Jump to content

Search the Community

Showing results for tags 'kali hydra'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 1 result

  1. Hey Guys, I'm stuck up with this for a long time now. I've just started out on learning various basic techniques used for navigating around various security mechanisms. I referred a number of posts around the web about brute forcing routers with Hydra. Most of the articles are focused on beating the basic authentication provided by HTTP. And the links that describe brute forcing web logins do not seem to work when I've tried. My router is a DLINK DSL2750U ADSL Router left aside for testing purposes. Even most of other routers I tried consists of such web interface which is first loaded and a custom authentication web form using HTTP POST. I used this link as my main reference in understanding the process of bruteforcing. Here's a snapshot of my router's web based login page. As you see, a login form is presented and the username is given as a drop down consisting of only one element "admin". Also the login page is at 192.168.1.1/cgi-bin/webproc. Here is the source of the login page: router-login.source.txt To build up the command to execute hydra on this web form, I used BurpSuite. On intercepting the bad response, this is what I get : Once a wrong password is entered, the error message displayed is as below : The link does not change on the error message and the error message itself comes as a pop-up. Right clicking on the screen is set to off as well. At first, I ran my hydra command as below: hydra -l "" -P "/root/pass.txt" 192.168.1.1 http-post-form "/cgi-bin/webproc:%3Ausername=^USER^&%3Apassword=^PASS^&%3Aa ction=Login:"Username or Password wrong:H=Cookie: %3Asessionid=68b3e673" This gives the hydra output as matching ALL passwords as correct in the dictionary. So I figure my incorrect/fail section for hydra is not right. Since my routers failed login does not give out any proper information, I tried looking at the "S=" option for the incorrect/fail section of hydra. I noticed that on successfully logging in I'm being redirected to link given below: http://192.168.1.1/cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard So I modified my hydra command to the following : hydra -l "" -P "/root/pass.txt" 192.168.1.1 http-post-form "/cgi-bin/webproc:%3Ausername=^USER^&%3Apassword=^PASS^&%3Aa ction=Login:S=?getpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&varage=wizard:H=Cookie: %3Asessionid=68b3e673" Now the output of hydra does not match any password in the list file. I've been trying many ways to get this done but am stuck up. Any help pointing towards the right direction would be helpful. If there's any more information you would want to know to help me out, please let me know. Looking to solving this somehow!! :(:( please help me. Now I'm just trying many permutations and combinations with the hydra arguments.Still no progress!
×
×
  • Create New...