Changelog for hydra
-------------------
Release 7.5
* Moved the license from GPLv3 to AGPLv3 (see LICENSE file)
* Added module for Asterisk Call Manager
* Added support for Android where some functions are not available
* hydra main:
- reduced the screen output if run without -h, full screen with -h
- fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS
- fixed -o output (thanks to www417)
- warning if HYDRA_PROXY is defined but the module does not use it
- fixed an issue with large input files and long entries
* hydra library:
- SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems
- removed support for old OPENSSL libraries
* HTTP Form module:
- login and password values are now encoded if special characters are present
- ^USER^ and ^PASS^ are now also supported in H= header values
- if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\
* Mysql module: protocol 10 is now supported
* SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be
defined as an option "TLS" if required. This increases performance.
* Cisco module: fixed a small bug (thanks to Vitaly McLain)
* Postgres module: libraries on Cygwin are buggy at the moment, module is therefore
disabled on Cygwin
Release 7.4.x FIX RELEASES for bugs introduced in 7.4
* Quickfix for people who do not have libssh installed (won't compile otherwise)
* Quickfix for http-get/http-head and irc module which would not run due a new feature.
* Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting)
Release 7.4
* New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!)
* Added support for win8 and win2012 server to the RDP module
* Better target distribution if -M is used
* Added colored output (needs libcurses)
* Better library detection for current Cygwin and OS X
* Fixed the -W option
* Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested
* Fixed HTTP Form module false positive when no answer was received from the server
* Fixed SMB module return code for invalid hours logon and LM auth disabled
* Fixed http-{get|post-form} from xhydra
* Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz)
* Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-)
* Added debug mode option to usage (thanks to Anold Black)
Release 7.3
* Hydra main:
- Added -F switch to quit all targets if one pair was found (for -M)
- Fixed a bug where hydra would terminate after reporting a successful
login when an account would accept any password
- Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!)
- Enhanced the module help
* configure script:
- Added fix Oracle library inclusion, thanks to Brandon Archer!
- Added --nostrip option to prevent binary stripping (requested by Fedora
maintainer)
* Added a Makefile patch by the Debian maintainers to support their
SecurityHardeningBuildFlags for the wheezy build as requested
* dpl4hydra: added install directory support
* All code: message cleanups
* SNMP module
- originally already supported write and v2 although this was not in the
module help output. Added :-)
- added SNMPv3 MD5/SHA1 authentication support, though beta still
* HTTP module:
- fixed HTTP NTLM auth session
- implemented errata fix for HTTP digest md5-sess algorithm
- set default path to /
* HTTP Form module:
- set default path to /
- support HTTP/1.0 redirects
- fix failed condition check when pcre is not used
* IMAP module: fixed auth detection
* POP3 module: Updated auth and capability detection
* Oracle module: fixed bad handling
* Oracle listener module: fixed hash size handling
* Telnet/Cisco/Cisco-enable modules: support "press ENTER" prompts
* FTP module:
- Fixed a bug where 530 messages were incorrectly handled
- Clarification for the usage of ftps
* Mysql module: added patch from Redhat/Fedora that fixes compile problems
* Added IDN and PCRE support for Cygwin
Release 7.2
* Speed-up http modules auth mechanism detection
* Fixed -C colonfile mode when empty login/passwords were used (thanks to
will(at)configitnow(dot)com for reporting)
* The -f switch was not working for postgres, afp, socks5, firebird and ncp,
thanks to Richard Whitcroft for reporting!
* Fixed NTLM auth in http-proxy/http-proxy-url module
* Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at
* Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com
* Fix http form module: optional headers and 3xx status redirect, thx to Gash
* Fix in configure script for --prefix option, thanks to dazzlepod
* Update of the dpl4hydra script by Roland Kessler, thanks!
