alexalghisi Posted December 4, 2011 Report Posted December 4, 2011 This will give you a quick run down on how to brute force your router if it uses HTTP BASIC AUTHusing THC-HYDRAIf you receive a popup window when you try to access your router, then this method should work for you.hydra -l {username} -P {password list path} -s {port} {IP Address} http-get /My command looks like:hydra -l admin -P password.lst -s 80 192.168.1.2 http-get /Command break down:hydra --> the hydra program-l --> (lower case “L” not to be confused with a upper case i) single username to target. Use uppercase -L to specify a username list-P --> provide path to password lis. -p to try a single password ie “passw0rd”-s --> port to target your router may run on a different port such as 8080{IP Address} hopefully this is clearhttp-get --> service to brute force“/” --> this specifies the page to target if this is left out the command will not run. “/” just indicates the root do not include the ”You will get an output line with username and password if you are successful.This attack is only as good as your dictionary. 1 Quote
actunderdc Posted December 4, 2011 Report Posted December 4, 2011 Am folosit si eu aceasta "hydra" in acelasi scop. In concluzie, functioneaza, dar e nevoie sa stii numele de utilizator (sa zicem: admin) si sa ai un dictionar care sa contina parola. Altfel, prin brute force la toate combinatiile dureaza enorm de mult. Mai lent decat la spargerea unei parole wpa, deoarece acolo atacul se face la nivel local asupra fisierului, aici trebuie sa astepti la fiecare pas raspunsul de la router. Quote
