[Video] How to: Crack HTTP (hydra)

[g0tmi1k]

Hey all!

A (very) short video on how to crack your routers password!

What is this?
A basic guide on how to use hydra to crack a http password on your home router.

How does this work?
> Uses a dictionary attack to test for weak or simple passwords on one or more remote clients
> Supports multiple protocol

What do I need?
> Hydra
> Big dictionary.

Commands:

hydra -l admin -P /pentest/passwords/wordlists/g0tmi1k.lst -e ns -t 15 -f -s -vV 192.168.1.1 http-get / -l = username

-P = password (Looks for a wordlist cos its a 'big' P)
-e ns = checks for 'null' password
-t xx= How many tasks to run at once
-f = exit once it finds the first user/password
-s = connect via SSL
-vV = verbose mode (shows more info)
192.168.1.1 = IP address
http-get = what to crack/method etc
/ = Page to crack - root

Notes:
This is cut from my final video called "g0tmi1k's home network".
The password HAS to be in the dictionary - so if you use something like http://grc.com/pass, the chances of it being crack is next to nothing!

Links
Download: 2 - hydra.mp4 - g0tmi1k
Video: How to: Crack HTTP
Idea/Source(s): xHydra
Misc : Dictionaries

Software
Name: Hydra
Version: 5.4
Home Page: #!/bin/the hacker's choice - THC
Download Link: The Hacker's Choice Download



~g0tmi1k

[Isohump]

Post it up o youtube and you'll prolly get more comments

[sifuconman]

Do you have a good wordlist to use for Hydra to share ?

The Dictionery site you referred to in your post is mostly, if not all for, for WPA cracking if I am correct.

[ne00ne]

Tnx g0tmi1k.

[manulu]

Im trying to use Hydra

Quote:

hydra 192.168.2.1 http-get -v -V -l -P loginpw.txt -e ns -t 5 -w 30 -m / -f

BackTrack :: BelkinRouterSetup1.png picture by manuel_privado - Photobucket

BackTrack :: Belkin Router Setup login before picture by manuel_privado - Photobucket

but no luck what Im doing wrong?