error - user using wrong module hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", (options & OPTION_SSL) > 0 ? "s" : ""); return 4; } if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); //if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { //we have to split the location char *startloc, *endloc; char str[2048]; char str2[2048]; char str3[2048]; redirected_cpt--; redirected_flag = 0; //check if the redirect page contains the fail/success condition #ifdef HAVE_PCRE if (hydra_string_match(redirected_url_buff, cond) == 1) { #else if (strstr(redirected_url_buff, cond) != NULL) { #endif found = success_cond; } else { //location could be either absolute http(s):// or / something //or relative startloc = strstr(redirected_url_buff, "://"); if (startloc != NULL) { startloc += strlen("://"); if ((endloc = strchr(startloc, '\r')) != NULL) { startloc[endloc - startloc] = 0; } if ((endloc = strchr(startloc, '\n')) != NULL) { startloc[endloc - startloc] = 0; } strcpy(str, startloc); endloc = strchr(str, '/'); if (endloc != NULL) { strncpy(str2, str, endloc - str); str2[endloc - str] = 0; } else strncpy(str2, str, sizeof(str)); if (strlen(str) - strlen(str2) == 0) { strcpy(str3, "/"); } else { strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1); str3[strlen(str) - strlen(str2) - 1] = 0; } } else { strncpy(str2, webtarget, sizeof(str2)); if (redirected_url_buff[0] != '/') { //it's a relative path, so we have to concatenate it //with the path from the first url given char *urlpath; char urlpath_extracted[2048]; memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); urlpath = strrchr(url, '/'); if (urlpath != NULL) { strncpy(urlpath_extracted, url, urlpath - url); sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); } else { sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); } } else strncpy(str3, redirected_url_buff, sizeof(str3)); if (debug) hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); } if (str3[0] != '/') { j = strlen(str3); str3[j + 1] = 0; for (i = j; i > 0; i--) str3[i] = str3[i - 1]; str3[0] = '/'; } if (verbose) hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); //re-use the code above to check for proxy use if (use_proxy == 1 && proxy_authentication != NULL) { // proxy with authentication hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); } else { if (use_proxy == 1) { // proxy without authentication hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); } else { //direct web server, no proxy hdrrepv(&ptr_head, "Host", str2); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", str3, NULL, normal_request); } } hydra_reconnect(s, ip, port, options); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; found = analyze_server_response(s); if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); } } //if the last status is still 3xx, set it as a false if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { hydra_completed_pair(); } return 1; } void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type, ptr_header_node * ptr_head) { int run = 1, next_run = 1, sock = -1; int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; // register our socket descriptor hydra_register_socket(sp); /* * Iterate through the runs. Possible values are the following: * - 1 -> Open connection to remote server. * - 2 -> Run password attempts. * - 3 -> Disconnect and end with success. * - 4 -> Disconnect and end with error. */ while (1) { if (run == 2) { if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { if (freemischttpform) free(miscptr); freemischttpform = 0; hydra_child_exit(1); } } switch (run) { case 1: /* connect and service init function */ { if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int) getpid()); if (freemischttpform) free(miscptr); freemischttpform = 0; hydra_child_exit(1); } next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_http_form(sock, ip, port, options, miscptr, fp, type, *ptr_head); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); if (freemischttpform) free(miscptr); freemischttpform = 0; hydra_child_exit(0); break; case 4: /* silent error exit */ if (sock >= 0) sock = hydra_disconnect(sock); if (freemischttpform) free(miscptr); freemischttpform = 0; hydra_child_exit(1); break; default: if (freemischttpform) free(miscptr); freemischttpform = 0; hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } if (freemischttpform) free(miscptr); } void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { ptr_header_node ptr_head = initialize(ip, options, miscptr); if (ptr_head) service_http_form(ip, sp, options, miscptr, fp, port, "GET", &ptr_head); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); hydra_child_exit(1); } } void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { ptr_header_node ptr_head = initialize(ip, options, miscptr); if (ptr_head) service_http_form(ip, sp, options, miscptr, fp, port, "POST", &ptr_head); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); hydra_child_exit(1); } } int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr_header_node ptr_head = NULL; char *ptr, *ptr2, *proxy_string; if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { webtarget += strlen("://"); if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ *ptr2 = 0; ptr2++; ptr = ptr2; if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) miscptr = ptr; else miscptr = slash; /* to make things easier to user */ } else if ((ptr2 = index(webtarget, '/')) != NULL) { if (freemischttpform == 0) { freemischttpform = 1; miscptr = malloc(strlen(ptr2) + 1); strcpy(miscptr, ptr2); *ptr2 = 0; } } else webtarget = NULL; } if (cmdlinetarget != NULL && webtarget == NULL) webtarget = cmdlinetarget; else if (webtarget == NULL && cmdlinetarget == NULL) webtarget = hydra_address2string(ip); if (port != 0) webport = port; else if ((options & OPTION_SSL) == 0) webport = PORT_HTTP; else webport = PORT_HTTP_SSL; sprintf(bufferurl, "%.1000s", miscptr); url = bufferurl; ptr = url; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; variables = ptr; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; cond = ptr; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); url = ptr; } } if (strstr(variables, "\\:") != NULL) { if ((ptr = malloc(strlen(variables))) != NULL) { strcpy(ptr, hydra_strrep(variables, "\\:", ":")); variables = ptr; } } if (strstr(cond, "\\:") != NULL) { if ((ptr = malloc(strlen(cond))) != NULL) { strcpy(ptr, hydra_strrep(cond, "\\:", ":")); cond = ptr; } } if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) hydra_child_exit(2); if (*cond == 0) { fprintf(stderr, "[ERROR] invalid number of parameters in module option\n"); return NULL; } sprintf(cookieurl, "%.1000s", url); //conditions now have to contain F or S to set the fail or success condition if (*cond != 0 && (strpos(cond, "F=") == 0)) { success_cond = 0; cond += 2; } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { success_cond = 1; cond += 2; } else { //by default condition is a fail success_cond = 0; } /* * Parse the user-supplied options. * Beware of the backslashes (\)! */ while (*optional1 != 0) { switch (optional1[0]) { case 'c': // fall through case 'C': ptr = optional1 + 2; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); optional1 = ptr; break; case 'h': // add a new header at the end ptr = optional1 + 2; while (*ptr != 0 && *ptr != ':') ptr++; if (*(ptr - 1) == '\\') *(ptr - 1) = 0; if (*ptr != 0){ *ptr = 0; ptr += 2; } ptr2 = ptr; while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) ptr2++; if (*ptr2 != 0) *ptr2++ = 0; /* * At this point: * - (optional1 + 2) contains the header's name * - ptr contains the header's value */ if (add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER)) { // Success: break the switch and go ahead optional1 = ptr2; break; } // Error: abort execution hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); return NULL; case 'H': // add a new header, or replace an existing one's value ptr = optional1 + 2; while (*ptr != 0 && *ptr != ':') ptr++; if (*(ptr - 1) == '\\') *(ptr - 1) = 0; if (*ptr != 0){ *ptr = 0; ptr += 2; } ptr2 = ptr; while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) ptr2++; if (*ptr2 != 0) *ptr2++ = 0; /* * At this point: * - (optional1 + 2) contains the header's name * - ptr contains the header's value */ if (add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER_REPL)) { // Success: break the switch and go ahead optional1 = ptr2; break; } // Error: abort execution hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); return NULL; // no default } } /* again: no snprintf to be portable. dont worry, buffer cant overflow */ if (use_proxy == 1 && proxy_authentication != NULL) { // proxy with authentication add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT); proxy_string = (char *) malloc(strlen(proxy_authentication) + 6); if (proxy_string) { strcpy(proxy_string, "Basic "); strncat(proxy_string, proxy_authentication, strlen(proxy_authentication) - 6); add_header(&ptr_head, "Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT); } else { hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header."); return NULL; } if (getcookie) { //doing a GET to save cookies cookie_request = stringify_headers(&ptr_head); } normal_request = stringify_headers(&ptr_head); } else { if (use_proxy == 1) { // proxy without authentication add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT); if (getcookie) { //doing a GET to get cookies cookie_request = stringify_headers(&ptr_head); } normal_request = stringify_headers(&ptr_head); } else { // direct web server, no proxy add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT); if (getcookie) { //doing a GET to save cookies cookie_request = stringify_headers(&ptr_head); } normal_request = stringify_headers(&ptr_head); } } return ptr_head; } hydra-8.1/hydra-http-proxy-urlenum.c0000644000175000010010000002275712441064454016176 0ustar marcNone#include "hydra-mod.h" #include "sasl.h" extern char *HYDRA_EXIT; char *buf; static int http_proxy_auth_mechanism = AUTH_ERROR; int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260]; char url[260], host[30]; char *header = ""; /* XXX TODO */ char *ptr; int auth = 0; login = hydra_get_next_login(); if (login == NULL || strlen(login) == 0 || strstr(login, "://") == NULL) { hydra_completed_pair(); return 1; } pass = hydra_get_next_password(); pass = empty; // ignored strncpy(url, login, sizeof(url) - 1); url[sizeof(url) - 1] = 0; ptr = strstr(login, "://") + 3; if (ptr[0] == '[') ptr++; strncpy(mhost, ptr, sizeof(mhost) - 1); mhost[sizeof(mhost) - 1] = 0; if ((ptr = index(mhost, '/')) != NULL) *ptr = 0; if ((ptr = index(mhost, ']')) != NULL) *ptr = 0; else if ((ptr = index(mhost, ':')) != NULL) *ptr = 0; if (miscptr != NULL && index(miscptr, ':') != NULL) { strncpy(mlogin, miscptr, sizeof(mlogin) - 1); mlogin[sizeof(mlogin) - 1] = 0; ptr = index(mlogin, ':'); *ptr++ = 0; strncpy(mpass, ptr, sizeof(mpass) - 1); mpass[sizeof(mpass) - 1] = 0; auth = 1; } if (http_proxy_auth_mechanism == AUTH_ERROR) { //send dummy request sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; //receive first 40x buf = hydra_receive_line(s); while (buf != NULL && strstr(buf, "HTTP/") == NULL) { free(buf); buf = hydra_receive_line(s); } if (debug) hydra_report(stderr, "S:%s\n", buf); //after the first query we should have been disconnected from web server s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); } else { s = hydra_connect_ssl(ip, port); } } if (auth) { if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { http_proxy_auth_mechanism = AUTH_BASIC; sprintf(buffer2, "%.50s:%.50s", login, pass); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; free(buf); buf = hydra_receive_line(s); while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { free(buf); buf = hydra_receive_line(s); } //if server cut the connection, just exit cleanly or //this will be an infinite loop if (buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); return 3; } if (debug) hydra_report(stderr, "S:%s\n", buf); } else { if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) { unsigned char buf1[4096]; unsigned char buf2[4096]; char *pos = NULL; http_proxy_auth_mechanism = AUTH_NTLM; //send auth and receive challenge //send auth request: let the server send it's own hostname and domainname buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); /* to be portable, no snprintf, buffer is big enough so it cant overflow */ //send the first.. sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; //receive challenge free(buf); buf = hydra_receive_line(s); while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { free(buf); buf = hydra_receive_line(s); } if (pos != NULL) { char *str; pos += 25; if ((str = strchr(pos, '\r')) != NULL) { pos[str - pos] = 0; } if ((str = strchr(pos, '\n')) != NULL) { pos[str - pos] = 0; } } //recover challenge if (buf != NULL) { if (strlen(buf) >= 4) from64tobits((char *) buf1, pos); free(buf); } //Send response buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; buf = hydra_receive_line(s); while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { free(buf); buf = hydra_receive_line(s); } if (buf == NULL) return 1; } else { #ifdef LIBOPENSSL if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { char *pbuffer; http_proxy_auth_mechanism = AUTH_DIGESTMD5; pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); buffer[sizeof(buffer) - 1] = '\0'; pbuffer = buffer2; sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header); if (pbuffer == NULL) return 3; if (debug) hydra_report(stderr, "C:%s\n", buffer2); if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) return 1; free(buf); buf = hydra_receive_line(s); while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { free(buf); buf = hydra_receive_line(s); } if (debug && buf != NULL) hydra_report(stderr, "S:%s\n", buf); if (buf == NULL) return 1; } else #endif { if (buf != NULL) { buf[strlen(buf) - 1] = '\0'; hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf); } else { hydra_report(stderr, "Unsupported Auth type\n"); } return 3; } } } } // result analysis ptr = ((char *) index(buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { hydra_report_found_host(port, ip, "http-proxy", fp); if (fp != stdout) fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); hydra_completed_pair_found(); } else { if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) { hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n"); return 3; } hydra_completed_pair(); } free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-http-proxy.c0000644000175000010010000002504712441064454014504 0ustar marcNone#include "hydra-mod.h" #include "sasl.h" extern char *HYDRA_EXIT; static int http_proxy_auth_mechanism = AUTH_ERROR; char *http_proxy_buf = NULL; int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500]; char url[210], host[30]; char *header = ""; /* XXX TODO */ char *ptr, *fooptr; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; if (miscptr == NULL) { strcpy(url, "http://www.microsoft.com/"); strcpy(host, "Host: www.microsoft.com\r\n"); } else { sprintf(url, "%.200s", miscptr); ptr = strstr(miscptr, "://"); // :// check is in hydra.c sprintf(host, "Host: %.200s", ptr + 3); if ((ptr = index(host, '/')) != NULL) *ptr = 0; if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[') *ptr = 0; strcat(host, "\r\n"); } if (http_proxy_auth_mechanism != AUTH_BASIC && (http_proxy_auth_mechanism == AUTH_ERROR || http_proxy_buf == NULL)) { //send dummy request sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; //receive first 40x http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/") == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } if (http_proxy_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); return 3; } if (debug) hydra_report(stderr, "S:%s\n", http_proxy_buf); free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } if (http_proxy_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n"); return 3; } if (debug) hydra_report(stderr, "S:%s\n", http_proxy_buf); //after the first query we should have been disconnected from web server s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); } else { s = hydra_connect_ssl(ip, port); } } if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) { http_proxy_auth_mechanism = AUTH_BASIC; sprintf(buffer2, "%.50s:%.50s", login, pass); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } //if server cut the connection, just exit cleanly or //this will be an infinite loop if (http_proxy_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); return 3; } if (debug) hydra_report(stderr, "S:%s\n", http_proxy_buf); } else { if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) { unsigned char buf1[4096]; unsigned char buf2[4096]; char *pos = NULL; http_proxy_auth_mechanism = AUTH_NTLM; //send auth and receive challenge //send auth request: let the server send it's own hostname and domainname buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); /* to be portable, no snprintf, buffer is big enough so it cant overflow */ //send the first.. sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; //receive challenge free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && (pos = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM ")) == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } if (pos != NULL) { char *str; pos += 25; if ((str = strchr(pos, '\r')) != NULL) { pos[str - pos] = 0; } if ((str = strchr(pos, '\n')) != NULL) { pos[str - pos] = 0; } } //recover challenge if (http_proxy_buf != NULL && strlen(http_proxy_buf) >= 4) { from64tobits((char *) buf1, pos); free(http_proxy_buf); http_proxy_buf = NULL; return 3; } //Send response buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; if (http_proxy_buf != NULL) free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } if (http_proxy_buf == NULL) return 3; } else { #ifdef LIBOPENSSL if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { char *pbuffer; http_proxy_auth_mechanism = AUTH_DIGESTMD5; pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); buffer[sizeof(buffer) - 1] = '\0'; pbuffer = NULL; fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header); if (fooptr == NULL) return 3; if (debug) hydra_report(stderr, "C:%s\n", buffer2); if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) return 3; free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } if (debug && http_proxy_buf != NULL) hydra_report(stderr, "S:%s\n", http_proxy_buf); if (http_proxy_buf == NULL) return 3; } else #endif { if (http_proxy_buf != NULL) { // buf[strlen(http_proxy_buf) - 1] = '\0'; hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf); free(http_proxy_buf); http_proxy_buf = NULL; } else { hydra_report(stderr, "Unsupported Auth type\n"); } return 3; } } } ptr = ((char *) index(http_proxy_buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); free(http_proxy_buf); http_proxy_buf = NULL; } else { if (*ptr != '4') hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass); else if (verbose && *(ptr + 2) == '3') hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); hydra_completed_pair(); free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; if (http_proxy_buf != NULL) return 2; else return 1; } void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { if (http_proxy_buf != NULL) free(http_proxy_buf); if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_http_proxy(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-http.c0000644000175000010010000002735012441064454013324 0ustar marcNone#include "hydra-mod.h" #include "sasl.h" extern char *HYDRA_EXIT; char *webtarget = NULL; char *slash = "/"; char *http_buf = NULL; int webport, freemischttp = 0; int http_auth_mechanism = AUTH_BASIC; int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500]; char *header = ""; /* XXX TODO */ char *ptr, *fooptr; int complete_line = 0; char tmpreplybuf[1024] = "", *tmpreplybufptr; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; // we must reset this if buf is NULL and we do MD5 digest if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5) http_auth_mechanism = AUTH_BASIC; switch (http_auth_mechanism) { case AUTH_BASIC: sprintf(buffer2, "%.50s:%.50s", login, pass); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); /* again: no snprintf to be portable. dont worry, buffer cant overflow */ if (use_proxy == 1 && proxy_authentication != NULL) sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication, header); else { if (use_proxy == 1) sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buffer2, header); else sprintf(buffer, "%s %.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header); } if (debug) hydra_report(stderr, "C:%s\n", buffer); break; #ifdef LIBOPENSSL case AUTH_DIGESTMD5:{ char *pbuffer; pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); buffer[sizeof(buffer) - 1] = '\0'; fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); if (fooptr == NULL) { return 3; } if (debug) hydra_report(stderr, "C:%s\n", buffer2); strcpy(buffer, buffer2); } break; #endif case AUTH_NTLM:{ unsigned char buf1[4096]; unsigned char buf2[4096]; char *pos = NULL; //send auth and receive challenge //send auth request: let the server send it's own hostname and domainname buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); /* to be portable, no snprintf, buffer is big enough so it cant overflow */ //send the first.. if (use_proxy == 1 && proxy_authentication != NULL) sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); else { if (use_proxy == 1) sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buf1, header); else sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, buf1, header); } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; //receive challenge if (http_buf != NULL) free(http_buf); http_buf = hydra_receive_line(s); while (http_buf != NULL && (pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ")) == NULL) { free(http_buf); http_buf = hydra_receive_line(s); } if (http_buf == NULL) return 1; if (pos != NULL) { char *str; pos += 23; if ((str = strchr(pos, '\r')) != NULL) { pos[str - pos] = 0; } if ((str = strchr(pos, '\n')) != NULL) { pos[str - pos] = 0; } } //recover challenge from64tobits((char *) buf1, pos); free(http_buf); http_buf = NULL; //Send response buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); //create the auth response if (use_proxy == 1 && proxy_authentication != NULL) sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); else { if (use_proxy == 1) sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buf1, header); else sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, buf1, header); } if (debug) hydra_report(stderr, "C:%s\n", buffer); } break; } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if (http_buf != NULL) free(http_buf); http_buf = hydra_receive_line(s); complete_line = 0; tmpreplybuf[0] = 0; while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) { if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) { strncpy(tmpreplybuf, http_buf, sizeof(tmpreplybuf) - 1); tmpreplybuf[sizeof(tmpreplybuf) - 1] = 0; free(http_buf); http_buf = hydra_receive_line(s); } else if (tmpreplybuf[0] != 0) { complete_line = 1; if ((tmpreplybufptr = malloc(strlen(tmpreplybuf) + strlen(http_buf) + 1)) != NULL) { strcpy(tmpreplybufptr, tmpreplybuf); strcat(tmpreplybufptr, http_buf); free(http_buf); http_buf = tmpreplybufptr; if (debug) printf("http_buf now: %s\n", http_buf); } } else { free(http_buf); http_buf = hydra_receive_line(s); } } //if server cut the connection, just exit cleanly or //this will be an infinite loop if (http_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); return 3; } if (debug) hydra_report(stderr, "S:%s\n", http_buf); ptr = ((char *) index(http_buf, ' ')) + 1; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { hydra_report_found_host(port, ip, "www", fp); hydra_completed_pair_found(); if (http_buf != NULL) { free(http_buf); http_buf = NULL; } } else { if (ptr != NULL && *ptr != '4') fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(http_buf, ' ') + 1), login, pass); //the first authentication type failed, check the type from server header if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { //seems the auth supported is not Basic shceme so testing further int find_auth = 0; if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) { http_auth_mechanism = AUTH_NTLM; find_auth = 1; } #ifdef LIBOPENSSL if (hydra_strcasestr(http_buf, "WWW-Authenticate: Digest") != NULL) { http_auth_mechanism = AUTH_DIGESTMD5; find_auth = 1; } #endif if (find_auth) { // free(http_buf); // http_buf = NULL; return 1; } } hydra_completed_pair(); } // free(http_buf); // http_buf = NULL; if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { int run = 1, next_run = 1, sock = -1; int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; char *ptr, *ptr2; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; if ((webtarget = strstr(miscptr, "://")) != NULL) { webtarget += strlen("://"); if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ *ptr2 = 0; ptr2++; ptr = ptr2; if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) miscptr = ptr; else miscptr = slash; /* to make things easier to user */ } else if ((ptr2 = index(webtarget, '/')) != NULL) { miscptr = malloc(strlen(ptr2) + 1); freemischttp = 1; strcpy(miscptr, ptr2); *ptr2 = 0; } else webtarget = NULL; } if (cmdlinetarget != NULL && webtarget == NULL) webtarget = cmdlinetarget; else if (webtarget == NULL && cmdlinetarget == NULL) webtarget = hydra_address2string(ip); if (port != 0) webport = port; else if ((options & OPTION_SSL) == 0) webport = myport; else webport = mysslport; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (freemischttp) free(miscptr); if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_http(sock, ip, port, options, miscptr, fp, type); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); if (freemischttp) free(miscptr); hydra_child_exit(0); return; default: if (freemischttp) free(miscptr); fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { service_http(ip, sp, options, miscptr, fp, port, "GET"); } void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { service_http(ip, sp, options, miscptr, fp, port, "HEAD"); } int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-icq.c0000644000175000010010000001560512441064454013121 0ustar marcNone#include "hydra-mod.h" extern char *HYDRA_EXIT; extern int child_head_no; int seq = 1; const unsigned char icq5_table[] = { 0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31, 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, 0x5A, 0x00, 0x00 }; void fix_packet(char *buf, int len) { unsigned long c1, c2; unsigned long r1, r2; int pos, key, k; c1 = buf[8]; c1 <<= 8; c1 |= buf[4]; c1 <<= 8; c1 |= buf[2]; c1 <<= 8; c1 |= buf[6]; r1 = (rand() % (len - 0x18)) + 0x18; r2 = rand() & 0xff; c2 = r1; c2 <<= 8; c2 |= buf[r1]; c2 <<= 8; c2 |= r2; c2 <<= 8; c2 |= icq5_table[r2]; c2 ^= 0xff00ff; c1 ^= c2; buf[0x14] = c1 & 0xff; buf[0x15] = (c1 >> 8) & 0xff; buf[0x16] = (c1 >> 16) & 0xff; buf[0x17] = (c1 >> 24) & 0xff; key = len * 0x68656c6cL; key += c1; pos = 0xa; for (; pos < len; pos += 4) k = key + icq5_table[pos & 0xff]; } void icq_header(char *buf, unsigned short cmd, unsigned long uin) { buf[0] = 0x02; buf[1] = 0x00; buf[2] = cmd & 0xff; buf[3] = (cmd >> 8) & 0xff; buf[4] = seq & 0xff; buf[5] = (seq++ >> 8) & 0xff; buf[6] = uin & 0xff; buf[7] = (uin >> 8) & 0xff; buf[8] = (uin >> 16) & 0xff; buf[9] = (uin >> 24) & 0xff; } int icq_login(int s, char *login, char *pass) { unsigned long uin = strtoul(login, NULL, 10); char buf[256]; int len; bzero(buf, sizeof(buf)); icq_header(buf, 0x03e8, uin); len = strlen(pass) + 1; buf[14] = len; memcpy(&buf[16], pass, len); buf[16 + len] = 0x78; buf[24 + len] = 0x04; buf[29 + len] = 0x02; buf[39 + len] = 0x08; buf[41 + len] = 0x78; return (hydra_send(s, buf, 43 + len, 0)); } int icq_login_1(int s, char *login) { unsigned long uin = strtoul(login, NULL, 10); char buf[64]; icq_header(buf, 0x044c, uin); return (hydra_send(s, buf, 10, 0)); } int icq_disconnect(int s, char *login) { unsigned long uin = strtoul(login, NULL, 10); char buf[64]; bzero(buf, sizeof(buf)); icq_header(buf, 0x0438, uin); buf[10] = 20; memcpy(&buf[12], "B_USER_DISCONNECTED", 20); buf[32] = 0x5; return (hydra_send(s, buf, 34, 0)); } int icq_ack(int s, char *login) { unsigned long uin = strtoul(login, NULL, 10); char buf[64]; buf[0] = 0x02; buf[1] = 0x00; buf[2] = 0x0a; buf[3] = 0x0; buf[4] = seq & 0xff; buf[5] = (seq >> 8) & 0xff; buf[6] = uin & 0xff; buf[7] = (uin >> 8) & 0xff; buf[8] = (uin >> 16) & 0xff; buf[9] = (uin >> 24) & 0xff; return (hydra_send(s, buf, 10, 0)); } int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * fp) { unsigned char buf[1024]; char *login, *pass; char *empty = ""; int i, r; if (strlen(login = hydra_get_next_login()) == 0) return 2; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; for (i = 0; login[i]; i++) if (!isdigit((int) login[i])) { fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login); hydra_completed_pair(); return 2; } icq_login(sock, login, pass); while (1) { if ((r = hydra_recv(sock, (char *) buf, sizeof(buf))) == 0) { return 1; } if (r < 0) { if (verbose) fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int) getpid()); return 3; } if (buf[2] == 0x5a && buf[3] == 0x00) { hydra_report_found_host(port, ip, "icq", output); hydra_completed_pair_found(); icq_ack(sock, login); icq_login_1(sock, login); hydra_recv(sock, (char *) buf, sizeof(buf)); icq_ack(sock, login); hydra_recv(sock, (char *) buf, sizeof(buf)); icq_ack(sock, login); icq_disconnect(sock, login); break; } else if ((buf[2] != 10 && buf[2] != 250) || buf[3] != 0) { hydra_completed_pair(); break; } /* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */ } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_ICQ; if (port) myport = port; port = myport; if ((options & OPTION_SSL) != 0 && child_head_no == 0) { fprintf(stderr, "[ERROR] You can not use SSL with ICQ!\n"); hydra_child_exit(0); } hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: if (sock >= 0) sock = hydra_disconnect(sock); sock = hydra_connect_udp(ip, myport); if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: next_run = start_icq(sock, ip, port, fp, miscptr, fp); break; case 3: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-imap.c0000644000175000010010000004471012441064454013272 0ustar marcNone#include "hydra-mod.h" #include "sasl.h" extern char *HYDRA_EXIT; char *buf; int counter; int imap_auth_mechanism = AUTH_CLEAR; char *imap_read_server_capacity(int sock) { char *ptr = NULL; int resp = 0; char *buf = NULL; do { if (buf != NULL) free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') { resp = 1; usleep(300000); /* we got the capability info then get the completed warning info from server */ while (hydra_data_ready(sock)) { free(buf); buf = hydra_receive_line(sock); } } else { if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; if (isdigit((int) *ptr) && *(ptr + 1) == ' ') { resp = 1; } } } } while (buf != NULL && resp == 0); return buf; } int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], *fooptr; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; while (hydra_data_ready(s)) { if ((buf = hydra_receive_line(s)) == NULL) return (1); free(buf); } switch (imap_auth_mechanism) { case AUTH_LOGIN: sprintf(buffer, "%d AUTHENTICATE LOGIN\r\n", counter); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) { hydra_report(stderr, "[ERROR] IMAP LOGIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); strcpy(buffer2, login); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) { hydra_report(stderr, "[ERROR] IMAP LOGIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); strcpy(buffer2, pass); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); break; case AUTH_PLAIN: sprintf(buffer, "%d AUTHENTICATE PLAIN\r\n", counter); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) { hydra_report(stderr, "[ERROR] IMAP PLAIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); memset(buffer, 0, sizeof(buffer)); sasl_plain(buffer, login, pass); sprintf(buffer, "%.250s\r\n", buffer); break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: case AUTH_CRAMSHA1: case AUTH_CRAMSHA256:{ int rc = 0; char *preplogin; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { return 3; } switch (imap_auth_mechanism) { case AUTH_CRAMMD5: sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); break; case AUTH_CRAMSHA1: sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter); break; case AUTH_CRAMSHA256: sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter); break; } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } //get the one-time BASE64 encoded challenge if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { switch (imap_auth_mechanism) { case AUTH_CRAMMD5: hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf); break; case AUTH_CRAMSHA1: hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf); break; case AUTH_CRAMSHA256: hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf); break; } free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buf + 2); free(buf); memset(buffer2, 0, sizeof(buffer2)); switch (imap_auth_mechanism) { case AUTH_CRAMMD5:{ sasl_cram_md5(buffer2, pass, buffer); sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA1:{ sasl_cram_sha1(buffer2, pass, buffer); sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA256:{ sasl_cram_sha256(buffer2, pass, buffer); sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; } hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); sprintf(buffer, "%.250s\r\n", buffer); free(preplogin); } break; case AUTH_DIGESTMD5:{ sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; //receive if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buf); free(buf); if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); if (fooptr == NULL) return 3; if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); } break; case AUTH_SCRAMSHA1:{ char clientfirstmessagebare[200]; char serverfirstmessage[200]; char *preplogin; int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { return 3; } sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf); free(buf); return 3; } free(buf); snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); free(preplogin); memset(buffer2, 0, sizeof(buffer2)); sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { if (verbose || debug) hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); free(buf); return 1; } else { /* recover server challenge */ memset(buffer, 0, sizeof(buffer)); //+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2 from64tobits((char *) buffer, buf + 2); free(buf); strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; memset(buffer2, 0, sizeof(buffer2)); fooptr = buffer2; sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); if (fooptr == NULL) { hydra_report(stderr, "[ERROR] Can't compute client response\n"); return 1; } hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); } } break; #endif case AUTH_NTLM:{ unsigned char buf1[4096]; unsigned char buf2[4096]; //Send auth request sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; //receive if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf); free(buf); return 3; } free(buf); //send auth and receive challenge //send auth request: lst the server send it's own hostname and domainname buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); sprintf(buffer, "%s\r\n", buf1); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strlen(buf) < 6) { free(buf); return 1; } //recover challenge from64tobits((char *) buf1, buf + 2); free(buf); //Send response buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); sprintf(buffer, "%s\r\n", buf1); } break; default: //clear authentication sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass); } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return (1); if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { if (verbose) hydra_report(stderr, "[ERROR] %s\n", buf); free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; if (counter == 4) return 1; return (2); } free(buf); hydra_report_found_host(port, ip, "imap", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; char *buffer1 = "1 CAPABILITY\r\n"; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n"); if (buf != NULL) free(buf); hydra_child_exit(2); } free(buf); /* send capability request */ if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) exit(-1); counter = 2; buf = imap_read_server_capacity(sock); if (buf == NULL) { hydra_child_exit(2); } if ((miscptr != NULL) && (strlen(miscptr) > 0)) { int i; for (i = 0; i < strlen(miscptr); i++) miscptr[i] = (char) toupper((int) miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { disable_tls = 0; } } #ifdef LIBOPENSSL if (!disable_tls) { /* check for STARTTLS, if available we may have access to more basic auth methods */ if (strstr(buf, "STARTTLS") != NULL) { hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0); counter++; free(buf); buf = hydra_receive_line(sock); if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) { hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); disable_tls = 1; run = 1; break; } else { if (verbose) hydra_report(stderr, "[VERBOSE] TLS connection done\n"); } /* ask again capability request but in TLS mode */ if (hydra_send(sock, "3 CAPABILITY\r\n", strlen("3 CAPABILITY\r\n"), 0) < 0) hydra_child_exit(2); buf = imap_read_server_capacity(sock); counter++; if (buf == NULL) hydra_child_exit(2); } } else hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); } #endif if (verbose) hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); //authentication should be listed AUTH= like in the extract below //STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=NTLM") != NULL)) { imap_auth_mechanism = AUTH_NTLM; } #ifdef LIBOPENSSL if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=SCRAM-SHA-1") != NULL)) { imap_auth_mechanism = AUTH_SCRAMSHA1; } if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=DIGEST-MD5") != NULL)) { imap_auth_mechanism = AUTH_DIGESTMD5; } if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-SHA256") != NULL)) { imap_auth_mechanism = AUTH_CRAMSHA256; } if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-SHA1") != NULL)) { imap_auth_mechanism = AUTH_CRAMSHA1; } if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-MD5") != NULL)) { imap_auth_mechanism = AUTH_CRAMMD5; } #endif if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=PLAIN") != NULL)) { imap_auth_mechanism = AUTH_PLAIN; } if (strstr(buf, "=LOGIN") != NULL) { imap_auth_mechanism = AUTH_LOGIN; } free(buf); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { if (strstr(miscptr, "CLEAR")) imap_auth_mechanism = AUTH_CLEAR; if (strstr(miscptr, "LOGIN")) imap_auth_mechanism = AUTH_LOGIN; if (strstr(miscptr, "PLAIN")) imap_auth_mechanism = AUTH_PLAIN; #ifdef LIBOPENSSL if (strstr(miscptr, "CRAM-MD5")) imap_auth_mechanism = AUTH_CRAMMD5; if (strstr(miscptr, "CRAM-SHA1")) imap_auth_mechanism = AUTH_CRAMSHA1; if (strstr(miscptr, "CRAM-SHA256")) imap_auth_mechanism = AUTH_CRAMSHA256; if (strstr(miscptr, "DIGEST-MD5")) imap_auth_mechanism = AUTH_DIGESTMD5; if (strstr(miscptr, "SCRAM-SHA1")) imap_auth_mechanism = AUTH_SCRAMSHA1; #endif if (strstr(miscptr, "NTLM")) imap_auth_mechanism = AUTH_NTLM; } if (verbose) { switch (imap_auth_mechanism) { case AUTH_CLEAR: hydra_report(stderr, "[VERBOSE] using IMAP CLEAR LOGIN mechanism\n"); break; case AUTH_LOGIN: hydra_report(stderr, "[VERBOSE] using IMAP LOGIN AUTH mechanism\n"); break; case AUTH_PLAIN: hydra_report(stderr, "[VERBOSE] using IMAP PLAIN AUTH mechanism\n"); break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: hydra_report(stderr, "[VERBOSE] using IMAP CRAM-MD5 AUTH mechanism\n"); break; case AUTH_CRAMSHA1: hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA1 AUTH mechanism\n"); break; case AUTH_CRAMSHA256: hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA256 AUTH mechanism\n"); break; case AUTH_DIGESTMD5: hydra_report(stderr, "[VERBOSE] using IMAP DIGEST-MD5 AUTH mechanism\n"); break; case AUTH_SCRAMSHA1: hydra_report(stderr, "[VERBOSE] using IMAP SCRAM-SHA1 AUTH mechanism\n"); break; #endif case AUTH_NTLM: hydra_report(stderr, "[VERBOSE] using IMAP NTLM AUTH mechanism\n"); break; } } next_run = 2; break; case 2: /* run the cracking function */ next_run = start_imap(sock, ip, port, options, miscptr, fp); counter++; break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-irc.c0000644000175000010010000001466112441064454013123 0ustar marcNone#include "hydra-mod.h" /* RFC 1459: Internet Relay Chat Protocol */ extern char *HYDRA_EXIT; char *buf; char buffer[300] = ""; int myport = PORT_IRC, mysslport = PORT_IRC_SSL; int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; int ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; sprintf(buffer, "OPER %s %s\r\n", login, pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; } ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if (ret >= 0) buffer[ret] = 0; /* :irc.debian.org 381 koma :You are now an IRC Operator */ /* :irc.debian.org 464 koma :Invalid password */ if ((ret > 0) && (strstr(buffer, " 381 ") != NULL)) { hydra_report_found_host(port, ip, "irc", fp); hydra_completed_pair_found(); } else { hydra_completed_pair(); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } int send_nick(int s, char *ip, char *pass) { if (strlen(pass) > 0) { sprintf(buffer, "PASS %s\r\n", pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } } sprintf(buffer, "CAP LS\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int) getpid(), (int) getpid(), hydra_address2string(ip)); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } return 0; } int irc_server_connect(char *ip, int sock, int port, unsigned char options) { if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } return sock; } int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass; int ret; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; s = irc_server_connect(ip, s, port, options); if (s < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); return 3; } if (send_nick(s, ip, pass) < 0) { return 3; } ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if (ret >= 0) buffer[ret] = 0; #ifdef HAVE_PCRE if ((ret > 0) && (!hydra_string_match(buffer, "ERROR\\s.*password"))) { #else if ((ret > 0) && (strstr(buffer, "ERROR") == NULL)) { #endif hydra_report_pass_found(port, ip, "irc", fp); hydra_completed_pair_found(); hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass); } else { if (verbose && (miscptr != NULL)) hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr); hydra_completed_pair(); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 4; } void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1, ret; char *buf; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ sock = irc_server_connect(ip, sock, port, options); if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } if (miscptr == NULL) { miscptr = ""; } if (send_nick(sock, ip, miscptr) < 0) { hydra_child_exit(1); } buffer[0] = 0; if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0) buffer[ret] = 0; /* ERROR :Bad password */ #ifdef HAVE_PCRE if ((ret > 0) && (hydra_string_match(buffer, "ERROR\\s.*password"))) { #else if ((ret > 0) && (strstr(buffer, "ERROR") != NULL)) { #endif if (verbose) hydra_report(stderr, "[INFO] Server is requesting a password, will try to find it\n"); if (sock >= 0) sock = hydra_disconnect(sock); next_run = 4; break; } while (hydra_data_ready(sock)) { buf = hydra_receive_line(sock); free(buf); } if ((ret > 0) && (strstr(buffer, " 432 ") != NULL)) { /* :irc.debian.org 432 * hydra_5075 :Erroneous nickname */ if (verbose) hydra_report(stderr, "[ERROR] Erroneous nickname\n"); hydra_child_exit(0); } if ((ret > 0) && (strstr(buffer, " 433 ") != NULL)) { /* :irc.debian.org 433 * hydra :Nickname already in use */ if (verbose) hydra_report(stderr, "[ERROR] Nickname already in use\n"); hydra_child_exit(0); } /* ERROR :Bad password is returned from ngircd when it s waiting for a server password */ if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) { /* seems we not successfully connected */ hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer); hydra_child_exit(0); } next_run = 2; break; case 2: /* run the cracking function */ next_run = start_oper_irc(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 4: next_run = start_pass_irc(sock, ip, port, options, miscptr, fp); break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-ldap.c0000644000175000010010000003324312441064454013263 0ustar marcNone#include "hydra-mod.h" #include "sasl.h" extern char *HYDRA_EXIT; unsigned char *buf; int counter; int tls_required = 0; int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char version, int auth_method) { char *empty = ""; char *login = "", *pass, *fooptr = ""; unsigned char buffer[512]; int length = 0; int ldap_auth_mechanism = auth_method; /* The LDAP "simple" method has three modes of operation: * anonymous= no user no pass * unauthenticated= user but no pass * user/password authenticated= user and pass */ if ((miscptr != NULL) && (ldap_auth_mechanism == AUTH_CLEAR)) { login = miscptr; } else { if (strlen(login = hydra_get_next_login()) == 0) login = empty; } if (miscptr == NULL) miscptr = fooptr; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; switch (ldap_auth_mechanism) { case AUTH_CLEAR: length = 14 + strlen(login) + strlen(pass); break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: length = 14 + strlen(miscptr) + strlen("CRAM-MD5") + 2; break; case AUTH_DIGESTMD5: length = 14 + strlen(miscptr) + strlen("DIGEST-MD5") + 2; break; #endif } memset(buffer, 0, sizeof(buffer)); buffer[0] = 48; buffer[1] = length - 2; buffer[2] = 2; buffer[3] = 1; buffer[4] = counter % 256; buffer[5] = 96; buffer[6] = length - 7; buffer[7] = 2; buffer[8] = 1; buffer[9] = version; buffer[10] = 4; if (ldap_auth_mechanism == AUTH_CLEAR) { buffer[11] = strlen(login); /* DN */ memcpy(&buffer[12], login, strlen(login)); buffer[12 + strlen(login)] = (unsigned char) 128; buffer[13 + strlen(login)] = strlen(pass); memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */ } else { char *authm = "DIGEST-MD5"; if (ldap_auth_mechanism == AUTH_CRAMMD5) { authm = "CRAM-MD5"; } if ((strlen(miscptr)) > sizeof(buffer) - 16 - strlen(authm)) { miscptr[sizeof(buffer) - 16 - strlen(authm)] = '\0'; } buffer[11] = strlen(miscptr); /* DN */ memcpy(&buffer[12], miscptr, strlen(miscptr)); buffer[12 + strlen(miscptr)] = 163; buffer[13 + strlen(miscptr)] = 2 + strlen(authm); buffer[14 + strlen(miscptr)] = 4; buffer[15 + strlen(miscptr)] = strlen(authm); memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm)); } if (hydra_send(s, (char *) buffer, length, 0) < 0) return 1; if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) return 1; if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) { if (verbose) hydra_report(stderr, "[VERBOSE] Protocol invalid\n"); free(buf); return 3; } if (buf[0] != 0 && buf[0] != 32 && buf[9] == 13) { if (verbose) hydra_report(stderr, "[VERBOSE] Confidentiality required, TLS has to be enabled\n"); tls_required = 1; free(buf); return 1; } if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 34) { hydra_report(stderr, "[ERROR] Invalid DN Syntax\n"); hydra_child_exit(2); free(buf); return 3; } #ifdef LIBOPENSSL /* one more step auth for CRAM and DIGEST */ if (ldap_auth_mechanism == AUTH_CRAMMD5) { /* get the challenge, need to extract it */ char *ptr; char buf2[32]; ptr = strstr((char *) buf, "<"); fooptr = buf2; sasl_cram_md5(fooptr, pass, ptr); if (fooptr == NULL) return 1; counter++; if (strstr(miscptr, "^USER^") != NULL) { miscptr = hydra_strrep(miscptr, "^USER^", login); } length = 12 + strlen(miscptr) + 4 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2); memset(buffer, 0, sizeof(buffer)); buffer[0] = 48; buffer[1] = length - 2; buffer[2] = 2; buffer[3] = 1; buffer[4] = counter % 256; buffer[5] = 96; buffer[6] = length - 7; buffer[7] = 2; buffer[8] = 1; buffer[9] = version; buffer[10] = 4; buffer[11] = strlen(miscptr); /* DN */ memcpy(&buffer[12], miscptr, strlen(miscptr)); buffer[12 + strlen(miscptr)] = 163; buffer[13 + strlen(miscptr)] = 2 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2); buffer[14 + strlen(miscptr)] = 4; buffer[15 + strlen(miscptr)] = strlen("CRAM-MD5"); memcpy(&buffer[16 + strlen(miscptr)], "CRAM-MD5", strlen("CRAM-MD5")); buffer[16 + strlen(miscptr) + strlen("CRAM-MD5")] = 4; buffer[17 + strlen(miscptr) + strlen("CRAM-MD5")] = strlen(login) + 1 + strlen(buf2); memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5")], login, strlen(login)); buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' '; memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2)); if (hydra_send(s, (char *) buffer, length, 0) < 0) return 1; free(buf); if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) return 1; } else { if (ldap_auth_mechanism == AUTH_DIGESTMD5) { char *ptr; char buffer2[500]; int ind = 0; ptr = strstr((char *) buf, "realm="); counter++; if (strstr(miscptr, "^USER^") != NULL) { miscptr = hydra_strrep(miscptr, "^USER^", login); } fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); if (fooptr == NULL) { free(buf); return 3; } length = 26 + strlen(miscptr) + strlen("DIGEST-MD5") + strlen(buffer2); memset(buffer, 0, sizeof(buffer)); ind = 0; buffer[ind] = 48; ind++; buffer[ind] = 130; ind++; if (length - 4 > 255) { buffer[ind] = 1; ind++; buffer[ind] = length - 256 - 4; ind++; } else { buffer[ind] = 0; ind++; buffer[ind] = length - 4; ind++; } buffer[ind] = 2; ind++; buffer[ind] = 1; ind++; buffer[ind] = counter % 256; ind++; buffer[ind] = 96; /*0x60 */ ind++; buffer[ind] = 130; ind++; if (length - 7 - 4 > 255) { buffer[ind] = 1; ind++; buffer[ind] = length - 256 - 11; ind++; } else { buffer[ind] = 0; ind++; buffer[ind] = length - 11; ind++; } buffer[ind] = 2; ind++; buffer[ind] = 1; ind++; buffer[ind] = version; ind++; buffer[ind] = 4; ind++; buffer[ind] = strlen(miscptr); ind++; memcpy(&buffer[ind], miscptr, strlen(miscptr)); /*DN*/ buffer[ind + strlen(miscptr)] = 163; //0xa3 ind++; buffer[ind + strlen(miscptr)] = 130; //0x82 ind++; if (strlen(buffer2) + 6 + strlen("DIGEST-MD5") > 255) { buffer[ind + strlen(miscptr)] = 1; ind++; buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5") - 256; } else { buffer[ind + strlen(miscptr)] = 0; ind++; buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5"); } ind++; buffer[ind + strlen(miscptr)] = 4; ind++; buffer[ind + strlen(miscptr)] = strlen("DIGEST-MD5"); ind++; memcpy(&buffer[ind + strlen(miscptr)], "DIGEST-MD5", strlen("DIGEST-MD5")); buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 4; ind++; buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 130; ind++; if (strlen(buffer2) > 255) { buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 1; ind++; buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2) - 256; } else { buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 0; ind++; buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2); } ind++; memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2)); ind++; if (hydra_send(s, (char *) buffer, length, 0) < 0) return 1; free(buf); if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) return 1; } } #endif /* success is: 0a 01 00 - failure is: 0a 01 31 */ if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { hydra_report_found_host(port, ip, "ldap", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 7) { hydra_report(stderr, "[ERROR] Unknown authentication method\n"); free(buf); hydra_child_exit(2); } if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) { if (verbose) hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass); free(buf); return 1; } if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) { hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2'); free(buf); hydra_child_exit(2); sleep(1); hydra_child_exit(2); } //0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, //8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, //16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, // this is for w2k8 active directory ldap auth if (buf[0] == 48 && buf[1] == 132) { if (buf[9] == 0x61 && buf[1] == 0x84) { if (buf[17] == 0 || buf[17] == 0x20) { hydra_report_found_host(port, ip, "ldap", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } } } else { if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) { hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n"); print_hex((unsigned char *) buf, 24); free(buf); return 3; } } hydra_completed_pair(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char version, int auth_method) { int run = 1, next_run = 1, sock = -1; int myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } counter = 1; if (tls_required) { /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */ char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0) hydra_child_exit(1); if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL) hydra_child_exit(1); if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { /* TLS option negociation goes well, now trying to connect */ if ((hydra_connect_to_ssl(sock) == -1) && verbose) { hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_child_exit(1); } else { if (verbose) hydra_report(stderr, "[VERBOSE] TLS connection done\n"); counter++; } } else { hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf); hydra_child_exit(1); } } next_run = 2; break; case 2: /* run the cracking function */ next_run = start_ldap(sock, ip, port, options, miscptr, fp, version, auth_method); counter++; break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { service_ldap(ip, sp, options, miscptr, fp, port, 2, AUTH_CLEAR); } void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CLEAR); } void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CRAMMD5); } void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_DIGESTMD5); } int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-logo.ico0000644000175000010010000011227612441064454013637 0ustar marcNone`` (`  (&8e {T(A?,I#U@@ l%/<9GAQDS@O6C*5! mU _@RXs^yUkDT7C8EIYXkN^5AC,8\w_{K_&0 \^2<P_O^%- \y9H`|Wq0=A  I8DQ_/8 r  A *$]xXr"[  l/7Ta1; l'0 R t=NYs$H*1 09Q^%, Rb pRi>P c -4CN3=p@ Vn@S` )HVbvRaey~  J_Lb IWm+3   U0=Zt   x:Fo s 6A$"""&? ^ : w Zt:K O%_q 9C  '       O M !'  ^ {>Q]x$- c . & =]#- ' @$  X(2&/:Y!"  'TlUo*5  ' D|   Z:J*6.8 FU&- -5CR & ':I^"*1<B!Tl[v>P  f: ; _  &/8CCO4@  K`_v3@'Sg1<HV" aM_>O1>BT?O:F )>AT\w]wK`6C'1!(&!)&..9:GCR JXR`Vd#Tb"S`KX/9H F>M2?I^H\01,::82@:HF  d >Pe`z@Sa}La &~&09INc\r^u^t]r\p[o\nYjRbFS@LDPMZS_R^O\AM %- P l S(\wHZEV^ySl BYJSp`Yxc]~\vN>r-kc@S"  K T (*40<0<,6#+  &9E MZNZGT1;   &UoyD׵׵ÒrlE]=/8(&-% ( y8''' 9Z _ ="""-%  >J JWJV4@  _")JbMj˲ӫԮֲڻݿִ˵g~qG\L!R ./7IUGT2=! RoOé΢ȖְZz`" s  ;GHUER.9 I$0!yϤ͠ЦٸںΣtN6C n  9$,HUFSBP#* T b:N6쌾ںײٷسUp(ec}bySg7D# cHUFSCQ:F W7I/ȯҪΡgo h fedc}bzax^sQc.9&$HUFSCP@M'0N7",񄳐ٸΡУΡֲ˜fhdeffedc}byax`v_t[p=J 6  j3<HUFSBPAN8D!soڻںض۽ֲկֲضڹڹٷr+eeffffedc}byax`v_t_s[oRd =I *2#eG87A v#*DOHUFSBPAN>L XvIծ˜˜}Og dffffffedc}byax`v_t_s]p]o[lWfM\AM7B(1 (!((1K4D׺ܿfefffffffffedc}byax`v_t_s]p]o]mZk!Zh#Xg$Vd$Tb"TaR^P^N[LY KWHUFSBPAN?L,7s }{zeefffffffffedc}byax`v_t_s]p]o]mZk!Zh#Xg$Vd$Tb"TaR^P^N[LY KWHUFSBPAN?L (=@6E#yEfffffffffffedc}byax`v_t_s]p]o]mZk!Zh#Xg$Vd$Tb"TaR^P^N[LY KWHUFSBPAN:G***zouֱ۽ɖlfffffffffffedc}byax`v_t_s]p]o]mZk!Zh#Xg$Vd$Tb"TaR^P^N[LY KWHUFSBP@M+4 q!+ů̝͠״׳ӫϢŐʚֳں׳ֳ۾mfffffffffffedc}byax`v_t_s]p]o]mZk!Zh#Xg$Vd$Tb"TaR^P^N[LY KWHUFSCQ:G!@S>ԛѵܿ۽ٷڻm fffffffffffedc}byax`v_t_s]p]o]mZk!Zh#Xg$Vd$Tb"TaR^P^N[LY KWHUFSAN!) V &PjTs/fffffffffffedc}byax`v_t_s]p]o]mZk!Zh#Xg$Vd$Tb"TaR^P^N[LY KWHUCP!( k/Wt_ۻ\eefffffffffedc}byax`v_t_s]p]o]mZk!Zh#Xg$Vd$Tb"TaR^P^N[LY KWBO$,  t04'O]{eֲٸݿǓeefffffffffedc}byax`v_t_s]p]o]m!Zh#Xg$Vd$Tb"TaR^P^N[LXJ" y CW@ߟѵʙrӭԯֲٸܿϥӬڼ͠ΣܾĎjdfffffedQj6E-7$.+5-78E;I8="CJ!4@.1")+" {$ )0 $*  0 +6̸ԯظÌyȖ͞ieffffdLb49"yzx  ;ViVins .8 % }׷nӬХ{Gidef_z7@)/.;8-bL&/iM]d MG[M/9WfUc P]-5 p)!  Y# $+ "+L#F[SΧٹձeo ͢WkR˛ۼٸϥϩ^c{ ]pYkP_R`LY GT@M#+ ,50= |$, ?g|ݿu0dnŐ׶ڻ~MdmǕֲֳ̟ΨxM^q\lZiTcES :H7F!$Sf!)C:#$*50qfedn"͟۾xO0< 1?۾ǘǕضӺ׾ǓeI[ [r`ֲطڻ˰]n1P^O[MY IV=KTf *3@ 6Cr<\H{о=I;##ÑۼjebJ`1=)4$аͲyqն|E[v;J3= B  Q4B7Zla畱ӭظWf"O[MY KWETXj CP [  =E:fti3=- #P@V"'''  (ˮөmfeVn:J4B$ wOfR{ӹzxƒi ^xGU  00<.΢nN[LY KWIVTe O^:-3-wzizi $$9._NN¸ò;?O9w3ff]w>N4A ?P!ģ̲βȨx8cWm  * *rvٷf{a WkNv=}6ȑ*1'&sL#1L De3Űկm5D"i.  "<)4.hsزȔi ff_{?O.:0< 7cr^Hʝټ˟ʯ̰ҩg cZp*1 ,4*ڹģTcHUFSBP6B q e(3WqmQɫ|~Rd0?SEYy˜ںȳtwkzcznN`OM`M^thn{}dff[v=M8F#,A qwm̦ȡҷ˨ȣдؾ~Dc`z1;N7 Xntg|8HUFSBP7CC%]vq l}IѦɮwdycZn4ЬȖԼڹkfffTm;K4A $Ͱŵhc>L {y`HUFSBP7C 3&_xz(îZg$k>޼vױۻ֯w.dfebLa8F%Azwu϶˦q!cOd,7 M WwwǨ}lIVFSBP8C 8#Nb7gu3MbwyƋԮݽۺx2eefe_{@Q#. q$+͜ΟѤҾӿ`d]v!*ES J:RfQˬĥWhFSBP8D =Mofvz~۷~޿Ӫҩt(fffedSj&1  bu^򭿵!gx{zyusjNt̛֯{7ddeffe`}4B" )!) 怓~5;3.:KaCTA?aSI[@PLda|Sd&$ ˭ϵfz7GSCP6Co   V (H\mxzz{{xpgflmg dffffed^zHZ8G/<"   r7@* o--- SkZJFT~L}m@UAU\r8ťwge[r17GJ>:D:1;+ ou{־վåж{_FSCQ2< $- #-Unox{{{zwmdeffffffd\wFW&/  U2 $/Rjjswxxvfefffeb`|TiCQ>L6D-8 f P%""( 7E@U?Z">Z&?_,<]*=\)>['@X~k&cb}9D+,)JYP 61] ˯{aӽ̳f{;CP$-?OMa  1=N_xd~egecddcaz]tUjIW8B-6&,  f@4Z%;](jid`8a);])>Z&yu[bc~:H dracs^rlåտZp0DU L_Rf+tUBPGW^v$,= d4A]rAQJZYlYk\nYjWfTcQ_MZ HU,3  G '&ҹɿi|he^:b,ѼRJ7^'=[(xcc?PƮJ_@PBS Zl%FTj9G V0;J[ ,4 $).52;3<.5$* I !ҽ7_)?^,\xJf dDV϶tbzH]WxwGa+@S =MGT`wGXP%6 v#+/40( b/@\(AVFXȭ[m+L\EV :/####)#߿}4plloy,||BWHZsmdJ]"'"P * ?PMvC`_h(` -`7^'WwKvj}wO3?&"/6,w.deeeeeenѣɱwL^w_pdK^COF:E;@@@$$$IOF?_4h71_4`%MrCro`j4$ '/+}Wj]|{cdgjmnmhciվK]r^s(dI]= jHZ@[XuF[~S<^*@a/ʯ1<q 7avkˡ{8emwxyyzwjciyӼԿWm2ud}@dEY  6?: 9E IX @RlVҾtHT!L<☬";H\o(Pb!Wi(}eat74 !'"""" *!6.60"' o b~z{{{{{{{{zi[Oega}( 3 ` x9q eJ_orswy{z{{{ye_xdBU  :,7e\w(3.;@RQhcnuyzzqWp ^y`z: f&/<@SRipZsh;Kf  =S DVf'35 Zr  SkMc H1? <(4Zt s ! h-:2?\$  V0?|'L' ? ???????px ??@?0 0|???'72ppp?x?x?hydra-8.1/hydra-logo.rc0000644000175000010010000000003112441064454013452 0ustar marcNone1 ICON "hydra-logo.ico" hydra-8.1/hydra-mod.c0000644000175000010010000011344712441064454013127 0ustar marcNone#include "hydra-mod.h" #include #ifdef LIBOPENSSL #include #include #include #include #endif #ifdef HAVE_PCRE #include #endif #define MAX_CONNECT_RETRY 1 #define WAIT_BETWEEN_CONNECT_RETRY 3 #define HYDRA_DUMP_ROWS 16 /* rfc 1928 SOCKS proxy */ #define SOCKS_V5 5 #define SOCKS_V4 4 #define SOCKS_NOAUTH 0 /* http://tools.ietf.org/html/rfc1929 */ #define SOCKS_PASSAUTH 2 #define SOCKS_NOMETHOD 0xff #define SOCKS_CONNECT 1 #define SOCKS_IPV4 1 #define SOCKS_DOMAIN 3 #define SOCKS_IPV6 4 extern int conwait; char quiet; int do_retry = 1; int module_auth_type = -1; int intern_socket, extern_socket; char pair[260]; char HYDRA_EXIT[5] = "\x00\xff\x00\xff\x00"; char *HYDRA_EMPTY = "\x00\x00\x00\x00"; char *fe80 = "\xfe\x80\x00"; int fail = 0; int alarm_went_off = 0; int use_ssl = 0; char ipaddr_str[64]; int src_port = 0; int __fck = 0; int ssl_first = 1; int __first_connect = 1; char ipstring[64]; unsigned int colored_output = 1; char quiet = 0; #ifdef LIBOPENSSL SSL *ssl = NULL; SSL_CTX *sslContext = NULL; RSA *rsa = NULL; #endif /* prototype */ int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec); /* ----------------- alarming functions ---------------- */ void alarming() { fail++; alarm_went_off++; /* uh, I think it's not good for performance if we try to reconnect to a timeout system! * if (fail > MAX_CONNECT_RETRY) { */ //fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int) getpid()); if (debug) printf("DEBUG_CONNECT_TIMEOUT\n"); hydra_child_exit(1); /* * } else { * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int)getpid(), fail, MAX_CONNECT_RETRY); * } */ } void interrupt() { if (debug) printf("DEBUG_INTERRUPTED\n"); } /* ----------------- internal functions ----------------- */ int internal__hydra_connect(char *host, int port, int protocol, int type) { int s, ret = -1, ipv6 = 0; #ifdef AF_INET6 struct sockaddr_in6 target6; struct sockaddr_in6 sin6; #endif struct sockaddr_in target; struct sockaddr_in sin; char *buf, *tmpptr = NULL; int err = 0; #ifdef AF_INET6 memset(&target6, 0, sizeof(target6)); memset(&sin6, 0, sizeof(sin6)); if ((host[0] == 16 && proxy_string_ip[0] != 4) || proxy_string_ip[0] == 16) ipv6 = 1; #endif #ifdef AF_INET6 if (ipv6) s = socket(AF_INET6, protocol, type); else #endif s = socket(PF_INET, protocol, type); if (s >= 0) { if (src_port != 0) { int bind_ok = 0; #ifdef AF_INET6 if (ipv6) { sin6.sin6_family = AF_INET6; sin6.sin6_port = htons(src_port); } else #endif { sin.sin_family = PF_INET; sin.sin_port = htons(src_port); sin.sin_addr.s_addr = INADDR_ANY; } //we will try to find a free port down to 512 while (!bind_ok && src_port >= 512) { #ifdef AF_INET6 if (ipv6) ret = bind(s, (struct sockaddr *) &sin6, sizeof(sin6)); else #endif ret = bind(s, (struct sockaddr *) &sin, sizeof(sin)); if (ret == -1) { if (verbose) perror("internal_hydra_connect error"); if (errno == EADDRINUSE) { src_port--; #ifdef AF_INET6 if (ipv6) sin6.sin6_port = htons(src_port); else #endif sin.sin_port = htons(src_port); } else { if (errno == EACCES && (getuid() > 0)) { fprintf(stderr, "[ERROR] You need to be root to test this service\n"); close(s); return -1; } } } else bind_ok = 1; } } if (use_proxy > 0) { if (proxy_string_ip[0] == 4) { memcpy(&target.sin_addr.s_addr, &proxy_string_ip[1], 4); target.sin_family = AF_INET; target.sin_port = htons(proxy_string_port); } #ifdef AF_INET6 if (proxy_string_ip[0] == 16) { memcpy(&target6.sin6_addr, &proxy_string_ip[1], 16); target6.sin6_family = AF_INET6; target6.sin6_port = htons(proxy_string_port); } #endif } else { if (host[0] == 4) { memcpy(&target.sin_addr.s_addr, &host[1], 4); target.sin_family = AF_INET; target.sin_port = htons(port); } #ifdef AF_INET6 if (host[0] == 16) { memcpy(&target6.sin6_addr, &host[1], 16); target6.sin6_family = AF_INET6; target6.sin6_port = htons(port); } #endif } signal(SIGALRM, alarming); do { if (fail > 0) sleep(WAIT_BETWEEN_CONNECT_RETRY); alarm_went_off = 0; alarm(waittime); #ifdef AF_INET6 #ifdef SO_BINDTODEVICE if (host[17] != 0) { setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, &host[17], strlen(&host[17]) + 1); } #else #ifdef IP_FORCE_OUT_IFP if (host[17] != 0) { setsockopt(s, SOL_SOCKET, IP_FORCE_OUT_IFP, &host[17], strlen(&host[17]) + 1); } #endif #endif if (ipv6) ret = connect(s, (struct sockaddr *) &target6, sizeof(target6)); else #endif ret = connect(s, (struct sockaddr *) &target, sizeof(target)); alarm(0); if (ret < 0 && alarm_went_off == 0) { fail++; if (verbose ) { if (do_retry && fail <= MAX_CONNECT_RETRY) fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY); else fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int) getpid()); } } } while (ret < 0 && fail <= MAX_CONNECT_RETRY && do_retry); if (ret < 0 && fail > MAX_CONNECT_RETRY) { if (debug) printf("DEBUG_CONNECT_UNREACHABLE\n"); /* we wont quit here, thats up to the module to decide what to do * fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int)getpid()); * hydra_child_exit(1); */ extern_socket = -1; close(s); ret = -1; return ret; } ret = s; extern_socket = s; if (debug) printf("DEBUG_CONNECT_OK\n"); err = 0; if (use_proxy == 2) { if ((buf = malloc(4096)) == NULL) { fprintf(stderr, "[ERROR] could not malloc()\n"); close(s); return -1; } memset(&target, 0, sizeof(target)); if (host[0] == 4) { memcpy(&target.sin_addr.s_addr, &host[1], 4); target.sin_family = AF_INET; target.sin_port = htons(port); } #ifdef AF_INET6 memset(&target6, 0, sizeof(target6)); if (host[0] == 16) { memcpy(&target6.sin6_addr, &host[1], 16); target6.sin6_family = AF_INET6; target6.sin6_port = htons(port); } #endif if (hydra_strcasestr(proxy_string_type, "connect") || hydra_strcasestr(proxy_string_type, "http")) { if (proxy_authentication == NULL) if (host[0] == 16) snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); else snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); else if (host[0] == 16) snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); else snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); send(s, buf, strlen(buf), 0); recv(s, buf, 4096, 0); if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') { if (debug) printf("DEBUG_CONNECT_PROXY_OK\n"); } else { if (debug) printf("DEBUG_CONNECT_PROXY_FAILED (Code: %c%c%c)\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); if (verbose) fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); err = 1; } // free(buf); } else { if (hydra_strcasestr(proxy_string_type, "socks5")) { // char buf[1024]; size_t cnt, wlen; /* socks v5 support */ buf[0] = SOCKS_V5; buf[1] = 1; if (proxy_authentication == NULL) buf[2] = SOCKS_NOAUTH; else buf[2] = SOCKS_PASSAUTH; cnt = hydra_send(s, buf, 3, 0); if (cnt != 3) { hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); err = 1; } else { cnt = hydra_recv(s, buf, 2); if (cnt != 2) { hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); err = 1; } if ((unsigned int) buf[1] == SOCKS_NOMETHOD) { hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); err = 1; } /* SOCKS_DOMAIN not supported here, do we need it ? */ if (err != 1) { /* send user/pass */ if (proxy_authentication != NULL) { //format was checked previously char *login = strtok(proxy_authentication, ":"); char *pass = strtok(NULL, ":"); snprintf(buf, sizeof(buf), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); cnt = hydra_send(s, buf, strlen(buf), 0); if (cnt != strlen(buf)) { hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); err = 1; } else { cnt = hydra_recv(s, buf, 2); if (cnt != 2) { hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); err = 1; } if (buf[1] != 0) { hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication failure\n"); err = 1; } else { if (debug) hydra_report(stderr, "[DEBUG] SOCKS5 proxy authentication success\n"); } } } #ifdef AF_INET6 if (ipv6) { /* Version 5, connect: IPv6 address */ buf[0] = SOCKS_V5; buf[1] = SOCKS_CONNECT; buf[2] = 0; buf[3] = SOCKS_IPV6; memcpy(buf + 4, &target6.sin6_addr, sizeof target6.sin6_addr); memcpy(buf + 20, &target6.sin6_port, sizeof target6.sin6_port); wlen = 22; } else { #endif /* Version 5, connect: IPv4 address */ buf[0] = SOCKS_V5; buf[1] = SOCKS_CONNECT; buf[2] = 0; buf[3] = SOCKS_IPV4; memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); memcpy(buf + 8, &target.sin_port, sizeof target.sin_port); wlen = 10; #ifdef AF_INET6 } #endif cnt = hydra_send(s, buf, wlen, 0); if (cnt != wlen) { hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/%zu)\n", cnt, wlen); err = 1; } else { cnt = hydra_recv(s, buf, 10); if (cnt != 10) { hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/10)\n", cnt); err = 1; } if (buf[1] != 0) { /* 0x05 = connection refused by destination host */ if (buf[1] == 5) hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); else hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]); err = 1; } } } } } else { if (hydra_strcasestr(proxy_string_type, "socks4")) { if (ipv6) { hydra_report(stderr, "[ERROR] SOCKS4 proxy does not support IPv6\n"); err = 1; } else { // char buf[1024]; size_t cnt, wlen; /* socks v4 support */ buf[0] = SOCKS_V4; buf[1] = SOCKS_CONNECT; /* connect */ memcpy(buf + 2, &target.sin_port, sizeof target.sin_port); memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); buf[8] = 0; /* empty username */ wlen = 9; cnt = hydra_send(s, buf, wlen, 0); if (cnt != wlen) { hydra_report(stderr, "[ERROR] SOCKS4 proxy write failed (%zu/%zu)\n", cnt, wlen); err = 1; } else { cnt = hydra_recv(s, buf, 8); if (cnt != 8) { hydra_report(stderr, "[ERROR] SOCKS4 proxy read failed (%zu/8)\n", cnt); err = 1; } if (buf[1] != 90) { /* 91 = 0x5b = request rejected or failed */ if (buf[1] == 91) hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); else hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]); err = 1; } } } } else { hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type); err = 1; } } } free(buf); } if (err) { close(s); extern_socket = -1; ret = -1; return ret; } fail = 0; return ret; } return ret; } #ifdef LIBOPENSSL RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { if (rsa == NULL) { #ifdef NO_RSA_LEGACY RSA *private = RSA_new(); BIGNUM *f4 = BN_new(); BN_set_word(f4, RSA_F4); RSA_generate_key_ex(rsa, 1024, f4, NULL); #else rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); #endif } return rsa; } int internal__hydra_connect_to_ssl(int socket) { int err; if (ssl_first) { SSL_load_error_strings(); // SSL_add_ssl_algoritms(); SSL_library_init(); // ? ssl_first = 0; } if (sslContext == NULL) { /* context: ssl2 + ssl3 is allowed, whatever the server demands */ if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { if (verbose) { err = ERR_get_error(); fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL)); } return -1; } /* set the compatbility mode */ SSL_CTX_set_options(sslContext, SSL_OP_ALL); SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1); /* we set the default verifiers and dont care for the results */ (void) SSL_CTX_set_default_verify_paths(sslContext); SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb); SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, NULL); } if ((ssl = SSL_new(sslContext)) == NULL) { if (verbose) { err = ERR_get_error(); fprintf(stderr, "[ERROR] preparing an SSL context: %s\n", ERR_error_string(err, NULL)); } SSL_set_bio(ssl, NULL, NULL); SSL_clear(ssl); return -1; } SSL_set_fd(ssl, socket); if (SSL_connect(ssl) <= 0) { // fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl)); if (verbose) { err = ERR_get_error(); fprintf(stderr, "[VERBOSE] Could not create an SSL session: %s\n", ERR_error_string(err, NULL)); } close(socket); return -1; } if (debug) fprintf(stderr, "[VERBOSE] SSL negotiated cipher: %s\n", SSL_get_cipher(ssl)); use_ssl = 1; return socket; } int internal__hydra_connect_ssl(char *host, int port, int protocol, int type) { int socket; if ((socket = internal__hydra_connect(host, port, protocol, type)) < 0) return -1; return internal__hydra_connect_to_ssl(socket); } #endif int internal__hydra_recv(int socket, char *buf, int length) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_read(ssl, buf, length); } else #endif return recv(socket, buf, length, 0); } int internal__hydra_send(int socket, char *buf, int size, int options) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_write(ssl, buf, size); } else #endif return send(socket, buf, size, options); } /* ------------------ public functions ------------------ */ void hydra_child_exit(int code) { char buf[2]; if (debug) printf("[DEBUG] pid %d called child_exit with code %d\n", getpid(), code); if (code == 0) /* normal quitting */ __fck = write(intern_socket, "Q", 1); else if (code == 1) /* no connect possible */ __fck = write(intern_socket, "C", 1); else if (code == 2) /* application protocol error or service shutdown */ __fck = write(intern_socket, "E", 1); // code 3 means exit without telling mommy about it - a bad idea. mommy should know else if (code == -1 || code > 3) { fprintf(stderr, "[TOTAL FUCKUP] a module should not use hydra_child_exit(-1) ! Fix it in the source please ...\n"); __fck = write(intern_socket, "E", 1); } do { usleep(10000); } while (read(intern_socket, buf, 1) <= 0); // sleep(2); // be sure that mommy receives our message exit(0); // might be killed before reaching this } void hydra_register_socket(int s) { intern_socket = s; } char *hydra_get_next_pair() { if (pair[0] == 0) { pair[sizeof(pair) - 1] = 0; __fck = read(intern_socket, pair, sizeof(pair) - 1); //if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) return HYDRA_EXIT; if (pair[0] == 0) return HYDRA_EMPTY; } return pair; } char *hydra_get_next_login() { if (pair[0] == 0) return HYDRA_EMPTY; return pair; } char *hydra_get_next_password() { char *ptr = pair; while (*ptr != '\0') ptr++; ptr++; if (*ptr == 0) return HYDRA_EMPTY; return ptr; } void hydra_completed_pair() { __fck = write(intern_socket, "N", 1); pair[0] = 0; } void hydra_completed_pair_found() { char *login; __fck = write(intern_socket, "F", 1); login = hydra_get_next_login(); __fck = write(intern_socket, login, strlen(login) + 1); pair[0] = 0; } void hydra_completed_pair_skip() { char *login; __fck = write(intern_socket, "f", 1); login = hydra_get_next_login(); __fck = write(intern_socket, login, strlen(login) + 1); pair[0] = 0; } /* based on writeError from Medusa project */ void hydra_report_debug(FILE * st, char *format, ...) { va_list ap; char buf[8200]; char bufOut[33000]; char temp[6]; unsigned char cTemp; int i = 0; if (format == NULL) { fprintf(stderr, "[ERROR] no msg passed.