* Small fix for hydra man page, thanks to brad(at)comstyle(dot)com
Release 7.1
* Added HTTP Proxy URL enumeration module
* Added SOCKS4/SOCKS5 proxy support with authentication
* Added IPv6 support for SOCKS5 module
* Added -e r option to try the reversed login as password
* Rewrote -x functionality as the code caused too much trouble (thanks to
murder.net7(at)gmail.com for reporting one of the issues)
* Fixed a bug with multiple hosts (-M) and http modules against targets that
are virtual servers. Well spotted by Tyler Krpata!
* Fixed SVN IPv6 support and updated deprecated calls
* Fixed RDP failed child connection returned value and false positive issues
reported by Wangchaohui, thanks!
* Fixed restore file functionality, was not working together with -o option
* Fix in http-form module for bug introduced in 7.0
* Fixed xhydra specific parameter value for http-proxy module
* minor enhancements
Release 7.0
* New main engine for hydra: better performance, flexibility and stability
* New option -u - loop around users, not passwords
* Option -e now also works with -x and -C
* Added RDP module, domain can be passed as argument
* Added other_domain option to smb module to test trusted domains
* Small enhancement for http and http-proxy module for standard ignoring servers
* Lots of bugfixes, especially with many tasks, multiple targets and restore file
* Fixes for a few http-form issues
* Fix smb module NTLM hash use
* Fixed Firebird module deprecated API call
* Fixed for dpl4hydra to work on old sed implementations (OS/X ...)
* Fixed makefile to install dpl4hydra (thx @sitecrea)
* Fixed local buffer overflow in debug output function (required -d to be used)
* Fixed xhydra running warnings and correct quit action event
Release 6.5
* Improved HTTP form module: getting cookie, fail or success condition, follow
multiple redirections, support cookie gathering URL, multiple user defined
headers
* Added interface support for IPv6, needed for connecting to link local fe80::
addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome
* Added -W waittime between connects option
* The -x bruteforce mode now allows for generated password amounts > 2 billion
* Fix if -L was used together with -x
* Fixes for http- modules when the http-...://target/options format was used
* Fixed a bug in the restore file write function that could lead to a crash
* Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T"
* Fix: if a proxy was used, unresolveable targets were disabled. now its fine
* Fix for service://host/ usage if a colon was used after the URI without a
port defined
Release 6.4
* Update SIP module to extract and use external IP addr return from server error to bypass NAT
* Update SIP module to use SASL lib
* Update email modules to check clear mode when TLS mode failed
* Update Oracle Listener module to work with Oracle DB 9.2
* Update LDAP module to support Windows 2008 active directory simple auth
* Fix to the connection adaptation engine which would loose planned attempts
* Fix make script for CentOS, reported by ya0wei
* Print error when a service limits connections and few pairs have to be tested
* Improved Mysql module to only init/close when needed
* Added patch from the FreeBSD maintainers
* Module usage help does not need a target to be specified anymore
* Configure script now honors /etc/ld.so.conf.d/ directory
* Add more SMB dialects
Release 6.3
* Added patch by Petar(dot)Kaley(at)gmail.com which adds nice icons to cygwin hydra files
* Added patch by Gauillaume Rousse which fixes a warning display
* New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration)
* New SMTP user enum module (using VRFY, EXPN or RCPT command)
* Memory leak fix for -x bruteforcing option reported by Alex Lau
* Fix for svn module, for some versions it needs one more lib, thanks to the
Debian team for reporting!
* Fix ssh module, on connection refused a credential could be lost
* Fix http-form module, a redirect was not always followed
* QA on all modules for memory leaks
* Better gtk detection (to not even try xhydra compilation when its useless)
* First blant attempt for configuring to x64 systems (Linux and *BSD)
* Updated network password cracker comparison on the web page (for hydra and new ncrack)
* Indented all source code
Release 6.2
* Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) )
* Forgot to rename ssh2 to ssh in xhydra, fixed
* Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module
* Fix SASL PLAIN auth method issue
* Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap
* Added man pages from debian maintainers
* Checked Teamspeak module, works on TS2 protocol
* Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah !
