I'm trying to get to my wireless router via thc hydra. It is a WRT54G router that uses http basic authentication. The issue is that it thinks that every password is successful. Below is the command

$ hydra -l admin -P passwords.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /

I've tried using the service http-get instead of http-head but it failed to make a connection. Port 8080 is the correct port by the way.

Here is the output:

$ hydra -l admin -P password.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Warning: http-head auth does not work with every server, better use http-get
[DATA] 16 tasks, 1 server, 14344401 login tries (l:1/p:14344401), ~896525 tries per task
[DATA] attacking service http-head on port 8080
[VERBOSE] Resolving addresses ... done

[8080][www] host: xx.xx.xx.xx   login: admin   password: admin
[8080][www] host: xx.xx.xx.xx   login: admin   password:
[8080][www] host: xx.xx.xx.xx   login: admin   password: 123456789
[8080][www] host: xx.xx.xx.xx   login: admin   password: 123456
[8080][www] host: xx.xx.xx.xx  login: admin   password: password
[8080][www] host: xx.xx.xx.xx   login: admin   password: 1234567
[8080][www] host: xx.xx.xx.xx  login: admin   password: 12345
[8080][www] host: xx.xx.xx.xx   login: admin   password: Zuko8
[8080][www] host: xx.xx.xx.xx   login: admin   password: rockyou
[8080][www] host: xx.xx.xx.xx   login: admin   password: princess
[8080][www] host: xx.xx.xx.xx   login: admin   password: abc123
[8080][www] host: xx.xx.xx.xx   login: admin   password: iloveyou
[8080][www] host: xx.xx.xx.xx   login: admin   password: nicole
[8080][www] host: xx.xx.xx.xx   login: admin   password: daniel
[8080][www] host: xx.xx.xx.xx   login: admin   password: babygirl
[8080][www] host: xx.xx.xx.xx   login: admin   password: 12345678
[STATUS] attack finished for xx.xx.xx.xx (waiting for children to finish)
1 of 1 target successfuly completed, 16 valid passwords found
Hydra (http://www.thc.org/thc-hydra)

Is there any reason why it thinks every password is successful?

Rather, I'm sure it is, but I'm wondering which law it violates to do any of the following:

Sell email address
Give email lists away
Sign other people up for online forums/news letters/viagra etc...

If anyone could cite the specific act or law that would be great. I hear a lot of conflicting stuff and rumors about laws so it would be great if I could go straight to the source.

I'm living in an apartment complex, and I think someone plugged one of the internal LAN ports into their internet jack. The point is that I'm getting assigned a 192.168.0.x address when I plug directly into the wall.

By taking my browser to 192.168.0.1 I can get to a D-Link admin page.

I was wondering what the security implications of that are.

Is there a way to get a valid IP address from my ISP without modifying the router? Is there a way to help others get the real IP addresses without modifying the rouge router?

Also, I can access the internet fine from my wireless router that is plugged into the wall. Is there a reason that my wireless router is getting a good IP address and I'm not?

Thanks

While browsing the wikileak related news, I stumbled upon the Lower Orbit Ion Cannon, the program Anonymous uses to DoS their targets. What surprised me is that the program is freely available on sourceforge. Does anyone know of any other open source DoS programs?

I’m at a bit of a loss here. I just bought the Alfa Networks AWUS036H USB adapter, but I still can’t get it into monitor mode. I’m running Windows 7, and I’ve installed the driver that came on the CD with it. The problem is that I still can’t sniff any packets with it. I run wire shark and select the appropriate interface. I’ve also made sure that the “capture packets in promiscuous mode” checkbox has been selected in the capture options. However, I still can only see packets destined for my nic or broadcasts.
I’m getting desperate here. Any suggestions?

Thanks, I'll go ahead and give that a try. I just need to get a wireless card that supports monitor mode. 

In order to connect to a secure wireless network, the user needs to use a pre-shared key. But once a connection is established between the router and the computer, what key is used to encrypt the data? Does the router invent a new PSK and passes a different one to each host or do all the connected hosts use the same psk to encrypt their data?

Thanks for the advice. I'm kind of new to this wireless thing. Would you mind explaining what mw means and why I don't want an antenna with more than 1000mw?

I forgot to mention that I'm running Windows 7.

I've got a laptop with a Broadcom 43225 wireless card that doesn't support monitor/promisc mode (as far as I know).

Does anyone know any good wireless usb adapters that can support these modes? I'd really like to play with wireshark.

I recently acquired an HP server for my lab but Im having a hard time getting into it. There is no keyboard/mouse pci ports, and when I plug a monitor into it nothing shows up. I can power up the machine and try to telnet into the box, but I dont know any user names or passwords.

Any ideas on how to gain access to it? After a little research I think the machine is running HP-UX 11 and was made in about 2000.

I restarted my network-manager like ziggy said and it worked! Thanks a lot for your help!

I'm sure that my wireless card is eth1, and iwconfig confirms that.

I've also tried to restart my network manager by typing sudo /etc/init.d/networking restart, but that doesnt seem to work.

I think that it might be a driver issue. I can't get wireshark to work either, even if I put my NIC in promiscuous mode. I have a Intel PRO/Wireless 2200BG Network card, and I think my driver is ipw2200.      lsmod | grep ipw says

 libipw                 43148  1 ipw2200
lib80211                6432  2 ipw2200,libipw

as for dmesg. I'm a linux newbie and I dont understand how to use that command. =(

I appreciate your help though.

Whenever I try to change my mac address, I can no longer connect to any network, even networks that I have never connected to before. I am running Ubuntu 9.10 on my Dell Inspiron B130 laptop.

I've tried changing the MAC with macchanger and just by typing in the command line
sudo ifconfig eth1 down
sudo ifconfig eth1 hw ether xx:xx:xx:xx:xx:xx
sudo ifconfig eth1 up

After I change the MAC I run ifconfig and it shows the new address correctly, but when I try to connect to a network, it gets hung and never connects.

If I change my MAC back to its original value then it works just fine.

Any ideas?

I have been frustrated with the amount of passwords that I have to memorize and I am looking into using a password manager. However, I am a little hesitant to put all of my passwords into one place. If it ever gets compromised I would be in a lot of trouble. Any opinions?