rufus777 Posted January 18, 2011 Posted January 18, 2011 hey, i was just wondering if the HTTP HEAD or HTTP GET? User: Password ....? I'm going to hack the router "Netgear WGR614v6" it's mine! ;) hehe but I shall use the Hydra "brutal force" I use hydra but it seems that password is wrong ... : / I just one password "r12d", but it is also wrong, but it is right password! So .... maybe it's HTTP-GET/HEAD? Quote
digip Posted January 19, 2011 Posted January 19, 2011 (edited) No option for post? Definitely should be GET or POST, and sometimes even https if http is disabled, but if its your router, you should know this already. Edited January 19, 2011 by digip Quote
Infiltrator Posted January 19, 2011 Posted January 19, 2011 (edited) Umm, very well said. I really hope this is his router. First of all, you will need to figure out what the administrator username is. By default the userID on most consumer routers is admin or administrator, unless it has been changed to something else. In order words, just brute forcing the password field is not enough, you still need to know or guess what the administrator username is. Unless you specify a username file in Hydra with random administrator usernames, you won't have much luck. Edited January 19, 2011 by Infiltrator Quote
rufus777 Posted January 20, 2011 Author Posted January 20, 2011 Umm, very well said. I really hope this is his router. First of all, you will need to figure out what the administrator username is. By default the userID on most consumer routers is admin or administrator, unless it has been changed to something else. In order words, just brute forcing the password field is not enough, you still need to know or guess what the administrator username is. Unless you specify a username file in Hydra with random administrator usernames, you won't have much luck. yes, i know that.... User: admin Password: r12d but i use cranch.py to make a password file, "r12d" in it. and user: admin. So i know that it is that password file. That i use Hydra... but that not work! or use port 23, telenet? Quote
rufus777 Posted January 21, 2011 Author Posted January 21, 2011 Umm, very well said. I really hope this is his router. First of all, you will need to figure out what the administrator username is. By default the userID on most consumer routers is admin or administrator, unless it has been changed to something else. In order words, just brute forcing the password field is not enough, you still need to know or guess what the administrator username is. Unless you specify a username file in Hydra with random administrator usernames, you won't have much luck. yes, I know ... but it is my router and I have "user / password" When I use the Hydra when I use protocal Http-get/Http-head, but it is wrong ... what is it?! and I use Backtrack 4 btw! He up there, he said that it is http-post, but I'm sure when, but I think it's http-from-post? I might use port 23, Telenet? for admin / password? maybe, maybe ... :) Quote
Mr-Protocol Posted January 21, 2011 Posted January 21, 2011 (edited) Easy way to find out... Run wireshark, login to router, look at packets. Here is my Linksys one. GET / HTTP/1.1Host: 192.168.1.1 Connection: keep-alive Authorization: Basic (Base64(admin:**PASSWORD**)) Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 HTTP/1.1 200 Ok Server: httpd Date: Fri, 21 Jan 2011 00:35:59 GMT Cache-Control: no-cache Pragma: no-cache Expires: 0 Content-Type: text/html Connection: close The Authorization line is: Authorization: Basic *Hash* Where *Hash* is the Base64 of the account and password separated by a colon. example: admin:P@$$VV0RD Then you get back a HTTP 200 OK response which means it worked. Edited January 21, 2011 by Mr-Protocol Quote
rufus777 Posted January 21, 2011 Author Posted January 21, 2011 Easy way to find out... Run wireshark, login to router, look at packets. Here is my Linksys one. The Authorization line is: Authorization: Basic *Hash* Where *Hash* is the Base64 of the account and password separated by a colon. example: admin:P@$$VV0RD Then you get back a HTTP 200 OK response which means it worked. here is my: GET / HTTP/1.1 Host: 192.168.1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Authorization: Basic YWRtaW46cjEyZA== <------------ Basic64, how do i use this? make a packets? decrypt? or cookis? Quote
rufus777 Posted January 21, 2011 Author Posted January 21, 2011 (edited) here is my: GET / HTTP/1.1 Host: 192.168.1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Authorization: Basic YWRtaW46cjEyZA== <------------ Basic64, how do i use this? make a packets? decrypt? or cookis? hehe, ok, i want it now! :P Edited January 21, 2011 by rufus777 Quote
rufus777 Posted January 21, 2011 Author Posted January 21, 2011 Decoded Output: admin:r12d at http://www.opinionatedgeek.com/dotnet/tools/base64decode/SafeDecode.aspx Quote
hexophrenic Posted January 21, 2011 Posted January 21, 2011 May be late to the game, but Hydra has in the past been known to be very challenged with HTTP-based attacks. Grab the latest Hydra source, recompile, and see if that helps if you are dead-set on using Hydra. Quote
Mr-Protocol Posted January 21, 2011 Posted January 21, 2011 If you are looking to just attack your router. You can just make a simple python script to do it. Base64 is an encryption (not a very good one). BTW, instead of making multiple posts, edit :P Quote
rufus777 Posted January 22, 2011 Author Posted January 22, 2011 ... make a simple python script to do it. hehe, I can not python script! <_< I'm using ("newbie") c + + ,but it will go fast. :D Quote
Infiltrator Posted January 22, 2011 Posted January 22, 2011 (edited) In the past, I have used Hydra to brute force my router but haven't used that GUI version but the CLI version. I have always been successful, you might want to give it a shot, you might get different results. Edited January 22, 2011 by Infiltrator Quote
Mr-Protocol Posted January 22, 2011 Posted January 22, 2011 hehe, I can not python script! <_< I'm using ("newbie") c + + ,but it will go fast. :D If you need help with coding packets let me know via PM. But if you know how to use sockets in C++ then you should know how to make packets properly. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.