* New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support
* Add SCRAM-SHA1 auth to IMAP module
* Add module usage help (-U)
* Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep")
* Rename smtpauth module to smtp
* Add SASL + TLS support for NNTP
* Bugfix SASL DIGEST-MD5, response could be wrong sometime, mainly on 64bits systems
* Bugfix rlogin module, some auth failure could not be detected accurately
* Bugfix rsh module, some auth failure could not be detected accurately
* New module: IRC is not dead ! use to find general server password and /oper credential
* Add SSL support for VMware Authentication Daemon module
* Bugfix CVS module, should work now, why does nobody report this ??
* Bugfix Telnet module, when line mode is not available
* Add support for new syntax <service-name>://<target>[:<port-number>][/<parameters>]
* Add TLS support for SIP
* STILL OPEN: Fixed a problem in hydra where a login+pw test was lost when an arm/child was quitting
Release 6.1
* More license updates for the files for the debian guys
* Fix for the configure script to correctly detect postgresql
* Add checks for libssh v0.4 and support for ssh v1
* Merge all latest crypto code in sasl files
* Fix SVN compilation issue on openSUSE (tested with v11.3)
Release 6.0
* Added GPL exception clause to license to allow linking to OpenSSL - debian people need this
* IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet
* Changes to code and configure script to ensure clean compile on Solaris 11,
OSX, FreeBSD 8.1, Cygwin and Linux
* Bugfix for SIP module, thanks to yori(at)counterhackchallenges(dot)com
* Compile fixes for systems without OpenSSL or old OpenSSL installations
* Eliminated compile time warnings
* xhydra updates to support the new features (david@)
* Added CRAM-MD5, DIGEST-MD5 auth mechanism to the smtp-auth module (david@)
* Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules (david@)
* Added APOP auth to POP3 module (david@)
* Added NTLM and DIGEST-MD5 to http-auth module and DIGEST-MD5 to http-proxy module (david@)
* Fixed VNC module for None and VLC auth (david@)
* Fixes for LDAP module (david@)
* Bugfix Telnet module linemode option negotiation using win7 (david@)
* Bugfix SSH module when max auth connection is reached (david@)
Release 5.9
* Update for the subversion module for newer SVN versions (thanks to David Maciejak @ GMAIL dot com)
* Another patch by David to add the PLAIN auth mechanism to the smtp-auth module
* mysql module now has two implementations and uses a library when found (again
thanks to David Maciejak @ GMAIL dot com - what would hydra be without him)
* camiloculpian @ gmail dot com submitted a logo for hydra - looks cool, thanks!
* better FTP 530 error code detection
* bugfix for the SVN module for non-standard ports (again david@)
Release 5.8
* Added Apple Filing Protocol (thank to "never tired" David Maciejak @ GMAIL dot com)
* Fixed a big bug in the SSL option (-S)
Release 5.7
* Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com)
* Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz
* Removed unnecessary compiler warnings
* Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be
* Fixed small local defined overflow in the teamspeak module. Does it still work anyway??
Release 5.6 PRIVATE VERSION
###########
* Moved to GPLv3 License (lots of people wanted that)
* Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for
the 0.2 basis)
* Added firebird support (by David Maciejak @ GMAIL dot com)
* Added SIP MD5 auth patch (by Jean-Baptiste Aviat <jba [at] hsc [dot] `french tld`)
* Removed Palm and ARM support
* Fix for cygwin which falsely detected postgres library when there was none.
* Several small bugfixes
Release 5.4
###########
* Fixes to the http modules as some Apache installations are picky
* The MySQL module also works with mysqld-5.0, updated
* Added AS/400 return code checks to pop3 module
* Fixed memory leaks in the http-form module.
* Implemented a proposal by Jean-Baptiste.BEAUFRETON (at) turbomeca.fr to
check for "530 user unknown" message in the ftp module
* Added a performance patch by alejandro.mendiondo (at) baicom.com. This one
needs stability testing!
* Beautification to remove compiler warnings of modern gcc
Release 5.3
###########
* Added NTLM support modules for pop3, imap, smtp-auth and http-proxy.
