From 035ae9e9b1bb155188000960c5452b1d9459d045 Mon Sep 17 00:00:00 2001 From: tomsellers Date: Sun, 11 Sep 2011 12:13:13 +0000 Subject: [PATCH] Updated account status text in brute force password discovery scripts in an effort to make the reporting more consistent across all scripts. This will have an impact on any code that parses these values. In the case of a few of these scripts the only thing that was updated was the example text as the scripts relied on the creds library which handles the strings internally. --- CHANGELOG | 5 +++++ scripts/afp-brute.nse | 5 +++-- scripts/drda-brute.nse | 7 ++++--- scripts/http-brute.nse | 2 +- scripts/imap-brute.nse | 6 +++--- scripts/informix-brute.nse | 2 +- scripts/iscsi-brute.nse | 2 +- scripts/ldap-brute.nse | 30 +++++++++++++-------------- scripts/mysql-brute.nse | 7 ++++--- scripts/nping-brute.nse | 2 +- scripts/omp2-brute.nse | 2 +- scripts/oracle-brute.nse | 4 ++-- scripts/pgsql-brute.nse | 9 ++++---- scripts/sip-brute.nse | 2 +- scripts/smb-brute.nse | 42 +++++++++++++++++++------------------- scripts/smtp-brute.nse | 6 +++--- scripts/snmp-brute.nse | 4 ++-- scripts/vnc-brute.nse | 2 +- scripts/xmpp-brute.nse | 6 +++--- 19 files changed, 77 insertions(+), 68 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index ba728e393..3a50ec2e8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -190,6 +190,11 @@ o [NSE] Added support for 2008 R2 functional level Active Directory instances o [NSE] Updated smb-brute to add detection for valid credentials where the target account was expired or limited by time or login host constraints. [Tom Sellers] +o [NSE] Updated account status text in brute force password discovery + scripts in an effort to make the reporting more consistent across + all scripts. This will have an impact on any code that parses these + values. [Tom Sellers] + Nmap 5.59BETA1 [2011-06-30] o [NSE] Added 40 scripts, bringing the total to 217! You can learn diff --git a/scripts/afp-brute.nse b/scripts/afp-brute.nse index b236eee4c..f3291f87f 100644 --- a/scripts/afp-brute.nse +++ b/scripts/afp-brute.nse @@ -33,10 +33,11 @@ require 'stdnse' require 'afp' require 'unpwdb' --- Version 0.2 +-- Version 0.3 -- Created 01/15/2010 - v0.1 - created by Patrik Karlsson -- Revised 03/09/2010 - v0.2 - changed so that passwords are iterated over users -- - this change makes better sence as guessing is slow +-- Revised 09/09/2011 - v0.3 - changed account status text to be more consistent with other *-brute scripts portrule = shortport.port_or_service(548, "afp") @@ -85,7 +86,7 @@ action = function( host, port ) nmap.registry.afp[username]=password found_users[username] = true - table.insert( valid_accounts, string.format("%s:%s => Login Correct", username, password:len()>0 and password or "" ) ) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials", username, password:len()>0 and password or "" ) ) break end helper:CloseSession() diff --git a/scripts/drda-brute.nse b/scripts/drda-brute.nse index 0cef0904d..8e21c75b5 100644 --- a/scripts/drda-brute.nse +++ b/scripts/drda-brute.nse @@ -14,7 +14,7 @@ Performs password guessing against databases supporting the IBM DB2 protocol suc -- @output -- 50000/tcp open drda -- | drda-brute: --- |_ db2admin:db2admin => Login Correct +-- |_ db2admin:db2admin => Valid credentials author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" @@ -25,11 +25,12 @@ require "shortport" require "drda" require "unpwdb" --- Version 0.3 +-- Version 0.5 -- Created 05/08/2010 - v0.1 - created by Patrik Karlsson -- Revised 05/09/2010 - v0.2 - re-wrote as multi-threaded -- Revised 05/10/2010 - v0.3 - revised parallellised design -- Revised 08/14/2010 - v0.4 - renamed script and library from db2* to drda* +-- Revised 09/09/2011 - v0.5 - changed account status text to be more consistent with other *-brute scripts portrule = shortport.port_or_service({50000,60000}, {"drda","ibm-db2"}, "tcp", {"open", "open|filtered"}) @@ -78,7 +79,7 @@ doLogin = function( host, port, database, creds, valid_accounts ) nmap.registry.db2users = {} end nmap.registry.db2users[username]=password - table.insert( valid_accounts, string.format("%s:%s => Login Correct", username, password:len()>0 and password or "" ) ) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials", username, password:len()>0 and password or "" ) ) end end end diff --git a/scripts/http-brute.nse b/scripts/http-brute.nse index 93e14c6f8..6bd51d706 100644 --- a/scripts/http-brute.nse +++ b/scripts/http-brute.nse @@ -15,7 +15,7 @@ Performs brute force password auditing against http basic authentication. -- 80/tcp open http syn-ack -- | http-brute: -- | Accounts --- | Patrik Karlsson:secret => Login correct +-- | Patrik Karlsson:secret => Valid credentials -- | Statistics -- |_ Perfomed 60023 guesses in 467 seconds, average tps: 138 -- diff --git a/scripts/imap-brute.nse b/scripts/imap-brute.nse index c147f0335..98426af16 100644 --- a/scripts/imap-brute.nse +++ b/scripts/imap-brute.nse @@ -12,9 +12,9 @@ CRAM-MD5, DIGEST-MD5 or NTLM authentication. -- 143/tcp open imap syn-ack -- | imap-brute: -- | Accounts --- | braddock:jules - Account is valid --- | lane:sniper - Account is valid --- | parker:scorpio - Account is valid +-- | braddock:jules - Valid credentials +-- | lane:sniper - Valid credentials +-- | parker:scorpio - Valid credentials -- | Statistics -- |_ Performed 62 guesses in 10 seconds, average tps: 6 -- diff --git a/scripts/informix-brute.nse b/scripts/informix-brute.nse index 38e939eac..20c4550ab 100644 --- a/scripts/informix-brute.nse +++ b/scripts/informix-brute.nse @@ -11,7 +11,7 @@ Performs brute force password auditing against IBM Informix Dynamic Server. -- 9088/tcp open unknown -- | informix-brute: -- | Accounts --- | ifxnoob:ifxnoob => Login correct +-- | ifxnoob:ifxnoob => Valid credentials -- | Statistics -- |_ Perfomed 25024 guesses in 75 seconds, average tps: 320 -- diff --git a/scripts/iscsi-brute.nse b/scripts/iscsi-brute.nse index 4032c93f9..c8d23f5a0 100644 --- a/scripts/iscsi-brute.nse +++ b/scripts/iscsi-brute.nse @@ -8,7 +8,7 @@ Performs brute force password auditing against iSCSI targets. -- 3260/tcp open iscsi syn-ack -- | iscsi-brute: -- | Accounts --- | user:password123456 => Login correct +-- | user:password123456 => Valid credentials -- | Statistics -- |_ Perfomed 5000 guesses in 7 seconds, average tps: 714 diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse index c0540e8fe..227d0febb 100644 --- a/scripts/ldap-brute.nse +++ b/scripts/ldap-brute.nse @@ -78,7 +78,7 @@ require 'creds' -- Revised 02/17/2010 - v0.3 - added AD specific checks and fixed bugs related to LDAP base -- Revised 08/07/2011 - v0.4 - adjusted AD match strings to be level independent, added additional account condition checks -- Revised 09/04/2011 - v0.5 - added support for creds library, saving output to file --- Revised 09/09/2011 - v0.6 - added support specifying a UPN suffix via ldap.upnsuffx +-- Revised 09/09/2011 - v0.6 - added support specifying a UPN suffix via ldap.upnsuffx, changed account status text for consistency. portrule = shortport.port_or_service({389,636}, {"ldap","ldapssl"}) @@ -215,48 +215,48 @@ action = function( host, port ) -- Account Locked Out if not status and response:match("AcceptSecurityContext error, data 775,") then - table.insert( valid_accounts, string.format("%s => Account locked out", fq_username ) ) - stdnse.print_verbose(2, string.format(" ldap-brute: %s => Account locked out", fq_username )) + table.insert( valid_accounts, string.format("%s => Valid credentials, account locked", fq_username ) ) + stdnse.print_verbose(2, string.format(" ldap-brute: %s => Valid credentials, account locked", fq_username )) credTable:add(fq_username,password, creds.State.LOCKED) break end -- Login correct, account disabled if not status and response:match("AcceptSecurityContext error, data 533,") then - table.insert( valid_accounts, string.format("%s:%s => Login correct, account disabled", fq_username, password:len()>0 and password or "" ) ) - stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, account disabled", fq_username, password:len()>0 and password or "" )) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "" ) ) + stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "" )) credTable:add(fq_username,password, creds.State.DISABLED) break end -- Login correct, user must change password if not status and response:match("AcceptSecurityContext error, data 773,") then - table.insert( valid_accounts, string.format("%s:%s => Login correct, user must change password", fq_username, password:len()>0 and password or "" ) ) - stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, user must change password", fq_username, password:len()>0 and password or "" )) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "" ) ) + stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "" )) credTable:add(fq_username,password, creds.State.CHANGEPW) break end -- Login