Wireless router with hydra

Viewing 3 reply threads
  • Author
    Posts
    • #7713
      Svenxix
      Participant

      I’m trying to get to my wireless router via thc hydra. It is a WRT54G router that uses http basic authentication. The issue is that it thinks that every password is successful. Below is the command

      $ hydra -l admin -P passwords.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /

      I’ve tried using the service http-get instead of http-head but it failed to make a connection. Port 8080 is the correct port by the way.

      Here is the output:

      $ hydra -l admin -P password.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /
      Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak – for legal purposes only

      Warning: http-head auth does not work with every server, better use http-get
      [DATA] 16 tasks, 1 server, 14344401 login tries (l:1/p:14344401), ~896525 tries per task
      [DATA] attacking service http-head on port 8080
      [VERBOSE] Resolving addresses … done

      [8080][www] host: xx.xx.xx.xx  login: admin  password: admin
      [8080][www] host: xx.xx.xx.xx  login: admin  password:
      [8080][www] host: xx.xx.xx.xx  login: admin  password: 123456789
      [8080][www] host: xx.xx.xx.xx  login: admin  password: 123456
      [8080][www] host: xx.xx.xx.xx  login: admin  password: password
      [8080][www] host: xx.xx.xx.xx  login: admin  password: 1234567
      [8080][www] host: xx.xx.xx.xx  login: admin  password: 12345
      [8080][www] host: xx.xx.xx.xx  login: admin  password: Zuko8
      [8080][www] host: xx.xx.xx.xx  login: admin  password: rockyou
      [8080][www] host: xx.xx.xx.xx  login: admin  password: princess
      [8080][www] host: xx.xx.xx.xx  login: admin  password: abc123
      [8080][www] host: xx.xx.xx.xx  login: admin  password: iloveyou
      [8080][www] host: xx.xx.xx.xx  login: admin  password: nicole
      [8080][www] host: xx.xx.xx.xx  login: admin  password: daniel
      [8080][www] host: xx.xx.xx.xx  login: admin  password: babygirl
      [8080][www] host: xx.xx.xx.xx  login: admin  password: 12345678
      [STATUS] attack finished for xx.xx.xx.xx (waiting for children to finish)
      1 of 1 target successfuly completed, 16 valid passwords found
      Hydra (http://www.thc.org/thc-hydra)

      Is there any reason why it thinks every password is successful?

    • #48106
      zeroflaw
      Participant

      A lot of routers take a blank password as the default setting 😛 I think every password is successful because it doesn’t need a password at all. I could be wrong though, just try to manually log in with any password, starting with a blank one first.

    • #48107
      ziggy_567
      Participant

      I find with hydra that you have to balance speed with accuracy with the “-t” switch. The default is 16 threads. However, if you drop that down to 8 or 12 you may find you get better results.

      Try:

      $ hydra -l admin -P password.txt -t 8 -e ns -v -s 8080 xx.xx.xx.xx http-head

      Good luck!

    • #48108
      dynamik
      Participant

      Also, do a packet capture and look at the actual responses.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?