Changelog for hydra ------------------- Release 7.5 * Moved the license from GPLv3 to AGPLv3 (see LICENSE file) * Added module for Asterisk Call Manager * Added support for Android where some functions are not available * hydra main: - reduced the screen output if run without -h, full screen with -h - fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS - fixed -o output (thanks to www417) - warning if HYDRA_PROXY is defined but the module does not use it - fixed an issue with large input files and long entries * hydra library: - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems - removed support for old OPENSSL libraries * HTTP Form module: - login and password values are now encoded if special characters are present - ^USER^ and ^PASS^ are now also supported in H= header values - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\ * Mysql module: protocol 10 is now supported * SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option "TLS" if required. This increases performance. * Cisco module: fixed a small bug (thanks to Vitaly McLain) * Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin Release 7.4.x FIX RELEASES for bugs introduced in 7.4 * Quickfix for people who do not have libssh installed (won't compile otherwise) * Quickfix for http-get/http-head and irc module which would not run due a new feature. * Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting) Release 7.4 * New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) * Added support for win8 and win2012 server to the RDP module * Better target distribution if -M is used * Added colored output (needs libcurses) * Better library detection for current Cygwin and OS X * Fixed the -W option * Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested * Fixed HTTP Form module false positive when no answer was received from the server * Fixed SMB module return code for invalid hours logon and LM auth disabled * Fixed http-{get|post-form} from xhydra * Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz) * Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-) * Added debug mode option to usage (thanks to Anold Black) Release 7.3 * Hydra main: - Added -F switch to quit all targets if one pair was found (for -M) - Fixed a bug where hydra would terminate after reporting a successful login when an account would accept any password - Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!) - Enhanced the module help * configure script: - Added fix Oracle library inclusion, thanks to Brandon Archer! - Added --nostrip option to prevent binary stripping (requested by Fedora maintainer) * Added a Makefile patch by the Debian maintainers to support their SecurityHardeningBuildFlags for the wheezy build as requested * dpl4hydra: added install directory support * All code: message cleanups * SNMP module - originally already supported write and v2 although this was not in the module help output. Added :-) - added SNMPv3 MD5/SHA1 authentication support, though beta still * HTTP module: - fixed HTTP NTLM auth session - implemented errata fix for HTTP digest md5-sess algorithm - set default path to / * HTTP Form module: - set default path to / - support HTTP/1.0 redirects - fix failed condition check when pcre is not used * IMAP module: fixed auth detection * POP3 module: Updated auth and capability detection * Oracle module: fixed bad handling * Oracle listener module: fixed hash size handling * Telnet/Cisco/Cisco-enable modules: support "press ENTER" prompts * FTP module: - Fixed a bug where 530 messages were incorrectly handled - Clarification for the usage of ftps * Mysql module: added patch from Redhat/Fedora that fixes compile problems * Added IDN and PCRE support for Cygwin Release 7.2 * Speed-up http modules auth mechanism detection * Fixed -C colonfile mode when empty login/passwords were used (thanks to will(at)configitnow(dot)com for reporting) * The -f switch was not working for postgres, afp, socks5, firebird and ncp, thanks to Richard Whitcroft for reporting! * Fixed NTLM auth in http-proxy/http-proxy-url module * Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at * Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com * Fix http form module: optional headers and 3xx status redirect, thx to Gash * Fix in configure script for --prefix option, thanks to dazzlepod * Update of the dpl4hydra script by Roland Kessler, thanks! * Small fix for hydra man page, thanks to brad(at)comstyle(dot)com Release 7.1 * Added HTTP Proxy URL enumeration module * Added SOCKS4/SOCKS5 proxy support with authentication * Added IPv6 support for SOCKS5 module * Added -e r option to try the reversed login as password * Rewrote -x functionality as the code caused too much trouble (thanks to murder.net7(at)gmail.com for reporting one of the issues) * Fixed a bug with multiple hosts (-M) and http modules