correct, user account expired if not status and response:match("AcceptSecurityContext error, data 701,") then - table.insert( valid_accounts, string.format("%s:%s => Login correct, user account expired", fq_username, password:len()>0 and password or "" ) ) - stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, user account expired", fq_username, password:len()>0 and password or "" )) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "" ) ) + stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "" )) credTable:add(fq_username,password, creds.State.EXPIRED) break end -- Login correct, user account logon time restricted if not status and response:match("AcceptSecurityContext error, data 530,") then - table.insert( valid_accounts, string.format("%s:%s => Login correct, user account logon time restricted", fq_username, password:len()>0 and password or "" ) ) - stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, user account logon time restricted", fq_username, password:len()>0 and password or "" )) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "" ) ) + stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "" )) credTable:add(fq_username,password, creds.State.TIME_RESTRICTED) break end -- Login correct, user account can only log in from certain workstations if not status and response:match("AcceptSecurityContext error, data 531,") then - table.insert( valid_accounts, string.format("%s:%s => Login correct, user account cannot login from current host", fq_username, password:len()>0 and password or "" ) ) - stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, user account cannot login from current host", fq_username, password:len()>0 and password or "" )) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "" ) ) + stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "" )) credTable:add(fq_username,password, creds.State.HOST_RESTRICTED) break end @@ -265,8 +265,8 @@ action = function( host, port ) if status then status = is_valid_credential( socket, context ) if status then - table.insert( valid_accounts, string.format("%s:%s => Login correct", fq_username, password:len()>0 and password or "" ) ) - stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct", fq_username, password:len()>0 and password or "" ) ) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "" ) ) + stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Valid credentials", fq_username, password:len()>0 and password or "" ) ) -- Add credentials for other ldap scripts to use if nmap.registry.ldapaccounts == nil then nmap.registry.ldapaccounts = {} diff --git a/scripts/mysql-brute.nse b/scripts/mysql-brute.nse index be7ddf1e2..07f3d2dfa 100644 --- a/scripts/mysql-brute.nse +++ b/scripts/mysql-brute.nse @@ -6,8 +6,8 @@ Performs password guessing against MySQL -- @output -- 3306/tcp open mysql -- | mysql-brute: --- | root: => Login Correct --- |_ test:test => Login Correct +-- | root: => Valid credentials +-- |_ test:test => Valid credentials author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" @@ -23,6 +23,7 @@ stdnse.silent_require 'openssl' -- Created 01/15/2010 - v0.1 - created by Patrik Karlsson -- Revised 01/23/2010 - v0.2 - revised by Patrik Karlsson, changed username, password loop, added credential storage for other mysql scripts, added timelimit -- Revised 01/23/2010 - v0.3 - revised by Patrik Karlsson, fixed bug showing account passwords detected twice +-- Revised 09/09/2011 - v0.4 - revised by Tom Sellers, changed account status text to be more consistent with other *-brute scripts portrule = shortport.port_or_service(3306, "mysql") @@ -60,7 +61,7 @@ action = function( host, port ) end nmap.registry.mysqlusers[username]=password - table.insert( valid_accounts, string.format("%s:%s => Login Correct", username, password:len()>0 and password or "" ) ) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials", username, password:len()>0 and password or "" ) ) break end diff --git a/scripts/nping-brute.nse b/scripts/nping-brute.nse index 9a63913fd..f4e586794 100644 --- a/scripts/nping-brute.nse +++ b/scripts/nping-brute.nse @@ -13,7 +13,7 @@ documentation. -- 9929/tcp open nping-echo -- | nping-brute: -- | Accounts --- | 123abc => Login correct +-- | 123abc => Valid credentials -- | Statistics -- |_ Perfomed 204 guesses in 204 seconds, average tps: 1 diff --git a/scripts/omp2-brute.nse b/scripts/omp2-brute.nse index de0d2ff9a..d3381feb3 100644 --- a/scripts/omp2-brute.nse +++ b/scripts/omp2-brute.nse @@ -11,7 +11,7 @@ Performs brute force password auditing against the OpenVAS manager using OMPv2. -- 9390/tcp open openvas syn-ack -- | svn-brute: -- | Accounts --- |_ admin:secret => Login correct +-- |_ admin:secret => Valid credentials -- author = "Henri Doreau" diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse index 88442f404..ad1c4dd92 100644 --- a/scripts/oracle-brute.nse +++ b/scripts/oracle-brute.nse @@ -27,8 +27,8 @@ result in a large number of accounts being locked out on the database server. -- 1521/tcp open oracle syn-ack -- | oracle-brute: -- | Accounts --- | system:powell => Account locked --- | haxxor:haxxor => Login correct +-- | system:powell => Valid credentials, account locked +-- | haxxor:haxxor => Valid credentials -- | Statistics -- |_ Perfomed 157 guesses in 8 seconds, average tps: 19 -- diff --git a/scripts/pgsql-brute.nse b/scripts/pgsql-brute.nse index eefe7ff9f..3a58c1973 100644 --- a/scripts/pgsql-brute.nse +++ b/scripts/pgsql-brute.nse @@ -9,8 +9,8 @@ Performs password guessing against PostgreSQL. -- @output -- 5432/tcp open pgsql -- | pgsql-brute: --- | root: => Login Correct --- |_ test:test => Login Correct +-- | root: => Valid credentials +-- |_ test:test => Valid credentials -- -- @args pgsql.nossl If set to 1 or true, disables SSL. -- @args pgsql.version Force protocol version 2 or 3. @@ -31,11 +31,12 @@ require 'stdnse' require 'unpwdb' stdnse.silent_require 'openssl' --- Version 0.3 +-- Version 0.4 -- Created 01/15/2010 - v0.1 - created by Patrik Karlsson -- Revised 02/20/2010 - v0.2 - moved version detection to pgsql library -- Revised 03/04/2010 - v0.3 - added code from ssh-hostkey.nse to check for SSL support -- - added support for trusted authentication method +-- Revised 09/10/2011 - v0.4 - changed account status text to be more consistent with other *-brute scripts portrule = shortport.port_or_service(5432, "postgresql") @@ -139,7 +140,7 @@ action = function( host, port ) end nmap.registry.pgsqlusers[username]=password if ( response.authtype ~= pgsql.AuthenticationType.Success ) then - table.insert( valid_accounts, string.format("%s:%s => Login Correct", username, password:len()>0 and password or "" ) ) + table.insert( valid_accounts, string.format("%s:%s => Valid credentials", username, password:len()>0 and password or "" ) ) else table.insert( valid_accounts, string.format("%s => Trusted authentication", username ) ) end diff --git a/scripts/sip-brute.nse b/scripts/sip-brute.nse index d41070720..504ef823e 100755 --- a/scripts/sip-brute.nse +++ b/scripts/sip-brute.nse @@ -10,7 +10,7 @@ Performs brute force password auditing against Session Initiation Protocol (SIP -- 5060/udp open|filtered sip -- | sip-brute: -- | Accounts --- | 1000:password123 => Login correct +-- | 1000:password123 => Valid credentials -- | Statistics -- |_ Performed 5010 guesses in 3 seconds, average tps: 1670 diff --git a/scripts/smb-brute.nse b/scripts/smb-brute.nse index 0370aab64..dd67c02d5 100644 --- a/scripts/smb-brute.nse +++ b/scripts/smb-brute.nse @@ -67,16 +67,16 @@ determined with a fairly efficient bruteforce. For example, if the actual passwo --@output -- Host script results: -- | smb-brute: --- | | bad name:test => Login was successful --- | | consoletest:test => Password was correct, but user can't log in without changing it --- | | guest: => Password was correct, but user's account is disabled --- | | mixcase:BuTTeRfLY1 => Login was successful --- | | test:password1 => Login was successful --- | | this:password => Login was successful --- | | thisisaverylong:password => Login was successful --- | | thisisaverylongname:password => Login was successful --- | | thisisaverylongnamev:password => Login was successful --- |_ |_ web:TeSt => Password was correct, but user's account is disabled +-- | | bad name:test => Valid credentials +-- | | consoletest:test => Valid credentials, password must be changed at next logon +-- | | guest: => Valid credentials, account disabled +-- | | mixcase:BuTTeRfLY1 => Valid credentials +-- | | test:password1 => Valid credentials, account expired +-- | | this:password => Valid credentials, account cannot log in at current time +-- | | thisisaverylong:password => Valid credentials +-- | | thisisaverylongname:password => Valid credentials +-- | | thisisaverylongnamev:password => Valid credentials +-- |_ |_ web:TeSt => Valid credentials, account disabled -- -- @args smblockout This argument will force the script to continue if it -- locks out an