Pandora Boz Posted December 22, 2016 Share Posted December 22, 2016 Hey Guys, I'm stuck up with this for a long time now. I've just started out on learning various basic techniques used for navigating around various security mechanisms. I referred a number of posts around the web about brute forcing routers with Hydra. Most of the articles are focused on beating the basic authentication provided by HTTP. And the links that describe brute forcing web logins do not seem to work when I've tried. My router is a DLINK DSL2750U ADSL Router left aside for testing purposes. Even most of other routers I tried consists of such web interface which is first loaded and a custom authentication web form using HTTP POST. I used this link as my main reference in understanding the process of bruteforcing. Here's a snapshot of my router's web based login page. As you see, a login form is presented and the username is given as a drop down consisting of only one element "admin". Also the login page is at 192.168.1.1/cgi-bin/webproc. Here is the source of the login page: router-login.source.txt To build up the command to execute hydra on this web form, I used BurpSuite. On intercepting the bad response, this is what I get : Once a wrong password is entered, the error message displayed is as below : The link does not change on the error message and the error message itself comes as a pop-up. Right clicking on the screen is set to off as well. At first, I ran my hydra command as below: hydra -l "" -P "/root/pass.txt" 192.168.1.1 http-post-form "/cgi-bin/webproc:%3Ausername=^USER^&%3Apassword=^PASS^&%3Aa ction=Login:"Username or Password wrong:H=Cookie: %3Asessionid=68b3e673" This gives the hydra output as matching ALL passwords as correct in the dictionary. So I figure my incorrect/fail section for hydra is not right. Since my routers failed login does not give out any proper information, I tried looking at the "S=" option for the incorrect/fail section of hydra. I noticed that on successfully logging in I'm being redirected to link given below: http://192.168.1.1/cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard So I modified my hydra command to the following : hydra -l "" -P "/root/pass.txt" 192.168.1.1 http-post-form "/cgi-bin/webproc:%3Ausername=^USER^&%3Apassword=^PASS^&%3Aa ction=Login:S=?getpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&varage=wizard:H=Cookie: %3Asessionid=68b3e673" Now the output of hydra does not match any password in the list file. I've been trying many ways to get this done but am stuck up. Any help pointing towards the right direction would be helpful. If there's any more information you would want to know to help me out, please let me know. Looking to solving this somehow!! :(:( please help me. Now I'm just trying many permutations and combinations with the hydra arguments.Still no progress! Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.