against targets that are virtual servers. Well spotted by Tyler Krpata! * Fixed SVN IPv6 support and updated deprecated calls * Fixed RDP failed child connection returned value and false positive issues reported by Wangchaohui, thanks! * Fixed restore file functionality, was not working together with -o option * Fix in http-form module for bug introduced in 7.0 * Fixed xhydra specific parameter value for http-proxy module * minor enhancements Release 7.0 * New main engine for hydra: better performance, flexibility and stability * New option -u - loop around users, not passwords * Option -e now also works with -x and -C * Added RDP module, domain can be passed as argument * Added other_domain option to smb module to test trusted domains * Small enhancement for http and http-proxy module for standard ignoring servers * Lots of bugfixes, especially with many tasks, multiple targets and restore file * Fixes for a few http-form issues * Fix smb module NTLM hash use * Fixed Firebird module deprecated API call * Fixed for dpl4hydra to work on old sed implementations (OS/X ...) * Fixed makefile to install dpl4hydra (thx @sitecrea) * Fixed local buffer overflow in debug output function (required -d to be used) * Fixed xhydra running warnings and correct quit action event Release 6.5 * Improved HTTP form module: getting cookie, fail or success condition, follow multiple redirections, support cookie gathering URL, multiple user defined headers * Added interface support for IPv6, needed for connecting to link local fe80:: addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome * Added -W waittime between connects option * The -x bruteforce mode now allows for generated password amounts > 2 billion * Fix if -L was used together with -x * Fixes for http- modules when the http-...://target/options format was used * Fixed a bug in the restore file write function that could lead to a crash * Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T" * Fix: if a proxy was used, unresolveable targets were disabled. now its fine * Fix for service://host/ usage if a colon was used after the URI without a port defined Release 6.4 * Update SIP module to extract and use external IP addr return from server error to bypass NAT * Update SIP module to use SASL lib * Update email modules to check clear mode when TLS mode failed * Update Oracle Listener module to work with Oracle DB 9.2 * Update LDAP module to support Windows 2008 active directory simple auth * Fix to the connection adaptation engine which would loose planned attempts * Fix make script for CentOS, reported by ya0wei * Print error when a service limits connections and few pairs have to be tested * Improved Mysql module to only init/close when needed * Added patch from the FreeBSD maintainers * Module usage help does not need a target to be specified anymore * Configure script now honors /etc/ld.so.conf.d/ directory * Add more SMB dialects Release 6.3 * Added patch by Petar(dot)Kaley(at)gmail.com which adds nice icons to cygwin hydra files * Added patch by Gauillaume Rousse which fixes a warning display * New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration) * New SMTP user enum module (using VRFY, EXPN or RCPT command) * Memory leak fix for -x bruteforcing option reported by Alex Lau * Fix for svn module, for some versions it needs one more lib, thanks to the Debian team for reporting! * Fix ssh module, on connection refused a credential could be lost * Fix http-form module, a redirect was not always followed * QA on all modules for memory leaks * Better gtk detection (to not even try xhydra compilation when its useless) * First blant attempt for configuring to x64 systems (Linux and *BSD) * Updated network password cracker comparison on the web page (for hydra and new ncrack) * Indented all source code Release 6.2 * Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) ) * Forgot to rename ssh2 to ssh in xhydra, fixed * Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module * Fix SASL PLAIN auth method issue * Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap * Added man pages from debian maintainers * Checked Teamspeak module, works on TS2 protocol * Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah ! * New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support * Add SCRAM-SHA1 auth to IMAP module * Add module usage help (-U) * Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep") * Rename smtpauth module to smtp * Add SASL + TLS support for NNTP * Bugfix SASL DIGEST-MD5, response could be wrong sometime, mainly on 64bits systems * Bugfix rlogin module, some auth failure could not be detected accurately * Bugfix rsh module, some auth failure could not be detected accurately * New module: IRC is not dead ! use to find general server password and /oper credential * Add SSL support for