\n"); } else { va_start(ap, format); memset(bufOut, 0, sizeof(bufOut)); memset(buf, 0, 512); vsnprintf(buf, sizeof(buf), format, ap); // Convert any chars less than 32d or greater than 126d to hex for (i = 0; i < sizeof(buf); i++) { memset(temp, 0, 6); cTemp = (unsigned char) buf[i]; if ((cTemp < 32 && cTemp > 0) || cTemp > 126) { sprintf(temp, "[%02X]", cTemp); } else sprintf(temp, "%c", cTemp); if (strlen(bufOut) + 6 < sizeof(bufOut)) strncat(bufOut, temp, 6); else break; } fprintf(st, "%s\n", bufOut); va_end(ap); } return; } void hydra_report_found(int port, char *svc, FILE * fp) { /* if (!strcmp(svc, "rsh")) if (colored_output) fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login()); else fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); else if (colored_output) fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); else fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); if (stdout != fp) { if (!strcmp(svc, "rsh")) printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); else printf("[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); } fflush(fp); */ } /* needed for irc module to display the general server password */ void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) { /* strcpy(ipaddr_str, hydra_address2string(ip)); if (colored_output) fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); if (stdout != fp) printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); fflush(fp); */ } void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp) { /* char *keyw = "password"; strcpy(ipaddr_str, hydra_address2string(ip)); if (!strcmp(svc, "smtp-enum")) keyw = "domain"; if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) if (colored_output) fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); else fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) if (colored_output) fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) if (colored_output) fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); else if (colored_output) fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); else fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); if (stdout != fp) { if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); else printf("[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); } fflush(fp); fflush(stdout); */ } void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg) { /* strcpy(ipaddr_str, hydra_address2string(ip)); if (colored_output) fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); else fprintf(fp, "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); if (stdout != fp) printf("[%d][%s] host: %s login: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password()); fflush(fp); */ } int hydra_connect_to_ssl(int socket) { #ifdef LIBOPENSSL return (internal__hydra_connect_to_ssl(socket)); #else return -1; #endif } int hydra_connect_ssl(char *host, int port) { if (__first_connect != 0) __first_connect = 0; else sleep(conwait); #ifdef LIBOPENSSL return (internal__hydra_connect_ssl(host, port, SOCK_STREAM, 6)); #else return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); #endif } int hydra_connect_tcp(char *host, int port) { if (__first_connect != 0) __first_connect = 0; else sleep(conwait); return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); } int hydra_connect_udp(char *host, int port) { if (__first_connect != 0) __first_connect = 0; else sleep(conwait); return (internal__hydra_connect(host, port, SOCK_DGRAM, 17)); } int hydra_disconnect(int socket) { #ifdef LIBOPENSSL if (use_ssl && SSL_get_fd(ssl) == socket) { /* SSL_shutdown(ssl); ...skip this--it slows things down */ SSL_set_bio(ssl, NULL, NULL); SSL_clear(ssl); use_ssl = 0; } #endif close(socket); if (debug) printf("DEBUG_DISCONNECT\n"); return -1; } int hydra_data_ready_writing_timed(int socket, long sec, long usec) { fd_set fds; FD_ZERO(&fds); FD_SET(socket, &fds); return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } int hydra_data_ready_writing(int socket) { return (hydra_data_ready_writing_timed(socket, 30, 0)); } int hydra_data_ready_timed(int socket, long sec, long usec) { fd_set fds; FD_ZERO(&fds); FD_SET(socket, &fds); return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } int hydra_data_ready(int socket) { return (hydra_data_ready_timed(socket, 0, 100)); } int hydra_recv(int socket, char *buf, int length) { int ret; char text[64]; ret = internal__hydra_recv(socket, buf, length); if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buf, ret, text); //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); } return ret; } int hydra_recv_nb(int socket, char *buf, int length) { int ret = -1; char text[64]; if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) { if ((ret = internal__hydra_recv(socket, buf, length)) <= 0) { buf[0] = 0; if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buf, ret, text); } return ret; } if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buf, ret, text); //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); } } return ret; } char *hydra_receive_line(int socket) { char buf[1024], *buff, *buff2, text[64]; int i, j = 1, k, got = 0; if ((buff = malloc(sizeof(buf))) == NULL) { fprintf(stderr, "[ERROR] could not malloc\n"); return NULL; } memset(buff, 0, sizeof(buf)); if (debug) printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid()); if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) { if ((got = internal__hydra_recv(socket, buff, sizeof(buf) - 1)) < 0) { free(buff); return NULL; } } else { if (debug) printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket); i = 0; } if (got < 0) { if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data("", -1, text); //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i); perror("recv"); } free(buff); return NULL; } else { if (got > 0) { for (k = 0; k < got; k++) if (buff[k] == 0) buff[k] = 32; buff[got] = 0; usleep(100); } } while (hydra_data_ready(socket) > 0 && j > 0) { j = internal__hydra_recv(socket, buf, sizeof(buf) - 1); if (j > 0) { for (k = 0; k < j; k++) if (buf[k] == 0) buf[k] = 32; buf[j] = 0; if ((buff2 = realloc(buff, got + j + 1)) == NULL) { free(buff); return NULL; } else buff = buff2; memcpy(buff + got, &buf, j + 1); got += j; buff[got] = 0; } usleep(100); } if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buff, got, text); //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff); } if (got == 0) { free(buff); return NULL; } return buff; } int hydra_send(int socket, char *buf, int size, int options) { char text[64]; if (debug) { sprintf(text, "[DEBUG] SEND [pid:%d]", getpid()); hydra_dump_data(buf, size, text); /* int k; char *debugbuf = malloc(size + 1); if (debugbuf != NULL) { for (k = 0; k < size; k++) if (buf[k] == 0) debugbuf[k] = 32; else debugbuf[k] = buf[k]; debugbuf[size] = 0; hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", debugbuf, getpid()); free(debugbuf); }*/ } /* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */ return (internal__hydra_send(socket, buf, size, options)); } int make_to_lower(char *buf) { if (buf == NULL) return 1; while (buf[0] != 0) { buf[0] = tolower((int) buf[0]); buf++; } return 1; } char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; char *c, oldstring[1024]; static char newstring[1024]; if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) return NULL; strcpy(newstring, string); strcpy(oldstring, string); // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) { c = (char *) strstr(oldstring, oldpiece); new_len = strlen(newpiece); old_len = strlen(oldpiece); end = strlen(oldstring) - old_len; oldpiece_index = c - oldstring; newstr_index = 0; str_index = 0; while (c != NULL && str_index <= end) { /* Copy characters from the left of matched pattern occurence */ cpy_len = oldpiece_index - str_index; strncpy(newstring + newstr_index, oldstring + str_index, cpy_len); newstr_index += cpy_len; str_index += cpy_len; /* Copy replacement characters instead of matched pattern */ strcpy(newstring + newstr_index, newpiece); newstr_index += new_len; str_index += old_len; /* Check for another pattern match */ if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL) oldpiece_index = c - oldstring; } /* Copy remaining characters from the right of last matched pattern */ strcpy(newstring + newstr_index, oldstring + str_index); strcpy(oldstring, newstring); // } return newstring; } unsigned char hydra_conv64(unsigned char in) { if (in < 26) return (in + 'A'); else if (in >= 26 && in < 52) return (in + 'a' - 26); else if (in >= 52 && in < 62) return (in + '0' - 52); else if (in == 62) return '+'; else if (in == 63) return '/'; else { fprintf(stderr, "[ERROR] too high for base64: %d\n", in); return 0; } } void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) { unsigned char small[3] = { 0, 0, 0 }; unsigned char big[5]; unsigned char *ptr = buf; int i = bufsize; unsigned int len = 0; unsigned char bof[i]; if (buf == NULL || strlen((char *) buf) == 0) return; bof[0] = 0; memset(big, 0, sizeof(big)); memset(bof, 0, bufsize); for (i = 0; i < buflen / 3; i++) { memset(big, 0, sizeof(big)); big[0] = hydra_conv64(*ptr >> 2); big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4)); big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6)); big[3] = hydra_conv64(*(ptr + 2) & 63); len += strlen((char *) big); if (len > bufsize) { buf[0] = 0; return; } strcat((char *) bof, (char *) big); ptr += 3; } if (*ptr != 0) { small[0] = *ptr; if (*(ptr + 1) != 0) small[1] = *(ptr + 1); else small[1] = 0; ptr = small; big[0] = hydra_conv64(*ptr >> 2); big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4)); big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6)); big[3] = hydra_conv64(*(ptr + 2) & 63); if (small[1] == 0) big[2] = '='; big[3] = '='; strcat((char *) bof, (char *) big); } strcpy((char *) buf, (char *) bof); /* can not overflow */ } void hydra_dump_asciihex(unsigned char *string, int length) { unsigned char *p = (unsigned char *) string; unsigned char lastrow_data[16]; int rows = length / HYDRA_DUMP_ROWS; int lastrow = length % HYDRA_DUMP_ROWS; int i, j; for (i = 0; i < rows; i++) { printf("%04hx: ", i * 16); for (j = 0; j < HYDRA_DUMP_ROWS; j++) { printf("%02x", p[(i * 16) + j]); if (j % 2 == 1) printf(" "); } printf(" [ "); for (j = 0; j < HYDRA_DUMP_ROWS; j++) { if (isprint(p[(i * 16) + j])) printf("%c", p[(i * 16) + j]); else printf("."); } printf(" ]\n"); } if (lastrow > 0) { memset(lastrow_data, 0, sizeof(lastrow_data)); memcpy(lastrow_data, p + length - lastrow, lastrow); printf("%04hx: ", i * 16); for (j = 0; j < lastrow; j++) { printf("%02x", p[(i * 16) + j]); if (j % 2 == 1) printf(" "); } while (j < HYDRA_DUMP_ROWS) { printf(" "); if (j % 2 == 1) printf(" "); j++; } printf(" [ "); for (j = 0; j < lastrow; j++) { if (isprint(p[(i * 16) + j])) printf("%c", p[(i * 16) + j]); else printf("."); } while (j < HYDRA_DUMP_ROWS) { printf(" "); j++; } printf(" ]\n"); } } char *hydra_address2string(char *address) { struct sockaddr_in target; struct sockaddr_in6 target6; if (address[0] == 4) { memcpy(&target.sin_addr.s_addr, &address[1], 4); return inet_ntoa((struct in_addr) target.sin_addr); } else #ifdef AF_INET6 if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); return ipstring; } else #endif { if (debug) fprintf(stderr, "[ERROR] unknown address string size!\n"); return NULL; } return NULL; // not reached } void hydra_set_srcport(int port) { src_port = port; } #ifdef HAVE_PCRE int hydra_string_match(char *str, const char *regex) { pcre *re = NULL; int offset_error = 0; const char *error = NULL; int rc = 0; re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL); if (re == NULL) { fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %s\n", offset_error, error); return 0; } rc = pcre_exec(re, NULL, str, strlen(str), 0, 0, NULL, 0); if (rc >= 0) { return 1; } return 0; } #endif /* * str_replace.c implements a str_replace PHP like function * Copyright (C) 2009 chantra * * Create a new string with [substr] being replaced ONCE by [replacement] in [string] * Returns the new string, or NULL if out of memory. * The caller is responsible for freeing this new string. * */ char *hydra_string_replace(const char *string, const char *substr, const char *replacement) { char *tok = NULL; char *newstr = NULL; tok = strstr(string, substr); if (tok == NULL) return strdup(string); newstr = malloc(strlen(string) - strlen(substr) + strlen(replacement) + 1); if (newstr == NULL) return NULL; memcpy(newstr, string, tok - string); memcpy(newstr + (tok - string), replacement, strlen(replacement)); memcpy(newstr + (tok - string) + strlen(replacement), tok + strlen(substr), strlen(string) - strlen(substr) - (tok - string)); memset(newstr + strlen(string) - strlen(substr) + strlen(replacement), 0, 1); return newstr; } char *hydra_strcasestr(const char *haystack, const char *needle) { if (needle == NULL || *needle == 0) return NULL; for (; *haystack; ++haystack) { if (toupper((int) *haystack) == toupper((int) *needle)) { const char *h, *n; for (h = haystack, n = needle; *h && *n; ++h, ++n) { if (toupper((int) *h) != toupper((int) *n)) { break; } } if (!*n) { /* matched all of 'needle' to null termination */ return (char *) haystack; /* return the start of the match */ } } } return NULL; } void hydra_dump_data(unsigned char *buf, int len, char *text) { unsigned char *p = (unsigned char *) buf; unsigned char lastrow_data[16]; int rows = len / 16; int lastrow = len % 16; int i, j; if (text != NULL && text[0] != 0) printf("%s (%d bytes):\n", text, len); if (buf == NULL || len < 1) return; for (i = 0; i < rows; i++) { printf("%04hx: ", i * 16); for (j = 0; j < 16; j++) { printf("%02x", p[(i * 16) + j]); if (j % 2 == 1) printf(" "); } printf(" [ "); for (j = 0; j < 16; j++) { if (isprint(p[(i * 16) + j])) printf("%c", p[(i * 16) + j]); else printf("."); } printf(" ]\n"); } if (lastrow > 0) { memset(lastrow_data, 0, sizeof(lastrow_data)); memcpy(lastrow_data, p + len - lastrow, lastrow); printf("%04hx: ", i * 16); for (j = 0; j < lastrow; j++) { printf("%02x", p[(i * 16) + j]); if (j % 2 == 1) printf(" "); } while (j < 16) { printf(" "); if (j % 2 == 1) printf(" "); j++; } printf(" [ "); for (j = 0; j < lastrow; j++) { if (isprint(p[(i * 16) + j])) printf("%c", p[(i * 16) + j]); else printf("."); } while (j < 16) { printf(" "); j++; } printf(" ]\n"); } } int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen) { int i; for (i = 0; i <= hlen - nlen; i++) if (memcmp(haystack + i, needle, nlen) == 0) return i; return -1; } hydra-8.1/hydra-mod.h0000644000175000010010000000444012441064454013124 0ustar marcNone#ifndef _HYDRA_MOD_H #define _HYDRA_MOD_H #include "hydra.h" extern char quiet; extern void hydra_child_exit(int code); extern void hydra_register_socket(int s); extern char *hydra_get_next_pair(); extern char *hydra_get_next_login(); extern char *hydra_get_next_password(); extern void hydra_completed_pair(); extern void hydra_completed_pair_found(); extern void hydra_completed_pair_skip(); extern void hydra_report_found(int port, char *svc, FILE * fp); extern void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp); extern void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp); extern void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg); extern void hydra_report_debug(FILE *st, char *format, ...); extern int hydra_connect_to_ssl(int socket); extern int hydra_connect_ssl(char *host, int port); extern int hydra_connect_tcp(char *host, int port); extern int hydra_connect_udp(char *host, int port); extern int hydra_disconnect(int socket); extern int hydra_data_ready(int socket); extern int hydra_recv(int socket, char *buf, int length); extern int hydra_recv_nb(int socket, char *buf, int length); extern char *hydra_receive_line(int socket); extern int hydra_send(int socket, char *buf, int size, int options); extern int make_to_lower(char *buf); extern unsigned char hydra_conv64(unsigned char in); extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); extern void hydra_dump_asciihex(unsigned char *string, int length); extern void hydra_set_srcport(int port); extern char *hydra_address2string(char *address); extern char *hydra_strcasestr(const char *haystack, const char *needle); extern void hydra_dump_data(unsigned char *buf, int len, char *text); extern int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen); extern char *hydra_strrep(char *string, char *oldpiece, char *newpiece); #ifdef HAVE_PCRE int hydra_string_match(char *str, const char *regex); #endif char *hydra_string_replace(const char *string, const char *substr, const char *replacement); int debug; int verbose; int waittime; int port; int use_proxy; int found; char proxy_string_ip[36]; int proxy_string_port; char proxy_string_type[10]; char *proxy_authentication; char *cmdlinetarget; typedef int BOOL; #define hydra_report fprintf #endif hydra-8.1/hydra-mssql.c0000644000175000010010000001376412441064454013510 0ustar marcNone#include "hydra-mod.h" #define MSLEN 30 extern char *HYDRA_EXIT; char *buf; unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00"; unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00"; unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00"; int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[1024]; char ms_login[MSLEN + 1]; char ms_pass[MSLEN + 1]; unsigned char len_login, len_pass; int ret = -1; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; if (strlen(login) > MSLEN) login[MSLEN - 1] = 0; if (strlen(pass) > MSLEN) pass[MSLEN - 1] = 0; len_login = strlen(login); len_pass = strlen(pass); memset(ms_login, 0, MSLEN + 1); memset(ms_pass, 0, MSLEN + 1); strcpy(ms_login, login); strcpy(ms_pass, pass); memset(buffer, 0, sizeof(buffer)); memcpy(buffer, p_hdr, 39); memcpy(buffer + 39, ms_login, MSLEN); memcpy(buffer + MSLEN + 39, &len_login, 1); memcpy(buffer + MSLEN + 1 + 39, ms_pass, MSLEN); memcpy(buffer + MSLEN + 1 + 39 + MSLEN, &len_pass, 1); memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1, p_pk2, 110); memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110, &len_pass, 1); memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1, ms_pass, MSLEN); memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN, p_pk3, 270); if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) return 1; if (hydra_send(s, (char *) p_lng, 71, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); if (ret <= 0) return 3; if (ret > 10 && buffer[8] == '\xe3') { hydra_report_found_host(port, ip, "mssql", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = start_mssql(sock, ip, port, options, miscptr, fp); hydra_disconnect(sock); break; case 2: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-mysql.c0000644000175000010010000003114312441064454013505 0ustar marcNone /* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */ /* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */ #include "hydra-mod.h" #ifndef HAVE_MATH_H #include void dummy_mysql() { printf("\n"); } void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { printf("\n"); } #else #include #define DEFAULT_DB "mysql" #ifndef LIBMYSQLCLIENT #else #if defined(HAVE_MYSQL_MYSQL_H) #include #elif defined(HAVE_MYSQL_H) #include #else #error libmysqlclient found, but no usable headers available #endif MYSQL *mysql = NULL; #endif void hydra_hash_password(unsigned long *result, const char *password); char *hydra_scramble(char *to, const char *message, const char *password); extern int internal__hydra_recv(int socket, char *buf, int length); extern int hydra_data_ready_timed(int socket, long sec, long usec); extern char *HYDRA_EXIT; char mysqlsalt[9]; /* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ char *hydra_mysql_receive_line(int socket) { char buf[300], *buff, *buff2; int i = 0, j = 0, buff_size = 300; buff = malloc(buff_size); if (buff == NULL) return NULL; memset(buff, 0, sizeof(buf)); i = hydra_data_ready_timed(socket, (long) waittime, 0); if (i > 0) { if ((i = internal__hydra_recv(socket, buff, sizeof(buf))) < 0) { free(buff); return NULL; } } if (i <= 0) { if (debug) hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END\n"); free(buff); return NULL; } j = 1; while (hydra_data_ready(socket) > 0 && j > 0) { j = internal__hydra_recv(socket, buf, sizeof(buf)); if (j > 0) { if (i + j > buff_size || (buff2 = realloc(buff, i + j)) == NULL) { free(buff); return NULL; } else { buff = buff2; buff_size = i + j; } memcpy(buff + i, &buf, j); i += j; } } if (debug) hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff); return buff; } /* check if valid mysql protocol, mysql version and read salt */ char hydra_mysql_init(int sock) { char *server_version, *pos, *buf; unsigned char protocol; buf = hydra_mysql_receive_line(sock); if (buf == NULL) return 1; protocol = buf[4]; if (protocol == 0xff) { pos = &buf[6]; // *(strchr(pos, '.')) = '\0'; hydra_report(stderr, "[ERROR] %s\n", pos); free(buf); return 2; } if (protocol <= 10) { free(buf); return 2; } if (protocol > 10) { fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol); } server_version = &buf[5]; pos = buf + strlen(server_version) + 10; memcpy(mysqlsalt, pos, 9); if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) { #ifndef LIBMYSQLCLIENT hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n"); #endif free(buf); return 2; } free(buf); return 0; } /* prepare response to server greeting */ char *hydra_mysql_prepare_auth(char *login, char *pass) { unsigned char *response; unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login); unsigned long response_len = 4 /* header */ + 2 /* client flags */ + 3 /* max packet len */ + login_len + 1 + 8 /* scrambled password len */ ; response = (unsigned char *) malloc(response_len + 4); if (response == NULL) { fprintf(stderr, "[ERROR] could not allocate memory\n"); return NULL; } memset(response, 0, response_len + 4); *((unsigned long *) response) = response_len - 4; response[3] = 0x01; /* packet number */ response[4] = 0x85; response[5] = 0x24; /* client flags */ response[6] = response[7] = response[8] = 0x00; /* max packet */ memcpy(&response[9], login, login_len); /* login */ response[9 + login_len] = '\0'; /* null terminate login */ hydra_scramble((char *) &response[9 + login_len + 1], mysqlsalt, pass); return (char *) response; } /* returns 0 if authentication succeed */ /* and 1 if failed */ char hydra_mysql_parse_response(unsigned char *response) { unsigned long response_len = *((unsigned long *) response) & 0xffffff; if (response_len < 4) return 0; if (response[4] == 0xff) return 1; return 0; } char hydra_mysql_send_com_quit(int sock) { char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 }; hydra_send(sock, com_quit_packet, 5, 0); return 0; } int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *response = NULL, *login = NULL, *pass = NULL; unsigned long response_len; char res = 0; char database[256]; login = hydra_get_next_login(); pass = hydra_get_next_password(); if (miscptr) strncpy(database, miscptr, sizeof(database) - 1); else { strncpy(database, DEFAULT_DB, sizeof(database) - 1); if (verbose) hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n"); } database[sizeof(database) - 1] = 0; /* read server greeting */ res = hydra_mysql_init(sock); if (res == 2) { /* old reversing protocol trick did not work */ /* try using the libmysql client if available */ hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); #ifdef LIBMYSQLCLIENT if (mysql == NULL) { mysql = mysql_init(NULL); if (mysql == NULL) { hydra_report(stderr, "[ERROR] Insufficient memory to allocate new mysql object\n"); return 1; } } /*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */ if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) { int my_errno = mysql_errno(mysql); if (debug) hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql)); /* Error: 1049 SQLSTATE: 42000 (ER_BAD_DB_ERROR) Message: Unknown database '%s' */ if (my_errno == 1049) { hydra_report(stderr, "[ERROR] Unknown database: %s\n", database); } if (my_errno == 1251) { hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n"); } /* http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html Error: 1044 SQLSTATE: 42000 (ER_DBACCESS_DENIED_ERROR) Message: Access denied for user '%s'@'%s' to database '%s' Error: 1045 SQLSTATE: 28000 (ER_ACCESS_DENIED_ERROR) Message: Access denied for user '%s'@'%s' (using password: %s) */ //if the error is more critical, we just try to reconnect //to the db later with the mysql_init if ((my_errno != 1044) && (my_errno != 1045)) { mysql_close(mysql); mysql = NULL; } return 3; } hydra_report_found_host(port, ip, "mysql", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { mysql_close(mysql); mysql = NULL; return 3; } return 1; #else hydra_child_exit(2); #endif } if (res == 1) return 1; /* prepare client authentication packet */ response = hydra_mysql_prepare_auth(login, pass); if (response == NULL) return 3; response_len = *((unsigned long *) response) & 0xffffff; /* send client auth packet */ /* dunny why, mysql IO code had problem reading my response. */ /* When I send response_len bytes, it always read response_len-4 bytes */ /* I fixed it just by sending 4 characters more. It is maybe not good */ /* coding style, but working :) */ if (hydra_send(sock, response, response_len + 4, 0) < 0) { free(response); return 1; } free(response); /* read authentication response */ if ((response = hydra_mysql_receive_line(sock)) == NULL) return 1; res = hydra_mysql_parse_response((unsigned char *) response); if (!res) { hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); hydra_report_found_host(port, ip, "mysql", fp); hydra_completed_pair_found(); free(response); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } free(response); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; /* each try requires new connection */ return 1; } void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_MYSQL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) { hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); } // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* run the cracking function */ next_run = start_mysql(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) { hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); } hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } #ifndef LIBMYSQLCLIENT #endif /************************************************************************/ /* code belowe is copied from mysql 3.23.57 source code (www.mysql.com) */ /* and slightly modified (removed not needed parts of code, changed */ /* data types) */ /************************************************************************/ struct hydra_rand_struct { unsigned long seed1, seed2, max_value; double max_value_dbl; }; void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ rand_st->max_value = 0x3FFFFFFFL; rand_st->max_value_dbl = (double) rand_st->max_value; rand_st->seed1 = seed1 % rand_st->max_value; rand_st->seed2 = seed2 % rand_st->max_value; } double hydra_rnd(struct hydra_rand_struct *rand_st) { rand_st->seed1 = (rand_st->seed1 * 3 + rand_st->seed2) % rand_st->max_value; rand_st->seed2 = (rand_st->seed1 + rand_st->seed2 + 33) % rand_st->max_value; return (((double) rand_st->seed1) / rand_st->max_value_dbl); } void hydra_hash_password(unsigned long *result, const char *password) { register unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L; unsigned long tmp; for (; *password; password++) { if (*password == ' ' || *password == '\t') continue; /* skipp space in password */ tmp = (unsigned long) (unsigned char) *password; nr ^= (((nr & 63) + add) * tmp) + (nr << 8); nr2 += (nr2 << 8) ^ nr; add += tmp; } result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ; result[1] = nr2 & (((unsigned long) 1L << 31) - 1L); return; } char *hydra_scramble(char *to, const char *message, const char *password) { struct hydra_rand_struct rand_st; unsigned long hash_pass[2], hash_message[2]; char extra; if (password && password[0]) { char *to_start = to; hydra_hash_password(hash_pass, password); hydra_hash_password(hash_message, message); hydra_randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]); while (*message++) *to++ = (char) (floor(hydra_rnd(&rand_st) * 31) + 64); extra = (char) (floor(hydra_rnd(&rand_st) * 31)); while (to_start != to) *(to_start++) ^= extra; } *to = 0; return to; } #endif int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-ncp.c0000644000175000010010000001251012441064454013115 0ustar marcNone /* * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com * Tested on Netware 6.5 * * you need to install libncp and libncp-dev (tested with version 2.2.6-3) * * you can passed full context as OPT * * example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx * */ #include "hydra-mod.h" #ifndef LIBNCP void dummy_ncp() { printf("\n"); } #else #include #include #include #include extern char *HYDRA_EXIT; extern int child_head_no; typedef struct __NCP_DATA { struct ncp_conn_spec spec; struct ncp_conn *conn; char *context; } _NCP_DATA; //uncomment line below to see more trace stack //#define NCP_DEBUG int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *login; char *pass; char context[256]; unsigned int ncp_lib_error_code; char *empty = ""; int object_type = NCP_BINDERY_USER; _NCP_DATA *session; session = malloc(sizeof(_NCP_DATA)); memset(session, 0, sizeof(_NCP_DATA)); login = empty; pass = empty; if (strlen(login = hydra_get_next_login()) == 0) { login = empty; } else { if (miscptr) { if (strlen(miscptr) + strlen(login) > sizeof(context)) { free(session); return 4; } memset(context, 0, sizeof(context)); strncpy(context, login, strlen(login)); strncpy(context + strlen(login), miscptr, sizeof(miscptr) + 1); login = context; } } //login and password are case insensitive //str_upper(login); if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; ncp_lib_error_code = ncp_find_conn_spec3(hydra_address2string(ip), login, "", 1, getuid(), 0, &session->spec); if (ncp_lib_error_code) { free(session); return 1; } ncp_lib_error_code = NWCCOpenConnByName(NULL, session->spec.server, NWCC_NAME_FORMAT_BIND, NWCC_OPEN_NEW_CONN, NWCC_RESERVED, &session->conn); if (ncp_lib_error_code) { free(session); return 1; } memset(session->spec.password, 0, sizeof(session->spec.password)); memcpy(session->spec.password, pass, strlen(pass) + 1); //str_upper(session->spec.password); ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password); switch (ncp_lib_error_code & 0x0000FFFF) { case 0x0000: /* Success */ #ifdef NCP_DEBUG printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); #endif ncp_close(session->conn); hydra_report_found_host(port, ip, "ncp", fp); //ok hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; //exit free(session); return 2; //next break; case 0x89DE: /* PASSWORD INVALID */ case 0x89F0: /* BIND WILDCARD INVALID */ case 0x89FF: /* NO OBJ OR BAD PASSWORD */ case 0xFD63: /* FAILED_AUTHENTICATION */ case 0xFDA7: /* NO_SUCH_ENTRY */ #ifdef NCP_DEBUG printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); #endif ncp_close(session->conn); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { free(session); return 2; //next } break; default: #ifdef NCP_DEBUG printf("Failed to open connection. Error code: %X\n", ncp_lib_error_code); #endif if (session->conn != NULL) ncp_close(session->conn); break; } free(session); return 1; //reconnect } void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_NCP; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* * Here we start the password cracking process */ next_run = start_ncp(sock, ip, port, options, miscptr, fp); break; case 3: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 4: if (child_head_no == 0) fprintf(stderr, "[ERROR] Optional parameter too long!\n"); hydra_child_exit(0); default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } #endif int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-nntp.c0000644000175000010010000003272312441064454013324 0ustar marcNone#include "hydra-mod.h" #include "sasl.h" /* Based on: RFC 3977: Network News Transfer Protocol (NNTP) RFC 4643: Network News Transfer Protocol (NNTP) Extension for Authentication */ int nntp_auth_mechanism = AUTH_CLEAR; extern char *HYDRA_EXIT; char *buf; char *nntp_read_server_capacity(int sock) { char *ptr = NULL; int resp = 0; char *buf = NULL; do { if (buf != NULL) free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { if (isdigit((int) buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; #ifdef NO_RINDEX if ((ptr = strrchr(buf, '\n')) != NULL) { #else if ((ptr = rindex(buf, '\n')) != NULL) { #endif ptr++; if (isdigit((int) *ptr) && *(ptr + 3) == ' ') resp = 1; } } } } while (buf != NULL && resp == 0); return buf; } int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500], *fooptr; int i = 1; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; while (i > 0 && hydra_data_ready(s) > 0) i = hydra_recv(s, buffer, 300); if (i < 0) i = 0; buffer[i] = 0; switch (nntp_auth_mechanism) { case AUTH_LOGIN: sprintf(buffer, "AUTHINFO SASL LOGIN\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (buf == NULL || strstr(buf, "383") == NULL) { hydra_report(stderr, "[ERROR] NNTP LOGIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); strcpy(buffer2, login); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (buf == NULL || strstr(buf, "383") == NULL) { hydra_report(stderr, "[ERROR] NNTP LOGIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); strcpy(buffer2, pass); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); break; case AUTH_PLAIN: sprintf(buffer, "AUTHINFO SASL PLAIN\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (buf == NULL || strstr(buf, "383") == NULL) { hydra_report(stderr, "[ERROR] NNTP PLAIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); memset(buffer, 0, sizeof(buffer)); sasl_plain(buffer, login, pass); sprintf(buffer, "%.250s\r\n", buffer); break; #ifdef LIBOPENSSL case AUTH_CRAMMD5:{ int rc = 0; char *preplogin; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { return 3; } sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } //get the one-time BASE64 encoded challenge if ((buf = hydra_receive_line(s)) == NULL) return 1; if (buf == NULL || strstr(buf, "383") == NULL) { hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buf + 4); free(buf); memset(buffer2, 0, sizeof(buffer2)); sasl_cram_md5(buffer2, pass, buffer); sprintf(buffer, "%s %.250s", preplogin, buffer2); hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); sprintf(buffer, "%.250s\r\n", buffer); free(preplogin); } break; case AUTH_DIGESTMD5:{ sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; //receive if ((buf = hydra_receive_line(s)) == NULL) return 1; if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buf + 4); free(buf); if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); if (fooptr == NULL) return 3; if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); } break; #endif case AUTH_NTLM:{ unsigned char buf1[4096]; unsigned char buf2[4096]; //send auth and receive challenge buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); free(buf); return 3; } //recover challenge from64tobits((char *) buf1, buf + 4); free(buf); buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); sprintf(buffer, "%s\r\n", (char *) buf1); } break; default:{ sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; if (buf[0] != '3') { if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); free(buf); return (3); } free(buf); sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); } break; } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; if (buf[0] == '2') { hydra_report_found_host(port, ip, "nntp", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int i = 0, run = 1, next_run = 1, sock = -1; int myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; char *buffer1 = "CAPABILITIES\r\n"; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } // usleep(300000); buf = hydra_receive_line(sock); if (buf == NULL || buf[0] != '2') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } free(buf); /* send capability request */ if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) hydra_child_exit(2); buf = nntp_read_server_capacity(sock); if (buf == NULL) { hydra_child_exit(2); } #ifdef LIBOPENSSL if (!disable_tls) { /* if we got a positive answer */ if (strstr(buf, "STARTTLS") != NULL) { hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0); free(buf); buf = hydra_receive_line(sock); /* 382 Begin TLS negotiation now */ if (buf == NULL || strstr(buf, "382") == NULL) { if (verbose) hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); disable_tls = 1; run = 1; break; } else { if (verbose) hydra_report(stderr, "[VERBOSE] TLS connection done\n"); } /* ask again capability request but in TLS mode */ if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) hydra_child_exit(2); /* we asking again cause often plain and login can only be negociate in SSL tunnel */ buf = nntp_read_server_capacity(sock); if (buf == NULL) { hydra_child_exit(2); } } } } #endif /* AUTHINFO USER SASL SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "SASL\\s.*NTLM")) { #else if (strstr(buf, "NTLM") != NULL) { #endif nntp_auth_mechanism = AUTH_NTLM; } #ifdef LIBOPENSSL #ifdef HAVE_PCRE if (hydra_string_match(buf, "SASL\\s.*DIGEST-MD5")) { #else if (strstr(buf, "DIGEST-MD5") != NULL) { #endif nntp_auth_mechanism = AUTH_DIGESTMD5; } #ifdef HAVE_PCRE if (hydra_string_match(buf, "SASL\\s.*CRAM-MD5")) { #else if (strstr(buf, "CRAM-MD5") != NULL) { #endif nntp_auth_mechanism = AUTH_CRAMMD5; } #endif #ifdef HAVE_PCRE if (hydra_string_match(buf, "SASL\\s.*PLAIN")) { #else if (strstr(buf, "PLAIN") != NULL) { #endif nntp_auth_mechanism = AUTH_PLAIN; } #ifdef HAVE_PCRE if (hydra_string_match(buf, "SASL\\s.*LOGIN")) { #else if (strstr(buf, "LOGIN") != NULL) { #endif nntp_auth_mechanism = AUTH_LOGIN; } #ifdef HAVE_PCRE if (hydra_string_match(buf, "AUTHINFO\\sUSER")) { #else if (strstr(buf, "AUTHINFO USER") != NULL) { #endif nntp_auth_mechanism = AUTH_CLEAR; } if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) miscptr[i] = (char) toupper((int) miscptr[i]); if (strncmp(miscptr, "USER", 4) == 0) nntp_auth_mechanism = AUTH_CLEAR; if (strncmp(miscptr, "LOGIN", 5) == 0) nntp_auth_mechanism = AUTH_LOGIN; if (strncmp(miscptr, "PLAIN", 5) == 0) nntp_auth_mechanism = AUTH_PLAIN; #ifdef LIBOPENSSL if (strncmp(miscptr, "CRAM-MD5", 8) == 0) nntp_auth_mechanism = AUTH_CRAMMD5; if (strncmp(miscptr, "DIGEST-MD5", 10) == 0) nntp_auth_mechanism = AUTH_DIGESTMD5; #endif if (strncmp(miscptr, "NTLM", 4) == 0) nntp_auth_mechanism = AUTH_NTLM; } if (verbose) { switch (nntp_auth_mechanism) { case AUTH_CLEAR: hydra_report(stderr, "[VERBOSE] using NNTP AUTHINFO USER mechanism\n"); break; case AUTH_LOGIN: hydra_report(stderr, "[VERBOSE] using NNTP LOGIN AUTH mechanism\n"); break; case AUTH_PLAIN: hydra_report(stderr, "[VERBOSE] using NNTP PLAIN AUTH mechanism\n"); break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: hydra_report(stderr, "[VERBOSE] using NNTP CRAM-MD5 AUTH mechanism\n"); break; case AUTH_DIGESTMD5: hydra_report(stderr, "[VERBOSE] using NNTP DIGEST-MD5 AUTH mechanism\n"); break; #endif case AUTH_NTLM: hydra_report(stderr, "[VERBOSE] using NNTP NTLM AUTH mechanism\n"); break; } } usleep(25000); free(buf); next_run = 2; break; case 2: /* run the cracking function */ next_run = start_nntp(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-oracle-listener.c0000644000175000010010000002227712441064454015440 0ustar marcNone /* david: PASSWORDS_LISTENER in listener.ora can be in clear or in plain mode, this module support the 2 modes, use -m PLAIN or -m CLEAR on the cmd line. Default is plain (oracle 10 uses it). Thanks to Marcell for the plain mode analysis available at http://marcellmajor.com/frame_listenerhash.html */ #include "hydra-mod.h" #ifndef LIBOPENSSL #include void dummy_oracle_listener() { printf("\n"); } #else #include #include #define HASHSIZE 17 extern char *HYDRA_EXIT; char *buf; unsigned char *hash; int sid_mechanism = AUTH_PLAIN; int initial_permutation(unsigned char **result, char *p_str, int *sz) { int k = 0; int i = strlen(p_str); char *buff; //expand the string with zero so that length is a multiple of 4 while ((i % 4) != 0) { i = i + 1; } *sz = 2 * i; if ((buff = malloc(i + 4)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } memset(buff, 0, i + 4); strcpy(buff, p_str); //swap the order of every byte pair for (k = 0; k < i; k += 2) { char bck = buff[k + 1]; buff[k + 1] = buff[k]; buff[k] = bck; } //convert to unicode if ((*result = malloc(2 * i)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); free(buff); return 1; } memset(*result, 0, 2 * i); for (k = 0; k < i; k++) { (*result)[2 * k] = buff[k]; } free(buff); return 0; } int ora_hash(unsigned char **orahash, unsigned char *buf, int len) { int i; if ((*orahash = malloc(HASHSIZE)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } for (i = 0; i < 8; i++) { sprintf(((char *) *orahash) + i * 2, "%02X", buf[len - 8 + i]); } return 0; } int convert_byteorder(unsigned char **result, int size) { int i = 0; char *buff; if ((buff = malloc(size)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } memcpy(buff, *result, size); while (i < size) { buff[i + 0] = (*result)[i + 3]; buff[i + 1] = (*result)[i + 2]; buff[i + 2] = (*result)[i + 1]; buff[i + 3] = (*result)[i + 0]; i += 4; } memcpy(*result, buff, size); free(buff); return 0; } int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { int i = 0; char lastkey[8]; des_key_schedule ks1; unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; unsigned char *desresult; memset(ivec1, 0, sizeof(ivec1)); if ((desresult = malloc(siz)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } des_key_sched((C_Block *) key1, ks1); des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); for (i = 0; i < 8; i++) { lastkey[i] = desresult[siz - 8 + i]; } des_key_sched((C_Block *) lastkey, ks1); memset(desresult, 0, siz); memset(ivec1, 0, sizeof(ivec1)); des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); if ((*rs = malloc(siz)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); free(desresult); return 1; } memcpy(*rs, desresult, siz); return 0; } int ora_hash_password(char *pass) { // secret hash function comes here, and written to char *hash int siz = 0; unsigned char *desresult; unsigned char *result; char buff[strlen(pass) + 5]; memset(buff, 0, sizeof(buff)); //concatenate Arb string and convert the resulting string to uppercase snprintf(buff, sizeof(buff), "Arb%s", pass); strupper(buff); if (initial_permutation(&result, buff, &siz)) { hydra_report(stderr, "[ERROR] ora_hash_password: in initial_permutation\n"); return 1; } if (convert_byteorder(&result, siz)) { hydra_report(stderr, "[ERROR] ora_hash_password: in convert_byteorder\n"); free(result); return 1; } if (ora_descrypt(&desresult, result, siz)) { hydra_report(stderr, "[ERROR] ora_hash_password: in DES crypt\n"); free(result); return 1; } free(result); if (ora_hash(&result, desresult, siz)) { hydra_report(stderr, "[ERROR] ora_hash_password: in extracting Oracle hash\n"); free(desresult); return 1; } memcpy(hash, result, HASHSIZE); free(desresult); free(result); return 0; } int start_oracle_listener(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { unsigned char tns_packet_begin[22] = { "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" }; unsigned char tns_packet_end[32] = { "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" }; char *empty = ""; char *pass; char connect_string[200]; char buffer2[260]; int siz = 0; memset(connect_string, 0, sizeof(connect_string)); memset(buffer2, 0, sizeof(buffer2)); if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; if (sid_mechanism == AUTH_PLAIN) { if ((hash = malloc(HASHSIZE)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } memset(hash, 0, HASHSIZE); if (ora_hash_password(pass)) { hydra_report(stderr, "[ERROR] generating Oracle hash\n"); free(hash); return 1; } pass = (char *) hash; } snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass); if (hash != NULL) free(hash); if (verbose) hydra_report(stderr, "[VERBOSE] using connectiong string: %s\n", connect_string); siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); if (siz > 255) { buffer2[0] = 1; buffer2[1] = siz - 256; } else { buffer2[1] = siz; } memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); siz = strlen(connect_string); if (siz > 255) { buffer2[2 + sizeof(tns_packet_begin)] = 1; buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz - 256; } else { buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; } memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (verbose || debug) hydra_report(stderr, "[VERBOSE] Server answer: %s\n", buf); if (strstr(buf, "ERR=0") != NULL) { hydra_report_found_host(port, ip, "oracle-listener", fp); hydra_completed_pair_found(); } else hydra_completed_pair(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; if ((miscptr != NULL) && (strlen(miscptr) > 0)) { strupper(miscptr); if (strncmp(miscptr, "CLEAR", 5) == 0) sid_mechanism = AUTH_CLEAR; } if (verbose) { switch (sid_mechanism) { case AUTH_CLEAR: hydra_report(stderr, "[VERBOSE] using SID CLEAR mechanism\n"); break; case AUTH_PLAIN: hydra_report(stderr, "[VERBOSE] using SID PLAIN mechanism\n"); break; } } while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } /* run the cracking function */ next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 4: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } #endif hydra-8.1/hydra-oracle-sid.c0000644000175000010010000001107412441064454014363 0ustar marcNone /* david: module used to check for a valid oracle SID ORCL and XE are a good start, but you should find a big list on the Internet */ #include "hydra-mod.h" #ifndef LIBOPENSSL #include void dummy_oracle_sid() { printf("\n"); } #else #include #define HASHSIZE 16 extern char *HYDRA_EXIT; char *buf; unsigned char *hash; int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { /* PP is the packet length XX is the length of connect data PP + tns_packet_begin + XX + tns_packet_end */ unsigned char tns_packet_begin[22] = { "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" }; unsigned char tns_packet_end[32] = { "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" }; char *empty = ""; char *login; char connect_string[200]; char buffer2[260]; int siz = 0; memset(connect_string, 0, sizeof(connect_string)); memset(buffer2, 0, sizeof(buffer2)); if (strlen(login = hydra_get_next_login()) == 0) login = empty; snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login, hydra_address2string(ip), port); siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); if (siz > 255) { buffer2[0] = 1; buffer2[1] = siz - 256; } else { buffer2[1] = siz; } memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); siz = strlen(connect_string); if (siz > 255) { buffer2[2 + sizeof(tns_packet_begin)] = 1; buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz - 256; } else { buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; } memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; //if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) { hydra_report_found_host(port, ip, "oracle-sid", fp); hydra_completed_pair_found(); } else hydra_completed_pair(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } /* run the cracking function */ next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 4: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } #endif hydra-8.1/hydra-oracle.c0000644000175000010010000001366412441064454013615 0ustar marcNone /* david: code is based on SNORT spo_database.c tested with : -instantclient_10_2 on Oracle 10.2.0 -instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip on Oracle 9i and on Oracle 11g */ #include "hydra-mod.h" #ifndef LIBORACLE void dummy_oracle() { printf("\n"); } #else #include #include extern char *HYDRA_EXIT; OCIEnv *o_environment; OCISvcCtx *o_servicecontext; OCIBind *o_bind; OCIError *o_error; OCIStmt *o_statement; OCIDefine *o_define; text o_errormsg[512]; sb4 o_errorcode; void print_oracle_error(char *err) { if (verbose) { OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); fprintf(stderr, "[ERROR] Oracle_error: %s - %s\n", o_errormsg, err); } } int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[200], sid[100]; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; strncpy(sid, miscptr, sizeof(sid) - 1); sid[sizeof(sid) - 1] = 0; snprintf(buffer, sizeof(buffer), "//%s:%d/%s", hydra_address2string(ip), port, sid); /* To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries. The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name]. With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name]. Service names can be found by running the Oracle utility lsnrctl status on the database server machine. The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web daemon has read access to the file. */ if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL)) { print_oracle_error("OCIInitialize"); return 4; } if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL)) { print_oracle_error("OCIEnvInit"); return 4; } if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL)) { print_oracle_error("OCIEnvInit 2"); return 4; } if (OCIHandleAlloc(o_environment, (dvoid **) & o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL)) { print_oracle_error("OCIHandleAlloc"); return 4; } if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *) login, strlen(login), (const OraText *) pass, strlen(pass), (const OraText *) buffer, strlen(buffer))) { OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); //database: oracle_error: ORA-01017: invalid username/password; logon denied //database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor //database: oracle_error: ORA-28000: the account is locked //Failed login attempts is set to 10 by default if (verbose) { hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg); } if (strstr((const char *) o_errormsg, "ORA-12514") != NULL) { hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n"); } if (strstr((const char *) o_errormsg, "ORA-28000") != NULL) { hydra_report(stderr, "[ERROR] ORACLE account %s is locked.\n", login); } if (o_error) { OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); } hydra_completed_pair(); //by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening, //as we don't care, we are deleting the file //set these parameters to not generate the file //LOG_DIRECTORY_CLIENT = /dev/null //LOG_FILE_CLIENT = /dev/null unlink("sqlnet.log"); return 2; } else { OCILogoff(o_servicecontext, o_error); if (o_error) { OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); } hydra_report_found_host(port, ip, "oracle", fp); hydra_completed_pair_found(); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_ORACLE; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; if ((miscptr == NULL) || (strlen(miscptr) == 0)) { //SID is required as miscptr hydra_report(stderr, "[ERROR] Oracle SID is required, using ORCL as default\n"); miscptr = "ORCL"; } while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: next_run = start_oracle(sock, ip, port, options, miscptr, fp); hydra_child_exit(0); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } #endif int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-pcanywhere.c0000644000175000010010000001531112441064454014504 0ustar marcNone//This plugin was written by // //PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5 // // no memleaks found on 110425 #include "hydra-mod.h" extern char *HYDRA_EXIT; int pcadebug = 0; int send_cstring(int s, char *crypted_string) { char buffer2[100], *bptr = buffer2; char clientcryptheader[] = "\x06"; memset(buffer2, 0, sizeof(clientcryptheader)); bptr = buffer2; buffer2[0] = 6; bptr++; buffer2[1] = strlen(crypted_string); bptr++; strcpy(bptr, crypted_string); return hydra_send(s, buffer2, 2 + strlen(crypted_string), 0); } void show_buffer(char *buffer, int size) { int i; printf("size: %d, buffer:\n", size); for (i = 0; i < size; i++) { printf("%c", buffer[i]); } printf("\n"); } void clean_buffer(char *buf, int size) { int i; for (i = 0; i < size; i++) { int pos = buf[i]; if (pos < 32 || pos > 126) { // . char buf[i] = 46; } } } void print_encrypted_str(char *str) { int i; printf("encode string: "); for (i = 0; i < strlen(str); i++) { printf("%x ", str[i]); } printf("\n"); } void pca_encrypt(char *cleartxt) { char passwd[128]; int i; strncpy(passwd, cleartxt, sizeof(passwd) - 1); passwd[sizeof(passwd) - 1] = 0; if (strlen(cleartxt) > 0) { passwd[0] = (passwd[0] ^ 0xab); for (i = 1; i < strlen(passwd); i++) passwd[i] = passwd[i - 1] ^ passwd[i] ^ (i - 1); passwd[strlen(passwd)] = '\0'; strcpy(cleartxt, passwd); } } void pca_decrypt(char *password) { char cleartext[128]; int i; if (strlen(password) > 0) { cleartext[0] = password[0] ^ 0xab; for (i = 1; i < strlen(password); i++) cleartext[i] = password[i - 1] ^ password[i] ^ (i - 1); cleartext[strlen(password)] = '\0'; strcpy(password, cleartext); } } void debugprintf(char *msg) { if (pcadebug) printf("debug: %s\n", msg); } int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char buffer[2048] = ""; char clogin[128] = ""; char cpass[128] = ""; int ret, i; char *client[4]; char *server[5]; int clientsize[4]; client[0] = "\x00\x00\x00\x00"; clientsize[0] = 4; client[1] = "\x6F\x06\xff"; clientsize[1] = 3; client[2] = "\x6f\x61\x00\x09\x00\xfe\x00\x00\xff\xff\x00\x00\x00\x00"; clientsize[2] = 14; client[3] = "\x6f\x62\x01\x02\x00\x00\x00"; clientsize[3] = 7; server[0] = "nter"; server[1] = "\x1B\x61"; server[2] = "\0x1B\0x62"; server[3] = "Enter login name"; server[4] = "denying connection"; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; debugprintf("dans pcanywhere start"); /*printf("testing %s:%s\n",login,pass); */ strcpy(clogin, login); strcpy(cpass, pass); pca_encrypt(clogin); pca_encrypt(cpass); for (i = 0; i < 4; i++) { if (hydra_send(s, client[i], clientsize[i], 0) < 0) { return 1; } ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if (ret == -1) { return 1; } if (i == 3) { if (ret == 3) { /*one more to get the login prompt */ ret = hydra_recv(s, buffer, sizeof(buffer) - 1); } } if (ret >= 0) buffer[ret] = 0; if (i == 0 || i == 3) clean_buffer(buffer, ret); if (debug) show_buffer(buffer, ret); if (i == 2) { clean_buffer(buffer, ret); buffer[sizeof(buffer) - 1] = 0; if (strstr(buffer, server[i + 2]) != NULL) { fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n"); return 3; } } if (strstr(buffer, server[i]) == NULL) { if (i == 3) { debugprintf("problem receiving login banner"); } return 1; } } if (send_cstring(s, clogin) < 0) { return 1; } ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if (ret < 0) { return 1; } buffer[ret] = 0; clean_buffer(buffer, ret); /*show_buffer(buffer,ret); */ if (strstr(buffer, "Enter password:") == NULL) { debugprintf("problem receiving password banner"); return 1; } if (send_cstring(s, cpass) < 0) { return 1; } ret = hydra_recv(s, buffer, sizeof(buffer)); if (ret < 0) return 1; else buffer[ret] = 0; clean_buffer(buffer, ret); /*show_buffer(buffer,ret); */ if ((strstr(buffer, "Invalid login") != NULL) || (strstr(buffer, "Enter password") != NULL)) { debugprintf("login/passwd wrong"); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } else { debugprintf("cool find login/passwd"); hydra_report_found_host(port, ip, "pcanywhere", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } return 1; } void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: next_run = start_pcanywhere(sock, ip, port, options, miscptr, fp); break; case 3: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-pcnfs.c0000644000175000010010000001274112441064454013454 0ustar marcNone#include "hydra-mod.h" /* pcnfs stuff copied from prout.c */ extern char *HYDRA_EXIT; char *buf; #define LEN_HDR_RPC 24 #define LEN_AUTH_UNIX 72+12 /* RPC common hdr */ struct rpc_hdr { /* 24 */ unsigned long xid; unsigned long type_msg; unsigned long version_rpc; unsigned long prog_id; unsigned long prog_ver; unsigned long prog_proc; }; struct pr_auth_args { unsigned long len_clnt; char name[64]; unsigned long len_id; char id[32]; unsigned long len_passwd; char passwd[64]; unsigned long len_comments; char comments[255]; }; #define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args) /* Lets start ... */ int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH]; char *ptr, *pkt = buffer; unsigned long *authp; struct timeval tv; struct rpc_hdr *rpch; struct pr_auth_args *prh; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; memset(pkt, 0, sizeof(buffer)); rpch = (struct rpc_hdr *) (pkt); authp = (unsigned long *) (pkt + LEN_HDR_RPC); prh = (struct pr_auth_args *) (pkt + LEN_HDR_RPC + LEN_AUTH_UNIX); rpch->xid = htonl(0x32544843); rpch->type_msg = htonl(0); rpch->version_rpc = htonl(2); rpch->prog_id = htonl(150001); rpch->prog_ver = htonl(2); rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */ prh->len_clnt = htonl(63); prh->len_id = htonl(31); prh->len_passwd = htonl(63); prh->len_comments = htonl(254); strcpy(prh->comments, " Hydra - THC password cracker - visit http://www.thc.org - use only allowed for legal purposes "); strcpy(prh->name, "localhost"); ptr = prh->id; while (*login) { *ptr++ = (*login ^ 0x5b) & 0x7f; login++; } *ptr = 0; ptr = prh->passwd; while (*pass) { *ptr++ = (*pass ^ 0x5b) & 0x7f; pass++; } *ptr = 0; gettimeofday(&tv, (struct timezone *) NULL); *(authp) = htonl(1); /* auth unix */ *(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */ *(++authp) = htonl(tv.tv_sec); /* local time */ *(++authp) = htonl(9); /* length host */ strcpy((char *) ++authp, "localhost"); /* hostname */ authp += (3); /* len(host)%4 */ *(authp) = htonl(0); /* uid root */ *(++authp) = htonl(0); /* gid root */ *(++authp) = htonl(9); /* 9 gid grps */ /* group root, bin, daemon, sys, adm, disk, wheel, floppy, "user gid" */ *(++authp) = htonl(0); *(++authp) = htonl(1); *(++authp) = htonl(2); *(++authp) = htonl(3); *(++authp) = htonl(4); *(++authp) = htonl(6); *(++authp) = htonl(10); *(++authp) = htonl(11); *(++authp) = htonl(0); if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) { fprintf(stderr, "[ERROR] Could not send data to remote server, reconnecting ...\n"); return 1; } if ((buf = hydra_receive_line(s)) == NULL) { fprintf(stderr, "[ERROR] Timeout from remote server, reconnecting ...\n"); return 1; } /* analyze the output */ if (buf[2] != 'g' || buf[5] != 32) { fprintf(stderr, "[ERROR] RPC answer status : bad proc/version/auth\n"); free(buf); return 3; } if (buf[27] == 32 && buf[28] == 32 && buf[29] == 32) { hydra_report_found_host(port, ip, "pcnfs", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; } else { hydra_completed_pair(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; } return 1; } void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (port == 0) { fprintf(stderr, "[ERROR] pcnfs module called without -s port!\n"); hydra_child_exit(0); } if ((options & OPTION_SSL) != 0) { fprintf(stderr, "[ERROR] pcnfs module can not be used with SSL!\n"); hydra_child_exit(0); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((sock = hydra_connect_udp(ip, port)) < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_pcnfs(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-pop3.c0000644000175000010010000005137012441064460013222 0ustar marcNone#include "hydra-mod.h" #include "sasl.h" //openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110 typedef struct pool_str { char ip[36]; /* int port;*/// not needed int pop3_auth_mechanism; int disable_tls; struct pool_str *next; } pool; extern char *HYDRA_EXIT; char *buf; char apop_challenge[300] = ""; pool *plist = NULL, *p = NULL; /* functions */ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); pool *list_create(pool data) { pool *p; if (!(p = malloc(sizeof(pool)))) return NULL; memcpy(p->ip, data.ip, 36); //p->port = data.port; p->pop3_auth_mechanism = data.pop3_auth_mechanism; p->disable_tls = data.disable_tls; p->next = NULL; return p; } pool *list_insert(pool data) { pool *newnode; newnode = list_create(data); newnode->next = plist; plist = newnode->next; // to be sure! return newnode; } pool *list_find(char *ip) { pool *node = plist; while (node != NULL) { if (memcmp(node->ip, ip, 36) == 0) return node; node = node->next; } return NULL; } /* how to know when to release the mem ? -> well, after _start has determined which pool number it is */ int list_remove(pool * node) { pool *save, *list = plist; int ok = -1; if (list == NULL || node == NULL) return -2; do { save = list->next; if (list != node) free(list); else ok = 0; list = save; } while (list != NULL); return ok; } char *pop3_read_server_capacity(int sock) { char *ptr = NULL; int resp = 0; char *buf = NULL; do { if (buf != NULL) free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { /* exchange capa: +OK UIDL STLS */ if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') { resp = 1; /* we got the capability info then get the completed warning info from server */ while (hydra_data_ready(sock)) { free(buf); buf = hydra_receive_line(sock); } } else { if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; if (*(ptr) == '.' || *(ptr) == '-') resp = 1; } } } while (buf != NULL && resp == 0); return buf; } int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500], *fooptr; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; while (hydra_data_ready(s) > 0) { if ((buf = hydra_receive_line(s)) == NULL) return 4; free(buf); } switch (p->pop3_auth_mechanism) { #ifdef LIBOPENSSL case AUTH_APOP:{ MD5_CTX c; unsigned char md5_raw[MD5_DIGEST_LENGTH]; int i; char *pbuffer = buffer2; MD5_Init(&c); MD5_Update(&c, apop_challenge, strlen(apop_challenge)); MD5_Update(&c, pass, strlen(pass)); MD5_Final(md5_raw, &c); for (i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(pbuffer, "%02x", md5_raw[i]); pbuffer += 2; } sprintf(buffer, "APOP %s %s\r\n", login, buffer2); } break; #endif case AUTH_LOGIN:{ sprintf(buffer, "AUTH LOGIN\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 4; if (buf[0] != '+') { hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); strcpy(buffer2, login); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 4; if (buf[0] != '+') { hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); strcpy(buffer2, pass); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); } break; case AUTH_PLAIN:{ sprintf(buffer, "AUTH PLAIN\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 4; if (buf[0] != '+') { hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); memset(buffer, 0, sizeof(buffer)); sasl_plain(buffer, login, pass); sprintf(buffer, "%.250s\r\n", buffer); } break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: case AUTH_CRAMSHA1: case AUTH_CRAMSHA256:{ int rc = 0; char *preplogin; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { return 3; } switch (p->pop3_auth_mechanism) { case AUTH_CRAMMD5: sprintf(buffer, "AUTH CRAM-MD5\r\n"); break; case AUTH_CRAMSHA1: sprintf(buffer, "AUTH CRAM-SHA1\r\n"); break; case AUTH_CRAMSHA256: sprintf(buffer, "AUTH CRAM-SHA256\r\n"); break; } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } //get the one-time BASE64 encoded challenge if ((buf = hydra_receive_line(s)) == NULL) return 4; if (buf[0] != '+') { switch (p->pop3_auth_mechanism) { case AUTH_CRAMMD5: hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf); break; case AUTH_CRAMSHA1: hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf); break; case AUTH_CRAMSHA256: hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf); break; } free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buf + 2); free(buf); memset(buffer2, 0, sizeof(buffer2)); switch (p->pop3_auth_mechanism) { case AUTH_CRAMMD5:{ sasl_cram_md5(buffer2, pass, buffer); sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA1:{ sasl_cram_sha1(buffer2, pass, buffer); sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA256:{ sasl_cram_sha256(buffer2, pass, buffer); sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; } hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); sprintf(buffer, "%.250s\r\n", buffer); free(preplogin); } break; case AUTH_DIGESTMD5:{ sprintf(buffer, "AUTH DIGEST-MD5\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; //receive if ((buf = hydra_receive_line(s)) == NULL) return 4; if (buf[0] != '+') { hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buf); free(buf); if (debug) hydra_report(stderr, "[DEBUG] S: %s\n", buffer); fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); if (fooptr == NULL) return 3; if (debug) hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); } break; #endif case AUTH_NTLM:{ unsigned char buf1[4096]; unsigned char buf2[4096]; //Send auth request sprintf(buffer, "AUTH NTLM\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; //receive if ((buf = hydra_receive_line(s)) == NULL) return 4; if (buf[0] != '+') { hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf); free(buf); return 3; } free(buf); //send auth and receive challenge //send auth request: lst the server send it's own hostname and domainname buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); sprintf(buffer, "%s\r\n", buf1); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6) return 4; //recover challenge from64tobits((char *) buf1, buf + 2); free(buf); //Send response buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); sprintf(buffer, "%s\r\n", buf1); } break; default: sprintf(buffer, "USER %.250s\r\n", login); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 4; if (buf[0] != '+') { hydra_report(stderr, "[ERROR] POP3 protocol or service shutdown: %s\n", buf); free(buf); return (3); } free(buf); sprintf(buffer, "PASS %.250s\r\n", pass); } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) { return 4; } if (buf[0] == '+') { hydra_report_found_host(port, ip, "pop3", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } /* special AS/400 hack */ if (strstr(buf, "CPF2204") != NULL || strstr(buf, "CPF22E3") != NULL || strstr(buf, "CPF22E4") != NULL || strstr(buf, "CPF22E5") != NULL) { hydra_completed_pair_skip(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; char *ptr = NULL; //extract data from the pool, ip is the key if (plist == NULL) if (service_pop3_init(ip, sp, options, miscptr, fp, port) != 0) hydra_child_exit(2); p = list_find(ip); if (p == NULL) { hydra_report(stderr, "[ERROR] Could not find ip %s in pool\n", hydra_address2string(ip)); return; } if (list_remove(p) != 0) hydra_report(stderr, "[ERROR] Could not find ip %s in pool to free memory\n", hydra_address2string(ip)); hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { sock = hydra_connect_tcp(ip, port); } else { sock = hydra_connect_ssl(ip, port); } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); if (buf == NULL || buf[0] != '+') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } ptr = strstr(buf, "<"); if (ptr != NULL && buf[0] == '+') { if (ptr[strlen(ptr) - 1] == '\n') ptr[strlen(ptr) - 1] = 0; if (ptr[strlen(ptr) - 1] == '\r') ptr[strlen(ptr) - 1] = 0; strcpy(apop_challenge, ptr); } free(buf); #ifdef LIBOPENSSL if (!p->disable_tls) { /* check for STARTTLS, if available we may have access to more basic auth methods */ hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); buf = hydra_receive_line(sock); if (buf[0] != '+') { hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); p->disable_tls = 1; } else { if (verbose) hydra_report(stderr, "[VERBOSE] TLS connection done\n"); } } } #endif next_run = 2; break; case 2: /* run the cracking function */ next_run = start_pop3(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int myport = PORT_POP3, mysslport = PORT_POP3_SSL; char *ptr = NULL; int sock = -1; char *capa_str = "CAPA\r\n"; char *quit_str = "QUIT\r\n"; pool p; p.pop3_auth_mechanism = AUTH_CLEAR; p.disable_tls = 1; memcpy(p.ip, ip, 36); if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(p.ip, myport); } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(p.ip, mysslport); } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int) getpid()); return -1; } buf = hydra_receive_line(sock); if (buf == NULL || buf[0] != '+') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); return -1; } ptr = strstr(buf, "<"); if (ptr != NULL && buf[0] == '+') { if (ptr[strlen(ptr) - 1] == '\n') ptr[strlen(ptr) - 1] = 0; if (ptr[strlen(ptr) - 1] == '\r') ptr[strlen(ptr) - 1] = 0; strcpy(apop_challenge, ptr); } free(buf); /* send capability request */ if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n"); return -1; } buf = pop3_read_server_capacity(sock); if (buf == NULL) { hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n"); return -1; } if ((miscptr != NULL) && (strlen(miscptr) > 0)) { int i; for (i = 0; i < strlen(miscptr); i++) miscptr[i] = (char) toupper((int) miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { p.disable_tls = 0; } } #ifdef LIBOPENSSL if (!p.disable_tls) { /* check for STARTTLS, if available we may have access to more basic auth methods */ if (strstr(buf, "STLS") != NULL) { hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); free(buf); buf = hydra_receive_line(sock); if (buf[0] != '+') { hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); p.disable_tls = 1; } else { if (verbose) hydra_report(stderr, "[VERBOSE] TLS connection done\n"); } if (!p.disable_tls) { /* ask again capability request but in TLS mode */ if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n"); return -1; } buf = pop3_read_server_capacity(sock); if (buf == NULL) { hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n"); return -1; } } } } else hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); } #endif if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) { //we dont care if the server is not receiving the quit msg } hydra_disconnect(sock); if (verbose) hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); /* example: +OK Capability list follows: TOP LOGIN-DELAY 180 UIDL USER SASL PLAIN LOGIN */ /* according to rfc 2449: The POP3 AUTH command [POP-AUTH] permits the use of [SASL] authentication mechanisms with POP3. The SASL capability indicates that the AUTH command is available and that it supports an optional base64 encoded second argument for an initial client response as described in the SASL specification. The argument to the SASL capability is a space separated list of SASL mechanisms which are supported. */ /* which mean threre will *always* have a space before the LOGIN auth keyword */ if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { p.pop3_auth_mechanism = AUTH_NTLM; } #ifdef LIBOPENSSL if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) { p.pop3_auth_mechanism = AUTH_DIGESTMD5; } if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA256") != NULL)) { p.pop3_auth_mechanism = AUTH_CRAMSHA256; } if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA1") != NULL)) { p.pop3_auth_mechanism = AUTH_CRAMSHA1; } if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) { p.pop3_auth_mechanism = AUTH_CRAMMD5; } #endif if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) { p.pop3_auth_mechanism = AUTH_PLAIN; } if (strstr(buf, " LOGIN") != NULL) { p.pop3_auth_mechanism = AUTH_LOGIN; } if (strstr(buf, "SASL") == NULL) { #ifdef LIBOPENSSL if (strlen(apop_challenge) == 0) { p.pop3_auth_mechanism = AUTH_CLEAR; } else { p.pop3_auth_mechanism = AUTH_APOP; } #else p.pop3_auth_mechanism = AUTH_CLEAR; #endif } free(buf); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { if (strstr(miscptr, "CLEAR")) p.pop3_auth_mechanism = AUTH_CLEAR; if (strstr(miscptr, "LOGIN")) p.pop3_auth_mechanism = AUTH_LOGIN; if (strstr(miscptr, "PLAIN")) p.pop3_auth_mechanism = AUTH_PLAIN; #ifdef LIBOPENSSL if (strstr(miscptr, "APOP")) p.pop3_auth_mechanism = AUTH_APOP; if (strstr(miscptr, "CRAM-MD5")) p.pop3_auth_mechanism = AUTH_CRAMMD5; if (strstr(miscptr, "CRAM-SHA1")) p.pop3_auth_mechanism = AUTH_CRAMSHA1; if (strstr(miscptr, "CRAM-SHA256")) p.pop3_auth_mechanism = AUTH_CRAMSHA256; if (strstr(miscptr, "DIGEST-MD5")) p.pop3_auth_mechanism = AUTH_DIGESTMD5; #endif if (strstr(miscptr, "NTLM")) p.pop3_auth_mechanism = AUTH_NTLM; } if (verbose) { switch (p.pop3_auth_mechanism) { case AUTH_CLEAR: hydra_report(stderr, "[VERBOSE] using POP3 CLEAR LOGIN mechanism\n"); break; case AUTH_LOGIN: hydra_report(stderr, "[VERBOSE] using POP3 LOGIN AUTH mechanism\n"); break; case AUTH_PLAIN: hydra_report(stderr, "[VERBOSE] using POP3 PLAIN AUTH mechanism\n"); break; case AUTH_APOP: #ifdef LIBOPENSSL if (strlen(apop_challenge) == 0) { hydra_report(stderr, "[VERBOSE] APOP not supported by server, using clear login\n"); p.pop3_auth_mechanism = AUTH_CLEAR; } else { hydra_report(stderr, "[VERBOSE] using POP3 APOP AUTH mechanism\n"); } #else p.pop3_auth_mechanism = AUTH_CLEAR; #endif break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: hydra_report(stderr, "[VERBOSE] using POP3 CRAM-MD5 AUTH mechanism\n"); break; case AUTH_CRAMSHA1: hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA1 AUTH mechanism\n"); break; case AUTH_CRAMSHA256: hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA256 AUTH mechanism\n"); break; case AUTH_DIGESTMD5: hydra_report(stderr, "[VERBOSE] using POP3 DIGEST-MD5 AUTH mechanism\n"); break; #endif case AUTH_NTLM: hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n"); break; } } if (!plist) plist = list_create(p); else plist = list_insert(p); return 0; } hydra-8.1/hydra-postgres.c0000644000175000010010000000677412441064454014222 