.

hydra help

<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Mon Mar 08, 2010 12:35 am

hydra help

Ok so here is what i have done. my home network is on the 192.168.2.0/24 network and i have BT2 bridged via virtual box. i perfomr this command:

nmap -sV -P0 192.168.2.0-255

finds all my interesting stuff along with banner grabbing. So i notice it finds my router and tells me the exact type and what not. Very cool. So i point firefox to the IP provided and it asks for user name and pass. For lab purposes i set user name to admin and a simple password(7 digit number. this might be the problem). I make sure that hydra is set to verbos and that its pointing to the wordlist.txt i set protocol to http-get and set username to admin pointing to target ip of 192.168.2.1. after 15 minutes of waiting this is what appears on my output. even though i grabbed it at 19,441 or so. it was still going at 50,000+ tries.

19487: Can not connect [timeout], process exiting
Process 19424: Can not connect [timeout], process exiting
Process 19425: Can not connect [timeout], process exiting
Process 19426: Can not connect [timeout], process exiting
Process 19427: Can not connect [timeout], process exiting
Process 19428: Can not connect [timeout], process exiting
Process 19429: Can not connect [timeout], process exiting
Process 19430: Can not connect [timeout], process exiting
Process 19431: Can not connect [timeout], process exiting
Process 19432: Can not connect [timeout], process exiting
Process 19433: Can not connect [timeout], process exiting
Process 19439: Can not connect [timeout], process exiting
Process 19440: Can not connect [timeout], process exiting
Process 19441: Can not connect [timeout], process exiting

It never found my password but it sure knocked my internet connection around.

What could be the issue?

thanx for all your time, effort and input you have given  me so far here. I know i ask alot but i hope i can find something to give in return.

Matt
<<

KamiCrazy

Jr. Member
Jr. Member

Posts: 78

Joined: Wed Jun 17, 2009 8:40 pm

Post Mon Mar 08, 2010 1:48 am

Re: hydra help

here is a snippet of the code

  Code:
// ----------------- alarming functions ----------------

void alarming() {
    fail++;
    alarm_went_off++;
// uh, I think it's not good for performance if we try to reconnect to a timeout system!
//    if (fail > MAX_CONNECT_RETRY) {
        fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int)getpid());
        if (debug) printf("DEBUG_CONNECT_TIMEOUT\n");
        hydra_child_exit();
//    } else {
//   if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int)getpid(), fail, MAX_CONNECT_RETRY);
//    }
}


It means that basically hydra is unable to open a connection to whatever you are telling it to connect. You should verify that http-get is the correct authentication method you should use.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Mon Mar 08, 2010 4:12 am

Re: hydra help

did you set the parameters right? hydra can close the connection before he gets the result, so try to ajust the number of connections and the time it waits for response.

here's some reseach material:

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3745276

i quote:
The Tuning tab is used for selecting the number of login attempts that are submitted simultaneously, and this number can be quite critical. Too high and the chances of being detected or locked out of the system are much higher, but too low and it could take days to work through your password list.
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

KamiCrazy

Jr. Member
Jr. Member

Posts: 78

Joined: Wed Jun 17, 2009 8:40 pm

Post Mon Mar 08, 2010 4:36 am

Re: hydra help

After reviewing your question again, I would also look into whether you are attacking the right web page for your router.
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Mon Mar 08, 2010 6:50 am

Re: hydra help

Yea be sure to use the right parameters. Especially pay attention to the -t -w and -f parameters. You usually want to use -f to make hydra stop when it gets the password right. If you don't do this I believe it will just keep running and try other passwords.

Though, it seems you're attacking something that doesn't accept connections.
ZF
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Mon Mar 08, 2010 1:04 pm

Re: hydra help

zeroflaw wrote:Yea be sure to use the right parameters. Especially pay attention to the -t -w and -f parameters. You usually want to use -f to make hydra stop when it gets the password right. If you don't do this I believe it will just keep running and try other passwords.