VMware Authentication Daemon module * Bugfix CVS module, should work now, why does nobody report this ?? * Bugfix Telnet module, when line mode is not available * Add support for new syntax <service-name>://<target>[:<port-number>][/<parameters>] * Add TLS support for SIP * STILL OPEN: Fixed a problem in hydra where a login+pw test was lost when an arm/child was quitting Release 6.1 * More license updates for the files for the debian guys * Fix for the configure script to correctly detect postgresql * Add checks for libssh v0.4 and support for ssh v1 * Merge all latest crypto code in sasl files * Fix SVN compilation issue on openSUSE (tested with v11.3) Release 6.0 * Added GPL exception clause to license to allow linking to OpenSSL - debian people need this * IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet * Changes to code and configure script to ensure clean compile on Solaris 11, OSX, FreeBSD 8.1, Cygwin and Linux * Bugfix for SIP module, thanks to yori(at)counterhackchallenges(dot)com * Compile fixes for systems without OpenSSL or old OpenSSL installations * Eliminated compile time warnings * xhydra updates to support the new features (david@) * Added CRAM-MD5, DIGEST-MD5 auth mechanism to the smtp-auth module (david@) * Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules (david@) * Added APOP auth to POP3 module (david@) * Added NTLM and DIGEST-MD5 to http-auth module and DIGEST-MD5 to http-proxy module (david@) * Fixed VNC module for None and VLC auth (david@) * Fixes for LDAP module (david@) * Bugfix Telnet module linemode option negotiation using win7 (david@) * Bugfix SSH module when max auth connection is reached (david@) Release 5.9 * Update for the subversion module for newer SVN versions (thanks to David Maciejak @ GMAIL dot com) * Another patch by David to add the PLAIN auth mechanism to the smtp-auth module * mysql module now has two implementations and uses a library when found (again thanks to David Maciejak @ GMAIL dot com - what would hydra be without him) * camiloculpian @ gmail dot com submitted a logo for hydra - looks cool, thanks! * better FTP 530 error code detection * bugfix for the SVN module for non-standard ports (again david@) Release 5.8 * Added Apple Filing Protocol (thank to "never tired" David Maciejak @ GMAIL dot com) * Fixed a big bug in the SSL option (-S) Release 5.7 * Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com) * Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz * Removed unnecessary compiler warnings * Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be * Fixed small local defined overflow in the teamspeak module. Does it still work anyway?? Release 5.6 PRIVATE VERSION ########### * Moved to GPLv3 License (lots of people wanted that) * Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for the 0.2 basis) * Added firebird support (by David Maciejak @ GMAIL dot com) * Added SIP MD5 auth patch (by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`) * Removed Palm and ARM support * Fix for cygwin which falsely detected postgres library when there was none. * Several small bugfixes Release 5.4 ########### * Fixes to the http modules as some Apache installations are picky * The MySQL module also works with mysqld-5.0, updated * Added AS/400 return code checks to pop3 module * Fixed memory leaks in the http-form module. * Implemented a proposal by Jean-Baptiste.BEAUFRETON (at) turbomeca.fr to check for "530 user unknown" message in the ftp module * Added a performance patch by alejandro.mendiondo (at) baicom.com. This one needs stability testing! * Beautification to remove compiler warnings of modern gcc Release 5.3 ########### * Added NTLM support modules for pop3, imap, smtp-auth and http-proxy. Work done by ilo (at) reversing.org. THANKS! * Added a http form module, thanks to phil (at) irmplc.com * Fixed a bug in the vnc module (thanks to kan (at) dcit.cz) * Input files may *not* contain null bytes. I might fix that in the future but currently I have enough other things on my todo sheet. Thanks to didiln (at) gmail.com for reporting. Release 5.2 ########### * Again again some fixes for the ssh2 module. This is the last try. If it finally does not work reliable, I am throwing out that library! Thanks to bykhe@mymail.ch for the patch * Added a new module: VMWare-Auth! Thanks to david.maciejak@gmail.com! Release 5.1 ########### * Again some fixed for the ssh2 module. Sorry. And still it might not work in all occasions. The libssh is not as mature as we all wish it would be :-( * HYDRA_PROXY_AUTH was never used ... weird that nobody reported that. fixed. * Fixed bug in the base64 encoding function * Added an md5.h include which is needed since openssl 0.9.8 * Added an enhacement to the FTP module, thanks to piotr_sobolewski@o2.pl * Fixed a bug when not using passwords and just -e n/s Release 