Work done by ilo (at) reversing.org. THANKS!
* Added a http form module, thanks to phil (at) irmplc.com
* Fixed a bug in the vnc module (thanks to kan (at) dcit.cz)
* Input files may *not* contain null bytes. I might fix that in the future
but currently I have enough other things on my todo sheet.
Thanks to didiln (at) gmail.com for reporting.
Release 5.2
###########
* Again again some fixes for the ssh2 module. This is the last try. If it
finally does not work reliable, I am throwing out that library!
Thanks to bykhe@mymail.ch for the patch
* Added a new module: VMWare-Auth! Thanks to david.maciejak@gmail.com!
Release 5.1
###########
* Again some fixed for the ssh2 module. Sorry. And still it might not work
in all occasions. The libssh is not as mature as we all wish it would be :-(
* HYDRA_PROXY_AUTH was never used ... weird that nobody reported that. fixed.
* Fixed bug in the base64 encoding function
* Added an md5.h include which is needed since openssl 0.9.8
* Added an enhacement to the FTP module, thanks to piotr_sobolewski@o2.pl
* Fixed a bug when not using passwords and just -e n/s
Release 5.0
###########
! THIS IS A THC - TAX - 10TH ANNIVERSARY RELEASE ! HAVE FUN !
* Increadible speed-up for most modules :-)
* Added module for PC-Anywhere, thanks to david.maciejak(at)kyxar.fr!
* Added module for SVN, thanks to david.maciejak(at)kyxar.fr!
* Added --disable-xhydra option to configure, thanks to david.maciejak(at)kyxar.fr!
- he is becoming the top supporter :-)
* Added module for SIP (VoIP), thanks to gh0st(at)staatsfeind.org
* Added support for newer sap r/3 rfcsdk
* Added check to the telnet module to work with Cisco AAA
* Fix for the VNC module, thanks to xmag
* Small enhancement to the mysql plugin by pjohnson(at)bosconet.org
Release 4.7
###########
* Updated ssh2 support to libssh v0.11 - you *must* use this version if
you want to use ssh2! download from http://www.0xbadc0de.be/?part=libssh
This hopefully fixes problems on/against Sun machines.
After fixing, I also received a patch from david maciejak - thanks :-)
* Added an attack module for rlogin and rsh, thanks to
david.maciejak(at)kyxar.fr!
* Added an attack module for the postgres database, thanks to
diaul(at)devilopers.org! (and again: david maciejak sent on in as well)
* JoMo-Kun sent in an update for his smbnt module. cool new features:
win2k native mode, xp anonymous account detection, machine name as password
* Hopefully made VNC 3.7 protocol versions to work. please report.
* Switched http and https service module to http-head, http-get and
https-get, https-head. Some web servers want HEAD, others only GET
* An initial password for cisco-enable is now not required anymore. Some
people had console access without password, so this was necessary.
* Fixed a bug in xhydra which did not allow custom ports > 100
! Soon to come: v5.0 - some cool new features to arrive on your pentest
machine!
Release 4.6
###########
* Snakebyte delivered a module for Teamspeak
* Snakebyte updated the rexec module for the Hydra Palm version
* Snakebyte updated xhydra to support the new Telnet success response option
* Clarified the Licence
* Updated the ldap module to support v3, note that "ldap" is now specified as
"ldap2" or "ldap3". Added wrong version detection.
Release 4.5
###########
* The configure script now detects Cygwin automatically :-)
* The telnet module now handles the OPT special input. Specify the string
which is displayed after successfully a login. Use this if you have false
positives.
* Made smtp-auth module more flexible in EHLO/HELO handling
* Fixed some glitches in the SAP/R3 module (correct sysnr, better port
handling) thanks to ngregoire@exaprobe.com !
* Fixed some glitches in the http/https module
* Fixed a big bug in snakebyte's snmp module
* Warning msg is now displayed if the deprecated icq module is used
* Added warning message to the ssh2 module during compilation as many people
use the newest libssh version which is broken.
