MegaMech

Alright, Burp Suite it is. I was experimenting with thc while burp was downloading. Does the session key matter? Thanks for your help, it's appreciated.

Hello, I'm trying to hack into my router (Not doing anything nefarious) Can I get some help with the '/login.cgi' part? hydra 192.168.1.254 http-form-post "/login.cgi:sessionKey=177691457&inputUserName=^USER^&inputPassword=^PASS^:err" -L admin -P pass.txt -t 10 -w 30 -o hydra-http-post-attack.txt I'm guessing that in the current state even if hydra was to get the password correct it would still respond in "msg=err". Because I need to have a proper session key. Also any idea what "nothankyou=1" is? Do I need to have that in the command? Is there like a cookie file I have to use to generate session keys? Also ":err" is like a . "If response is not 'err' then that was a correct password" Is this piece correct? The browser returns "http://192.168.1.254/index.html?msg=err" Should it be ":msg=err"? Thanks for your help. POST http://192.168.1.254:80/login.cgi HTTP/1.1 Host: 192.168.1.254 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.1.254/ Cookie: Telus=T1200H-31.128L.07 Connection: keep-alive Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-length: 68 sessionKey=1286954970&inputUserName=as&inputPassword=fd&nothankyou=1