5.0 ########### ! THIS IS A THC - TAX - 10TH ANNIVERSARY RELEASE ! HAVE FUN ! * Increadible speed-up for most modules :-) * Added module for PC-Anywhere, thanks to david.maciejak(at)kyxar.fr! * Added module for SVN, thanks to david.maciejak(at)kyxar.fr! * Added --disable-xhydra option to configure, thanks to david.maciejak(at)kyxar.fr! - he is becoming the top supporter :-) * Added module for SIP (VoIP), thanks to gh0st(at)staatsfeind.org * Added support for newer sap r/3 rfcsdk * Added check to the telnet module to work with Cisco AAA * Fix for the VNC module, thanks to xmag * Small enhancement to the mysql plugin by pjohnson(at)bosconet.org Release 4.7 ########### * Updated ssh2 support to libssh v0.11 - you *must* use this version if you want to use ssh2! download from http://www.0xbadc0de.be/?part=libssh This hopefully fixes problems on/against Sun machines. After fixing, I also received a patch from david maciejak - thanks :-) * Added an attack module for rlogin and rsh, thanks to david.maciejak(at)kyxar.fr! * Added an attack module for the postgres database, thanks to diaul(at)devilopers.org! (and again: david maciejak sent on in as well) * JoMo-Kun sent in an update for his smbnt module. cool new features: win2k native mode, xp anonymous account detection, machine name as password * Hopefully made VNC 3.7 protocol versions to work. please report. * Switched http and https service module to http-head, http-get and https-get, https-head. Some web servers want HEAD, others only GET * An initial password for cisco-enable is now not required anymore. Some people had console access without password, so this was necessary. * Fixed a bug in xhydra which did not allow custom ports > 100 ! Soon to come: v5.0 - some cool new features to arrive on your pentest machine! Release 4.6 ########### * Snakebyte delivered a module for Teamspeak * Snakebyte updated the rexec module for the Hydra Palm version * Snakebyte updated xhydra to support the new Telnet success response option * Clarified the Licence * Updated the ldap module to support v3, note that "ldap" is now specified as "ldap2" or "ldap3". Added wrong version detection. Release 4.5 ########### * The configure script now detects Cygwin automatically :-) * The telnet module now handles the OPT special input. Specify the string which is displayed after successfully a login. Use this if you have false positives. * Made smtp-auth module more flexible in EHLO/HELO handling * Fixed some glitches in the SAP/R3 module (correct sysnr, better port handling) thanks to ngregoire@exaprobe.com ! * Fixed some glitches in the http/https module * Fixed a big bug in snakebyte's snmp module * Warning msg is now displayed if the deprecated icq module is used * Added warning message to the ssh2 module during compilation as many people use the newest libssh version which is broken. Release 4.4 ########### * Fixed another floating point exception *sigh* * Fixed -C colon mode * Added EHLO support for the smtp-auth module, required for some smtpd Release 4.3 ########### * Fixed a divide by zero bug in the status report function * Added functionality for skipping accounts (cvs is so nice to report this) * Snakebyte sent in a patch for cvs for skipping nonexisting accounts * <lerrahn@syss.de> sent in a patch to fix proxy support for the HTTP module without proxy authentication Release 4.2 ########### * Snakebyte sent in modules for SNMP and CVS - great work! * Snakebyte also expanded the gtk gui to support the two new modules * Justin <connectjunkie@gmail.com> sent in a module for smtp-auth ... thanks! * master_up@post.cz sent in some few patches to fix small glitches * Incorporated a check from the openbsd port Release 4.1 ########### * Snakebyte wrote a very nice GTK GUI for hydra! enjoy! * due a bug, sometimes hydra would kill process -1 ... baaaad boy! * found passwords are now also printed to stdout if -o option is used * <je@sekure.net> reported that hydra wouldn't complain on ssh2 option if compiled without support, fixed * <llevier@argosnet.com> made an official port for FreeBSD and sent me a diff to exchange the MD4 of libdes to openssl * <vh@helith.net> noticed that hydra will crash on big wordlists as the result of the mallocs there were not checked, fixed * Snakebyte expanded his PalmOS Version of hydra to nntp and fixed vnc * Increased the wait time for children from 5 to 15 seconds, as e.g. snakebyte reported detection problems * Fixed some display glitches Release v4.0 ############ # # This is a summary of changes of the D1 to D5 beta releases and shows # what makes v4.0 different from 3.1. # Have fun. Lots of it. # # By the way: I need someone to program a nice GTK frontend for hydra, # would YOU like to do that and receive the fame? Send an email to vh@thc.org ! # * For the first time there is not only a UNIX/source