Release 4.4
###########
* Fixed another floating point exception *sigh*
* Fixed -C colon mode
* Added EHLO support for the smtp-auth module, required for some smtpd
Release 4.3
###########
* Fixed a divide by zero bug in the status report function
* Added functionality for skipping accounts (cvs is so nice to report this)
* Snakebyte sent in a patch for cvs for skipping nonexisting accounts
* <lerrahn@syss.de> sent in a patch to fix proxy support for the HTTP module
without proxy authentication
Release 4.2
###########
* Snakebyte sent in modules for SNMP and CVS - great work!
* Snakebyte also expanded the gtk gui to support the two new modules
* Justin <connectjunkie@gmail.com> sent in a module for smtp-auth ... thanks!
* master_up@post.cz sent in some few patches to fix small glitches
* Incorporated a check from the openbsd port
Release 4.1
###########
* Snakebyte wrote a very nice GTK GUI for hydra! enjoy!
* due a bug, sometimes hydra would kill process -1 ... baaaad boy!
* found passwords are now also printed to stdout if -o option is used
* <je@sekure.net> reported that hydra wouldn't complain on ssh2 option if
compiled without support, fixed
* <llevier@argosnet.com> made an official port for FreeBSD and sent me a
diff to exchange the MD4 of libdes to openssl
* <vh@helith.net> noticed that hydra will crash on big wordlists as
the result of the mallocs there were not checked, fixed
* Snakebyte expanded his PalmOS Version of hydra to nntp and fixed vnc
* Increased the wait time for children from 5 to 15 seconds, as e.g.
snakebyte reported detection problems
* Fixed some display glitches
Release v4.0
############
#
# This is a summary of changes of the D1 to D5 beta releases and shows
# what makes v4.0 different from 3.1.
# Have fun. Lots of it.
#
# By the way: I need someone to program a nice GTK frontend for hydra,
# would YOU like to do that and receive the fame? Send an email to vh@thc.org !
#
* For the first time there is not only a UNIX/source release but additionally:
! Windows release (cygwin compile with dll's)
! PalmPilot release
! ARM processor release (for all your Zaurus, iPaq etc. running Linux)
* There are new service attack modules:
! ms-sql
! sap r/3 (requires a library)
! ssh v2 (requires a library)
* Enhancements/Fixes to service attack modules:
! vnc module didnt work correctly, fixed
! mysql module supports newer versions now
! http module received a minor fix and has better virtual host support now
! http-proxy supports now an optional URL
! socks5 checks now for false positives and daemons without authentication
* The core code (hydra.c) was rewritten from scratch
! rewrote the internal distribution functions from scratch. code is now
safer, less error prone, easier to read.
! multiple target support rewritten which now includes intelligent load
balancing based on success, error and load rate
! intelligently detect maximum connect numbers for services (per server if
multiple targets are used)
! intelligent restore file writing
! Faster (up to 15%)
! Full Cygwin and Cygwin IPv6 support
* added new tool: pw-inspector - it can be used to just try passwords which
matches the target's password policy
#
# This should be more than enough! :-)
#
... the rest below is history ...
###########################################################################
#
# New Hydra v4.0 code branch
#
Release D5
* added patches by kan@dcit.cz which enhance the proxy module and provide
a small fix for the http module
* small beautifcations to make the compiler happy
! This is the final beta version before public release
- please test everything!
Release D4
* Tick made an update to his configure-arm
* snakebyte@gmx.de added imap, vnc and cisco module support to PalmPilot
* fixed VNC module
* enhanced mysql module to work also with 4.0.x (and all future protocol 10
mysql protocol types)
* enhanced socks5 module to identify daemons which do not require
authentication, and false positive check (otherwise dante would report all
tries as successful)
* fixed a bug in configure for D3 which resulted in compile problems on
several platforms requiring libcrypto
Release D3
* added sapr3 attack module (requires libsdk.a and saprfc.h)
* added ssh2 attack module (requires libssh)
* snakebyte@gmx.de added telnet module support for PalmPilot
* fixed the mssql module, should work now
* fixed -e option bug
* fixed -C option bug (didnt work at all!!)