0ustar marcNone /* * PostgresSQL Support - by Diaul (at) devilopers.org * * * 110425 no obvious memleaks found */ #include "hydra-mod.h" #ifndef LIBPOSTGRES void dummy_postgres() { printf("\n"); } #else #include "libpq-fe.h" // Postgres connection functions #include #define DEFAULT_DB "template1" extern char *HYDRA_EXIT; int start_postgres(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char database[256]; char connection_string[1024]; PGconn *pgconn; if (miscptr) strncpy(database, miscptr, sizeof(database) - 1); else strncpy(database, DEFAULT_DB, sizeof(database) - 1); database[sizeof(database) - 1] = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; /* * Building the connection string */ snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass); if (verbose) hydra_report(stderr, "connection string: %s\n", connection_string); pgconn = PQconnectdb(connection_string); if (PQstatus(pgconn) == CONNECTION_OK) { PQfinish(pgconn); hydra_report_found_host(port, ip, "postgres", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } else { PQfinish(pgconn); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; } return 1; } void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* * Here we start the password cracking process */ next_run = start_postgres(sock, ip, port, options, miscptr, fp); break; case 3: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } #endif int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-rdp.c0000644000175000010010000025126412441064454013135 0ustar marcNone /* david: this module is heavily based on rdesktop v 1.7.0 rdesktop: A Remote Desktop Protocol client. Protocol services - RDP layer Copyright (C) Matthew Chapman 1999-2008 Copyright 2003-2011 Peter Astrand for Cendio AB This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . note: this module was tested on w2k, xp, w2k3, w2k8 in terminal services configuration, in rdp-tcp properties in Logon Settings tab, if 'Always prompt for password' is checked, the password can't be passed interactively so there is no way to test the credential (unless manually). it's advised to lower the number of parallel tasks as RDP server can't handle multiple connections at the same time. It's particularly true on windows XP */ #ifndef LIBOPENSSL #include void dummy_rdp() { printf("\n"); } #else #include "rdp.h" extern char *HYDRA_EXIT; BOOL g_encryption = True; BOOL g_use_rdp5 = True; BOOL g_console_session = False; BOOL g_bitmap_cache = True; BOOL g_bitmap_cache_persist_enable = False; BOOL g_bitmap_compression = True; BOOL g_desktop_save = True; int g_server_depth = -1; int os_version = 0; //2000 uint32 g_rdp5_performanceflags = RDP5_NO_WALLPAPER | RDP5_NO_FULLWINDOWDRAG | RDP5_NO_MENUANIMATIONS; /* Session Directory redirection */ BOOL g_redirect = False; uint32 g_redirect_flags = 0; uint32 g_reconnect_logonid = 0; char g_reconnect_random[16]; BOOL g_has_reconnect_random = False; uint8 g_client_random[SEC_RANDOM_SIZE]; /* 0 unknown 1 success 2 failed */ #define LOGIN_UNKN 0 #define LOGIN_SUCC 1 #define LOGIN_FAIL 2 int login_result = LOGIN_UNKN; uint8 *g_next_packet; uint32 g_rdp_shareid; /* Called during redirection to reset the state to support redirection */ void rdp_reset_state(void) { g_next_packet = NULL; /* reset the packet information */ g_rdp_shareid = 0; sec_reset_state(); } static void rdesktop_reset_state(void) { rdp_reset_state(); } static RDP_ORDER_STATE g_order_state; #define TCP_STRERROR strerror(errno) #define TCP_BLOCKS (errno == EWOULDBLOCK) #ifndef INADDR_NONE #define INADDR_NONE ((unsigned long) -1) #endif #define STREAM_COUNT 1 int g_sock; static struct stream g_in; static struct stream g_out[STREAM_COUNT]; /* wait till socket is ready to write or timeout */ static BOOL tcp_can_send(int sck, int millis) { fd_set wfds; struct timeval time; int sel_count; time.tv_sec = millis / 1000; time.tv_usec = (millis * 1000) % 1000000; FD_ZERO(&wfds); FD_SET(sck, &wfds); sel_count = select(sck + 1, 0, &wfds, 0, &time); if (sel_count > 0) { return True; } return False; } /* Initialise TCP transport data packet */ STREAM tcp_init(uint32 maxlen) { static int cur_stream_id = 0; STREAM result = NULL; result = &g_out[cur_stream_id]; cur_stream_id = (cur_stream_id + 1) % STREAM_COUNT; if (maxlen > result->size) { result->data = (uint8 *) xrealloc(result->data, maxlen); result->size = maxlen; } result->p = result->data; result->end = result->data; // + result->size; return result; } /* Send TCP transport data packet */ void tcp_send(STREAM s) { int length = s->end - s->data; int sent, total = 0; while (total < length) { sent = hydra_send(g_sock, (char *) (s->data + total), length - total, 0); if (sent <= 0) { if (sent == -1 && TCP_BLOCKS) { tcp_can_send(g_sock, 100); sent = 0; } else { if (g_sock && !login_result) error("send: %s\n", TCP_STRERROR); return; } } total += sent; } } /* Receive a message on the TCP layer */ STREAM tcp_recv(STREAM s, uint32 length) { uint32 new_length, end_offset, p_offset; int rcvd = 0; if (s == NULL) { /* read into "new" stream */ g_in.data = (uint8 *) xmalloc(length); g_in.size = length; g_in.end = g_in.p = g_in.data; s = &g_in; } else { /* append to existing stream */ new_length = (s->end - s->data) + length; if (new_length > s->size) { p_offset = s->p - s->data; end_offset = s->end - s->data; //printf("length: %d, %p s->data, %p +%d s->p, %p +%d s->end, end-data %d, size %d\n", length, s->data, s->p, s->p - s->data, s->end, s->end - s->p, s->end - s->data, s->size); s->data = (uint8 *) xrealloc(s->data, new_length); s->size = new_length; s->p = s->data + p_offset; s->end = s->data + end_offset; } } while (length > 0) { rcvd = hydra_recv(g_sock, (char *) s->end, length); if (rcvd < 0) { if (rcvd == -1 && TCP_BLOCKS) { rcvd = 0; } else { //error("recv: %s\n", TCP_STRERROR); return NULL; } } else if (rcvd == 0) { error("Connection closed\n"); return NULL; } s->end += rcvd; length -= rcvd; } return s; } char *tcp_get_address() { static char ipaddr[32]; struct sockaddr_in sockaddr; socklen_t len = sizeof(sockaddr); if (getsockname(g_sock, (struct sockaddr *) &sockaddr, &len) == 0) { uint8 *ip = (uint8 *) & sockaddr.sin_addr; sprintf(ipaddr, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); } else strcpy(ipaddr, "127.0.0.1"); return ipaddr; } /* reset the state of the tcp layer */ void tcp_reset_state(void) { int i; g_sock = -1; /* reset socket */ /* Clear the incoming stream */ if (g_in.data != NULL) free(g_in.data); g_in.p = NULL; g_in.end = NULL; g_in.data = NULL; g_in.size = 0; g_in.iso_hdr = NULL; g_in.mcs_hdr = NULL; g_in.sec_hdr = NULL; g_in.rdp_hdr = NULL; g_in.channel_hdr = NULL; /* Clear the outgoing stream(s) */ for (i = 0; i < STREAM_COUNT; i++) { if (g_out[i].data != NULL) free(g_out[i].data); g_out[i].p = NULL; g_out[i].end = NULL; g_out[i].data = NULL; g_out[i].size = 0; g_out[i].iso_hdr = NULL; g_out[i].mcs_hdr = NULL; g_out[i].sec_hdr = NULL; g_out[i].rdp_hdr = NULL; g_out[i].channel_hdr = NULL; } } uint16 g_mcs_userid; /* Parse an ASN.1 BER header */ static BOOL ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { error("expected tag %d, got %d\n", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); } /* Output an ASN.1 BER header */ static void ber_out_header(STREAM s, int tagval, int length) { if (tagval > 0xff) { out_uint16_be(s, tagval); } else { out_uint8(s, tagval); } if (length >= 0x80) { out_uint8(s, 0x82); out_uint16_be(s, length); } else out_uint8(s, length); } /* Output an ASN.1 BER integer */ static void ber_out_integer(STREAM s, int value) { ber_out_header(s, BER_TAG_INTEGER, 2); out_uint16_be(s, value); } /* Output a DOMAIN_PARAMS structure (ASN.1 BER) */ static void mcs_out_domain_params(STREAM s, int max_channels, int max_users, int max_tokens, int max_pdusize) { ber_out_header(s, MCS_TAG_DOMAIN_PARAMS, 32); ber_out_integer(s, max_channels); ber_out_integer(s, max_users); ber_out_integer(s, max_tokens); ber_out_integer(s, 1); /* num_priorities */ ber_out_integer(s, 0); /* min_throughput */ ber_out_integer(s, 1); /* max_height */ ber_out_integer(s, max_pdusize); ber_out_integer(s, 2); /* ver_protocol */ } /* Parse a DOMAIN_PARAMS structure (ASN.1 BER) */ static BOOL mcs_parse_domain_params(STREAM s) { int length = 0; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); } /* Send an MCS_CONNECT_INITIAL message (ASN.1 BER) */ static void mcs_send_connect_initial(STREAM mcs_data) { int datalen = mcs_data->end - mcs_data->data; int length = 9 + 3 * 34 + 4 + datalen; STREAM s; s = iso_init(length + 5); ber_out_header(s, MCS_CONNECT_INITIAL, length); ber_out_header(s, BER_TAG_OCTET_STRING, 1); /* calling domain */ out_uint8(s, 1); ber_out_header(s, BER_TAG_OCTET_STRING, 1); /* called domain */ out_uint8(s, 1); ber_out_header(s, BER_TAG_BOOLEAN, 1); out_uint8(s, 0xff); /* upward flag */ mcs_out_domain_params(s, 34, 2, 0, 0xffff); /* target params */ mcs_out_domain_params(s, 1, 1, 1, 0x420); /* min params */ mcs_out_domain_params(s, 0xffff, 0xfc17, 0xffff, 0xffff); /* max params */ ber_out_header(s, BER_TAG_OCTET_STRING, datalen); out_uint8p(s, mcs_data->data, datalen); s_mark_end(s); iso_send(s); } /* Expect a MCS_CONNECT_RESPONSE message (ASN.1 BER) */ static BOOL mcs_recv_connect_response(STREAM mcs_data) { uint8 result; int length = 0; STREAM s; s = iso_recv(NULL); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { error("MCS connect: %d\n", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); /* connect id */ mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); /* if (length > mcs_data->size) { error("MCS data length %d, expected %d\n", length, mcs_data->size); length = mcs_data->size; } in_uint8a(s, mcs_data->data, length); mcs_data->p = mcs_data->data; mcs_data->end = mcs_data->data + length; */ return s_check_end(s); } /* Send an EDrq message (ASN.1 PER) */ static void mcs_send_edrq(void) { STREAM s; s = iso_init(5); out_uint8(s, (MCS_EDRQ << 2)); out_uint16_be(s, 1); /* height */ out_uint16_be(s, 1); /* interval */ s_mark_end(s); iso_send(s); } /* Send an AUrq message (ASN.1 PER) */ static void mcs_send_aurq(void) { STREAM s; s = iso_init(1); out_uint8(s, (MCS_AURQ << 2)); s_mark_end(s); iso_send(s); } /* Expect a AUcf message (ASN.1 PER) */ static BOOL mcs_recv_aucf(uint16 * mcs_userid) { uint8 opcode, result; STREAM s; s = iso_recv(NULL); if (s == NULL) return False; in_uint8(s, opcode); if ((opcode >> 2) != MCS_AUCF) { error("expected AUcf, got %d\n", opcode); return False; } in_uint8(s, result); if (result != 0) { error("AUrq: %d\n", result); return False; } if (opcode & 2) in_uint16_be(s, *mcs_userid); return s_check_end(s); } /* Send a CJrq message (ASN.1 PER) */ static void mcs_send_cjrq(uint16 chanid) { STREAM s; DEBUG_RDP5(("Sending CJRQ for channel #%d\n", chanid)); s = iso_init(5); out_uint8(s, (MCS_CJRQ << 2)); out_uint16_be(s, g_mcs_userid); out_uint16_be(s, chanid); s_mark_end(s); iso_send(s); } /* Expect a CJcf message (ASN.1 PER) */ static BOOL mcs_recv_cjcf(void) { uint8 opcode, result; STREAM s; s = iso_recv(NULL); if (s == NULL) return False; in_uint8(s, opcode); if ((opcode >> 2) != MCS_CJCF) { error("expected CJcf, got %d\n", opcode); return False; } in_uint8(s, result); if (result != 0) { error("CJrq: %d\n", result); return False; } in_uint8s(s, 4); /* mcs_userid, req_chanid */ if (opcode & 2) in_uint8s(s, 2); /* join_chanid */ return s_check_end(s); } /* Initialise an MCS transport data packet */ STREAM mcs_init(int length) { STREAM s; s = iso_init(length + 8); s_push_layer(s, mcs_hdr, 8); return s; } /* Send an MCS transport data packet to a specific channel */ void mcs_send_to_channel(STREAM s, uint16 channel) { uint16 length; s_pop_layer(s, mcs_hdr); length = s->end - s->p - 8; length |= 0x8000; out_uint8(s, (MCS_SDRQ << 2)); out_uint16_be(s, g_mcs_userid); out_uint16_be(s, channel); out_uint8(s, 0x70); /* flags */ out_uint16_be(s, length); iso_send(s); } /* Send an MCS transport data packet to the global channel */ void mcs_send(STREAM s) { mcs_send_to_channel(s, MCS_GLOBAL_CHANNEL); } /* Receive an MCS transport data packet */ STREAM mcs_recv(uint16 * channel, uint8 * rdpver) { uint8 opcode, appid, length; STREAM s; s = iso_recv(rdpver); if (s == NULL) return NULL; if (rdpver != NULL) if (*rdpver != 3) return s; in_uint8(s, opcode); appid = opcode >> 2; if (appid != MCS_SDIN) { if (appid != MCS_DPUM) { error("expected data, got %d\n", opcode); } return NULL; } in_uint8s(s, 2); /* userid */ in_uint16_be(s, *channel); in_uint8s(s, 1); /* flags */ in_uint8(s, length); if (length & 0x80) in_uint8s(s, 1); /* second byte of length */ return s; } BOOL mcs_connect(char *server, STREAM mcs_data, char *username, BOOL reconnect) { if (!iso_connect(server, username, reconnect)) return False; mcs_send_connect_initial(mcs_data); if (!mcs_recv_connect_response(mcs_data)) goto error; mcs_send_edrq(); mcs_send_aurq(); if (!mcs_recv_aucf(&g_mcs_userid)) goto error; mcs_send_cjrq(g_mcs_userid + MCS_USERCHANNEL_BASE); if (!mcs_recv_cjcf()) goto error; mcs_send_cjrq(MCS_GLOBAL_CHANNEL); if (!mcs_recv_cjcf()) goto error; return True; error: iso_disconnect(); return False; } /* Disconnect from the MCS layer */ void mcs_disconnect(void) { iso_disconnect(); } /* reset the state of the mcs layer */ void mcs_reset_state(void) { g_mcs_userid = 0; iso_reset_state(); } /* Send a self-contained ISO PDU */ static void iso_send_msg(uint8 code) { STREAM s; s = tcp_init(11); out_uint8(s, 3); /* version */ out_uint8(s, 0); /* reserved */ out_uint16_be(s, 11); /* length */ out_uint8(s, 6); /* hdrlen */ out_uint8(s, code); out_uint16(s, 0); /* dst_ref */ out_uint16(s, 0); /* src_ref */ out_uint8(s, 0); /* class */ s_mark_end(s); tcp_send(s); } static void iso_send_connection_request(char *username) { STREAM s; int length = 30 + strlen(username); s = tcp_init(length); out_uint8(s, 3); /* version */ out_uint8(s, 0); /* reserved */ out_uint16_be(s, length); /* length */ out_uint8(s, length - 5); /* hdrlen */ out_uint8(s, ISO_PDU_CR); out_uint16(s, 0); /* dst_ref */ out_uint16(s, 0); /* src_ref */ out_uint8(s, 0); /* class */ out_uint8p(s, "Cookie: mstshash=", strlen("Cookie: mstshash=")); out_uint8p(s, username, strlen(username)); out_uint8(s, 0x0d); /* Unknown */ out_uint8(s, 0x0a); /* Unknown */ s_mark_end(s); tcp_send(s); } /* Send a single input event fast JL, this is required for win8 */ void rdp_send_fast_input_kbd(uint32 time, uint16 flags, uint16 param1) { STREAM s; uint8 fast_flags = 0; uint8 len = 4; fast_flags |= (flags & RDP_KEYRELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0; s = tcp_init(len); out_uint8(s, (1 << 2)); //one event out_uint8(s, len); out_uint8(s, fast_flags | (FASTPATH_INPUT_EVENT_SCANCODE << 5)); out_uint8(s, param1); s_mark_end(s); tcp_send(s); } /* Send a single input event fast JL, this is required for win8 */ void rdp_send_fast_input_mouse(uint32 time, uint16 flags, uint16 param1, uint16 param2) { STREAM s; uint8 len = 9; s = tcp_init(len); out_uint8(s, (1 << 2)); //one event out_uint8(s, len); out_uint8(s, (FASTPATH_INPUT_EVENT_MOUSE << 5)); out_uint16(s, flags); out_uint16(s, param1); out_uint16(s, param2); s_mark_end(s); tcp_send(s); } /* Receive a message on the ISO layer, return code */ static STREAM iso_recv_msg(uint8 * code, uint8 * rdpver) { STREAM s; uint16 length; uint8 version; s = tcp_recv(NULL, 4); if (s == NULL) return NULL; in_uint8(s, version); if (rdpver != NULL) *rdpver = version; if (version == 3) { in_uint8s(s, 1); /* pad */ in_uint16_be(s, length); } else { in_uint8(s, length); if (length & 0x80) { length &= ~0x80; next_be(s, length); } } if (length < 5) { error("Bad packet header\n"); return NULL; } s = tcp_recv(s, length - 4); if (s == NULL) return NULL; if (version != 3) return s; in_uint8s(s, 1); /* hdrlen */ in_uint8(s, *code); if (*code == ISO_PDU_DT) { in_uint8s(s, 1); /* eot */ return s; } in_uint8s(s, 5); /* dst_ref, src_ref, class */ return s; } /* Initialise ISO transport data packet */ STREAM iso_init(int length) { STREAM s; s = tcp_init(length + 7); s_push_layer(s, iso_hdr, 7); return s; } /* Send an ISO data PDU */ void iso_send(STREAM s) { uint16 length; s_pop_layer(s, iso_hdr); length = s->end - s->p; out_uint8(s, 3); /* version */ out_uint8(s, 0); /* reserved */ out_uint16_be(s, length); out_uint8(s, 2); /* hdrlen */ out_uint8(s, ISO_PDU_DT); /* code */ out_uint8(s, 0x80); /* eot */ tcp_send(s); } /* Receive ISO transport data packet */ STREAM iso_recv(uint8 * rdpver) { STREAM s; uint8 code = 0; s = iso_recv_msg(&code, rdpver); if (s == NULL) return NULL; if (rdpver != NULL) if (*rdpver != 3) return s; if (code != ISO_PDU_DT) { error("expected DT, got 0x%x\n", code); return NULL; } return s; } /* Establish a connection up to the ISO layer */ BOOL iso_connect(char *server, char *username, BOOL reconnect) { uint8 code = 0; if (reconnect) { iso_send_msg(ISO_PDU_CR); } else { iso_send_connection_request(username); } if (iso_recv_msg(&code, NULL) == NULL) { return False; } if (code != ISO_PDU_CC) { error("expected CC, got 0x%x\n", code); hydra_disconnect(g_sock); return False; } return True; } /* Disconnect from the ISO layer */ void iso_disconnect(void) { iso_send_msg(ISO_PDU_DR); g_sock = hydra_disconnect(g_sock); } /* reset the state to support reconnecting */ void iso_reset_state(void) { tcp_reset_state(); } static int g_rc4_key_len; static SSL_RC4 g_rc4_decrypt_key; static SSL_RC4 g_rc4_encrypt_key; static uint32 g_server_public_key_len; static uint8 g_sec_sign_key[16]; static uint8 g_sec_decrypt_key[16]; static uint8 g_sec_encrypt_key[16]; static uint8 g_sec_decrypt_update_key[16]; static uint8 g_sec_encrypt_update_key[16]; static uint8 g_sec_crypted_random[SEC_MAX_MODULUS_SIZE]; uint16 g_server_rdp_version = 0; /* These values must be available to reset state - Session Directory */ static int g_sec_encrypt_use_count = 0; static int g_sec_decrypt_use_count = 0; void ssl_sha1_init(SSL_SHA1 * sha1) { SHA1_Init(sha1); } void ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len) { SHA1_Update(sha1, data, len); } void ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data) { SHA1_Final(out_data, sha1); } void ssl_md5_init(SSL_MD5 * md5) { MD5_Init(md5); } void ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len) { MD5_Update(md5, data, len); } void ssl_md5_final(SSL_MD5 * md5, uint8 * out_data) { MD5_Final(out_data, md5); } void ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len) { RC4_set_key(rc4, len, key); } void ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len) { RC4(rc4, len, in_data, out_data); } static void reverse(uint8 * p, int len) { int i, j; uint8 temp; for (i = 0, j = len - 1; i < j; i++, j--) { temp = p[i]; p[i] = p[j]; p[j] = temp; } } void ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { BN_CTX *ctx; BIGNUM mod, exp, x, y; uint8 inr[SEC_MAX_MODULUS_SIZE]; int outlen; reverse(modulus, modulus_size); reverse(exponent, SEC_EXPONENT_SIZE); memcpy(inr, in, len); reverse(inr, len); ctx = BN_CTX_new(); BN_init(&mod); BN_init(&exp); BN_init(&x); BN_init(&y); BN_bin2bn(modulus, modulus_size, &mod); BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); BN_bin2bn(inr, len, &x); BN_mod_exp(&y, &x, &exp, &mod, ctx); outlen = BN_bn2bin(&y, out); reverse(out, outlen); if (outlen < (int) modulus_size) memset(out + outlen, 0, modulus_size - outlen); BN_free(&y); BN_clear_free(&x); BN_free(&exp); BN_free(&mod); BN_CTX_free(ctx); } /* returns newly allocated SSL_CERT or NULL */ SSL_CERT *ssl_cert_read(uint8 * data, uint32 len) { /* this will move the data pointer but we don't care, we don't use it again */ return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len); } void ssl_cert_free(SSL_CERT * cert) { X509_free(cert); } /* returns newly allocated SSL_RKEY or NULL */ SSL_RKEY *ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len) { EVP_PKEY *epk = NULL; SSL_RKEY *lkey; int nid; /* By some reason, Microsoft sets the OID of the Public RSA key to the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" Kudos to Richard Levitte for the following (. intiutive .) lines of code that resets the OID and let's us extract the key. */ nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); } epk = X509_get_pubkey(cert); if (NULL == epk) { error("Failed to extract public key from certificate\n"); return NULL; } lkey = RSAPublicKey_dup(EVP_PKEY_get1_RSA(epk)); EVP_PKEY_free(epk); *key_len = RSA_size(lkey); return lkey; } int ssl_cert_print_fp(FILE * fp, SSL_CERT * cert) { return X509_print_fp(fp, cert); } void ssl_rkey_free(SSL_RKEY * rkey) { RSA_free(rkey); } /* returns error */ int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, uint32 max_mod_len) { int len; if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || (BN_num_bytes(rkey->n) > (int) max_mod_len)) { return 1; } len = BN_bn2bin(rkey->e, exponent); reverse(exponent, len); len = BN_bn2bin(rkey->n, modulus); reverse(modulus, len); return 0; } /* returns boolean */ BOOL ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len, uint8 * signature, uint32 sig_len) { return True; } void ssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md) { HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL); HMAC_CTX_cleanup(&ctx); } /* * I believe this is based on SSLv3 with the following differences: * MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields * MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other * key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC' * key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key) * encryption/decryption keys updated every 4096 packets * See http://wp.netscape.com/eng/ssl3/draft302.txt */ /* * 48-byte transformation used to generate master secret (6.1) and key material (6.2.2). * Both SHA1 and MD5 algorithms are used. */ void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt) { uint8 shasig[20]; uint8 pad[4]; SSL_SHA1 sha1; SSL_MD5 md5; int i; for (i = 0; i < 3; i++) { memset(pad, salt + i, i + 1); ssl_sha1_init(&sha1); ssl_sha1_update(&sha1, pad, i + 1); ssl_sha1_update(&sha1, in, 48); ssl_sha1_update(&sha1, salt1, 32); ssl_sha1_update(&sha1, salt2, 32); ssl_sha1_final(&sha1, shasig); ssl_md5_init(&md5); ssl_md5_update(&md5, in, 48); ssl_md5_update(&md5, shasig, 20); ssl_md5_final(&md5, &out[i * 16]); } } /* * 16-byte transformation used to generate export keys (6.2.2). */ void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2) { SSL_MD5 md5; ssl_md5_init(&md5); ssl_md5_update(&md5, in, 16); ssl_md5_update(&md5, salt1, 32); ssl_md5_update(&md5, salt2, 32); ssl_md5_final(&md5, out); } /* Reduce key entropy from 64 to 40 bits */ static void sec_make_40bit(uint8 * key) { key[0] = 0xd1; key[1] = 0x26; key[2] = 0x9e; } /* Generate encryption keys given client and server randoms */ static void sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size) { uint8 pre_master_secret[48]; uint8 master_secret[48]; uint8 key_block[48]; /* Construct pre-master secret */ memcpy(pre_master_secret, client_random, 24); memcpy(pre_master_secret + 24, server_random, 24); /* Generate master secret and then key material */ sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A'); sec_hash_48(key_block, master_secret, client_random, server_random, 'X'); /* First 16 bytes of key material is MAC secret */ memcpy(g_sec_sign_key, key_block, 16); /* Generate export keys from next two blocks of 16 bytes */ sec_hash_16(g_sec_decrypt_key, &key_block[16], client_random, server_random); sec_hash_16(g_sec_encrypt_key, &key_block[32], client_random, server_random); if (rc4_key_size == 1) { DEBUG(("40-bit encryption enabled\n")); sec_make_40bit(g_sec_sign_key); sec_make_40bit(g_sec_decrypt_key); sec_make_40bit(g_sec_encrypt_key); g_rc4_key_len = 8; } else { DEBUG(("rc_4_key_size == %d, 128-bit encryption enabled\n", rc4_key_size)); g_rc4_key_len = 16; } /* Save initial RC4 keys as update keys */ memcpy(g_sec_decrypt_update_key, g_sec_decrypt_key, 16); memcpy(g_sec_encrypt_update_key, g_sec_encrypt_key, 16); /* Initialise RC4 state arrays */ ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len); ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len); } static uint8 pad_54[40] = { 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54 }; static uint8 pad_92[48] = { 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92 }; /* Output a uint32 into a buffer (little-endian) */ void buf_out_uint32(uint8 * buffer, uint32 value) { buffer[0] = (value) & 0xff; buffer[1] = (value >> 8) & 0xff; buffer[2] = (value >> 16) & 0xff; buffer[3] = (value >> 24) & 0xff; } /* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */ void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen) { uint8 shasig[20]; uint8 md5sig[16]; uint8 lenhdr[4]; SSL_SHA1 sha1; SSL_MD5 md5; buf_out_uint32(lenhdr, datalen); ssl_sha1_init(&sha1); ssl_sha1_update(&sha1, session_key, keylen); ssl_sha1_update(&sha1, pad_54, 40); ssl_sha1_update(&sha1, lenhdr, 4); ssl_sha1_update(&sha1, data, datalen); ssl_sha1_final(&sha1, shasig); ssl_md5_init(&md5); ssl_md5_update(&md5, session_key, keylen); ssl_md5_update(&md5, pad_92, 48); ssl_md5_update(&md5, shasig, 20); ssl_md5_final(&md5, md5sig); memcpy(signature, md5sig, siglen); } /* Update an encryption key */ static void sec_update(uint8 * key, uint8 * update_key) { uint8 shasig[20]; SSL_SHA1 sha1; SSL_MD5 md5; SSL_RC4 update; ssl_sha1_init(&sha1); ssl_sha1_update(&sha1, update_key, g_rc4_key_len); ssl_sha1_update(&sha1, pad_54, 40); ssl_sha1_update(&sha1, key, g_rc4_key_len); ssl_sha1_final(&sha1, shasig); ssl_md5_init(&md5); ssl_md5_update(&md5, update_key, g_rc4_key_len); ssl_md5_update(&md5, pad_92, 48); ssl_md5_update(&md5, shasig, 20); ssl_md5_final(&md5, key); ssl_rc4_set_key(&update, key, g_rc4_key_len); ssl_rc4_crypt(&update, key, key, g_rc4_key_len); if (g_rc4_key_len == 8) sec_make_40bit(key); } /* Encrypt data using RC4 */ static void sec_encrypt(uint8 * data, int length) { if (g_sec_encrypt_use_count == 4096) { sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key); ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len); g_sec_encrypt_use_count = 0; } ssl_rc4_crypt(&g_rc4_encrypt_key, data, data, length); g_sec_encrypt_use_count++; } /* Decrypt data using RC4 */ void sec_decrypt(uint8 * data, int length) { if (g_sec_decrypt_use_count == 4096) { sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key); ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len); g_sec_decrypt_use_count = 0; } ssl_rc4_crypt(&g_rc4_decrypt_key, data, data, length); g_sec_decrypt_use_count++; } /* Perform an RSA public key encryption operation */ static void sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { ssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent); } /* Initialise secure transport packet */ STREAM sec_init(uint32 flags, int maxlen) { int hdrlen; STREAM s; // if (!g_licence_issued) hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4; // else // hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; s = mcs_init(maxlen + hdrlen); s_push_layer(s, sec_hdr, hdrlen); return s; } /* Transmit secure transport packet over specified channel */ void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) { int datalen; s_pop_layer(s, sec_hdr); out_uint32_le(s, flags); if (flags & SEC_ENCRYPT) { flags &= ~SEC_ENCRYPT; datalen = s->end - s->p - 8; sec_sign(s->p, 8, g_sec_sign_key, g_rc4_key_len, s->p + 8, datalen); sec_encrypt(s->p + 8, datalen); } mcs_send_to_channel(s, channel); } /* Transmit secure transport packet */ void sec_send(STREAM s, uint32 flags) { sec_send_to_channel(s, flags, MCS_GLOBAL_CHANNEL); } /* Transfer the client random to the server */ static void sec_establish_key(void) { uint32 length = g_server_public_key_len + SEC_PADDING_SIZE; uint32 flags = SEC_CLIENT_RANDOM; STREAM s; s = sec_init(flags, length + 4); out_uint32_le(s, length); out_uint8p(s, g_sec_crypted_random, g_server_public_key_len); out_uint8s(s, SEC_PADDING_SIZE); s_mark_end(s); sec_send(s, flags); } /* Output a string in Unicode */ void rdp_out_unistr(STREAM s, char *string, int len) { int i = 0, j = 0; len += 2; while (i < len) { s->p[i++] = string[j++]; s->p[i++] = 0; } s->p += len; } /* Output connect initial data blob */ static void sec_out_mcs_data(STREAM s) { char *g_hostname = "hydra"; int hostlen = 2 * strlen(g_hostname); int length = 158 + 76 + 12 + 4; /* if (g_num_channels > 0) length += g_num_channels * 12 + 8; */ if (hostlen > 30) hostlen = 30; /* Generic Conference Control (T.124) ConferenceCreateRequest */ out_uint16_be(s, 5); out_uint16_be(s, 0x14); out_uint8(s, 0x7c); out_uint16_be(s, 1); out_uint16_be(s, (length | 0x8000)); /* remaining length */ out_uint16_be(s, 8); /* length? */ out_uint16_be(s, 16); out_uint8(s, 0); out_uint16_le(s, 0xc001); out_uint8(s, 0); out_uint32_le(s, 0x61637544); /* OEM ID: "Duca", as in Ducati. */ out_uint16_be(s, ((length - 14) | 0x8000)); /* remaining length */ /* Client information */ out_uint16_le(s, SEC_TAG_CLI_INFO); out_uint16_le(s, 212); /* length */ out_uint16_le(s, g_use_rdp5 ? 4 : 1); /* RDP version. 1 == RDP4, 4 == RDP5. */ out_uint16_le(s, 8); out_uint16_le(s, 800); out_uint16_le(s, 600); out_uint16_le(s, 0xca01); out_uint16_le(s, 0xaa03); out_uint32_le(s, 0x409); out_uint32_le(s, 2600); /* Client build. We are now 2600 compatible :-) */ /* Unicode name of client, padded to 32 bytes */ rdp_out_unistr(s, g_hostname, hostlen); out_uint8s(s, 30 - hostlen); /* See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceddk40/html/cxtsksupportingremotedesktopprotocol.asp */ out_uint32_le(s, 0x4); out_uint32_le(s, 0x0); out_uint32_le(s, 0xc); out_uint8s(s, 64); /* reserved? 4 + 12 doublewords */ out_uint16_le(s, 0xca01); /* colour depth? */ out_uint16_le(s, 1); out_uint32(s, 0); out_uint8(s, g_server_depth); out_uint16_le(s, 0x0700); out_uint8(s, 0); out_uint32_le(s, 1); out_uint8s(s, 64); /* End of client info */ out_uint16_le(s, SEC_TAG_CLI_4); out_uint16_le(s, 12); out_uint32_le(s, g_console_session ? 0xb : 9); out_uint32(s, 0); /* Client encryption settings */ out_uint16_le(s, SEC_TAG_CLI_CRYPT); out_uint16_le(s, 12); /* length */ out_uint32_le(s, g_encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ out_uint32(s, 0); /* Unknown */ /* DEBUG_RDP5(("g_num_channels is %d\n", g_num_channels)); if (g_num_channels > 0) { out_uint16_le(s, SEC_TAG_CLI_CHANNELS); out_uint16_le(s, g_num_channels * 12 + 8); // length out_uint32_le(s, g_num_channels); // number of virtual channels for (i = 0; i < g_num_channels; i++) { DEBUG_RDP5(("Requesting channel %s\n", g_channels[i].name)); out_uint8a(s, g_channels[i].name, 8); out_uint32_be(s, g_channels[i].flags); } } */ s_mark_end(s); } /* Parse a public key structure */ static BOOL sec_parse_public_key(STREAM s, uint8 * modulus, uint8 * exponent) { uint32 magic, modulus_len; in_uint32_le(s, magic); if (magic != SEC_RSA_MAGIC) { error("RSA magic 0x%x\n", magic); return False; } in_uint32_le(s, modulus_len); modulus_len -= SEC_PADDING_SIZE; if ((modulus_len < SEC_MODULUS_SIZE) || (modulus_len > SEC_MAX_MODULUS_SIZE)) { error("Bad server public key size (%u bits)\n", modulus_len * 8); return False; } in_uint8s(s, 8); /* modulus_bits, unknown */ in_uint8a(s, exponent, SEC_EXPONENT_SIZE); in_uint8a(s, modulus, modulus_len); in_uint8s(s, SEC_PADDING_SIZE); g_server_public_key_len = modulus_len; return s_check(s); } /* Parse a public signature structure */ static BOOL sec_parse_public_sig(STREAM s, uint32 len, uint8 * modulus, uint8 * exponent) { uint8 signature[SEC_MAX_MODULUS_SIZE]; uint32 sig_len; if (len != 72) { return True; } memset(signature, 0, sizeof(signature)); sig_len = len - 8; in_uint8a(s, signature, sig_len); return ssl_sig_ok(exponent, SEC_EXPONENT_SIZE, modulus, g_server_public_key_len, signature, sig_len); } /* Parse a crypto information structure */ static BOOL sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size, uint8 ** server_random, uint8 * modulus, uint8 * exponent) { uint32 crypt_level, random_len, rsa_info_len; uint32 cacert_len, cert_len, flags; SSL_CERT *cacert, *server_cert; SSL_RKEY *server_public_key; uint16 tag, length; uint8 *next_tag, *end; in_uint32_le(s, *rc4_key_size); /* 1 = 40-bit, 2 = 128-bit */ in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */ if (crypt_level == 0) /* no encryption */ return False; in_uint32_le(s, random_len); in_uint32_le(s, rsa_info_len); if (random_len != SEC_RANDOM_SIZE) { error("random len %d, expected %d\n", random_len, SEC_RANDOM_SIZE); return False; } in_uint8p(s, *server_random, random_len); /* RSA info */ end = s->p + rsa_info_len; if (end > s->end) return False; in_uint32_le(s, flags); /* 1 = RDP4-style, 0x80000002 = X.509 */ if (flags & 1) { DEBUG_RDP5(("We're going for the RDP4-style encryption\n")); in_uint8s(s, 8); /* unknown */ while (s->p < end) { in_uint16_le(s, tag); in_uint16_le(s, length); next_tag = s->p + length; switch (tag) { case SEC_TAG_PUBKEY: if (!sec_parse_public_key(s, modulus, exponent)) return False; DEBUG_RDP5(("Got Public key, RDP4-style\n")); break; case SEC_TAG_KEYSIG: if (!sec_parse_public_sig(s, length, modulus, exponent)) return False; break; default: unimpl("crypt tag 0x%x\n", tag); } s->p = next_tag; } } else { uint32 certcount; DEBUG_RDP5(("We're going for the RDP5-style encryption\n")); in_uint32_le(s, certcount); /* Number of certificates */ if (certcount < 2) { error("Server didn't send enough X509 certificates\n"); return False; } for (; certcount > 2; certcount--) { /* ignore all the certificates between the root and the signing CA */ uint32 ignorelen; SSL_CERT *ignorecert; DEBUG_RDP5(("Ignored certs left: %d\n", certcount)); in_uint32_le(s, ignorelen); DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen)); ignorecert = ssl_cert_read(s->p, ignorelen); in_uint8s(s, ignorelen); if (ignorecert == NULL) { /* XXX: error out? */ DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n")); } #ifdef WITH_DEBUG_RDP5 DEBUG_RDP5(("cert #%d (ignored):\n", certcount)); ssl_cert_print_fp(stdout, ignorecert); #endif } /* Do da funky X.509 stuffy "How did I find out about this? I looked up and saw a bright light and when I came to I had a scar on my forehead and knew about X.500" - Peter Gutman in a early version of http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt */ in_uint32_le(s, cacert_len); DEBUG_RDP5(("CA Certificate length is %d\n", cacert_len)); cacert = ssl_cert_read(s->p, cacert_len); in_uint8s(s, cacert_len); if (NULL == cacert) { error("Couldn't load CA Certificate from server\n"); return False; } in_uint32_le(s, cert_len); DEBUG_RDP5(("Certificate length is %d\n", cert_len)); server_cert = ssl_cert_read(s->p, cert_len); in_uint8s(s, cert_len); if (NULL == server_cert) { ssl_cert_free(cacert); error("Couldn't load Certificate from server\n"); return False; } ssl_cert_free(cacert); in_uint8s(s, 16); /* Padding */ server_public_key = ssl_cert_to_rkey(server_cert, &g_server_public_key_len); if (NULL == server_public_key) { DEBUG_RDP5(("Didn't parse X509 correctly\n")); ssl_cert_free(server_cert); return False; } ssl_cert_free(server_cert); if ((g_server_public_key_len < SEC_MODULUS_SIZE) || (g_server_public_key_len > SEC_MAX_MODULUS_SIZE)) { error("Bad server public key size (%u bits)\n", g_server_public_key_len * 8); ssl_rkey_free(server_public_key); return False; } if (ssl_rkey_get_exp_mod(server_public_key, exponent, SEC_EXPONENT_SIZE, modulus, SEC_MAX_MODULUS_SIZE) != 0) { error("Problem extracting RSA exponent, modulus"); ssl_rkey_free(server_public_key); return False; } ssl_rkey_free(server_public_key); return True; /* There's some garbage here we don't care about */ } return s_check_end(s); } /* Process crypto information blob */ static void sec_process_crypt_info(STREAM s) { uint8 *server_random = NULL; uint8 modulus[SEC_MAX_MODULUS_SIZE]; uint8 exponent[SEC_EXPONENT_SIZE]; uint32 rc4_key_size; memset(modulus, 0, sizeof(modulus)); memset(exponent, 0, sizeof(exponent)); if (!sec_parse_crypt_info(s, &rc4_key_size, &server_random, modulus, exponent)) { DEBUG(("Failed to parse crypt info\n")); return; } DEBUG(("Generating client random\n")); generate_random(g_client_random); sec_rsa_encrypt(g_sec_crypted_random, g_client_random, SEC_RANDOM_SIZE, g_server_public_key_len, modulus, exponent); sec_generate_keys(g_client_random, server_random, rc4_key_size); } /* Process SRV_INFO, find RDP version supported by server */ static void sec_process_srv_info(STREAM s) { in_uint16_le(s, g_server_rdp_version); if (verbose) hydra_report(stderr, "[VERBOSE] Server RDP version is %d\n", g_server_rdp_version); if (1 == g_server_rdp_version) { g_use_rdp5 = 0; g_server_depth = 8; } } /* Process connect response data blob */ void sec_process_mcs_data(STREAM s) { uint16 tag, length; uint8 *next_tag; uint8 len; in_uint8s(s, 21); /* header (T.124 ConferenceCreateResponse) */ in_uint8(s, len); if (len & 0x80) in_uint8(s, len); while (s->p < s->end) { in_uint16_le(s, tag); in_uint16_le(s, length); if (length <= 4) return; next_tag = s->p + length - 4; switch (tag) { case SEC_TAG_SRV_INFO: sec_process_srv_info(s); break; case SEC_TAG_SRV_CRYPT: sec_process_crypt_info(s); break; case SEC_TAG_SRV_CHANNELS: break; default: unimpl("response tag 0x%x\n", tag); } s->p = next_tag; } } /* Receive secure transport packet */ STREAM sec_recv(uint8 * rdpver) { uint32 sec_flags; uint16 channel = 0; STREAM s; while ((s = mcs_recv(&channel, rdpver)) != NULL) { if (rdpver != NULL) { if (*rdpver != 3) { if (*rdpver & 0x80) { in_uint8s(s, 8); /* signature */ sec_decrypt(s->p, s->end - s->p); } return s; } } //if (g_encryption || !g_licence_issued) if (g_encryption) { in_uint32_le(s, sec_flags); if (sec_flags & SEC_ENCRYPT) { in_uint8s(s, 8); /* signature */ sec_decrypt(s->p, s->end - s->p); } if (sec_flags & SEC_LICENCE_NEG) { //licence_process(s); continue; } if (sec_flags & 0x0400) { /* SEC_REDIRECT_ENCRYPT */ uint8 swapbyte; in_uint8s(s, 8); /* signature */ sec_decrypt(s->p, s->end - s->p); /* Check for a redirect packet, starts with 00 04 */ if (s->p[0] == 0 && s->p[1] == 4) { /* for some reason the PDU and the length seem to be swapped. This isn't good, but we're going to do a byte for byte swap. So the first foure value appear as: 00 04 XX YY, where XX YY is the little endian length. We're going to use 04 00 as the PDU type, so after our swap this will look like: XX YY 04 00 */ swapbyte = s->p[0]; s->p[0] = s->p[2]; s->p[2] = swapbyte; swapbyte = s->p[1]; s->p[1] = s->p[3]; s->p[3] = swapbyte; swapbyte = s->p[2]; s->p[2] = s->p[3]; s->p[3] = swapbyte; } #ifdef WITH_DEBUG /* warning! this debug statement will show passwords in the clear! */ hexdump(s->p, s->end - s->p); #endif } } if (channel != MCS_GLOBAL_CHANNEL) { if (rdpver != NULL) *rdpver = 0xff; return s; } return s; } return NULL; } /* Establish a secure connection */ BOOL sec_connect(char *server, char *username, BOOL reconnect) { struct stream mcs_data; /* We exchange some RDP data during the MCS-Connect */ mcs_data.size = 512; mcs_data.end = mcs_data.p = mcs_data.data = (uint8 *) xmalloc(mcs_data.size); sec_out_mcs_data(&mcs_data); if (!mcs_connect(server, &mcs_data, username, reconnect)) return False; if (g_encryption) sec_establish_key(); free(mcs_data.data); mcs_data.data = NULL; return True; } /* Disconnect a connection */ void sec_disconnect(void) { mcs_disconnect(); } /* reset the state of the sec layer */ void sec_reset_state(void) { g_server_rdp_version = 0; g_sec_encrypt_use_count = 0; g_sec_decrypt_use_count = 0; mcs_reset_state(); } /* Read field indicating which parameters are present */ static void rdp_in_present(STREAM s, uint32 * present, uint8 flags, int size) { uint8 bits; int i; if (flags & RDP_ORDER_SMALL) { size--; } if (flags & RDP_ORDER_TINY) { if (size < 2) size = 0; else size -= 2; } *present = 0; for (i = 0; i < size; i++) { in_uint8(s, bits); *present |= bits << (i * 8); } } /* Read a co-ordinate (16-bit, or 8-bit delta) */ static void rdp_in_coord(STREAM s, sint16 * coord, BOOL delta) { sint8 change; if (delta) { in_uint8(s, change); *coord += change; } else { in_uint16_le(s, *coord); } } /* Read a colour entry */ static void rdp_in_colour(STREAM s, uint32 * colour) { uint32 i; in_uint8(s, i); *colour = i; in_uint8(s, i); *colour |= i << 8; in_uint8(s, i); *colour |= i << 16; } /* Parse bounds information */ static BOOL rdp_parse_bounds(STREAM s, BOUNDS * bounds) { uint8 present; in_uint8(s, present); if (present & 1) rdp_in_coord(s, &bounds->left, False); else if (present & 16) rdp_in_coord(s, &bounds->left, True); if (present & 2) rdp_in_coord(s, &bounds->top, False); else if (present & 32) rdp_in_coord(s, &bounds->top, True); if (present & 4) rdp_in_coord(s, &bounds->right, False); else if (present & 64) rdp_in_coord(s, &bounds->right, True); if (present & 8) rdp_in_coord(s, &bounds->bottom, False); else if (present & 128) rdp_in_coord(s, &bounds->bottom, True); return s_check(s); } /* Process an opaque rectangle order */ static void process_rect(STREAM s, RECT_ORDER * os, uint32 present, BOOL delta) { uint32 i; if (present & 0x01) rdp_in_coord(s, &os->x, delta); if (present & 0x02) rdp_in_coord(s, &os->y, delta); if (present & 0x04) rdp_in_coord(s, &os->cx, delta); if (present & 0x08) rdp_in_coord(s, &os->cy, delta); if (present & 0x10) { in_uint8(s, i); os->colour = (os->colour & 0xffffff00) | i; } if (present & 0x20) { in_uint8(s, i); os->colour = (os->colour & 0xffff00ff) | (i << 8); } if (present & 0x40) { in_uint8(s, i); os->colour = (os->colour & 0xff00ffff) | (i << 16); } DEBUG(("RECT(x=%d,y=%d,cx=%d,cy=%d,fg=0x%x)\n", os->x, os->y, os->cx, os->cy, os->colour)); } /* Process a desktop save order */ static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL delta) { int width, height; if (present & 0x01) in_uint32_le(s, os->offset); if (present & 0x02) rdp_in_coord(s, &os->left, delta); if (present & 0x04) rdp_in_coord(s, &os->top, delta); if (present & 0x08) rdp_in_coord(s, &os->right, delta); if (present & 0x10) rdp_in_coord(s, &os->bottom, delta); if (present & 0x20) in_uint8(s, os->action); DEBUG(("DESKSAVE(l=%d,t=%d,r=%d,b=%d,off=%d,op=%d)\n", os->left, os->top, os->right, os->bottom, os->offset, os->action)); width = os->right - os->left + 1; height = os->bottom - os->top + 1; } /* Process a memory blt order */ static void process_memblt(STREAM s, MEMBLT_ORDER * os, uint32 present, BOOL delta) { //on win 7, vista, 2008, the login failed has to be catched here if (present & 0x0001) { in_uint8(s, os->cache_id); in_uint8(s, os->colour_table); } if (present & 0x0002) rdp_in_coord(s, &os->x, delta); if (present & 0x0004) rdp_in_coord(s, &os->y, delta); if (present & 0x0008) rdp_in_coord(s, &os->cx, delta); if (present & 0x0010) rdp_in_coord(s, &os->cy, delta); if (present & 0x0020) in_uint8(s, os->opcode); if (present & 0x0040) rdp_in_coord(s, &os->srcx, delta); if (present & 0x0080) rdp_in_coord(s, &os->srcy, delta); if (present & 0x0100) in_uint16_le(s, os->cache_idx); DEBUG(("MEMBLT(op=0x%x,x=%d,y=%d,cx=%d,cy=%d,id=%d,idx=%d)\n", os->opcode, os->x, os->y, os->cx, os->cy, os->cache_id, os->cache_idx)); //MEMBLT(op=0xcc,x=640,y=128,cx=64,cy=64,id=2,idx=117) => win8 failed if ((os->opcode == 0xcc && os->x == 740 && os->y == 448 && os->cx == 60 && os->cy == 56 && os->cache_id == 2) || (os->opcode == 0xcc && os->x == 640 && os->y == 128 && os->cx == 64 && os->cy == 64 && os->cache_id == 2 && os->cache_idx > 100)) { if (debug) hydra_report(stderr, "[DEBUG] Login failed from process_memblt\n"); login_result = LOGIN_FAIL; } } /* Process a text order */ static void process_text2(STREAM s, TEXT2_ORDER * os, uint32 present, BOOL delta) { int i; if (present & 0x000001) in_uint8(s, os->font); if (present & 0x000002) in_uint8(s, os->flags); if (present & 0x000004) in_uint8(s, os->opcode); if (present & 0x000008) in_uint8(s, os->mixmode); if (present & 0x000010) rdp_in_colour(s, &os->fgcolour); if (present & 0x000020) rdp_in_colour(s, &os->bgcolour); if (present & 0x000040) in_uint16_le(s, os->clipleft); if (present & 0x000080) in_uint16_le(s, os->cliptop); if (present & 0x000100) in_uint16_le(s, os->clipright); if (present & 0x000200) in_uint16_le(s, os->clipbottom); if (present & 0x000400) in_uint16_le(s, os->boxleft); if (present & 0x000800) in_uint16_le(s, os->boxtop); if (present & 0x001000) in_uint16_le(s, os->boxright); if (present & 0x002000) in_uint16_le(s, os->boxbottom); //rdp_parse_brush(s, &os->brush, present >> 14); if (present & 0x080000) in_uint16_le(s, os->x); if (present & 0x100000) in_uint16_le(s, os->y); if (present & 0x200000) { in_uint8(s, os->length); in_uint8a(s, os->text, os->length); } //printf("TEXT2(x=%d,y=%d,cl=%d,ct=%d,cr=%d,cb=%d,bl=%d,bt=%d,br=%d,bb=%d,bs=%d,bg=0x%x,fg=0x%x,font=%d,fl=0x%x,op=0x%x,mix=%d,n=%d)\n", os->x, os->y, os->clipleft, os->cliptop, os->clipright, os->clipbottom, os->boxleft, os->boxtop, os->boxright, os->boxbottom, , os->bgcolour, os->fgcolour, os->font, os->flags, os->opcode, os->mixmode, os->length); if (debug) { printf("[DEBUG] process_text2: "); for (i = 0; i < os->length; i++) printf("%02x ", os->text[i]); printf(" *** "); printf("size: %d\n", os->length); } //there is no way to determine if the message from w2k is a success or failure at first //so we identify it here and set the os version as win 2000 same for win2k3 if (!memcmp(os->text, LOGON_MESSAGE_2K, 31)) { os_version = 2000; } if (!memcmp(os->text, LOGON_MESSAGE_FAILED_2K3, 18)) { os_version = 2003; } //on win2k, error can be fe 00 00 or fe 02 00 if (((os->text[0] == 254) && (os->text[2] == 0)) || (!memcmp(os->text, LOGON_MESSAGE_FAILED_XP, 18))) { if (debug) hydra_report(stderr, "[DEBUG] login failed from process_text2\n"); login_result = LOGIN_FAIL; } else { //if it's not an well known error and if it's not just traffic from win 2000 server if ((os_version == 2000) && (os->length > 50)) { if (debug) hydra_report(stderr, "[DEBUG] login success from process_text2\n"); login_result = LOGIN_SUCC; } } } /* Process a secondary order */ static void process_secondary_order(STREAM s) { /* The length isn't calculated correctly by the server. * For very compact orders the length becomes negative * so a signed integer must be used. */ uint16 length; uint16 flags; uint8 type; uint8 *next_order; in_uint16_le(s, length); in_uint16_le(s, flags); /* used by bmpcache2 */ in_uint8(s, type); next_order = s->p + (sint16) length + 7; /* switch (type) { case RDP_ORDER_RAW_BMPCACHE: break; case RDP_ORDER_COLCACHE: break; case RDP_ORDER_BMPCACHE: break; case RDP_ORDER_FONTCACHE: process_fontcache(s); break; case RDP_ORDER_RAW_BMPCACHE2: break; case RDP_ORDER_BMPCACHE2: break; case RDP_ORDER_BRUSHCACHE: process_brushcache(s, flags); break; default: unimpl("secondary order %d\n", type); } */ s->p = next_order; } /* Process an order PDU */ void process_orders(STREAM s, uint16 num_orders) { RDP_ORDER_STATE *os = &g_order_state; uint32 present; uint8 order_flags; int size, processed = 0; BOOL delta; while (processed < num_orders) { in_uint8(s, order_flags); if (os_version == 2003) os_version = 0; if (!(order_flags & RDP_ORDER_STANDARD)) { //error("order parsing failed\n"); //we detected the os is a win 2000 version and the next text msg will be either an error LOGON_MESSAGE_FAILED_2K //or any other traffic indicating the logon was successfull, so we reset the os_version and let process_text2 handle the msg if (os_version == 2003) login_result = LOGIN_SUCC; break; } if (order_flags & RDP_ORDER_SECONDARY) { process_secondary_order(s); } else { if (order_flags & RDP_ORDER_CHANGE) { in_uint8(s, os->order_type); } switch (os->order_type) { case RDP_ORDER_TRIBLT: case RDP_ORDER_TEXT2: size = 3; break; case RDP_ORDER_PATBLT: case RDP_ORDER_MEMBLT: case RDP_ORDER_LINE: case RDP_ORDER_POLYGON2: case RDP_ORDER_ELLIPSE2: size = 2; break; default: size = 1; } rdp_in_present(s, &present, order_flags, size); if (order_flags & RDP_ORDER_BOUNDS) { if (!(order_flags & RDP_ORDER_LASTBOUNDS)) rdp_parse_bounds(s, &os->bounds); } delta = order_flags & RDP_ORDER_DELTA; //printf("order %d\n", os->order_type); if (login_result) return; switch (os->order_type) { case RDP_ORDER_RECT: process_rect(s, &os->rect, present, delta); break; case RDP_ORDER_DESKSAVE: process_desksave(s, &os->desksave, present, delta); break; case RDP_ORDER_MEMBLT: process_memblt(s, &os->memblt, present, delta); break; case RDP_ORDER_TEXT2: process_text2(s, &os->text2, present, delta); break; default: if (debug) printf("[DEBUG] unknown order_type: %d\n", os->order_type); } } processed++; } } /* Reset order state */ void reset_order_state(void) { memset(&g_order_state, 0, sizeof(g_order_state)); g_order_state.order_type = RDP_ORDER_PATBLT; } /* Disconnect from the RDP layer */ void rdp_disconnect(void) { sec_disconnect(); } void rdp5_process(STREAM s) { uint16 length, count; uint8 type, ctype; uint8 *next; struct stream *ts; while (s->p < s->end) { in_uint8(s, type); if (type & RDP5_COMPRESSED) { in_uint8(s, ctype); in_uint16_le(s, length); type ^= RDP5_COMPRESSED; } else { ctype = 0; in_uint16_le(s, length); } g_next_packet = next = s->p + length; ts = s; //printf("type: %d\n", type); switch (type) { case 0: /* update orders */ in_uint16_le(ts, count); process_orders(ts, count); break; } s->p = next; } } /* Receive an RDP packet */ static STREAM rdp_recv(uint8 * type) { static STREAM rdp_s; uint16 length, pdu_type; uint8 rdpver; if ((rdp_s == NULL) || (g_next_packet >= rdp_s->end) || (g_next_packet == NULL)) { rdp_s = sec_recv(&rdpver); if (rdp_s == NULL) return NULL; if (rdpver == 0xff) { g_next_packet = rdp_s->end; *type = 0; return rdp_s; } else if (rdpver != 3) { /* rdp5_process should move g_next_packet ok */ rdp5_process(rdp_s); *type = 0; return rdp_s; } g_next_packet = rdp_s->p; } else { rdp_s->p = g_next_packet; } in_uint16_le(rdp_s, length); /* 32k packets are really 8, keepalive fix */ if (length == 0x8000) { g_next_packet += 8; *type = 0; return rdp_s; } in_uint16_le(rdp_s, pdu_type); in_uint8s(rdp_s, 2); /* userid */ *type = pdu_type & 0xf; g_next_packet += length; return rdp_s; } /* used in uiports and rdp_main_loop, processes the rdp packets waiting */ BOOL rdp_loop(BOOL * deactivated, uint32 * ext_disc_reason) { uint8 type; BOOL cont = True; STREAM s; while (cont) { s = rdp_recv(&type); if (s == NULL) return False; switch (type) { case RDP_PDU_DEMAND_ACTIVE: process_demand_active(s); *deactivated = False; break; case RDP_PDU_DEACTIVATE: DEBUG(("RDP_PDU_DEACTIVATE\n")); *deactivated = True; break; case RDP_PDU_REDIRECT: break; case RDP_PDU_DATA: process_data_pdu(s, ext_disc_reason); break; case 0: break; default: unimpl("PDU %d\n", type); } cont = g_next_packet < s->end; } return True; } /* Process incoming packets */ int rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) { while (rdp_loop(deactivated, ext_disc_reason)) { if (login_result != LOGIN_UNKN) { return login_result; } } return 0; } /* Parse a logon info packet */ static void rdp_send_logon_info(uint32 flags, char *domain, char *user, char *password, char *program, char *directory) { char *ipaddr = tcp_get_address(); int len_domain = 2 * strlen(domain); int len_user = 2 * strlen(user); int len_password = 2 * strlen(password); int len_program = 2 * strlen(program); int len_directory = 2 * strlen(directory); int len_ip = 2 * strlen(ipaddr); int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); int packetlen = 0; uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; STREAM s = NULL; time_t t = time(NULL); time_t tzone; uint8 security_verifier[16]; if (!g_use_rdp5 || 1 == g_server_rdp_version) { DEBUG_RDP5(("Sending RDP4-style Logon packet\n")); s = sec_init(sec_flags, 18 + len_domain + len_user + len_password + len_program + len_directory + 10); out_uint32(s, 0); out_uint32_le(s, flags); out_uint16_le(s, len_domain); out_uint16_le(s, len_user); out_uint16_le(s, len_password); out_uint16_le(s, len_program); out_uint16_le(s, len_directory); rdp_out_unistr(s, domain, len_domain); rdp_out_unistr(s, user, len_user); rdp_out_unistr(s, password, len_password); rdp_out_unistr(s, program, len_program); rdp_out_unistr(s, directory, len_directory); } else { flags |= RDP_LOGON_BLOB; DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); packetlen = 4 + /* Unknown uint32 */ 4 + /* flags */ 2 + /* len_domain */ 2 + /* len_user */ (flags & RDP_LOGON_AUTO ? 2 : 0) + /* len_password */ (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* Length of BLOB */ 2 + /* len_program */ 2 + /* len_directory */ (0 < len_domain ? len_domain : 2) + /* domain */ len_user + /* len user */ (flags & RDP_LOGON_AUTO ? len_password : 0) + /* len pass */ 0 + /* We have no 512 byte BLOB. Perhaps we must? */ (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* After the BLOB is a unknown int16. If there is a BLOB, that is. */ (0 < len_program ? len_program : 2) + /* program */ (0 < len_directory ? len_directory : 2) + /* dir */ 2 + /* Unknown (2) */ 2 + /* Client ip length */ len_ip + /* Client ip */ 2 + /* DLL string length */ len_dll + /* DLL string */ 4 + /* zone */ strlen("GTB, normaltid") * 2 + /* zonestring */ 1 + /* len */ 5 * 4 + /* some int32 */ 2 * strlen("GTB, sommartid") + /* zonestring */ 1 + /* len */ 5 * 4 + /* some int32 */ 2 * 4 + /* some int32 */ (g_has_reconnect_random ? 14 + sizeof(security_verifier) : 2) + 105 + /* ??? we need this */ 0; // end //printf("pl: %d - flags %d - AUTO %d - BLOB %d\n", packetlen, flags, RDP_LOGON_AUTO, RDP_LOGON_BLOB); s = sec_init(sec_flags, packetlen); DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); out_uint32(s, 0); /* Unknown */ out_uint32_le(s, flags); out_uint16_le(s, len_domain); out_uint16_le(s, len_user); if (flags & RDP_LOGON_AUTO) { out_uint16_le(s, len_password); } if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) { out_uint16_le(s, 0); } out_uint16_le(s, len_program); out_uint16_le(s, len_directory); if (0 < len_domain) rdp_out_unistr(s, domain, len_domain); else out_uint16_le(s, 0); rdp_out_unistr(s, user, len_user); if (flags & RDP_LOGON_AUTO) { rdp_out_unistr(s, password, len_password); } if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) { out_uint16_le(s, 0); } if (0 < len_program) { rdp_out_unistr(s, program, len_program); } else { out_uint16_le(s, 0); } if (0 < len_directory) { rdp_out_unistr(s, directory, len_directory); } else { out_uint16_le(s, 0); } /* TS_EXTENDED_INFO_PACKET */ out_uint16_le(s, 2); /* clientAddressFamily = AF_INET */ out_uint16_le(s, len_ip + 2); /* cbClientAddress, Length of client ip */ rdp_out_unistr(s, ipaddr, len_ip); /* clientAddress */ out_uint16_le(s, len_dll + 2); /* cbClientDir */ rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); /* clientDir */ /* TS_TIME_ZONE_INFORMATION */ tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60; out_uint32_le(s, tzone); rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); out_uint32_le(s, 0x0a0000); out_uint32_le(s, 0x050000); out_uint32_le(s, 3); out_uint32_le(s, 0); out_uint32_le(s, 0); rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid")); out_uint8s(s, 62 - 2 * strlen("GTB, sommartid")); out_uint32_le(s, 0x30000); out_uint32_le(s, 0x050000); out_uint32_le(s, 2); out_uint32(s, 0); out_uint32_le(s, 0xffffffc4); /* DaylightBias */ /* Rest of TS_EXTENDED_INFO_PACKET */ out_uint32_le(s, 0xfffffffe); /* clientSessionId, consider changing to 0 */ out_uint32_le(s, g_rdp5_performanceflags); /* Client Auto-Reconnect */ if (g_has_reconnect_random) { out_uint16_le(s, 28); /* cbAutoReconnectLen */ /* ARC_CS_PRIVATE_PACKET */ out_uint32_le(s, 28); /* cbLen */ out_uint32_le(s, 1); /* Version */ out_uint32_le(s, g_reconnect_logonid); /* LogonId */ ssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random), g_client_random, SEC_RANDOM_SIZE, security_verifier); out_uint8a(s, security_verifier, sizeof(security_verifier)); } else { out_uint16_le(s, 0); /* cbAutoReconnectLen */ } } s_mark_end(s); sec_send(s, sec_flags); } /* Establish a connection up to the RDP layer */ BOOL rdp_connect(char *server, uint32 flags, char *domain, char *login, char *password, char *command, char *directory, BOOL reconnect) { if (!sec_connect(server, login, reconnect)) return False; rdp_send_logon_info(flags, domain, login, password, command, directory); return True; } int start_rdp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char server[64]; char domain[256]; char shell[256]; char directory[256]; BOOL deactivated = 0; uint32 flags, ext_disc_reason = 0; flags = RDP_LOGON_NORMAL; flags |= RDP_LOGON_AUTO; os_version = 0; g_redirect = False; g_redirect_flags = 0; login_result = LOGIN_UNKN; shell[0] = directory[0] = 0; memset(domain, 0, sizeof(domain)); if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; strcpy(server, hydra_address2string(ip)); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { strncpy(domain, miscptr, sizeof(domain) - 1); domain[sizeof(domain) - 1] = 0; } if (!rdp_connect(server, flags, domain, login, pass, shell, directory, g_redirect)) return 3; rdp_main_loop(&deactivated, &ext_disc_reason); if (login_result == LOGIN_SUCC) { hydra_report_found_host(port, ip, "rdp", fp); hydra_completed_pair_found(); } else { hydra_completed_pair(); } rdp_disconnect(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } /* Client program */ void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1; int myport = PORT_RDP; if (port != 0) myport = port; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* run the cracking function */ rdesktop_reset_state(); g_sock = hydra_connect_tcp(ip, myport); if (g_sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = start_rdp(g_sock, ip, port, options, miscptr, fp); break; case 2: /* clean exit */ if (g_sock >= 0) rdp_disconnect(); hydra_child_exit(0); return; case 3: /* connection error case */ hydra_child_exit(1); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } /* Generate a 32-byte random for the secure transport code. */ void generate_random(uint8 * random) { struct stat st; struct tms tmsbuf; SSL_MD5 md5; uint32 *r; int fd, n; /* If we have a kernel random device, try that first */ if (((fd = open("/dev/urandom", O_RDONLY)) != -1) || ((fd = open("/dev/random", O_RDONLY)) != -1)) { n = read(fd, random, 32); close(fd); if (n == 32) return; } r = (uint32 *) random; r[0] = (getpid()) | (getppid() << 16); r[1] = (getuid()) | (getgid() << 16); r[2] = times(&tmsbuf); /* system uptime (clocks) */ gettimeofday((struct timeval *) &r[3], NULL); /* sec and usec */ stat("/tmp", &st); r[5] = st.st_atime; r[6] = st.st_mtime; r[7] = st.st_ctime; /* Hash both halves with MD5 to obscure possible patterns */ ssl_md5_init(&md5); ssl_md5_update(&md5, random, 16); ssl_md5_final(&md5, random); ssl_md5_update(&md5, random + 16, 16); ssl_md5_final(&md5, random + 16); } /* malloc; exit if out of memory */ void *xmalloc(int size) { void *mem = malloc(size); if (mem == NULL) { error("xmalloc %d\n", size); return NULL; } return mem; } /* strdup */ char *xstrdup(const char *s) { char *mem = strdup(s); if (mem == NULL) { perror("strdup"); return NULL; } return mem; } /* realloc; exit if out of memory */ void *xrealloc(void *oldmem, size_t size) { void *mem; if (size == 0) size = 1; //printf("---? %p %d\n", oldmem, size); mem = realloc(oldmem, size); //printf("---!\n"); if (mem == NULL) { error("xrealloc %ld\n", size); return NULL; } return mem; } /* report an error */ void error(char *format, ...) { va_list ap; fprintf(stderr, "[ERROR]: "); va_start(ap, format); hydra_report(stderr, format, ap); va_end(ap); } /* report a warning */ void warning(char *format, ...) { if (verbose) { va_list ap; fprintf(stderr, "[VERBOSE]: "); va_start(ap, format); hydra_report(stderr, format, ap); va_end(ap); } } /* report an unimplemented protocol feature */ void unimpl(char *format, ...) { if (debug) { va_list ap; fprintf(stderr, "[DEBUG] not implemented: "); va_start(ap, format); hydra_report(stderr, format, ap); va_end(ap); } } /* produce a hex dump */ void hexdump(unsigned char *p, unsigned int len) { unsigned char *line = p; int i, thisline, offset = 0; while (offset < len) { printf("%04x ", offset); thisline = len - offset; if (thisline > 16) thisline = 16; for (i = 0; i < thisline; i++) printf("%02x ", line[i]); for (; i < 16; i++) printf(" "); for (i = 0; i < thisline; i++) printf("%c", (line[i] >= 0x20 && line[i] < 0x7f) ? line[i] : '.'); printf("\n"); offset += thisline; line += thisline; } } /* Initialise an RDP data packet */ static STREAM rdp_init_data(int maxlen) { STREAM s; s = sec_init(g_encryption ? SEC_ENCRYPT : 0, maxlen + 18); s_push_layer(s, rdp_hdr, 18); return s; } /* Send an RDP data packet */ static void rdp_send_data(STREAM s, uint8 data_pdu_type) { uint16 length; s_pop_layer(s, rdp_hdr); length = s->end - s->p; out_uint16_le(s, length); out_uint16_le(s, (RDP_PDU_DATA | 0x10)); out_uint16_le(s, (g_mcs_userid + 1001)); out_uint32_le(s, g_rdp_shareid); out_uint8(s, 0); /* pad */ out_uint8(s, 1); /* streamid */ out_uint16_le(s, (length - 14)); out_uint8(s, data_pdu_type); out_uint8(s, 0); /* compress_type */ out_uint16(s, 0); /* compress_len */ sec_send(s, g_encryption ? SEC_ENCRYPT : 0); } /* Input a string in Unicode * * Returns str_len of string */ int rdp_in_unistr(STREAM s, char *string, int str_size, int in_len) { int i = 0; int len = in_len / 2; int rem = 0; if (len > str_size - 1) { warning("server sent an unexpectedly long string, truncating\n"); len = str_size - 1; rem = in_len - 2 * len; } while (i < len) { in_uint8a(s, &string[i++], 1); in_uint8s(s, 1); } in_uint8s(s, rem); string[len] = 0; return len; } /* Send a control PDU */ static void rdp_send_control(uint16 action) { STREAM s; s = rdp_init_data(8); out_uint16_le(s, action); out_uint16(s, 0); /* userid */ out_uint32(s, 0); /* control id */ s_mark_end(s); rdp_send_data(s, RDP_DATA_PDU_CONTROL); } /* Send a synchronisation PDU */ static void rdp_send_synchronise(void) { STREAM s; s = rdp_init_data(4); out_uint16_le(s, 1); /* type */ out_uint16_le(s, 1002); s_mark_end(s); rdp_send_data(s, RDP_DATA_PDU_SYNCHRONISE); } /* Send a single input event */ void rdp_send_input(uint32 time, uint16 message_type, uint16 device_flags, uint16 param1, uint16 param2) { STREAM s; switch (message_type) { case RDP_INPUT_MOUSE: rdp_send_fast_input_mouse(time, device_flags, param1, param2); break; case RDP_INPUT_SCANCODE: rdp_send_fast_input_kbd(time, device_flags, param1); break; default: s = rdp_init_data(16); out_uint16_le(s, 1); /* number of events */ out_uint16(s, 0); /* pad */ out_uint32_le(s, time); out_uint16_le(s, message_type); out_uint16_le(s, device_flags); out_uint16_le(s, param1); out_uint16_le(s, param2); s_mark_end(s); rdp_send_data(s, RDP_DATA_PDU_INPUT); } } /* Send an (empty) font information PDU */ static void rdp_send_fonts(uint16 seq) { STREAM s; s = rdp_init_data(8); out_uint16(s, 0); /* number of fonts */ out_uint16_le(s, 0); /* pad? */ out_uint16_le(s, seq); /* unknown */ out_uint16_le(s, 0x32); /* entry size */ s_mark_end(s); rdp_send_data(s, RDP_DATA_PDU_FONT2); } /* Output general capability set */ static void rdp_out_general_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_GENERAL); out_uint16_le(s, RDP_CAPLEN_GENERAL); out_uint16_le(s, 1); /* OS major type */ out_uint16_le(s, 3); /* OS minor type */ out_uint16_le(s, 0x200); /* Protocol version */ out_uint16(s, 0); /* Pad */ out_uint16(s, 0); /* Compression types */ out_uint16_le(s, g_use_rdp5 ? 0x40d : 0); /* Pad, according to T.128. 0x40d seems to trigger the server to start sending RDP5 packets. However, the value is 0x1d04 with W2KTSK and NT4MS. Hmm.. Anyway, thankyou, Microsoft, for sending such information in a padding field.. */ out_uint16(s, 0); /* Update capability */ out_uint16(s, 0); /* Remote unshare capability */ out_uint16(s, 0); /* Compression level */ out_uint16(s, 0); /* Pad */ } /* Output bitmap capability set */ static void rdp_out_bitmap_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_BITMAP); out_uint16_le(s, RDP_CAPLEN_BITMAP); out_uint16_le(s, g_server_depth); /* Preferred colour depth */ out_uint16_le(s, 1); /* Receive 1 BPP */ out_uint16_le(s, 1); /* Receive 4 BPP */ out_uint16_le(s, 1); /* Receive 8 BPP */ out_uint16_le(s, 800); /* Desktop width */ out_uint16_le(s, 600); /* Desktop height */ out_uint16(s, 0); /* Pad */ out_uint16(s, 1); /* Allow resize */ out_uint16_le(s, g_bitmap_compression ? 1 : 0); /* Support compression */ out_uint16(s, 0); /* Unknown */ out_uint16_le(s, 1); /* Unknown */ out_uint16(s, 0); /* Pad */ } /* Output order capability set */ static void rdp_out_order_caps(STREAM s) { uint8 order_caps[32]; memset(order_caps, 0, 32); order_caps[0] = 1; /* dest blt */ order_caps[1] = 1; /* pat blt */ order_caps[2] = 1; /* screen blt */ order_caps[3] = (g_bitmap_cache ? 1 : 0); /* memblt */ order_caps[4] = 0; /* triblt */ order_caps[8] = 1; /* line */ order_caps[9] = 1; /* line */ order_caps[10] = 1; /* rect */ order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */ order_caps[13] = 1; /* memblt */ order_caps[14] = 1; /* triblt */ order_caps[20] = 1; /* polygon */ order_caps[21] = 1; /* polygon2 */ order_caps[22] = 1; /* polyline */ order_caps[25] = 1; /* ellipse */ order_caps[26] = 1; /* ellipse2 */ order_caps[27] = 1; /* text2 */ out_uint16_le(s, RDP_CAPSET_ORDER); out_uint16_le(s, RDP_CAPLEN_ORDER); out_uint8s(s, 20); /* Terminal desc, pad */ out_uint16_le(s, 1); /* Cache X granularity */ out_uint16_le(s, 20); /* Cache Y granularity */ out_uint16(s, 0); /* Pad */ out_uint16_le(s, 1); /* Max order level */ out_uint16_le(s, 0x147); /* Number of fonts */ out_uint16_le(s, 0x2a); /* Capability flags */ out_uint8p(s, order_caps, 32); /* Orders supported */ out_uint16_le(s, 0x6a1); /* Text capability flags */ out_uint8s(s, 6); /* Pad */ out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400); /* Desktop cache size */ out_uint32(s, 0); /* Unknown */ out_uint32_le(s, 0x4e4); /* Unknown */ } /* Output bitmap cache capability set */ static void rdp_out_bmpcache_caps(STREAM s) { int Bpp; out_uint16_le(s, RDP_CAPSET_BMPCACHE); out_uint16_le(s, RDP_CAPLEN_BMPCACHE); Bpp = (g_server_depth + 7) / 8; /* bytes per pixel */ out_uint8s(s, 24); /* unused */ out_uint16_le(s, 0x258); /* entries */ out_uint16_le(s, 0x100 * Bpp); /* max cell size */ out_uint16_le(s, 0x12c); /* entries */ out_uint16_le(s, 0x400 * Bpp); /* max cell size */ out_uint16_le(s, 0x106); /* entries */ out_uint16_le(s, 0x1000 * Bpp); /* max cell size */ } /* Output bitmap cache v2 capability set */ static void rdp_out_bmpcache2_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_BMPCACHE2); out_uint16_le(s, RDP_CAPLEN_BMPCACHE2); out_uint16_le(s, g_bitmap_cache_persist_enable ? 