EH-Net

Ethical Hacking Discussions and Related Certifications => Wireless => Topic started by: Svenxix on July 13, 2012, 11:34:47 PM


Title: Wireless router with hydra
Post by: Svenxix on July 13, 2012, 11:34:47 PM
I'm trying to get to my wireless router via thc hydra. It is a WRT54G router that uses http basic authentication. The issue is that it thinks that every password is successful. Below is the command

$ hydra -l admin -P passwords.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /

I've tried using the service http-get instead of http-head but it failed to make a connection. Port 8080 is the correct port by the way.

Here is the output:

$ hydra -l admin -P password.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Warning: http-head auth does not work with every server, better use http-get
[DATA] 16 tasks, 1 server, 14344401 login tries (l:1/p:14344401), ~896525 tries per task
[DATA] attacking service http-head on port 8080
[VERBOSE] Resolving addresses ... done

[8080][www] host: xx.xx.xx.xx   login: admin   password: admin
[8080][www] host: xx.xx.xx.xx   login: admin   password:
[8080][www] host: xx.xx.xx.xx   login: admin   password: 123456789
[8080][www] host: xx.xx.xx.xx   login: admin   password: 123456
[8080][www] host: xx.xx.xx.xx  login: admin   password: password
[8080][www] host: xx.xx.xx.xx   login: admin   password: 1234567
[8080][www] host: xx.xx.xx.xx  login: admin   password: 12345
[8080][www] host: xx.xx.xx.xx   login: admin   password: Zuko8
[8080][www] host: xx.xx.xx.xx   login: admin   password: rockyou
[8080][www] host: xx.xx.xx.xx   login: admin   password: princess
[8080][www] host: xx.xx.xx.xx   login: admin   password: abc123
[8080][www] host: xx.xx.xx.xx   login: admin   password: iloveyou
[8080][www] host: xx.xx.xx.xx   login: admin   password: nicole
[8080][www] host: xx.xx.xx.xx   login: admin   password: daniel
[8080][www] host: xx.xx.xx.xx   login: admin   password: babygirl
[8080][www] host: xx.xx.xx.xx   login: admin   password: 12345678
[STATUS] attack finished for xx.xx.xx.xx (waiting for children to finish)
1 of 1 target successfuly completed, 16 valid passwords found
Hydra (http://www.thc.org/thc-hydra)

Is there any reason why it thinks every password is successful?

Title: Re: Wireless router with hydra
Post by: zeroflaw on July 14, 2012, 05:12:07 AM
A lot of routers take a blank password as the default setting :P I think every password is successful because it doesn't need a password at all. I could be wrong though, just try to manually log in with any password, starting with a blank one first.

Title: Re: Wireless router with hydra
Post by: ziggy_567 on July 14, 2012, 09:21:53 AM
I find with hydra that you have to balance speed with accuracy with the "-t" switch. The default is 16 threads. However, if you drop that down to 8 or 12 you may find you get better results.

Try:

$ hydra -l admin -P password.txt -t 8 -e ns -v -s 8080 xx.xx.xx.xx http-head

Good luck!

Title: Re: Wireless router with hydra
Post by: ajohnson on July 14, 2012, 12:36:48 PM
Also, do a packet capture and look at the actual responses.


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com