release but additionally: ! Windows release (cygwin compile with dll's) ! PalmPilot release ! ARM processor release (for all your Zaurus, iPaq etc. running Linux) * There are new service attack modules: ! ms-sql ! sap r/3 (requires a library) ! ssh v2 (requires a library) * Enhancements/Fixes to service attack modules: ! vnc module didnt work correctly, fixed ! mysql module supports newer versions now ! http module received a minor fix and has better virtual host support now ! http-proxy supports now an optional URL ! socks5 checks now for false positives and daemons without authentication * The core code (hydra.c) was rewritten from scratch ! rewrote the internal distribution functions from scratch. code is now safer, less error prone, easier to read. ! multiple target support rewritten which now includes intelligent load balancing based on success, error and load rate ! intelligently detect maximum connect numbers for services (per server if multiple targets are used) ! intelligent restore file writing ! Faster (up to 15%) ! Full Cygwin and Cygwin IPv6 support * added new tool: pw-inspector - it can be used to just try passwords which matches the target's password policy # # This should be more than enough! :-) # ... the rest below is history ... ########################################################################### # # New Hydra v4.0 code branch # Release D5 * added patches by kan@dcit.cz which enhance the proxy module and provide a small fix for the http module * small beautifcations to make the compiler happy ! This is the final beta version before public release - please test everything! Release D4 * Tick made an update to his configure-arm * snakebyte@gmx.de added imap, vnc and cisco module support to PalmPilot * fixed VNC module * enhanced mysql module to work also with 4.0.x (and all future protocol 10 mysql protocol types) * enhanced socks5 module to identify daemons which do not require authentication, and false positive check (otherwise dante would report all tries as successful) * fixed a bug in configure for D3 which resulted in compile problems on several platforms requiring libcrypto Release D3 * added sapr3 attack module (requires libsdk.a and saprfc.h) * added ssh2 attack module (requires libssh) * snakebyte@gmx.de added telnet module support for PalmPilot * fixed the mssql module, should work now * fixed -e option bug * fixed -C option bug (didnt work at all!!) * fixed double detection (with -e option) plus added simple dictionary double detection * target port is now displayed on start Release D2 * added better virtual host support to the www/http/https/ssl module (based on a patch from alla@scanit.be) * added ARM support (does not work for libdes yet, ssl works), done by Tick <tick@thc.org> * added Palm support (well, in reality it is more a rewrite which can use the hydra-modules), done by snakebyte <snakebyte@gmx.de> * added ms-sql attack module (code based on perl script form HD Moore <hdm@digitaloffense.net>, thanks for contributing) Release D1 (3 March 2003) * rewrote the internal distribution functions from scratch. code is now safer, less error prone, easier to read. * multiple target support rewritten which now includes intelligent load balancing based on success, error and load rate * intelligently detect maximum connect numbers for services (per server if multiple targets are used) * intelligent restore file writing * Faster (up to 15%) * Full Cygwin and Cygwin IPv6 support * added new tool: pw-inspector - it can be used to just try passwords which matches the target's password policy ########################################################################### v3.0 (FEBRUARY 2004) PUBLIC RELEASE * added a restore function to enable you to continue aborted/crashed sessions. Just type "hydra -R" to continue a session. NOTE: this does not work with the -M option! This feature is then disabled! * added a module for http proxy authentication cracking ("http-proxy") :-) * added HTTP and SSL/CONNECT proxy support. SSL/CONNECT proxy support works for *all* TCP protocols, you just need to find a proxy which allows you to CONNECT on port 23 ... The environment variable HYDRA_PROXY_HTTP defines the web proxy. The following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" Same for HYDRA_PROXY_CONNECT. If you require authentication for the proxy, use the HYDRA_PROXY_AUTH environment variable: HYDRA_PROXY_AUTH="login:password" * fixed parallel host scanning engine (thanks to m0j0.j0j0 for reporting) * A status, speed and time to completion report is now printed every minute. * finally updated the README v2.9 (FEBRUARY 2004) PRIVATE RELEASE ... v2.8 (JANUARY 2004) PRIVATE RELEASE ... v2.7 (JANUARY 2004) PUBLIC RELEASE * small fix for the parallel host code (thanks to m0j0@foofus.net) v2.6 (DECEMBER 2003) PUBLIC RELEASE * fixed a