2 : 0); /* version */ out_uint16_be(s, 3); /* number of caches in this set */ /* max cell size for cache 0 is 16x16, 1 = 32x32, 2 = 64x64, etc */ out_uint32_le(s, BMPCACHE2_C0_CELLS); out_uint32_le(s, BMPCACHE2_C1_CELLS); out_uint32_le(s, BMPCACHE2_C2_CELLS); out_uint8s(s, 20); /* other bitmap caches not used */ } /* Output control capability set */ static void rdp_out_control_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_CONTROL); out_uint16_le(s, RDP_CAPLEN_CONTROL); out_uint16(s, 0); /* Control capabilities */ out_uint16(s, 0); /* Remote detach */ out_uint16_le(s, 2); /* Control interest */ out_uint16_le(s, 2); /* Detach interest */ } /* Output activation capability set */ static void rdp_out_activate_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_ACTIVATE); out_uint16_le(s, RDP_CAPLEN_ACTIVATE); out_uint16(s, 0); /* Help key */ out_uint16(s, 0); /* Help index key */ out_uint16(s, 0); /* Extended help key */ out_uint16(s, 0); /* Window activate */ } /* Output pointer capability set */ static void rdp_out_pointer_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_POINTER); out_uint16_le(s, RDP_CAPLEN_POINTER); out_uint16(s, 0); /* Colour pointer */ out_uint16_le(s, 20); /* Cache size */ } /* Output new pointer capability set */ static void rdp_out_newpointer_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_POINTER); out_uint16_le(s, RDP_CAPLEN_NEWPOINTER); out_uint16_le(s, 1); /* Colour pointer */ out_uint16_le(s, 20); /* Cache size */ out_uint16_le(s, 20); /* Cache size for new pointers */ } /* Output share capability set */ static void rdp_out_share_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_SHARE); out_uint16_le(s, RDP_CAPLEN_SHARE); out_uint16(s, 0); /* userid */ out_uint16(s, 0); /* pad */ } /* Output colour cache capability set */ static void rdp_out_colcache_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_COLCACHE); out_uint16_le(s, RDP_CAPLEN_COLCACHE); out_uint16_le(s, 6); /* cache size */ out_uint16(s, 0); /* pad */ } /* Output brush cache capability set */ static void rdp_out_brushcache_caps(STREAM s) { out_uint16_le(s, RDP_CAPSET_BRUSHCACHE); out_uint16_le(s, RDP_CAPLEN_BRUSHCACHE); out_uint32_le(s, 1); /* cache type */ } static uint8 caps_0x0d[] = { 0x01, 0x00, 0x00, 0x00, 0x09, 0x04, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static uint8 caps_0x0c[] = { 0x01, 0x00, 0x00, 0x00 }; static uint8 caps_0x0e[] = { 0x01, 0x00, 0x00, 0x00 }; static uint8 caps_0x10[] = { 0xFE, 0x00, 0x04, 0x00, 0xFE, 0x00, 0x04, 0x00, 0xFE, 0x00, 0x08, 0x00, 0xFE, 0x00, 0x08, 0x00, 0xFE, 0x00, 0x10, 0x00, 0xFE, 0x00, 0x20, 0x00, 0xFE, 0x00, 0x40, 0x00, 0xFE, 0x00, 0x80, 0x00, 0xFE, 0x00, 0x00, 0x01, 0x40, 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00 }; /* Output unknown capability sets */ static void rdp_out_unknown_caps(STREAM s, uint16 id, uint16 length, uint8 * caps) { out_uint16_le(s, id); out_uint16_le(s, length); out_uint8p(s, caps, length - 4); } #define RDP5_FLAG 0x0030 /* Send a confirm active PDU */ static void rdp_send_confirm_active(void) { STREAM s; uint32 sec_flags = g_encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG; uint16 caplen = RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER + RDP_CAPLEN_COLCACHE + RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL + RDP_CAPLEN_SHARE + RDP_CAPLEN_BRUSHCACHE + 0x58 + 0x08 + 0x08 + 0x34 /* unknown caps */ + 4 /* w2k fix, sessionid */ ; if (g_use_rdp5) { caplen += RDP_CAPLEN_BMPCACHE2; caplen += RDP_CAPLEN_NEWPOINTER; } else { caplen += RDP_CAPLEN_BMPCACHE; caplen += RDP_CAPLEN_POINTER; } s = sec_init(sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE)); out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE)); out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10)); /* Version 1 */ out_uint16_le(s, (g_mcs_userid + 1001)); out_uint32_le(s, g_rdp_shareid); out_uint16_le(s, 0x3ea); /* userid */ out_uint16_le(s, sizeof(RDP_SOURCE)); out_uint16_le(s, caplen); out_uint8p(s, RDP_SOURCE, sizeof(RDP_SOURCE)); out_uint16_le(s, 0xe); /* num_caps */ out_uint8s(s, 2); /* pad */ rdp_out_general_caps(s); rdp_out_bitmap_caps(s); rdp_out_order_caps(s); if (g_use_rdp5) { rdp_out_bmpcache2_caps(s); rdp_out_newpointer_caps(s); } else { rdp_out_bmpcache_caps(s); rdp_out_pointer_caps(s); } rdp_out_colcache_caps(s); rdp_out_activate_caps(s); rdp_out_control_caps(s); rdp_out_share_caps(s); rdp_out_brushcache_caps(s); rdp_out_unknown_caps(s, 0x0d, 0x58, caps_0x0d); /* CAPSTYPE_INPUT */ rdp_out_unknown_caps(s, 0x0c, 0x08, caps_0x0c); /* CAPSTYPE_SOUND */ rdp_out_unknown_caps(s, 0x0e, 0x08, caps_0x0e); /* CAPSTYPE_FONT */ rdp_out_unknown_caps(s, 0x10, 0x34, caps_0x10); /* CAPSTYPE_GLYPHCACHE */ s_mark_end(s); sec_send(s, sec_flags); } /* Process a general capability set */ static void rdp_process_general_caps(STREAM s) { uint16 pad2octetsB; /* rdp5 flags? */ in_uint8s(s, 10); in_uint16_le(s, pad2octetsB); if (!pad2octetsB) g_use_rdp5 = False; } /* Process a bitmap capability set */ static void rdp_process_bitmap_caps(STREAM s) { uint16 width, height, depth; in_uint16_le(s, depth); in_uint8s(s, 6); in_uint16_le(s, width); in_uint16_le(s, height); DEBUG(("setting desktop size and depth to: %dx%dx%d\n", width, height, depth)); } /* Process server capabilities */ static void rdp_process_server_caps(STREAM s, uint16 length) { int n; uint8 *next, *start; uint16 ncapsets, capset_type, capset_length; start = s->p; in_uint16_le(s, ncapsets); in_uint8s(s, 2); /* pad */ for (n = 0; n < ncapsets; n++) { if (s->p > start + length) return; in_uint16_le(s, capset_type); in_uint16_le(s, capset_length); next = s->p + capset_length - 4; switch (capset_type) { case RDP_CAPSET_GENERAL: rdp_process_general_caps(s); break; case RDP_CAPSET_BITMAP: rdp_process_bitmap_caps(s); break; } s->p = next; } } /* Respond to a demand active PDU */ static void process_demand_active(STREAM s) { uint8 type; uint16 len_src_descriptor, len_combined_caps; in_uint32_le(s, g_rdp_shareid); in_uint16_le(s, len_src_descriptor); in_uint16_le(s, len_combined_caps); in_uint8s(s, len_src_descriptor); DEBUG(("DEMAND_ACTIVE(id=0x%x)\n", g_rdp_shareid)); rdp_process_server_caps(s, len_combined_caps); rdp_send_confirm_active(); rdp_send_synchronise(); rdp_send_control(RDP_CTL_COOPERATE); rdp_send_control(RDP_CTL_REQUEST_CONTROL); rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ rdp_recv(&type); /* RDP_CTL_COOPERATE */ rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ rdp_send_input(0, 0, 0, 0, 0); /* RDP_INPUT_SYNCHRONIZE */ // here? XXX TODO BUGFIX if (g_use_rdp5) { rdp_send_fonts(3); } else { rdp_send_fonts(1); rdp_send_fonts(2); } rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 (Fonts?) */ reset_order_state(); } /* Process an update PDU */ static void process_update_pdu(STREAM s) { uint16 update_type, count; in_uint16_le(s, update_type); //ui_begin_update(); switch (update_type) { case RDP_UPDATE_ORDERS: in_uint8s(s, 2); /* pad */ in_uint16_le(s, count); in_uint8s(s, 2); /* pad */ process_orders(s, count); break; case RDP_UPDATE_BITMAP: //process_bitmap_updates(s); break; case RDP_UPDATE_PALETTE: //process_palette(s); break; case RDP_UPDATE_SYNCHRONIZE: break; default: unimpl("update %d\n", update_type); } } /* Process a disconnect PDU */ void process_disconnect_pdu(STREAM s, uint32 * ext_disc_reason) { in_uint32_le(s, *ext_disc_reason); DEBUG(("Received disconnect PDU\n")); } /* Process data PDU */ static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason) { uint8 data_pdu_type; uint8 ctype; uint16 clen; uint32 len; in_uint8s(s, 6); /* shareid, pad, streamid */ in_uint16_le(s, len); in_uint8(s, data_pdu_type); in_uint8(s, ctype); in_uint16_le(s, clen); clen -= 18; switch (data_pdu_type) { case RDP_DATA_PDU_UPDATE: process_update_pdu(s); break; case RDP_DATA_PDU_CONTROL: DEBUG(("Received Control PDU\n")); break; case RDP_DATA_PDU_SYNCHRONISE: DEBUG(("Received Sync PDU\n")); break; case RDP_DATA_PDU_POINTER: //process_pointer_pdu(s); break; case RDP_DATA_PDU_BELL: //ui_bell(); break; case RDP_DATA_PDU_LOGON: DEBUG(("Received Logon PDU\n")); /* User logged on */ login_result = LOGIN_SUCC; return 1; break; case RDP_DATA_PDU_DISCONNECT: process_disconnect_pdu(s, ext_disc_reason); /* We used to return true and disconnect immediately here, but * Windows Vista sends a disconnect PDU with reason 0 when * reconnecting to a disconnected session, and MSTSC doesn't * drop the connection. I think we should just save the status. */ break; default: unimpl("data PDU %d\n", data_pdu_type); } return False; } #endif int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-redis.c0000644000175000010010000000573212441064454013453 0ustar marcNone#include "hydra-mod.h" extern char *HYDRA_EXIT; char *buf; int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *pass, buffer[510]; char *empty = ""; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; sprintf(buffer, "AUTH %.250s\r\n", pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); if (buf[0] == '+') { hydra_report_found_host(port, ip, "redis", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } if (verbose > 1) hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); hydra_completed_pair(); free(buf); return 1; } void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { int run = 1, next_run = 1, sock = -1; int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) hydra_child_exit(0); while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } usleep(250); next_run = 2; break; case 2: /* run the cracking function */ next_run = start_redis(sock, ip, port, options, miscptr, fp); break; case 3: /* error exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { service_redis_core(ip, sp, options, miscptr, fp, port, 0); } int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-rexec.c0000644000175000010010000000571412441064454013453 0ustar marcNone#include "hydra-mod.h" // no memleaks found on 110425 #define COMMAND "/bin/ls /" extern char *HYDRA_EXIT; char *buf; int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; int ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; memset(buffer2, 0, sizeof(buffer2)); bptr++; strcpy(bptr, login); bptr += 1 + strlen(login); strcpy(bptr, pass); bptr += 1 + strlen(pass); strcpy(bptr, COMMAND); if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(pass) + strlen(COMMAND), 0) < 0) { return 1; } ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if (ret > 0 && buffer[0] == 0) { hydra_report_found_host(port, ip, "rexec", fp); hydra_completed_pair_found(); } else hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_rexec(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-rlogin.c0000644000175000010010000001046612441064454013637 0ustar marcNone#include "hydra-mod.h" /* RFC 1258 client have to use port from 512 -> 1023 or server is denying the connection no memleaks found on 110425 */ #define TERM "vt100/9600" extern char *HYDRA_EXIT; char *buf; int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; int ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; memset(buffer2, 0, sizeof(buffer2)); bptr++; strcpy(bptr, login); bptr += 1 + strlen(login); strcpy(bptr, login); bptr += 1 + strlen(login); strcpy(bptr, TERM); if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) { return 4; } buffer[0] = 0; if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) buffer[ret] = 0; /* 0x00 is sent but hydra_recv transformed it */ if (strlen(buffer) == 0) { ret = hydra_recv(s, buffer, sizeof(buffer) - 1); } if (ret >= 0) buffer[ret] = 0; if (ret > 0 && (strstr(buffer, "rlogind:") != NULL)) return 1; if (ret > 0 && (strstr(buffer, "ssword") != NULL)) { if (strlen((pass = hydra_get_next_password())) == 0) pass = empty; sprintf(buffer2, "%s\r", pass); if (hydra_send(s, buffer2, 1 + strlen(pass), 0) < 0) { return 1; } memset(buffer, 0, sizeof(buffer)); ret = hydra_recv(s, buffer, sizeof(buffer)); if (strcmp(buffer, "\r\n")) ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if (ret >= 0) buffer[ret] = 0; } /* Authentication failure */ if (ret > 0 && (strstr(buffer, "ssword") == NULL)) { #ifdef HAVE_PCRE if (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)")) { #else /* check for failure and incorrect msg */ if ((strstr(buffer, "ailure") == NULL) && (strstr(buffer, "ncorrect") == NULL) && (strstr(buffer, "denied") == NULL)) { #endif hydra_report_found_host(port, ip, "rlogin", fp); hydra_completed_pair_found(); } else { hydra_completed_pair(); } } else { /* if password is asked a second time, it means the pass we provided is wrong */ hydra_completed_pair(); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { /* 512 -> 1023 */ hydra_set_srcport(1023); if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_rlogin(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-rsh.c0000644000175000010010000000663412441064454013143 0ustar marcNone#include "hydra-mod.h" #define COMMAND "/bin/ls /" /* password is not used here, just try to find rsh accounts you should use -p '' no memleaks found on 110425 */ extern char *HYDRA_EXIT; char *buf; int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, buffer[300] = "", buffer2[100], *bptr = buffer2; int ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; memset(buffer2, 0, sizeof(buffer2)); bptr++; strcpy(bptr, login); bptr += 1 + strlen(login); strcpy(bptr, login); bptr += 1 + strlen(login); strcpy(bptr, COMMAND); if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(COMMAND), 0) < 0) { return 4; } buffer[0] = 0; if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) buffer[ret] = 0; /* 0x00 is sent but hydra_recv transformed it */ if (strlen(buffer) == 0) ret = hydra_recv(s, buffer, sizeof(buffer) - 1); if (ret >= 0) buffer[ret] = 0; #ifdef HAVE_PCRE if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { #else if (ret > 0 && (strstr(buffer, "ailure") == NULL) && (strstr(buffer, "ncorrect") == NULL) && (strstr(buffer, "denied") == NULL)) { #endif hydra_report_found_host(port, ip, "rsh", fp); hydra_completed_pair_found(); } else { hydra_completed_pair(); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_RSH, mysslport = PORT_RSH_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { next_run = 0; switch (run) { case 1: /* connect and service init function */ { hydra_set_srcport(1023); if (sock >= 0) sock = hydra_disconnect(sock); // usleep(275000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; } case 2: /* run the cracking function */ next_run = start_rsh(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-s7-300.c0000644000175000010010000002135612441064454013176 0ustar marcNone// submitted by Alexander Timorin and Sergey Gordeychik #include "hydra-mod.h" #define S7PASSLEN 8 extern char *HYDRA_EXIT; unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a"; unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0"; unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04"; unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass, buffer[1024]; char context[S7PASSLEN + 1]; unsigned char encoded_password[S7PASSLEN]; char *spaces = " "; int ret = -1; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; // prepare password memset(context, 0, sizeof(context)); if (strlen(pass) < S7PASSLEN) { strncpy(context, pass, strlen(pass)); strncat(context, spaces, S7PASSLEN - strlen(pass)); } else { strncpy(context, pass, S7PASSLEN); } // encode password encoded_password[0] = context[0] ^ 0x55; encoded_password[1] = context[1] ^ 0x55; int i; for (i = 2; i < S7PASSLEN; i++) { encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55; } // send p_cotp and check first 2 bytes of answer if (hydra_send(s, (char *) p_cotp, 22, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); if (ret <= 0) return 3; if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) return 3; // send p_s7_negotiate_pdu and check first 2 bytes of answer if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); if (ret <= 0) return 3; if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) return 3; // send p_s7_read_szl and check first 2 bytes of answer if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); if (ret <= 0) return 3; if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) return 3; // so now add encoded_password to p_s7_password_request and send memset(buffer, 0, sizeof(buffer)); memcpy(buffer, p_s7_password_request, 29); memcpy(buffer + 29, encoded_password, S7PASSLEN); if (hydra_send(s, buffer, 29 + S7PASSLEN, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); if (ret <= 0) return 3; // now check answer // 0x0000 - valid password // 0xd605 - no password // 0xd602 - wrong password if (ret > 30) { if (buffer[27] == '\x00' && buffer[28] == '\x00') { hydra_report_found_host(port, ip, "s7-300", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } if (buffer[27] == '\xd6' && buffer[28] == '\x05') { //hydra_report_found_host(port, ip, "s7-300", fp); hydra_completed_pair_found(); hydra_report(stderr, "[INFO] No password protection enabled\n"); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } } hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int s7port = PORT_S7_300; if (port != 0) s7port = port; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ sock = hydra_connect_tcp(ip, s7port); if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp); sock = hydra_disconnect(sock); break; case 2: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // 1 skip target without generating an error // 2 skip target because of protocol problems // 3 skip target because its unreachable int sock = -1; int s7port = PORT_S7_300; char *empty = ""; char *pass, buffer[1024]; char context[S7PASSLEN + 1]; unsigned char encoded_password[S7PASSLEN]; char *spaces = " "; int ret = -1; int i; if (port != 0) s7port = port; if (debug || verbose) printf("[INFO] Checking authentication setup...\n"); sock = hydra_connect_tcp(ip, s7port); if (sock < 0) { hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", s7port); return 2; } pass = empty; // prepare password memset(context, 0, sizeof(context)); strncat(context, spaces, S7PASSLEN - strlen(pass)); // encode password encoded_password[0] = context[0] ^ 0x55; encoded_password[1] = context[1] ^ 0x55; for (i = 2; i < S7PASSLEN; i++) { encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55; } // send p_cotp and check first 2 bytes of answer if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service\n"); return 3; } memset(buffer, 0, sizeof(buffer)); if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { fprintf(stderr, "[ERROR] did not received data from the service\n"); return 3; } if (ret < 2 || (buffer[0] != 0x03 && buffer[1] != 0x00)) { fprintf(stderr, "[ERROR] invalid reply to init packet\n"); return 3; } // send p_s7_negotiate_pdu and check first 2 bytes of answer if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (2)\n"); return 3; } memset(buffer, 0, sizeof(buffer)); if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { fprintf(stderr, "[ERROR] did not received data from the service (2)\n"); return 3; } if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) { fprintf(stderr, "[ERROR] invalid reply to init packet (2)\n"); return 3; } // send p_s7_read_szl and check first 2 bytes of answer if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (3)\n"); return 3; } memset(buffer, 0, sizeof(buffer)); if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) >= 0) { fprintf(stderr, "[ERROR] did not received data from the service (3)\n"); return 3; } if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) { fprintf(stderr, "[ERROR] invalid reply to init packet (3)\n"); return 3; } // so now add encoded_password to p_s7_password_request and send memset(buffer, 0, sizeof(buffer)); memcpy(buffer, p_s7_password_request, 29); memcpy(buffer + 29, encoded_password, S7PASSLEN); if (hydra_send(sock, buffer, 29 + S7PASSLEN, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (4)\n"); return 3; } memset(buffer, 0, sizeof(buffer)); if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { fprintf(stderr, "[ERROR] did not received data from the service (4)\n"); return 3; } // now check answer // 0x0000 - valid password // 0xd605 - no password // 0xd602 - wrong password if (ret > 30) { if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) { hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n"); return 1; } } sock = hydra_disconnect(sock); return 0; } hydra-8.1/hydra-sapr3.c0000644000175000010010000000733512441064454013376 0ustar marcNone#include "hydra-mod.h" // checked for memleaks on 110425, none found #ifndef LIBSAPR3 void dummy_sapr3() { printf("\n"); } #else #include #include /* temporary workaround fix */ const int *__ctype_tolower; const int *__ctype_toupper; const int *__ctype_b; extern void flood(); /* for -lm */ extern char *HYDRA_EXIT; RFC_ERROR_INFO_EX error_info; int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { RFC_HANDLE handle; char *empty = ""; char *login, *pass, buffer[1024]; char *buf; int i; int sysnr = port % 100; char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0"; // char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y"; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; if (strlen(login) > 0) for (i = 0; i < strlen(login); i++) login[i] = (char) toupper(login[i]); if (strlen(pass) > 0) for (i = 0; i < strlen(pass); i++) pass[i] = (char) toupper(pass[i]); memset(buffer, 0, sizeof(buffer)); memset(&error_info, 0, sizeof(error_info)); //strcpy(buf, "mvse001"); snprintf(buffer, sizeof(buffer), "ASHOST=%s SYSNR=%02d CLIENT=%03d USER=\"%s\" PASSWD=\"%s\" LANG=DE %s", hydra_address2string(ip), sysnr, atoi(miscptr), login, pass, opts); /* USER=SAPCPIC PASSWORD=admin USER=SAP* PASSWORD=PASS ## do we need these options? SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N ASHOST= // IP SYSNR= // port - 3200, scale 2 CLIENT= // miscptr, scale 2 ABAP_DEBUG=0 USER= PASSWD= LANG=DE */ //printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); handle = RfcOpenEx(buffer, &error_info); //printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message); if (handle <= RFC_HANDLE_NULL) return 3; if (strstr(error_info.message, "sapgui") != NULL || strlen(error_info.message) == 0) { hydra_report_found_host(port, ip, "sapr3", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } else { if (strstr(error_info.key, "ERROR_COMMUNICATION") != NULL) { /* sysnr does not exist, report as port closed */ return 3; } hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; } return 1; } void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ next_run = start_sapr3(sock, ip, port, options, miscptr, fp); break; case 2: hydra_child_exit(0); case 3: /* clean exit */ fprintf(stderr, "[ERROR] could not connect to target port %d\n", port); hydra_child_exit(1); case 4: hydra_child_exit(2); default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } #endif int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-sip.c0000644000175000010010000002063312441064454013135 0ustar marcNone /* simple sip digest auth (md5) module 2009/02/19 * written by gh0st 2005 * modified by Jean-Baptiste Aviat - should * work now, but only with -T 1 * * 05042011 david: modified to use sasl lib */ #ifndef LIBOPENSSL #include void dummy_sip() { printf("\n"); } #else #include "sasl.h" #include "hydra-mod.h" extern int hydra_data_ready_timed(int socket, long sec, long usec); char external_ip_addr[17] = ""; char *get_iface_ip(unsigned long int ip); int cseq; extern char *HYDRA_EXIT; #define SIP_MAX_BUF 1024 void empty_register(char *buf, char *host, char *lhost, int port, int lport, char *user) { memset(buf, 0, SIP_MAX_BUF); snprintf(buf, SIP_MAX_BUF, "REGISTER sip:%s SIP/2.0\r\n" "Via: SIP/2.0/UDP %s:%i\r\n" "From: \r\n" "To: \r\n" "Call-ID: 1337@%s\r\n" "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", host, lhost, lport, user, host, user, host, host, cseq); } int get_sip_code(char *buf) { int code; char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF]; if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3) return -1; return code; } int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char options, char *miscptr, FILE * fp) { char *login, *pass, *host, buffer[SIP_MAX_BUF]; int i; char buf[SIP_MAX_BUF]; if (strlen(login = hydra_get_next_login()) == 0) login = NULL; if (strlen(pass = hydra_get_next_password()) == 0) pass = NULL; if (external_ip_addr[0]) lip = external_ip_addr; host = miscptr; cseq = 1; empty_register(buffer, host, lip, port, lport, login); cseq++; if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; } int has_sip_cred = 0; int try = 0; /* We have to check many times because server may begin to send "100 Trying" * before "401 Unauthorized" */ while (try < 2 && !has_sip_cred) { try++; if (hydra_data_ready_timed(s, 3, 0) > 0) { i = hydra_recv(s, (char *) buf, sizeof(buf) - 1); if (i > 0) buf[i] = '\0'; if (strncmp(buf, "SIP/2.0 404", 11) == 0) { hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login); return 2; } if (strncmp(buf, "SIP/2.0 606", 11) == 0) { char *ptr = NULL; int i = 0; // if we already tried to connect, exit if (external_ip_addr[0]) { hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n"); return 2; } if (verbose) hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n" "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n"); /* SIP/2.0 606 Not Acceptable Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "Via: SIP.*received=")) { ptr = strstr(buf, "received="); #else if ((ptr = strstr(buf, "received="))) { #endif strncpy(external_ip_addr, ptr + strlen("received="), sizeof(external_ip_addr)); external_ip_addr[sizeof(external_ip_addr) - 1] = '\0'; for (i = 0; i < strlen(external_ip_addr); i++) { if (external_ip_addr[i] <= 32) { external_ip_addr[i] = '\0'; } } if (verbose) hydra_report(stderr, "[VERBOSE] Will reconnect using external IP address %s\n", external_ip_addr); return 1; } hydra_report(stderr, "[ERROR] Could not find external IP address in server answer\n"); return 2; } } } if (!strstr(buf, "WWW-Authenticate: Digest")) { hydra_report(stderr, "[ERROR] no www-authenticate header found!\n"); return -1; } if (debug) hydra_report(stderr, "[INFO] S: %s\n", buf); char buffer2[512]; sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); memset(buffer, 0, SIP_MAX_BUF); snprintf(buffer, SIP_MAX_BUF, "REGISTER sip:%s SIP/2.0\n" "Via: SIP/2.0/UDP %s:%i\n" "From: \n" "To: \n" "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); cseq++; if (debug) hydra_report(stderr, "[INFO] C: %s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; } try = 0; int has_resp = 0; int sip_code = 0; while (try < 2 && !has_resp) { try++; if (hydra_data_ready_timed(s, 5, 0) > 0) { memset(buf, 0, sizeof(buf)); if ((i = hydra_recv(s, (char *) buf, sizeof(buf) - 1)) >= 0) buf[i] = 0; if (debug) hydra_report(stderr, "[INFO] S: %s\n", buf); sip_code = get_sip_code(buf); if (sip_code >= 200 && sip_code < 300) { hydra_report_found_host(port, ip, "sip", fp); hydra_completed_pair_found(); has_resp = 1; } if (sip_code >= 400 && sip_code < 500) { has_resp = 1; } } } hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_SIP, mysslport = PORT_SIP_SSL; char *lip = get_iface_ip((int) *(&ip[1])); hydra_register_socket(sp); // FIXME IPV6 if (ip[0] != 4) { fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n"); hydra_child_exit(2); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) run = 3; int lport = 0; while (1) { switch (run) { case 1: if (sock < 0) { if (port != 0) myport = port; lport = rand() % (65535 - 1024) + 1024; hydra_set_srcport(lport); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_udp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); free(lip); hydra_child_exit(1); } } next_run = start_sip(sock, ip, lip, port, lport, options, miscptr, fp); break; case 2: if (sock >= 0) sock = hydra_disconnect(sock); free(lip); hydra_child_exit(2); break; case 3: if (sock >= 0) sock = hydra_disconnect(sock); free(lip); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); free(lip); hydra_child_exit(2); } run = next_run; } } char *get_iface_ip(unsigned long int ip) { int sfd; sfd = socket(AF_INET, SOCK_DGRAM, 0); struct sockaddr_in tparamet; tparamet.sin_family = AF_INET; tparamet.sin_port = htons(2000); tparamet.sin_addr.s_addr = ip; if (connect(sfd, (const struct sockaddr *) &tparamet, sizeof(struct sockaddr_in))) { perror("connect"); close(sfd); return NULL; } struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in)); int size = sizeof(struct sockaddr_in); if (getsockname(sfd, (void *) local, (socklen_t *) & size)) { perror("getsockname"); close(sfd); free(local); return NULL; } close(sfd); char buff[32]; if (!inet_ntop(AF_INET, (void *) &local->sin_addr, buff, 32)) { perror("inet_ntop"); free(local); return NULL; } char *str = malloc(sizeof(char) * (strlen(buff) + 1)); strcpy(str, buff); free(local); return str; } #endif int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-smb.c0000644000175000010010000014513612441064460013126 0ustar marcNone#include "hydra-mod.h" #ifndef LIBOPENSSL void dummy_smb() { printf("\n"); } #else #include #include #include "hmacmd5.h" #include "sasl.h" // FIXME XXX BUG: several malloc()s without return code checking /* http://technet.microsoft.com/en-us/library/cc960646.aspx Most of the new code comes from Medusa smbnt module ------------------------------------------------------------------------ Copyright (C) 2009 Joe Mondloch JoMo-Kun / jmk@foofus.net This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2, as published by the Free Software Foundation This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. http://www.gnu.org/licenses/gpl.txt This program is released under the GPL with the additional exemption that compiling, linking, and/or using OpenSSL is allowed. ------------------------------------------------------------------------ Based on code from: SMB Auditing Tool [Copyright (C) Patrik Karlsson 2001] This code allows Hydra to directly test NTLM hashes against a Windows. This may be useful for an auditor who has aquired a sam._ or pwdump file and would like to quickly determine which are valid entries. This module can also be used to test SMB passwords against devices that do not allow clear text LanMan passwords. The "-m 'METHOD'" option is required for this module. The following are valid methods: Local, Domain, Hash, Machine, NTLMV2, NTLM, LMV2, LM (in quotes). Local == Check local account. Domain == Check credentials against this hosts primary domain controller via this host. Hash == Use a NTLM hash rather than a password. Machine == Use the Machine's NetBIOS name as the password. NTLMV2, NTLM, LMV2, LM == set the dialect Be careful of mass domain account lockout with this. For example, assume you are checking several accounts against many domain workstations. If you are not using the 'L' options and these accounts do not exist locally on the workstations, each workstation will in turn check their respective domain controller. This could cause a bunch of lockouts. Of course, it'd look like the workstations, not you, were doing it. ;) **FYI, this code is unable to test accounts on default XP hosts which are not part of a domain and do not have normal file sharing enabled. Default XP does not allow shares and returns STATUS_LOGON_FAILED for both valid and invalid credentials. XP with simple sharing enabled returns SUCCESS for both valid and invalid credentials. If anyone knows a way to test in these configurations... */ #define WIN2000_NATIVEMODE 1 #define WIN_NETBIOSMODE 2 #define PLAINTEXT 10 #define ENCRYPTED 11 #ifndef CHAR_BIT #define CHAR_BIT 8 #endif #ifndef TIME_T_MIN #define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \ : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1)) #endif #ifndef TIME_T_MAX #define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) #endif #define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */ #define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((unsigned int)(val)) #define TIME_FIXUP_CONSTANT_INT 11644473600LL extern char *HYDRA_EXIT; static unsigned char challenge[8]; static unsigned char workgroup[16]; static unsigned char domain[16]; static unsigned char machine_name[16]; int hashFlag, accntFlag, protoFlag; int smb_auth_mechanism = AUTH_NTLM; int security_mode = ENCRYPTED; static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, int outsize) { int i=0,j=0; unsigned long int ch; if (debug) { hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); hydra_dump_asciihex(in, insize); } for (i = 0; i < insize; i++) { if (in[i] < 128) { // one byte out[j] = in[i]; out[j+1] = 0; j=j+2; } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes out[j+1] = 0x07 & (in[i] >> 2); out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i+1]); j=j+2; i=i+1; } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes out[j] = (0xc0 & (in[i+1] << 6)) | (0x3f & in[i+2]); out[j+1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i+1] >> 2)); j=j+2; i=i+2; } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i+1]) << 12) + ((0x3f & in[i+2]) << 6) + (0x3f & in[i+3])- 0x10000; out[j] = (ch >> 10) & 0xff; out[j+1] = 0xd8 | ((ch >> 18) & 0xff); out[j+2] = ch & 0xff; out[j+3] = 0xdc | ((ch >> 8) & 0x3 ); j=j+4; i=i+3; } if ( j-2 > outsize) break; } if (debug) { hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); hydra_dump_asciihex(out,j); } return j; } static unsigned char Get7Bits(unsigned char *input, int startBit) { register unsigned int word; word = (unsigned) input[startBit / 8] << 8; word |= (unsigned) input[startBit / 8 + 1]; word >>= 15 - (startBit % 8 + 7); return word & 0xFE; } /* Make the key */ static void MakeKey(unsigned char *key, unsigned char *des_key) { des_key[0] = Get7Bits(key, 0); des_key[1] = Get7Bits(key, 7); des_key[2] = Get7Bits(key, 14); des_key[3] = Get7Bits(key, 21); des_key[4] = Get7Bits(key, 28); des_key[5] = Get7Bits(key, 35); des_key[6] = Get7Bits(key, 42); des_key[7] = Get7Bits(key, 49); des_set_odd_parity((des_cblock *) des_key); } /* Do the DesEncryption */ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) { des_cblock des_key; des_key_schedule key_schedule; MakeKey(key, des_key); des_set_key(&des_key, key_schedule); des_ecb_encrypt((des_cblock *) clear, (des_cblock *) cipher, key_schedule, 1); } /* HashLM Function: Create a LM hash from the challenge Variables: lmhash = the hash created from this function pass = users password challenge = the challenge recieved from the server */ int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; unsigned char password[14 + 1]; unsigned char lm_hash[21]; unsigned char lm_response[24]; int i = 0, j = 0; unsigned char *p = NULL; char HexChar; int HexValue; memset(password, 0, 14 + 1); memset(lm_hash, 0, 21); memset(lm_response, 0, 24); /* Use LM Hash instead of password */ /* D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ if (hashFlag == 1) { p = pass; while ((*p != '\0') && (i < 1)) { if (*p == ':') i++; p++; } if (*p == '\0') { hydra_report(stderr, "[ERROR] Reading PwDump file.\n"); return -1; } else if (*p == 'N') { if (verbose) hydra_report(stderr, "[VERBOSE] Found \"NO PASSWORD\" for LM Hash.\n"); /* Generate 16-byte LM hash */ DesEncrypt(magic, &password[0], &lm_hash[0]); DesEncrypt(magic, &password[7], &lm_hash[8]); } else { if (verbose) hydra_report(stderr, "[VERBOSE] Convert ASCII PwDump LM Hash (%s).\n", p); for (i = 0; i < 16; i++) { HexValue = 0x0; for (j = 0; j < 2; j++) { HexChar = (char) p[2 * i + j]; if (HexChar > 0x39) HexChar = HexChar | 0x20; /* convert upper case to lower */ if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ hydra_report(stderr, "[ERROR] Invalid char (%c) for hash.\n", HexChar); HexChar = 0x30; } HexChar -= 0x30; if (HexChar > 0x09) /* HexChar is "a" - "f" */ HexChar -= 0x27; HexValue = (HexValue << 4) | (char) HexChar; } lm_hash[i] = (unsigned char) HexValue; } } } else { /* Password == Machine Name */ if (hashFlag == 2) { for (i = 0; i < 16; i++) { if (machine_name[i] > 0x39) machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ pass = machine_name; } } /* convert lower case characters to upper case */ strncpy((char *) password, (char *) pass, 14); for (i = 0; i < 14; i++) { if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ password[i] -= 0x20; } /* Generate 16-byte LM hash */ DesEncrypt(magic, &password[0], &lm_hash[0]); DesEncrypt(magic, &password[7], &lm_hash[8]); } /* NULL-pad 16-byte LM hash to 21-bytes Split resultant value into three 7-byte thirds DES-encrypt challenge using each third as a key Concatenate three 8-byte resulting values to form 24-byte LM response */ DesEncrypt(challenge, &lm_hash[0], &lm_response[0]); DesEncrypt(challenge, &lm_hash[7], &lm_response[8]); DesEncrypt(challenge, &lm_hash[14], &lm_response[16]); memcpy(*lmhash, lm_response, 24); return 0; } /* MakeNTLM Function: Create a NTLM hash from the password */ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { MD4_CTX md4Context; unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ int i = 0, j = 0; int mdlen; unsigned char *p = NULL; char HexChar; int HexValue; /* Use NTLM Hash instead of password */ if (hashFlag == 1) { /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ p = pass; while ((*p != '\0') && (i < 1)) { if (*p == ':') i++; p++; } if (*p == '\0') { hydra_report(stderr, "[ERROR] reading PWDUMP file.\n"); return -1; } for (i = 0; i < 16; i++) { HexValue = 0x0; for (j = 0; j < 2; j++) { HexChar = (char) p[2 * i + j]; if (HexChar > 0x39) HexChar = HexChar | 0x20; /* convert upper case to lower */ if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ /* * fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); * hydra_child_exit(0); */ HexChar = 0x30; } HexChar -= 0x30; if (HexChar > 0x09) /* HexChar is "a" - "f" */ HexChar -= 0x27; HexValue = (HexValue << 4) | (char) HexChar; } hash[i] = (unsigned char) HexValue; } } else { /* Password == Machine Name */ if (hashFlag == 2) { for (i = 0; i < 16; i++) { if (machine_name[i] > 0x39) machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ pass = machine_name; } } /* Initialize the Unicode version of the secret (== password). */ /* This implicitly supports most UTF8 characters. */ j = UTF8_UTF16LE(pass, strlen((char *) pass), unicodePassword, sizeof(unicodePassword)); mdlen = j; /* length in bytes */ MD4_Init(&md4Context); MD4_Update(&md4Context, unicodePassword, mdlen); MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ } memcpy(ntlmhash, hash, 16); return 0; } /* HashLMv2 This function implements the LMv2 response algorithm. The LMv2 response is used to provide pass-through authentication compatibility with older servers. The response is based on the NTLM password hash and is exactly 24 bytes. The below code is based heavily on the following resources: http://davenport.sourceforge.net/ntlm.html#theLmv2Response samba-3.0.28a - libsmb/smbencrypt.c jcifs - packet capture of LMv2-only connection */ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) { unsigned char ntlm_hash[16]; unsigned char lmv2_response[24]; unsigned char unicodeUsername[20 * 2]; unsigned char unicodeTarget[256 * 2]; HMACMD5Context ctx; unsigned char kr_buf[16]; int ret, i; unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; memset(ntlm_hash, 0, 16); memset(lmv2_response, 0, 24); memset(kr_buf, 0, 16); /* --- HMAC #1 Caculations --- */ /* Calculate and set NTLM password hash */ ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); if (ret == -1) return -1; /* The Unicode uppercase username is concatenated with the Unicode authentication target (the domain or server name specified in the Target Name field of the Type 3 message). Note that this calculation always uses the Unicode representation, even if OEM encoding has been negotiated; also note that the username is converted to uppercase, while the authentication target is case-sensitive and must match the case presented in the Target Name field. The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the NTLMv2 hash. */ /* Initialize the Unicode version of the username and target. */ /* This implicitly supports 8-bit ISO8859/1 characters. */ /* convert lower case characters to upper case */ bzero(unicodeUsername, sizeof(unicodeUsername)); for (i = 0; i < strlen((char *) szLogin); i++) { if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; else unicodeUsername[i * 2] = (unsigned char) szLogin[i]; } bzero(unicodeTarget, sizeof(unicodeTarget)); for (i = 0; i < strlen((char *) workgroup); i++) unicodeTarget[i * 2] = (unsigned char) workgroup[i]; hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); hmac_md5_final(kr_buf, &ctx); /* --- HMAC #2 Calculations --- */ /* The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash (calculated above) as the key. This results in a 16-byte output value. */ hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); hmac_md5_update((const unsigned char *) challenge, 8, &ctx); hmac_md5_update(client_challenge, 8, &ctx); hmac_md5_final(lmv2_response, &ctx); /* --- 24-byte LMv2 Response Complete --- */ if ((*LMv2hash = malloc(24)) == NULL) return -1; memset(*LMv2hash, 0, 24); memcpy(*LMv2hash, lmv2_response, 16); memcpy(*LMv2hash + 16, client_challenge, 8); return 0; } /* HashNTLMv2 This function implements the NTLMv2 response algorithm. Support for this algorithm was added with Microsoft Windows with NT 4.0 SP4. It should be noted that code doesn't currently work with Microsoft Vista. While NTLMv2 authentication with Samba and Windows 2003 functions as expected, Vista systems respond with the oh-so-helpful "INVALID_PARAMETER" error code. LMv2-only authentication appears to work against Vista in cases where LM and NTLM are refused. The below code is based heavily on the following two resources: http://davenport.sourceforge.net/ntlm.html#theNtlmv2Response samba-3.0.28 - libsmb/smbencrypt.c NTLMv2 network authentication is required when attempting to authenticated to a system which has the following policy enforced: GPO: "Network Security: LAN Manager authentication level" Setting: "Send NTLMv2 response only\refuse LM & NTLM" */ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) { unsigned char ntlm_hash[16]; unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2]; unsigned char unicodeUsername[20 * 2]; unsigned char unicodeTarget[256 * 2]; HMACMD5Context ctx; unsigned char kr_buf[16]; int ret, i, iTargetLen; unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; /* -- Example NTLMv2 Response Data -- [0] HMAC: (16 bytes) [16] Header: Blob Signature [01 01 00 00] (4 bytes) [20] Reserved: [00 00 00 00] (4 bytes) [24] Time: Little-endian, 64-bit signed value representing the number of tenths of a microsecond since January 1, 1601. (8 bytes) [32] Client Nonce: (8 bytes) [40] Unknown: 00 00 00 00 (4 bytes) [44] Target Information (from the Type 2 message) NetBIOS domain/workgroup: Type: domain 02 00 (2 bytes) Length: 12 00 (2 bytes) Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes) End-of-list: 00 00 00 00 (4 bytes) Termination: 00 00 00 00 (4 bytes) */ iTargetLen = 2 * strlen((char *) workgroup); memset(ntlm_hash, 0, 16); memset(ntlmv2_response, 0, 56 + 20 * 2 + 256 * 2); memset(kr_buf, 0, 16); /* --- HMAC #1 Caculations --- */ /* Calculate and set NTLM password hash */ ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); if (ret == -1) return -1; /* The Unicode uppercase username is concatenated with the Unicode authentication target (the domain or server name specified in the Target Name field of the Type 3 message). Note that this calculation always uses the Unicode representation, even if OEM encoding has been negotiated; also note that the username is converted to uppercase, while the authentication target is case-sensitive and must match the case presented in the Target Name field. The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the NTLMv2 hash. */ /* Initialize the Unicode version of the username and target. */ /* This implicitly supports 8-bit ISO8859/1 characters. */ /* convert lower case characters to upper case */ bzero(unicodeUsername, sizeof(unicodeUsername)); for (i = 0; i < strlen((char *) szLogin); i++) { if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; else unicodeUsername[i * 2] = (unsigned char) szLogin[i]; } bzero(unicodeTarget, sizeof(unicodeTarget)); for (i = 0; i < strlen((char *) workgroup); i++) unicodeTarget[i * 2] = (unsigned char) workgroup[i]; hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); hmac_md5_final(kr_buf, &ctx); /* --- Blob Construction --- */ memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ memset(ntlmv2_response + 18, 0, 2); memset(ntlmv2_response + 20, 0, 4); /* Reserved */ /* Time -- Take a Unix time and convert to an NT TIME structure: Little-endian, 64-bit signed value representing the number of tenths of a microsecond since January 1, 1601. */ struct timespec ts; unsigned long long nt; ts.tv_sec = (time_t) time(NULL); ts.tv_nsec = 0; if (ts.tv_sec == 0) nt = 0; else if (ts.tv_sec == TIME_T_MAX) nt = 0x7fffffffffffffffLL; else if (ts.tv_sec == (time_t) - 1) nt = (unsigned long) -1; else { nt = ts.tv_sec; nt += TIME_FIXUP_CONSTANT_INT; nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ } SIVAL(ntlmv2_response + 24, 0, nt & 0xFFFFFFFF); SIVAL(ntlmv2_response + 24, 4, nt >> 32); /* End time calculation */ /* Set client challenge - using a non-random value in this case. */ memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ memset(ntlmv2_response + 40, 0, 4); /* Unknown */ /* Target Information Block */ /* 0x0100 Server name 0x0200 Domain name 0x0300 Fully-qualified DNS host name 0x0400 DNS domain name TODO: Need to rework negotiation code to correctly extract target information */ memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ memset(ntlmv2_response + 45, 0x00, 1); memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ memset(ntlmv2_response + 47, 0x00, 1); /* Name of domain or workgroup */ for (i = 0; i < strlen((char *) workgroup); i++) ntlmv2_response[48 + i * 2] = (unsigned char) workgroup[i]; memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ /* --- HMAC #2 Caculations --- */ /* The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash (calculated above) as the key. This results in a 16-byte output value. */ hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); hmac_md5_update(challenge, 8, &ctx); hmac_md5_update(ntlmv2_response + 16, 48 - 16 + iTargetLen + 4, &ctx); hmac_md5_final(ntlmv2_response, &ctx); *iByteCount = 48 + iTargetLen + 4; if ((*NTLMv2hash = malloc(*iByteCount)) == NULL) return -1; memset(*NTLMv2hash, 0, *iByteCount); memcpy(*NTLMv2hash, ntlmv2_response, *iByteCount); return 0; } /* HashNTLM Function: Create a NTLM hash from the challenge Variables: ntlmhash = the hash created from this function pass = users password challenge = the challenge recieved from the server */ int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { int ret; unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char p21[21]; unsigned char ntlm_response[24]; ret = MakeNTLM((unsigned char *) &hash, (unsigned char *) pass); if (ret == -1) hydra_child_exit(0); memset(p21, '\0', 21); memcpy(p21, hash, 16); DesEncrypt(challenge, p21 + 0, ntlm_response + 0); DesEncrypt(challenge, p21 + 7, ntlm_response + 8); DesEncrypt(challenge, p21 + 14, ntlm_response + 16); memcpy(*ntlmhash, ntlm_response, 24); return 0; } /* NBS Session Request Function: Request a new session from the server Returns: TRUE on success else FALSE. */ int NBSSessionRequest(int s) { char nb_name[32]; /* netbiosname */ char nb_local[32]; /* netbios localredirector */ unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 }; char *buf; unsigned char rbuf[400]; int k; /* if we are running in native mode (aka port 445) don't do netbios */ if (protoFlag == WIN2000_NATIVEMODE) return 0; /* convert computer name to netbios name */ memset(nb_name, 0, 32); memset(nb_local, 0, 32); memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ if ((buf = (char *) malloc(100)) == NULL) return -1; memset(buf, 0, 100); memcpy(buf, (char *) rqbuf, 5); memcpy(buf + 5, nb_name, 32); memcpy(buf + 37, (char *) rqbuf + 5, 2); memcpy(buf + 39, nb_local, 32); memcpy(buf + 71, (char *) rqbuf + 5, 1); hydra_send(s, buf, 72, 0); free(buf); memset(rbuf, 0, 400); k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); if (k > 0 && (rbuf[0] == 0x82)) return 0; /* success */ else return -1; /* failed */ } /* SMBNegProt Function: Negotiate protocol with server ... Actually a pseudo negotiation since the whole program counts on NTLM support :) The challenge is retrieved from the answer No error checking is performed i.e cross your fingers.... */ int SMBNegProt(int s) { unsigned char buf[] = { 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 /* 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 */ }; unsigned char rbuf[400]; unsigned char sess_key[2]; unsigned char userid[2] = { 0xCD, 0xEF }; int i = 0, j = 0, k; int iLength = 194; int iResponseOffset = 73; memset((char *) rbuf, 0, 400); /* set session key */ sess_key[1] = getpid() / 100; sess_key[0] = getpid() - (100 * sess_key[1]); memcpy(buf + 30, sess_key, 2); memcpy(buf + 32, userid, 2); if (smb_auth_mechanism == AUTH_LM) { if (verbose) hydra_report(stderr, "[VERBOSE] Setting Negotiate Protocol Response for LM.\n"); buf[3] = 0xA3; // Set message length buf[37] = 0x80; // Set byte count for dialects iLength = 167; iResponseOffset = 65; } hydra_send(s, (char *) buf, iLength, 0); k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); if (k == 0) return 3; /* retrieve the security mode */ /* [0] Mode: (0) ? (1) USER security mode [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED SAMBA: 0x01 (default) WinXP: 0x0F (default) WinXP: 0x07 (Windows 2003 / DC) */ switch (rbuf[39]) { case 0x01: //real plaintext should be used with LM auth if (verbose) hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n"); security_mode = PLAINTEXT; if (hashFlag == 1) { if (verbose) hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n"); return 3; } if (hashFlag == 2) { if (verbose) hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n"); return 3; } break; case 0x03: if (verbose) hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n"); security_mode = ENCRYPTED; break; case 0x07: case 0x0F: if (verbose) hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password.\n"); security_mode = ENCRYPTED; break; default: if (verbose) hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]); security_mode = ENCRYPTED; break; } /* Retrieve the challenge */ memcpy(challenge, (char *) rbuf + iResponseOffset, sizeof(challenge)); /* Find the primary domain/workgroup name */ memset(workgroup, 0, 16); memset(machine_name, 0, 16); //seems using LM only the domain is returned not the server //and the domain is not padded with null chars if (smb_auth_mechanism == AUTH_LM) { while ((rbuf[iResponseOffset + 8 + i] != 0) && (i < 16)) { workgroup[i] = rbuf[iResponseOffset + 8 + i]; i++; } } else { while ((rbuf[iResponseOffset + 8 + i * 2] != 0) && (i < 16)) { workgroup[i] = rbuf[iResponseOffset + 8 + i * 2]; i++; } while ((rbuf[iResponseOffset + 8 + (i + j + 1) * 2] != 0) && (j < 16)) { machine_name[j] = rbuf[iResponseOffset + 8 + (i + j + 1) * 2]; j++; } } if (verbose) { hydra_report(stderr, "[VERBOSE] Server machine name: %s\n", machine_name); hydra_report(stderr, "[VERBOSE] Server primary domain: %s\n", workgroup); } //success return 2; } /* SMBSessionSetup Function: Send username + response to the challenge from the server. Returns: TRUE on success else FALSE. */ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *miscptr) { unsigned char buf[512]; unsigned char *LMv2hash = NULL; unsigned char *NTLMv2hash = NULL; unsigned char *NTLMhash = NULL; unsigned char *LMhash = NULL; // unsigned char unicodeLogin[32 * 2]; int j; char bufReceive[512]; int nReceiveBufferSize = 0; int ret; int iByteCount = 0, iOffset = 0; if (accntFlag == 0) { strcpy((char *) workgroup, "localhost"); } else if (accntFlag == 2) { memset(workgroup, 0, 16); } //domain flag is not needed here, it will be auto set, //below it's domain specified on cmd line else if (accntFlag == 4) { strncpy((char *) workgroup, (char *) domain, 16); } /* NetBIOS Session Service */ unsigned char szNBSS[4] = { 0x00, /* Message Type: Session Message */ 0x00, 0x00, 0x85 /* Length -- MUST SET */ }; /* SMB Header */ unsigned char szSMB[32] = { 0xff, 0x53, 0x4d, 0x42, /* Server Component */ 0x73, /* SMB Command: Session Setup AndX */ 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */ 0x08, /* Flags */ 0x01, 0xc0, /* Flags2 */ /* add Unicode */ 0x00, 0x00, /* Process ID High */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */ 0x00, 0x00, /* Reserved */ 0x00, 0x00, /* Tree ID */ 0x13, 0x37, /* Process ID */ 0x00, 0x00, /* User ID */ 0x01, 0x00 /* Multiplx ID */ }; memset(buf, 0, 512); memcpy(buf, szNBSS, 4); memcpy(buf + 4, szSMB, 32); if (security_mode == ENCRYPTED) { /* Session Setup AndX Request */ if (smb_auth_mechanism == AUTH_LM) { if (verbose) hydra_report(stderr, "[VERBOSE] Attempting LM password authentication.\n"); unsigned char szSessionRequest[23] = { 0x0a, /* Word Count */ 0xff, /* AndXCommand: No further commands */ 0x00, /* Reserved */ 0x00, 0x00, /* AndXOffset */ 0xff, 0xff, /* Max Buffer */ 0x02, 0x00, /* Max Mpx Count */ 0x3c, 0x7d, /* VC Number */ 0x00, 0x00, 0x00, 0x00, /* Session Key */ 0x18, 0x00, /* LAN Manager Password Hash Length */ 0x00, 0x00, 0x00, 0x00, /* Reserved */ 0x49, 0x00 /* Byte Count -- MUST SET */ }; iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ iByteCount = 24; /* Start with length of LM hash */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 23); /* Calculate and set LAN Manager password hash */ if ((LMhash = (unsigned char *) malloc(24)) == NULL) return -1; memset(LMhash, 0, 24); ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge); if (ret == -1) { free(LMhash); return -1; } memcpy(buf + iOffset, LMhash, 24); free(LMhash); } else if (smb_auth_mechanism == AUTH_NTLM) { if (verbose) hydra_report(stderr, "[VERBOSE] Attempting NTLM password authentication.\n"); unsigned char szSessionRequest[29] = { 0x0d, /* Word Count */ 0xff, /* AndXCommand: No further commands */ 0x00, /* Reserved */ 0x00, 0x00, /* AndXOffset */ 0xff, 0xff, /* Max Buffer */ 0x02, 0x00, /* Max Mpx Count */ 0x3c, 0x7d, /* VC Number */ 0x00, 0x00, 0x00, 0x00, /* Session Key */ 0x18, 0x00, /* LAN Manager Password Hash Length */ 0x18, 0x00, /* NT LAN Manager Password Hash Length */ 0x00, 0x00, 0x00, 0x00, /* Reserved */ 0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */ 0x49, 0x00 /* Byte Count -- MUST SET */ }; iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ iByteCount = 48; /* Start with length of NTLM and LM hashes */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set NTLM password hash */ if ((NTLMhash = (unsigned char *) malloc(24)) == NULL) return -1; memset(NTLMhash, 0, 24); /* We don't need to actually calculated a LM hash for this mode, only NTLM */ ret = HashNTLM(&NTLMhash, (unsigned char *) szPassword, (unsigned char *) challenge, miscptr); if (ret == -1) return -1; memcpy(buf + iOffset + 24, NTLMhash, 24); /* Skip space for LM hash */ free(NTLMhash); } else if (smb_auth_mechanism == AUTH_LMv2) { if (verbose) hydra_report(stderr, "[VERBOSE] Attempting LMv2 password authentication.\n"); unsigned char szSessionRequest[29] = { 0x0d, /* Word Count */ 0xff, /* AndXCommand: No further commands */ 0x00, /* Reserved */ 0x00, 0x00, /* AndXOffset */ 0xff, 0xff, /* Max Buffer */ 0x02, 0x00, /* Max Mpx Count */ 0x3c, 0x7d, /* VC Number */ 0x00, 0x00, 0x00, 0x00, /* Session Key */ 0x18, 0x00, /* LAN Manager Password Hash Length */ 0x00, 0x00, /* NT LAN Manager Password Hash Length */ 0x00, 0x00, 0x00, 0x00, /* Reserved */ 0x50, 0x00, 0x00, 0x00, /* Capabilities */ 0x49, 0x00 /* Byte Count -- MUST SET */ }; iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ iByteCount = 24; /* Start with length of LMv2 response */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set LMv2 response hash */ if ((LMv2hash = (unsigned char *) malloc(24)) == NULL) return -1; memset(LMv2hash, 0, 24); ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); if (ret == -1) { free(LMv2hash); return -1; } memcpy(buf + iOffset, LMv2hash, 24); free(LMv2hash); } else if (smb_auth_mechanism == AUTH_NTLMv2) { if (verbose) hydra_report(stderr, "[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n"); unsigned char szSessionRequest[29] = { 0x0d, /* Word Count */ 0xff, /* AndXCommand: No further commands */ 0x00, /* Reserved */ 0x00, 0x00, /* AndXOffset */ 0xff, 0xff, /* Max Buffer */ 0x02, 0x00, /* Max Mpx Count */ 0x3c, 0x7d, /* VC Number */ 0x00, 0x00, 0x00, 0x00, /* Session Key */ 0x18, 0x00, /* LMv2 Response Hash Length */ 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ 0x00, 0x00, 0x00, 0x00, /* Reserved */ 0x50, 0x00, 0x00, 0x00, /* Capabilities */ 0x49, 0x00 /* Byte Count -- MUST SET */ }; iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set LMv2 response hash */ ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); if (ret == -1) return -1; memcpy(buf + iOffset, LMv2hash, 24); free(LMv2hash); /* Calculate and set NTLMv2 response hash */ ret = HashNTLMv2(&NTLMv2hash, &iByteCount, (unsigned char *) szLogin, (unsigned char *) szPassword); if (ret == -1) return -1; /* Set NTLMv2 Response Length */ memset(buf + iOffset - 12, iByteCount, 1); if (verbose) hydra_report(stderr, "[VERBOSE] HashNTLMv2 response length: %d\n", iByteCount); memcpy(buf + iOffset + 24, NTLMv2hash, iByteCount); free(NTLMv2hash); iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ } } else if (security_mode == PLAINTEXT) { if (verbose) hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n"); unsigned char szSessionRequest[23] = { 0x0a, /* Word Count */ 0xff, /* AndXCommand: No further commands */ 0x00, /* Reserved */ 0x00, 0x00, /* AndXOffset */ 0xff, 0xff, /* Max Buffer */ 0x02, 0x00, /* Max Mpx Count */ 0x3c, 0x7d, /* VC Number */ 0x00, 0x00, 0x00, 0x00, /* Session Key */ 0x00, 0x00, /* Password Length -- MUST SET */ 0x00, 0x00, 0x00, 0x00, /* Reserved */ 0x49, 0x00 /* Byte Count -- MUST SET */ }; iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 23); /* Calculate and set password length */ /* Samba appears to append NULL characters equal to the password length plus 2 */ //iByteCount = 2 * strlen(szPassword) + 2; iByteCount = strlen(szPassword) + 1; buf[iOffset - 8] = (iByteCount) % 256; buf[iOffset - 7] = (iByteCount) / 256; /* set ANSI password */ /* Depending on the SAMBA server configuration, multiple passwords may be successful when dealing with mixed-case values. The SAMBA parameter "password level" appears to determine how many characters within a password are tested by the server both upper and lower case. For example, assume a SAMBA account has a password of "Fred" and the server is configured with "password level = 2". Medusa sends the password "FRED". The SAMBA server will brute-force test this value for us with values like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting is "password level = 0". This results in only two attempts to being made by the remote server; the password as is and the password in all-lower case. */ strncpy((char *) (buf + iOffset), szPassword, 256); } else { hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n"); return -1; } /* Set account and workgroup values */ j = UTF8_UTF16LE((unsigned char *) szLogin, strlen(szLogin), buf + iOffset + iByteCount+1, 2*strlen(szLogin)); iByteCount += j +3; /* NULL pad account name */ j = UTF8_UTF16LE(workgroup, strlen((char *) workgroup), buf+iOffset+iByteCount, 2*strlen((char *) workgroup)); iByteCount += j+2; // NULL pad workgroup name /* Set native OS and LAN Manager values */ char *szOSName = "Unix"; j = UTF8_UTF16LE((unsigned char *) szOSName, strlen(szOSName), buf+iOffset+iByteCount, 2*sizeof(szOSName)); iByteCount += j+2; // NULL terminated char *szLANMANName = "Samba"; j = UTF8_UTF16LE((unsigned char *) szLANMANName, strlen(szLANMANName), buf+iOffset+iByteCount, 2*sizeof(szLANMANName)); iByteCount += j+2; // NULL terminated /* Set the header length */ buf[2] = (iOffset - 4 + iByteCount) / 256; buf[3] = (iOffset - 4 + iByteCount) % 256; if (verbose) hydra_report(stderr, "[VERBOSE] Set NBSS header length: %2.2X\n", buf[3]); /* Set data byte count */ buf[iOffset - 2] = iByteCount; if (verbose) hydra_report(stderr, "[VERBOSE] Set byte count: %2.2X\n", buf[57]); hydra_send(s, (char *) buf, iOffset + iByteCount, 0); nReceiveBufferSize = hydra_recv(s, bufReceive, sizeof(bufReceive)); if (/*(bufReceive == NULL) ||*/ (nReceiveBufferSize == 0)) return -1; /* 41 - Action (Guest/Non-Guest Account) */ /* 9 - NT Status (Error code) */ return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF)); } int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; int SMBerr, SMBaction; unsigned long SMBSessionRet; char ipaddr_str[64]; char ErrorCode[10]; memset(&ErrorCode, 0, 10); if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; strcpy(ipaddr_str, hydra_address2string(ip)); SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr); if (SMBSessionRet == -1) return 3; SMBerr = (unsigned long) SMBSessionRet & 0x00FFFFFF; SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24; if (verbose) hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int) SMBSessionRet, SMBerr, SMBaction); /* some error code are available here: http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx */ if (SMBerr == 0x000000) { /* success */ if (SMBaction == 0x01) { /* invalid account - anonymous connection */ fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login); hydra_completed_pair_skip(); } else { /* valid account */ hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) { hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n"); hydra_completed_pair_skip(); } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ if (verbose) hydra_report(stderr, "[VERBOSE] Valid password, GPO Disabling Remote Connections Using NULL Passwords\n"); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ if (verbose) hydra_report(stderr, "[VERBOSE] Valid password, GPO Deny access to this computer from the network\n"); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if (SMBerr == 0x000193) { /* Valid password, account expired */ if (verbose) hydra_report(stderr, "[VERBOSE] Valid password, account expired\n"); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ if (verbose) hydra_report(stderr, "[VERBOSE] Valid password, password expired and must be changed on next logon\n"); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ if (verbose) hydra_report(stderr, "[VERBOSE] Valid password, but logon hours invalid\n"); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); if ((miscptr) && (strstr(miscptr, "LM"))) hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); hydra_completed_pair_skip(); } else if (SMBerr == 0x000024) { /* change password on next login [success] */ fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); hydra_completed_pair_found(); } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ hydra_completed_pair(); } else if (SMBerr == 0x000071) { /* password expired */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled *//* BF0002 on w2k */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_LOCKED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login); hydra_completed_pair(); } else { /* failed */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Unknown Error: %6.6X\n", port, ipaddr_str, login, SMBerr); hydra_completed_pair(); } hydra_disconnect(s); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; //default is both (local and domain) checks and normal passwd accntFlag = 2; //BOTH hashFlag = 0; //PASS smb_auth_mechanism = AUTH_NTLM; if (miscptr) { //check group strupper(miscptr); if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) { char *tmpdom; int err = 0; accntFlag = 4; //OTHER DOMAIN tmpdom = strstr(miscptr, "OTHER_DOMAIN:"); tmpdom = tmpdom + strlen("OTHER_DOMAIN:"); if (tmpdom) { //split the string after the domain if there are other values strtok(tmpdom, " "); if (tmpdom) { strncpy((char *) domain, (char *) tmpdom, sizeof(domain) - 1); domain[sizeof(domain) - 1] = 0; } else { err = 1; } } else { err = 1; } if (err) { if (verbose) hydra_report(stdout, "[VERBOSE] requested line mode\n"); accntFlag = 2; } } else if (strstr(miscptr, "LOCAL") != NULL) { accntFlag = 0; //LOCAL } else if (strstr(miscptr, "DOMAIN") != NULL) { accntFlag = 1; //DOMAIN } //check pass if (strstr(miscptr, "HASH") != NULL) { hashFlag = 1; } else if (strstr(miscptr, "MACHINE") != NULL) { hashFlag = 2; } //check auth if (strstr(miscptr, "NTLMV2") != NULL) { smb_auth_mechanism = AUTH_NTLMv2; } else if (strstr(miscptr, "NTLM") != NULL) { smb_auth_mechanism = AUTH_NTLM; } else if (strstr(miscptr, "LMV2") != NULL) { smb_auth_mechanism = AUTH_LMv2; } else if (strstr(miscptr, "LM") != NULL) { smb_auth_mechanism = AUTH_LM; } } if (verbose) { hydra_report(stdout, "[VERBOSE] accntFlag is %d\n", accntFlag); hydra_report(stdout, "[VERBOSE] hashFlag is %d\n", accntFlag); } hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; for (;;) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if (port != 0) { sock = hydra_connect_tcp(ip, port); if (port == PORT_SMB) { protoFlag = WIN_NETBIOSMODE; if (verbose) hydra_report(stderr, "[VERBOSE] Attempting NETBIOS mode.\n"); } else { protoFlag = WIN2000_NATIVEMODE; if (verbose) hydra_report(stderr, "[VERBOSE] Attempting WIN2K Native mode.\n"); } } else { sock = hydra_connect_tcp(ip, PORT_SMBNT); if (sock > 0) { port = PORT_SMBNT; protoFlag = WIN2000_NATIVEMODE; } else { hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n"); port = PORT_SMB; protoFlag = WIN_NETBIOSMODE; sock = hydra_connect_tcp(ip, PORT_SMB); } } if (sock < 0) { if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } if (NBSSessionRequest(sock) < 0) { fprintf(stderr, "[ERROR] Session Setup Failed (is the server service running?)\n"); hydra_child_exit(2); } next_run = SMBNegProt(sock); break; case 2: /* run the cracking function */ next_run = start_smb(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: fprintf(stderr, "[ERROR] Caught unknown return code (%d), exiting!\n", run); hydra_child_exit(0); } run = next_run; } } #endif int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-smtp-enum.c0000644000175000010010000001655312441064454014275 0ustar marcNone /* david: module used to enum smtp users with either VRFY, EXPN or RCPT TO command. Optional input could be set to VRFY, EXPN or RCPT to force the mode login will be used as the username passwd will be used as the domain name */ #include "hydra-mod.h" extern char *HYDRA_EXIT; char *buf; char *err = NULL; int tosent = 0; #define VRFY 0 #define EXPN 1 #define RCPT 2 int smtp_enum_cmd = VRFY; int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[500]; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; while (hydra_data_ready(s) > 0) { if ((buf = hydra_receive_line(s)) == NULL) return (1); free(buf); } if (smtp_enum_cmd == RCPT) { tosent = 0; if (pass != empty) { snprintf(buffer, sizeof(buffer), "MAIL FROM: root@%s\r\n", pass); } else { snprintf(buffer, sizeof(buffer), "MAIL FROM: root\r\n"); } if (debug) hydra_report(stderr, "DEBUG C: %s", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return (1); if (debug) hydra_report(stderr, "DEBUG S: %s", buf); /* good return values are something like 25x */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "^25\\d\\s")) { #else if (strstr(buf, "25") != NULL) { #endif if (pass != empty) { snprintf(buffer, sizeof(buffer), "RCPT TO: %s@%s\r\n", login, pass); } else { snprintf(buffer, sizeof(buffer), "RCPT TO: %s\r\n", login); } tosent = 1; } else { err = strstr(buf, "Error"); if (err) { if (debug) { hydra_report(stderr, "Server %s", err); } free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } } } else { char cmd[5] = ""; memset(cmd, 0, sizeof(cmd)); if (smtp_enum_cmd == EXPN) strcpy(cmd, "EXPN"); else strcpy(cmd, "VRFY"); if (pass != empty) { snprintf(buffer, sizeof(buffer), "%s %s@%s\r\n", cmd, login, pass); } else { snprintf(buffer, sizeof(buffer), "%s %s\r\n", cmd, login); } } if (debug) hydra_report(stderr, "DEBUG C: %s", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return (1); if (debug) hydra_report(stderr, "DEBUG S: %s", buf); /* good return values are something like 25x */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "^25\\d\\s")) { #else if (strstr(buf, "25") != NULL) { #endif hydra_report_found_host(port, ip, "smtp-enum", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } err = strstr(buf, "Error"); if (err || tosent || strncmp(buf, "50", 2) == 0) { // we should report command not identified by the server //502 5.5.2 Error: command not recognized //#ifdef HAVE_PCRE // if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) { //#else // if ((debug || strstr(buf, "command") != NULL) && err) { //#endif // hydra_report(stderr, "Server %s", err); // } if (strncmp(buf, "500 ", 4) == 0) { hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); //503 5.5.1 Error: nested MAIL command strncpy(buffer, "RSET\r\n", sizeof(buffer)); free(buf); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; if ((buf = hydra_receive_line(s)) == NULL) return 1; } free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1, i = 0; int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL; char *buffer = "HELO hydra\r\n"; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } /* receive initial header */ if ((buf = hydra_receive_line(sock)) == NULL) hydra_child_exit(2); if (strstr(buf, "220") == NULL) { hydra_report(stderr, "Warning: SMTP does not allow to connect: %s\n", buf); hydra_child_exit(2); } // while (strstr(buf, "220 ") == NULL) { // free(buf); // buf = hydra_receive_line(sock); // } // if (buf[0] != '2') { if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { free(buf); hydra_child_exit(2); } // } free(buf); if ((buf = hydra_receive_line(sock)) == NULL) hydra_child_exit(2); if (buf[0] != '2') { hydra_report(stderr, "Warning: SMTP does not respond correctly to HELO: %s\n", buf); hydra_child_exit(2); } if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) miscptr[i] = (char) toupper((int) miscptr[i]); if (strncmp(miscptr, "EXPN", 4) == 0) smtp_enum_cmd = EXPN; if (strncmp(miscptr, "RCPT", 4) == 0) smtp_enum_cmd = RCPT; } if (debug) { switch (smtp_enum_cmd) { hydra_report(stdout, "[VERBOSE] "); case VRFY: hydra_report(stdout, "using SMTP VRFY command\n"); break; case EXPN: hydra_report(stdout, "using SMTP EXPN command\n"); break; case RCPT: hydra_report(stdout, "using SMTP RCPT TO command\n"); break; } } free(buf); next_run = 2; break; case 2: /* run the cracking function */ next_run = start_smtp_enum(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-smtp.c0000644000175000010010000003215712441064454013331 0ustar marcNone#include "hydra-mod.h" #include "sasl.h" extern char *HYDRA_EXIT; int smtp_auth_mechanism = AUTH_LOGIN; char *smtp_read_server_capacity(int sock) { char *ptr = NULL; int resp = 0; char *buf = NULL; do { if (buf != NULL) free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { if (isdigit((int) buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; #ifdef NO_RINDEX if ((ptr = strrchr(buf, '\n')) != NULL) { #else if ((ptr = rindex(buf, '\n')) != NULL) { #endif ptr++; if (isdigit((int) *ptr) && *(ptr + 3) == ' ') resp = 1; } } } } while (buf != NULL && resp == 0); return buf; } int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; while (hydra_data_ready(s) > 0) { if ((buf = hydra_receive_line(s)) == NULL) return (1); free(buf); } switch (smtp_auth_mechanism) { case AUTH_PLAIN: sprintf(buffer, "AUTH PLAIN\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, "334") == NULL) { hydra_report(stderr, "[ERROR] SMTP PLAIN AUTH : %s\n", buf); free(buf); return 3; } free(buf); memset(buffer, 0, sizeof(buffer)); sasl_plain(buffer, login, pass); sprintf(buffer, "%.250s\r\n", buffer); break; #ifdef LIBOPENSSL case AUTH_CRAMMD5:{ int rc = 0; char *preplogin; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { return 3; } sprintf(buffer, "AUTH CRAM-MD5\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } //get the one-time BASE64 encoded challenge if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, "334") == NULL || strlen(buf) < 8) { hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buf + 4); free(buf); memset(buffer2, 0, sizeof(buffer2)); sasl_cram_md5(buffer2, pass, buffer); sprintf(buffer, "%s %.250s", preplogin, buffer2); hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); sprintf(buffer, "%.250s\r\n", buffer); free(preplogin); } break; case AUTH_DIGESTMD5:{ sprintf(buffer, "AUTH DIGEST-MD5\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; //receive if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, "334") == NULL) { hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buf + 4); free(buf); if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); if (fooptr == NULL) return 3; if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); } break; #endif case AUTH_NTLM:{ unsigned char buf1[4096]; unsigned char buf2[4096]; //send auth and receive challenge buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); sprintf(buffer, "AUTH NTLM %s\r\n", buf1); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; if (strstr(buf, "334") == NULL || strlen(buf) < 8) { hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); free(buf); return 3; } //recover challenge from64tobits((char *) buf1, buf + 4); free(buf); buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); sprintf(buffer, "%s\r\n", buf1); } break; default: /* by default trying AUTH LOGIN */ sprintf(buffer, "AUTH LOGIN\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return 1; /* 504 5.7.4 Unrecognized authentication type */ if (strstr(buf, "334") == NULL) { hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled\nor server is not using auth: %s\n", buf); free(buf); return 3; } free(buf); sprintf(buffer2, "%.250s", login); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return (1); if (strstr(buf, "334") == NULL) { hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH : %s\n", buf); free(buf); return (3); } free(buf); sprintf(buffer2, "%.250s", pass); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return (1); #ifdef LIBOPENSSL if (smtp_auth_mechanism == AUTH_DIGESTMD5) { if (strstr(buf, "334") != NULL && strlen(buf) >= 8) { memset(buffer2, 0, sizeof(buffer2)); from64tobits((char *) buffer2, buf + 4); if (strstr(buffer2, "rspauth=") != NULL) { hydra_report_found_host(port, ip, "smtp", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } } } else #endif { if (strstr(buf, "235") != NULL) { hydra_report_found_host(port, ip, "smtp", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } } free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1, i = 0; int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; char *buf; char *buffer1 = "EHLO hydra\r\n"; char *buffer2 = "HELO hydra\r\n"; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } /* receive initial header */ if ((buf = hydra_receive_line(sock)) == NULL) hydra_child_exit(2); if (strstr(buf, "220") == NULL) { hydra_report(stderr, "[WARNING] SMTP does not allow to connect: %s\n", buf); free(buf); hydra_child_exit(2); } while (strstr(buf, "220 ") == NULL) { free(buf); buf = hydra_receive_line(sock); } free(buf); /* send ehlo and receive/ignore reply */ if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) hydra_child_exit(2); buf = smtp_read_server_capacity(sock); if (buf == NULL) hydra_child_exit(2); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) miscptr[i] = (char) toupper((int) miscptr[i]); if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { disable_tls = 0; } } #ifdef LIBOPENSSL if (!disable_tls) { /* if we got a positive answer */ if (buf[0] == '2') { if (strstr(buf, "STARTTLS") != NULL) { hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0); free(buf); buf = hydra_receive_line(sock); if (buf[0] != '2') { hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); } else { free(buf); if ((hydra_connect_to_ssl(sock) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); disable_tls = 1; run = 1; break; } else { if (verbose) hydra_report(stderr, "[VERBOSE] TLS connection done\n"); } /* ask again capability request but in TLS mode */ if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) hydra_child_exit(2); buf = smtp_read_server_capacity(sock); if (buf == NULL) hydra_child_exit(2); } } else hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); } else hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); } #endif if (buf[0] != '2') { if (hydra_send(sock, buffer2, strlen(buffer2), 0) < 0) hydra_child_exit(2); free(buf); buf = smtp_read_server_capacity(sock); if (buf == NULL) hydra_child_exit(2); } if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { smtp_auth_mechanism = AUTH_NTLM; } #ifdef LIBOPENSSL if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) { smtp_auth_mechanism = AUTH_DIGESTMD5; } if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) { smtp_auth_mechanism = AUTH_CRAMMD5; } #endif if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) { smtp_auth_mechanism = AUTH_PLAIN; } if ((miscptr != NULL) && (strlen(miscptr) > 0)) { if (strstr(miscptr, "LOGIN")) smtp_auth_mechanism = AUTH_LOGIN; if (strstr(miscptr, "PLAIN")) smtp_auth_mechanism = AUTH_PLAIN; #ifdef LIBOPENSSL if (strstr(miscptr, "CRAM-MD5")) smtp_auth_mechanism = AUTH_CRAMMD5; if (strstr(miscptr, "DIGEST-MD5")) smtp_auth_mechanism = AUTH_DIGESTMD5; #endif if (strstr(miscptr, "NTLM")) smtp_auth_mechanism = AUTH_NTLM; } if (verbose) { switch (smtp_auth_mechanism) { case AUTH_LOGIN: hydra_report(stderr, "[VERBOSE] using SMTP LOGIN AUTH mechanism\n"); break; case AUTH_PLAIN: hydra_report(stderr, "[VERBOSE] using SMTP PLAIN AUTH mechanism\n"); break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: hydra_report(stderr, "[VERBOSE] using SMTP CRAM-MD5 AUTH mechanism\n"); break; case AUTH_DIGESTMD5: hydra_report(stderr, "[VERBOSE] using SMTP DIGEST-MD5 AUTH mechanism\n"); break; #endif case AUTH_NTLM: hydra_report(stderr, "[VERBOSE] using SMTP NTLM AUTH mechanism\n"); break; } } free(buf); next_run = 2; break; case 2: /* run the cracking function */ next_run = start_smtp(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-snmp.c0000644000175000010010000004530412441064460013316 0ustar marcNone#include "hydra-mod.h" #ifdef LIBOPENSSL #include #include #include #include #include #endif extern int hydra_data_ready_timed(int socket, long sec, long usec); extern char *HYDRA_EXIT; extern int child_head_no; char snmpv3buf[1024], *snmpv3info = NULL; int snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; unsigned char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00 }; unsigned char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03 }; unsigned char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, 0x00 }; unsigned char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 }; struct SNMPV1_A { char ID; char len; char ver[3]; char comid; char comlen; }; struct SNMPV1_A snmpv1_a = { .ID = '\x30', .len = '\x00', .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ .comid = '\x04', .comlen = '\x00' }; struct SNMPV1_R { unsigned char type[2]; unsigned char identid[2]; unsigned char ident[4]; unsigned char errstat[3]; unsigned char errind[3]; unsigned char objectid[2]; unsigned char object[11]; unsigned char value[3]; } snmpv1_r = { .type = "\xa0\x1b", /* GET */ .