if the site doesnt let you view the source there are a lot of workarounds for it. try saving the page and open it locally, or just perform the complete scan/hack in a controlled environment and mirror/wget the whole site good luck and let us know the output!

good to see you havent given up yet! i think it is key you point your attack directly at the page you want it to start at. lets make it a little more visual. if your directing it at the index.html page, it might not work because of for example iframes and stuff its made from. try to get the actual page that contains the login without extra pages like headers and footers! (this subtle enough?)

Are you talking about the GUI tool he uses to auto-detect hosts in his videos? If so -  I think the tool he's using is Autoscan. It's in Backtrack -> Network Mapping ->All -> Autoscan

I remember seeing a blog over on Skull-Security it looked interesting running scripts with nmap, looks like it could further information gathering on a target more.

Thanks for the response, I was going to bump this thread since it wasn't getting any attention. 

Yes... start there...   

Hey everyone,

I was going through some of my collection of pen-testing videos and noticed that nmap scripts aren't typically being used - is there a particular reason for this? I hear a couple of them are unsafe and a little noisy.

I was just wondering - is there a favorite or a couple favorite scripts that you guys use with nmap scripts ("--script option") when doing pen-tests? Which seem to be musts in your nmap scans, if any?

-Kris

Doh!!!  Sssshhhhhhh... I was going to see if he was going to check that for himself.  I was 'trying' to point him in the proper direction, without totally pointing to it.   

when I did the install of the guest additions, I wasn't in x.

After the install, I had to reboot. When I did that, I unmounted the bt4 iso. And loaded the guest additions iso.

When rebooting finished, I was at shell window I had to log into. After logging in, I ran the mount and install commands.

The fact that you had to force the mount (and assuming unmount) sounds like you're still running off the BT iso, not off the new install on the hard drive.

you can also try adding another computer to the router through the broadcast port and sniff all packages with wireshark. actually the same option as hayabusa offered, but then you sniff the complete network to check for abnormality.

I'd throw a packet trace on the wire (wireshark,) and see if A.) the packets are getting to the router, and B.) if the router ever appears to respond.  That should tell you if the router is doing ANYTHING in response.  If it is, and hydra just doesn't like it, then it's a timeout or something on the application side.  If it's NOT, then you need to see if the router even tries to accept connection attempts, and go from there.

Based on your saying it sure knocks your connection around, it sounds like the packets are definitely hitting it, so it's more than likely you're either hitting the wrong page on the router, or your router isn't configured for http versus https or something, and you're misconfigured, somwehere, either at the router or in hydra...

Very basic overview, but you should be able to get the idea...

wow, i'm a little suprised i got the (first) right answer, hehe. anyway glad its solved!