Jump to content

Recommended Posts

Posted

hey, i was just wondering if the HTTP HEAD or HTTP GET?

snapshot1.png

User: Password ....?

I'm going to hack the router "Netgear WGR614v6"

it's mine! ;) hehe

but I shall use the Hydra "brutal force"

snapshot2.png

I use hydra but it seems that password is wrong ... : /

I just one password "r12d", but it is also wrong, but it is right password!

So .... maybe it's HTTP-GET/HEAD?

Posted (edited)

No option for post? Definitely should be GET or POST, and sometimes even https if http is disabled, but if its your router, you should know this already.

Edited by digip
Posted (edited)

Umm, very well said. I really hope this is his router. First of all, you will need to figure out what the administrator username is. By default the userID on most consumer routers is admin or administrator, unless it has been changed to something else.

In order words, just brute forcing the password field is not enough, you still need to know or guess what the administrator username is. Unless you specify a username file in Hydra with random administrator usernames, you won't have much luck.

Edited by Infiltrator
Posted

Umm, very well said. I really hope this is his router. First of all, you will need to figure out what the administrator username is. By default the userID on most consumer routers is admin or administrator, unless it has been changed to something else.

In order words, just brute forcing the password field is not enough, you still need to know or guess what the administrator username is. Unless you specify a username file in Hydra with random administrator usernames, you won't have much luck.

yes, i know that....

User: admin

Password: r12d

but i use cranch.py to make a password file, "r12d" in it. and user: admin. So i know that it is that password file.

That i use Hydra... but that not work!

or use port 23, telenet?

Posted

Umm, very well said. I really hope this is his router. First of all, you will need to figure out what the administrator username is. By default the userID on most consumer routers is admin or administrator, unless it has been changed to something else.

In order words, just brute forcing the password field is not enough, you still need to know or guess what the administrator username is. Unless you specify a username file in Hydra with random administrator usernames, you won't have much luck.

yes, I know ... but it is my router and I have "user / password"

When I use the Hydra when I use protocal Http-get/Http-head, but it is wrong ... what is it?!

and I use Backtrack 4 btw!

He up there, he said that it is http-post, but I'm sure when, but I think it's http-from-post?

I might use port 23, Telenet? for admin / password?

maybe, maybe ... :)

Posted (edited)

Easy way to find out... Run wireshark, login to router, look at packets.

Here is my Linksys one.

GET / HTTP/1.1

Host: 192.168.1.1

Connection: keep-alive

Authorization: Basic (Base64(admin:**PASSWORD**))

Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

HTTP/1.1 200 Ok

Server: httpd

Date: Fri, 21 Jan 2011 00:35:59 GMT

Cache-Control: no-cache

Pragma: no-cache

Expires: 0

Content-Type: text/html

Connection: close

The Authorization line is:

Authorization: Basic *Hash*

Where *Hash* is the Base64 of the account and password separated by a colon.

example: admin:P@$$VV0RD

Then you get back a HTTP 200 OK response which means it worked.

Edited by Mr-Protocol
Posted

Easy way to find out... Run wireshark, login to router, look at packets.

Here is my Linksys one.

The Authorization line is:

Authorization: Basic *Hash*

Where *Hash* is the Base64 of the account and password separated by a colon.

example: admin:P@$$VV0RD

Then you get back a HTTP 200 OK response which means it worked.

here is my:

GET / HTTP/1.1

Host: 192.168.1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 115

Connection: keep-alive

Authorization: Basic YWRtaW46cjEyZA== <------------ Basic64, how do i use this? make a packets? decrypt? or cookis?

Posted (edited)

here is my:

GET / HTTP/1.1

Host: 192.168.1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 115

Connection: keep-alive

Authorization: Basic YWRtaW46cjEyZA== <------------ Basic64, how do i use this? make a packets? decrypt? or cookis?

hehe, ok, i want it now! :P

Edited by rufus777
Posted

May be late to the game, but Hydra has in the past been known to be very challenged with HTTP-based attacks. Grab the latest Hydra source, recompile, and see if that helps if you are dead-set on using Hydra.

Posted

If you are looking to just attack your router. You can just make a simple python script to do it.

Base64 is an encryption (not a very good one).

BTW, instead of making multiple posts, edit :P

Posted

... make a simple python script to do it.

hehe, I can not python script! <_<

I'm using ("newbie") c + + ,but it will go fast. :D

Posted (edited)

In the past, I have used Hydra to brute force my router but haven't used that GUI version but the CLI version.

I have always been successful, you might want to give it a shot, you might get different results.

Edited by Infiltrator
Posted

hehe, I can not python script! <_<

I'm using ("newbie") c + + ,but it will go fast. :D

If you need help with coding packets let me know via PM. But if you know how to use sockets in C++ then you should know how to make packets properly.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...