* fixed double detection (with -e option) plus added simple dictionary
double detection
* target port is now displayed on start
Release D2
* added better virtual host support to the www/http/https/ssl module
(based on a patch from alla@scanit.be)
* added ARM support (does not work for libdes yet, ssl works), done by
Tick <tick@thc.org>
* added Palm support (well, in reality it is more a rewrite which can use
the hydra-modules), done by snakebyte <snakebyte@gmx.de>
* added ms-sql attack module (code based on perl script form HD Moore
<hdm@digitaloffense.net>, thanks for contributing)
Release D1 (3 March 2003)
* rewrote the internal distribution functions from scratch. code is now
safer, less error prone, easier to read.
* multiple target support rewritten which now includes intelligent load
balancing based on success, error and load rate
* intelligently detect maximum connect numbers for services (per server if
multiple targets are used)
* intelligent restore file writing
* Faster (up to 15%)
* Full Cygwin and Cygwin IPv6 support
* added new tool: pw-inspector - it can be used to just try passwords which
matches the target's password policy
###########################################################################
v3.0 (FEBRUARY 2004) PUBLIC RELEASE
* added a restore function to enable you to continue aborted/crashed
sessions. Just type "hydra -R" to continue a session.
NOTE: this does not work with the -M option! This feature is then disabled!
* added a module for http proxy authentication cracking ("http-proxy") :-)
* added HTTP and SSL/CONNECT proxy support. SSL/CONNECT proxy support works
for *all* TCP protocols, you just need to find a proxy which allows you to
CONNECT on port 23 ...
The environment variable HYDRA_PROXY_HTTP defines the web proxy. The
following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
Same for HYDRA_PROXY_CONNECT.
If you require authentication for the proxy, use the HYDRA_PROXY_AUTH
environment variable:
HYDRA_PROXY_AUTH="login:password"
* fixed parallel host scanning engine (thanks to m0j0.j0j0 for reporting)
* A status, speed and time to completion report is now printed every minute.
* finally updated the README
v2.9 (FEBRUARY 2004) PRIVATE RELEASE
...
v2.8 (JANUARY 2004) PRIVATE RELEASE
...
v2.7 (JANUARY 2004) PUBLIC RELEASE
* small fix for the parallel host code (thanks to m0j0@foofus.net)
v2.6 (DECEMBER 2003) PUBLIC RELEASE
* fixed a compiling problem for picky compilers.
v2.5 (NOVEMBER 2003) PUBLIC RELEASE
* added a big patch from m0j0@foofus.net which adds:
- AAA authentication to the cisco-enable module
- Running the attacks on hosts in parallel
- new smbnt module, which uses lanman hashes for authentication, needs libdes
! great work and thanks !
* changed code to compile easily on FreeBSD
* changed configure to compile easily on MacOS X - Panther (cool OS btw ...)
v2.4 (AUGUST 2003) PUBLIC RELEASE
* public release
=== 2.3 stuff===
* added mysql module (thanks to mcbethh@u-n-f.com)
* small fix in vnc (thanks to the Nessus team)
* added credits for vnc-module (FX/Phenolite)
* new ./configure script for better Solaris and *BSD support (copied from amap)
* updated to new email/www addresses => www.thc.org
v2.2 (OCTOBER 2002) PUBLIC RELEASE
* fixed a bug in the -P passwordfile handling ... uhhh ... thanks to all
the many people who reported that bug!
* added check if a password in -P passwordfile was already done via the
-e n|s switch
v2.1 (APRIL 2002) PUBLIC RELEASE
* added ldap cracking mode (thanks to myself, eh ;-)
* added -e option to try null passwords ("-e n") and passwords equal to the
login ("-e s"). When specifying -e, -p/-P is optional (and vice versa)
* when a login is found, hydra will now go on with the next login
v2.0 (APRIL 2002) PRIVATE RELEASE
! with v1.1.14 of Nessus, Hydra is a Nessus plugin!
