HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 21 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Wirelessarrow Wireless router with hydra
EH-Net
May 22, 2013, 11:25:35 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Wireless router with hydra  (Read 2017 times)
0 Members and 1 Guest are viewing this topic.
Svenxix
Newbie
*
Offline Offline

Posts: 17


View Profile
« on: July 13, 2012, 11:34:47 PM »
I'm trying to get to my wireless router via thc hydra. It is a WRT54G router that uses http basic authentication. The issue is that it thinks that every password is successful. Below is the command

$ hydra -l admin -P passwords.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /

I've tried using the service http-get instead of http-head but it failed to make a connection. Port 8080 is the correct port by the way.

Here is the output:

$ hydra -l admin -P password.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Warning: http-head auth does not work with every server, better use http-get
[DATA] 16 tasks, 1 server, 14344401 login tries (l:1/p:14344401), ~896525 tries per task
[DATA] attacking service http-head on port 8080
[VERBOSE] Resolving addresses ... done

[8080][www] host: xx.xx.xx.xx   login: admin   password: admin
[8080][www] host: xx.xx.xx.xx   login: admin   password:
[8080][www] host: xx.xx.xx.xx   login: admin   password: 123456789
[8080][www] host: xx.xx.xx.xx   login: admin   password: 123456
[8080][www] host: xx.xx.xx.xx  login: admin   password: password
[8080][www] host: xx.xx.xx.xx   login: admin   password: 1234567
[8080][www] host: xx.xx.xx.xx  login: admin   password: 12345
[8080][www] host: xx.xx.xx.xx   login: admin   password: Zuko8
[8080][www] host: xx.xx.xx.xx   login: admin   password: rockyou
[8080][www] host: xx.xx.xx.xx   login: admin   password: princess
[8080][www] host: xx.xx.xx.xx   login: admin   password: abc123
[8080][www] host: xx.xx.xx.xx   login: admin   password: iloveyou
[8080][www] host: xx.xx.xx.xx   login: admin   password: nicole
[8080][www] host: xx.xx.xx.xx   login: admin   password: daniel
[8080][www] host: xx.xx.xx.xx   login: admin   password: babygirl
[8080][www] host: xx.xx.xx.xx   login: admin   password: 12345678
[STATUS] attack finished for xx.xx.xx.xx (waiting for children to finish)
1 of 1 target successfuly completed, 16 valid passwords found
Hydra (http://www.thc.org/thc-hydra)

Is there any reason why it thinks every password is successful?
Logged
zeroflaw
Full Member
***
Offline Offline

Posts: 208



View Profile
« Reply #1 on: July 14, 2012, 05:12:07 AM »
A lot of routers take a blank password as the default setting Tongue I think every password is successful because it doesn't need a password at all. I could be wrong though, just try to manually log in with any password, starting with a blank one first.
Logged
ZF
ziggy_567
Sr. Member
****
Offline Offline

Posts: 361


View Profile
« Reply #2 on: July 14, 2012, 09:21:53 AM »
I find with hydra that you have to balance speed with accuracy with the "-t" switch. The default is 16 threads. However, if you drop that down to 8 or 12 you may find you get better results.

Try:

$ hydra -l admin -P password.txt -t 8 -e ns -v -s 8080 xx.xx.xx.xx http-head

Good luck!
Logged
--
Ziggy


eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #3 on: July 14, 2012, 12:36:48 PM »
Also, do a packet capture and look at the actual responses.
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.081 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.