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */ .errstat = "\x02\x01\x00", /* no error */ .errind = "\x02\x01\x00", /* error index 0 */ .objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ .value = "\x05\x00" /* we just read, so value = 0 */ }; struct SNMPV1_W { unsigned char type[2]; unsigned char identid[2]; unsigned char ident[4]; unsigned char errstat[3]; unsigned char errind[3]; unsigned char objectid[2]; unsigned char object[12]; unsigned char value[8]; } snmpv1_w = { .type = "\xa3\x21", /* SET */ .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */ .errstat = "\x02\x01\x00", /* no error */ .errind = "\x02\x01\x00", /* error index 0 */ .objectid = "\x30\x13", /* string */ .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */ }; #ifdef LIBOPENSSL void password_to_key_md5(u_char * password, /* IN */ u_int passwordlen, /* IN */ u_char * engineID, /* IN - pointer to snmpEngineID */ u_int engineLength, /* IN - length of snmpEngineID */ u_char * key) { /* OUT - pointer to caller 16-octet buffer */ MD5_CTX MD; u_char *cp, password_buf[80], *mypass = password, bpass[17]; u_long password_index = 0, count = 0, i, mylen, myelen = engineLength; if (strlen(password) > passwordlen) passwordlen = strlen(password); if (passwordlen > sizeof(bpass) - 1) passwordlen = sizeof(bpass) - 1; mylen = passwordlen; if (mylen < 8) { memset(bpass, 0, sizeof(bpass)); strcpy(bpass, password); while (mylen < 8) { strcat(bpass, password); mylen += passwordlen; } mypass = bpass; } if (myelen > 32) myelen = 32; MD5_Init(&MD); /* initialize MD5 */ /* Use while loop until we've done 1 Megabyte */ while (count < 1048576) { cp = password_buf; for (i = 0; i < 64; i++) { /* Take the next octet of the password, wrapping */ /* to the beginning of the password as necessary. */ *cp++ = mypass[password_index++ % mylen]; } MD5_Update(&MD, password_buf, 64); count += 64; } MD5_Final(key, &MD); /* tell MD5 we're done */ /* Now localize the key with the engineID and pass */ /* through MD5 to produce final key */ /* May want to ensure that engineLength <= 32, */ /* otherwise need to use a buffer larger than 64 */ memcpy(password_buf, key, 16); memcpy(password_buf + 16, engineID, myelen); memcpy(password_buf + 16 + myelen, key, 16); MD5_Init(&MD); MD5_Update(&MD, password_buf, 32 + myelen); MD5_Final(key, &MD); return; } void password_to_key_sha(u_char * password, /* IN */ u_int passwordlen, /* IN */ u_char * engineID, /* IN - pointer to snmpEngineID */ u_int engineLength, /* IN - length of snmpEngineID */ u_char * key) { /* OUT - pointer to caller 20-octet buffer */ SHA_CTX SH; u_char *cp, password_buf[80], *mypass = password, bpass[17]; u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; if (mylen < 8) { memset(bpass, 0, sizeof(bpass)); strcpy(bpass, password); while (mylen < 8) { strcat(bpass, password); mylen += passwordlen; } mypass = bpass; } if (myelen > 32) myelen = 32; SHA1_Init(&SH); /* initialize SHA */ /* Use while loop until we've done 1 Megabyte */ while (count < 1048576) { cp = password_buf; for (i = 0; i < 64; i++) { /* Take the next octet of the password, wrapping */ /* to the beginning of the password as necessary. */ *cp++ = mypass[password_index++ % mylen]; } SHA1_Update(&SH, password_buf, 64); count += 64; } SHA1_Final(key, &SH); /* tell SHA we're done */ /* Now localize the key with the engineID and pass */ /* through SHA to produce final key */ /* May want to ensure that engineLength <= 32, */ /* otherwise need to use a buffer larger than 72 */ memcpy(password_buf, key, 20); memcpy(password_buf + 20, engineID, myelen); memcpy(password_buf + 20 + myelen, key, 20); SHA1_Init(&SH); SHA1_Update(&SH, password_buf, 40 + myelen); SHA1_Final(key, &SH); return; } #endif int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = ""; int i, j, k, size, off = 0, off2 = 0, done = 0; unsigned char initVect[8], privacy_params[8]; int engine_boots = 0; #ifdef LIBOPENSSL DES_key_schedule symcbc; #endif if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; if (snmpversion < 3) { /* do we attack snmp v1 or v2c? */ if (snmpversion == 2) { snmpv1_a.ver[2] = '\x01'; } if (snmpread) { size = sizeof(snmpv1_r); } else { size = sizeof(snmpv1_w); } snmpv1_a.comlen = (char) strlen(pass); snmpv1_a.len = snmpv1_a.comlen + size + sizeof(snmpv1_a) - 3; i = sizeof(snmpv1_a); memcpy(buffer, &snmpv1_a, i); strcpy(buffer + i, pass); i += strlen(pass); if (snmpread) { memcpy(buffer + i, &snmpv1_r, size); i += sizeof(snmpv1_r); } else { memcpy(buffer + i, &snmpv1_w, size); i += sizeof(snmpv1_w); } } else { // snmpv3 if (enctype == 0) { memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1)); i = sizeof(snmpv3_get1); } else { memcpy(buffer + 1, snmpv3_get1, sizeof(snmpv3_get1)); buffer[0] = buffer[1]; memset(buffer + 1, 0x81, 2); i = sizeof(snmpv3_get1) + 1; off2 = 1; } memcpy(buffer + i, snmpv3info, snmpv3infolen); if (hashtype > 0) { off = 12; #ifdef LIBOPENSSL if (hashtype == 1) { password_to_key_md5(pass, strlen(pass), snmpv3info + 6, snmpv3info[5], key); } else { password_to_key_sha(pass, strlen(pass), snmpv3info + 6, snmpv3info[5], key); } #endif if (enctype > 0) { off += 8; buffer[20 + off2] = 7; } } else { ptr = login; login = pass; pass = ptr; buffer[20] = 4; } buffer[i + 1] = 4 + snmpv3infolen + off + strlen(login); buffer[i + 3] = 2 + snmpv3infolen + off + strlen(login); if (enctype == 0) buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1]; i += snmpv3infolen; //printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]); buffer[i] = 0x04; buffer[i + 1] = strlen(login); memcpy(buffer + i + 2, login, strlen(login)); i += 2 + strlen(login); buffer[i] = 0x04; if (hashtype > 0) { buffer[i + 1] = 12; memset(buffer + i + 2, 0, 12); off = i + 2; i += 2 + 12; } else { buffer[i + 1] = 0; i += 2; } buffer[i] = 0x04; if (enctype == 0) { buffer[i + 1] = 0x00; i += 2; } else { buffer[i + 1] = 8; memcpy(buffer + i + 2, salt, 8); // uninitialized and we dont care i += 10; } if (enctype == 0) { memcpy(buffer + i, snmpv3_get2, sizeof(snmpv3_get2)); i += sizeof(snmpv3_get2); } else { buffer[i] = 4; buffer[i + 1] = 0x30; #ifdef LIBOPENSSL /* //PrivDES::encrypt(const unsigned char *key, // const unsigned int /*key_len*///, // const unsigned char *buffer, // const unsigned int buffer_len, // unsigned char *out_buffer, // unsigned int *out_buffer_len, // unsigned char *privacy_params, // unsigned int *privacy_params_len, // const unsigned long engine_boots, // const unsigned long /*engine_time*/) // last 8 bytes of key are used as base for initialization vector */ k = 0; memcpy((char *) initVect, key + 8, 8); // put salt in privacy_params j = htonl(engine_boots); memcpy(privacy_params, (char *) &j, 4); memcpy(privacy_params + 4, salt, 4); // ??? correct? // xor initVect with salt for (i = 0; i < 8; i++) initVect[i] ^= privacy_params[i]; des_key_sched((C_Block *) key, symcbc); des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block *) (initVect), DES_ENCRYPT); #endif /* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) { des_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (C_Block*)(initVect), DES_ENCRYPT); } // last part of buffer if (buffer_len % 8) { unsigned char tmp_buf[8]; unsigned char *tmp_buf_ptr = tmp_buf; int start = buffer_len - (buffer_len % 8); memset(tmp_buf, 0, 8); for (unsigned int l = start; l < buffer_len; l++) *tmp_buf_ptr++ = buffer[l]; des_ncbc_encrypt(tmp_buf, buf + start, 1, symcbc, (C_Block*)(initVect), DES_ENCRYPT); *out_buffer_len = buffer_len + 8 - (buffer_len % 8); } else *out_buffer_len = buffer_len; */ //dummy k = ((sizeof(snmpv3_get2) - 2) / 8); if ((sizeof(snmpv3_get2) - 2) % 8 != 0) k++; memcpy(buffer + i + 2, buf, k * 8); i += k * 8 + 2; } i++; // just to conform with the snmpv1/2 code #ifdef LIBOPENSSL if (hashtype == 1) { HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL); memcpy(buffer + off, hash, 12); } else if (hashtype == 2) { HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); memcpy(buffer + off, hash, 12); } #endif } j = 0; do { if (hydra_send(s, buffer, i - 1, 0) < 0) return 3; j++; } while (hydra_data_ready_timed(s, 1, 0) <= 0 && j < 3); if (hydra_data_ready_timed(s, 5, 0) > 0) { i = hydra_recv(s, (char *) buf, sizeof(buf)); if (snmpversion < 3) { /* stolen from ADMsnmp... :P */ for (j = 0; j < i; j++) { if (buf[j] == '\x04') { /* community name */ for (j = j + buf[j + 1]; j + 2 < i; j++) { if (buf[j] == '\xa2') { /* PDU Response */ for (; j + 2 < i; j++) { if (buf[j] == '\x02') { /* ID */ for (j = j + (buf[j + 1]); j + 2 < i; j++) { if (buf[j] == '\x02') { if (buf[j + 1] == '\x01') { /* good ! */ hydra_report_found_host(port, ip, "snmp", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } } } } } } } } } } else { // snmpv3 reply off = 0; if (buf[0] == 0x30) { if (buf[4] == 0x03 && buf[5] == 0x30) off = 4; if (buf[5] == 0x03 && buf[6] == 0x30) off = 6; if (buf[6] == 0x03 && buf[7] == 0x30) off = 6; } if (off == 0) return 3; if (debug) printf("[DEBUG] buf[%d + 15] %d\n", off, buf[off + 15]); k = 3 + off + buf[2 + off]; if ((j = hydra_memsearch(buf + k, buf[k + 3], snmpv3_nouser, sizeof(snmpv3_nouser))) < 0) if ((j = hydra_memsearch(buf + k, buf[k + 3], login, strlen(login))) >= 0) { if (snmpv3info[j - 2] == 0x04) j -= 2; else j = -1; } if (j >= 0) { i = buf[k + 3] + 4; if (i > sizeof(snmpv3info)) i = sizeof(snmpv3info); memcpy(snmpv3info, buf + k, i); snmpv3infolen = j; if (debug) hydra_dump_asciihex(snmpv3info, snmpv3infolen); } if ((buf[off + 15] & 1) == 1) { if (hashtype == 0) hydra_report_found_host(port, ip, "snmp3", fp); else hydra_report_found_host(port, ip, "snmp", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist if (debug) printf("[DEBUG] server reply indicates login %s does not\n", login); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } } } hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1, i = 0; int myport = PORT_SNMP; char *lptr; if (miscptr != NULL) { lptr = strtok(miscptr, ":"); while (lptr != NULL) { if (strcasecmp(lptr, "1") == 0) snmpversion = 1; else if (strcasecmp(lptr, "2") == 0) snmpversion = 2; else if (strcasecmp(lptr, "3") == 0) snmpversion = 3; else if (strcasecmp(lptr, "PLAIN") == 0) hashtype = 0; else if (strcasecmp(lptr, "MD5") == 0) hashtype = 1; else if (strncasecmp(lptr, "R", 1) == 0) snmpread = 1; else if (strncasecmp(lptr, "W", 1) == 0) snmpread = 0; else if (strncasecmp(lptr, "SHA", 3) == 0) hashtype = 2; else if (strcasecmp(lptr, "DES") == 0) enctype = 1; else if (strcasecmp(lptr, "AES") == 0) enctype = 2; else { fprintf(stderr, "[ERROR] unknown optional parameter: %s\n", lptr); hydra_child_exit(2); } lptr = strtok(NULL, ":"); } } if (hashtype == 0) enctype = 0; if (port != 0) myport = port; sock = hydra_connect_udp(ip, myport); port = myport; if (debug) printf("[DEBUG] snmpv%d, isread %d, hashtype %d, enctype %d\n", snmpversion, snmpread, hashtype, enctype); hydra_register_socket(sp); if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int) getpid()); hydra_child_exit(1); } if (snmpversion == 3) { next_run = 0; while (snmpv3info == NULL && next_run < 3) { hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0); if (hydra_data_ready_timed(sock, 5, 0) > 0) { if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) { if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30) { snmpv3info = snmpv3buf + 7 + snmpv3buf[6]; snmpv3infolen = snmpv3info[3] + 4; if (snmpv3info + snmpv3infolen <= snmpv3buf + sizeof(snmpv3buf)) { while (snmpv3info[snmpv3infolen - 2] == 4 && snmpv3info[snmpv3infolen - 1] == 0 && snmpv3infolen > 1) snmpv3infolen -= 2; if (debug) hydra_dump_asciihex(snmpv3info, snmpv3infolen); if (snmpv3info[10] == 3 && child_head_no == 0) printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13], (unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]); } } } } next_run++; } if (snmpv3info == NULL || i < snmpv3info + snmpv3infolen - snmpv3buf) { hydra_report(stderr, "No valid reply from snmp server, exiting!\n"); hydra_child_exit(2); } } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) run = 3; while (1) { switch (run) { case 1: /* connect and service init function */ next_run = start_snmp(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-socks5.c0000644000175000010010000001204412441064454013546 0ustar marcNone#include "hydra-mod.h" /* RFC: 1928 This module enable bruteforcing for socks5, only following types are supported: 0x00 "No Authentication Required" 0x02 "Username/Password" */ extern char *HYDRA_EXIT; unsigned char *buf; int fail_cnt; int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[300]; int pport, fud = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; memcpy(buffer, "\x05\x02\x00\x02", 4); if (hydra_send(s, buffer, 4, 0) < 0) { return 1; } if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) { fail_cnt++; if (fail_cnt >= 10) return 5; return (1); } fail_cnt = 0; if (buf[0] != 5) { if (buf[0] == 4) { hydra_report(stderr, "[ERROR] Sorry Socks4 / Socks4a ident is not supported\n"); } else { hydra_report(stderr, "[ERROR] Socks5 protocol or service shutdown: %s\n", buf); } free(buf); return (4); } if (buf[1] == 0 || buf[1] == 32) { hydra_report(stderr, "[INFO] Socks5 server does NOT require any authentication!\n"); free(buf); return (4); } if (buf[1] != 0x2) { hydra_report(stderr, "[ERROR] Socks5 protocol or service shutdown: %s\n", buf); free(buf); return (4); } free(buf); /* RFC 1929 For username/password authentication the client's authentication request is field 1: version number, 1 byte (must be 0x01) */ snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) return (1); if (buf[1] != 255) { /* new: false positive check */ free(buf); pport = htons(port); if (ip[0] == 16) { memcpy(buffer, "\x05\x01\x00\x04", 4); memcpy(buffer + 4, &ip[1], 16); memcpy(buffer + 20, &pport, 2); hydra_send(s, buffer, 22, 0); } else { memcpy(buffer, "\x05\x01\x00\x01", 4); memcpy(buffer + 4, &ip[1], 4); memcpy(buffer + 8, &pport, 2); hydra_send(s, buffer, 10, 0); } if ((buf = (unsigned char *) hydra_receive_line(s)) != NULL) { if (buf[1] == 0 || buf[1] == 32) { hydra_report_found_host(port, ip, "socks5", fp); hydra_completed_pair_found(); fud = 1; } else if (buf[1] != 2) { hydra_report_found_host_msg(port, ip, "socks5", fp, "might be a false positive!"); } } } if (buf != NULL) free(buf); if (fud == 0) hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL; hydra_register_socket(sp); if (port != 0) myport = port; if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* run the cracking function */ next_run = start_socks5(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; case 5: /* clean exit, server may blocking connections */ hydra_report(stderr, "[ERROR] Server may blocking connections\n"); if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-ssh.c0000644000175000010010000001377712441064454013152 0ustar marcNone/* libssh is available at http://www.libssh.org If you want support for ssh v1 protocol, you have to add option -DWITH_SSH1=On in the cmake */ #include "hydra-mod.h" #ifndef LIBSSH void dummy_ssh() { printf("\n"); } #else #include #if LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 4 ssh_session session = NULL; extern char *HYDRA_EXIT; int new_session = 1; int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, keep_login[300]; int auth_state = 0, rc = 0, i = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; if (new_session) { if (session) { ssh_disconnect(session); ssh_finalize(); ssh_free(session); } session = ssh_new(); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); ssh_options_set(session, SSH_OPTIONS_USER, login); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { //if the connection was drop, exit and let hydra main handle it if (verbose) hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); return 3; } if ((rc = ssh_userauth_none(session, NULL)) == SSH_AUTH_ERROR) { return 3; } else if (rc == SSH_AUTH_SUCCESS) { hydra_report_found_host(port, ip, "ssh", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; else return 1; } } else new_session = 1; auth_state = ssh_auth_list(session); if ((auth_state & SSH_AUTH_METHOD_PASSWORD) > 0) { auth_state = ssh_userauth_password(session, NULL, pass); } else if ((auth_state & SSH_AUTH_METHOD_INTERACTIVE) > 0) { auth_state = ssh_userauth_kbdint(session, NULL, NULL); while (auth_state == SSH_AUTH_INFO) { rc = ssh_userauth_kbdint_getnprompts(session); for (i = 0; i < rc; i++) ssh_userauth_kbdint_setanswer(session, i, pass); auth_state = ssh_userauth_kbdint(session, NULL, NULL); } } else { return 4; } if (auth_state == SSH_AUTH_ERROR) { new_session = 1; return 1; } if (auth_state == SSH_AUTH_SUCCESS || auth_state == SSH_AUTH_PARTIAL) { hydra_report_found_host(port, ip, "ssh", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } else { strncpy(keep_login, login, sizeof(keep_login) - 1); keep_login[sizeof(keep_login) - 1] = '\0'; hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; login = hydra_get_next_login(); if (strcmp(login, keep_login) == 0) new_session = 0; return 1; } /* not reached */ return 1; } void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ next_run = start_ssh(sock, ip, port, options, miscptr, fp); break; case 2: ssh_disconnect(session); ssh_finalize(); ssh_free(session); hydra_child_exit(0); case 3: ssh_disconnect(session); ssh_finalize(); ssh_free(session); if (verbose) fprintf(stderr, "[ERROR] ssh protocol error\n"); hydra_child_exit(2); case 4: ssh_disconnect(session); ssh_finalize(); ssh_free(session); fprintf(stderr, "[ERROR] ssh target does not support password auth\n"); hydra_child_exit(2); default: ssh_disconnect(session); ssh_finalize(); ssh_free(session); hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } #else #error "You are not using v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support" #endif #endif int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // 1 skip target without generating an error // 2 skip target because of protocol problems // 3 skip target because its unreachable #ifdef LIBSSH int rc, method; ssh_session session = ssh_new(); if (verbose || debug) printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); ssh_options_set(session, SSH_OPTIONS_USER, "root"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d\n", hydra_address2string(ip), port); return 2; } rc = ssh_userauth_none(session, NULL); method = ssh_userauth_list(session, NULL); ssh_disconnect(session); ssh_finalize(); ssh_free(session); if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) { if (verbose || debug) printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); return 0; } fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string(ip), port); return 1; #else return 0; #endif } hydra-8.1/hydra-sshkey.c0000644000175000010010000001133612441064460013645 0ustar marcNone /* libssh is available at http://www.libssh.org current version is 0.4.8 If you want support for ssh v1 protocol, you have to add option -DWITH_SSH1=On in the cmake */ #include "hydra-mod.h" #ifndef LIBSSH void dummy_sshkey() { printf("\n"); } #else #include #if LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 4 extern ssh_session session; extern char *HYDRA_EXIT; extern int new_session; int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *key, keep_login[300]; int auth_state = 0, rc = 0; ssh_private_key privkey; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(key = hydra_get_next_password()) == 0) key = empty; if (new_session) { if (session) { ssh_disconnect(session); ssh_finalize(); ssh_free(session); } session = ssh_new(); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); ssh_options_set(session, SSH_OPTIONS_USER, login); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { //if the connection was drop, exit and let hydra main handle it if (verbose) hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); return 3; } if ((rc = ssh_userauth_none(session, NULL)) == SSH_AUTH_ERROR) { return 3; } else if (rc == SSH_AUTH_SUCCESS) { hydra_report_found_host(port, ip, "sshkey", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; else return 1; } } else new_session = 1; auth_state = ssh_auth_list(session); if ((auth_state & SSH_AUTH_METHOD_PUBLICKEY) > 0) { privkey = privatekey_from_file(session, key, 0, NULL); if (!privkey) { hydra_report(stderr, "[ERROR] skipping invalid private key: \"%s\"\n", key); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } auth_state = ssh_userauth_pubkey(session, NULL, NULL, privkey); } else { return 4; } if (auth_state == SSH_AUTH_ERROR) { new_session = 1; return 1; } if (auth_state == SSH_AUTH_SUCCESS || auth_state == SSH_AUTH_PARTIAL) { hydra_report_found_host(port, ip, "sshkey", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } else { strncpy(keep_login, login, sizeof(keep_login) - 1); keep_login[sizeof(keep_login) - 1] = '\0'; hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; login = hydra_get_next_login(); if (strcmp(login, keep_login) == 0) new_session = 0; return 1; } /* not reached */ return 1; } void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ next_run = start_sshkey(sock, ip, port, options, miscptr, fp); break; case 2: ssh_disconnect(session); ssh_finalize(); ssh_free(session); hydra_child_exit(0); case 3: ssh_disconnect(session); ssh_finalize(); ssh_free(session); fprintf(stderr, "[ERROR] ssh protocol error\n"); hydra_child_exit(2); case 4: ssh_disconnect(session); ssh_finalize(); ssh_free(session); fprintf(stderr, "[ERROR] ssh target does not support pubkey auth\n"); hydra_child_exit(2); default: ssh_disconnect(session); ssh_finalize(); ssh_free(session); hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } #else #error "You are not using v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support" #endif #endif int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-svn.c0000644000175000010010000001342612441064454013152 0ustar marcNone//This plugin was written by //checked for memleaks on 110425, none found #ifdef LIBSVN /* needed on openSUSE */ #define _GNU_SOURCE #include #include #include #include #include #endif #include "hydra-mod.h" #ifndef LIBSVN void dummy_svn() { printf("\n"); } #else extern int hydra_data_ready_timed(int socket, long sec, long usec); extern char *HYDRA_EXIT; #define DEFAULT_BRANCH "trunk" static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) { return SVN_NO_ERROR; } static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t * pool) { char *empty = ""; char *login, *pass; svn_auth_cred_simple_t *ret = apr_pcalloc(pool, sizeof(*ret)); if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; ret->username = apr_pstrdup(pool, login); ret->password = apr_pstrdup(pool, pass); *cred = ret; return SVN_NO_ERROR; } int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { int ipv6 = 0; char URL[1024]; char URLBRANCH[256]; apr_pool_t *pool; svn_error_t *err; svn_opt_revision_t revision; apr_uint32_t dirents; svn_client_ctx_t *ctx; svn_auth_provider_object_t *provider; apr_array_header_t *providers; if (miscptr) strncpy(URLBRANCH, miscptr, sizeof(URLBRANCH)); else strncpy(URLBRANCH, DEFAULT_BRANCH, sizeof(URLBRANCH)); if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS) return 4; if (ip[0] == 16) ipv6 = 1; pool = svn_pool_create(NULL); err = svn_config_ensure(NULL, pool); if (err) { svn_handle_error2(err, stderr, FALSE, "hydra: "); return 4; } if ((err = svn_client_create_context(&ctx, pool))) { svn_handle_error2(err, stderr, FALSE, "hydra: "); return 4; } if ((err = svn_config_get_config(&(ctx->config), NULL, pool))) { svn_handle_error2(err, stderr, FALSE, "hydra: "); return 4; } providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *)); svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ 0, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; /* Register the auth-providers into the context's auth_baton. */ svn_auth_open(&ctx->auth_baton, providers, pool); revision.kind = svn_opt_revision_head; if (ipv6) snprintf(URL, sizeof(URL), "svn://[%s]:%d/%s", hydra_address2string(ip), port, URLBRANCH); else snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string(ip), port, URLBRANCH); dirents = SVN_DIRENT_KIND; err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); svn_pool_clear(pool); svn_pool_destroy(pool); if (err) { if (verbose) hydra_report(stderr, "[ERROR] Access refused (error code %d) , message: %s\n", err->apr_err, err->message); //Username not found 170001 ": Username not found" //Password incorrect 170001 ": Password incorrect" if (err->apr_err != 170001) { return 4; //error } else { if (strstr(err->message, "Username not found")) { hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; } else { hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; } } } else { if (verbose) hydra_report(stderr, "[VERBOSE] Access granted\n"); hydra_report_found_host(port, ip, "svn", fp); hydra_completed_pair_found(); return 3; } return 3; } void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_SVN, mysslport = PORT_SVN_SSL; hydra_register_socket(sp); while (1) { if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: next_run = start_svn(sock, ip, port, options, miscptr, fp); break; case 3: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: if (!verbose) hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); hydra_child_exit(0); } run = next_run; } } #endif int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-teamspeak.c0000644000175000010010000000775312441064454014324 0ustar marcNone#include "hydra-mod.h" #include "crc32.h" /* This module brings support for Teamspeak version 2.x (TS2 protocol) Tested with version 2.0.r23.b19, server uses to ban ip for 10 min when bruteforce is detected. TS1 protocol (tcp/8765) is not supported TS3 protocol (udp/9987) is not needed as user/pass is not used anymore */ struct team_speak { char header[16]; unsigned long crc; char clientlen; char client[29]; char oslen; char os[29]; char misc[10]; char userlen; char user[29]; char passlen; char pass[29]; char loginlen; char login[29]; }; extern int hydra_data_ready_timed(int socket, long sec, long usec); extern char *HYDRA_EXIT; char *buf; int start_teamspeak(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass; char buf[100]; struct team_speak teamspeak; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; memset(&teamspeak, 0, sizeof(struct team_speak)); memcpy(&teamspeak.header, "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00", 16); teamspeak.clientlen = 9; strcpy((char *) &teamspeak.client, "TeamSpeak"); teamspeak.oslen = 11; strcpy((char *) &teamspeak.os, "Linux 2.6.9"); memcpy(&teamspeak.misc, "\x02\x00\x00\x00\x20\x00\x3c\x00\x01\x02", 10); teamspeak.userlen = strlen(login); strncpy((char *) &teamspeak.user, login, 29); teamspeak.passlen = strlen(pass); strncpy((char *) &teamspeak.pass, pass, 29); teamspeak.loginlen = 0; strcpy((char *) &teamspeak.login, ""); teamspeak.crc = crc32(&teamspeak, sizeof(struct team_speak)); if (hydra_send(s, (char *) &teamspeak, sizeof(struct team_speak), 0) < 0) { return 3; } if (hydra_data_ready_timed(s, 5, 0) > 0) { hydra_recv(s, (char *) buf, sizeof(buf)); if (buf[0x58] == 1) { hydra_report_found_host(port, ip, "teamspeak", fp); hydra_completed_pair_found(); } if (buf[0x4B] != 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } } else { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_TEAMSPEAK; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) run = 3; while (1) { switch (run) { case 1: /* connect and service init function */ // if (sock >= 0) // sock = hydra_disconnect(sock); // usleep(300000); if (sock < 0) { if (port != 0) myport = port; sock = hydra_connect_udp(ip, myport); port = myport; if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } } next_run = start_teamspeak(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-telnet.c0000644000175000010010000001601112441064460013625 0ustar marcNone#include "hydra-mod.h" #include extern char *HYDRA_EXIT; char *buf; int no_line_mode; int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *login, *pass, buffer[300]; int i = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; sprintf(buffer, "%.250s\r", login); if (no_line_mode) { for (i = 0; i < strlen(buffer); i++) { if (strcmp(&buffer[i], "\r") == 0) { send(s, "\r\0", 2, 0); } else { send(s, &buffer[i], 1, 0); } usleep(20000); } } else { if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { return 1; } } do { if ((buf = hydra_receive_line(s)) == NULL) return 1; if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } (void) make_to_lower(buf); if (hydra_strcasestr(buf, "asswor") != NULL || hydra_strcasestr(buf, "asscode") != NULL || hydra_strcasestr(buf, "ennwort") != NULL) i = 1; if (i == 0 && ((strstr(buf, "ogin:") != NULL && strstr(buf, "last login") == NULL) || strstr(buf, "sername:") != NULL)) { free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } free(buf); } while (i == 0); sprintf(buffer, "%.250s\r", pass); if (no_line_mode) { for (i = 0; i < strlen(buffer); i++) { if (strcmp(&buffer[i], "\r") == 0) { send(s, "\r\0", 2, 0); } else { send(s, &buffer[i], 1, 0); } usleep(20000); } } else { if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { return 1; } } /*win7 answering with do terminal type = 0xfd 0x18 */ while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || (strstr(buf, " failed") == NULL && index(buf, '%') != NULL) || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } free(buf); } hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1, fck; int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; if (miscptr != NULL) make_to_lower(miscptr); while (1) { int first = 0; int old_waittime = waittime; switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); no_line_mode = 0; first = 0; if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); hydra_child_exit(2); // hydra_child_exit(2); } if (hydra_strcasestr(buf, "ress ENTER") != NULL) { hydra_send(sock, "\r\n", 2, 0); free(buf); if ((buf = hydra_receive_line(sock)) == NULL) { hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); hydra_child_exit(2); } } if (hydra_strcasestr(buf, "login") != NULL || hydra_strcasestr(buf, "sername:") != NULL) { waittime = 6; if (debug) hydra_report(stdout, "DEBUG: waittime set to %d\n", waittime); } do { unsigned char *buf2 = (unsigned char *) buf; while (*buf2 == IAC) { if (first == 0) { if (debug) hydra_report(stdout, "DEBUG: requested line mode\n"); fck = write(sock, "\xff\xfb\x22", 3); first = 1; } if ((buf[1] == '\xfc' || buf[1] == '\xfe') && buf2[2] == '\x22') { no_line_mode = 1; if (debug) hydra_report(stdout, "DEBUG: TELNETD peer does not like linemode!\n"); } if (buf2[2] != '\x22') { if (buf2[1] == WILL || buf2[1] == WONT) { buf2[1] = DONT; } else if (buf2[1] == DO || buf2[1] == DONT) { buf2[1] = WONT; } fck = write(sock, buf2, 3); } buf2 = buf2 + 3; } if (buf2 != (unsigned char *) buf) { free(buf); buf = hydra_receive_line(sock); } else { buf[0] = 0; } if (buf != NULL && buf[0] != 0 && (unsigned char) buf[0] != IAC) make_to_lower(buf); } while (buf != NULL && (unsigned char) buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL); free(buf); waittime = old_waittime; next_run = 2; break; case 2: /* run the cracking function */ next_run = start_telnet(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-vmauthd.c0000644000175000010010000001123612441064454014011 0ustar marcNone//This plugin was written by david@ // //This plugin is written for VMware Authentication Daemon // #include "hydra-mod.h" extern char *HYDRA_EXIT; char *buf; int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[300]; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; while (hydra_data_ready(s) > 0) { if ((buf = hydra_receive_line(s)) == NULL) return (1); free(buf); } sprintf(buffer, "USER %.250s\r\n", login); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return (1); if (strncmp(buf, "331 ", 4) != 0) { hydra_report(stderr, "[ERROR] vmware authd protocol or service shutdown: %s\n", buf); free(buf); return (3); } free(buf); sprintf(buffer, "PASS %.250s\r\n", pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } if ((buf = hydra_receive_line(s)) == NULL) return (1); //fprintf(stderr, "%s\n", buf); //230 User test logged in. //530 Login incorrect. if (strncmp(buf, "230 ", 4) == 0) { hydra_report_found_host(port, ip, "vmauthd", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; } free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); // usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); //fprintf(stderr, "%s\n",buf); //220 VMware Authentication Daemon Version 1.00 //220 VMware Authentication Daemon Version 1.10: SSL Required //220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an vmware authd protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) { free(buf); hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf); hydra_child_exit(2); } //by default this service is waiting for ssl connections if (strstr(buf, "SSL Required") != NULL) { if ((options & OPTION_SSL) == 0) { //reconnecting using SSL if (hydra_connect_to_ssl(sock) == -1) { free(buf); hydra_report(stderr, "[ERROR] Can't use SSL\n"); hydra_child_exit(2); } } } free(buf); next_run = 2; break; case 2: /* run the cracking function */ next_run = start_vmauthd(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-vnc.c0000644000175000010010000001620212441064454013125 0ustar marcNone /* * Tested against RealVNC P4.6.0 using 3.3 and 4.1 RFB * proto with None and VLC auth (david@) * */ #include "hydra-mod.h" #include "d3des.h" #define CHALLENGESIZE 16 //for RFB 003.003 & 003.005 #define RFB33 1 //for RFB 3.7 and onwards #define RFB37 2 int vnc_client_version = RFB33; int failed_auth = 0; extern char *HYDRA_EXIT; char *buf; /* * Encrypt CHALLENGESIZE bytes in memory using a password. * Ripped from vncauth.c */ void vncEncryptBytes(unsigned char *bytes, char *passwd) { unsigned char key[8]; int i; /* key is simply password padded with nulls */ for (i = 0; i < 8; i++) { if (i < strlen(passwd)) { key[i] = passwd[i]; } else { key[i] = 0; } } deskey(key, EN0); for (i = 0; i < CHALLENGESIZE; i += 8) { des(bytes + i, bytes + i); } } int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = ""; char *pass; unsigned char buf2[CHALLENGESIZE + 4]; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; recv(s, buf2, CHALLENGESIZE + 4, 0); if (vnc_client_version == RFB37) { int i; //fprintf(stderr,"number of security types supported: %d\n", buf2[0]); if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) { hydra_report(stderr, "[ERROR] VNC server connection failed\n"); hydra_child_exit(0); } for (i = 1; i <= buf2[0]; i++) { //fprintf(stderr,"sec type %u\n",buf2[i]); //check if weak security types are available if (buf2[i] <= 0x2) { buf2[3] = buf2[i]; break; } } } //supported security type switch (buf2[3]) { case 0x0: hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf[3]); hydra_child_exit(0); case 0x1: hydra_report(fp, "VNC server does not require authentication.\n"); if (fp != stdout) hydra_report(stdout, "VNC server does not require authentication.\n"); hydra_report_found_host(port, ip, "vnc", fp); hydra_completed_pair_found(); hydra_child_exit(2); case 0x2: //VNC security type supported is the only type supported for now if (vnc_client_version == RFB37) { sprintf(buf, "%c", 0x2); if (hydra_send(s, buf, strlen(buf), 0) < 0) { return 1; } //get authentication challenge from server if (recv(s, buf2, CHALLENGESIZE, 0) == -1) return 1; //send response vncEncryptBytes(buf2, pass); if (hydra_send(s, (char *) buf2, CHALLENGESIZE, 0) < 0) { return 1; } } else { //in old proto, challenge is following the security type vncEncryptBytes((unsigned char *) buf2 + 4, pass); if (hydra_send(s, (char *) buf2 + 4, CHALLENGESIZE, 0) < 0) { return 1; } } break; default: hydra_report(stderr, "[ERROR] unknown VNC security type\n"); hydra_child_exit(2); } //check security result value recv(s, buf, 4, 0); if (buf == NULL) return 1; switch (buf[3]) { case 0x0: hydra_report_found_host(port, ip, "vnc", fp); hydra_completed_pair_found(); free(buf); failed_auth = 0; if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; case 0x1: free(buf); if (verbose) hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; default: free(buf); hydra_report(stderr, "[ERROR] unknown VNC server security result %d\n", buf[3]); return 1; } return 1; /* never reached */ } void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_VNC, mysslport = PORT_VNC_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } usleep(300000); buf = hydra_receive_line(sock); if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } if (strstr(buf, " security failures") != NULL) { /* check the first line */ /* VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts. The IP address is initially blocked for ten seconds, but this doubles for each unsuccessful attempt thereafter. A successful connection from an IP address resets the blacklist timeout. This is built in to VNC Server and does not rely on operating system support. */ failed_auth++; hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n"); sleep(12 * failed_auth); free(buf); next_run = 1; break; } if (verbose) hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf); if (((strstr(buf, "RFB 004.001") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { //using proto version 003.008 to talk to server 004.001 same for 3.7 and 3.8 vnc_client_version = RFB37; free(buf); buf = strdup("RFB 003.007\n"); } else { //for RFB 3.3 and fake 3.5 vnc_client_version = RFB33; free(buf); buf = strdup("RFB 003.003\n"); } hydra_send(sock, buf, strlen(buf), 0); next_run = 2; break; case 2: /* run the cracking function */ next_run = start_vnc(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 4: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } } int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra-wizard.sh0000755000175000010010000000330312441065160014023 0ustar marcNone#!/bin/sh # # based on a script by Shivang Desai # echo echo "Welcome to the Hydra Wizard" echo read -p "Enter the service to attack (eg: ftp, ssh, http-post-form): " service test -z "$service" && { echo Error: service may not be empty ; exit 1 ; } read -p "Enter the target to attack (or filename with targets): " target test -z "$target" && { echo Error: target may not be empty ; exit 1 ; } read -p "Enter a username to test or a filename: " user test -z "$user" && { echo Error: user may not be empty ; exit 1 ; } read -p "Enter a password to test or a filename: " pass test -z "$pass" && { echo Error: pass may not be empty ; exit 1 ; } read -p "If you want to test for passwords (s)ame as login, (n)ull or (r)everse login, enter these letters without spaces (e.g. \"sr\") or leave empty otherwise: " pw read -p "Port number (press enter for default): " port echo echo The following options are supported by the service module: hydra -U $service echo read -p "If you want to add module options, enter them here (or leave empty): " opt echo ports="" pws="" opts="" test -e "$target" && targets="-M $target" test -e "$target" || targets="$target" test -e "$user" && users="-L $user" test -e "$user" || users="-l $user" test -e "$pass" && passs="-P $pass" test -e "$pass" || passs="-p $pass" test -n "$port" && ports="-s $port" test -n "$pw" && pws="-e $pw" test -n "$opt" && opts="-m '$opt'" echo The following command will be executed now: echo " hydra $users $passs -u $pws $ports $opts $targets $service" echo read -p "Do you want to run the command now? [Y/n] " yn test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; } echo hydra $users $passs -u $pws $ports $opts $targets $service hydra-8.1/hydra-xmpp.c0000644000175000010010000004175512441064454013336 0ustar marcNone#include "hydra-mod.h" #include "sasl.h" /* david: ref http://xmpp.org/rfcs/rfc3920.html */ extern char *HYDRA_EXIT; static char *domain = NULL; int xmpp_auth_mechanism = AUTH_ERROR; char *JABBER_CLIENT_INIT_STR = ""; int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { char *empty = "\"\""; char *login, *pass, buffer[500], buffer2[500]; char *AUTH_STR = ""; char *CHALLENGE_STR = ""; char *CHALLENGE_STR2 = ""; char *CHALLENGE_END_STR = ""; char *RESPONSE_STR = ""; char *RESPONSE_END_STR = ""; char *fooptr, *buf; if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; switch (xmpp_auth_mechanism) { case AUTH_SCRAMSHA1: sprintf(buffer, "%s%s%s", AUTH_STR, "SCRAM-SHA-1", AUTH_STR_END); break; case AUTH_CRAMMD5: sprintf(buffer, "%s%s%s", AUTH_STR, "CRAM-MD5", AUTH_STR_END); break; case AUTH_DIGESTMD5: sprintf(buffer, "%s%s%s", AUTH_STR, "DIGEST-MD5", AUTH_STR_END); break; case AUTH_PLAIN: sprintf(buffer, "%s%s%s", AUTH_STR, "PLAIN", AUTH_STR_END); break; default: sprintf(buffer, "%s%s%s", AUTH_STR, "LOGIN", AUTH_STR_END); break; } hydra_send(s, buffer, strlen(buffer), 0); usleep(300000); if ((buf = hydra_receive_line(s)) == NULL) return 3; if (debug) hydra_report(stderr, "DEBUG S: %s\n", buf); if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { /* the challenge string is sent depending of the auth chosen it's the case for login auth */ char *ptr = strstr(buf, CHALLENGE_STR); if (!ptr) ptr = strstr(buf, CHALLENGE_STR2); char *ptr_end = strstr(ptr, CHALLENGE_END_STR); int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); if ((chglen > 0) && (chglen < sizeof(buffer2))) { strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); buffer2[chglen] = '\0'; memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buffer2); if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); } switch (xmpp_auth_mechanism) { case AUTH_LOGIN:{ if (strstr(buffer, "sername") != NULL) { strncpy(buffer2, login, sizeof(buffer2) - 1); buffer2[sizeof(buffer2) - 1] = '\0'; hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { free(buf); return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; /* server now would ask for the password */ if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { char *ptr = strstr(buf, CHALLENGE_STR); if (!ptr) ptr = strstr(buf, CHALLENGE_STR2); char *ptr_end = strstr(ptr, CHALLENGE_END_STR); int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); if ((chglen > 0) && (chglen < sizeof(buffer2))) { strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); buffer2[chglen] = '\0'; memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buffer2); if (strstr(buffer, "assword") != NULL) { strncpy(buffer2, pass, sizeof(buffer2) - 1); buffer2[sizeof(buffer2) - 1] = '\0'; hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); } } else { hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); free(buf); return 1; } } } } break; #ifdef LIBOPENSSL case AUTH_PLAIN:{ memset(buffer2, 0, sizeof(buffer)); sasl_plain(buffer2, login, pass); sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer); } break; case AUTH_CRAMMD5:{ int rc = 0; char *preplogin; memset(buffer2, 0, sizeof(buffer2)); sasl_cram_md5(buffer2, pass, buffer); rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { free(buf); return 3; } sprintf(buffer, "%.200s %.250s", preplogin, buffer2); if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer); hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); strncpy(buffer, buffer2, sizeof(buffer) - 1); buffer[sizeof(buffer) - 1] = '\0'; free(preplogin); } break; case AUTH_DIGESTMD5:{ memset(buffer2, 0, sizeof(buffer2)); fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); if (fooptr == NULL) { free(buf); return 3; } if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer2); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); } break; case AUTH_SCRAMSHA1:{ /*client-first-message */ char clientfirstmessagebare[200]; char *preplogin; int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { free(buf); return 3; } snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); free(preplogin); sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); free(buf); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { char serverfirstmessage[200]; char *ptr = strstr(buf, CHALLENGE_STR); if (!ptr) ptr = strstr(buf, CHALLENGE_STR2); char *ptr_end = strstr(ptr, CHALLENGE_END_STR); int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); if ((chglen > 0) && (chglen < sizeof(buffer2))) { strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); buffer2[chglen] = '\0'; } else { hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); free(buf); return 1; } /*server-first-message */ memset(buffer, 0, sizeof(buffer)); from64tobits((char *) buffer, buffer2); strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; memset(buffer2, 0, sizeof(buffer2)); fooptr = buffer2; sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); if (fooptr == NULL) { hydra_report(stderr, "[ERROR] Can't compute client response\n"); free(buf); return 1; } hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); } else { if (verbose || debug) hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); free(buf); return 1; } } break; #endif ptr = 0; } free(buf); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } usleep(50000); buf = hydra_receive_line(s); if (buf == NULL) return 1; //we test the challenge tag as digest-md5 when connected is sending "rspauth" value //so if we are receiving a second challenge we assume the auth is good if ((strstr(buf, "= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { if (verbose || debug) hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } memset(buffer, 0, sizeof(buffer)); snprintf(buffer, sizeof(buffer), "%s%s%s", JABBER_CLIENT_INIT_STR, domain, JABBER_CLIENT_INIT_END_STR); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { hydra_child_exit(1); } //some server is longer to answer usleep(300000); buf = hydra_receive_line(sock); if (buf == NULL) hydra_child_exit(1); if (strstr(buf, "SCRAM-SHA-1") != NULL) { xmpp_auth_mechanism = AUTH_SCRAMSHA1; } if (strstr(buf, "CRAM-MD5") != NULL) { xmpp_auth_mechanism = AUTH_CRAMMD5; } if (strstr(buf, "DIGEST-MD5") != NULL) { xmpp_auth_mechanism = AUTH_DIGESTMD5; } if (strstr(buf, "PLAIN") != NULL) { xmpp_auth_mechanism = AUTH_PLAIN; } if (strstr(buf, "LOGIN") != NULL) { xmpp_auth_mechanism = AUTH_LOGIN; } } if (xmpp_auth_mechanism == AUTH_ERROR) { /* no auth method identified */ hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf); free(buf); hydra_child_exit(1); } free(buf); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { int i; for (i = 0; i < strlen(miscptr); i++) miscptr[i] = (char) toupper((int) miscptr[i]); if (strncmp(miscptr, "LOGIN", 5) == 0) xmpp_auth_mechanism = AUTH_LOGIN; if (strncmp(miscptr, "PLAIN", 5) == 0) xmpp_auth_mechanism = AUTH_PLAIN; #ifdef LIBOPENSSL if (strncmp(miscptr, "CRAM-MD5", 8) == 0) xmpp_auth_mechanism = AUTH_CRAMMD5; if (strncmp(miscptr, "SCRAM-SHA1", 10) == 0) xmpp_auth_mechanism = AUTH_SCRAMSHA1; if (strncmp(miscptr, "DIGEST-MD5", 10) == 0) xmpp_auth_mechanism = AUTH_DIGESTMD5; #endif } if (verbose) { switch (xmpp_auth_mechanism) { case AUTH_LOGIN: hydra_report(stderr, "[VERBOSE] using XMPP LOGIN AUTH mechanism\n"); break; case AUTH_PLAIN: hydra_report(stderr, "[VERBOSE] using XMPP PLAIN AUTH mechanism\n"); break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: hydra_report(stderr, "[VERBOSE] using XMPP CRAM-MD5 AUTH mechanism\n"); break; case AUTH_SCRAMSHA1: hydra_report(stderr, "[VERBOSE] using XMPP SCRAM-SHA1 AUTH mechanism\n"); break; case AUTH_DIGESTMD5: hydra_report(stderr, "[VERBOSE] using XMPP DIGEST-MD5 AUTH mechanism\n"); break; #endif } } #ifdef LIBOPENSSL //check if tls is not wanted and if tls is available if (!disable_tls && tls) { char *STARTTLS = ""; hydra_send(sock, STARTTLS, strlen(STARTTLS), 0); usleep(300000); buf = hydra_receive_line(sock); if (buf == NULL || strstr(buf, "= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } hydra-8.1/hydra.10000644000175000010010000000763512441064454012271 0ustar marcNone.TH "HYDRA" "1" "24/05/2012" .SH NAME hydra \- a very fast network logon cracker which support many different services .SH SYNOPSIS .B hydra [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT]] | [\-C FILE]] [\-e nsr] [\-u] [\-f] [\-F] [\-M FILE] [\-o FILE] [\-t TASKS] [\-w TIME] [\-W TIME] [\-s PORT] [\-S] [\-4/6] [\-vV] [\-d] server service [OPTIONAL_SERVICE_PARAMETER] .br .SH DESCRIPTION Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. This tool gives researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system. Currently this tool supports: AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, FTPS, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTP-PROXY-URLENUM, ICQ, IMAP, IRC, LDAP2, LDAP3, MS-SQL, MYSQL, NCP, NNTP, Oracle, Oracle-Listener, Oracle-SID, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, REXEC, RLOGIN, RSH, SAP/R3, SIP, SMB, SMTP, SMTP-Enum, SNMP, SOCKS5, SSH(v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. For most protocols, SSL mode is available (e.g. https-get, ftp-ssl, etc.) If not all necessary libraries are found during compile time, your available services will be less. Type "hydra" to see what is available. .SH Options .TP .B target a target to attack, can be an IPv4 address, IPv6 address or DNS name. .TP .B service a service to attack, see the list of protocols available .TP .B OPTIONAL SERVICE PARAMETER Some modules have optional or mandatory options. type "hydra \-U " to get help on on the options of a service. .TP .B \-R restore a previously aborted session. Requires a hydra.restore file was written. No other options are allowed when using \-R .TP .B \-S connect via SSL .TP .B \-s PORT if the service is on a different default port, define it here .TP .B \-l LOGIN or \-L FILE login with LOGIN name, or load several logins from FILE .TP .B \-p PASS or \-P FILE try password PASS, or load several passwords from FILE .TP .B \-x min:max:charset generate passwords from min to max length. charset can contain 1 for numbers, a for lowcase and A for upcase characters. Any other character is added is put to the list. Example: 1:2:a1%. The generated passwords will be of length 1 to 2 and contain lowcase letters, numbers and/or percent signs and dots. .TP .B \-e nsr additional checks, "n" for null password, "s" try login as pass, "r" try the reverse login as pass .TP .B \-C FILE colon separated "login:pass" format, instead of \-L/\-P options .TP .B \-u by default Hydra checks all passwords for one login and then tries the next login. This option loops around the passwords, so the first password is tried on all logins, then the next password. .TP .B \-f exit after the first found login/password pair (per host if \-M) .TP .B \-F exit after the first found login/password pair for any host (for usage with -M) .TP .B \-M FILE server list for parallel attacks, one entry per line .TP .B \-o FILE write found login/password pairs to FILE instead of stdout .TP .B \-t TASKS run TASKS number of connects in parallel (default: 16) .TP .B \-w TIME defines the max wait time in seconds for responses (default: 32) .TP .B \-W TIME defines a wait time between each connection a task performs. This usually only makes sense if a low task number is used, .e.g \-t 1 .TP .B \-4 / \-6 prefer IPv4 (default) or IPv6 addresses .TP .B \-v / \-V verbose mode / show login+pass combination for each attempt .B \-d debug mode .TP .B \-h, \-\-help Show summary of options. .SH SEE ALSO .BR xhydra (1), .BR pw-inspector (1). .br The programs are documented fully by van Hauser .SH AUTHOR hydra was written by van Hauser / THC .PP This manual page was written by Daniel Echeverry , for the Debian project (and may be used by others). hydra-8.1/hydra.c0000644000175000010010000056554212441064460012356 0ustar marcNone/* * hydra (c) 2001-2014 by van Hauser / THC * http://www.thc.org * * Parallized network login hacker. * Don't use in military or secret service organizations, or for illegal purposes. * * License: GNU AFFERO GENERAL PUBLIC LICENSE v3.0, see LICENSE file */ #include "hydra.h" #include "bfg.h" extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); // ADD NEW SERVICES HERE #ifdef HAVE_MATH_H extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif #ifdef LIBPOSTGRES extern void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif #ifdef LIBOPENSSL extern void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif #ifdef LIBSAPR3 extern void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif #ifdef LIBFIREBIRD extern void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif #ifdef LIBAFP extern void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif #ifdef LIBNCP extern void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif #ifdef LIBSSH extern void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif #ifdef LIBSVN extern void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif #ifdef LIBORACLE extern void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); #endif extern int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); // ADD NEW SERVICES HERE // ADD NEW SERVICES HERE char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; #define MAXBUF 520 #define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) #define MAXTASKS 64 #define MAXSERVERS 16 #define MAXFAIL 3 #define MAXENDWAIT 20 #define WAITTIME 32 #define TASKS 16 #define SKIPLOGIN 256 #define USLEEP_LOOP 10 #define MAX_LINES 50000000 // 50 millions, do not put more than 65millions #define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" #define VERSION "v8.1" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define RESOURCE "http://www.thc.org/thc-hydra" extern char *hydra_strcasestr(const char *haystack, const char *needle); extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); extern char *hydra_string_replace(const char *string, const char *substr, const char *replacement); extern char *hydra_address2string(char *address); extern int colored_output; extern char quiet; extern int do_retry; void hydra_kill_head(int head_no, int killit, int fail); // some structure definitions typedef struct { pid_t pid; int sp[2]; int target_no; char *current_login_ptr; char *current_pass_ptr; char reverse[256]; int active; int redo; time_t last_seen; } hydra_head; typedef struct { char *target; char ip[36]; char *login_ptr; char *pass_ptr; unsigned long int login_no; unsigned long int pass_no; unsigned long int sent; int pass_state; int use_count; int done; // 0 if active, 1 if finished scanning, 2 if error (for RESTOREFILE), 3 could not be resolved int fail_count; int redo_state; int redo; int ok; int failed; int skipcnt; int port; char *redo_login[MAXTASKS * 2 + 2]; char *redo_pass[MAXTASKS * 2 + 2]; char *skiplogin[SKIPLOGIN]; // char *bfg_ptr[MAXTASKS]; } hydra_target; typedef struct { int active; // active tasks of hydra_options.max_use int targets; int finished; int exit; unsigned long int todo_all; unsigned long int todo; unsigned long int sent; unsigned long int found; unsigned long int countlogin; unsigned long int countpass; size_t sizelogin; size_t sizepass; FILE *ofp; } hydra_brain; typedef struct { int mode; // valid modes: 0 = -l -p, 1 = -l -P, 2 = -L -p, 3 = -L -P, 4 = -l -x, 6 = -L -x, +8 if -e r, +16 if -e n, +32 if -e s, 64 = -C | bit 128 undefined int loop_mode; // valid modes: 0 = password, 1 = user int ssl; int restore; int debug; // is external - for restore int verbose; // is external - for restore int showAttempt; int tasks; int try_null_password; int try_password_same_as_login; int try_password_reverse_login; int exit_found; int max_use; int cidr; char *login; char *loginfile; char *pass; char *passfile; char *outfile_ptr; char *infile_ptr; char *colonfile; int waittime; // is external - for restore int conwait; // is external - for restore unsigned int port; // is external - for restore char *miscptr; char *server; char *service; char bfg; } hydra_option; typedef struct { char *name; int port; int port_ssl; } hydra_portlist; // external vars extern char HYDRA_EXIT[5]; #if !defined(ANDROID) && !defined(__BIONIC__) extern int errno; #endif extern int debug; extern int verbose; extern int waittime; extern int port; extern int found; extern int use_proxy; extern int proxy_string_port; extern char proxy_string_ip[36]; extern char proxy_string_type[10]; extern char *proxy_authentication; extern char *cmdlinetarget; extern char *fe80; // required global vars char *prg; size_t size_of_data = -1; hydra_head **hydra_heads = NULL; hydra_target **hydra_targets = NULL; hydra_option hydra_options; hydra_brain hydra_brains; char *sck = NULL; int prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int child_head_no = -1, child_socket; // moved for restore feature int process_restore = 0, dont_unlink; char *login_ptr = NULL, *pass_ptr = "", *csv_ptr = NULL, *servers_ptr = NULL; size_t countservers = 1, sizeservers = 0; char empty_login[2] = "", unsupported[500] = ""; // required to save stack memory char snpbuf[MAXBUF]; int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" void help(int ext) { printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" #ifdef HAVE_MATH_H " [-x MIN:MAX:CHARSET]" #endif " [-SuvVd46] " //"[server service [OPT]]|" "[service://server[:PORT][/OPT]]\n"); printf("\nOptions:\n"); if (ext) printf(" -R restore a previous aborted/crashed session\n"); #ifdef LIBOPENSSL if (ext) printf(" -S perform an SSL connect\n"); #endif if (ext) printf(" -s PORT if the service is on a different default port, define it here\n"); printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); #ifdef HAVE_MATH_H if (ext) printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); #endif if (ext) printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); if (ext) printf(" -u loop around users, not passwords (effective! implied with -x)\n"); printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); if (ext) printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); if (ext) printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS); if (ext) printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); if (ext) printf(" -4 / -6 prefer IPv4 (default) or IPv6 addresses\n"); if (ext) printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); if (ext) printf(" -q do not print messages about connection erros\n"); printf(" -U service module usage details\n"); if (ext == 0) printf(" -h more command line options (COMPLETE HELP)\n"); printf(" server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n"); printf(" service the service to crack (see below for supported protocols)\n"); printf(" OPT some service modules support additional input (-U for module help)\n"); printf("\nSupported services: %s\n", SERVICES); printf("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", PROGRAM, RESOURCE); printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); if (ext && strlen(unsupported) > 0) { if (unsupported[strlen(unsupported) - 1] == ' ') unsupported[strlen(unsupported) - 1] = 0; printf("These services were not compiled in: %s.\n", unsupported); } if (ext) { printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n"); printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n"); printf(" %% export HYDRA_PROXY_AUTH=user:pass\n"); } printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); if (ext) { printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); printf(" hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n"); printf(" hydra -l admin -p password ftp://[192.168.0.0/24]/\n"); printf(" hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); } exit(-1); } void help_bfg() { printf("Hydra bruteforce password generation option usage:\n\n" " -x MIN:MAX:CHARSET\n\n" " MIN is the minimum number of characters in the password\n" " MAX is the maximum number of characters in the password\n" " CHARSET is a specification of the characters to use in the generation\n" " valid CHARSET values are: 'a' for lowercase letters,\n" " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); exit(-1); } void module_usage() { int find = 0; if (hydra_options.service) { printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); find = 1; } if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); find = 1; } if (strcmp(hydra_options.service, "cvs") == 0) { printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); find = 1; } if (strcmp(hydra_options.service, "xmpp") == 0) { printf("Module xmpp is optionally taking one authentication type of:\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { printf("Module pop3 is optionally taking one authentication type of:\n" " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "imap") == 0)) { printf("Module imap is optionally taking one authentication type of:\n" " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" "login parameter is used as username and password parameter as the domain name\n" "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { printf("Module smtp is optionally taking one authentication type of:\n" " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "svn") == 0)) { printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "irc") == 0)) { printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { printf("Module telnet is optionally taking the string which is displayed after\n" "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { printf("Module sshkey does not provide additional options, although the semantic for\n" "options -p and -P is changed:\n" " -p expects a path to an unencrypted private key in PEM format.\n" " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" "Note: if AAA authentication is used, use the -l option for the username\n" "and the optional parameter for the password of the user.\n" "Examples:\n" " hydra -P pass.txt target cisco-enable (direct console access)\n" " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); find = 1; } if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) || (strcmp(hydra_options.service, "ldap3") == 0) || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) ) { printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" "Note: you can also specify the DN as login when Simple auth method is used).\n" "The keyword \"^USER^\" is replaced with the login.\n" "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" "So don't forget to set empty string as user/pass to test all modes.\n" "Hint: to authenticate to a windows active directy ldap, this is usually\n" " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); find = 1; } if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" "Note: you can set the group type using LOCAL or DOMAIN keyword\n" " or other_domain:{value} to specify a trusted domain.\n" " you can set the password type using HASH or MACHINE keyword\n" " (to use the Machine's NetBIOS name as the password).\n" " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" "Example: \n" " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); find = 1; } if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) || (strcmp(hydra_options.service, "https-get-form") == 0) || (strcmp(hydra_options.service, "http-post-form") == 0) || (strcmp(hydra_options.service, "https-post-form") == 0) || (strncmp(hydra_options.service, "http-form", 9) == 0) || (strncmp(hydra_options.service, "https-form", 10) == 0) ) ) { printf("Module %s requires the page and the parameters for the web form.\n\n" "By default this module is configured to follow a maximum of 5 redirections in\n" "a row. It always gathers a new cookie from the same URL without variables\n" "The parameters take three \":\" separated values, plus optional values.\n" "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" "\nSyntax: :