Though, it seems you're attacking something that doesn't accept connections.


i used xhydra form the cli. I followed a video tutorial from the purehate blog(google search) and followed it to a T. I even have the same router as he uses in the video. WRT54G non flashed. Just the normal firmaware.

thanx for the input.
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Mon Mar 08, 2010 2:00 pm

Re: hydra help

XHydra? Is that the GUI version? Well anyway, it seems you need to be really careful with the number of tasks you let hydra perform. After some googling and actually trying hydra myself on the de-ice disks, I've found that 8 tasks works best.

Hope this helps.

I prefer to use the command line versions for some reason, lol.
ZF
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Mon Mar 08, 2010 2:16 pm

Re: hydra help

zeroflaw wrote:XHydra? Is that the GUI version? Well anyway, it seems you need to be really careful with the number of tasks you let hydra perform. After some googling and actually trying hydra myself on the de-ice disks, I've found that 8 tasks works best.

Hope this helps.

I prefer to use the command line versions for some reason, lol.


Yes xhydra is the gui.

http://blip.tv/scripts/flash/showplayer ... player.swf

is the video and it says 68 tasks, i think. I guess i need a good hydra tutorial. I better start googling. haha that sounds funny.

thanx
<<

KamiCrazy

Jr. Member
Jr. Member

Posts: 78

Joined: Wed Jun 17, 2009 8:40 pm

Post Mon Mar 08, 2010 6:48 pm

Re: hydra help

pure_hate has said that he only used 68 to speed things up in the vid, he posted in a thread 2 years ago on remote-exploits.org forum that you should use something more sensible.
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Mon Mar 08, 2010 8:47 pm

Re: hydra help

KamiCrazy wrote:pure_hate has said that he only used 68 to speed things up in the vid, he posted in a thread 2 years ago on remote-exploits.org forum that you should use something more sensible.


LOL, my bad. I just need to read up on hydra. haha thanx
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Tue Mar 09, 2010 7:34 am

Re: hydra help

wow, i'm a little suprised i got the (first) right answer, hehe. anyway glad its solved!
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Tue Mar 09, 2010 12:48 pm

Re: hydra help

j0rDy wrote:wow, i'm a little suprised i got the (first) right answer, hehe. anyway glad its solved!


Hmm, i tried messing around with the parameters and took it down to 8 and below for tasks. Still same error. Maybe my router is the issue. I know it does weird things at times. haha. ill keep trying and when i get it to work, ill post my finindgs.

thanx for the input
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Mar 09, 2010 1:10 pm

Re: hydra help

I'd throw a packet trace on the wire (wireshark,) and see if A.) the packets are getting to the router, and B.) if the router ever appears to respond.  That should tell you if the router is doing ANYTHING in response.  If it is, and hydra just doesn't like it, then it's a timeout or something on the application side.  If it's NOT, then you need to see if the router even tries to accept connection attempts, and go from there.

Based on your saying it sure knocks your connection around, it sounds like the packets are definitely hitting it, so it's more than likely you're either hitting the wrong page on the router, or your router isn't configured for http versus https or something, and you're misconfigured, somwehere, either at the router or in hydra...

Very basic overview, but you should be able to get the idea...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Tue Mar 09, 2010 3:59 pm

Re: hydra help

hayabusa wrote:I'd throw a packet trace on the wire (wireshark,) and see if A.) the packets are getting to the router, and B.) if the router ever appears to respond.  That should tell you if the router is doing ANYTHING in response.  If it is, and hydra just doesn't like it, then it's a timeout or something on the application side.  If it's NOT, then you need to see if the router even tries to accept connection attempts, and go from there.

Based on your saying it sure knocks your connection around, it sounds like the packets are definitely hitting it, so it's more than likely you're either hitting the wrong page on the router, or your router isn't configured for http versus https or something, and you're misconfigured, somwehere, either at the router or in hydra...

Very basic overview, but you should be able to get the idea...


Hmm, i know the router is set to http because i tried hhtps and it hated that. Im gonna have to try wireshark and see what happens. Never thought of that actually. See i do learn something new everyday..

Im thinking that my router might be messed up because when i first bought it it had a very hard time doing normal things such as saving settings.. Gonna try against smoothwall and see what happens.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Wed Mar 10, 2010 10:57 am

Re: hydra help

you can also try adding another computer to the router through the broadcast port and sniff all packages with wireshark. actually the same option as hayabusa offered, but then you sniff the complete network to check for abnormality.
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software