account or thinks it will lock out an account. @@ -145,17 +145,17 @@ result_short_strings[results.INVALID_WORKSTATION] = "INVALID_WORKSTATION" ---The strings that the user will see local result_strings = {} -result_strings[results.SUCCESS] = "Login was successful" -result_strings[results.GUEST_ACCESS] = "Login was successful, but was granted guest access" -result_strings[results.NOT_GRANTED] = "Password was correct, but user wasn't allowed to log in (often happens with blank passwords)" -result_strings[results.DISABLED] = "Password was correct, but user's account is disabled" -result_strings[results.EXPIRED] = "Password was correct, but user's account is expired" -result_strings[results.CHANGE_PASSWORD] = "Password was correct, but user can't log in without changing it" -result_strings[results.ACCOUNT_LOCKED] = "User's account is locked out (hopefully not by us!)" -result_strings[results.ACCOUNT_LOCKED_NOW] = "User's account just became locked out (oops!)" -result_strings[results.FAIL] = "User's password was incorrect" -result_strings[results.INVALID_LOGON_HOURS] = "Password was correct, but the user's logon hours are restricted" -result_strings[results.INVALID_WORKSTATION] = "Password was correct, but the user account is restricted to certain workstations" +result_strings[results.SUCCESS] = "Valid credentials" +result_strings[results.GUEST_ACCESS] = "Valid credentials, account granted guest access only" +result_strings[results.NOT_GRANTED] = "Valid credentials, but account wasn't allowed to log in (often happens with blank passwords)" +result_strings[results.DISABLED] = "Valid credentials, account disabled" +result_strings[results.EXPIRED] = "Valid credentials, account expired" +result_strings[results.CHANGE_PASSWORD] = "Valid credentials, password must be changed at next logon" +result_strings[results.ACCOUNT_LOCKED] = "Valid credentials, account locked (hopefully not by us!)" +result_strings[results.ACCOUNT_LOCKED_NOW] = "Valid credentials, account just became locked (oops!)" +result_strings[results.FAIL] = "Invalid credentials" +result_strings[results.INVALID_LOGON_HOURS] = "Valid credentials, account cannot log in at current time" +result_strings[results.INVALID_WORKSTATION] = "Valid credentials, account cannot log in from current host" ---Constants for special passwords. These each contain a null character, which is illegal in -- actual passwords. diff --git a/scripts/smtp-brute.nse b/scripts/smtp-brute.nse index cf294239b..2bfcbe9e4 100644 --- a/scripts/smtp-brute.nse +++ b/scripts/smtp-brute.nse @@ -12,9 +12,9 @@ CRAM-MD5, DIGEST-MD5 or NTLM authentication. -- 25/tcp open stmp syn-ack -- | smtp-brute: -- | Accounts --- | braddock:jules - Account is valid --- | lane:sniper - Account is valid --- | parker:scorpio - Account is valid +-- | braddock:jules - Valid credentials +-- | lane:sniper - Valid credentials +-- | parker:scorpio - Valid credentials -- | Statistics -- |_ Performed 1160 guesses in 41 seconds, average tps: 33 -- diff --git a/scripts/snmp-brute.nse b/scripts/snmp-brute.nse index a61a6d56d..4a19b16d5 100644 --- a/scripts/snmp-brute.nse +++ b/scripts/snmp-brute.nse @@ -32,8 +32,8 @@ No output is reported if no valid account is found. -- PORT STATE SERVICE -- 161/udp open snmp -- | snmp-brute: --- | dragon - Account is valid --- |_ jordan - Account is valid +-- | dragon - Valid credentials +-- |_ jordan - Valid credentials author = "Philip Pickering, Gorjan Petrovski, Patrik Karlsson" diff --git a/scripts/vnc-brute.nse b/scripts/vnc-brute.nse index 4b2cbb44f..df06eacef 100644 --- a/scripts/vnc-brute.nse +++ b/scripts/vnc-brute.nse @@ -11,7 +11,7 @@ Performs brute force password auditing against VNC servers. -- 5900/tcp open vnc syn-ack -- | vnc-brute: -- | Accounts --- |_ 123456 => Login correct +-- |_ 123456 => Valid credentials -- -- Summary -- ------- diff --git a/scripts/xmpp-brute.nse b/scripts/xmpp-brute.nse index 8704127bd..04c805766 100644 --- a/scripts/xmpp-brute.nse +++ b/scripts/xmpp-brute.nse @@ -11,9 +11,9 @@ Performs brute force password auditing against XMPP (jabber) servers. -- 5222/tcp open xmpp-client -- | xmpp-brute: -- | Accounts --- | CampbellJ:arthur321 - Account is valid --- | CampbellA:joan123 - Account is valid --- | WalkerA:auggie123 - Account is valid +-- | CampbellJ:arthur321 - Valid credentials +-- | CampbellA:joan123 - Valid credentials +-- | WalkerA:auggie123 - Valid credentials -- | Statistics -- |_ Performed 6237 guesses in 5 seconds, average tps: 1247 --