:[:[:]\n" "First is the page on the server to GET or POST to (URL).\n" "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" " placeholders (FORM PARAMETERS)\n" "Third is the string that it checks for an *invalid* login (by default)\n" " Invalid condition login check can be preceded by \"F=\", successful condition\n" " login check must be preceded by \"S=\".\n" " This is where most people get it wrong. You have to check the webapp what a\n" " failed string looks like and put it in this parameter!\n" "The following parameters are optional:\n" " C=/page/uri to define a different page to gather initial cookies from\n" " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" " ^USER^ and ^PASS^ can also be put into these headers!\n" " Note: 'h' will add the user-defined header at the end\n" " regardless it's already being sent by Hydra or not.\n" " 'H' will replace the value of that header if it exists, by the\n" " one supplied by the user, or add the header at the end\n" "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" " All colons that are not option separators should be escaped (see the examples above and below).\n" " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" " in the header value itself, as they will be interpreted by hydra as option separators.\n" "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^\"\n" " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", hydra_options.service); find = 1; } if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { printf("Module http-proxy is optionally taking the page to authenticate at.\n" "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); find = 1; } if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" "The -L loginfile must contain the URL list to try through the proxy.\n" "The proxy credentials cann be put as the optional parameter, e.g.\n" " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); find = 1; } if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { printf("Module snmp is optionally taking the following parameters:\n"); printf(" READ perform read requests (default)\n"); printf(" WRITE perform write requests\n"); printf(" 1 use SNMP version 1 (default)\n"); printf(" 2 use SNMP version 2\n"); printf(" 3 use SNMP version 3\n"); printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); printf(" SNMP version 3 has the following optional sub parameters:\n"); printf(" MD5 use MD5 authentication (default)\n"); printf(" SHA use SHA authentication\n"); printf(" DES use DES encryption\n"); printf(" AES use AES encryption\n"); printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); printf(" only requires a password (or username) not both.\n"); printf("To combine the options, use colons (\":\"), e.g.:\n"); printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); printf(" hydra -P pass.txt -m 2 target.com snmp\n"); find = 1; } if (!find && ((strcmp(hydra_options.service, "http-get") == 0) || (strcmp(hydra_options.service, "https-get") == 0) || (strcmp(hydra_options.service, "http-post") == 0) || (strcmp(hydra_options.service, "https-post") == 0)) ) { printf("Module %s requires the page to authenticate.\n" "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); find = 1; } } if (!find) // this is also printed if the module does not exist at all printf("The Module %s does not need or support optional parameters\n", hydra_options.service); exit(0); } void hydra_debug(int force, char *string) { int i; if (!debug && !force) return; printf("[DEBUG] Code: %s Time: %lu\n", string, (unsigned long int) time(NULL)); printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, hydra_options.miscptr == NULL ? "(null)" : hydra_options.miscptr, hydra_options.service); printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.sizelogin, (unsigned long int) hydra_brains.countpass, (unsigned long int) hydra_brains.sizepass); for (i = 0; i < hydra_brains.targets; i++) printf ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", i, hydra_targets[i]->target == NULL ? "(null)" : hydra_targets[i]->target, hydra_address2string(hydra_targets[i]->ip), hydra_targets[i]->login_no, hydra_targets[i]->pass_no, hydra_targets[i]->sent, hydra_targets[i]->pass_state, hydra_targets[i]->use_count, hydra_targets[i]->failed, hydra_targets[i]->done, hydra_targets[i]->fail_count, hydra_targets[i]->login_ptr == NULL ? "(null)" : hydra_targets[i]->login_ptr, hydra_targets[i]->pass_ptr == NULL ? "(null)" : hydra_targets[i]->pass_ptr); if (hydra_heads != NULL) for (i = 0; i < hydra_options.max_use; i++) printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, hydra_heads[i]->current_login_ptr == NULL ? "(null)" : hydra_heads[i]->current_login_ptr, hydra_heads[i]->current_pass_ptr == NULL ? "(null)" : hydra_heads[i]->current_pass_ptr); } void bail(char *text) { fprintf(stderr, "[ERROR] %s\n", text); exit(-1); } void hydra_restore_write(int print_msg) { FILE *f; hydra_brain brain; char mynull[4] = { 0, 0, 0, 0 }; int i = 0, j = 0; hydra_head hh; if (process_restore != 1) return; for (i = 0; i < hydra_brains.targets; i++) if (hydra_targets[j]->done != 1 && hydra_targets[j]->done != 3) j++; if (j == 0) { process_restore = 0; return; } if ((f = fopen(RESTOREFILE, "w")) == NULL) { fprintf(stderr, "[ERROR] Can not create restore file (%s) - \n", RESTOREFILE); perror(""); process_restore = 0; return; } else if (debug) printf("[DEBUG] Writing restore file... "); fprintf(f, "%s\n", PROGRAM); memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); brain.targets = i; brain.ofp = NULL; brain.finished = brain.active = 0; fck = fwrite(&bf_options, sizeof(bf_options), 1, f); if (bf_options.crs != NULL) fck = fwrite(bf_options.crs, BF_CHARSMAX, 1, f); else fck = fwrite(mynull, sizeof(mynull), 1, f); fck = fwrite(&brain, sizeof(hydra_brain), 1, f); fck = fwrite(&hydra_options, sizeof(hydra_option), 1, f); fprintf(f, "%s\n", hydra_options.server == NULL ? "" : hydra_options.server); if (hydra_options.outfile_ptr == NULL) fprintf(f, "\n"); else fprintf(f, "%s\n", hydra_options.outfile_ptr); fprintf(f, "%s\n%s\n", hydra_options.miscptr == NULL ? "" : hydra_options.miscptr, hydra_options.service); fck = fwrite(login_ptr, hydra_brains.sizelogin, 1, f); if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); for (j = 0; j < hydra_brains.targets; j++) if (hydra_targets[j]->done != 1) { fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), (int) (hydra_targets[j]->pass_ptr - pass_ptr)); fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); if (hydra_targets[j]->redo) for (i = 0; i < hydra_targets[j]->redo; i++) fprintf(f, "%s\n%s\n", hydra_targets[j]->redo_login[i], hydra_targets[j]->redo_pass[i]); if (hydra_targets[j]->skipcnt) for (i = 0; i < hydra_targets[j]->skipcnt; i++) fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); } for (j = 0; j < hydra_options.max_use; j++) { memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); hh.active = 0; // re-enable disabled heads if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { hh.redo = 1; if (print_msg && debug) printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, hh.current_login_ptr, hh.current_pass_ptr); } fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); else fprintf(f, "\n\n"); } fprintf(f, "%s\n", PROGRAM); fclose(f); if (debug) printf("done\n"); if (print_msg) printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); hydra_debug(0, "hydra_restore_write()"); } void hydra_restore_read() { FILE *f; char mynull[4]; int i, j; char out[1024]; if ((f = fopen(RESTOREFILE, "r")) == NULL) { fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); perror(""); exit(-1); } sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; if (strcmp(out, PROGRAM) != 0) { fprintf(stderr, "[ERROR] invalid restore file (begin)\n"); exit(-1); } fck = (int) fread(&bf_options, sizeof(bf_options), 1, f); fck = (int) fread(mynull, sizeof(mynull), 1, f); if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { bf_options.crs = NULL; } else { bf_options.crs = malloc(BF_CHARSMAX); memcpy(bf_options.crs, mynull, sizeof(mynull)); fck = fread(bf_options.crs + sizeof(mynull), BF_CHARSMAX - sizeof(mynull), 1, f); } fck = (int) fread(&hydra_brains, sizeof(hydra_brain), 1, f); hydra_brains.ofp = stdout; fck = (int) fread(&hydra_options, sizeof(hydra_option), 1, f); hydra_options.restore = 1; verbose = hydra_options.verbose; debug = hydra_options.debug; waittime = hydra_options.waittime; conwait = hydra_options.conwait; port = hydra_options.port; sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_options.server = strdup(out); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; if (strlen(out) > 0) { hydra_options.outfile_ptr = malloc(strlen(out) + 1); strcpy(hydra_options.outfile_ptr, out); } else hydra_options.outfile_ptr = NULL; sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; if (strlen(out) == 0) hydra_options.miscptr = NULL; else { hydra_options.miscptr = malloc(strlen(out) + 1); strcpy(hydra_options.miscptr, out); } sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_options.service = malloc(strlen(out) + 1); strcpy(hydra_options.service, out); login_ptr = malloc(hydra_brains.sizelogin); fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode pass_ptr = malloc(hydra_brains.sizepass); fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); } else { // colonfile mode hydra_options.colonfile = empty_login; // dummy pass_ptr = csv_ptr = login_ptr; } hydra_targets = malloc((hydra_brains.targets + 3) * sizeof(hydra_targets)); for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_targets[j]->target = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->target, out); sck = fgets(out, sizeof(out), f); hydra_targets[j]->login_ptr = login_ptr + atoi(out); sck = fgets(out, sizeof(out), f); hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); sck = fgets(out, sizeof(out), f); // target login_ptr, ignord sck = fgets(out, sizeof(out), f); if (hydra_options.bfg) { if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->pass_ptr, out); } if (hydra_targets[j]->redo > 0) for (i = 0; i < hydra_targets[j]->redo; i++) { sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_targets[j]->redo_login[i] = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->redo_login[i], out); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->redo_pass[i], out); } if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin) hydra_targets[j]->skipcnt = 0; if (hydra_targets[j]->skipcnt > 0) for (i = 0; i < hydra_targets[j]->skipcnt; i++) { sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_targets[j]->skiplogin[i] = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->skiplogin[i], out); } hydra_targets[j]->fail_count = 0; hydra_targets[j]->use_count = 0; hydra_targets[j]->failed = 0; } hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 8); for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); hydra_heads[j]->sp[0] = -1; hydra_heads[j]->sp[1] = -1; sck = fgets(out, sizeof(out), f); if (hydra_heads[j]->redo) { if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); strcpy(hydra_heads[j]->current_login_ptr, out); } sck = fgets(out, sizeof(out), f); if (hydra_heads[j]->redo) { if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; if (out[0] != 0 || hydra_heads[j]->current_login_ptr[0] != 0) { hydra_heads[j]->current_pass_ptr = malloc(strlen(out) + 1); strcpy(hydra_heads[j]->current_pass_ptr, out); if (debug) printf("[DEBUG] redo: %d %s/%s\n", j, hydra_heads[j]->current_login_ptr, hydra_heads[j]->current_pass_ptr); } else { hydra_heads[j]->redo = 0; free(hydra_heads[j]->current_login_ptr); hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; } } else { hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; } } sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; if (strcmp(out, PROGRAM) != 0) { fprintf(stderr, "[ERROR] invalid restore file (end)\n"); exit(-1); } fclose(f); hydra_debug(0, "hydra_restore_read"); } void killed_childs(int signo) { int pid, i; killed++; pid = wait3(NULL, WNOHANG, NULL); for (i = 0; i < hydra_options.max_use; i++) { if (pid == hydra_heads[i]->pid) { hydra_heads[i]->pid = -1; hydra_kill_head(i, 1, 0); return; } } } void killed_childs_report(int signo) { if (debug) printf("[DEBUG] children crashed! (%d)\n", child_head_no); fck = write(child_socket, "E", 1); _exit(-1); } void kill_children(int signo) { int i; if (verbose) fprintf(stderr, "[ERROR] Received signal %d, going down ...\n", signo); if (process_restore == 1) hydra_restore_write(1); if (hydra_heads != NULL) { for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) kill(hydra_heads[i]->pid, SIGTERM); for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) kill(hydra_heads[i]->pid, SIGKILL); } exit(0); } unsigned long int countlines(FILE * fp, int colonmode) { size_t lines = 0; char *buf = malloc(MAXLINESIZE); int only_one_empty_line = 0; struct stat st; while (!feof(fp)) { if (fgets(buf, MAXLINESIZE, fp) != NULL) { if (buf[0] != 0) { if (buf[0] == '\r' || buf[0] == '\n') { if (only_one_empty_line == 0) { only_one_empty_line = 1; lines++; } } else { lines++; } } } } rewind(fp); free(buf); (void) fstat(fileno(fp), &st); size_of_data = st.st_size + 1; return lines; } void fill_mem(char *ptr, FILE * fp, int colonmode) { char tmp[MAXBUF + 4] = "", *ptr2; unsigned int len; int only_one_empty_line = 0; while (!feof(fp)) { if (fgets(tmp, MAXLINESIZE, fp) != NULL) { if (tmp[0] != 0) { if (tmp[strlen(tmp) - 1] == '\n') tmp[strlen(tmp) - 1] = '\0'; if (tmp[0] != 0 && tmp[strlen(tmp) - 1] == '\r') tmp[strlen(tmp) - 1] = '\0'; if ((len = strlen(tmp)) > 0 || (only_one_empty_line == 0 && colonmode == 0)) { if (len == 0 && colonmode == 0) { only_one_empty_line = 1; len = 1; tmp[len] = 0; } if (colonmode) { if ((ptr2 = index(tmp, ':')) == NULL) { fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); exit(-1); } else { // if (tmp[0] == ':') { // *ptr = 0; // ptr++; // } // if (tmp[len - 1] == ':' && len > 1) { // len++; // tmp[len - 1] = 0; // } *ptr2 = 0; } } memcpy(ptr, tmp, len); ptr += len; *ptr = '\0'; ptr++; } } } } fclose(fp); } char *hydra_build_time() { static char datetime[24]; struct tm *the_time; time_t epoch; time(&epoch); the_time = localtime(&epoch); strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); return (char *) &datetime; } void hydra_service_init(int target_no) { int x = 99; #ifdef LIBAFP if (strcmp(hydra_options.service, "afp") == 0) x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "asterisk") == 0) x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "cisco-enable") == 0) x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "cvs") == 0) x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "cisco") == 0) x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBFIREBIRD if (strcmp(hydra_options.service, "firebird") == 0) x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-proxy") == 0) x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "icq") == 0) x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "imap") == 0) x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "irc") == 0) x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strncmp(hydra_options.service, "ldap", 4) == 0) x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL if (strcmp(hydra_options.service, "sip") == 0) x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "oracle-listener") == 0) x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "oracle-sid") == 0) x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "rdp") == 0) x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "mssql") == 0) x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef HAVE_MATH_H if (strcmp(hydra_options.service, "mysql") == 0) x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBNCP if (strcmp(hydra_options.service, "ncp") == 0) x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "nntp") == 0) x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBORACLE if (strcmp(hydra_options.service, "oracle") == 0) x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "pcanywhere") == 0) x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "pcnfs") == 0) x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "pop3") == 0) x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBPOSTGRES if (strcmp(hydra_options.service, "postgres") == 0) x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "rexec") == 0) x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "rlogin") == 0) x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "rsh") == 0) x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBSAPR3 if (strcmp(hydra_options.service, "sapr3") == 0) x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "smtp") == 0) x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "smtp-enum") == 0) x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "snmp") == 0) x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "socks5") == 0) x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBSSH if (strcmp(hydra_options.service, "ssh") == 0) x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "sshkey") == 0) x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBSVN if (strcmp(hydra_options.service, "svn") == 0) x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "teamspeak") == 0) x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "telnet") == 0) x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "vmauthd") == 0) x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "vnc") == 0) x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "xmpp") == 0) x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "s7-300") == 0) x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); // ADD NEW SERVICES HERE if (x != 0 && x != 99) { if (x > 0 && x < 4) hydra_targets[target_no]->done = x; else hydra_targets[target_no]->done = 2; hydra_brains.finished++; if (hydra_brains.targets == 1) exit(-1); } } int hydra_spawn_head(int head_no, int target_no) { int i; if (head_no < 0 || head_no >= hydra_options.max_use || target_no < 0 || target_no >= hydra_brains.targets) { if (verbose > 1 || debug) printf("[DEBUG-ERROR] spawn_head: head_no %d, target_no %d\n", head_no, target_no); return -1; } if (hydra_heads[head_no]->active < 0) { printf("[DEBUG-ERROR] child %d should not be respawned!\n", head_no); return -1; } if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { child_head_no = head_no; if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD // set new signals for child process_restore = 0; child_socket = hydra_heads[head_no]->sp[1]; signal(SIGCHLD, killed_childs); signal(SIGTERM, exit); #ifdef SIGBUS signal(SIGBUS, exit); #endif signal(SIGSEGV, killed_childs_report); signal(SIGHUP, exit); signal(SIGINT, exit); signal(SIGPIPE, exit); // free structures to make memory available cmdlinetarget = hydra_targets[target_no]->target; for (i = 0; i < hydra_options.max_use; i++) if (i != head_no) free(hydra_heads[i]); for (i = 0; i < hydra_brains.targets; i++) if (i != target_no) free(hydra_targets[i]); if (hydra_options.loginfile != NULL) free(login_ptr); if (hydra_options.passfile != NULL) free(pass_ptr); if (hydra_options.colonfile != NULL && hydra_options.colonfile != empty_login) free(csv_ptr); // we must keep servers_ptr for cmdlinetarget to work if (debug) printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); // now call crack module if (strcmp(hydra_options.service, "asterisk") == 0) service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "telnet") == 0) service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "ftp") == 0) service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "ftps") == 0) service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "redis") == 0) service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "pop3") == 0) service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "imap") == 0) service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "vmauthd") == 0) service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "ldap2") == 0) service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "ldap3") == 0) service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-head") == 0) service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-get") == 0) service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-get-form") == 0) service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-post-form") == 0) service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-proxy") == 0) service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "cisco") == 0) service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "cisco-enable") == 0) service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "socks5") == 0) service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "vnc") == 0) service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "rexec") == 0) service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "rlogin") == 0) service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "rsh") == 0) service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "nntp") == 0) service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "icq") == 0) service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "pcnfs") == 0) service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef HAVE_MATH_H if (strcmp(hydra_options.service, "mysql") == 0) service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "mssql") == 0) service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL if (strcmp(hydra_options.service, "oracle-listener") == 0) service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "oracle-sid") == 0) service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBORACLE if (strcmp(hydra_options.service, "oracle") == 0) service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBPOSTGRES if (strcmp(hydra_options.service, "postgres") == 0) service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBFIREBIRD if (strcmp(hydra_options.service, "firebird") == 0) service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBAFP if (strcmp(hydra_options.service, "afp") == 0) service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBNCP if (strcmp(hydra_options.service, "ncp") == 0) service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "pcanywhere") == 0) service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "cvs") == 0) service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBSVN if (strcmp(hydra_options.service, "svn") == 0) service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "snmp") == 0) service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBSAPR3 if (strcmp(hydra_options.service, "sapr3") == 0) service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBSSH if (strcmp(hydra_options.service, "ssh") == 0) service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "sshkey") == 0) service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "smtp") == 0) service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "smtp-enum") == 0) service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "teamspeak") == 0) service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL if (strcmp(hydra_options.service, "sip") == 0) service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "xmpp") == 0) service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); if (strcmp(hydra_options.service, "irc") == 0) service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL if (strcmp(hydra_options.service, "rdp") == 0) service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif if (strcmp(hydra_options.service, "s7-300") == 0) service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); // ADD NEW SERVICES HERE // just in case a module returns (which it shouldnt) we let it exit here exit(-1); } else { child_head_no = -1; if (hydra_heads[head_no]->pid > 0) { fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); if (hydra_heads[head_no]->redo != 1) hydra_heads[head_no]->target_no = target_no; hydra_heads[head_no]->active = 1; hydra_targets[hydra_heads[head_no]->target_no]->use_count++; hydra_brains.active++; hydra_heads[head_no]->last_seen = time(NULL); if (debug) printf("[DEBUG] child %d spawned for target %d with pid %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->pid); } else { perror("[ERROR] Fork for children failed"); hydra_heads[head_no]->sp[0] = -1; hydra_heads[head_no]->active = 0; return -1; } } } else { perror("[ERROR] socketpair creation failed"); hydra_heads[head_no]->sp[0] = -1; hydra_heads[head_no]->active = 0; return -1; } return 0; } int hydra_lookup_port(char *service) { int i = 0, port = -2; hydra_portlist hydra_portlists[] = { {"ftp", PORT_FTP, PORT_FTP_SSL}, {"ftps", PORT_FTP, PORT_FTP_SSL}, {"http-head", PORT_HTTP, PORT_HTTP_SSL}, {"http-get", PORT_HTTP, PORT_HTTP_SSL}, {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, {"https-head", PORT_HTTP, PORT_HTTP_SSL}, {"https-get", PORT_HTTP, PORT_HTTP_SSL}, {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, {"icq", PORT_ICQ, PORT_ICQ_SSL}, {"imap", PORT_IMAP, PORT_IMAP_SSL}, {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, {"nntp", PORT_NNTP, PORT_NNTP_SSL}, {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, {"pop3", PORT_POP3, PORT_POP3_SSL}, {"redis", PORT_REDIS, PORT_REDIS_SSL}, {"rexec", PORT_REXEC, PORT_REXEC_SSL}, {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, {"rsh", PORT_RSH, PORT_RSH_SSL}, {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, {"ssh", PORT_SSH, PORT_SSH_SSL}, {"sshkey", PORT_SSH, PORT_SSH_SSL}, {"telnet", PORT_TELNET, PORT_TELNET_SSL}, {"cisco", PORT_TELNET, PORT_TELNET_SSL}, {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, {"vnc", PORT_VNC, PORT_VNC_SSL}, {"snmp", PORT_SNMP, PORT_SNMP_SSL}, {"cvs", PORT_CVS, PORT_CVS_SSL}, {"svn", PORT_SVN, PORT_SVN_SSL}, {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, {"afp", PORT_AFP, PORT_AFP_SSL}, {"ncp", PORT_NCP, PORT_NCP_SSL}, {"smtp", PORT_SMTP, PORT_SMTP_SSL}, {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, {"sip", PORT_SIP, PORT_SIP_SSL}, {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, {"irc", PORT_IRC, PORT_IRC_SSL}, {"rdp", PORT_RDP, PORT_RDP_SSL}, {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, // ADD NEW SERVICES HERE - add new port numbers to hydra.h {"", PORT_NOPORT, PORT_NOPORT} }; while (strlen(hydra_portlists[i].name) > 0 && port == -2) { if (strcmp(service, hydra_portlists[i].name) == 0) { if (hydra_options.ssl) port = hydra_portlists[i].port_ssl; else port = hydra_portlists[i].port; } i++; } if (port < 1) return -1; else return port; } // killit = 1 : kill(pid); fail = 1 : redo, fail = 2/3 : disable void hydra_kill_head(int head_no, int killit, int fail) { if (debug) printf("[DEBUG] head_no %d, kill %d, fail %d\n", head_no, killit, fail); if (head_no < 0) return; if (hydra_heads[head_no]->active > 0) { close(hydra_heads[head_no]->sp[0]); close(hydra_heads[head_no]->sp[1]); } if (killit) { if (hydra_heads[head_no]->pid > 0) kill(hydra_heads[head_no]->pid, SIGTERM); hydra_brains.active--; } if (hydra_heads[head_no]->active > 0) { hydra_heads[head_no]->active = 0; hydra_targets[hydra_heads[head_no]->target_no]->use_count--; } if (fail == 1) { if (hydra_options.cidr != 1) hydra_heads[head_no]->redo = 1; } else if (fail == 2) { if (hydra_options.cidr != 1) hydra_heads[head_no]->active = -1; if (hydra_heads[head_no]->target_no >= 0) hydra_targets[hydra_heads[head_no]->target_no]->failed++; } else if (fail == 3) { hydra_heads[head_no]->active = -1; if (hydra_heads[head_no]->target_no >= 0) hydra_targets[hydra_heads[head_no]->target_no]->failed++; } if (hydra_heads[head_no]->pid > 0 && killit) kill(hydra_heads[head_no]->pid, SIGKILL); hydra_heads[head_no]->pid = -1; if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { free(hydra_heads[head_no]->current_pass_ptr); hydra_heads[head_no]->current_pass_ptr = empty_login; // hydra_bfg_remove(head_no); // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; } (void) wait3(NULL, WNOHANG, NULL); } void hydra_increase_fail_count(int target_no, int head_no) { int i, k; if (target_no < 0) return; hydra_targets[target_no]->fail_count++; if (debug) printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - hydra_targets [target_no]->failed) : 1) + (hydra_targets[target_no]->ok ? 2 : -2)); if (hydra_targets[target_no]->fail_count >= MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - hydra_targets [target_no]->failed) : 1) + (hydra_targets[target_no]->ok ? 2 : -2) ) { k = 0; for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) k++; if (k <= 1) { // we need to put this in a list, otherwise we fail one login+pw test if (hydra_targets[target_no]->done == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; hydra_targets[target_no]->redo++; if (debug) printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { if (hydra_targets[target_no]->ok == 1) hydra_targets[target_no]->done = 2; // mark target as done by errors else hydra_targets[target_no]->done = 3; // mark target as done by unable to connect hydra_brains.finished++; fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); } if (hydra_brains.targets > hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else hydra_kill_head(head_no, 1, 2); } // we keep the last one alive as long as it make sense } else { // we need to put this in a list, otherwise we fail one login+pw test if (hydra_targets[target_no]->done == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; hydra_targets[target_no]->redo++; if (debug) printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } hydra_targets[target_no]->fail_count--; if (k < 5 && hydra_targets[target_no]->ok) hydra_targets[target_no]->fail_count--; if (k == 2 && hydra_targets[target_no]->ok) hydra_targets[target_no]->fail_count--; if (hydra_brains.targets > hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else { hydra_kill_head(head_no, 1, 2); if (verbose) printf("[VERBOSE] Disabled child %d because of too many errors\n", head_no); } } } else { hydra_kill_head(head_no, 1, 1); if (verbose) printf("[VERBOSE] Retrying connection for child %d\n", head_no); } } char *hydra_reverse_login(int head_no, char *login) { int i, j = strlen(login); if (j > 248) j = 248; else if (j == 0) return empty_login; for (i = 0; i < j; i++) hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; hydra_heads[head_no]->reverse[j] = 0; return hydra_heads[head_no]->reverse; } int hydra_send_next_pair(int target_no, int head_no) { // variables moved to save stack snpdone = 0; snp_is_redo = 0; snpdont = 0; loop_cnt++; if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { hydra_heads[head_no]->redo = 0; snp_is_redo = 1; snpdone = 1; } else { if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { if (hydra_targets[target_no]->done == 0) { hydra_targets[target_no]->done = 1; hydra_brains.finished++; if (verbose) printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); } return -1; } } if (debug) printf ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { if (debug) printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); return -1; } if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { hydra_heads[head_no]->redo = 0; snp_is_redo = 1; snpdone = 1; } else { if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo); hydra_heads[head_no]->redo = 0; if (hydra_targets[target_no]->redo_state > 0) { if (hydra_targets[target_no]->redo_state + 1 <= hydra_targets[target_no]->redo) { hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo_state - 1]; hydra_targets[target_no]->redo_state++; snpdone = 1; } // no else, that way a later lost pair is still added and done } else { // normale state, no redo if (hydra_targets[target_no]->done) { loop_cnt = 0; return -1; // head will be disabled by main while() } if (hydra_options.loop_mode == 0) { // one user after another if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { // as we loop password in mode == 0 we set the current login first hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; // then we do the extra options -e ns handling if (hydra_targets[target_no]->pass_state == 0 && snpdone == 0) { if (hydra_options.try_password_same_as_login) { hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->login_ptr; snpdone = 1; hydra_targets[target_no]->pass_no++; } hydra_targets[target_no]->pass_state++; } if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double if (hydra_options.try_null_password) { if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { hydra_heads[head_no]->current_pass_ptr = empty_login; snpdone = 1; } else { hydra_brains.sent++; hydra_targets[target_no]->sent++; } hydra_targets[target_no]->pass_no++; } hydra_targets[target_no]->pass_state++; } if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double if (hydra_options.try_password_reverse_login) { if ((hydra_options.try_password_same_as_login == 0 || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); snpdone = 1; } else { hydra_brains.sent++; hydra_targets[target_no]->sent++; } hydra_targets[target_no]->pass_no++; } hydra_targets[target_no]->pass_state++; } // now we handle the -C -l/-L -p/-P data if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { if ((hydra_options.mode & 64) == 64) { // colon mode hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; hydra_targets[target_no]->login_no++; snpdone = 1; hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; //hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; //hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) hydra_targets[target_no]->pass_ptr++; hydra_targets[target_no]->pass_ptr++; if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) hydra_targets[target_no]->pass_state = 0; if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (-C)\n"); return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } else { // standard -l -L -p -P mode hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; hydra_targets[target_no]->pass_no++; // double check if (hydra_targets[target_no]->pass_no >= hydra_brains.countpass) { // all passwords done, next user for next password hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->pass_ptr = pass_ptr; hydra_targets[target_no]->login_no++; hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; if (hydra_brains.countpass == hydra_options.try_password_reverse_login + hydra_options.try_null_password + hydra_options.try_password_same_as_login) return hydra_send_next_pair(target_no, head_no); } else { hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) hydra_targets[target_no]->pass_ptr++; hydra_targets[target_no]->pass_ptr++; } if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (-Pp)\n"); return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } snpdone = 1; } } } } else { // loop_mode == 1 if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; if (hydra_targets[target_no]->pass_state == 0) { if ((hydra_options.mode & 4) == 4) hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); else hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; } else if (hydra_targets[target_no]->pass_state == 1) { if ((hydra_options.mode & 4) == 4) hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); else hydra_heads[head_no]->current_pass_ptr = empty_login; } else if (hydra_targets[target_no]->pass_state == 2) { if ((hydra_options.mode & 4) == 4) hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); else hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); } else { if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 && hydra_heads[head_no]->current_pass_ptr != NULL && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) free(hydra_heads[head_no]->current_pass_ptr); hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); } hydra_targets[target_no]->login_no++; snpdone = 1; if (hydra_targets[target_no]->login_no >= hydra_brains.countlogin) { if (hydra_targets[target_no]->pass_state < 3) { hydra_targets[target_no]->pass_state++; if (hydra_targets[target_no]->pass_state == 1 && hydra_options.try_null_password == 0) hydra_targets[target_no]->pass_state++; if (hydra_targets[target_no]->pass_state == 2 && hydra_options.try_password_reverse_login == 0) hydra_targets[target_no]->pass_state++; if (hydra_targets[target_no]->pass_state == 3) snpdont = 1; hydra_targets[target_no]->pass_no++; } if (hydra_targets[target_no]->pass_state == 3) { if (snpdont) { hydra_targets[target_no]->pass_ptr = pass_ptr; } else { if ((hydra_options.mode & 4) == 4) { // bfg mode #ifndef HAVE_MATH_H sleep(1); #else hydra_targets[target_no]->pass_ptr = bf_next(); if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif } else { // -p -P mode hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) hydra_targets[target_no]->pass_ptr++; hydra_targets[target_no]->pass_ptr++; } hydra_targets[target_no]->pass_no++; } } hydra_targets[target_no]->login_no = 0; hydra_targets[target_no]->login_ptr = login_ptr; } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; } if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (1)\n"); return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } } } } if (debug) printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); // no pair? then we go for redo state if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { if (debug) printf("[DEBUG] Entering redo_state\n"); hydra_targets[target_no]->redo_state++; return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); if (hydra_targets[target_no]->use_count <= 1) { if (hydra_targets[target_no]->done == 0) { hydra_targets[target_no]->done = 1; hydra_brains.finished++; printf("[STATUS] attack finished for %s (waiting for children to finish) ...\n", hydra_targets[target_no]->target); } } if (hydra_brains.targets > hydra_brains.finished) hydra_kill_head(head_no, 1, 0); // otherwise done in main while loop } else { if (hydra_targets[target_no]->skipcnt > 0) { snpj = 0; for (snpi = 0; snpi < hydra_targets[target_no]->skipcnt && snpj == 0; snpi++) if (strcmp(hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi]) == 0) snpj = 1; if (snpj) { if (snp_is_redo == 0) { hydra_brains.sent++; hydra_targets[target_no]->sent++; } if (debug) printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); // only if -l/L -p/P with -u and if loginptr was not justed increased if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) // increase login_ptr to next hydra_targets[target_no]->login_no++; if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; } // add count hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; // reset password list hydra_targets[target_no]->pass_ptr = pass_ptr; hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; } return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } memset(&snpbuf, 0, sizeof(snpbuf)); strncpy(snpbuf, hydra_heads[head_no]->current_login_ptr, MAXLINESIZE - 3); if (strlen(hydra_heads[head_no]->current_login_ptr) > MAXLINESIZE - 3) snpbuflen = MAXLINESIZE - 2; else snpbuflen = strlen(hydra_heads[head_no]->current_login_ptr) + 1; strncpy(snpbuf + snpbuflen, hydra_heads[head_no]->current_pass_ptr, MAXLINESIZE - snpbuflen - 1); if (strlen(hydra_heads[head_no]->current_pass_ptr) > MAXLINESIZE - snpbuflen - 1) snpbuflen += MAXLINESIZE - snpbuflen - 1; else snpbuflen += strlen(hydra_heads[head_no]->current_pass_ptr) + 1; if (snp_is_redo == 0) { hydra_brains.sent++; hydra_targets[target_no]->sent++; } else if (debug) printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, snp_is_redo); //hydra_dump_data(snpbuf, snpbuflen, "SENT"); fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); if (fck < snpbuflen) { if (verbose) fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); hydra_increase_fail_count(target_no, head_no); loop_cnt = 0; return 0; // not prevent disabling it, if its needed its already done in the above line } if (debug || hydra_options.showAttempt) { printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); } loop_cnt = 0; return 0; } loop_cnt = 0; return -1; } void hydra_skip_user(int target_no, char *username) { int i; if (username == NULL || *username == 0) return; // double check for (i = 0; i < hydra_targets[target_no]->skipcnt; i++) if (strcmp(username, hydra_targets[target_no]->skiplogin[i]) == 0) return; if (hydra_targets[target_no]->skipcnt < SKIPLOGIN && (hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt] = malloc(strlen(username) + 1)) != NULL) { strcpy(hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt], username); hydra_targets[target_no]->skipcnt++; } if (hydra_options.loop_mode == 0 && (hydra_options.mode & 64) != 64) { if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { if (debug) printf("[DEBUG] skipping username %s\n", username); // increase count hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; // step to next login hydra_targets[target_no]->login_no++; if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; } // reset password state hydra_targets[target_no]->pass_ptr = pass_ptr; hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; } } } int hydra_check_for_exit_condition() { int i, k = 0; if (hydra_brains.exit) { if (debug) printf("[DEBUG] exit was forced\n"); return -1; } if (hydra_brains.targets <= hydra_brains.finished && hydra_brains.active < 1) { if (debug) printf("[DEBUG] all targets done and all heads finished\n"); return 1; } if (hydra_brains.active < 1) { // no head active?! check if they are all disabled, if so, we are done for (i = 0; i < hydra_options.max_use && k == 0; i++) if (hydra_heads[i]->active >= 0) k = 1; if (k == 0) { fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); return -1; } } return 0; } int hydra_select_target() { int target_no = -1, i, j = -1000; for (i = 0; i < hydra_brains.targets; i++) if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == 0) if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { target_no = i; j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; } return target_no; } int main(int argc, char *argv[]) { char *proxy_string = NULL, *device = NULL, *memcheck; FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL; size_t countinfile = 1, sizeinfile = 0; unsigned long int math2; int i = 0, j = 0, k, error = 0, modusage = 0; int head_no = 0, target_no = 0, exit_condition = 0, readres; time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; char *tmpptr, *tmpptr2; char rc, buf[MAXBUF]; fd_set fdreadheads; int max_fd; struct addrinfo hints, *res, *p; struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; printf("%s %s (c) 2014 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); #ifndef LIBPOSTGRES SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); strcat(unsupported, "postgres "); #endif #ifndef LIBSAPR3 SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); strcat(unsupported, "sapr3 "); #endif #ifndef LIBFIREBIRD SERVICES = hydra_string_replace(SERVICES, "firebird ", ""); strcat(unsupported, "firebird "); #endif #ifndef LIBAFP SERVICES = hydra_string_replace(SERVICES, "afp ", ""); strcat(unsupported, "afp "); #endif #ifndef LIBNCP SERVICES = hydra_string_replace(SERVICES, "ncp ", ""); strcat(unsupported, "ncp "); #endif #ifndef LIBSSH SERVICES = hydra_string_replace(SERVICES, "ssh ", ""); strcat(unsupported, "ssh "); SERVICES = hydra_string_replace(SERVICES, "sshkey ", ""); strcat(unsupported, "sshkey "); #endif #ifndef LIBSVN SERVICES = hydra_string_replace(SERVICES, "svn ", ""); strcat(unsupported, "svn "); #endif #ifndef LIBORACLE SERVICES = hydra_string_replace(SERVICES, "oracle ", ""); strcat(unsupported, "oracle "); #endif #ifndef LIBMYSQLCLIENT SERVICES = hydra_string_replace(SERVICES, "mysql ", "mysql(v4) "); strcat(unsupported, "mysql5 "); #endif #ifndef LIBOPENSSL // for ftps SERVICES = hydra_string_replace(SERVICES, " ftps", ""); // for pop3 SERVICES = hydra_string_replace(SERVICES, "pop3[s]", "pop3"); // for imap SERVICES = hydra_string_replace(SERVICES, "imap[s]", "imap"); // for smtp SERVICES = hydra_string_replace(SERVICES, "smtp[s]", "smtp"); // for telnet SERVICES = hydra_string_replace(SERVICES, "telnet[s]", "telnet"); // for http[s]-{head|get} SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); // for http[s]-{get|post}-form SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); // for ldap3 SERVICES = hydra_string_replace(SERVICES, "[-{cram|digest}md5]", ""); // for sip SERVICES = hydra_string_replace(SERVICES, " sip", ""); // for rdp SERVICES = hydra_string_replace(SERVICES, " rdp", ""); // for oracle-listener SERVICES = hydra_string_replace(SERVICES, " oracle-listener", ""); // general SERVICES = hydra_string_replace(SERVICES, "[s]", ""); // for oracle-sid SERVICES = hydra_string_replace(SERVICES, " oracle-sid", ""); strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif #ifndef HAVE_MATH_H if (strlen(unsupported) > 0) strcat(unsupported, "and "); strcat(unsupported, "password bruteforce generation "); #endif #ifndef HAVE_PCRE if (strlen(unsupported) > 0) strcat(unsupported, "and "); strcat(unsupported, "regex support "); #endif (void) setvbuf(stdout, NULL, _IONBF, 0); (void) setvbuf(stderr, NULL, _IONBF, 0); // set defaults memset(&hydra_options, 0, sizeof(hydra_options)); memset(&hydra_brains, 0, sizeof(hydra_brains)); prg = argv[0]; hydra_options.debug = debug = 0; hydra_options.verbose = verbose = 0; found = 0; use_proxy = 0; proxy_string_ip[0] = 0; proxy_string_port = 0; strcpy(proxy_string_type, "connect"); proxy_authentication = cmdlinetarget = NULL; hydra_options.login = NULL; hydra_options.loginfile = NULL; hydra_options.pass = NULL; hydra_options.passfile = NULL; hydra_options.tasks = TASKS; hydra_options.max_use = MAXTASKS; hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; // command line processing if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) help(1); if (argc < 3 && (argc < 2 || strcmp(argv[1], "-R") != 0)) help(0); while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { switch (i) { case 'h': help(1); break; case 'q': quiet = 1; break; case 'u': hydra_options.loop_mode = 1; break; case '6': prefer_ipv6 = 1; break; case '4': prefer_ipv6 = 0; break; case 'R': hydra_options.restore = 1; if (argc > 2 + debug + verbose) bail("no option may be supplied together with -R"); break; case 'd': hydra_options.debug = debug = 1; ++verbose; break; case 'e': i = 0; while (i < strlen(optarg)) { switch (optarg[i]) { case 'r': hydra_options.try_password_reverse_login = 1; hydra_options.mode = hydra_options.mode | 8; break; case 'n': hydra_options.try_null_password = 1; hydra_options.mode = hydra_options.mode | 16; break; case 's': hydra_options.try_password_same_as_login = 1; hydra_options.mode = hydra_options.mode | 32; break; default: fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); exit(-1); } i++; } break; case 'v': hydra_options.verbose = verbose = 1; break; case 'V': hydra_options.showAttempt = 1; break; case 'l': hydra_options.login = optarg; break; case 'L': hydra_options.loginfile = optarg; hydra_options.mode = hydra_options.mode | 2; break; case 'p': hydra_options.pass = optarg; break; case 'P': hydra_options.passfile = optarg; hydra_options.mode = hydra_options.mode | 1; break; case 'f': hydra_options.exit_found = 1; break; case 'F': hydra_options.exit_found = 2; break; case 'o': hydra_options.outfile_ptr = optarg; // colored_output = 0; break; case 'M': hydra_options.infile_ptr = optarg; break; case 'C': hydra_options.colonfile = optarg; hydra_options.mode = 64; break; case 'm': hydra_options.miscptr = optarg; break; case 'w': hydra_options.waittime = waittime = atoi(optarg); if (waittime < 1) { fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); exit(-1); } else if (waittime < 5) fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); break; case 'W': hydra_options.conwait = conwait = atoi(optarg); break; case 's': hydra_options.port = port = atoi(optarg); break; case 'S': #ifndef LIBOPENSSL fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); hydra_options.ssl = 0; break; #else hydra_options.ssl = 1; break; #endif case 't': hydra_options.tasks = atoi(optarg); break; case 'T': hydra_options.max_use = atoi(optarg); break; case 'U': modusage = 1; break; case 'x': #ifndef HAVE_MATH_H fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); exit(-1); #else if (strcmp(optarg, "-h") == 0) help_bfg(); bf_options.arg = optarg; hydra_options.bfg = 1; hydra_options.mode = hydra_options.mode | 4; hydra_options.loop_mode = 1; break; #endif default: exit(-1); } } //check if output is redirected from the shell or in a file if (colored_output && !isatty(fileno(stdout))) colored_output = 0; #ifdef LIBNCURSES //then check if the term is color enabled using ncurses lib if (colored_output) { if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { colored_output = 0; } } #else //don't want border line effect so disabling color output //if we are not sure about the term colored_output = 0; #endif if (debug) printf("[DEBUG] Ouput color flag is %d\n", colored_output); printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (debug) { printf("[DEBUG] cmdline: "); for (i = 0; i < argc; i++) printf("%s ", argv[i]); printf("\n"); } if (hydra_options.login != NULL && hydra_options.loginfile != NULL) bail("You can only use -L OR -l, not both\n"); if (hydra_options.pass != NULL && hydra_options.passfile != NULL) bail("You can only use -P OR -p, not both\n"); if (hydra_options.restore) { hydra_restore_read(); // stuff we have to copy from the non-restore part if (strncmp(hydra_options.service, "http-", 5) == 0) { if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } } } else { // normal mode, aka non-restore mode if (hydra_options.colonfile) hydra_options.loop_mode = 0; // just to be sure if (hydra_options.infile_ptr != NULL) { if (optind + 2 < argc) bail("The -M FILE option can not be used together with a host on the commandline"); if (optind + 1 > argc) bail("You need to define a service to attack"); if (optind + 2 == argc) fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); hydra_options.server = NULL; hydra_options.service = argv[optind]; if (optind + 2 == argc) hydra_options.miscptr = argv[optind + 1]; } else if (optind + 2 != argc && optind + 3 != argc) { // check if targetdef follow syntax ://[:][/] or it's a syntax error char *targetdef = strdup(argv[optind]); char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) { service_pos = strstr(targetdef, "://"); if ((service_pos - targetdef) == 0) bail("could not identify service"); if ((hydra_options.service = malloc(1 + service_pos - targetdef)) == NULL) bail("could not alloc memory"); strncpy(hydra_options.service, targetdef, service_pos - targetdef); hydra_options.service[service_pos - targetdef] = 0; target_pos = targetdef + (service_pos - targetdef + 3); if (*target_pos == '[') { target_pos++; if ((param_pos = index(target_pos, ']')) == NULL) bail("no closing ']' found in target definition"); *param_pos++ = 0; if (*param_pos == ':') port_pos = ++param_pos; if ((param_pos = index(param_pos, '/')) != NULL) *param_pos++ = 0; } else { port_pos = index(target_pos, ':'); param_pos = index(target_pos, '/'); if (port_pos != NULL && param_pos != NULL && port_pos > param_pos) port_pos = NULL; if (port_pos != NULL) *port_pos++ = 0; if (param_pos != NULL) *param_pos++ = 0; if (port_pos != NULL && index(port_pos, ':') != NULL) { if (prefer_ipv6) bail("Illegal IPv6 target definition must be written within '[' ']'"); else bail("Illegal port definition"); } } if (*target_pos == 0) hydra_options.server = NULL; else hydra_options.server = target_pos; if (port_pos != NULL) hydra_options.port = port = atoi(port_pos); if (param_pos != NULL) { if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') *--param_pos = '/'; hydra_options.miscptr = param_pos; } //printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); if (debug) printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); } else { hydra_options.server = NULL; hydra_options.service = NULL; if (modusage) hydra_options.service = targetdef; else help(0); } } else { hydra_options.server = argv[optind]; cmdlinetarget = argv[optind]; hydra_options.service = argv[optind + 1]; if (optind + 3 == argc) hydra_options.miscptr = argv[optind + 2]; } if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { hydra_options.ssl = 1; hydra_options.service[strlen(hydra_options.service) - 1] = 0; } if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || strcmp(hydra_options.service, "sapr3") == 0) { fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); proxy_string = NULL; } } /* here start the services */ if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 || strcmp(hydra_options.service, "https") == 0) { fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); if (strcmp(hydra_options.service, "http") == 0) { hydra_options.service = malloc(strlen("http-get") + 1); strcpy(hydra_options.service, "http-get"); } if (strcmp(hydra_options.service, "https") == 0) { hydra_options.service = malloc(strlen("https-get") + 1); strcpy(hydra_options.service, "https-get"); } } if (strcmp(hydra_options.service, "http-form-get") == 0) strcpy(hydra_options.service, "http-get-form"); if (strcmp(hydra_options.service, "https-form-get") == 0) strcpy(hydra_options.service, "https-get-form"); if (strcmp(hydra_options.service, "http-form-post") == 0) strcpy(hydra_options.service, "http-post-form"); if (strcmp(hydra_options.service, "https-form-post") == 0) strcpy(hydra_options.service, "https-post-form"); if (modusage == 1) module_usage(); i = 0; if (strcmp(hydra_options.service, "telnet") == 0) { fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); i = 1; } if (strcmp(hydra_options.service, "ftp") == 0) i = 1; if (strcmp(hydra_options.service, "ftps") == 0) { fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); i = 1; } if (strcmp(hydra_options.service, "pop3") == 0) { fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "imap") == 0) { fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "redis") == 0) i = 2; if (strcmp(hydra_options.service, "asterisk") == 0) i = 1; if (strcmp(hydra_options.service, "vmauthd") == 0) i = 1; if (strcmp(hydra_options.service, "rexec") == 0) i = 1; if (strcmp(hydra_options.service, "rlogin") == 0) i = 1; if (strcmp(hydra_options.service, "rsh") == 0) i = 3; if (strcmp(hydra_options.service, "nntp") == 0) i = 1; if (strcmp(hydra_options.service, "socks5") == 0) i = 1; if (strcmp(hydra_options.service, "icq") == 0) { fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); i = 1; } if (strcmp(hydra_options.service, "mysql") == 0) { i = 1; if (hydra_options.tasks > 4) { fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); hydra_options.tasks = 4; } } if (strcmp(hydra_options.service, "mssql") == 0) i = 1; if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { i = 2; hydra_options.service = malloc(strlen("oracle-listener") + 1); strcpy(hydra_options.service, "oracle-listener"); } if ((strcmp(hydra_options.service, "oracle-sid") == 0) || (strcmp(hydra_options.service, "sid") == 0)) { i = 3; hydra_options.service = malloc(strlen("oracle-sid") + 1); strcpy(hydra_options.service, "oracle-sid"); } #ifdef LIBORACLE if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { i = 1; hydra_options.service = malloc(strlen("oracle") + 1); strcpy(hydra_options.service, "oracle"); } #endif if (strcmp(hydra_options.service, "postgres") == 0) #ifdef LIBPOSTGRES i = 1; #else bail("Compiled without LIBPOSTGRES support, module not available!"); #endif if (strcmp(hydra_options.service, "firebird") == 0) #ifdef LIBFIREBIRD i = 1; #else bail("Compiled without LIBFIREBIRD support, module not available!"); #endif if (strcmp(hydra_options.service, "afp") == 0) #ifdef LIBAFP i = 1; #else bail("Compiled without LIBAFP support, module not available!"); #endif if (strcmp(hydra_options.service, "svn") == 0) #ifdef LIBSVN i = 1; #else bail("Compiled without LIBSVN support, module not available!"); #endif if (strcmp(hydra_options.service, "ncp") == 0) #ifdef LIBNCP i = 1; #else bail("Compiled without LIBNCP support, module not available!"); #endif if (strcmp(hydra_options.service, "pcanywhere") == 0) i = 1; if (strcmp(hydra_options.service, "http-proxy") == 0) { i = 1; if (hydra_options.miscptr != NULL && strncmp(hydra_options.miscptr, "http://", 7) != 0) bail("module option must start with http://"); } if (strcmp(hydra_options.service, "cvs") == 0) { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); } } if (strcmp(hydra_options.service, "svn") == 0) { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); } } if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { if (hydra_options.tasks > 8) fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n"); #ifdef LIBSSH i = 1; #else bail("Compiled without LIBSSH v0.4.x support, module is not available!"); #endif } if (strcmp(hydra_options.service, "smtp") == 0) { fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "smtp-enum") == 0) i = 1; if (strcmp(hydra_options.service, "teamspeak") == 0) i = 1; if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { if (hydra_options.tasks > 1) { fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); hydra_options.tasks = 1; } i = 1; } if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { #ifdef LIBOPENSSL if (hydra_options.tasks > 1) { fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); hydra_options.tasks = 1; } i = 1; #endif } if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "rdp") == 0) || (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { #ifndef LIBOPENSSL bail("Compiled without OPENSSL support, module not available!"); #endif } if (strcmp(hydra_options.service, "pcnfs") == 0) { i = 1; if (port == 0) bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); } if (strcmp(hydra_options.service, "sapr3") == 0) { #ifdef LIBSAPR3 i = 1; if (port == PORT_SAPR3) bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); if (port < 3200 || port > 3699) fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) bail("You must set the client ID (0-999) as an additional option or via -m"); #else bail("Compiled without LIBSAPR3 support, module not available!"); #endif } if (strcmp(hydra_options.service, "cisco") == 0) { i = 2; if (hydra_options.tasks > 4) fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); } if (strncmp(hydra_options.service, "snmpv", 5) == 0) { hydra_options.service[4] = hydra_options.service[5]; hydra_options.service[5] = 0; } if (strcmp(hydra_options.service, "snmp") == 0 || strcmp(hydra_options.service, "snmp1") == 0) { hydra_options.service[4] = 0; i = 2; } if (strcmp(hydra_options.service, "snmp2") == 0 || strcmp(hydra_options.service, "snmp3") == 0) { if (hydra_options.miscptr == NULL) hydra_options.miscptr = strdup(hydra_options.service + 4); else { tmpptr = malloc(strlen(hydra_options.miscptr) + 4); strcpy(tmpptr, hydra_options.miscptr); strcat(tmpptr, ":"); strcat(tmpptr, hydra_options.service + 4); hydra_options.miscptr = tmpptr; } hydra_options.service[4] = 0; i = 2; } if (strcmp(hydra_options.service, "snmp") == 0 && hydra_options.miscptr != NULL) { char *lptr; j = 1; tmpptr = strdup(hydra_options.miscptr); lptr = strtok(tmpptr, ":"); while (lptr != NULL) { i = 0; if (strcasecmp(lptr, "1") == 0 || strcasecmp(lptr, "2") == 0 || strcasecmp(lptr, "3") == 0) { i = 1; j = lptr[0] - '0' + (j & 252); } else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0) i = 1; else if (strcasecmp(lptr, "MD5") == 0) { i = 1; j = 4 + (j & 51); } else if (strcasecmp(lptr, "SHA") == 0 || strcasecmp(lptr, "SHA1") == 0) { i = 1; j = 8 + (j & 51); } else if (strcasecmp(lptr, "DES") == 0) { i = 1; j = 16 + (j & 15); } else if (strcasecmp(lptr, "AES") == 0) { i = 1; j = 32 + (j & 15); } if (i == 0) { fprintf(stderr, "[ERROR] unknown parameter in module option: %s\n", lptr); exit(-1); } lptr = strtok(NULL, ":"); } i = 2; if ((j & 3) < 3 && j > 2) fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); if ((j & 3) == 3) { fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); if (j >= 16) bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); if (hydra_options.colonfile == NULL && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { if (j > 3) { fprintf(stderr, "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); exit(-1); } fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); tmpptr = malloc(strlen(hydra_options.miscptr) + 8); strcpy(tmpptr, hydra_options.miscptr); strcat(tmpptr, ":"); strcat(tmpptr, "PLAIN"); hydra_options.miscptr = tmpptr; } else { i = 1; // snmpv3 with login+pass mode #ifndef LIBOPENSSL bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); #endif printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); } } } if (strcmp(hydra_options.service, "sip") == 0) { if (hydra_options.miscptr == NULL) { if (hydra_options.server != NULL) { hydra_options.miscptr = hydra_options.server; i = 1; } else { bail("The sip module does not work with multiple servers (-M)\n"); } } else { i = 1; } } if (strcmp(hydra_options.service, "ldap") == 0) { bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); } if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { i = 1; if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) bail("you may only use one of -l, -L or -m\n"); if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { i = 2; } } if (strcmp(hydra_options.service, "ldap3-crammd5") == 0 || strcmp(hydra_options.service, "ldap3-digestmd5") == 0) { i = 1; if (hydra_options.login == NULL && hydra_options.loginfile == NULL) bail("-l or -L option is required to specify the login\n"); if (hydra_options.miscptr == NULL) bail("-m option is required to specify the DN\n"); } // ADD NEW SERVICES HERE if (strcmp(hydra_options.service, "s7-300") == 0) { if (hydra_options.tasks > 8) { fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); hydra_options.tasks = 8; } i = 2; } if (strcmp(hydra_options.service, "cisco-enable") == 0) { i = 2; if (hydra_options.login == NULL) { //hydra_options.login = empty_login; i = 1; // login will be the initial Username: login, or line Password: } if (hydra_options.miscptr == NULL) { fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); } if (hydra_options.tasks > 4) fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); } if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { i = 4; hydra_options.pass = empty_login; if (hydra_options.miscptr == NULL) { fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); } if (hydra_options.bfg || hydra_options.passfile != NULL) bail("the http-proxy-urlenum does not need the -p/-P or -x option"); } if (strcmp(hydra_options.service, "vnc") == 0) { i = 2; if (hydra_options.tasks > 4) fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); } if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0) { #ifdef LIBOPENSSL i = 1; hydra_options.ssl = 1; if (strcmp(hydra_options.service, "https-head") == 0) strcpy(hydra_options.service, "http-head"); else strcpy(hydra_options.service, "http-get"); #else bail("Compiled without SSL support, module not available"); #endif } if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) { i = 1; if (hydra_options.miscptr == NULL) { fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); hydra_options.miscptr = malloc(2); hydra_options.miscptr = "/"; } if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } if (strcmp(hydra_options.service, "http-head") == 0) fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); } if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 || strcmp(hydra_options.service, "https-post-form") == 0) { char bufferurl[1024], *url, *variables, *cond, *optional1; if (strncmp(hydra_options.service, "http-", 5) == 0) { i = 1; } else { // https #ifdef LIBOPENSSL i = 1; hydra_options.ssl = 1; if (strcmp(hydra_options.service, "https-post-form") == 0) strcpy(hydra_options.service, "http-post-form"); else strcpy(hydra_options.service, "http-get-form"); #else bail("Compiled without SSL support, module not available"); #endif } if (hydra_options.miscptr == NULL) { fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); hydra_options.miscptr = malloc(2); hydra_options.miscptr = "/"; } //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); if (hydra_options.miscptr[0] != '/') bail("optional parameter must start with a '/' slash!\n"); if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } if (strstr(hydra_options.miscptr, "\\:") != NULL) { fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); } else { sprintf(bufferurl, "%.1000s", hydra_options.miscptr); url = strtok(bufferurl, ":"); variables = strtok(NULL, ":"); cond = strtok(NULL, ":"); optional1 = strtok(NULL, "\n"); if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); exit(-1); } if ((url == NULL) || (cond == NULL)) { fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); exit(-1); } while ((optional1 = strtok(NULL, ":")) != NULL) { if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); exit(-1); } switch (optional1[0]) { case 'C': // fall through case 'c': if (optional1[1] != '=' || optional1[2] != '/') { fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); exit(-1); } break; case 'H': // fall through case 'h': if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); exit(-1); } break; default: fprintf(stderr, "[ERROR] Unknown optional argument: %s", optional1); } } } } if (strcmp(hydra_options.service, "xmpp") == 0) i = 1; if (strcmp(hydra_options.service, "irc") == 0) i = 1; if (strcmp(hydra_options.service, "rdp") == 0) { if (hydra_options.tasks > 4) fprintf(stderr, "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); //if (hydra_options.tasks > 4) { // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); // hydra_options.tasks = 4; //} //if (conwait == 0) // hydra_options.conwait = conwait = 1; i = 1; } // ADD NEW SERVICES HERE if (i == 0) { fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service); exit(-1); } if (port < 1 || port > 65535) { if ((port = hydra_lookup_port(hydra_options.service)) < 1) { fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n"); exit(-1); } hydra_options.port = port; } if (hydra_options.ssl == 0 && hydra_options.port == 443) fprintf(stderr, "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); if (hydra_options.loop_mode && hydra_options.colonfile != NULL) bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); if (i == 2) { if (hydra_options.colonfile != NULL || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) bail ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { hydra_options.pass = hydra_options.login; hydra_options.passfile = hydra_options.loginfile; } hydra_options.login = empty_login; hydra_options.loginfile = NULL; } if (i == 3) { if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { hydra_options.login = hydra_options.pass; hydra_options.loginfile = hydra_options.passfile; } hydra_options.pass = empty_login; hydra_options.passfile = NULL; } if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) bail("I need at least either the -l or -L option to know the login"); if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) bail("I need at least either the -p, -P or -x option to have a password to try"); if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) bail("I need at least either the -l, -L or -C option to know the login"); if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); if ((hydra_options.bfg) && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) || (hydra_options.colonfile != NULL))) bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { // test if the service is smtp-enum as it could be used either with a login+pass or only a login if (strstr(hydra_options.service, "smtp-enum") != NULL) hydra_options.pass = empty_login; else bail("I need at least the -e, -p, -P or -x option to have some passwords!"); } if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); exit(-1); } if (hydra_options.max_use > MAXTASKS) { fprintf(stderr, "[WARNING] reducing maximum tasks to MAXTASKS (%d)\n", MAXTASKS); hydra_options.max_use = MAXTASKS; } if (hydra_options.colonfile == NULL) { if (hydra_options.loginfile != NULL) { if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) { fprintf(stderr, "[ERROR] File for logins not found: %s", hydra_options.loginfile); exit(-1); } hydra_brains.countlogin = countlines(lfp, 0); hydra_brains.sizelogin = size_of_data; if (hydra_brains.countlogin == 0) { fprintf(stderr, "[ERROR] File for logins is empty: %s", hydra_options.loginfile); exit(-1); } if (hydra_brains.countlogin > MAX_LINES) { fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES) { fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); exit(-1); } login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); if (login_ptr == NULL) bail("Could not allocate enough memory for login file data"); memset(login_ptr, 0, hydra_brains.sizelogin + hydra_brains.countlogin + 8); fill_mem(login_ptr, lfp, 0); } else { login_ptr = hydra_options.login; hydra_brains.sizelogin = strlen(hydra_options.login) + 1; hydra_brains.countlogin = 1; } if (hydra_options.passfile != NULL) { if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) { fprintf(stderr, "[ERROR] File for passwords not found: %s", hydra_options.passfile); exit(-1); } hydra_brains.countpass = countlines(pfp, 0); hydra_brains.sizepass = size_of_data; if (hydra_brains.countpass == 0) { fprintf(stderr, "[ERROR] File for passwords is empty: %s", hydra_options.passfile); exit(-1); } if (hydra_brains.countpass > MAX_LINES) { fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); exit(-1); } if (hydra_brains.sizepass > MAX_BYTES) { fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); exit(-1); } pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); if (pass_ptr == NULL) bail("Could not allocate enough memory for password file data"); memset(pass_ptr, 0, hydra_brains.sizepass + hydra_brains.countpass + 8); fill_mem(pass_ptr, pfp, 0); } else { if (hydra_options.pass != NULL) { pass_ptr = hydra_options.pass; hydra_brains.countpass = 1; hydra_brains.sizepass = strlen(hydra_options.pass) + 1; } else { if (hydra_options.bfg) { #ifdef HAVE_MATH_H if (bf_init(bf_options.arg)) exit(-1); // error description is handled by bf_init pass_ptr = bf_next(); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; #else sleep(1); #endif } else { pass_ptr = hydra_options.pass = empty_login; hydra_brains.countpass = 0; hydra_brains.sizepass = 1; } } } } else { if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) { fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s", hydra_options.colonfile); exit(-1); } hydra_brains.countlogin = countlines(cfp, 1); hydra_brains.sizelogin = size_of_data; if (hydra_brains.countlogin == 0) { fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s", hydra_options.colonfile); exit(-1); } if (hydra_brains.countlogin > MAX_LINES / 2) { fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES / 2) { fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); exit(-1); } csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); if (csv_ptr == NULL) bail("Could not allocate enough memory for colon file data"); memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); fill_mem(csv_ptr, cfp, 1); //printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); //hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); hydra_brains.countpass = 1; pass_ptr = login_ptr = csv_ptr; while (*pass_ptr != 0) pass_ptr++; pass_ptr++; } hydra_brains.countpass += hydra_options.try_password_reverse_login + hydra_options.try_password_same_as_login + hydra_options.try_null_password; if ((memcheck = malloc(102400)) == NULL) { fprintf(stderr, "[ERROR] your wordlist is too large, not enough memory!\n"); exit(-1); } free(memcheck); if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE); sleep(10); fclose(rfp); } if (hydra_options.infile_ptr != NULL) { if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) { fprintf(stderr, "[ERROR] File for targets not found: %s", hydra_options.infile_ptr); exit(-1); } hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); if (countinfile == 0) { fprintf(stderr, "[ERROR] File for targets is empty: %s", hydra_options.infile_ptr); exit(-1); } // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8); if (hydra_targets == NULL) bail("Could not allocate enough memory for target data"); sizeinfile = size_of_data; if (countinfile > MAX_LINES / 1000) { fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int) countinfile); exit(-1); } if (sizeinfile > MAX_BYTES / 1000) { fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int) sizeinfile); exit(-1); } if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) bail("Could not allocate enough memory for target file data"); memset(servers_ptr, 0, sizeinfile + countservers + 8); fill_mem(servers_ptr, ifp, 0); sizeservers = sizeinfile; tmpptr = servers_ptr; for (i = 0; i < countinfile; i++) { hydra_targets[i] = malloc(sizeof(hydra_target)); memset(hydra_targets[i], 0, sizeof(hydra_target)); if (*tmpptr == '[') { tmpptr++; hydra_targets[i]->target = tmpptr; if ((tmpptr2 = index(tmpptr, ']')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; } } else hydra_targets[i]->target = tmpptr; if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; hydra_targets[i]->port = atoi(tmpptr2); if (hydra_targets[i]->port < 1 || hydra_targets[i]->port > 65535) hydra_targets[i]->port = 0; } if (hydra_targets[i]->port == 0) hydra_targets[i]->port = hydra_options.port; while (*tmpptr != 0) tmpptr++; tmpptr++; } } else if (index(hydra_options.server, '/') != NULL) { /* CIDR notation on command line, e.g. 192.168.0.0/24 */ unsigned int four_from, four_to, addr_cur, addr_cur2, k, l; in_addr_t addr4; struct sockaddr_in target; hydra_options.cidr = 1; do_retry = 0; if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { fprintf(stderr, "Error: can not allocate memory\n"); exit(-1); } strcpy(tmpptr, hydra_options.server); tmpptr2 = index(tmpptr, '/'); *tmpptr2++ = 0; if ((k = atoi(tmpptr2)) < 16 || k > 31) { fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); exit(-1); } if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); exit(-1); } free(tmpptr); l = 1 << (32 - k); l--; four_to = (addr4 | l); l = 0xffffffff - l; four_from = (addr4 & l); l = 1 << (32 - k); hydra_brains.targets = countservers = l; hydra_targets = malloc(sizeof(hydra_targets) * (l + 2) + 8); if (hydra_targets == NULL) bail("Could not allocate enough memory for target data"); i = 0; addr_cur = four_from; while (addr_cur <= four_to && i < l) { hydra_targets[i] = malloc(sizeof(hydra_target)); memset(hydra_targets[i], 0, sizeof(hydra_target)); addr_cur2 = htonl(addr_cur); memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4); hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); hydra_targets[i]->port = hydra_options.port; addr_cur++; i++; } if (verbose) printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); } else { // standard: single target on command line countservers = hydra_brains.targets = 1; hydra_targets = malloc(sizeof(int) * 4); hydra_targets[0] = malloc(sizeof(hydra_target)); memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; hydra_targets[0]->port = hydra_options.port; sizeservers = strlen(hydra_options.server) + 1; } for (i = 0; i < hydra_brains.targets; i++) { hydra_targets[i]->login_ptr = login_ptr; hydra_targets[i]->pass_ptr = pass_ptr; if (hydra_options.loop_mode) { if (hydra_options.try_password_same_as_login) hydra_targets[i]->pass_state = 0; else if (hydra_options.try_null_password) { hydra_targets[i]->pass_ptr = empty_login; hydra_targets[i]->pass_state = 1; } else if (hydra_options.try_password_reverse_login) hydra_targets[i]->pass_state = 2; else hydra_targets[i]->pass_state = 3; } } } // END OF restore == 0 if (getenv("HYDRA_PROXY") && use_proxy == 0) { printf("[INFO] Using Connect Proxy: %s\n", getenv("HYDRA_PROXY")); use_proxy = 2; } if (use_proxy == 1) proxy_string = getenv("HYDRA_PROXY_HTTP"); if (use_proxy == 2) proxy_string = getenv("HYDRA_PROXY"); if (proxy_string != NULL && proxy_string[0] != 0) { if (strstr(proxy_string, "//") != NULL) { char *dslash = strstr(proxy_string, "://"); if (dslash) { proxy_string[dslash - proxy_string] = 0; strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type) - 1); proxy_string_type[sizeof(proxy_string_type) - 1] = 0; } proxy_string = dslash; proxy_string += 3; } if (proxy_string[strlen(proxy_string) - 1] == '/') proxy_string[strlen(proxy_string) - 1] = 0; if ((tmpptr = index(proxy_string, ':')) == NULL) use_proxy = 0; else { *tmpptr = 0; tmpptr++; memset(&hints, 0, sizeof hints); if ((device = index(proxy_string, '%')) != NULL) *device++ = 0; if (getaddrinfo(proxy_string, NULL, &hints, &res) != 0) { fprintf(stderr, "[ERROR] could not resolve proxy address: %s\n", proxy_string); exit(-1); } else { for (p = res; p != NULL; p = p->ai_next) { #ifdef AF_INET6 if (p->ai_family == AF_INET6) { if (ipv6 == NULL) ipv6 = (struct sockaddr_in6 *) p->ai_addr; } else #endif if (p->ai_family == AF_INET) { if (ipv4 == NULL) ipv4 = (struct sockaddr_in *) p->ai_addr; } } freeaddrinfo(res); #ifdef AF_INET6 if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { proxy_string_ip[0] = 16; memcpy(proxy_string_ip + 1, (char *) &ipv6->sin6_addr, 16); if (device != NULL && strlen(device) <= 16) strcpy(proxy_string_ip + 17, device); if (memcmp(proxy_string_ip + 1, fe80, 2) == 0) { if (device == NULL) { fprintf(stderr, "[ERROR] The proxy address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n"); exit(-1); } } } else #endif if (ipv4 != NULL) { proxy_string_ip[0] = 4; memcpy(proxy_string_ip + 1, (char *) &ipv4->sin_addr, 4); } else { fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", proxy_string); exit(-1); } } proxy_string_port = atoi(tmpptr); } if (use_proxy == 0) fprintf(stderr, "[WARNING] invalid proxy definition. Syntax: \"HYDRA_PROXY=[connect|socks[4|5]]://1.2.3.4:3128/\".\n"); } else use_proxy = 0; if (use_proxy > 0 && (tmpptr = getenv("HYDRA_PROXY_AUTH")) != NULL && tmpptr[0] != 0) { if (index(tmpptr, ':') == NULL) { fprintf(stderr, "[WARNING] invalid proxy authentication. Syntax: \"login:password\". Ignoring ...