.

Wireless router with hydra

<<

Svenxix

Newbie
Newbie

Posts: 17

Joined: Thu Dec 31, 2009 10:58 pm

Post Fri Jul 13, 2012 11:34 pm

Wireless router with hydra

I'm trying to get to my wireless router via thc hydra. It is a WRT54G router that uses http basic authentication. The issue is that it thinks that every password is successful. Below is the command

$ hydra -l admin -P passwords.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /

I've tried using the service http-get instead of http-head but it failed to make a connection. Port 8080 is the correct port by the way.

Here is the output:

$ hydra -l admin -P password.txt -e ns -v -s 8080 xx.xx.xx.xx http-head /
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Warning: http-head auth does not work with every server, better use http-get
[DATA] 16 tasks, 1 server, 14344401 login tries (l:1/p:14344401), ~896525 tries per task
[DATA] attacking service http-head on port 8080
[VERBOSE] Resolving addresses ... done

[8080][www] host: xx.xx.xx.xx  login: admin  password: admin
[8080][www] host: xx.xx.xx.xx  login: admin  password:
[8080][www] host: xx.xx.xx.xx  login: admin  password: 123456789
[8080][www] host: xx.xx.xx.xx  login: admin  password: 123456
[8080][www] host: xx.xx.xx.xx  login: admin  password: password
[8080][www] host: xx.xx.xx.xx  login: admin  password: 1234567
[8080][www] host: xx.xx.xx.xx  login: admin  password: 12345
[8080][www] host: xx.xx.xx.xx  login: admin  password: Zuko8
[8080][www] host: xx.xx.xx.xx  login: admin  password: rockyou
[8080][www] host: xx.xx.xx.xx  login: admin  password: princess
[8080][www] host: xx.xx.xx.xx  login: admin  password: abc123
[8080][www] host: xx.xx.xx.xx  login: admin  password: iloveyou
[8080][www] host: xx.xx.xx.xx  login: admin  password: nicole
[8080][www] host: xx.xx.xx.xx  login: admin  password: daniel
[8080][www] host: xx.xx.xx.xx  login: admin  password: babygirl
[8080][www] host: xx.xx.xx.xx  login: admin  password: 12345678
[STATUS] attack finished for xx.xx.xx.xx (waiting for children to finish)
1 of 1 target successfuly completed, 16 valid passwords found
Hydra (http://www.thc.org/thc-hydra)

Is there any reason why it thinks every password is successful?
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Sat Jul 14, 2012 5:12 am

Re: Wireless router with hydra

A lot of routers take a blank password as the default setting :P I think every password is successful because it doesn't need a password at all. I could be wrong though, just try to manually log in with any password, starting with a blank one first.
ZF
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Sat Jul 14, 2012 9:21 am

Re: Wireless router with hydra

I find with hydra that you have to balance speed with accuracy with the "-t" switch. The default is 16 threads. However, if you drop that down to 8 or 12 you may find you get better results.

Try:

$ hydra -l admin -P password.txt -t 8 -e ns -v -s 8080 xx.xx.xx.xx http-head

Good luck!
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Jul 14, 2012 12:36 pm

Re: Wireless router with hydra

Also, do a packet capture and look at the actual responses.
The day you stop learning is the day you start becoming obsolete.

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software