compiling problem for picky compilers. v2.5 (NOVEMBER 2003) PUBLIC RELEASE * added a big patch from m0j0@foofus.net which adds: - AAA authentication to the cisco-enable module - Running the attacks on hosts in parallel - new smbnt module, which uses lanman hashes for authentication, needs libdes ! great work and thanks ! * changed code to compile easily on FreeBSD * changed configure to compile easily on MacOS X - Panther (cool OS btw ...) v2.4 (AUGUST 2003) PUBLIC RELEASE * public release === 2.3 stuff=== * added mysql module (thanks to mcbethh@u-n-f.com) * small fix in vnc (thanks to the Nessus team) * added credits for vnc-module (FX/Phenolite) * new ./configure script for better Solaris and *BSD support (copied from amap) * updated to new email/www addresses => www.thc.org v2.2 (OCTOBER 2002) PUBLIC RELEASE * fixed a bug in the -P passwordfile handling ... uhhh ... thanks to all the many people who reported that bug! * added check if a password in -P passwordfile was already done via the -e n|s switch v2.1 (APRIL 2002) PUBLIC RELEASE * added ldap cracking mode (thanks to myself, eh ;-) * added -e option to try null passwords ("-e n") and passwords equal to the login ("-e s"). When specifying -e, -p/-P is optional (and vice versa) * when a login is found, hydra will now go on with the next login v2.0 (APRIL 2002) PRIVATE RELEASE ! with v1.1.14 of Nessus, Hydra is a Nessus plugin! * incorporated code to make hydra a nessus plugin (thanks to deraison@cvs.nessus.org !) * added smb/samba/CIFS cracking mode (thanks to deraison@cvs.nessus.org !) * added cisco-enable cracking mode (thanks to J.Marx@secunet.de !) * minor enhancements and fixes v1.7 (MARCH 2002) PRIVATE RELEASE * configure change to better detect OpenSSL * ported to Solaris v1.6 (FEBRUARY 2002) PUBLIC RELEASE * added socks5 support (thanks to bigbud@weed.tc !) v1.5 (DECEMBER 2001) PRIVATE RELEASE * added -S option for SSL support (for all TCP based protocols) * added -f option to stop attacking once a valid login/pw has been discovered * made modules more hydra-mod compliant * configure stuff thrown out - was not really used and too complicated, wrote my own, lets hope it works everywhere ;-) v1.4 (DECEMBER 2001) PUBLIC RELEASE * added REXEC cracking module * added NNTP cracking module * added VNC cracking module (plus the 3DES library, which is needed) - some of the code ripped from FX/Phenolite :-) thanks a lot * added PCNFS cracking module * added ICQ cracking module (thanks to ocsic <pisco@private.as>!!) * for the pcnfs cracking module, I had to add the hydra_connect_udp function * added several compactibility stuff to work with all the M$ crap v1.3 (September 2001) PUBLIC RELEASE * uh W2K telnetd sends null bytes in negotiation mode. workaround implemented. * Rewrote the finish functions which would sometimes hang. Shutdowns are faster now as well. * Fixed the line count (it was always one to much) * Put more information in the outpufile (-o) * Removed some configure crap. v1.2 (August 2001) PRIVATE RELEASE * Fixed a BIG bug which resulted in accounts being checked serveral times. ugh * Fixed the bug which showed the wrong password for a telnet hack. Works for me. please test. * Added http basic authentication cracking. Works for me. please test. * Fixed the ftp cracker module for occasions where a long welcome message was displayed for ftp. * Removed some compiler warnings. v1.1 (May 2001) PUBLIC RELEASE * Added wait+reconnect functionality to hydra-mod * Additional wait+reconnect for cisco module * Added small waittimes to all attack modules to prevent too fast reconnects * Added cisco Username/Password support to the telnet module * Fixed a deadlock in the modules, plus an additional one in the telnet module v1.0 (April 2001) PUBLIC RELEASE * Verified that all service modules really work, no fix necessary ;-) ... so let's make it public * Changed the LICENCE v0.6 (April 2001) PRIVATE RELEASE * Added hydra-cisco.c for the cisco 3 times "Password:" type * Added hydra-imap.c for the imap service * Fixed a bug in hydra-mod.c: empty logins resulted in an empty hydra_get_next_password() :-(, additionally the blocking/recv works better now. (no, not better - perfect ;-) * Fixed a bug in hydra-telnet.c: too many false alarms for success due some mis-thinking on my side and I also implemented a more flexible checking * Fixed hydra-ftp.c to allow more weird reactions * Fixed all ;-) memory leaks v0.5 (December 2000) PUBLIC RELEASE * NOTE WE HAVE GOT A NEW WWW ADDRESS -> www.thehackerschoice.com * added telnet protocol * exchanged snprintf with sprintf(%.250s) to let it compile on more platforms but still have buffer overflow protection. * fixed a bug in Makefile.in (introduced by Plasmo ,-) v0.4 (August 2000) PUBLIC RELEASE * Plasmoid added a ./configure script. thanks! v0.3 (August 2000) * first release