\n"); } else { proxy_authentication = malloc(strlen(tmpptr) * 2 + 50); strcpy(proxy_authentication, tmpptr); if (hydra_strcasestr(proxy_string_type, "socks") == NULL) hydra_tobase64((unsigned char *) proxy_authentication, strlen(proxy_authentication), strlen(tmpptr) * 2 + 8); } } if (hydra_options.restore == 0) { if ((strcmp(hydra_options.service, "rsh") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) math2 = hydra_brains.countlogin; else math2 = hydra_brains.countlogin * hydra_brains.countpass; #ifdef HAVE_MATH_H if (hydra_options.bfg) { math2 = hydra_brains.countlogin * bf_get_pcount(); } #endif hydra_brains.todo = math2; math2 = math2 * hydra_brains.targets; hydra_brains.todo_all = math2; if (hydra_brains.todo_all == 0) bail("No login/password combination given!"); if (hydra_brains.todo < hydra_options.tasks) { if (verbose && hydra_options.tasks != TASKS) printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); hydra_options.tasks = hydra_brains.todo; } } if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; if (hydra_options.max_use > MAXTASKS) hydra_options.max_use = MAXTASKS; } if ((hydra_options.tasks == TASKS || hydra_options.tasks <= 8) && hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) hydra_options.tasks = 1; //fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks); } else { if (hydra_options.tasks > MAXTASKS) { //fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); hydra_options.tasks = MAXTASKS; } } // hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; // if (hydra_options.max_use > MAXTASKS) // hydra_options.max_use = MAXTASKS; math2 = (hydra_brains.todo / hydra_options.tasks); if (hydra_brains.todo % hydra_options.tasks) math2++; math2 = (math2 * hydra_brains.targets) / hydra_options.max_use; // set options (bits!) options = 0; if (hydra_options.ssl) options = options | OPTION_SSL; if (hydra_options.colonfile != NULL) printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies"); else printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); printf("[DATA] attacking service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); if (hydra_options.outfile_ptr != NULL) { if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, "a+")) == NULL) { perror("[ERROR] Error creating outputfile"); exit(-1); } fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); for (i = 1; i < argc; i++) fprintf(hydra_brains.ofp, " %s", argv[i]); fprintf(hydra_brains.ofp, ")\n"); } // we have to flush all writeable buffered file pointers before forking // set appropriate signals for mother signal(SIGCHLD, killed_childs); if (debug == 0) signal(SIGTERM, kill_children); if (debug == 0) { #ifdef SIGBUS signal(SIGBUS, kill_children); #endif signal(SIGSEGV, kill_children); } signal(SIGHUP, kill_children); signal(SIGINT, kill_children); signal(SIGPIPE, SIG_IGN); if (verbose) printf("[VERBOSE] Resolving addresses ... "); if (debug) printf("\n"); for (i = 0; i < hydra_brains.targets; i++) { if (debug) printf("[DEBUG] resolving %s\n", hydra_targets[i]->target); memset(&hints, 0, sizeof(hints)); ipv4 = NULL; #ifdef AF_INET6 ipv6 = NULL; if ((device = index(hydra_targets[i]->target, '%')) != NULL) *device++ = 0; #endif if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { if (use_proxy == 0) { if (verbose) printf("[failed for %s] ", hydra_targets[i]->target); else fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); hydra_targets[i]->done = 3; hydra_brains.finished++; } } else { for (p = res; p != NULL; p = p->ai_next) { #ifdef AF_INET6 if (p->ai_family == AF_INET6) { if (ipv6 == NULL) ipv6 = (struct sockaddr_in6 *) p->ai_addr; } else #endif if (p->ai_family == AF_INET) { if (ipv4 == NULL) ipv4 = (struct sockaddr_in *) p->ai_addr; } } #ifdef AF_INET6 if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { // IPV6 FIXME if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", hydra_targets[i]->target, hydra_options.service); hydra_targets[i]->done = 3; hydra_brains.finished++; } else { hydra_targets[i]->ip[0] = 16; memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); if (device != NULL && strlen(device) <= 16) strcpy(&hydra_targets[i]->ip[17], device); if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { if (device == NULL) { fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", hydra_targets[i]->target); exit(-1); } } } } else #endif if (ipv4 != NULL) { hydra_targets[i]->ip[0] = 4; memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); } else { if (verbose) printf("[failed for %s] ", hydra_targets[i]->target); else fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); hydra_targets[i]->done = 3; hydra_brains.finished++; } freeaddrinfo(res); } } if (verbose) printf("done\n"); if (hydra_brains.targets == 0) bail("No server to scan!"); #ifndef SO_BINDTODEVICE if (device != NULL) { fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); } #endif if (hydra_options.restore == 0) { hydra_heads = malloc(sizeof(hydra_heads) * hydra_options.max_use); target_no = 0; for (i = 0; i < hydra_options.max_use; i++) { hydra_heads[i] = malloc(sizeof(hydra_head)); memset(hydra_heads[i], 0, sizeof(hydra_head)); } } // here we call the init function of the relevant service module // should we do the init centrally or should each child do that? // that depends largely on the number of targets and maximum tasks // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) for (i = 0; i < hydra_brains.targets; i++) hydra_service_init(i); starttime = elapsed_status = elapsed_restore = time(NULL); fflush(stdout); fflush(stderr); fflush(hydra_brains.ofp); hydra_debug(0, "attack"); process_restore = 1; // this is the big function which starts the attacking children, feeds login/password pairs, etc.! while (exit_condition == 0) { FD_ZERO(&fdreadheads); for (head_no = 0, max_fd = 1; head_no < hydra_options.max_use; head_no++) { if (hydra_heads[head_no]->active > 0) { FD_SET(hydra_heads[head_no]->sp[0], &fdreadheads); if (max_fd < hydra_heads[head_no]->sp[0]) max_fd = hydra_heads[head_no]->sp[0]; } } my_select(max_fd + 1, &fdreadheads, NULL, NULL, 0, 200000); tmp_time = time(NULL); for (head_no = 0; head_no < hydra_options.max_use; head_no++) { if (debug && hydra_heads[head_no]->active != -1) printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); switch (hydra_heads[head_no]->active) { case -1: // disabled head, ignored break; case 0: if (hydra_heads[head_no]->redo) { hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); } else { if (hydra_brains.targets > hydra_brains.finished) hydra_heads[head_no]->target_no = hydra_select_target(); else hydra_heads[head_no]->target_no = -1; if (debug) printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); if (hydra_heads[head_no]->target_no < 0) { if (debug) printf("[DEBUG] hydra_select_target() reports no more targets left\n"); hydra_kill_head(head_no, 0, 3); } else hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 } break; case 1: if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); if (readres > 0) { FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); hydra_heads[head_no]->last_seen = tmp_time; if (debug) printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); switch (rc) { // Valid Results: // n - mother says to itself that child requests next login/password pair // N - child requests next login/password pair // Q - child reports that it is quitting // C - child reports connect error (and is quitting) // E - child reports protocol error (and is quitting) // f - child reports that the username does not exist // F - child reports that it found a valid login/password pair // and requests next pair. Sends login/pw pair with next msg! case 'N': // head wants next pair hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; // no break here case 'n': // mother sends this to itself initially loop_cnt = 0; if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) hydra_kill_head(head_no, 1, 0); break; case 'F': // valid password found hydra_brains.found++; if (colored_output) { if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) printf("[\e[32m%d\e[0m][\e[32m%s\e[0m] host: \e[32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); else printf("[\e[32m%d\e[0m][\e[32m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { printf("[\e[32m%d\e[0m][\e[32m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else printf("[\e[32m%d\e[0m][\e[32m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } else { if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); else printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); else fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done hydra_brains.finished++; printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); } if (hydra_options.exit_found == 2) { for (j = 0; j < hydra_brains.targets; j++) if (hydra_targets[j]->done == 0) { hydra_targets[j]->done = 1; hydra_brains.finished++; } } for (j = 0; j < hydra_options.max_use; j++) if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { if (hydra_brains.targets > hydra_brains.finished && hydra_options.exit_found < 2) hydra_kill_head(j, 1, 0); // kill all heads working on the target else hydra_kill_head(j, 1, 2); // kill all heads working on the target } continue; } // fall through case 'f': // username identified as invalid hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; memset(buf, 0, sizeof(buf)); read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); hydra_skip_user(hydra_heads[head_no]->target_no, buf); fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack break; // we do not make a difference between 'C' and 'E' results - yet case 'E': // head reports protocol error case 'C': // head reports connect error fck = write(hydra_heads[head_no]->sp[0], "Q", 1); if (debug) { printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); } hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); break; case 'Q': // head reports its quitting fck = write(hydra_heads[head_no]->sp[0], "Q", 1); if (debug) printf("[DEBUG] child %d reported it quit\n", head_no); hydra_kill_head(head_no, 1, 0); break; default: fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } if (readres == -1) { if (verbose) fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } else { if (hydra_heads[head_no]->last_seen + hydra_options.waittime > tmp_time) { // check if recover of timed-out head is necessary if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { if (kill(hydra_heads[head_no]->pid, 0) < 0) { if (verbose) fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } // if we do not get to hear anything for a longer time assume its dead if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { if (verbose) fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } } break; default: fprintf(stderr, "[ERROR] child %d in unknown state, restarting!\n", head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } usleep(USLEEP_LOOP); (void) wait3(NULL, WNOHANG, NULL); // write restore file and report status if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { hydra_restore_write(0); elapsed_restore = time(NULL); } if (time(NULL) - elapsed_status > status_print) { elapsed_status = time(NULL); tmp_time = elapsed_status - starttime; if (tmp_time < 1) tmp_time = 1; tmp_time = hydra_brains.sent / tmp_time; if (tmp_time < 1) tmp_time = 1; if (status_print < 15 * 59) status_print = ((status_print + 1) * 2) - 1; if (status_print > 299 && (hydra_brains.todo_all - hydra_brains.sent) / tmp_time < 1500) status_print = 299; if (((hydra_brains.todo_all - hydra_brains.sent) / tmp_time) < 150) status_print = 59; k = 0; for (j = 0; j < hydra_options.max_use; j++) if (hydra_heads[j]->active >= 0) k++; printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu todo in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min hydra_brains.sent, // tries (long unsigned int) ((elapsed_status - starttime) / 3600), // hours (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) ) / 3600, // hours (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) ) % 3600) / 60) + 1, // min k); hydra_debug(0, "STATUS"); } exit_condition = hydra_check_for_exit_condition(); } process_restore = 0; if (debug) printf("[DEBUG] while loop left with %d\n", exit_condition); j = k = error = 0; for (i = 0; i < hydra_brains.targets; i++) switch (hydra_targets[i]->done) { case 3: k++; break; case 2: if (hydra_targets[i]->ok == 0) k++; else error++; break; case 1: break; case 0: if (hydra_targets[i]->ok == 0) k++; else j++; break; default: error++; fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); } if (debug) printf("[DEBUG] killing all remaining childs now that might be stuck\n"); for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) hydra_kill_head(i, 1, 3); (void) wait3(NULL, WNOHANG, NULL); printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); if (error == 0 && j == 0) { process_restore = 0; unlink(RESTOREFILE); } else { if (hydra_options.cidr == 0) { printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); hydra_restore_write(1); } } if (error) { fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); error = 1; } if (k) { fprintf(stderr, "[ERROR] %d target%s did not resolve or could not be connected\n", k, k == 1 ? "" : "s"); error = 1; } if (j) { fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); error = 1; } // yeah we did it printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) fclose(hydra_brains.ofp); fflush(NULL); if (error || j || exit_condition < 0) return -1; else return 0; } hydra-8.1/hydra.h0000644000175000010010000000556112441064454012354 0ustar marcNone#ifndef _HYDRA_H #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_OPENSSL #define HYDRA_SSL #endif #ifdef HAVE_SSL #ifndef HYDRA_SSL #define HYDRA_SSL #endif #endif #ifdef LIBSSH #include #endif #define OPTION_SSL 1 #define PORT_NOPORT -1 #define PORT_FTP 21 #define PORT_FTP_SSL 990 #define PORT_TELNET 23 #define PORT_TELNET_SSL 992 #define PORT_HTTP 80 #define PORT_HTTP_SSL 443 #define PORT_HTTP_PROXY 3128 #define PORT_HTTP_PROXY_SSL 3128 #define PORT_POP3 110 #define PORT_POP3_SSL 995 #define PORT_NNTP 119 #define PORT_NNTP_SSL 563 #define PORT_SMB 139 #define PORT_SMB_SSL 139 #define PORT_SMBNT 445 #define PORT_SMBNT_SSL 445 #define PORT_IMAP 143 #define PORT_IMAP_SSL 993 #define PORT_LDAP 389 #define PORT_LDAP_SSL 636 #define PORT_REXEC 512 #define PORT_REXEC_SSL 512 #define PORT_RLOGIN 513 #define PORT_RLOGIN_SSL 513 #define PORT_RSH 514 #define PORT_RSH_SSL 514 #define PORT_SOCKS5 1080 #define PORT_SOCKS5_SSL 1080 #define PORT_ICQ 4000 #define PORT_ICQ_SSL -1 #define PORT_VNC 5900 #define PORT_VNC_SSL 5901 #define PORT_PCNFS 0 #define PORT_PCNFS_SSL -1 #define PORT_MYSQL 3306 #define PORT_MYSQL_SSL 3306 #define PORT_MSSQL 1433 #define PORT_MSSQL_SSL 1433 #define PORT_POSTGRES 5432 #define PORT_POSTGRES_SSL 5432 #define PORT_ORACLE 1521 #define PORT_ORACLE_SSL 1521 #define PORT_PCANYWHERE 5631 #define PORT_PCANYWHERE_SSL 5631 #define PORT_SAPR3 -1 #define PORT_SAPR3_SSL -1 #define PORT_SSH 22 #define PORT_SSH_SSL 22 #define PORT_SNMP 161 #define PORT_SNMP_SSL 1993 #define PORT_CVS 2401 #define PORT_CVS_SSL 2401 #define PORT_FIREBIRD 3050 #define PORT_FIREBIRD_SSL 3050 #define PORT_AFP 548 #define PORT_AFP_SSL 548 #define PORT_NCP 524 #define PORT_NCP_SSL 524 #define PORT_SVN 3690 #define PORT_SVN_SSL 3690 #define PORT_SMTP 25 #define PORT_SMTP_SSL 465 #define PORT_TEAMSPEAK 8767 #define PORT_TEAMSPEAK_SSL 8767 #define PORT_SIP 5060 #define PORT_SIP_SSL 5061 #define PORT_VMAUTHD 902 #define PORT_VMAUTHD_SSL 902 #define PORT_XMPP 5222 #define PORT_XMPP_SSL 5223 #define PORT_IRC 6667 #define PORT_IRC_SSL 6697 #define PORT_RDP 3389 #define PORT_RDP_SSL 3389 #define PORT_ASTERISK 5038 #define PORT_ASTERISK_SSL 5038 #define PORT_S7_300 102 #define PORT_S7_300_SSL 102 #define PORT_REDIS 6379 #define PORT_REDIS_SSL 6379 #define False 0 #define True 1 #ifndef INET_ADDRSTRLEN #define INET_ADDRSTRLEN 16 #endif #define _HYDRA_H #endif hydra-8.1/INSTALL0000644000175000010010000000136712441064454012125 0ustar marcNonetype "./configure", then "make" and finally "sudo make install" For special modules you need to install software packages before you run "./configure": Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel For the Oracle login module, install the basic and SDK packages: http://www.oracle.com/technetwork/database/features/instant-client/index.html hydra-8.1/libpq-fe.h0000644000175000010010000004110412441064454012735 0ustar marcNone /*------------------------------------------------------------------------- * * libpq-fe.h * This file contains definitions for structures and * externs for functions used by frontend postgres applications. * * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * * $Id: libpq-fe.h,v 1.100 2003/08/27 00:33:34 petere Exp $ * *------------------------------------------------------------------------- */ #ifndef LIBPQ_FE_H #define LIBPQ_FE_H #ifdef __cplusplus extern "C" { #endif #include /* * postgres_ext.h defines the backend's externally visible types, * such as Oid. */ #include "postgres_ext.h" /* SSL type is needed here only to declare PQgetssl() */ #ifdef USE_SSL #include #endif /* Application-visible enum types */ typedef enum { /* * Although it is okay to add to this list, values which become unused * should never be removed, nor should constants be redefined - that * would break compatibility with existing code. */ CONNECTION_OK, CONNECTION_BAD, /* Non-blocking mode only below here */ /* * The existence of these should never be relied upon - they should * only be used for user feedback or similar purposes. */ CONNECTION_STARTED, /* Waiting for connection to be made. */ CONNECTION_MADE, /* Connection OK; waiting to send. */ CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the * postmaster. */ CONNECTION_AUTH_OK, /* Received authentication; waiting for * backend startup. */ CONNECTION_SETENV, /* Negotiating environment. */ CONNECTION_SSL_STARTUP, /* Negotiating SSL. */ CONNECTION_NEEDED /* Internal state: connect() needed */ } ConnStatusType; typedef enum { PGRES_POLLING_FAILED = 0, PGRES_POLLING_READING, /* These two indicate that one may */ PGRES_POLLING_WRITING, /* use select before polling again. */ PGRES_POLLING_OK, PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards * compatibility */ } PostgresPollingStatusType; typedef enum { PGRES_EMPTY_QUERY = 0, /* empty query string was executed */ PGRES_COMMAND_OK, /* a query command that doesn't return * anything was executed properly by the * backend */ PGRES_TUPLES_OK, /* a query command that returns tuples was * executed properly by the backend, * PGresult contains the result tuples */ PGRES_COPY_OUT, /* Copy Out data transfer in progress */ PGRES_COPY_IN, /* Copy In data transfer in progress */ PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from * the backend */ PGRES_NONFATAL_ERROR, /* notice or warning message */ PGRES_FATAL_ERROR /* query failed */ } ExecStatusType; typedef enum { PQTRANS_IDLE, /* connection idle */ PQTRANS_ACTIVE, /* command in progress */ PQTRANS_INTRANS, /* idle, within transaction block */ PQTRANS_INERROR, /* idle, within failed transaction */ PQTRANS_UNKNOWN /* cannot determine status */ } PGTransactionStatusType; typedef enum { PQERRORS_TERSE, /* single-line error messages */ PQERRORS_DEFAULT, /* recommended style */ PQERRORS_VERBOSE /* all the facts, ma'am */ } PGVerbosity; /* PGconn encapsulates a connection to the backend. * The contents of this struct are not supposed to be known to applications. */ typedef struct pg_conn PGconn; /* PGresult encapsulates the result of a query (or more precisely, of a single * SQL command --- a query string given to PQsendQuery can contain multiple * commands and thus return multiple PGresult objects). * The contents of this struct are not supposed to be known to applications. */ typedef struct pg_result PGresult; /* PGnotify represents the occurrence of a NOTIFY message. * Ideally this would be an opaque typedef, but it's so simple that it's * unlikely to change. * NOTE: in Postgres 6.4 and later, the be_pid is the notifying backend's, * whereas in earlier versions it was always your own backend's PID. */ typedef struct pgNotify { char *relname; /* notification condition name */ int be_pid; /* process ID of server process */ char *extra; /* notification parameter */ } PGnotify; /* Function types for notice-handling callbacks */ typedef void (*PQnoticeReceiver) (void *arg, const PGresult * res); typedef void (*PQnoticeProcessor) (void *arg, const char *message); /* Print options for PQprint() */ typedef char pqbool; typedef struct _PQprintOpt { pqbool header; /* print output field headings and row * count */ pqbool align; /* fill align the fields */ pqbool standard; /* old brain dead format */ pqbool html3; /* output html tables */ pqbool expanded; /* expand tables */ pqbool pager; /* use pager for output if needed */ char *fieldSep; /* field separator */ char *tableOpt; /* insert to HTML */ char *caption; /* HTML
*/ char **fieldName; /* null terminated array of repalcement * field names */ } PQprintOpt; /* ---------------- * Structure for the conninfo parameter definitions returned by PQconndefaults * * All fields except "val" point at static strings which must not be altered. * "val" is either NULL or a malloc'd current-value string. PQconninfoFree() * will release both the val strings and the PQconninfoOption array itself. * ---------------- */ typedef struct _PQconninfoOption { char *keyword; /* The keyword of the option */ char *envvar; /* Fallback environment variable name */ char *compiled; /* Fallback compiled in default value */ char *val; /* Option's current value, or NULL */ char *label; /* Label for field in connect dialog */ char *dispchar; /* Character to display for this field in * a connect dialog. Values are: "" * Display entered value as is "*" * Password field - hide value "D" Debug * option - don't show by default */ int dispsize; /* Field size in characters for dialog */ } PQconninfoOption; /* ---------------- * PQArgBlock -- structure for PQfn() arguments * ---------------- */ typedef struct { int len; int isint; union { int *ptr; /* can't use void (dec compiler barfs) */ int integer; } u; } PQArgBlock; /* ---------------- * Exported functions of libpq * ---------------- */ /* === in fe-connect.c === */ /* make a new client connection to the backend */ /* Asynchronous (non-blocking) */ extern PGconn *PQconnectStart(const char *conninfo); extern PostgresPollingStatusType PQconnectPoll(PGconn * conn); /* Synchronous (blocking) */ extern PGconn *PQconnectdb(const char *conninfo); extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd); #define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME) \ PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL) /* close the current connection and free the PGconn data structure */ extern void PQfinish(PGconn * conn); /* get info about connection options known to PQconnectdb */ extern PQconninfoOption *PQconndefaults(void); /* free the data structure returned by PQconndefaults() */ extern void PQconninfoFree(PQconninfoOption * connOptions); /* * close the current connection and restablish a new one with the same * parameters */ /* Asynchronous (non-blocking) */ extern int PQresetStart(PGconn * conn); extern PostgresPollingStatusType PQresetPoll(PGconn * conn); /* Synchronous (blocking) */ extern void PQreset(PGconn * conn); /* issue a cancel request */ extern int PQrequestCancel(PGconn * conn); /* Accessor functions for PGconn objects */ extern char *PQdb(const PGconn * conn); extern char *PQuser(const PGconn * conn); extern char *PQpass(const PGconn * conn); extern char *PQhost(const PGconn * conn); extern char *PQport(const PGconn * conn); extern char *PQtty(const PGconn * conn); extern char *PQoptions(const PGconn * conn); extern ConnStatusType PQstatus(const PGconn * conn); extern PGTransactionStatusType PQtransactionStatus(const PGconn * conn); extern const char *PQparameterStatus(const PGconn * conn, const char *paramName); extern int PQprotocolVersion(const PGconn * conn); extern char *PQerrorMessage(const PGconn * conn); extern int PQsocket(const PGconn * conn); extern int PQbackendPID(const PGconn * conn); extern int PQclientEncoding(const PGconn * conn); extern int PQsetClientEncoding(PGconn * conn, const char *encoding); #ifdef USE_SSL /* Get the SSL structure associated with a connection */ extern SSL *PQgetssl(PGconn * conn); #endif /* Set verbosity for PQerrorMessage and PQresultErrorMessage */ extern PGVerbosity PQsetErrorVerbosity(PGconn * conn, PGVerbosity verbosity); /* Enable/disable tracing */ extern void PQtrace(PGconn * conn, FILE * debug_port); extern void PQuntrace(PGconn * conn); /* Override default notice handling routines */ extern PQnoticeReceiver PQsetNoticeReceiver(PGconn * conn, PQnoticeReceiver proc, void *arg); extern PQnoticeProcessor PQsetNoticeProcessor(PGconn * conn, PQnoticeProcessor proc, void *arg); /* === in fe-exec.c === */ /* Simple synchronous query */ extern PGresult *PQexec(PGconn * conn, const char *query); extern PGresult *PQexecParams(PGconn * conn, const char *command, int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); extern PGresult *PQexecPrepared(PGconn * conn, const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); /* Interface for multiple-result or asynchronous queries */ extern int PQsendQuery(PGconn * conn, const char *query); extern int PQsendQueryParams(PGconn * conn, const char *command, int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); extern int PQsendQueryPrepared(PGconn * conn, const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); extern PGresult *PQgetResult(PGconn * conn); /* Routines for managing an asynchronous query */ extern int PQisBusy(PGconn * conn); extern int PQconsumeInput(PGconn * conn); /* LISTEN/NOTIFY support */ extern PGnotify *PQnotifies(PGconn * conn); /* Routines for copy in/out */ extern int PQputCopyData(PGconn * conn, const char *buffer, int nbytes); extern int PQputCopyEnd(PGconn * conn, const char *errormsg); extern int PQgetCopyData(PGconn * conn, char **buffer, int async); /* Deprecated routines for copy in/out */ extern int PQgetline(PGconn * conn, char *string, int length); extern int PQputline(PGconn * conn, const char *string); extern int PQgetlineAsync(PGconn * conn, char *buffer, int bufsize); extern int PQputnbytes(PGconn * conn, const char *buffer, int nbytes); extern int PQendcopy(PGconn * conn); /* Set blocking/nonblocking connection to the backend */ extern int PQsetnonblocking(PGconn * conn, int arg); extern int PQisnonblocking(const PGconn * conn); /* Force the write buffer to be written (or at least try) */ extern int PQflush(PGconn * conn); /* * "Fast path" interface --- not really recommended for application * use */ extern PGresult *PQfn(PGconn * conn, int fnid, int *result_buf, int *result_len, int result_is_int, const PQArgBlock * args, int nargs); /* Accessor functions for PGresult objects */ extern ExecStatusType PQresultStatus(const PGresult * res); extern char *PQresStatus(ExecStatusType status); extern char *PQresultErrorMessage(const PGresult * res); extern char *PQresultErrorField(const PGresult * res, int fieldcode); extern int PQntuples(const PGresult * res); extern int PQnfields(const PGresult * res); extern int PQbinaryTuples(const PGresult * res); extern char *PQfname(const PGresult * res, int field_num); extern int PQfnumber(const PGresult * res, const char *field_name); extern Oid PQftable(const PGresult * res, int field_num); extern int PQftablecol(const PGresult * res, int field_num); extern int PQfformat(const PGresult * res, int field_num); extern Oid PQftype(const PGresult * res, int field_num); extern int PQfsize(const PGresult * res, int field_num); extern int PQfmod(const PGresult * res, int field_num); extern char *PQcmdStatus(PGresult * res); extern char *PQoidStatus(const PGresult * res); /* old and ugly */ extern Oid PQoidValue(const PGresult * res); /* new and improved */ extern char *PQcmdTuples(PGresult * res); extern char *PQgetvalue(const PGresult * res, int tup_num, int field_num); extern int PQgetlength(const PGresult * res, int tup_num, int field_num); extern int PQgetisnull(const PGresult * res, int tup_num, int field_num); /* Delete a PGresult */ extern void PQclear(PGresult * res); /* For freeing other alloc'd results, such as PGnotify structs */ extern void PQfreemem(void *ptr); /* Exists for backward compatibility. bjm 2003-03-24 */ #define PQfreeNotify(ptr) PQfreemem(ptr) /* * Make an empty PGresult with given status (some apps find this * useful). If conn is not NULL and status indicates an error, the * conn's errorMessage is copied. */ extern PGresult *PQmakeEmptyPGresult(PGconn * conn, ExecStatusType status); /* Quoting strings before inclusion in queries. */ extern size_t PQescapeString(char *to, const char *from, size_t length); extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t * bytealen); extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t * retbuflen); /* === in fe-print.c === */ extern void PQprint(FILE * fout, /* output stream */ const PGresult * res, const PQprintOpt * ps); /* option structure */ /* * really old printing routines */ extern void PQdisplayTuples(const PGresult * res, FILE * fp, /* where to send the output */ int fillAlign, /* pad the fields with spaces */ const char *fieldSep, /* field separator */ int printHeader, /* display headers? */ int quiet); extern void PQprintTuples(const PGresult * res, FILE * fout, /* output stream */ int printAttName, /* print attribute names */ int terseOutput, /* delimiter bars */ int width); /* width of column, if 0, use variable * width */ /* === in fe-lobj.c === */ /* Large-object access routines */ extern int lo_open(PGconn * conn, Oid lobjId, int mode); extern int lo_close(PGconn * conn, int fd); extern int lo_read(PGconn * conn, int fd, char *buf, size_t len); extern int lo_write(PGconn * conn, int fd, char *buf, size_t len); extern int lo_lseek(PGconn * conn, int fd, int offset, int whence); extern Oid lo_creat(PGconn * conn, int mode); extern int lo_tell(PGconn * conn, int fd); extern int lo_unlink(PGconn * conn, Oid lobjId); extern Oid lo_import(PGconn * conn, const char *filename); extern int lo_export(PGconn * conn, Oid lobjId, const char *filename); /* === in fe-misc.c === */ /* Determine length of multibyte encoded char at *s */ extern int PQmblen(const unsigned char *s, int encoding); /* Get encoding id from environment variable PGCLIENTENCODING */ extern int PQenv2encoding(void); #ifdef __cplusplus } #endif #endif /* LIBPQ_FE_H */ hydra-8.1/LICENSE0000644000175000010010000010510212441064454012071 0ustar marcNone[see the end of the file for the special exception for linking with OpenSSL - debian people need this] GNU AFFERO GENERAL PUBLIC LICENSE Version 3, 19 November 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, our General Public Licenses are intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software. A secondary benefit of defending all users' freedom is that improvements made in alternate versions of the program, if they receive widespread use, become available for other developers to incorporate. Many developers of free software are heartened and encouraged by the resulting cooperation. However, in the case of software used on network servers, this result may fail to come about. The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public. The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version. An older license, called the Affero General Public License and published by Affero, was designed to accomplish similar goals. This is a different license, not a version of the Affero GPL, but Affero has released a new version of the Affero GPL which permits relicensing under this license. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU Affero General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Remote Network Interaction; Use with the GNU General Public License. Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU Affero General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU Affero General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU Affero General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU Affero General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If your software can interact with users remotely through a computer network, you should also make sure that it provides a way for users to get its source. For example, if your program is a web application, its interface could display a "Source" link that leads users to an archive of the code. There are many ways you could offer source, and different solutions will be better for different programs; see section 13 for the specific requirements. You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see . Special Exception * In addition, as a special exception, the copyright holders give * permission to link the code of portions of this program with the * OpenSSL library under certain conditions as described in each * individual source file, and distribute linked combinations * including the two. * You must obey the GNU Affero General Public License in all respects * for all of the code used other than OpenSSL. If you modify * file(s) with this exception, you may extend this exception to your * version of the file(s), but you are not obligated to do so. If you * do not wish to do so, delete this exception statement from your * version. If you delete this exception statement from all source * files in the program, then also delete it here. hydra-8.1/LICENSE.OPENSSL0000644000175000010010000002053412441064454013220 0ustar marcNone/* * (c) 2002, 2003, 2004 by Jason McLaughlin and Riadh Elloumi * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but * is provided AS IS, WITHOUT ANY WARRANTY; without even the implied * warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and * NON-INFRINGEMENT. See the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, * MA 02111-1307, USA. * * In addition, as a special exception, the copyright holders give * permission to link the code of portions of this program with the * OpenSSL library under certain conditions as described in each * individual source file, and distribute linked combinations * including the two. * You must obey the GNU General Public License in all respects * for all of the code used other than OpenSSL. If you modify * file(s) with this exception, you may extend this exception to your * version of the file(s), but you are not obligated to do so. If you * do not wish to do so, delete this exception statement from your * version. If you delete this exception statement from all source * files in the program, then also delete it here. */ Certain source files in this program permit linking with the OpenSSL library (http://www.openssl.org), which otherwise wouldn't be allowed under the GPL. For purposes of identifying OpenSSL, most source files giving this permission limit it to versions of OpenSSL having a license identical to that listed in this file (LICENSE.OpenSSL). It is not necessary for the copyright years to match between this file and the OpenSSL version in question. However, note that because this file is an extension of the license statements of these source files, this file may not be changed except with permission from all copyright holders of source files in this program which reference this file. LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. OpenSSL License --------------- /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ Original SSLeay License ----------------------- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ hydra-8.1/Makefile0000644000175000010010000000013212441064460012516 0ustar marcNoneall: @echo Error: you must run "./configure" first clean: cp -f Makefile.orig Makefile hydra-8.1/Makefile.am0000644000175000010010000000677412441064454013137 0ustar marcNone# # Makefile for Hydra - (c) 2001-2014 by van Hauser / THC # OPTS=-I. -O3 # -Wall -g -pedantic LIBS=-lm DIR=/bin SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ hydra-rdp.c hydra-s7-300.c hydra-redis.c \ crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ hydra-rdp.o hydra-s7-300.c \ crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o BINS = hydra pw-inspector EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ hydra-mod.h hydra.h crc32.h d3des.h all: pw-inspector hydra $(XHYDRA_SUPPORT) @echo @echo Now type "make install" hydra: hydra.c $(OBJ) $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) @echo @echo If men could get pregnant, abortion would be a sacrament @echo xhydra: -cd hydra-gtk && sh ./make_xhydra.sh pw-inspector: pw-inspector.c -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c .c.o: $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) strip: all strip $(BINS) -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null install: strip -mkdir -p $(PREFIX)$(DIR) cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh -chmod 755 $(PREFIX)/bin/dpl4hydra.sh -mkdir -p $(PREFIX)/etc/ -cp -f *.csv $(PREFIX)/etc/ -mkdir -p $(PREFIX)/man/man1 -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile hydra-8.1/Makefile.orig0000644000175000010010000000013212441064454013460 0ustar marcNoneall: @echo Error: you must run "./configure" first clean: cp -f Makefile.orig Makefile hydra-8.1/Makefile.unix0000644000175000010010000000002312441064454013502 0ustar marcNoneCC=gcc STRIP=strip hydra-8.1/ntlm.c0000644000175000010010000011725312441064454012214 0ustar marcNone/* $Id$ Single file NTLM system to create and parse authentication messages. http://www.reversing.org ilo-- ilo@reversing.org I did copy&paste&modify several files to leave independent NTLM code that compile in cygwin/linux environment. Most of the code was ripped from Samba implementation so I left the Copying statement. Samba core code was left unmodified from 1.9 version. Also libntlm was ripped but rewrote, due to fixed and useless interface. Library oriented code was removed. (c) goes to: Simon Josefsson. Information about interface to this ntlm-system is in ntlm.h file. Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #ifdef WIN32 #else #include #endif #include #include #include #include #include #include "ntlm.h" /* Byte order macros */ #ifndef _BYTEORDER_H #define _BYTEORDER_H /* This file implements macros for machine independent short and int manipulation Here is a description of this file that I emailed to the samba list once: > I am confused about the way that byteorder.h works in Samba. I have > looked at it, and I would have thought that you might make a distinction > between LE and BE machines, but you only seem to distinguish between 386 > and all other architectures. > > Can you give me a clue? sure. The distinction between 386 and other architectures is only there as an optimisation. You can take it out completely and it will make no difference. The routines (macros) in byteorder.h are totally byteorder independent. The 386 optimsation just takes advantage of the fact that the x86 processors don't care about alignment, so we don't have to align ints on int boundaries etc. If there are other processors out there that aren't alignment sensitive then you could also define CAREFUL_ALIGNMENT=0 on those processors as well. Ok, now to the macros themselves. I'll take a simple example, say we want to extract a 2 byte integer from a SMB packet and put it into a type called uint16 that is in the local machines byte order, and you want to do it with only the assumption that uint16 is _at_least_ 16 bits long (this last condition is very important for architectures that don't have any int types that are 2 bytes long) You do this: #define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) #define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) #define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) then to extract a uint16 value at offset 25 in a buffer you do this: char *buffer = foo_bar(); uint16 xx = SVAL(buffer,25); We are using the byteoder independence of the ANSI C bitshifts to do the work. A good optimising compiler should turn this into efficient code, especially if it happens to have the right byteorder :-) I know these macros can be made a bit tidier by removing some of the casts, but you need to look at byteorder.h as a whole to see the reasoning behind them. byteorder.h defines the following macros: SVAL(buf,pos) - extract a 2 byte SMB value IVAL(buf,pos) - extract a 4 byte SMB value SVALS(buf,pos) signed version of SVAL() IVALS(buf,pos) signed version of IVAL() SSVAL(buf,pos,val) - put a 2 byte SMB value into a buffer SIVAL(buf,pos,val) - put a 4 byte SMB value into a buffer SSVALS(buf,pos,val) - signed version of SSVAL() SIVALS(buf,pos,val) - signed version of SIVAL() RSVAL(buf,pos) - like SVAL() but for NMB byte ordering RSVALS(buf,pos) - like SVALS() but for NMB byte ordering RIVAL(buf,pos) - like IVAL() but for NMB byte ordering RIVALS(buf,pos) - like IVALS() but for NMB byte ordering RSSVAL(buf,pos,val) - like SSVAL() but for NMB ordering RSIVAL(buf,pos,val) - like SIVAL() but for NMB ordering RSIVALS(buf,pos,val) - like SIVALS() but for NMB ordering it also defines lots of intermediate macros, just ignore those :-) */ /* some switch macros that do both store and read to and from SMB buffers */ #define RW_PCVAL(read,inbuf,outbuf,len) \ { if (read) { PCVAL (inbuf,0,outbuf,len); } \ else { PSCVAL(inbuf,0,outbuf,len); } } #define RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ { if (read) { if (big_endian) { RPIVAL(inbuf,0,outbuf,len); } else { PIVAL(inbuf,0,outbuf,len); } } \ else { if (big_endian) { RPSIVAL(inbuf,0,outbuf,len); } else { PSIVAL(inbuf,0,outbuf,len); } } } #define RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ { if (read) { if (big_endian) { RPSVAL(inbuf,0,outbuf,len); } else { PSVAL(inbuf,0,outbuf,len); } } \ else { if (big_endian) { RPSSVAL(inbuf,0,outbuf,len); } else { PSSVAL(inbuf,0,outbuf,len); } } } #define RW_CVAL(read, inbuf, outbuf, offset) \ { if (read) { (outbuf) = CVAL (inbuf,offset); } \ else { SCVAL(inbuf,offset,outbuf); } } #define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ { if (read) { (outbuf) = ((big_endian) ? RIVAL(inbuf,offset) : IVAL (inbuf,offset)); } \ else { if (big_endian) { RSIVAL(inbuf,offset,outbuf); } else { SIVAL(inbuf,offset,outbuf); } } } #define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ { if (read) { (outbuf) = ((big_endian) ? RSVAL(inbuf,offset) : SVAL (inbuf,offset)); } \ else { if (big_endian) { RSSVAL(inbuf,offset,outbuf); } else { SSVAL(inbuf,offset,outbuf); } } } #undef CAREFUL_ALIGNMENT /* we know that the 386 can handle misalignment and has the "right" byteorder */ #ifdef __i386__ #define CAREFUL_ALIGNMENT 0 #endif #ifndef CAREFUL_ALIGNMENT #define CAREFUL_ALIGNMENT 1 #endif #define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) #define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) #define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) #if CAREFUL_ALIGNMENT #define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) #define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) #define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) #define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) #define SVALS(buf,pos) ((int16)SVAL(buf,pos)) #define IVALS(buf,pos) ((int32)IVAL(buf,pos)) #define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) #define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) #define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) #define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) #else /* CAREFUL_ALIGNMENT */ /* this handles things for architectures like the 386 that can handle alignment errors */ /* WARNING: This section is dependent on the length of int16 and int32 being correct */ /* get single value from an SMB buffer */ #define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) #define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) #define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) #define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) /* store single value in an SMB buffer */ #define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) #define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) #define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) #define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) #endif /* CAREFUL_ALIGNMENT */ /* macros for reading / writing arrays */ #define SMBMACRO(macro,buf,pos,val,len,size) \ { int l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } #define SSMBMACRO(macro,buf,pos,val,len,size) \ { int l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } /* reads multiple data from an SMB buffer */ #define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) #define PSVAL(buf,pos,val,len) SMBMACRO(SVAL,buf,pos,val,len,2) #define PIVAL(buf,pos,val,len) SMBMACRO(IVAL,buf,pos,val,len,4) #define PCVALS(buf,pos,val,len) SMBMACRO(CVALS,buf,pos,val,len,1) #define PSVALS(buf,pos,val,len) SMBMACRO(SVALS,buf,pos,val,len,2) #define PIVALS(buf,pos,val,len) SMBMACRO(IVALS,buf,pos,val,len,4) /* stores multiple data in an SMB buffer */ #define PSCVAL(buf,pos,val,len) SSMBMACRO(SCVAL,buf,pos,val,len,1) #define PSSVAL(buf,pos,val,len) SSMBMACRO(SSVAL,buf,pos,val,len,2) #define PSIVAL(buf,pos,val,len) SSMBMACRO(SIVAL,buf,pos,val,len,4) #define PSCVALS(buf,pos,val,len) SSMBMACRO(SCVALS,buf,pos,val,len,1) #define PSSVALS(buf,pos,val,len) SSMBMACRO(SSVALS,buf,pos,val,len,2) #define PSIVALS(buf,pos,val,len) SSMBMACRO(SIVALS,buf,pos,val,len,4) /* now the reverse routines - these are used in nmb packets (mostly) */ #define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) #define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) #define RSVAL(buf,pos) SREV(SVAL(buf,pos)) #define RSVALS(buf,pos) SREV(SVALS(buf,pos)) #define RIVAL(buf,pos) IREV(IVAL(buf,pos)) #define RIVALS(buf,pos) IREV(IVALS(buf,pos)) #define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) #define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) #define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) #define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) /* reads multiple data from an SMB buffer (big-endian) */ #define RPSVAL(buf,pos,val,len) SMBMACRO(RSVAL,buf,pos,val,len,2) #define RPIVAL(buf,pos,val,len) SMBMACRO(RIVAL,buf,pos,val,len,4) #define RPSVALS(buf,pos,val,len) SMBMACRO(RSVALS,buf,pos,val,len,2) #define RPIVALS(buf,pos,val,len) SMBMACRO(RIVALS,buf,pos,val,len,4) /* stores multiple data in an SMB buffer (big-endian) */ #define RPSSVAL(buf,pos,val,len) SSMBMACRO(RSSVAL,buf,pos,val,len,2) #define RPSIVAL(buf,pos,val,len) SSMBMACRO(RSIVAL,buf,pos,val,len,4) #define RPSSVALS(buf,pos,val,len) SSMBMACRO(RSSVALS,buf,pos,val,len,2) #define RPSIVALS(buf,pos,val,len) SSMBMACRO(RSIVALS,buf,pos,val,len,4) #define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ { RW_PCVAL(read,inbuf,outbuf,len) \ DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), base,string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ DEBUG(5,("\n")); } #define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ { RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), base,string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ DEBUG(5,("\n")); } #define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ { RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), base,string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ DEBUG(5,("\n")); } #define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ { RW_CVAL(read,inbuf,outbuf,0) \ DEBUG(5,("%s%04x %s: %02x\n", \ tab_depth(depth), base, string, outbuf)); } #define DBG_RW_SVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ { RW_SVAL(read,big_endian,inbuf,outbuf,0) \ DEBUG(5,("%s%04x %s: %04x\n", \ tab_depth(depth), base, string, outbuf)); } #define DBG_RW_IVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ { RW_IVAL(read,big_endian,inbuf,outbuf,0) \ DEBUG(5,("%s%04x %s: %08x\n", \ tab_depth(depth), base, string, outbuf)); } #endif /* _BYTEORDER_H */ /* Samba MD4 implementation */ /* NOTE: This code makes no attempt to be fast! It assumes that a int is at least 32 bits long */ static uint32 A, B, C, D; static uint32 F(uint32 X, uint32 Y, uint32 Z) { return (X & Y) | ((~X) & Z); } static uint32 G(uint32 X, uint32 Y, uint32 Z) { return (X & Y) | (X & Z) | (Y & Z); } static uint32 H(uint32 X, uint32 Y, uint32 Z) { return X ^ Y ^ Z; } static uint32 lshift(uint32 x, int s) { x &= 0xFFFFFFFF; return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); } #define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) #define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) #define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) /* this applies md4 to 64 byte chunks */ static void mdfour64(uint32 * M) { int j; uint32 AA, BB, CC, DD; uint32 X[16]; for (j = 0; j < 16; j++) X[j] = M[j]; AA = A; BB = B; CC = C; DD = D; ROUND1(A, B, C, D, 0, 3); ROUND1(D, A, B, C, 1, 7); ROUND1(C, D, A, B, 2, 11); ROUND1(B, C, D, A, 3, 19); ROUND1(A, B, C, D, 4, 3); ROUND1(D, A, B, C, 5, 7); ROUND1(C, D, A, B, 6, 11); ROUND1(B, C, D, A, 7, 19); ROUND1(A, B, C, D, 8, 3); ROUND1(D, A, B, C, 9, 7); ROUND1(C, D, A, B, 10, 11); ROUND1(B, C, D, A, 11, 19); ROUND1(A, B, C, D, 12, 3); ROUND1(D, A, B, C, 13, 7); ROUND1(C, D, A, B, 14, 11); ROUND1(B, C, D, A, 15, 19); ROUND2(A, B, C, D, 0, 3); ROUND2(D, A, B, C, 4, 5); ROUND2(C, D, A, B, 8, 9); ROUND2(B, C, D, A, 12, 13); ROUND2(A, B, C, D, 1, 3); ROUND2(D, A, B, C, 5, 5); ROUND2(C, D, A, B, 9, 9); ROUND2(B, C, D, A, 13, 13); ROUND2(A, B, C, D, 2, 3); ROUND2(D, A, B, C, 6, 5); ROUND2(C, D, A, B, 10, 9); ROUND2(B, C, D, A, 14, 13); ROUND2(A, B, C, D, 3, 3); ROUND2(D, A, B, C, 7, 5); ROUND2(C, D, A, B, 11, 9); ROUND2(B, C, D, A, 15, 13); ROUND3(A, B, C, D, 0, 3); ROUND3(D, A, B, C, 8, 9); ROUND3(C, D, A, B, 4, 11); ROUND3(B, C, D, A, 12, 15); ROUND3(A, B, C, D, 2, 3); ROUND3(D, A, B, C, 10, 9); ROUND3(C, D, A, B, 6, 11); ROUND3(B, C, D, A, 14, 15); ROUND3(A, B, C, D, 1, 3); ROUND3(D, A, B, C, 9, 9); ROUND3(C, D, A, B, 5, 11); ROUND3(B, C, D, A, 13, 15); ROUND3(A, B, C, D, 3, 3); ROUND3(D, A, B, C, 11, 9); ROUND3(C, D, A, B, 7, 11); ROUND3(B, C, D, A, 15, 15); A += AA; B += BB; C += CC; D += DD; A &= 0xFFFFFFFF; B &= 0xFFFFFFFF; C &= 0xFFFFFFFF; D &= 0xFFFFFFFF; for (j = 0; j < 16; j++) X[j] = 0; } static void copy64(uint32 * M, unsigned char *in) { int i; for (i = 0; i < 16; i++) M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); } static void copy4(unsigned char *out, uint32 x) { out[0] = x & 0xFF; out[1] = (x >> 8) & 0xFF; out[2] = (x >> 16) & 0xFF; out[3] = (x >> 24) & 0xFF; } /* produce a md4 message digest from data of length n bytes */ void mdfour(unsigned char *out, unsigned char *in, int n) { unsigned char buf[128]; uint32 M[16]; uint32 b = n * 8; int i; A = 0x67452301; B = 0xefcdab89; C = 0x98badcfe; D = 0x10325476; while (n > 64) { copy64(M, in); mdfour64(M); in += 64; n -= 64; } for (i = 0; i < 128; i++) buf[i] = 0; memcpy(buf, in, n); buf[n] = 0x80; if (n <= 55) { copy4(buf + 56, b); copy64(M, buf); mdfour64(M); } else { copy4(buf + 120, b); copy64(M, buf); mdfour64(M); copy64(M, buf + 64); mdfour64(M); } for (i = 0; i < 128; i++) buf[i] = 0; copy64(M, buf); copy4(out, A); copy4(out + 4, B); copy4(out + 8, C); copy4(out + 12, D); A = B = C = D = 0; } /* Samba DES implementation */ #define uchar unsigned char #define int16 signed short static uchar perm1[56] = { 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 }; static uchar perm2[48] = { 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 }; static uchar perm3[64] = { 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 }; static uchar perm4[48] = { 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 }; static uchar perm5[32] = { 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 }; static uchar perm6[64] = { 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25 }; static uchar sc[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; static uchar sbox[8][4][16] = { {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}} }; static void permute(char *out, char *in, uchar * p, int n) { int i; for (i = 0; i < n; i++) out[i] = in[p[i] - 1]; } static void l_shift(char *d, int count, int n) { char out[64]; int i; for (i = 0; i < n; i++) out[i] = d[(i + count) % n]; for (i = 0; i < n; i++) d[i] = out[i]; } static void concat(char *out, char *in1, char *in2, int l1, int l2) { while (l1--) *out++ = *in1++; while (l2--) *out++ = *in2++; } void xor(char *out, char *in1, char *in2, int n) { int i; for (i = 0; i < n; i++) out[i] = in1[i] ^ in2[i]; } static void dohash(char *out, char *in, char *key, int forw) { int i, j, k; char pk1[56]; char c[28]; char d[28]; char cd[56]; char ki[16][48]; char pd1[64]; char l[32], r[32]; char rl[64]; permute(pk1, key, perm1, 56); for (i = 0; i < 28; i++) c[i] = pk1[i]; for (i = 0; i < 28; i++) d[i] = pk1[i + 28]; for (i = 0; i < 16; i++) { l_shift(c, sc[i], 28); l_shift(d, sc[i], 28); concat(cd, c, d, 28, 28); permute(ki[i], cd, perm2, 48); } permute(pd1, in, perm3, 64); for (j = 0; j < 32; j++) { l[j] = pd1[j]; r[j] = pd1[j + 32]; } for (i = 0; i < 16; i++) { char er[48]; char erk[48]; char b[8][6]; char cb[32]; char pcb[32]; char r2[32]; permute(er, r, perm4, 48); xor(erk, er, ki[forw ? i : 15 - i], 48); for (j = 0; j < 8; j++) for (k = 0; k < 6; k++) b[j][k] = erk[j * 6 + k]; for (j = 0; j < 8; j++) { int m, n; m = (b[j][0] << 1) | b[j][5]; n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4]; for (k = 0; k < 4; k++) b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0; } for (j = 0; j < 8; j++) for (k = 0; k < 4; k++) cb[j * 4 + k] = b[j][k]; permute(pcb, cb, perm5, 32); xor(r2, l, pcb, 32); for (j = 0; j < 32; j++) l[j] = r[j]; for (j = 0; j < 32; j++) r[j] = r2[j]; } concat(rl, r, l, 32, 32); permute(out, rl, perm6, 64); } static void str_to_key(unsigned char *str, unsigned char *key) { int i; key[0] = str[0] >> 1; key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3); key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4); key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5); key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6); key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7); key[7] = str[6] & 0x7F; for (i = 0; i < 8; i++) { key[i] = (key[i] << 1); } } static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { int i; char outb[64]; char inb[64]; char keyb[64]; unsigned char key2[8]; str_to_key(key, key2); for (i = 0; i < 64; i++) { inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; outb[i] = 0; } dohash(outb, inb, keyb, forw); for (i = 0; i < 8; i++) { out[i] = 0; } for (i = 0; i < 64; i++) { if (outb[i]) out[i / 8] |= (1 << (7 - (i % 8))); } } void E_P16(unsigned char *p14, unsigned char *p16) { unsigned char sp8[8] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; smbhash(p16, sp8, p14, 1); smbhash(p16 + 8, sp8, p14 + 7, 1); } void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24) { smbhash(p24, c8, p21, 1); smbhash(p24 + 8, c8, p21 + 7, 1); smbhash(p24 + 16, c8, p21 + 14, 1); } void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out) { smbhash(out, in, p14, 0); smbhash(out + 8, in + 8, p14 + 7, 0); } void E_old_pw_hash(unsigned char *p14, unsigned char *in, unsigned char *out) { smbhash(out, in, p14, 1); smbhash(out + 8, in + 8, p14 + 7, 1); } void cred_hash1(unsigned char *out, unsigned char *in, unsigned char *key) { unsigned char buf[8]; smbhash(buf, in, key, 1); smbhash(out, buf, key + 9, 1); } void cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) { unsigned char buf[8]; static unsigned char key2[8]; smbhash(buf, in, key, 1); key2[0] = key[7]; smbhash(out, buf, key2, 1); } void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { static unsigned char key2[8]; smbhash(out, in, key, forw); key2[0] = key[7]; smbhash(out + 8, in + 8, key2, forw); } void SamOEMhash(unsigned char *data, unsigned char *key, int val) { unsigned char s_box[256]; unsigned char index_i = 0; unsigned char index_j = 0; unsigned char j = 0; int ind; for (ind = 0; ind < 256; ind++) { s_box[ind] = (unsigned char) ind; } for (ind = 0; ind < 256; ind++) { unsigned char tc; j += (s_box[ind] + key[ind % 16]); tc = s_box[ind]; s_box[ind] = s_box[j]; s_box[j] = tc; } for (ind = 0; ind < (val ? 516 : 16); ind++) { unsigned char tc; unsigned char t; index_i++; index_j += s_box[index_i]; tc = s_box[index_i]; s_box[index_i] = s_box[index_j]; s_box[index_j] = tc; t = s_box[index_i] + s_box[index_j]; data[ind] = data[ind] ^ s_box[t]; } } /* Samba encryption implementation*/ /**************************************************************************** Like strncpy but always null terminates. Make sure there is room! The variable n should always be one less than the available size. ****************************************************************************/ char *StrnCpy(char *dest, const char *src, size_t n) { char *d = dest; if (!dest) return (NULL); if (!src) { *dest = 0; return (dest); } while (n-- && (*d++ = *src++)); *d = 0; return (dest); } size_t skip_multibyte_char(char c) { return 0; } /******************************************************************* safe string copy into a known length string. maxlength does not include the terminating zero. ********************************************************************/ #define DEBUG(a,b) ; char *safe_strcpy(char *dest, const char *src, size_t maxlength) { size_t len; if (!dest) { DEBUG(0, ("Error: NULL dest in safe_strcpy\n")); return NULL; } if (!src) { *dest = 0; return dest; } len = strlen(src); if (len > maxlength) { DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int) (len - maxlength), src)); len = maxlength; } memcpy(dest, src, len); dest[len] = 0; return dest; } void strupper(char *s) { while (*s) { { size_t skip = skip_multibyte_char(*s); if (skip != 0) s += skip; else { if (islower((int) *s)) *s = toupper((int) *s); s++; } } } } extern void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]); /* This implements the X/Open SMB password encryption It takes a password, a 8 byte "crypt key" and puts 24 bytes of encrypted password into p24 */ void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) { uchar p14[15], p21[21]; memset(p21, '\0', 21); memset(p14, '\0', 14); StrnCpy((char *) p14, (char *) passwd, 14); strupper((char *) p14); E_P16(p14, p21); SMBOWFencrypt(p21, c8, p24); #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBencrypt: lm#, challenge, response\n")); dump_data(100, (char *) p21, 16); dump_data(100, (char *) c8, 8); dump_data(100, (char *) p24, 24); #endif } /* Routines for Windows NT MD4 Hash functions. */ static int _my_wcslen(int16 * str) { int len = 0; while (*str++ != 0) len++; return len; } /* * Convert a string into an NT UNICODE string. * Note that regardless of processor type * this must be in intel (little-endian) * format. */ static int _my_mbstowcs(int16 * dst, uchar * src, int len) { int i; int16 val; for (i = 0; i < len; i++) { val = *src; SSVAL(dst, 0, val); dst++; src++; if (val == 0) break; } return i; } /* * Creates the MD4 Hash of the users password in NT UNICODE. */ void E_md4hash(uchar * passwd, uchar * p16) { int len; int16 wpwd[129]; /* Password cannot be longer than 128 characters */ len = strlen((char *) passwd); if (len > 128) len = 128; /* Password must be converted to NT unicode */ _my_mbstowcs(wpwd, passwd, len); wpwd[len] = 0; /* Ensure string is null terminated */ /* Calculate length in bytes */ len = _my_wcslen(wpwd) * sizeof(int16); mdfour(p16, (unsigned char *) wpwd, len); } /* Does both the NT and LM owfs of a user's password */ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { char passwd[130]; memset(passwd, '\0', 130); safe_strcpy(passwd, pwd, sizeof(passwd) - 1); /* Calculate the MD4 hash (NT compatible) of the password */ memset(nt_p16, '\0', 16); E_md4hash((uchar *) passwd, nt_p16); #ifdef DEBUG_PASSWORD DEBUG(100, ("nt_lm_owf_gen: pwd, nt#\n")); dump_data(120, passwd, strlen(passwd)); dump_data(100, (char *) nt_p16, 16); #endif /* Mangle the passwords into Lanman format */ passwd[14] = '\0'; strupper(passwd); /* Calculate the SMB (lanman) hash functions of the password */ memset(p16, '\0', 16); E_P16((uchar *) passwd, (uchar *) p16); #ifdef DEBUG_PASSWORD DEBUG(100, ("nt_lm_owf_gen: pwd, lm#\n")); dump_data(120, passwd, strlen(passwd)); dump_data(100, (char *) p16, 16); #endif /* clear out local copy of user's password (just being paranoid). */ memset(passwd, '\0', sizeof(passwd)); } /* Does the des encryption from the NT or LM MD4 hash. */ void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]) { uchar p21[21]; memset(p21, '\0', 21); memcpy(p21, passwd, 16); E_P24(p21, c8, p24); } /* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */ void NTLMSSPOWFencrypt(uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) { uchar p21[21]; memset(p21, '\0', 21); memcpy(p21, passwd, 8); memset(p21 + 8, 0xbd, 8); E_P24(p21, ntlmchalresp, p24); #ifdef DEBUG_PASSWORD DEBUG(100, ("NTLMSSPOWFencrypt: p21, c8, p24\n")); dump_data(100, (char *) p21, 21); dump_data(100, (char *) ntlmchalresp, 8); dump_data(100, (char *) p24, 24); #endif } /* Does the NT MD4 hash then des encryption. */ void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { uchar p21[21]; memset(p21, '\0', 21); E_md4hash(passwd, p21); SMBOWFencrypt(p21, c8, p24); #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBNTencrypt: nt#, challenge, response\n")); dump_data(100, (char *) p21, 16); dump_data(100, (char *) c8, 8); dump_data(100, (char *) p24, 24); #endif } #if 0 BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode) { int new_pw_len = strlen(passwd) * (unicode ? 2 : 1); if (new_pw_len > 512) { DEBUG(0, ("make_oem_passwd_hash: new password is too long.\n")); return False; } /* * Now setup the data area. * We need to generate a random fill * for this area to make it harder to * decrypt. JRA. */ generate_random_buffer((unsigned char *) data, 516, False); if (unicode) { struni2(&data[512 - new_pw_len], passwd); } else { fstrcpy(&data[512 - new_pw_len], passwd); } SIVAL(data, 512, new_pw_len); #ifdef DEBUG_PASSWORD DEBUG(100, ("make_oem_passwd_hash\n")); dump_data(100, data, 516); #endif SamOEMhash((unsigned char *) data, (unsigned char *) old_pw_hash, True); return True; } #endif /* libtnlm copyrigth was left here, anyway the interface was slightly modified */ /* included libntlm-3.2.9 (c) even if this code is based in 2.1 version*/ /* Libntlm AUTHORS -- information about the authors Copyright (C) 2002, 2003, 2004 Simon Josefsson See the end for copying conditions. Grant Edwards Original author of libntlm Andrew Tridgell Wrote functions borrowed from SMB. Simon Josefsson Build environment, maintainer. Frediano Ziglio Contributed LGPL versions of some of the GPL'd Samba files. */ /* The [IS]VAL macros are to take care of byte order for non-Intel * Machines -- I think this file is OK, but it hasn't been tested. * The other files (the ones stolen from Samba) should be OK. * I am not crazy about these macros -- they seem to have gotten * a bit complex. A new scheme for handling string/buffer fields * in the structures probably needs to be designed */ #define AddBytes(ptr, header, buf, count) \ { \ if (buf != NULL && count != 0) \ { \ SSVAL(&ptr->header.len,0,count); \ SSVAL(&ptr->header.maxlen,0,count); \ SIVAL(&ptr->header.offset,0,((ptr->buffer - ((uint8*)ptr)) + ptr->bufIndex)); \ memcpy(ptr->buffer+ptr->bufIndex, buf, count); \ ptr->bufIndex += count; \ } \ else \ { \ ptr->header.len = \ ptr->header.maxlen = 0; \ SIVAL(&ptr->header.offset,0,ptr->bufIndex); \ } \ } #define AddString(ptr, header, string) \ { \ char *p = string; \ int len = 0; \ if (p) len = strlen(p); \ AddBytes(ptr, header, ((unsigned char*)p), len); \ } #define AddUnicodeString(ptr, header, string) \ { \ char *p = string; \ unsigned char *b = NULL; \ int len = 0; \ if (p) \ { \ len = strlen(p); \ b = strToUnicode(p); \ } \ AddBytes(ptr, header, b, len*2); \ } #define GetUnicodeString(structPtr, header) \ unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) #define GetString(structPtr, header) \ toString((((char *)structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) #define DumpBuffer(fp, structPtr, header) \ dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) static void dumpRaw(FILE * fp, unsigned char *buf, size_t len) { int i; for (i = 0; i < (signed int) len; ++i) fprintf(fp, "%02x ", buf[i]); fprintf(fp, "\n"); } static char *unicodeToString(char *p, size_t len) { int i; static char buf[1024]; assert(len + 1 < sizeof buf); for (i = 0; i < (signed int) len; ++i) { buf[i] = *p & 0x7f; p += 2; } buf[i] = '\0'; return buf; } static unsigned char *strToUnicode(char *p) { static unsigned char buf[1024]; size_t l = strlen(p); int i = 0; assert(l * 2 < sizeof buf); while (l--) { buf[i++] = *p++; buf[i++] = 0; } return buf; } static unsigned char *toString(char *p, size_t len) { static unsigned char buf[1024]; assert(len + 1 < sizeof buf); memcpy(buf, p, len); buf[len] = 0; return buf; } void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain) { char *h = NULL; //strdup(host); char *p = NULL; //strchr(h,'@'); //TODO: review default flags if (host == NULL) host = ""; if (domain == NULL) domain = ""; h = strdup(host); p = strchr(h, '@'); if (p) { if (!domain) domain = p + 1; *p = '\0'; } if (flags == 0) flags = 0x0000b207; /* Lowest security options to avoid negotiation */ request->bufIndex = 0; memcpy(request->ident, "NTLMSSP\0\0\0", 8); SIVAL(&request->msgType, 0, 1); SIVAL(&request->flags, 0, flags); assert(strlen(host) < 128); AddString(request, host, h); assert(strlen(domain) < 128); AddString(request, domain, domain); free(h); } void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) { uint8 lmRespData[24]; uint8 ntRespData[24]; char *u = strdup(user); char *p = strchr(u, '@'); char *w = NULL; char *d = strdup(GetUnicodeString(challenge, uDomain)); char *domain = d; if (domainname != NULL) domain = domainname; if (host == NULL) host = ""; w = strdup(host); if (p) { domain = p + 1; *p = '\0'; } SMBencrypt((unsigned char *) password, challenge->challengeData, lmRespData); SMBNTencrypt((unsigned char *) password, challenge->challengeData, ntRespData); response->bufIndex = 0; memcpy(response->ident, "NTLMSSP\0\0\0", 8); SIVAL(&response->msgType, 0, 3); AddBytes(response, lmResponse, lmRespData, 24); AddBytes(response, ntResponse, ntRespData, 24); assert(strlen(domain) < 128); AddUnicodeString(response, uDomain, domain); assert(strlen(u) < 128); AddUnicodeString(response, uUser, u); assert(strlen(w) < 128); AddUnicodeString(response, uWks, w); AddString(response, sessionKey, NULL); if (flags != 0) challenge->flags = flags; /* Overide flags! */ response->flags = challenge->flags; if (w) free(w); if (d) free(d); if (u) free(u); } // info functions void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request) { fprintf(fp, "NTLM Request:\n"); fprintf(fp, " Ident = %s\n", request->ident); fprintf(fp, " mType = %d\n", IVAL(&request->msgType, 0)); fprintf(fp, " Flags = %08x\n", IVAL(&request->flags, 0)); fprintf(fp, " Host = %s\n", GetString(request, host)); fprintf(fp, " Domain = %s\n", GetString(request, domain)); } void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge) { fprintf(fp, "NTLM Challenge:\n"); fprintf(fp, " Ident = %s\n", challenge->ident); fprintf(fp, " mType = %d\n", IVAL(&challenge->msgType, 0)); fprintf(fp, " Domain = %s\n", GetUnicodeString(challenge, uDomain)); fprintf(fp, " Flags = %08x\n", IVAL(&challenge->flags, 0)); fprintf(fp, " Challenge = "); dumpRaw(fp, challenge->challengeData, 8); fprintf(fp, " Uncomplete!! parse optional parameters\n"); } void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { fprintf(fp, "NTLM Response:\n"); fprintf(fp, " Ident = %s\n", response->ident); fprintf(fp, " mType = %d\n", IVAL(&response->msgType, 0)); fprintf(fp, " LmResp = "); DumpBuffer(fp, response, lmResponse); fprintf(fp, " NTResp = "); DumpBuffer(fp, response, ntResponse); fprintf(fp, " Domain = %s\n", GetUnicodeString(response, uDomain)); fprintf(fp, " User = %s\n", GetUnicodeString(response, uUser)); fprintf(fp, " Wks = %s\n", GetUnicodeString(response, uWks)); fprintf(fp, " sKey = "); DumpBuffer(fp, response, sessionKey); fprintf(fp, " Flags = %08x\n", IVAL(&response->flags, 0)); } /* * base64.c -- base-64 conversion routines. * * For license terms, see the file COPYING in this directory. * * This base 64 encoding is defined in RFC2045 section 6.8, * "Base64 Content-Transfer-Encoding", but lines must not be broken in the * scheme used here. */ /* * This code borrowed from fetchmail sources */ static const char base64digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; #define BAD -1 static const char base64val[] = { BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 62, BAD, BAD, BAD, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, BAD, BAD, BAD, BAD, BAD, BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, BAD, BAD, BAD, BAD, BAD }; #define DECODE64(c) (isascii(c) ? base64val[c] : BAD) void to64frombits(unsigned char *out, const unsigned char *in, int inlen) /* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */ { for (; inlen >= 3; inlen -= 3) { *out++ = base64digits[in[0] >> 2]; *out++ = base64digits[((in[0] << 4) & 0x30) | (in[1] >> 4)]; *out++ = base64digits[((in[1] << 2) & 0x3c) | (in[2] >> 6)]; *out++ = base64digits[in[2] & 0x3f]; in += 3; } if (inlen > 0) { unsigned char fragment; *out++ = base64digits[in[0] >> 2]; fragment = (in[0] << 4) & 0x30; if (inlen > 1) fragment |= in[1] >> 4; *out++ = base64digits[fragment]; *out++ = (inlen < 2) ? '=' : base64digits[(in[1] << 2) & 0x3c]; *out++ = '='; } *out = '\0'; } int from64tobits(char *out, const char *in) /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ { int len = 0; register unsigned char digit1, digit2, digit3, digit4; if (in[0] == '+' && in[1] == ' ') in += 2; if (*in == '\r') return (0); do { digit1 = in[0]; if (DECODE64(digit1) == BAD) return (-1); digit2 = in[1]; if (DECODE64(digit2) == BAD) return (-1); digit3 = in[2]; if (digit3 != '=' && DECODE64(digit3) == BAD) return (-1); digit4 = in[3]; if (digit4 != '=' && DECODE64(digit4) == BAD) return (-1); in += 4; *out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4); ++len; if (digit3 != '=') { *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2); ++len; if (digit4 != '=') { *out++ = ((DECODE64(digit3) << 6) & 0xc0) | DECODE64(digit4); ++len; } } } while (*in && *in != '\r' && digit4 != '='); return (len); } /* base64.c ends here */ hydra-8.1/ntlm.h0000644000175000010010000001046612441064454012217 0ustar marcNone /* $Id$ Single file NTLM system to create and parse authentication messages. http://www.reversing.org ilo-- ilo@reversing.org I did copy&paste&modify several files to leave independent NTLM code that compile in cygwin/linux environment. Most of the code was ripped from Samba implementation so I left the Copying statement. Samba core code was left unmodified from 1.9 version. Also libntlm was ripped but rewrote, due to fixed and useless interface. Copyright and licensing information is in ntlm.c file. NTLM Interface, just two functions: void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); if flags is 0 minimun security level is selected, otherwise new value superseeds. host and domain are optional, they may be NULLed. void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host); Given a challenge, generates a response for that user/passwd/host/domain. flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication This is an usage sample: ... //beware of fixed sized buffer, asserts may fail, don't use long strings :) //Yes, I Know, year 2k6 and still with this shit.. unsigned char buf[4096]; unsigned char buf2[4096]; //send auth request: let the server send it's own hostname and domainname buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL); to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2)); send_to_server(buf); //receive challenge receive_from_server(buf); //build response with hostname and domainname from server buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL); to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2)); send_to_server(buf); //get reply and Check if ok ... included bonus!!: Base64 code int from64tobits(char *out, const char *in); void to64frombits(unsigned char *out, const unsigned char *in, int inlen); You don't need to read the rest of the file. */ /* * These structures are byte-order dependant, and should not * be manipulated except by the use of the routines provided */ typedef unsigned short uint16; typedef unsigned int uint32; typedef unsigned char uint8; typedef struct { uint16 len; uint16 maxlen; uint32 offset; } tSmbStrHeader; typedef struct { char ident[8]; uint32 msgType; uint32 flags; tSmbStrHeader host; tSmbStrHeader domain; uint8 buffer[1024]; uint32 bufIndex; } tSmbNtlmAuthRequest; typedef struct { char ident[8]; uint32 msgType; tSmbStrHeader uDomain; uint32 flags; uint8 challengeData[8]; uint8 reserved[8]; tSmbStrHeader emptyString; uint8 buffer[1024]; uint32 bufIndex; } tSmbNtlmAuthChallenge; typedef struct { char ident[8]; uint32 msgType; tSmbStrHeader lmResponse; tSmbStrHeader ntResponse; tSmbStrHeader uDomain; tSmbStrHeader uUser; tSmbStrHeader uWks; tSmbStrHeader sessionKey; uint32 flags; uint8 buffer[1024]; uint32 bufIndex; } tSmbNtlmAuthResponse; extern void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); /* reversing interface */ /* ntlm functions */ void BuildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); // if flags is 0 minimun security level is selected, otherwise new value superseeds. // host and domain are optional, they may be NULLed. void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domain, char *host); //Given a challenge, generates a response for that user/passwd/host/domain. //flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication /* Base64 code*/ int from64tobits(char *out, const char *in); void to64frombits(unsigned char *out, const unsigned char *in, int inlen); void xor(char *out, char *in1, char *in2, int n); // info functions void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); void strupper(char *s); #define SmbLength(ptr) (((ptr)->buffer - (uint8*)(ptr)) + (ptr)->bufIndex) hydra-8.1/performance.h0000644000175000010010000000277712441064454013554 0ustar marcNone#include #include #include #include #include #include #include /* handles select errors */ int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) { int ret_val; struct timeval stv; fd_set *fdr2, *fdw2, *fde2; do { fdr2 = fdread; fdw2 = fdwrite; fde2 = fdex; stv.tv_sec = sec; stv.tv_usec = usec; ret_val = select(fd, fdr2, fdw2, fde2, &stv); /* XXX select() sometimes returns errno=EINTR (signal found) */ } while (ret_val == -1 && errno == EINTR); return ret_val; } /*reads in a non-blocking way*/ ssize_t read_safe(int fd, void *buffer, size_t len) { int r = 0; int total = 0; int toread = len; fd_set fr; struct timeval tv; int ret = 0; (void)fcntl(fd, F_SETFL, O_NONBLOCK); do { FD_ZERO(&fr); FD_SET(fd, &fr); tv.tv_sec = 0; tv.tv_usec = 250000; ret = select(fd + 1, &fr, 0, 0, &tv); /* XXX select() sometimes return errno=EINTR (signal found) */ } while (ret == -1 && errno == EINTR); if (ret < 0) { if (debug) { perror("select"); printf("df:%d\n", fd); } return -1; } if (ret > 0) { while ((r = read(fd, (char*) ((char*)buffer + total), toread))) { if (r == -1) { if (errno == EAGAIN) break; return -1; } total += r; toread -= r; if (total == len) return len; if (r == 0) return 0; } } return total; } hydra-8.1/postgres_ext.h0000644000175000010010000000374512441064454013775 0ustar marcNone /*------------------------------------------------------------------------- * * postgres_ext.h * * This file contains declarations of things that are visible everywhere * in PostgreSQL *and* are visible to clients of frontend interface libraries. * For example, the Oid type is part of the API of libpq and other libraries. * * Declarations which are specific to a particular interface should * go in the header file for that interface (such as libpq-fe.h). This * file is only for fundamental Postgres declarations. * * User-written C functions don't count as "external to Postgres." * Those function much as local modifications to the backend itself, and * use header files that are otherwise internal to Postgres to interface * with the backend. * * $Id: postgres_ext.h,v 1.13 2003/08/27 00:33:34 petere Exp $ * *------------------------------------------------------------------------- */ #ifndef POSTGRES_EXT_H #define POSTGRES_EXT_H /* * Object ID is a fundamental type in Postgres. */ typedef unsigned int Oid; #ifdef __cplusplus #define InvalidOid (Oid(0)) #else #define InvalidOid ((Oid) 0) #endif #define OID_MAX UINT_MAX /* you will need to include to use the above #define */ /* * NAMEDATALEN is the max length for system identifiers (e.g. table names, * attribute names, function names, etc). It must be a multiple of * sizeof(int) (typically 4). * * NOTE that databases with different NAMEDATALEN's cannot interoperate! */ #define NAMEDATALEN 64 /* * Identifiers of error message fields. Kept here to keep common * between frontend and backend, and also to export them to libpq * applications. */ #define PG_DIAG_SEVERITY 'S' #define PG_DIAG_SQLSTATE 'C' #define PG_DIAG_MESSAGE_PRIMARY 'M' #define PG_DIAG_MESSAGE_DETAIL 'D' #define PG_DIAG_MESSAGE_HINT 'H' #define PG_DIAG_STATEMENT_POSITION 'P' #define PG_DIAG_CONTEXT 'W' #define PG_DIAG_SOURCE_FILE 'F' #define PG_DIAG_SOURCE_LINE 'L' #define PG_DIAG_SOURCE_FUNCTION 'R' #endif hydra-8.1/pw-inspector-logo.rc0000644000175000010010000000003312441064454014777 0ustar marcNone1 ICON "pw-inspector.ico" hydra-8.1/pw-inspector.10000644000175000010010000000300512441064454013577 0ustar marcNone.TH "PW-INSPECTOR" "1" "24/05/2012" .SH NAME pw-inspector \- A tool to reduce the password list .SH SYNOPSIS .B pw-inspector [\-i FILE] [\-o FILE] [\-m MINLEN] [\-M MAXLEN] [\-c MINSETS] \-l \-u \-n \-p \-s .br .SH DESCRIPTION PW-Inspector reads passwords in and prints those which meet the requirements. The return code is the number of valid passwords found, 0 if none was found. Use for security: check passwords, if 0 is returned, reject password choice. Use for hacking: trim your dictionary file to the pw requirements of the target. Usage only allowed for legal purposes. .SH OPTIONS .TP .B \-i FILE file to read passwords from (default: stdin) .TP .B \-o FILE file to write valid passwords to (default: stdout) .TP .B \-m MINLEN minimum length of a valid password .TP .B \-M MAXLEN maximum length of a valid password .TP .B \-c MINSETS the minimum number of sets required (default: all given) .TP .B \-h, \-\-help Show summary of options. .SH SETS .TP .B \-l lowcase characters (a,b,c,d, etc.) .TP .B \-u upcase characters (A,B,C,D, etc.) .TP .B \-n numbers (1,2,3,4, etc.) .TP .B \-p printable characters (which are not \-l/\-n/\-p, e.g. $,!,/,(,*, etc.) .TP .B \ -s special characters \- all others not withint the sets above .SH SEE ALSO .BR hydra (1), .BR xhydra (1). .br .SH AUTHOR hydra was written by van Hauser / THC and co-maintained by David Maciejak . .PP This manual page was written by Daniel Echeverry , for the Debian project (and may be used by others). hydra-8.1/pw-inspector.c0000644000175000010010000001106412441064454013665 0ustar marcNone#include #include #include #include #include #define PROGRAM "PW-Inspector" #define VERSION "v0.2" #define EMAIL "vh@thc.org" #define WEB "http://www.thc.org" #define MAXLENGTH 256 char *prg; void help() { printf("%s %s (c) 2005 by van Hauser / THC %s [%s]\n\n", PROGRAM, VERSION, EMAIL, WEB); printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -s\n\n", prg); printf("Options:\n"); printf(" -i FILE file to read passwords from (default: stdin)\n"); printf(" -o FILE file to write valid passwords to (default: stdout)\n"); printf(" -m MINLEN minimum length of a valid password\n"); printf(" -M MAXLEN maximum length of a valid password\n"); printf(" -c MINSETS the minimum number of sets required (default: all given)\n"); printf("Sets:\n"); printf(" -l lowcase characters (a,b,c,d, etc.)