Search the Community

Hi! If anyone needs good password list for bruteforce hacking - bigpasswordlist.com I've downloaded all biggest lists and merged them together. List is good.

Hi, I am trying to learn penetration testing and am using THC Hydra. What is the syntax for Hydra if I am trying to use the -x option ( charset, to determine password length and content)? I want to use special characters, minimum 6, maximum 10 characters. I am working with Windows 10. Could you include an example?

So I want to audit a few SSH servers. I want to save the output of THC-Hydra to a file then use the out of the file as variables in the next step of auditing. Trying to automate this this as much as possible. hydra syntax: hydra -o /root/Desktop/cracked.txt -l donkeypuncher -P /root/Desktop/thepassword.txt -s 22 10.42.0.196 ssh I want to use the output from the saved text file for the next step. I can get this a number of ways. this is simple. cat /root/Desktop/cracked.txt | tail -1 I get this output here:: [22][ssh] host: 10.42.0.196 login: donkeypuncher password: fistingtiffany I want to pretty much save the host, user, and password variables so I can use them in my script in the next couple of steps. How do I go about this?

Hey Guys, I'm stuck up with this for a long time now. I've just started out on learning various basic techniques used for navigating around various security mechanisms. I referred a number of posts around the web about brute forcing routers with Hydra. Most of the articles are focused on beating the basic authentication provided by HTTP. And the links that describe brute forcing web logins do not seem to work when I've tried. My router is a DLINK DSL2750U ADSL Router left aside for testing purposes. Even most of other routers I tried consists of such web interface which is first loaded and a custom authentication web form using HTTP POST. I used this link as my main reference in understanding the process of bruteforcing. Here's a snapshot of my router's web based login page. As you see, a login form is presented and the username is given as a drop down consisting of only one element "admin". Also the login page is at 192.168.1.1/cgi-bin/webproc. Here is the source of the login page: router-login.source.txt To build up the command to execute hydra on this web form, I used BurpSuite. On intercepting the bad response, this is what I get : Once a wrong password is entered, the error message displayed is as below : The link does not change on the error message and the error message itself comes as a pop-up. Right clicking on the screen is set to off as well. At first, I ran my hydra command as below: hydra -l "" -P "/root/pass.txt" 192.168.1.1 http-post-form "/cgi-bin/webproc:%3Ausername=^USER^&%3Apassword=^PASS^&%3Aa ction=Login:"Username or Password wrong:H=Cookie: %3Asessionid=68b3e673" This gives the hydra output as matching ALL passwords as correct in the dictionary. So I figure my incorrect/fail section for hydra is not right. Since my routers failed login does not give out any proper information, I tried looking at the "S=" option for the incorrect/fail section of hydra. I noticed that on successfully logging in I'm being redirected to link given below: http://192.168.1.1/cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard So I modified my hydra command to the following : hydra -l "" -P "/root/pass.txt" 192.168.1.1 http-post-form "/cgi-bin/webproc:%3Ausername=^USER^&%3Apassword=^PASS^&%3Aa ction=Login:S=?getpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&varage=wizard:H=Cookie: %3Asessionid=68b3e673" Now the output of hydra does not match any password in the list file. I've been trying many ways to get this done but am stuck up. Any help pointing towards the right direction would be helpful. If there's any more information you would want to know to help me out, please let me know. Looking to solving this somehow!! :(:( please help me. Now I'm just trying many permutations and combinations with the hydra arguments.Still no progress!

I have google searched for a few days, but I was hoping that someone could give me the answer I need. What is the full character set for WPA/WPA2 passwords? I believe it is a minimum of 8 digits, but I have read that the maximum is 40 and also that it is 63. Could you please clarify? I know we have all upper and lower case letters and the numbers 0-1, but I would like to know what special characters are allowed as well. so what i have for sure is: 1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ There must be some special characters to add onto that. Thanks in advance.

So once upon a time I bought a Butterfly Labs 600 GH/S miner. I was thinking, Is there a way I can use all that number crunching power to crack hashes or even to brute force?

Hi guys, I was recently looking to get a cheap laptop to stay portable when having some fun with the pineapple, but then I thought; what if I wanted to do some bruteforcing on the go? Then I would have to use its GPU. But I doubt that a cheap laptop will get the job done fast enough on the graphics side. So I did some looking around and found a few external GPU adapters. As long as your laptop has a PCIe slot, you should be good to go. And although it goes through PCIe x2 interface, I think it shouldn’t even matter when using the card for number crunching …as long as you have enough juice to power the thing (car charger adapter for example or just a large battery). This way if you already have a good graphics card, you can take it with you to do something a little more serious than what you could with a laptop onboard GPU. Anyway, I just wanted to share this with you because I thought that maybe this would be interesting for you guys to check out, discuss and have some fun with. Tell me what you think

After four months of relentless persistence I finally was able to bruteforce my neighbor WPS pin, After spending days of AP lock and figuring out the precise x:y Values I found that the WPA PSK is 8-digit number(like all other PSKs) but it got me thinking, What if I did a direct bruteforce to PSK. I don’t know if the AP could actually lock that (hence no new device can connect even with the right pass) but if we talk about 200 tries/day I think it can be cracked in a guaranteed 55 days (11000/200) I'm newbie at this stuff so please is there a script for that or my theory is stupid-wrong Thanks

hello guys, i have ADSL Wifi modem and unfortunately it was preconfigured to WEP encryption wireless security until i found out that somebody is using my internet bandwidth. my question is can i find the attacker cause i think he has broken into my ADSL access point as long as i was using WEP encryption? any response will be appreciated. Thanks in Advance