* incorporated code to make hydra a nessus plugin (thanks to deraison@cvs.nessus.org !)
* added smb/samba/CIFS cracking mode (thanks to deraison@cvs.nessus.org !)
* added cisco-enable cracking mode (thanks to J.Marx@secunet.de !)
* minor enhancements and fixes
v1.7 (MARCH 2002) PRIVATE RELEASE
* configure change to better detect OpenSSL
* ported to Solaris
v1.6 (FEBRUARY 2002) PUBLIC RELEASE
* added socks5 support (thanks to bigbud@weed.tc !)
v1.5 (DECEMBER 2001) PRIVATE RELEASE
* added -S option for SSL support (for all TCP based protocols)
* added -f option to stop attacking once a valid login/pw has been discovered
* made modules more hydra-mod compliant
* configure stuff thrown out - was not really used and too complicated,
wrote my own, lets hope it works everywhere ;-)
v1.4 (DECEMBER 2001) PUBLIC RELEASE
* added REXEC cracking module
* added NNTP cracking module
* added VNC cracking module (plus the 3DES library, which is needed) - some
of the code ripped from FX/Phenolite :-) thanks a lot
* added PCNFS cracking module
* added ICQ cracking module (thanks to ocsic <pisco@private.as>!!)
* for the pcnfs cracking module, I had to add the hydra_connect_udp function
* added several compactibility stuff to work with all the M$ crap
v1.3 (September 2001) PUBLIC RELEASE
* uh W2K telnetd sends null bytes in negotiation mode. workaround implemented.
* Rewrote the finish functions which would sometimes hang. Shutdowns are faster
now as well.
* Fixed the line count (it was always one to much)
* Put more information in the outpufile (-o)
* Removed some configure crap.
v1.2 (August 2001) PRIVATE RELEASE
* Fixed a BIG bug which resulted in accounts being checked serveral times. ugh
* Fixed the bug which showed the wrong password for a telnet hack. Works for
me. please test.
* Added http basic authentication cracking. Works for me. please test.
* Fixed the ftp cracker module for occasions where a long welcome message was
displayed for ftp.
* Removed some compiler warnings.
v1.1 (May 2001) PUBLIC RELEASE
* Added wait+reconnect functionality to hydra-mod
* Additional wait+reconnect for cisco module
* Added small waittimes to all attack modules to prevent too fast reconnects
* Added cisco Username/Password support to the telnet module
* Fixed a deadlock in the modules, plus an additional one in the telnet module
v1.0 (April 2001) PUBLIC RELEASE
* Verified that all service modules really work, no fix necessary ;-)
... so let's make it public
* Changed the LICENCE
v0.6 (April 2001) PRIVATE RELEASE
* Added hydra-cisco.c for the cisco 3 times "Password:" type
* Added hydra-imap.c for the imap service
* Fixed a bug in hydra-mod.c: empty logins resulted in an empty
hydra_get_next_password() :-(, additionally the blocking/recv works better
now. (no, not better - perfect ;-)
* Fixed a bug in hydra-telnet.c: too many false alarms for success due some
mis-thinking on my side and I also implemented a more flexible checking
* Fixed hydra-ftp.c to allow more weird reactions
* Fixed all ;-) memory leaks
v0.5 (December 2000) PUBLIC RELEASE
* NOTE WE HAVE GOT A NEW WWW ADDRESS -> www.thehackerschoice.com
* added telnet protocol
* exchanged snprintf with sprintf(%.250s) to let it compile on more platforms
but still have buffer overflow protection.
* fixed a bug in Makefile.in (introduced by Plasmo ,-)
v0.4 (August 2000) PUBLIC RELEASE
* Plasmoid added a ./configure script. thanks!
v0.3 (August 2000)
* first release