\n"); printf(" -u upcase characters (A,B,C,D, etc.)\n"); printf(" -n numbers (1,2,3,4, etc.)\n"); printf(" -p printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)\n"); printf(" -s special characters - all others not withint the sets above\n"); printf("\n%s reads passwords in and prints those which meet the requirements.\n", PROGRAM); printf("The return code is the number of valid passwords found, 0 if none was found.\n"); printf("Use for security: check passwords, if 0 is returned, reject password choice.\n"); printf("Use for hacking: trim your dictionary file to the pw requirements of the target.\n"); printf("Usage only allowed for legal purposes.\n"); exit(-1); } int main(int argc, char *argv[]) { int i, j, k; int sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0; int set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0; FILE *in = stdin, *out = stdout; char buf[MAXLENGTH + 1]; prg = argv[0]; if (argc < 2) help(); while ((i = getopt(argc, argv, "i:o:m:M:c:lunps")) >= 0) { switch (i) { case 'i': if ((in = fopen(optarg, "r")) == NULL) { fprintf(stderr, "Error: unable to open input file %s\n", optarg); exit(-1); } break; case 'o': if ((out = fopen(optarg, "w")) == NULL) { fprintf(stderr, "Error: unable to open output file %s\n", optarg); exit(-1); } break; case 'm': minlen = atoi(optarg); break; case 'M': maxlen = atoi(optarg); break; case 'c': countsets = atoi(optarg); break; case 'l': if (set_low == 0) { set_low = 1; sets++; } break; case 'u': if (set_up == 0) { set_up = 1; sets++; } break; case 'n': if (set_no == 0) { set_no = 1; sets++; } break; case 'p': if (set_print == 0) { set_print = 1; sets++; } break; case 's': if (set_other == 0) { set_other = 1; sets++; } break; default: help(); } } if (minlen > maxlen) { fprintf(stderr, "Error: -m MINLEN is greater than -M MAXLEN\n"); exit(-1); } if (countsets > sets) { fprintf(stderr, "Error: -c MINSETS is larger than the sets defined\n"); exit(-1); } if (countsets == 0) countsets = sets; while (fgets(buf, sizeof(buf), in) != NULL) { i = -1; if (buf[0] == 0) continue; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (strlen(buf) >= minlen && strlen(buf) <= maxlen) { i = 0; if (countsets > 0) { if (set_low) if (strpbrk(buf, "abcdefghijklmnopqrstuvwxyz") != NULL) i++; if (set_up) if (strpbrk(buf, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != NULL) i++; if (set_no) if (strpbrk(buf, "0123456789") != NULL) i++; if (set_print) { j = 0; for (k = 0; k < strlen(buf); k++) if (isprint((int) buf[k]) != 0 && isalnum((int) buf[k]) == 0) j = 1; if (j) i++; } if (set_other) { j = 0; for (k = 0; k < strlen(buf); k++) if (isprint((int) buf[k]) == 0 && isalnum((int) buf[k]) == 0) j = 1; if (j) i++; } } if (i >= countsets) { fprintf(out, "%s\n", buf); count++; } } /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, minlen, maxlen, strlen(buf)); */ } fclose(in); fclose(out); return count; } hydra-8.1/pw-inspector.ico0000644000175000010010000011227612441064454014224 0ustar marcNone`` (` 444 )))```|||%%%:::zzzBBB444bbb***fff!!!  ttt###'''YYYYYY))) """---dddsss AAAAAA___ aaaHHHNNNCCCUUU""" rrr ddd000JJJkkkwwwAAABBB```eeezzzbbb[[[LLL===TTTbbb|||... [[[777bbb"""(((888 uuunnn 000"""JJJ !!!kkkfff;;;WWW%%%ddd""";;;'''###666""",,,yyy ]]] """``` %%%ggg|||$$${{{```...///>>>))) ggg---ccc"""```III```aaa666 666 ___888YYY<<<```bbbAAA___666WWWPPP|||...aaa@@@BBB```ooo,,,AAA666!!!)))666|||888]]]JJJ,,,...666LLL,,,"""$$$hhh,,,!!!---===|||,,,%%%ddd$$$ ))) !!!'''ddd666,,,AAA...+++ """ !!!###jjj$$$444,,,uuu...sss !!!"""jjjZZZ,,,jjj777 !!!jjjFFF[[[WWW===PPP""" !!!jjj```ccc(((888eee+++$$$QQQ!!!jjjhhh```rrr+++vvv!!!jjj``` ...VVV((( jjj...```---+++LLL***222 jjjWWWrrrhhhhhhQQQ===YYY~~~zzz ???:::fffzzz DDD^^^JJJHHH((( WWW???UUUBBBooolllbbb,,,!!!>>>IIIuuu 777111&&&ccc xxx"""www nnnppp+++@@@HHH [[[666  JJJ!!!!!!!!!!!!!!!!!!!!!LLL"""###~~~777jjjQQQ]]]kkk:::ppp666666QQQhydra-8.1/rdp.h0000644000175000010010000004157612441064454012040 0ustar marcNone/* david: this file is based on header files from rdesktop project rdesktop: A Remote Desktop Protocol client. Master include file Copyright (C) Matthew Chapman 1999-2008 This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "hydra-mod.h" #include #include #include #ifdef _WIN32 #define WINVER 0x0400 #include #include #include #define DIR int #else #include #include #ifdef HAVE_SYS_SELECT_H #include #else #include #include #endif #endif #include /* PATH_MAX */ #ifdef HAVE_SYSEXITS_H #include #endif #include /* stat */ #include /* gettimeofday */ #include /* times */ //fixme /* The system could not log you on. Make sure your User name and domain are correct [FAILED] */ #define LOGON_MESSAGE_FAILED_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x05\x04\x06\x06\x05\x02\x04\x07\x06" #define LOGON_MESSAGE_FAILED_2K3 "\x00\x00\x01\x08\x02\x07\x03\x07\x04\x07\x05\x05\x01\x05\x04\x07\x03\x05" #define LOGON_MESSAGE_FAILED_2K8 "not needed" #define LOGON_MESSAGE_2K "\x00\x00\x01\x06\x02\x07\x04\x0a\x05\x08\x06\x0a\x01\x05\x07\x0a\x08\x0b\x05\x03\x09\x07\x01\x07\x0a\x07\x0b\x09\xff\x00\x1c" /* The local policy of this system does not permit you to logon interactively. [SUCCESS] */ #define LOGON_MESSAGE_NO_INTERACTIVE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x02\x06\x06\x07\x05\x04\x06\x08\x05" #define LOGON_MESSAGE_NO_INTERACTIVE_2K3 "??" /* Unable to log you on because your account has been locked out [FAILED] */ #define LOGON_MESSAGE_LOCKED_XP "\x00\x00\x01\x07\x02\x06\x03\x06\x04\x06\x05\x02\x07\x09\x08\x04\x04\x09" #define LOGON_MESSAGE_LOCKED_2K3 "??" /* Your account has been disabled. Please see your system administrator. [ERROR] */ /* Your account has expired. Please see your system administrator. [ERROR] */ #define LOGON_MESSAGE_DISABLED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x06\x05\x01\x05\x02\x06" #define LOGON_MESSAGE_DISABLED_2K3 "??" /* Your password has expired and must be changed. [SUCCESS] */ #define LOGON_MESSAGE_EXPIRED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x07\x06\x07\x05\x08\x05" #define LOGON_MESSAGE_EXPIRED_2K3 "??" /* You are required to change your password at first logon. [SUCCESS] */ #define LOGON_MESSAGE_MUST_CHANGE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x06\x06\x04\x05\x09\x06\x04\x07\x06" #define LOGON_MESSAGE_MUST_CHANGE_2K3 "??" /* The terminal server has exceeded the maximum number of allowed connections. [SUCCESS] */ #define LOGON_MESSAGE_MSTS_MAX_2K3 "\x00\x00\x01\x06\x02\x07\x01\x07\x05\x07\x24\x0a\x25\x0a\x0b\x07\x0b\x06\x26" #define DEBUG(args) { if (debug) {hydra_report(stderr, "[DEBUG] "); printf args; }} #define DEBUG_RDP5(args){ if (debug) {hydra_report(stderr, "[DEBUG] RDP5 "); printf args; }} #define STRNCPY(dst,src,n) { strncpy(dst,src,n-1); dst[n-1] = 0; } #ifndef MIN #define MIN(x,y) (((x) < (y)) ? (x) : (y)) #endif #ifndef MAX #define MAX(x,y) (((x) > (y)) ? (x) : (y)) #endif /* timeval macros */ #ifndef timerisset #define timerisset(tvp)\ ((tvp)->tv_sec || (tvp)->tv_usec) #endif #ifndef timercmp #define timercmp(tvp, uvp, cmp)\ ((tvp)->tv_sec cmp (uvp)->tv_sec ||\ (tvp)->tv_sec == (uvp)->tv_sec &&\ (tvp)->tv_usec cmp (uvp)->tv_usec) #endif #ifndef timerclear #define timerclear(tvp)\ ((tvp)->tv_sec = (tvp)->tv_usec = 0) #endif /* If configure does not define the endianess, try to find it out */ #if !defined(L_ENDIAN) && !defined(B_ENDIAN) #if __BYTE_ORDER == __LITTLE_ENDIAN #define L_ENDIAN #elif __BYTE_ORDER == __BIG_ENDIAN #define B_ENDIAN #else #error Unknown endianness. Edit rdp.h. #endif #endif /* B_ENDIAN, L_ENDIAN from configure */ /* No need for alignment on x86 and amd64 */ #if !defined(NEED_ALIGN) #if !(defined(__x86__) || defined(__x86_64__) || \ defined(__AMD64__) || defined(_M_IX86) || \ defined(__i386__)) #define NEED_ALIGN #endif #endif /* Parser state */ typedef struct stream { unsigned char *p; unsigned char *end; unsigned char *data; unsigned int size; /* Offsets of various headers */ unsigned char *iso_hdr; unsigned char *mcs_hdr; unsigned char *sec_hdr; unsigned char *rdp_hdr; unsigned char *channel_hdr; } *STREAM; #define s_push_layer(s,h,n) { (s)->h = (s)->p; (s)->p += n; } #define s_pop_layer(s,h) (s)->p = (s)->h; #define s_mark_end(s) (s)->end = (s)->p; #define s_check(s) ((s)->p <= (s)->end) #define s_check_rem(s,n) ((s)->p + n <= (s)->end) #define s_check_end(s) ((s)->p == (s)->end) #if defined(L_ENDIAN) && !defined(NEED_ALIGN) #define in_uint16_le(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } #define in_uint32_le(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } #define out_uint16_le(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } #define out_uint32_le(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } #else #define in_uint16_le(s,v) { v = *((s)->p++); v += *((s)->p++) << 8; } #define in_uint32_le(s,v) { in_uint16_le(s,v) \ v += *((s)->p++) << 16; v += *((s)->p++) << 24; } #define out_uint16_le(s,v) { *((s)->p++) = (v) & 0xff; *((s)->p++) = ((v) >> 8) & 0xff; } #define out_uint32_le(s,v) { out_uint16_le(s, (v) & 0xffff); out_uint16_le(s, ((v) >> 16) & 0xffff); } #endif #if defined(B_ENDIAN) && !defined(NEED_ALIGN) #define in_uint16_be(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } #define in_uint32_be(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } #define out_uint16_be(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } #define out_uint32_be(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } #define B_ENDIAN_PREFERRED #define in_uint16(s,v) in_uint16_be(s,v) #define in_uint32(s,v) in_uint32_be(s,v) #define out_uint16(s,v) out_uint16_be(s,v) #define out_uint32(s,v) out_uint32_be(s,v) #else #define in_uint16_be(s,v) { v = *((s)->p++); next_be(s,v); } #define in_uint32_be(s,v) { in_uint16_be(s,v); next_be(s,v); next_be(s,v); } #define out_uint16_be(s,v) { *((s)->p++) = ((v) >> 8) & 0xff; *((s)->p++) = (v) & 0xff; } #define out_uint32_be(s,v) { out_uint16_be(s, ((v) >> 16) & 0xffff); out_uint16_be(s, (v) & 0xffff); } #endif #ifndef B_ENDIAN_PREFERRED #define in_uint16(s,v) in_uint16_le(s,v) #define in_uint32(s,v) in_uint32_le(s,v) #define out_uint16(s,v) out_uint16_le(s,v) #define out_uint32(s,v) out_uint32_le(s,v) #endif #define in_uint8(s,v) v = *((s)->p++); #define in_uint8p(s,v,n) { v = (s)->p; (s)->p += n; } #define in_uint8a(s,v,n) { memcpy(v,(s)->p,n); (s)->p += n; } #define in_uint8s(s,n) (s)->p += n; #define out_uint8(s,v) *((s)->p++) = v; #define out_uint8p(s,v,n) { memcpy((s)->p,v,n); (s)->p += n; } #define out_uint8a(s,v,n) out_uint8p(s,v,n); #define out_uint8s(s,n) { memset((s)->p,0,n); (s)->p += n; } #define next_be(s,v) v = ((v) << 8) + *((s)->p++); typedef unsigned char uint8; typedef signed char sint8; typedef unsigned short uint16; typedef signed short sint16; typedef unsigned int uint32; typedef signed int sint32; typedef struct _BOUNDS { sint16 left; sint16 top; sint16 right; sint16 bottom; } BOUNDS; /* PSTCACHE */ typedef uint8 HASH_KEY[8]; #ifndef PATH_MAX #define PATH_MAX 256 #endif #define RDP_ORDER_STANDARD 0x01 #define RDP_ORDER_SECONDARY 0x02 #define RDP_ORDER_BOUNDS 0x04 #define RDP_ORDER_CHANGE 0x08 #define RDP_ORDER_DELTA 0x10 #define RDP_ORDER_LASTBOUNDS 0x20 #define RDP_ORDER_SMALL 0x40 #define RDP_ORDER_TINY 0x80 enum RDP_ORDER_TYPE { RDP_ORDER_DESTBLT = 0, RDP_ORDER_PATBLT = 1, RDP_ORDER_SCREENBLT = 2, RDP_ORDER_LINE = 9, RDP_ORDER_RECT = 10, RDP_ORDER_DESKSAVE = 11, RDP_ORDER_MEMBLT = 13, RDP_ORDER_TRIBLT = 14, RDP_ORDER_POLYGON = 20, RDP_ORDER_POLYGON2 = 21, RDP_ORDER_POLYLINE = 22, RDP_ORDER_ELLIPSE = 25, RDP_ORDER_ELLIPSE2 = 26, RDP_ORDER_TEXT2 = 27 }; enum RDP_SECONDARY_ORDER_TYPE { RDP_ORDER_RAW_BMPCACHE = 0, RDP_ORDER_COLCACHE = 1, RDP_ORDER_BMPCACHE = 2, RDP_ORDER_FONTCACHE = 3, RDP_ORDER_RAW_BMPCACHE2 = 4, RDP_ORDER_BMPCACHE2 = 5, RDP_ORDER_BRUSHCACHE = 7 }; typedef struct _RECT_ORDER { sint16 x; sint16 y; sint16 cx; sint16 cy; uint32 colour; } RECT_ORDER; typedef struct _DESKSAVE_ORDER { uint32 offset; sint16 left; sint16 top; sint16 right; sint16 bottom; uint8 action; } DESKSAVE_ORDER; typedef struct _MEMBLT_ORDER { uint8 colour_table; uint8 cache_id; sint16 x; sint16 y; sint16 cx; sint16 cy; uint8 opcode; sint16 srcx; sint16 srcy; uint16 cache_idx; } MEMBLT_ORDER; #define MAX_DATA 256 #define MAX_TEXT 256 typedef struct _TEXT2_ORDER { uint8 font; uint8 flags; uint8 opcode; uint8 mixmode; uint32 bgcolour; uint32 fgcolour; sint16 clipleft; sint16 cliptop; sint16 clipright; sint16 clipbottom; sint16 boxleft; sint16 boxtop; sint16 boxright; sint16 boxbottom; sint16 x; sint16 y; uint8 length; uint8 text[MAX_TEXT]; } TEXT2_ORDER; typedef struct _RDP_ORDER_STATE { uint8 order_type; BOUNDS bounds; RECT_ORDER rect; DESKSAVE_ORDER desksave; MEMBLT_ORDER memblt; TEXT2_ORDER text2; } RDP_ORDER_STATE; #define WINDOWS_CODEPAGE "UTF-16LE" /* ISO PDU codes */ enum ISO_PDU_CODE { ISO_PDU_CR = 0xE0, /* Connection Request */ ISO_PDU_CC = 0xD0, /* Connection Confirm */ ISO_PDU_DR = 0x80, /* Disconnect Request */ ISO_PDU_DT = 0xF0, /* Data */ ISO_PDU_ER = 0x70 /* Error */ }; /* MCS PDU codes */ enum MCS_PDU_TYPE { MCS_EDRQ = 1, /* Erect Domain Request */ MCS_DPUM = 8, /* Disconnect Provider Ultimatum */ MCS_AURQ = 10, /* Attach User Request */ MCS_AUCF = 11, /* Attach User Confirm */ MCS_CJRQ = 14, /* Channel Join Request */ MCS_CJCF = 15, /* Channel Join Confirm */ MCS_SDRQ = 25, /* Send Data Request */ MCS_SDIN = 26 /* Send Data Indication */ }; #define MCS_CONNECT_INITIAL 0x7f65 #define MCS_CONNECT_RESPONSE 0x7f66 #define BER_TAG_BOOLEAN 1 #define BER_TAG_INTEGER 2 #define BER_TAG_OCTET_STRING 4 #define BER_TAG_RESULT 10 #define MCS_TAG_DOMAIN_PARAMS 0x30 #define MCS_GLOBAL_CHANNEL 1003 #define MCS_USERCHANNEL_BASE 1001 /* RDP secure transport constants */ #define SEC_RANDOM_SIZE 32 #define SEC_MODULUS_SIZE 64 #define SEC_MAX_MODULUS_SIZE 256 #define SEC_PADDING_SIZE 8 #define SEC_EXPONENT_SIZE 4 #define SEC_CLIENT_RANDOM 0x0001 #define SEC_ENCRYPT 0x0008 #define SEC_LOGON_INFO 0x0040 #define SEC_LICENCE_NEG 0x0080 #define SEC_REDIRECT_ENCRYPT 0x0C00 #define SEC_TAG_SRV_INFO 0x0c01 #define SEC_TAG_SRV_CRYPT 0x0c02 #define SEC_TAG_SRV_CHANNELS 0x0c03 #define SEC_TAG_CLI_INFO 0xc001 #define SEC_TAG_CLI_CRYPT 0xc002 #define SEC_TAG_CLI_CHANNELS 0xc003 #define SEC_TAG_CLI_4 0xc004 #define SEC_TAG_PUBKEY 0x0006 #define SEC_TAG_KEYSIG 0x0008 #define SEC_RSA_MAGIC 0x31415352 /* RSA1 */ /* RDP PDU codes */ enum RDP_PDU_TYPE { RDP_PDU_DEMAND_ACTIVE = 1, RDP_PDU_CONFIRM_ACTIVE = 3, RDP_PDU_REDIRECT = 4, /* MS Server 2003 Session Redirect */ RDP_PDU_DEACTIVATE = 6, RDP_PDU_DATA = 7 }; enum RDP_DATA_PDU_TYPE { RDP_DATA_PDU_UPDATE = 2, RDP_DATA_PDU_CONTROL = 20, RDP_DATA_PDU_POINTER = 27, RDP_DATA_PDU_INPUT = 28, RDP_DATA_PDU_SYNCHRONISE = 31, RDP_DATA_PDU_BELL = 34, RDP_DATA_PDU_CLIENT_WINDOW_STATUS = 35, RDP_DATA_PDU_LOGON = 38, /* PDUTYPE2_SAVE_SESSION_INFO */ RDP_DATA_PDU_FONT2 = 39, RDP_DATA_PDU_KEYBOARD_INDICATORS = 41, RDP_DATA_PDU_DISCONNECT = 47 }; enum RDP_SAVE_SESSION_PDU_TYPE { INFOTYPE_LOGON = 0, INFOTYPE_LOGON_LONG = 1, INFOTYPE_LOGON_PLAINNOTIFY = 2, INFOTYPE_LOGON_EXTENDED_INF = 3 }; enum RDP_LOGON_INFO_EXTENDED_TYPE { LOGON_EX_AUTORECONNECTCOOKIE = 1, LOGON_EX_LOGONERRORS = 2 }; enum RDP_CONTROL_PDU_TYPE { RDP_CTL_REQUEST_CONTROL = 1, RDP_CTL_GRANT_CONTROL = 2, RDP_CTL_DETACH = 3, RDP_CTL_COOPERATE = 4 }; enum RDP_UPDATE_PDU_TYPE { RDP_UPDATE_ORDERS = 0, RDP_UPDATE_BITMAP = 1, RDP_UPDATE_PALETTE = 2, RDP_UPDATE_SYNCHRONIZE = 3 }; /* RDP bitmap cache (version 2) constants */ #define BMPCACHE2_C0_CELLS 0x78 #define BMPCACHE2_C1_CELLS 0x78 #define BMPCACHE2_C2_CELLS 0x150 #define BMPCACHE2_NUM_PSTCELLS 0x9f6 #define PDU_FLAG_FIRST 0x01 #define PDU_FLAG_LAST 0x02 /* RDP capabilities */ #define RDP_CAPSET_GENERAL 1 /* Maps to generalCapabilitySet in T.128 page 138 */ #define RDP_CAPLEN_GENERAL 0x18 #define OS_MAJOR_TYPE_UNIX 4 #define OS_MINOR_TYPE_XSERVER 7 #define RDP_CAPSET_BITMAP 2 #define RDP_CAPLEN_BITMAP 0x1C #define RDP_CAPSET_ORDER 3 #define RDP_CAPLEN_ORDER 0x58 #define RDP_CAPSET_BMPCACHE 4 #define RDP_CAPLEN_BMPCACHE 0x28 #define RDP_CAPSET_CONTROL 5 #define RDP_CAPLEN_CONTROL 0x0C #define RDP_CAPSET_ACTIVATE 7 #define RDP_CAPLEN_ACTIVATE 0x0C #define RDP_CAPSET_POINTER 8 #define RDP_CAPLEN_POINTER 0x08 #define RDP_CAPLEN_NEWPOINTER 0x0a #define RDP_CAPSET_SHARE 9 #define RDP_CAPLEN_SHARE 0x08 #define RDP_CAPSET_COLCACHE 10 #define RDP_CAPLEN_COLCACHE 0x08 #define RDP_CAPSET_BRUSHCACHE 15 #define RDP_CAPLEN_BRUSHCACHE 0x08 #define RDP_CAPSET_BMPCACHE2 19 #define RDP_CAPLEN_BMPCACHE2 0x28 #define RDP_SOURCE "MSTSC" /* Logon flags */ #define RDP_LOGON_AUTO 0x0008 #define RDP_LOGON_NORMAL 0x0033 #define RDP_LOGON_COMPRESSION 0x0080 /* mppc compression with 8kB histroy buffer */ #define RDP_LOGON_BLOB 0x0100 #define RDP_LOGON_COMPRESSION2 0x0200 /* rdp5 mppc compression with 64kB history buffer */ #define RDP_LOGON_LEAVE_AUDIO 0x2000 #define RDP5_DISABLE_NOTHING 0x00 #define RDP5_NO_WALLPAPER 0x01 #define RDP5_NO_FULLWINDOWDRAG 0x02 #define RDP5_NO_MENUANIMATIONS 0x04 #define RDP5_NO_THEMING 0x08 #define RDP5_NO_CURSOR_SHADOW 0x20 #define RDP5_NO_CURSORSETTINGS 0x40 /* disables cursor blinking */ /* compression types */ #define RDP_MPPC_BIG 0x01 #define RDP_MPPC_COMPRESSED 0x20 #define RDP_MPPC_RESET 0x40 #define RDP_MPPC_FLUSH 0x80 #define RDP_MPPC_DICT_SIZE 65536 #define RDP5_COMPRESSED 0x80 #ifndef _SSL_H #define _SSL_H #include #include #include #include #include #include #include #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) #define D2I_X509_CONST const #else #define D2I_X509_CONST #endif #define SSL_RC4 RC4_KEY #define SSL_SHA1 SHA_CTX #define SSL_MD5 MD5_CTX #define SSL_CERT X509 #define SSL_RKEY RSA #endif /* for win8 */ #define KBD_FLAG_DOWN 0x4000 #define KBD_FLAG_UP 0x8000 #define RDP_KEYRELEASE (KBD_FLAG_DOWN | KBD_FLAG_UP) #define FASTPATH_INPUT_KBDFLAGS_RELEASE 1 #define FASTPATH_INPUT_EVENT_SCANCODE 0 #define FASTPATH_INPUT_EVENT_MOUSE 1 #define RDP_INPUT_MOUSE 0x8001 #define RDP_INPUT_SCANCODE 4 /* iso.c */ STREAM iso_init(int length); void iso_send(STREAM s); STREAM iso_recv(uint8 * rdpver); BOOL iso_connect(char *server, char *username, BOOL reconnect); void iso_disconnect(void); void iso_reset_state(void); /* mcs.c */ STREAM mcs_init(int length); void mcs_send_to_channel(STREAM s, uint16 channel); void mcs_send(STREAM s); STREAM mcs_recv(uint16 * channel, uint8 * rdpver); BOOL mcs_connect(char *server, STREAM mcs_data, char *username, BOOL reconnect); void mcs_disconnect(void); void mcs_reset_state(void); /* orders.c */ void process_orders(STREAM s, uint16 num_orders); void reset_order_state(void); /* rdesktop.c */ void generate_random(uint8 * random); void *xmalloc(int size); void exit_if_null(void *ptr); char *xstrdup(const char *s); void *xrealloc(void *oldmem, size_t size); void error(char *format, ...); void warning(char *format, ...); void unimpl(char *format, ...); void hexdump(unsigned char *p, unsigned int len); /* rdp.c */ static void process_demand_active(STREAM s); static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason); /* secure.c */ void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt); void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2); void buf_out_uint32(uint8 * buffer, uint32 value); void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen); void sec_decrypt(uint8 * data, int length); STREAM sec_init(uint32 flags, int maxlen); void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel); void sec_send(STREAM s, uint32 flags); void sec_process_mcs_data(STREAM s); STREAM sec_recv(uint8 * rdpver); BOOL sec_connect(char *server, char *username, BOOL reconnect); void sec_disconnect(void); void sec_reset_state(void); /* tcp.c */ STREAM tcp_init(uint32 maxlen); void tcp_send(STREAM s); STREAM tcp_recv(STREAM s, uint32 length); BOOL tcp_connect(char *server); void tcp_disconnect(void); char *tcp_get_address(void); void tcp_reset_state(void); hydra-8.1/README0000644000175000010010000003741312441064454011755 0ustar marcNone H Y D R A (c) 2001-2014 by van Hauser / THC http://www.thc.org many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal Licensed under AGPLv3 (see LICENSE file) Please do not use in military or secret service organizations, or for illegal purposes. INTRODUCTION ------------ Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system. THIS TOOL IS FOR LEGAL PURPOSES ONLY! There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. However the module engine for new services is very easy so it won't take a long time until even more services are supported. Your help in writing, enhancing or fixing modules is highly appreciated!! :-) WHERE TO GET ------------ You can always find the newest release/production version of hydra at its project page at https://www.thc.org/thc-hydra If you are interested in the current development state, the public development repository is at Github: svn co https://github.com/vanhauser-thc/thc-hydra or git clone https://github.com/vanhauser-thc/thc-hydra.git Use the development version at your own risk. It contains new features and new bugs. Things might not work! HOW TO COMPILE -------------- To configure, compile and install hydra, just type: ./configure make make install If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from http://www.libssh.org, for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. If you use Ubuntu/Debian, this will install supplementary libraries needed for a few optional modules: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird2.1-dev libncp-dev This enables all optional modules and features with the exception of Oracle, SAP R/3 and the apple filing protocol - which you will need to download and install from the vendor's web sites. For all other Linux derivates and BSD based systems, use the system software installer and look for similar named libraries like in the comand above. In all other cases you have to download all source libraries and compile them manually. SUPPORTED PLATFORMS ------------------- All UNIX platforms (linux, *bsd, solaris, etc.) Mac OS/X Windows with Cygwin (both IPv4 and IPv6) Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) HOW TO USE ---------- If you just enter "hydra", you will see a short summary of the important options available. Type "./hydra -h" to see all available command line options. Note that NO login/password file is included. Generate them yourself. A default password list is hoever present, use "dpl4hydra.sh" to generate a list. For Linux users, a GTK gui is available, try "./xhydra" For the command line usage, the syntax is as follows: For attacking one target or a network, you can use the new "://" style: hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS The old mode can be used for these too, and additionally if you want to specify your targets from a text file, you *must* use this one: hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS Via the command line options you specify which logins to try, which passwords, if SSL should be used, how many parallel tasks to use for attacking, etc. PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, http-get or many others are available TARGET is the target you want to attack OPTIONS are optional values which are special per PROTOCOL module FIRST - select your target you have three options on how to specify the target you want to attack: 1. a single target on the command line: just put the IP or DNS address in 2. a network range on the command line: CIDR specification like "192.168.0.0/24" 3. a list of hosts in a text file: one line per entry (see below) SECOND - select your protocol Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. Use a port scanner to see which protocols are enabled on the target. THIRD - check if the module has optional parameters hydra -U PROTOCOL e.g. hydra -U smtp FOURTH - the destination port this is optional! if no port is supplied the default common port for the PROTOCOL is used. If you specify SSL to use ("-S" option), the SSL common port is used by default. If you use "://" notation, you must use "[" "]" brackets if you want to supply IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: hydra [some command line options] ftp://[192.168.0.0/24]/ hydra [some command line options] -6 smtp://[2001:db8::1]/NTLM Note that everything hydra does is IPv4 only! If you want to attack IPv6 addresses, you must add the "-6" command line option. All attacks are then IPv6 only! If you want to supply your targets via a text file, you can not use the :// notation but use the old style and just supply the protocol (and module options): hydra [some command line options] -M targets.txt ftp You can supply also port for each target entry by adding ":" after a target entry in the file, e.g.: foo.bar.com target.com:21 unusual.port.com:2121 default.used.here.com 127.0.0.1 127.0.0.1:2121 LOGINS AND PASSWORDS -------------------- You have many options on how to attack with logins and passwords With -l for login and -p for password you tell hydra that this is the only login and/or password to try. With -L for logins and -P for passwords you supply text files with entries. e.g.: hydra -l admin -p password ftp://localhost/ hydra -L default_logins.txt -p test ftp://localhost/ hydra -l admin -P common_passwords.txt ftp://localhost/ hydra -L logins.txt -P passwords.txt ftp://localhost/ Additionally, you can try passwords based on the login via the "-e" option. The "-e" option has three parameters: s - try the login as password n - try an empty password r - reverse the login and try it as password If you want to, e.g. try "try login as password and "empty password", you specify "-e sn" on the command line. But there are two more modes for trying passwords than -p/-P: You can use text file which where a login and password pair is seperated by a colon, e.g.: admin:password test:test foo:bar This is a common default account style listing, that is also generated by the dpl4hydra.sh default account file generator supplied with hydra. You use such a text file with the -C option - note that in this mode you can not use -l/-L/-p/-P options (-e nsr however you can). Example: hydra -C default_accounts.txt ftp://localhost/ And finally, there is a bruteforce mode with the -x option (which you can not use with -p/-P/-C): -x minimum_length:maximum_length:charset the charset definition is 'a' for lowercase letters, 'A' for uppercase letters, '1' for numbers and for anything else you supply it is their real representation. Examples: -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters -x 2:5:/ generate passwords from length 2 to 5 containing only slashes -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers Example: hydra -l ftp -x 3:3:a ftp://localhost/ SPECIAL OPTIONS FOR MODULES --------------------------- Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m commandline option, you can pass one option to a module. Many modules use this, a few require it! To see the special option of a module, type: hydra -U e.g. ./hydra -U http-post-form The special options can be passed via the -m parameter, as 3rd command line option or in the service://target/option format. Examples (they are all equal): ./hydra -l test -p test -m PLAIN 127.0.0.1 imap ./hydra -l test -p test 127.0.0.1 imap PLAIN ./hydra -l test -p test imap://127.0.0.1/PLAIN RESTORING AN ABORTED/CRASHED SESSION ------------------------------------ When hydra is aborted with Control-C, killed or crashs, it leavs a "hydra.restore" file behind which contains all necessary information to restore the session. This session file is written every 5 minutes. NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. from little indian to big indian, or from solaris to aix) HOW TO SCAN/CRACK OVER A PROXY ------------------------------ The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works just for the http/www service!). The following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" For all other services, use the HYDRA_PROXY variable to scan/crack via by default a web proxy's CONNECT call. It uses the same syntax. eg: HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port for example: HYDRA_PROXY=http://proxy.anonymizer.com:8000 If you require authentication for the proxy, use the HYDRA_PROXY_AUTH environment variable: HYDRA_PROXY_AUTH="the_login:the_password" ADDITIONAL HINTS ---------------- * sort your password files by likelihood and use the -u option to find passwords much faster! * uniq your dictionary files! this can save you a lot of time :-) cat words.txt | sort | uniq > dictionary.txt * if you know that the target is using a password policy (allowing users only to choose password with a minimum length of 6, containing a least one letter and one number, etc. use the tool pw-inspector which comes along with the hydra package to reduce the password list: cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt SPEED ----- through the parallizing feature, this password cracker tool can be very fast, however it depends on the protocol. The fastest are generally POP3 and FTP. Experiment with the task option (-t) to speed things up! The higher - the faster ;-) (but too high - and it disables the service) STATISTICS ---------- Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing 295 entries (294 tries invalid logins, 1 valid). Every test was run three times (only for "1 task" just once), and the average noted down. P A R A L L E L T A S K S SERVICE 1 4 8 16 32 50 64 100 128 ------- -------------------------------------------------------------------- telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 (*) Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with 128 tasks, running four times resulted in timings between 28 and 97 seconds! The reason for this is unknown... guesses per task (rounded up): 295 74 38 19 10 6 5 3 3 guesses possible per connect (depends on the server software and config): telnet 4 ftp 6 pop3 1 imap 3 BUGS & FEATURES --------------- Hydra: Email me or David if you find bugs or if you have written a new module. vh@thc.org (and put "antispam" in the subject line) David (dot) Maciejak @ gmail (dot) com You should use PGP to encrypt emails to vh@thc.org : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v3.3.3 (vh@thc.org) mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM 0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR 2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl 7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb /hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS +C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP 8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni 1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT zB3yrr+vYBT0uDWmxwPjiJs= =ytEf -----END PGP PUBLIC KEY BLOCK----- hydra-8.1/sasl.c0000644000175000010010000005263512441064454012206 0ustar marcNone#include "sasl.h" /* print_hex is used for debug it displays the string buf hexa values of size len */ int print_hex(unsigned char *buf, int len) { int i; int n; for (i = 0, n = 0; i < len; i++) { if (n > 7) { printf("\n"); n = 0; } printf("0x%02x, ", buf[i]); n++; } printf("\n"); return (0); } /* RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords code based on gsasl_saslprep from GSASL project */ int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { #if LIBIDN int rc; rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0); if (rc != STRINGPREP_OK) { *out = NULL; return -1; } #if defined HAVE_PR29_H if (pr29_8z(*out) != PR29_SUCCESS) { free(*out); *out = NULL; return -1; } #endif #else size_t i, inlen = strlen(in); for (i = 0; i < inlen; i++) { if (in[i] & 0x80) { *out = NULL; hydra_report(stderr, "Error: Can't convert UTF-8, you should install libidn\n"); return -1; } } *out = malloc(inlen + 1); if (!*out) { hydra_report(stderr, "Error: Can't allocate memory\n"); return -1; } strcpy(*out, in); #endif return 0; } /* RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism sasl_plain computes the plain authentication from strings login and password and stored the value in variable result the first parameter result must be able to hold at least 255 bytes! */ void sasl_plain(char *result, char *login, char *pass) { char *preplogin; char *preppasswd; int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { result = NULL; return; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { free(preplogin); result = NULL; return; } if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { strcpy(result, preplogin); strcpy(result + strlen(preplogin) + 1, preplogin); strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); } free(preplogin); free(preppasswd); } #ifdef LIBOPENSSL /* RFC 2195: IMAP/POP AUTHorize Extension for Simple Challenge/Response sasl_cram_md5 computes the cram-md5 authentication from password string and the challenge sent by the server, and stored the value in variable result the parameter result must be able to hold at least 100 bytes! */ void sasl_cram_md5(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char md5_raw[MD5_DIGEST_LENGTH]; MD5_CTX md5c; int i, rc; char *preppasswd; if (challenge == NULL) { result = NULL; return; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; return; } memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); if (strlen(preppasswd) >= 64) { MD5_Init(&md5c); MD5_Update(&md5c, preppasswd, strlen(preppasswd)); MD5_Final(md5_raw, &md5c); memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); } else { strcpy(ipad, preppasswd); // safe strcpy(opad, preppasswd); // safe } for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; opad[i] ^= 0x5c; } MD5_Init(&md5c); MD5_Update(&md5c, ipad, 64); MD5_Update(&md5c, challenge, strlen(challenge)); MD5_Final(md5_raw, &md5c); MD5_Init(&md5c); MD5_Update(&md5c, opad, 64); MD5_Update(&md5c, md5_raw, MD5_DIGEST_LENGTH); MD5_Final(md5_raw, &md5c); for (i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(result, "%02x", md5_raw[i]); result += 2; } free(preppasswd); } /* sasl_cram_sha1 computes the cram-sha1 authentication from password string and the challenge sent by the server, and stored the value in variable result the parameter result must be able to hold at least 100 bytes! */ void sasl_cram_sha1(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char sha1_raw[SHA_DIGEST_LENGTH]; SHA_CTX shac; int i, rc; char *preppasswd; if (challenge == NULL) { result = NULL; return; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; return; } memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); if (strlen(preppasswd) >= 64) { SHA1_Init(&shac); SHA1_Update(&shac, preppasswd, strlen(preppasswd)); SHA1_Final(sha1_raw, &shac); memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); } else { strcpy(ipad, preppasswd); // safe strcpy(opad, preppasswd); // safe } for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; opad[i] ^= 0x5c; } SHA1_Init(&shac); SHA1_Update(&shac, ipad, 64); SHA1_Update(&shac, challenge, strlen(challenge)); SHA1_Final(sha1_raw, &shac); SHA1_Init(&shac); SHA1_Update(&shac, opad, 64); SHA1_Update(&shac, sha1_raw, SHA_DIGEST_LENGTH); SHA1_Final(sha1_raw, &shac); for (i = 0; i < SHA_DIGEST_LENGTH; i++) { sprintf(result, "%02x", sha1_raw[i]); result += 2; } free(preppasswd); } /* sasl_cram_sha256 computes the cram-sha256 authentication from password string and the challenge sent by the server, and stored the value in variable result the parameter result must be able to hold at least 100 bytes! */ void sasl_cram_sha256(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; SHA256_CTX sha256c; int i, rc; char *preppasswd; if (challenge == NULL) { result = NULL; return; } memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; return; } if (strlen(preppasswd) >= 64) { SHA256_Init(&sha256c); SHA256_Update(&sha256c, preppasswd, strlen(preppasswd)); SHA256_Final(sha256_raw, &sha256c); memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); } else { strcpy(ipad, preppasswd); // safe strcpy(opad, preppasswd); // safe } for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; opad[i] ^= 0x5c; } SHA256_Init(&sha256c); SHA256_Update(&sha256c, ipad, 64); SHA256_Update(&sha256c, challenge, strlen(challenge)); SHA256_Final(sha256_raw, &sha256c); SHA256_Init(&sha256c); SHA256_Update(&sha256c, opad, 64); SHA256_Update(&sha256c, sha256_raw, SHA256_DIGEST_LENGTH); SHA256_Final(sha256_raw, &sha256c); for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { sprintf(result, "%02x", sha256_raw[i]); result += 2; } free(preppasswd); } /* RFC 2831: Using Digest Authentication as a SASL Mechanism the parameter result must be able to hold at least 500 bytes!! */ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header) { char *pbuffer = NULL; int array_size = 10; unsigned char response[MD5_DIGEST_LENGTH]; char *array[array_size]; char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; MD5_CTX md5c; char *preplogin; char *preppasswd; int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); memset(realm, 0, sizeof(realm)); if (rc) { result = NULL; return; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { free(preplogin); result = NULL; return; } //DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess //DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess //warning some not well configured xmpp server is sending no realm //DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess pbuffer = buffer; do { currentpos++; if (pbuffer[0] == '"') { if (intq == 0) intq = 1; else { intq = 0; } } if ((pbuffer[0] == ',') && (intq == 0)) { array[ind] = malloc(currentpos); strncpy(array[ind], buffer + lastpos, currentpos - 1); array[ind][currentpos - 1] = '\0'; ind++; lastpos += currentpos; currentpos = 0; } pbuffer++; } while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); //save the latest one if (ind < array_size) { array[ind] = malloc(currentpos + 1); strncpy(array[ind], buffer + lastpos, currentpos); array[ind][currentpos] = '\0'; ind++; } for (i = 0; i < ind; i++) { //removing space chars between comma separated value if any while ((array[i] != NULL) && (array[i][0] == ' ')) { char *tmp = strdup(array[i]); memset(array[i], 0, sizeof(array[i])); strcpy(array[i], tmp + 1); free(tmp); } if (strstr(array[i], "nonce=") != NULL) { //check if it contains double-quote if (strstr(array[i], "\"") != NULL) { //assume last char is also a double-quote int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len); nonce[nonce_string_len] = '\0'; } else { int j; for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); result = NULL; return; } } else { strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); nonce[sizeof(nonce) - 1] = '\0'; } } if (strstr(array[i], "realm=") != NULL) { if (strstr(array[i], "\"") != NULL) { //assume last char is also a double-quote int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len); realm[realm_string_len] = '\0'; } else { int i; for (i = 0; i < ind; i++) if (array[i] != NULL) free(array[i]); hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); result = NULL; return; } } else { strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); realm[sizeof(realm) - 1] = '\0'; } } if (strstr(array[i], "qop=") != NULL) { /* The value "auth" indicates authentication; the value "auth-int" indicates authentication with integrity protection; the value "auth-conf" indicates authentication with integrity protection and encryption. */ auth_find = 1; if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { int j; for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); result = NULL; return; } } if (strstr(array[i], "algorithm=") != NULL) { if (strstr(array[i], "\"") != NULL) { //assume last char is also a double-quote int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len); algo[algo_string_len] = '\0'; } else { int j; for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); result = NULL; return; } } else { strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); algo[sizeof(algo) - 1] = '\0'; } if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) { int j; for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); result = NULL; return; } } free(array[i]); array[i] = NULL; } if (!strlen(algo)) { //assuming by default algo is MD5 memset(algo, 0, sizeof(algo)); strcpy(algo, "MD5"); } //xmpp case, some xmpp server is not sending the realm so we have to set it up if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) snprintf(realm, sizeof(realm), "%s", miscptr); //compute ha1 //support for algo = MD5 snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); //for MD5-sess if (strstr(algo, "5-sess") != NULL) { buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*! /* per RFC 2617 Errata ID 1649 */ if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { memset(buffer3, 0, sizeof(buffer3)); pbuffer = buffer3; for (i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); } else { memcpy(buffer, response, sizeof(response)); sprintf(buffer + sizeof(response), ":%s:%s", nonce, "hydra"); } MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); } memset(buffer3, 0, sizeof(buffer3)); pbuffer = buffer3; for (i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } //compute ha2 //proxy case if (strstr(type, "proxy") != NULL) sprintf(buffer, "%s:%s", "HEAD", miscptr); else //http case if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) sprintf(buffer, "%s:%s", type, miscptr); else //sip case if (strstr(type, "sip") != NULL) sprintf(buffer, "REGISTER:%s:%s", type, miscptr); else //others sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); pbuffer = buffer2; for (i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } //compute response if (!auth_find) snprintf(buffer, 500, "%s:%s", nonce, buffer2); else snprintf(buffer, 500, "%s:%s:%s:%s:%s", nonce, "00000001", "hydra", "auth", buffer2); MD5_Init(&md5c); MD5_Update(&md5c, buffer3, strlen(buffer3)); MD5_Update(&md5c, ":", 1); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); pbuffer = buffer; for (i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } //create the auth response if (strstr(type, "proxy") != NULL) { snprintf(result, 500, "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); } else { if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, nonce, algo, type, realm, buffer); } else { if (strstr(type, "sip") != NULL) { snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); } else { if (use_proxy == 1 && proxy_authentication != NULL) snprintf(result, 500, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); else { if (use_proxy == 1) snprintf(result, 500, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); else snprintf(result, 500, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); } } } } free(preplogin); free(preppasswd); } /* RFC 5802: Salted Challenge Response Authentication Mechanism Note: SCRAM is a client-first SASL mechanism I want to thx Simon Josefsson for his public server test, and my girlfriend that let me work on that 2 whole nights ;) clientfirstmessagebare must be at least 500 bytes in size! */ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { int saltlen = 0; int iter = 4096; char *salt, *nonce, *ic; unsigned int resultlen = 0; char clientfinalmessagewithoutproof[200]; char buffer[500]; unsigned char SaltedPassword[SHA_DIGEST_LENGTH]; unsigned char ClientKey[SHA_DIGEST_LENGTH]; unsigned char StoredKey[SHA_DIGEST_LENGTH]; unsigned char ClientSignature[SHA_DIGEST_LENGTH]; char AuthMessage[1024]; char ClientProof[SHA_DIGEST_LENGTH]; unsigned char clientproof_b64[50]; char *preppasswd; int rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; return; } /*client-final-message */ if (debug) hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); //r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 if (strstr(serverfirstmessage, "r=") == NULL) { hydra_report(stderr, "Error: Can't understand server message\n"); free(preppasswd); result = NULL; return; } strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); buffer[sizeof(buffer) - 1] = '\0'; nonce = strtok(buffer, ","); //continue to search from the previous successful call salt = strtok(NULL, ","); ic = strtok(NULL, ","); iter = atoi(ic + 2); if (iter == 0) { hydra_report(stderr, "Error: Can't understand server response\n"); free(preppasswd); result = NULL; return; } if ((nonce != NULL) && (strlen(nonce) > 2)) snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); else { hydra_report(stderr, "Error: Could not identify server nonce value\n"); free(preppasswd); result = NULL; return; } if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) //s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= strcpy(buffer, salt + 2); else { hydra_report(stderr, "Error: Could not identify server salt value\n"); free(preppasswd); result = NULL; return; } /* SaltedPassword := Hi(Normalize(password), salt, i) */ saltlen = from64tobits((char *) salt, buffer); if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); free(preppasswd); result = NULL; return; } /* ClientKey := HMAC(SaltedPassword, "Client Key") */ #define CLIENT_KEY "Client Key" HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); /* StoredKey := H(ClientKey) */ SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); /* ClientSignature := HMAC(StoredKey, AuthMessage) */ snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); /* ClientProof := ClientKey XOR ClientSignature */ xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); if (debug) hydra_report(stderr, "DEBUG C: %s\n", result); free(preppasswd); } #endif hydra-8.1/sasl.h0000644000175000010010000000242112441064454012177 0ustar marcNone #include #include #include "ntlm.h" #include "hydra-mod.h" #define AUTH_ERROR -1 #define AUTH_CLEAR 0 #define AUTH_APOP 1 #define AUTH_LOGIN 2 #define AUTH_PLAIN 3 #define AUTH_CRAMMD5 4 #define AUTH_CRAMSHA1 5 #define AUTH_CRAMSHA256 6 #define AUTH_DIGESTMD5 7 #define AUTH_SCRAMSHA1 8 #define AUTH_NTLM 9 #define AUTH_NTLMv2 10 #define AUTH_BASIC 11 #define AUTH_LM 12 #define AUTH_LMv2 13 #if LIBIDN #include #if defined HAVE_PR29_H #include #endif #endif typedef enum { SASL_ALLOW_UNASSIGNED = 1 } sasl_saslprep_flags; int print_hex(unsigned char *buf, int len); void sasl_plain(char *result, char *login, char *pass); int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #ifdef LIBOPENSSL #include #include #include void sasl_cram_md5(char *result, char *pass, char *challenge); void sasl_cram_sha1(char *result, char *pass, char *challenge); void sasl_cram_sha256(char *result, char *pass, char *challenge); void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header); void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); #endif hydra-8.1/TODO0000644000175000010010000000171712441064454011563 0ustar marcNone Prio 1: * hydra-smb more than 1 connection? * add help hints? * test teamspeak, icq * check all modules to ensure no check is lost because of a timeout, buf == NULL etc. * optimize smtp module * optimize ssl performance * add snmpv3 privacy support * http: option to specify an url for testing if the login was right or wrong * does hydra-oracle work with service names? (often SIDs do not work anymore) Prio 2: * add support for IPv6 Link Local Addresses like fe80::1%eth0 for Solaris and *BSD * add crack info when key is pressed * hydra-smb support NTLMv2 (when its fixed) * support for 802.1x EAP via libpcap * TN3270, and TN3270 user enumeration * Support nmap -o and -oM output files Prio 3: * Specify user-agent for http-form module as extra optional option * IPv6 support for sip * add RIP, OSPF, BGP, PIM * add diameter support * round robin proxy support ? * add tn5250 support * Add Sybase support, using freetds lib (can be used for ms-sql) * Add Informix ? hydra-8.1/xhydra.10000644000175000010010000000214012441064454012443 0ustar marcNone.TH "XHYDRA" "1" "02/02/2012" .SH NAME xhydra \- Gtk+2 frontend for thc-hydra .SH SYNOPSIS Execute xhydra in a terminal to start the application. .SH DESCRIPTION Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. This tool gives researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system. Currently this tool supports: AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, PCNFS, POP3, POSTGRES, RDP, REXEC, SAP/R3, SMB, SMTP, SNMP, SOCKS5, SSH(v1 and v2), Subversion, Teamspeak (TS2), TELNET, VMware-Auth, VNC and XMPP. .SH SEE ALSO .BR hydra (1), .BR pw-inspector (1). .br .SH AUTHOR hydra was written by van Hauser .PP This manual page was written by Daniel Echeverry , for the Debian project (and may be used by others). hydra-8.1/xhydra.jpg0000644000175000010010000022623212441064454013075 0ustar marcNoneJFIF``ExifMM*2bvQQ Q i~2010:02:10 18:25:25*UNICODECreated with GIMPC      C  " }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?((((((((((((((((/7ʗ$3hu.~,SX!R^U-Ƚe Y?˻7&u=92@*J n,*^&-~=ЭRĭ^HdTW$jMtGΰl] VmEy$o%zg/׌xX𥎯wsw,1a1UOþt27L%QDETQEQEc|mt`F`vv/qx6,#`.?`6?~j6#Zyo)Hѣ ,VX~&­c+\S<2-Ͽ<<6Ev>G8a=1$s>7~_? Ɵ>!x[;|<5k(@D@A;! y=ُ* ou[h a j,UCK#1uڿw WՑgCnqM0ybp^,*[I⧁SI$ed`*P((((((((((((((((((((((((+οkk߱^*A>6s J G v$#Rp$=+;wٿCuj mtNn np-LM g8.r-Yc?%j|vxź5e{|BIXBIT9$^w_?|3G&mQɾ]`w8oo߇:413,J=}Gz x?7WVtYƠie޽JPYͼ#U8xeWvSTW̟"K~П HQW /'k3,qf9#?6|Kc/Oo_:7N~_%?=k?+'t??_ vԵ}>?6᳜q<ڏ'ÿ i2X~߫vౖ9 y< 9q5z#VEQۿMş]q ,7Y$ĥ3|%s ᥵嬲GNa̜,p vyxůG틩Xⷊmikp+i2[ەFmr8z5&s~.h|py6j/$rύ?r$@8Hax ~j,.nGā׫xV | HD~I?Jğ uۣO/E[Ik;ϳ- s1ڬUbfvm( QnY>2qTkU]F:w?y?ضPVh> ֭Z_3#,EK ኝ賂\aҊ|m7Et{H-cb@PVy'`QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEWp餻Դf@kK> #$3uck+ McSJtɦk>?3W{rȊDUeGiy xS\<[]MxڄqpwMq|nC^).U]=&AwE<߰?{}qg, H'$}+]8m{R+H5xWN_wf|&4¦+]_m=420o̟^E[#Lggدbo,:m@mh6vaP?٫V)l|lmz&߫c#bL:pV8_|WOtޱ=~e%/%;HFF2s Ԩ[xw %6`x?ZCY1@?N@P3_7ߊD_o,- r ⽣'> [$smj=aG\g"_nJ!#;[Ok}u>ۇsj?sS]~k/ )[Km?\dmϤpn\0tr!!I*> NEx.^ 7: jW΀OpY@II4."1M2IQEŠG?>x_vu1Y ixy[¶T>࡟ o(RjS.m ,Dl]f^h(Vkv76W,H$xWF AjAEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEP?Vh:/D'<S¢ELyEܱY7:\a/#Doo ~m f['Mx-XYىfv%$Iا _-WX]wYes5ufh@'_ZOlY\ֵՌfdT #!#hX;[*8E{Dm#uϱPǧYq<*\xEo=AkI P?Q^{R$m]m^-{H?i?'y6Ǎ#NL ui *Ie aGⷃ`o;ACoIb7&$LG--,~򤣦y_HxV>+u60ʗ6,H2: +'?è}uxR\4dU;YU!qF.6<)^/$)=i7' s g+I_jt nD1k X~~:_ 5?W7smM.)}o$Ťe Fۈx<(oa_߷~(Eu|bhj}T|s:Y Ur2^Akc)g hrF g^Mu 7#^@aY`|gٝ$xTҷ ڢR;pt11JwOk2O8i\^gv72hG>^Iӭ^IKk[Xiv ${7\Ckc6uv7S|?bI4b%^!|skKMK#td{ C #1qGϰoN-9k?\5 ^2zo[6^_O-xm|{Z 0AFgo,ZbYB_nࣺg/χ5 -_^TVR,1[ shGbˬ`n%_ EgI__uQȱ*(q_4?~ ˫x+Re8 J 4rn߈5Us!+)`9w?^Y#W *Cq4z>cg'#ʷFGDψO' ѕ~˚~?YtI<;kJ&_݁1'?75`g|}_Y7Y!N-tEړe*O >S+ʭ&&ɮ1ƫHX *:=h-?o엫%}RɯuS2khXfN$^z wm?o?Quh7iY|laH"dbggo,n;]g J1ߖ۫֋%f7ͱtMvoS~@w:EaI.#< CzZtM- |¿}ۋ)Z<KLJO2j_s~U&]9ʒyOs?:O [ 7aX>(ޫcR%VBUB\!f +[8=U9+4}KMV.h,,j=q>֢e;qmZugA%wG,N\8 0x ՍH[xM_U'AYzJzW$w=?(o#aiT|;hWKvو!'ɑ~bH%`A%qO ,[K[=ƚ|8IVD6^79:^'^Y~4~_k 77W-&1Tm f{IC5f4V݄yk`2 ##9uoUnIz=ϚSǼkM_oKGzjQZ>((((((((((((((((u?_3x q'TlnV3$qNm%HbH/7=x'ľw,rK7gkKDEJZ# r+ɗr~lK??όOxv[uiޯ²Xs<-0xK]Q}3_5lr|$|xׁu)&Դ B{41Oi(]NҹPG5jE>9| jv[iwrZ$q$h+CxI  }1i=J̀x>ԕ\ ߰vj^omt>_26iEENZ}dZ:Ii Q]%ehdS¥R {>գh >.7qɵ"/'Bǿ<<`MҢa"h<~C\x}nGZw V91jչb?Wc~Wm P?z?{kABi 5.aT~{nhN޵TB5@??N|7Xn$HR'sn+' 1$c@5W~u N6ld =wPr+ㅜEVV_?S8aՌZ&KsjG}N %q-P.8+g 7Vӡ5SÞ}KOu7u-DC G~H$rnKmcx$| A_aVx4WE'Ef?pZm?Z?|;.O.4d)laG?/+Bs8+[k#Q 3&Z?TSuj^π><|arۨa%HAy! nTpZST]]/Z6n%ẙCh-rܿ/+ Cl:|B⸆mۭ2yUpo򼵅URUQ*JO}ӊ\^[ߢ'6럵wk5_K7Jue[-\lKHme .&8 gGht[ :n˝2y \2Jأ 1sg<3Lְc+tYg?Y7I$]c|; wP4=]CPEHdY𨨬ĞEYYǏ.½OBLhyqp}*Ə5/SKM~|}+=@hYjZ-"+yaG@̫!Y3_rxw mx;Sj~#oV=2gEb(\s\ನS*E$~v]5_/jb:qީ%u{}cOxy_pWRgZ[y1"Np#ជa[}ZFYT`bU+lc(?OxZsNcx]Fmhy|x**٦dz[aᆔ]5'-/7OWt:FHF׾0xwß4/j g~ՊM}' Ath7Z߆a4E4rd?K*x|VJ/[nm.[N\R|7e/j> \iWp QU? ~7X5  aUŌo +&MB X,3@v-tp9Ѭ=;3잖5Sݜ]ۛDR-J'y~OZ3N2x+v!~zϊ3qozX%h}Ȭ91#gq>|KY+(((((((((zݟtkKR>b$R#Ā$oGsMC^.\\-J2$Bԓu_[R0?ΟcY_GGE2_ +\-a']ß;y=w|]an鏥s]/2+gaOMtce,+貊٧tVwċ|3jRҒF]ۏ364B$=_;BIWu|?ۋ>#x(p025&7x?o|e}/ƹ?EoTγt́{45}>h-o"Y62# g :Yi}{׭!,nXPl*S")q#U9f~ym*[fVS1+0߽MI7I~{/oTSۻ ob85&¾.ɇVLGDsJ 8!.O$q_|L luf-!P=99\@a`q8͚fǗ"@8ϱ*fUӳ>C>%ͪEx8{.S~v_$DAk7obK ~B1.ģb27_ u΢gg.+kD4|ɣ+ΥIy^+m; $7u&/6gg,_} W}.xx𶙠 {̼yglBp;^\>=ትkN뤷>a^~#VqpQ|3__+#ѐO:g}n+4nuaG X:W;x: n +#*\˗Ԍ 'W<7_(?w}K3D <m4o#ttntǐO*F@ jŏu?;]B^{k3E<-NT']'>|B>\Y6^*.^v,̸ `p@$e)s{4<”c(+uO;o#'?3rh7V}"xVvmL{We|`'uRۗAl,B-~ao].DԵBEum[R#(갠Q{ 3WW~(54%2>?wexϮf2ֿ=OoSKQ7i<}j?!. ? [K-;^i$q xO |jgӚ~Kj ]7UIjVOfEs+㌕"ogV]7UWƏZ?3Gk #}aZgY.L|,gw X_OO mKXZ]!_z4\koN٧ A}JkeZx6Cg_[ U'~ޝ?~?>o b-|yWe[xPI{ټK-s4RUr# *ܴ ;0RçT/ŏ,>|-iφu /&}ڶnJ Sčv"0"nh#Qx^g¿qi7#F@] 'k? |x^2xP/)2k4%[Nmn8 Q}\4~L~ȿ?3PaֳmY{H$F+jI7#[i7֮N PH:D?7"ҦHH23_$3Ĝiq! ;^}>۱ N q YbyyU\SVecr2\6cS2O&Uբ/ʍ(= 1WQWrvN7~&`h{ېMմ.]ilQCH?}kgv jIJU6-uHqqsWFrePpE~!Ι3 5e#³b?"|[O`k̰4=4(YQE׭=Y9BMߦG_oƖ'h4[/墴j1yn,Hɒ7DH!G|9~'<>2SЗU}֚2DIcދA]Ȭ0ʆ~ʉκFmd'X"! 1rھeM>m&;3pGz,>g23Se[~oK3 ka/ Z x&_^ZU$G_}QL't/$MkEMVgypaޏug(h(((((((_doxGTX~&T)搪 W__3(XIrNrLX@HTv8Uf߶-'e7<A[<"i,$0?#VORK+ֵ}lMck8sʎ$b<3XZS)#(˲.6Mmӓ[dZ,p|]}4j fGʹҾTW"wh+~\7>]cy]īo[ ʺ:q;[ SZ-x\>*3]|dԆ ŞsyDI=vid*:D_#c5 D4yblffkRp0gq*?۽3)ܬ|v<ʓ>5S mbrU+.'g e!A)kट-mD4,5Y8Y؛w1''glXm|3W!q I/ʮap"˜.y1J;yᦥzjK?&WXl٪KKᛑMҾ Vg@A"&$OJ??ઞu!xw~"2=\^+w; #Ua;e%-_[R~[ŎCWѳ妤9)Y(rq~iO~&6k㨬†!pZ*[ mxe;S9}p}  ߝCSpv3n7Z{eV DR#e NWZu>uMڟ|y^m{A1m{;6a̱^@a"?)xm-~C[}htlmbYc &R?O$:ћ>PagW3mwއߴGi"ĺOt*8~&~"R7=uOx[6}S{Q軉 =? 4l-.mkQ>}I41«LSl"c'8V{=_PhWNGrQ A7iz_?FO+ڵ_DH|92h]TGewTˆ?GI/_o j,Z]׎Oe_Ξɯڮ33Mǩi'-_Vڃ'>m⿉6灼R7ׅG$ɍv#ǻ{HtwQ{Ͼ+0)j_>3L ^~W̭M}.OD9Ծ0;~cCꪫ+cƷgzWķf|d$?];å%ҭu?_I~F ߵ]o/«ok iv*TļU۫࿂~,|;xd~ nֿ-nNlg!o"GiM~}~h~O~ʟ~%kK|GiᖻN8ywXPE}4QY%%g/?n_2Xtϋ?ofc??|ע$|Emi$d=2jHfďxnI ODvZgmJsg0<F9'L?G_5xb\Oc\|gqkA1;3ֺV'6~_$h?kĖ w&ZiXJdvgPBʷ^Zǟ34x׼T4Á*1?xisRޫ{kI}u.E*gVޏ~uo!mxVV_h=c!k?aÚU֖Oua+S|1[15/=&M_VԞ$M#uf<0<X ?QOַQ7jXgEaSkBu{A+(WP?PuO xF-55#Gs0hbDVf+ʲ8l+l6WWTRNv/7dgD9giz\]Z$zs!;R@(*#[/g _7sk^3 <}"X3#FHHRXl0#M.m x]f#A۸(8@O+84Fݞi 潚v^~O K(Mĺ6w:^#R.w0${cFH::#Gҿ*O/1G7jؚH n$DkʸMɭxNUJ['ݯ Ǵv?{/cm$impc?8 Lo۷^.C|Eu%ݟ\GxKX̱ ` i#aAÐ|+f/y.>èL #"6`q^ÿ{ol0rGC_EW4õ1'AI7o>^moź_Yz^oݝ52(t7RUє #_i'ݬ~>4..4^&<:pGWo585O0Ʃbf5}efStUhYFV݇|O%vz]W %3#;v ?JI%vpթ.HSJPN̙1szܖ/_?W|#S|s]7@ɾO+QQ>.AC?(SS`_e|o |XUkqwh+V IYhzWVYȻYX2a+Ғv[d9Y5OIkGc(=h(>&r>yu^5^o#9Y5dV2dU a4M9D,>J]aOٿD >[BG#Ҽ_4ۏvJefǪ1p9Y}si\Y[9YA·@\@~ũI'J>;O5QܲJ5i⽋? /_q{x׍gW,׉Aז>NbHg MF*GX4]_-ſGy7K̑vz/x/Kti7ۡg 8frp0\csEQrj76{Y:XlP\br]6g~߳?x#^UW.s8k+UP:*eǎ+Gח_*>SqhO2JU?Z^g`qs5Ooj~"ّTd~ȚlWVLOoulV؄gOL_@٫O? >֥jZjLE(J]WD{>i?nd[ѣeab[OvFF 'RSV4OB4*ӻvVMo־Ɵǎ/}XH4t?}NݷB gacdOᯣ੟m~+>#~<;E1e?%aTXؙ?yH߃W0rVrݗEVݟmXޢ-K+dGㆲ4_Z0<~<5<%>3VogwɥuG #4Ou %kl'V6vk5nGw7$Y\tnnr֋V으O)o] <@k6cTdt711oy(fK_L}F=_ =ᧇ&Oiv:;|?}{kM?X(.mde±F _3PduMRE_ب `[F3'ḳ)28S_sZE~mr^|{+YѤn>d%~f؟& /^AesY-|7UدTy@?)|Q>s ռϗpY00_ ~x^^|;na#[hM$l6n^F(_i7zuEVUXwV:-yUwp(F+{h5 wG~=2΍;uc7\a_пC]nşI>hQV)&708~)pх+mF3-bWc}Z~#^|D3څI,[* OA#$^8ggR |'.=|'{kڇ#-M9e% Ĩ 1O^9@b:+ !xZY'K|~c${IEJI;޻[4]ȕita7m_j/tCwD¿|42~%e_ 韵Oemt[Tl-_#En4}zK0g Ea7B@$WxW $)ǵoVy/Rյ{[Mտo||9k>7bǢGl.>s& .S1]@+w| 8hw4Mg[(E7I#%H A7~MK[;id}d9޿)7C}/M-m \1P< 2vH Wp~(fy%*uɤZ/P];? 9Y4:Y#]uayM_R0pk߉4xwO4=SImgEȤ)  k>~*-y/+ukJU4Q"a9 G&! ?ѧK_/὇k ڪMhYLܺƱ@b"V9id{YF1hGvt>+3 ( ( ( ? c=oS %,AiX+7^a/ E,eVh~Iw&a/o')AU*O <jaZCH$2ɽJ\"vsZR*On(XGJݗY>?~)mw=j;h L.Am]G zt~5?‘EyڳbWJEUW-+'*?m٭6u_O%1V8>dzeWO <7_?:^uk 5HW"!bIfFQ=_V~# NMkֹ\]Gkc!=I8 LU2UFI'+/SmεIK{Zyn'n6"$ gO?RIVYðJ?/P08Op |qFu,4/U۩|AʞOFԓI;Z).u~{G_;OZͬ#lLj |sUy5h 4L0Q?Do~Ϳ K~С#OcYU>_i" լu&s-1]IV\sqlv2Xp]yo'ݾ|s|wׅ~^կ|ZZŖn& W4bBA]p3ퟳ3^? nWkȾm޻l>+?%ğ.#f]7I;cUs !N L7fT#k~ymR,':q| 6HگQ^ yk˕|9n7r(Wf2;V/vrw%//gmBؼ$}ڼॢ{VԤVt/; yB5}iO-[y1Ú[i#\+9NM/=Lxm=eo Y?|CR0@CC2 Fʱ_hKo 3I18Q_9jZt:ַQ,N9#nQ\5x{հIj%=>k[zz߱OKA76/k_:|۰xM7I #F[#x׆s_Û ɠ6FY؉1#ޱG6@5C ^~#~><ԚO/jHUfaU*T(y wKDzG/ fkGH+)s,R]p2; u+(+r3a=N@HΜ;lpNO;v">Ǟ&Om 9'.n<哅ۙ^I8p+ E,_oE5sxG1 ;InB_bđ.fES+/g8]?g675اBo+WV{~C!1h~'x;_]CC}6I%QIBW$n_Eokzc&?ל|ԓ4ys1SAws3*9N>I69~px8aхYF[}ߡ]x?ڷÆ-򶺤5py|ǧZػ'wOW^|,>i..KKp'_.GRI9fp?8xKr#⪞dt{6՞^+z1G8%%%nEg{%R٦"-$no#ǟnG]]gC4x|k<x7wq-bZ6Ai\UG$@B1CRE j`00iï}Fkø|¼+V]o|c:F>::ٴtvŷ:A̳: G?b؇ǿ\>#g\[h%IY?* ?8; 7~=d^/&_LҤn[7{>^|94zJlꈇ4V8#.kE֯ K+[?_gqfi [1_{:k'J5ƫ= ?{`u5ƾᦪY񟻖-}iCr7fc7ӷz/?EԵ vdBDqƊ9fgpMx.Ɣ:^XΊ%v2TW_K]OM?W yyeo-+L;‘xE('=6B3\|BբjL귾Z" #g.K8#ϫ?6EpW%ІVZitןf.~la8A6ߴkZSq5 B19ɉ,ɶ‰#r=jTp)o4JZe~6y47O>g[AP ¹o|$uvT`ﭝMW8&xҪeZM3:Js,kZ?Ӡhg.i$'[GI,ӤP$_ׅ?$:i V58d ιQe,knOrx9kM?d,KBI:z &[/"o⏃z[v)$P1-gW7*קMn1Y},ۿUd螭|um&^Msƾ2Ҽ_~kٴk+iBH'}>xSWW&LucTc ƾ+>j_Ǎ+żrx_vR $|g~Hq$ztTGA YTh-֯I~ 3,.6&Z'ɿݹukvY,,Wpc vg> ͷW*|.jѾ#ءHS|kvF%Khؓ*+$)+ÁWω'Om|] .ǪXt7a8;%B[`pH=%W9EPEPEi)z&m%pPƥY$rTYMiW [NG[,)**2rCEnY(|~!? "5YֶmY ?ctl1?i}(P|e%Ooox_R潫"jZH}Ym'MX>u &縋#'9T1MkeϜzόsu v}oxw7Zq3v$ӯ``QAG j$|뷋gs޾t` Oq$-# wwMV8t!ff-" 聏~D"_dy6V܅3g/s5տgOڇ?57Ş)r_R[7~31Fp$- *Ukv&{)S06F+h;k՝|:U RZCk51l$' 1_?c+}O5MGF+5] ~z._~-<]We෕ ; P/99+ s? ⥭HLMgRBmn_,./0Q|KowX`/Oᾔr6ߑv5 ZZ=ՍXe, &W߷O߱_ע#>#el!72:t1h?OU*co7 {k_R}&^jwVħoPC ; F e"v޻o]ϡkQ`I+$Mn&ėI+;9 z=Z%vE!/eevzƯݴ[ãY.mN}濇foO/>2_uy$ v+9s "}>T' t/<::ÿNNRA]4vYs>%X4_Q +qe'/7iZvrlv-cp9d7΋K[ZFc 鷱8؏־qľ6~_}mr]C+w4366;Nk|!ݺ_ y&n6u#:x96m葉膵k97{61먊  j]ݼez~K?LaЗιfin%f%c$%Ti#xVZ/ďdJ̠;اe nU6RKgڇg? ]D@[){nHɢlI x>'׻l_#Tꪕ5KϫHa\'GR>-KKyo"̌ 9dt|^xXt{W)u}r g,FOZ+E_ |B3kFO*Gubu^ڟ4x^EI{vmM~/|w||4v lnHQ^+|Wϋ<1[U֔ŶA7|n`~b_ >-:̮_P/x5tW3_?FW@ƥ#2Pc_qW׎|~|asa]u J-ä,~Xj[O&)$r. Ѕ=lDa5a%o P]I0q*9`i*gi<W ?/Zh˾4/_/=O+_o/>_ k0swR8$T̎䪆`c7n~"?iќΜ_[KhvkU=#ķoxO}_ <\-|?stiw`[`w51;nms7WoºfŜ7Q)c! J(?g]Cg[Ůz/-J{$h򁴼#+c/ew01C[ȲGx;I`r7 H¼ΜyT}e8eNk;?ÔH5tV:?γ,M _=c~ݟTXZpR۰DUY~6&|Ew$_hd^1dHuAWWW}GdM[4uNN7r3O^Ug[NݖݣrYdVa;:5{be]{T.~ϧIϰ^'!%~']5xQk^tk+ RTIuVBdbM#r1_ 1ͷ֌Fo3qoJMu%ՒT˵%u<+ mXm)$+>4sWGGYk5MW@-jy'Y-e6{K᳑-E?dN4dQEcB:}SRtg[[h#ieTV8PI W !- aaVE^D_2wbfPw;Ib}ڊ}ֻ?/0xh𞰹do*?n}zׇJjH$"3^LMrJ xQ_~}VQ~:GqaO#mW0I"|:fPkߍH7śXc;~ c bYm'--b >-| m>y5,y}qڼ?2TOY~((zb6'zv;ECMM./uy_M:g7M@I9$I$Mn vj pvSkzސ\o Y?خ?ד>k}SZr촶OFL_rhS_.m6徆4_aqJA~fޗqwMDKC];`0Xq'{<;xlo}feLv~G'ZE|]Edamf HIIt[Hl,m!Xm@( @6KkqxI|៌7^IJykY7 Chb i]`Tԧ$VUP!ǖ1[~~B((7ڗ._>#P^޾]R;$QȾu>dWErFEu;E|_}jv7/x®VFsn̓4aak_Ywh:}&Ӡnh *e}ϕ$5>֤m[;_kom/ƟgU.u u/.ܻ|sځڿT<Kk.ةU8kceIn,hEuV̟\ǫ~Zix4j+ M[\~)hn!m:$9{;W93 ?|cVwK^KC*^7n)rN+`r|R*X̾/zOY٭cokz^]ixZ''nQU*5)TK>0|C e _Z # V .- ]2~5"E~|yoK6a  I+VX0y`Fh)DGui? >|Dׄúos3-րf#l~m,^^c*pùT=Lvf'oS3*4߃^|m^_j>XbRyڀd1%Xi7ގ5 q||^07:ͼ$mh[p-*r83^oGS[70j36+]MIV~oA?Va~l龭շwzk ]WO]WLG?jZ2F lB{S;>_<^x^(atOw`%)2 B2>SӥK{.serE1{jା ; dKX^#岹S9uMW[?5xE׾!xķS~ H-DQczןzT124aݺ|lVսBu 7zW3S{zL^0#6ld|udpz8\4iJɶ}/L0}k5);%KױTy~>xLNq&{HHc,{'}B@d'?/k(7EO]a_/ 3^k7mKhyIV8UA$dM~hQ V_?yF}S?]O;uf8e[Ec nmw9^gc&`|;V Ɲnh3l:v3I)>9:/nٳǟ t[zH4@:!" nȨyy?zQݟYNQ˩JZ.NV~(=AʰDHʈ3&ຟ] ~?1ŏD5> f*~YP1nY`?mOڦoq庺]/Յf&2*Cm"s4LQd#+k=֠SxxGrqQdf8n//+k'_۞Ug _^cek?'ci U.E GaE}cC&IW+_ ?Pmfc?1_1_ ӵ%x~A,5 XIC[yDשZ|TuG{`z˕e֞ ^Z_qtqj=Vתv~kбr;)sk۴ A_I]6$9&81RA լC* #q?i˯ɟݲY[Jv7GֺnY%{ti%FڱYI=g50J|uׯlxGȇD542[+BN$4q.d$uVPY'̒-#Ik*_/A\M_~ENJ芃sJOrߪa5KW|3-;僼!39?G]α?@5$hk _LdB#z?ʽٻ5FO'wU|]i}sl[t'±O`_Wy~5sd+I ? !Mq4&|#u6n`?_((((qOBÍV՚2}Z;\+%[d`/0:CTOxc R,6)9yC`V}) zĈkduh/.vf,\}%&s(#/\T`Xi!7ţKş X]xF>RHJmncA"q(N+˪k~4k8/}a $%QoKqіC$fi~*x[ιk+ wP4FȤG*r + |;i;~& |]oi:sHu_D mKf&pDzEvAR͞U_? q߄u߈/ t(Ol$QgnYV >6dO%Jj~ |5&Ӵu|y(CDaSvk A>;O V8v9{yc`$[M^|m$dL9G/G^6t $-wJß.BLaCIeЃ+Ժ[c֚sҳ\~W{mEcLBfi1,?ʊy9M~5_۷TmYi o ]O]:WE@ OſqA~o<ַin2S8b7\` f?O 7._2摷I$nGwl&)˕{Jqxxj>^u^ i6i:Fo (R8PTU(d ( ( l%G"ta`x ӨW;~?_?YϢ$<>G[|,ȄapaU"y9ַ/>e^S1_G_ǿv?ۈ:/3]Ձg/k֫&ix?Want>+Fr]H5 HueZ^aukf IJ0,@I[x(7~AA;㹆e匒ˁvU)|lYV| ^Zɕaڦ6!E<1تtj;/ױ*S VnrI]$[]m+ݣςLg^.?&兦Ǻ"UrvHo|F=+?ٷ[>&|J9$f]\]\,3(UP"MŰ7)Ҿ+K]kmoͅ7Z_ڣaFn#`A W?+^E #WI%wix֬f?5ݳK*+ W:ɭRRVz^?薪r%z5/R'is%m^s/ ~|>}g:Jb0]!Syi  sOƼAjch6s@Aާ`!"̾.Zn{atI:M8W+SG_[xy泒E(.~r\`ҴjA<+~ ㏄>+o izt:F⋈8D≕Hʐ ?Q_'oiK\xC^xwb"ʭe g/&m?h;?({X%ݸa0uꪫr@cS FnUn[]+^/춭wCqY]zUgJ/&I$ڜ~ҋiMOTqWG>&Fƞ;fO.d `C;hpwrڇ#2H&");Tbzm@3X5g]/FSnj 1V HGG?].f#c/{/$W=y$~Oim<n}վwh|kmDymXt=F:7Ќ7iٷ+x<+.Ml,",$dX^ϯ|=e3 qEs;%~7?Mf%]k^%~iAVyܜ3+Fа&Ee%d~\+,/IGMWÿZ-_ a<_g1 .ϓ,LVT bE~}xJ_g4_ v*^PocXBp ~i [{⧎>qig越.wƮn'+ R"s_"]^OY|Z c 1u)iYDRŰ~EC¿ 0F o>=6iJ2pn%=S mwj3}Kag>nJy$G͟+.V9"^>Cڳ54&nYvF*>| >?i,H?,KTE|jiVڷ.ҷVR̞uHP٤ek~_5=j^( MY:RRx/S.7Y#n ֑m]:b)֏='uy5}jz=jѸ*Uc_3|@m K~i3Ffubp{ly2h6vW_Ljz>%Ŀv1ǰZ/$CƸq؏ge}lvt֫fkѭW>/,&7yjI4{F?p}WTף|\;mS.,/%6UˋyWE=dA"߄_RxǍ"&ux1@buʟϔ!Rvu ҷAkH9'}C]{p_?cbo%_ ۵5,x\B̷O*1O tɷ&ȯT"EPPQEQEQEQEQEW_+G?|--tz0k ڱ-I1`K] 6Ҽt h"}*+)2/2q)6H E 2/aQTOnLNd۾Uguwe 5I፟ozTe_Eoc Wða}>Ě}O^Kh@9&yʳ) ~S ( ( ( 3|S~ W?zޡp`PX+u|_$BmBU}6+EݗϼD7 iW8,>pbK??hiq%v1 Jn2zꟉf Y[^?厣j3bl#qˣ) s?c~~cgk'?O\O}ҳcQںG*t4M>I`̝HP{αڸcv_S籔xTSI96%}?ۓ.!5$ Emq[3F,W Xuy.y5dw2H竱9'4ҿ]Tƚ+9.XLշ3iu bZ20dWZ?;|$$s{ 0eC}eC6:/ |xjM\h7:aT8'{ӡcJT+k}𕲺Xv*Gɶ6k9?iE',bx%a"?깯B haPX pJ x NO]#Ű}XѵK0 7IKk}_G2 Z۲PX=ҼjeV|=Ǚޭ!/⦛,<^ӼO'GSN'R˰6Voխw<>!m?\ZI,6>j%[ZZ[_rOe {W{_]]L76dG;@I'Eo?F- ?-$>=zL/c$uoˢϏN'Kެ}(eCǾ+ּU\}TծovGJګMsyypoG'?^33DZkh 6֧ݶI6i>^>I+-Gd~15_iNUuZJW[a8|Qf055C^F>>;d7J3FwDpHxG?_]O#@}tֶp+4rM~`/ M?7?OXGŭ+  ˨O-Nmby#VZF@$x<W^4GxT_?e X$ ;2v ܌X(Uqt!*#UaI(>?/ioG+@c]X vTRD0~73>$io~wZ׈u^[8ǒ[p#h Oa%w0;[nwjus .ryڥPvQҾվx]]֛w+}c頻2 LU)F\SMגnsVUk++%]q+y0/X[oLz?uI^xJ3DkgaխwSe=I?i\=&Et?P3gytk:QuUfEd9Ov]_NuHk.EaA,KџCR"lY2I8z ;| O Lŷ.`s Ŭ C(8á#"|I Y|Yݺcb4`#P)cǾ-߻8F?{;W3iΟqgymo{guC="aH0Ex8\}~_fe*?q!$6 Ww'.i;ߩTq^JZ5l*?G|JtXr2#] 5K Gfk &kMk M/h^vy#_ɏxRobTu)̒Hܖc!Y,M}#u??C3uѾWo-urT5kIOkKrH9ؖbFIc^ hܬdc5}WӌV~oa<9ʰ)Qjswײ}cJ4d/7W}l.YaݼOc],|]3隝o ~jkq?[NnW8=bN{}fb{ J{46߁M:Z<됡a k5ٵI.YU{RxRxUk~U,q>Z|uϚU׃uϏ.eHAWxFuIy qo5#\/%+ˑa \Muu4L,WcO$I?# 0S,~j{xxi3ىTh|.SWlCcqQ[Ej}aW^ed-)~Y'C (O#iz~*Gn5Vi;q~ jϝs+!&==y8š\}/mtC]~^ikZ֧77ƶ>(cY]+9os[HK]yxRm|J7q~|wk}ހY7xNRX|"6]H*FEp y;o}&yp/u) 3G,8SwSnSѮ]7Z^L+UQ ;F]S{F^F]_9ziIV,l^W=ڔ=_mLO =W=U+MSo;1t)wt[o)aٚygj(#d`_ *ȯڻ MC 2Pd2,ˁ@36͠>_@I#ǩA( Sjyv.-9tc}Q+SG:}uXP=q?~";oڢCmbe9 #=1z7o uy1[9%W?~КIԯm?ZҜQEf~L6N0m6I5=X#t9.f;c77ҹ&'A[<7+ oQHfPZy>Uį^5Shfp8;Xj(c'j/"eq%^Z-r!oLVW^>7'~8[gIZcE&Պ.?/;dž~~~*'V4Ķ^g{kib(pU*^sԚO)yu{ wMK˛IOR#33I 9Tϟ_ [kVRNR{=w?[O+'>|~~%ꚞ+dDīD WR# +Plj߲ΟikZ0d 𱤅@2zs_ EDRjMj[6aETQEW_^)~:OĚ_wgÞL[cP 3De l)D$2 |M ڵ_Źh3GWgvUPY?I sxk2by|9J˦eBYQbGtʜ<O$㱑QudT*f  \)i ƵL7L):!% v'"<}NxG|Xů/[Ei#3:=֭ZMO 0LL.~hG;N1_˖?yZ}#/)kIEǑ`i]"^OX!om7$ڽ5ڏ.`C ΩmkkAgc e;rY@$=O%),3xOGk*KzQћWx*t|9>O'x`7Ao' Oe&E϶]3BbbO"i,g0Ԑ1Wú-4h4ImG +0쨠V cHIoZ4kjzt]duC ~ԟ'v[/'OAk.SYZW ËE-6X 1^z4Sv{2Ҕ~WZHǴk}*]4>!.[wK|@V5q@;[}fÐRkW+._.8yzrhO|Nč5-XK"ky׏Qu#`f'+%|o}&mCSηMƣ2`u[HuG?c!4nמ1֣dlߕ\ȹ5=Rl\{[G76X<5LF>ь5m=7]ZI~'_>ڜ9Éts1ߕW%֤Pu $WlO%M}/ S)Lne^n9/<3;S5~_eEΡ"ᵝG]l@y_4ߴ7.ھG|_XۺVe;#?o *xvѼ5j=.ľnGH\glwLb#=n8ێ68]|=q{onox;şoFLMMNCCP?+bsIz%Uoղ}ky=9K˻l|ɼUsgKWh5hZƱ?sOs_:'~64ۏ PcXJ$u&aBK:~o Yn2>FWJ#fwOkzQQ*NOOTL\tijLMw}x4n]9[C9XpL23I#1?g̩:QJ_Jhy߂#ύJw6:'܊%p%\Kxb>Sgs]^tnOݙq=Ѐ{صݦTy{K 8e|8xo'??  :^%ݮ_I/B&\wV-%ͣZ\ai3iWx% G:2oDu6˸n,1?j->(4zQ~8yOmQ~zi Y}_ ^{+e?c ( udVw3$- apI;?u߽3 u |ãsZ 5&HۇGU`#5WxZƵڦ)fifnO:sT>u~CĿ]65UPK\0p? .YGٖo5+Y gVuf[mIiz%#s[)+ݞjS+kus^\<~tDZ4/dXmsvԞwKc"hmmԳ()0~сLz~6#ײ+VaYsAGq5jB1=|$g- )~)~Ծ6v&_JAK}c![ϐ` Γ{tNKd0I/;h?x;Ot/xIUOYȱkS*y''_Wߴg(]\"gFK9E&Tq~BuMI^Qܴϯ/&2EjG7Ncu(YRd̻JJIUd?p?}?ixWzi0@Y搢$^I,kg&l=<=(Ѥ$QE#p((((((((+sU/\Y]|ǫxVT2S]bF)$:1!Կ_s~/OeGk'aחYhycWE5&0YZTU!˥/|E34_ky,:ws[FD,iB3FŠ)F*+;Q@Š+*6?aO|X+OE6 4_f;H |4HC+Bk ?pxMwZéCN38n!nta ߤ?>  x¶b7yq7:6k=ڇZ~o|IH$o.~fQe!F?+Q<5{/ĺo<qcA&Q|NZ"ۿysJElzm}v~g,cǓSk&íxi%#>WZ.e&MԬ/Iouk2 z2:} ~AL7׾+MxdOU95y>Gj1i _}~#gPd?zOգgKGOYV;I'_.:ZZ|w~/*o6vVapd<3N}Onm4_%4{8CM}^%NԦ[7vQr>_Gh8vkg|/ďirꐏDG ze?|"̺7l}Ak^VOHRI}?ۺsJeUU;jvǣEX.ck /RlJ/szj3YT)ѕ{1NS%}z}TkӪ`k=W|6'3tgO|mE=֬xL152,2{ڼMz9:0u*Yr4%կ#j&7'WR鮡ңSY ͹d^ԒgfS3\wx+]u -=6!SM)J7ѵmtvcr(3QwJWV}+Fg,~c'M㶷VYN>x?!jQ|Ł>a1"/wǥ]wt)j7N-Qy=n2ݒ`Si|˪_] irEvqܭG־><4K&>j0ɮG,4o1k#DwB =묊qe rA_Gu㰰5R娾KG4{>%A$S*Â@ּW[{ֲ[[olAɖpKD]>,"Y7 Hϥxi/pN5u`ILalft2K4GVf8S|KT7Zv"P<w=:g|@d_NN6Yj/غ~uG OY<_ێ[I&nSTNW~O$$OM1mU4a'wA=5zv)7XDM"c\>%IaҎ~*\y>9Wl=ռ3gqq(bvnW^ ;hZ;=G-jke-!GźG~Xg>6Z.#rYK;33I5W)6| AY/gS$Ÿ*7kOi^it-[D{Lд^yFv'5@|%ִ/X8]\k,Ŝq+"8 PƧ$y^Fw$eRtߨQE ((((((((((((+?jMs|9|"h Tɾ/paxpsp .?/_t_UM-뚜aG4Z:-\&/"x@1sCtiP2ƧX5%J0.sJgK,; NRl(\PFh4P=4 B3ŵK,3ꬬajl⚳<}~k߳l~:߄&{Eiym%zgÏV|S˥GO'E;dX9VF96W|D6\xMutXF#F7?(<<8*W5vG~+Muln?$֖5iz}^$°*`W~y~ӿSo$6}x?2eN7bWZrc]Xo[S.-+BO-cVxCĖ+ u qxo%Wvonkm-9yR!M*!"ۓ'r4={FxcU^7}_?#RMk; ڣ5+ ~C,lt;Hk.\vf 8W w/x7d^5k}>j0*Wj hOn~ڗq2d𿃵F,Q )BZ+)AoÇ_ إާYf1: 7oxۺ{/ž4Z/>"]iknȶ&2o#c $LʒRA'į+/AaOnUe%l4!eulK/.̈ߨsgG1~vk:棥8t}>x{UN=B$w+wEo /,7{6;=ֱs7{BaR8%&FxWǏ|l=jO{k' ,V,h;Qdk %ttH4[|`n~܏ՅJ?='Ԃ_RBsLFԴff&ԡE>2(`?W_{I_|/=&lIkq똏GVH?Uӟh|&$'`W=ż*n=9FFo/yk%ǖ{YYJ#*T}~ io&M2r?ywvi2Hǩ,M{OUoeeIUd9 5tDwB*)܌O'~"[~sQaԑ {]-x_╫MI֖>$KiKxt>̢&u9wk.5m&?w+}d"E?Sˣ?>1YN2qySvMVMJ&{$pƣ,ǀ&t]7\do%lj4KVј =pcy8efM_~o!S\rG&իkw_=d1҄TaIEڿEmw^5$s]#&  uW2zV⋶viQQ^ث:Va/'gkW$2\ت䮿ػM{< 2h~$TwC;;PZ_3_-~!i)0o[#/bz}E}ILKҬM3?{͇}>$ |Wohڗ_\)[Rʱ^Ú񧂴^52X%er+xp-׌<;}܇$zA1#K~ooI]{q[d(%7g+_kC4K/-.b0^i -G #A?-qfQ U)٭'k]SǓF7edn dG'+U$Ox^ &'̠a{dr 0ȭ_Wu}}s54噉I$_g6X-?_?*/^=-wjW/ׯ5MNKCP.'س7'j@UTU9r擻 (ijFX=I[uK+f70a&9WF :0OQƥ%5f}q67%gSK<V"|='-o5#%4ѼIoXh4]%URq"s8 7|߁|Iм'=>-;La`g6{,K1'o <;xm ?ϿWHvU2~4`'ki >*jme(2dڧ9??R)oƏ.W_ G ;O;Ē+\|\k;\h/(iz.g.YD!O5|VHUu-@c[a*YkM_嘷roNz좚O՝|[s5ԂNGoHP;ruuӯ 0*}B{H~'HuMZD ʡ_@ye{oec+ni]G$[i#F%eng&Xwtю|ʖ/Y;ӝ7sԿl 4fվk_cˆpW=Rx/kN7ϨhWz\X\<  ^x^Ү5O > &nbW Й8ʒ H _`}&~YͿ?!YOjz$e#B½i֕}W ]ØOaW&=۶l?l?>Qm,w6SEc4lYG!9v'?k* XL-xG@!~Բ0qXP _•x_xx6 ?3[=xz}uQ߭{K>+ж{ԵV^FKvS[v_y~S/r%8V=|4IiZJ\#BClkG᷀4~|;`F?zV1坏RMU5 hq\j-?K>=5c蔭IS]u>lDK4mݓ Ҋ(s((P +>*#&z|3k4  [Ő. =6 Q_|ey[hyyo$nmPז<wFQn~.h!Po-iYQrAK ,I>חmoca4NR]%oOkwߜߵc㾹_Ki{D$DvL4sN0aFMYEYz#I'-ϸW~T|m~5RoRzQ)\Zw? qjֈΧs+퟉,巼hm!+A K:]e90O 9PYpHﺵe_.#SڴY1Ym_iS韽F_8h [b\2a#(fbWg+zվOktqgj9dmˆX;ڿfqu-'{5>]|gzva] 8\nm89M8%GgQ'xr9%_ 1Kϳ~G/}3_xoLOȩńs1;&lN9|yW}o?PciLB!sLOAOy8r*%{oqZk G›'p2NwSE_i լa'HV -IQrf6R_0u*57 jIv聿pw$l0jЯ(_Bտᖛ4zŏ]?Lhf5j?/0:O<7>Xo. adn6wO1,c;Ki'lqxeDž?By4a#k{;񵬍jݭ Lan9FQ\5t.MS_u՟msKzp;6pAdֵHuetuk[xJQ:mjJ9E]K3~^2|xGAa#rm'ƭ[DjN!S[Jkq^Wo9VkNoQ!+|J/S=)3y巇>)ox+7mGxFWCc5FT{ҒI3a~D5%=QXn)ͮ:ҼALSf}\;4U|S?4%lG!d\#ʉ?<5366XqGu'i8k  :}7}­5.Y~$Wv\4O袊U ( ( ( ~5R~nIUDV5jY>Q\}ƨXfߢajͿEl{n$xR)$¸]}ڶ?7ݩ=(?RqjֈΧeuj˼ZZ:WE=g}+9VM't >h=9KU-UH+28jEHk ug3u<ω1WWR3V~pK\fxfreFyf+KK4xfK_ctf4RDE{2S1޿O"'. 3·9<]J;k0E,]`v ]>`ϋV~gPpʪKI.QEf{EPEPEPEPEPEPEPEPEP?x~źz^o%+52)GD`Uє* aJ-~wSkW^[3K"WcWP޿UQ{[ּ xH{]3esn$Y"8NrF5ʌpTgRzRֶ28|~6G?%7V~@ d Q=ӳXzN5a>ᶗmV&Wߵwn|:OG0ɨjV6.so-΋ϖU~8gíݙAt6ҟ;cݘ}kobKv1>ke߯3F(6ъ(cQEq9wM6WN5+s$ |xA/5OxMIn7/mɶY &ӵ[$J ѼבG\xb Up2Bc !'Wp>t{k~>'2ZXKTKz(aQEQEQEA?jx*sL'j+Բ}ƢQ!jͿEb՛~YTI? I>ORIqKs0ߧU&m~5RoRzQ)\Zw?5v+O˾՗yҵ/et{&(ϗU{V%>^U;cP} w<׍mO6.xn.pYPTUQ6; r](~Z3\~x~'е KTOKn^6Fx*pA; 7//uD.{im|*[jjD|~[r>@v?7a- yuEtpa[W^[t%?1èܣ-Ŀ*)ÞQEQEQEQEQE!@ Y,дxWT5hI,涽YT0:2ɒxirߢoC5}7Nԡ4`>]JRAɯՏS ѡd+'M|EC~/mX,Y ;4+ wznkqcX\[΅$E8*"b9j=^dZ8KX~_8뮛kV}JQE{gQ@Q@O???J?jx*tS+I~5,>Tw@ZojXfߢU6=r}’O)S~}\R.wI[z2tPJjg7?JLYw+RV]J觹bzWb^U>\cUsl:L3_I?N-#9I8k _&3$P$"πle8DŽm_G9~%\ܕ( Ck+q ǨxVHǾ4=FaO~׎FQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@ρ^> x}sž.u+)S$SG\2:) GVx~+qO\H0U.Yr q pEX )k[tX`ⷁL%`Fyr9S5ʁ,p1`̡jבǏEғ>t ~'hh*hL8%OUaٕVGj3_E(f>|dԾ|^׼M൷L'cԒMG"*; +lɯ{ZxS%C5~_z|tS|٫_;=uy%ՠxVsJ5k)vxZ3xį xIk|9,FOsmv>=MyWRv#OJթy̿[Iy3I6Fc'L4rT2k<`]3Vznmn<9Ɨg_oL?ɾI|;oxL?mkPҴ1{DQD;e':Ҹ[Z]״+, ,ǧL"E5TSX/vLƜL~^ 9u5ׇ?ci\u z︔?b5RN+*gR\oꡇFΌTc$܆eɪY#_ʎXv21_D{pI, 2Z +ᕾ`nˁcZ>1=ϰ̶Xu}ק2>c(>O.khIu"{T$ƒ:~j|Ck7''3Vwg $0&Lxx}֝~/>pokQ$ww# WRvܟQLZ ok_%6d|9wҼcR8[w 6z^m%I ;$ sשO἗oϧ{=7cmk sל<,Y70nḋٮOk? }?kko~%j ߾[aԇWk pʡq akUNdOk\X/7|?~/:ŧh:dM"%H v+#n[I4zލoFf]G\T*N:2U|$'߀>'|1fk:\m T*\dzWOY:gW-3&.z7I{k#t/t γ[@W'$:^g4|a#2#1=:_#ڷ܏;Ǟ6 ;GEX,jRZ;G`]  tjPl,SPo'?)g |J㼷mizJC*Un-;\pP&k|h&BK8f(QnWd ϗ,/Wfd|p8yc0z(_z}ʱ7_«}w*㾰4nM_rWp֡>~ܟp5>&סUw|i.-s#rb%hc98tNkNB?w_ oZܠchRMG`yڼ ‘ݍB^YQEQEQEQEQEQEQEQEQEQEQE ^u>ol҇iP0?@T^(p%\M|9C;;_DNMo< d>_nK+ ςߐ@;pۧU7'"fRw-^6tp@Y2D?KEѫ}SNf5V]z5~)꺧 ViSۊghxA9O_%]R*|Mҟ ap1ԍ^ Z&ehB{K9h.c=NGȯ3|VGv8|V[5hm ik6(((cPV-1,PzW_ÛP,H}CY5k}6[,~8 cĞ!OZ!zL#ܯ'QTϋS{kw4-\Ə;C}k5I5G;F5;{Ak._R+ 8񇌆x0 [4/;SW~|!KEծ--ʑI!$1]Zp(Щ6e[{LerTykF/_]"W/gQ&Gq\r,;{׈6Wҡ)yHKv$}-k?h>m44V ƻLu㶕oxoKa_@?ؐmp=#ھ uqs^rH:{$6_~<׀so?xrUi,TIK8۴O-̕:ajXӧ[%\le$Mi&&]nM}o{~4x8H˘j W]}hMVc,oo[邤#ů&G>t/&N7v!6W4.^kU?gբKg֏92gſ"_q=ǃa6 V#c:(]ќw'`W!IUhwچ}byl㼵fv<%v1qŮjNkυY ʅL<5ttדkK#q3*s^_g~ؐ%N8ٗl"/=WSloӈ5ZpD,t O7j٬oG?Ccur[o+?uh 6 V$9VV Ww[|b4Wxl.#UA|ZX*n.vT "@+*4.D-쬭ೳacjTU*pΔf/*hv ( ( ( pO1|%Ae|ШY/.l3,|k$T9j,-PmCK/AU59KV#*&,%];+ns(GYے_>[^㕫u* ;׹#&֠qyr\6ds5|xvR4wsn#l^\"ut݇u/[N7t|::S $uΛ#z21C_36׆'_tu\/Бn+oG{o^%tHB_UkYm&Xb00s$ (7յ$&IK1I"Yihi[+B|pV|uZ?~g8ʿ؏ w>xu-h/-KBN9^5KuS>_ >1XxrbUA78xGZW  Uk+\Iхu՛N9Z.5>kş 4{\Ӵٮ-uvX\!>םh_[K<mOL.s,Xƃ"Zn]HiG[y,V^ѭizGkٿ2|=CM[=#Olׁ[?(q@9+m1QV⵼i vJVIt~)x_4lj|;{?TSRBIy{]x}8VR?J|\,"ctT<߅| gl,ڧĽFPwe^3}< uE~vW6mxǑKȴHDi06$C_MEuT]_9(N8YFER~㷍?k=J? -29M&ٺ^ O|+ Vey K Ԛ10׼UcPmJ%S~_ nwQE2#:T_% Fht#᝻jI5ЍH䃁qIs[iy"oiLwc9fbx *{.جSC!B8lTQEQ_8ڟV cp>'|P擭CjXXdGmXG,x[㦟e|lQfҴq!e2Dj$b-ĎYbfg_ϠH+_%㶏PheYD $J eW~QEQEQEQEQEQEQEQEQEQEQEQEQEx#'; 6xoA<]c42‹C( TI0w(Nƥ4~bܔ38;ۓ> Rn'F7##;7 HWN<:eXGߑ4Wz-o#Súf| <:ulvѪm{4Jlӊie8:NxWj;^Ϧ}[Eo|^&6{a U@Id|P֮$CFv+j+ci| Q^ֵUoՖ}T u g_|Ak:çj{yw}T*Dim4e |z2`.b#x7qv q9[[dN ~ni6k|-eZr#3+p-?6ՂA#56 =*0tb%ey ^hE,V=X$`.N8[W>◈|;4˝F1D>i}B/EVf*̨Fm'9$q׮3ue;I o& UJȡ(_Q|%74brY..l"R~f>CP_ݿ}kzxyO^7ey7˞Rt/{ZjrY#Wr6˫j Vqq@3o.@_'Chop\7/>\HfU(qFSz]Lj1Wθ~֞䌲^GUoߥv J??+/fr(rh?>͒/ڮYZڋ'< Z#IK.|e梳dhi}vv1t8濽/k-:xYlkK <-s/m?Y#|@;;HUPmAf!u!y<ݱlZp8$}GQgSbzqIz/|?}RmZ{9XI^WOղem*{:[FHkf89GE%k տm< ElN2iMr#\aagwc+/cO5/kS[7Lk ;(,@f|xe>7>H~2֢;Ft6Gc{u9O1N.-B[16J`` h\ i> \|}n>z};_#I15۳dKp:` QEq)+-(aEPEPEPEPEPEPEPEPEPEPEPEPEPhcԴ-u Ym;w\5Yxh^24υu9dCV)=3_1tO&j*(3X<@K€N\j`WgnR&g? |za=df%ş9} ~~O a0߄o-VUD}Lpj y4XṄw6s[ )a$CG>4>>~^,< cTa5$L@qskY$Lk+Howy"|-s2\cI[Ivo!IQ.d|++֗^Ri)'kծV/D.'<B%u {y $EHBc }xKOut}s}̈Z;x^ #9!Q s~U~z֭/PɬC{n5(FQsWRyAFPFFT+\Zx^[xf%_^[?k|HFc4TEvQ?ڬ)K' !<-xI5=3NlýK;ୖ=Df J"pN E831_O'¿O2թ]KIP+ty6d!~fO t? |; /:|Lۚ8 bQSRwIvGbO_$S3z(O<<%.A4 7NPm\;(iqFTrkP?kߊ\ڊo>M:,|/ 薛vghifaV"8?k_ ~7{4z%C}VHK~ Fy"[CW;pڠHmts+/r?Շw\eS* כ%¡cX-aPֿh_|yk_~_sFn`NGBSRkczUW-X/4"ߴ L=/kZ MPVEPgLn7['Z~1[ B|ůajUk}'ᧇmtI>-_Jk&S 1C,һ.VI#*8O-9jzaڛ S,^燼 nel"*he%u${O ?V w$tG>&n~ծ d0$iG(w# g; =~Xj_ 2:n&y׆3`LmBȤfe/[8Jes!V'IebH”_,.++ڿFA;=/Kt>a$UU*VgQEQEQEQEQEQEQEQEQEQEQEQEQEQEQERE_4փiN,"y"u71ȬYN2s] oea0C 1@G:b1૿l/۷X;> [iM_im5_̹9,]db>-ǁWNMѭfIcP@pa@ mǽ) =kE4O:ob+;M3JuUO F+垏#݋kijv\ts+(p:8r;ԟ?g~AwCk] 3G* ƊX3)K)VuO`"GO&ǿ|D[vǍ-c^Zv{ǘ#lWJ.?\QE#`߳>$k[M^E۾e3(.Bf⧌,xF]H妞Wv;?3>2Iy5n|XKfk4NY`붻Ow_z\*Zd xG'~??ui?c6G0RQm;M<>wFqi8&-<;j^-/F:^g̏X4J f_+ߌu_xZ o:hv8p" 6kc [atm[xcFI=qZ0wۢxŅWxҊ_M6_ٴ8=*?s$|Tt2\:_7knPwyf +($ɒu9?(??dVx;JKg6n4~WW3.~}HW'19yfUqmvKk-袊Oڂ((((((((((((((((((((((!>R 2hcۿ$~,׿_x׼WXk{0YH'+?((*m'F%Ә?3f#RyŸ-jKOkv"HvؗD_7G;X(U"w&+׌c+dK!K2zҿgo?5?kO|__ ]4+J+i$kĺfX;;[ROq^⏃|^*楤zf\|w.Uzd;r6E.8"jJSww?3~ PPThJ6KY6IO+ 3iAUʃ+|59 |M*VcH+}e[4+{m[G-Gws 4'Wkh\9iEĂ@FF]>_w99f,§=ves[Bj7ɨ?N ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( -|0Ѿ7|+7Gh]]hvAsks 4yRnGa A;SួúZN컷oAp&Ine/,ac}kp\zyҿd_"/=;p{ bV7yM7Ş|Hb/|og&Ə F/n- 2Bxdaʰ%Hdb݇#xW&弒/>y9|pu6 WЮ7n%$ BIVB&X+wV?___TYnx7[DiB)sg/ wJKE~sDbmX ?_C׈bQuOqaBh.7S`F7pAa^'*5%~_x{ICG2]F؊όucK%׈LaFmSZA>U!bp԰.0QߴM槡 mM_ơ%\-miRc&+¾ վ xy㗌o/$.diHĽ4 UU g-ٷezjV|{g; [';cxhH ڡ%OLGnn9a!cX4K=ysOVv=g~ sużqۧ¨^2N|PZK?_*ʤ%_.yuH&|]|ekxou[2k!+f=XI@"%k[t/֓kckNKH#s;(l^8žC8b[ $Lz_xg ~ l|;o Y٦maA'YfbXI&? 4? E.i:6d޿M@~¯o|L2i-BO(+J%+ EQQE'PQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEW?Q_&o)t+蔮9'Oū6 t~/ڗ [yW~{kY4XmA{钤nx7o]įO淍2za]=}kc?95Ke_'t|s ɻ3o@{J).2ty^~@Z;x̩7W|(G?jwd8Uӑ|:nV(ʎFH9%㛏_A-VKuE.!\OR~!7> 7><,ema )v0̫VT(+PL?gW^PX14G1vIgR=o{ A_?oGE#Um7BXDyMB*cR1>#-:ՖJ4Kn|IqؤK_[H~H[g;aY[VBЬ|-e%+ HEU@@TW)%:qT QAAEPEPEPEPEPEP