Jump to content

THC Hydra help with command syntax


MegaMech
 Share

Recommended Posts

Hello,

I'm trying to hack into my router (Not doing anything nefarious)
Can I get some help with the '/login.cgi' part?

hydra 192.168.1.254 http-form-post "/login.cgi:sessionKey=177691457&inputUserName=^USER^&inputPassword=^PASS^:err" -L admin -P pass.txt -t 10 -w 30 -o hydra-http-post-attack.txt

I'm guessing that in the current state even if hydra was to get the password correct it would still respond in "msg=err". Because I need to have a proper session key.
Also any idea what "nothankyou=1" is? Do I need to have that in the command?
Is there like a cookie file I have to use to generate session keys?

Also ":err" is like a . "If response is not 'err' then that was a correct password" Is this piece correct? The browser returns "http://192.168.1.254/index.html?msg=err"
Should it be ":msg=err"?

Thanks for your help.

 

POST http://192.168.1.254:80/login.cgi HTTP/1.1
Host: 192.168.1.254
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.1.254/
Cookie: Telus=T1200H-31.128L.07
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-length: 68

sessionKey=1286954970&inputUserName=as&inputPassword=fd&nothankyou=1

 

Link to comment
Share on other sites

For brute forcing web applications I recommend using Burp Suite.  You would simply capture an attempt to login with any password (like the one you've already shared), then right click on the POST and send it to the Intruder tab.  Highlight the password field and then import your password list as the payload injections.

Since this is your Router I'm assuming you already know the password and are simply trying this as an exercise.  You could log in with the correct password and use Burp to tell you what a correct response looks like.  Then you can tailor your Intruder advanced options to check specifically for the correct response.

Hope that helps.

Link to comment
Share on other sites

Hydra works fine, and I use it all the time, but look at your syntax, i think you have http-form-post wrong, should try "http-post-form" like so:

 

hydra -l admin -P pass.txt 192.168.1.254 http-post-form "/login.cgi:sessionKey=177691457&inputUserName=^USER^&inputPassword=^PASS^:F=err:" -o hydra-http-post-attack.txt

If your router uses https, change it to "https-post-form"

 

Also, if you are specifying the user, use lowercase l not capital. capital L is for wordlist of user names. You can in most cases omit the session key, but if it uses specific hard coded cookies you should try to pass the cookie using the :H cookie='cookieinfo':

 

Edited by digip
Link to comment
Share on other sites

On 10/5/2016 at 9:17 AM, pentestgeek said:

For brute forcing web applications I recommend using Burp Suite.  You would simply capture an attempt to login with any password (like the one you've already shared), then right click on the POST and send it to the Intruder tab.  Highlight the password field and then import your password list as the payload injections.

Since this is your Router I'm assuming you already know the password and are simply trying this as an exercise.  You could log in with the correct password and use Burp to tell you what a correct response looks like.  Then you can tailor your Intruder advanced options to check specifically for the correct response.

Hope that helps.

Again since this is in fact your router as you say and you know the password you can find out if sessionkey is required or not.  Simply replay the POST with only the "inputUserName" and "inputPassword" parameters and see if you get a successful response.

Link to comment
Share on other sites

11 hours ago, kdodge said:

is thc open source?

hydra is the tool name in Kali really, although thc-hydra is it's full name, you invoke it with hydra.

It is open source.

Home page: https://www.thc.org/thc-hydra/

Git page: https://github.com/vanhauser-thc/thc-hydra

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...