Remote Exploit Forums

Go Back   Remote Exploit Forums > Specialist Topics


Specialist Topics Suggestions for topic sections welcome!

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-05-2009, 10:48 AM
g0tmi1k's Avatar
Member
 
Join Date: Jun 2008
Location: http://g0tmi1k.blogspot.com/
Posts: 44
Arrow [Video] How to: Crack HTTP (hydra)

Hey all!

A (very) short video on how to crack your routers password!

What is this?
A basic guide on how to use hydra to crack a http password on your home router.

How does this work?
> Uses a dictionary attack to test for weak or simple passwords on one or more remote clients
> Supports multiple protocol

What do I need?
> Hydra
> Big dictionary.

Commands:
hydra -l admin -P /pentest/passwords/wordlists/g0tmi1k.lst -e ns -t 15 -f -s -vV 192.168.1.1 http-get / -l = username
-P = password (Looks for a wordlist cos its a 'big' P)
-e ns = checks for 'null' password
-t xx= How many tasks to run at once
-f = exit once it finds the first user/password
-s = connect via SSL
-vV = verbose mode (shows more info)
192.168.1.1 = IP address
http-get = what to crack/method etc
/ = Page to crack - root

Notes:
This is cut from my final video called "g0tmi1k's home network".
The password HAS to be in the dictionary - so if you use something like http://grc.com/pass, the chances of it being crack is next to nothing!

Links
Download: 2 - hydra.mp4 - g0tmi1k
Video: How to: Crack HTTP
Idea/Source(s):
xHydra
Misc : Dictionaries

Software
Name: Hydra
Version: 5.4
Home Page: #!/bin/the hacker's choice - THC
Download Link: The Hacker's Choice Download



~g0tmi1k
__________________
~ Have you, g0tmi1k? ~
<(^^,)> d[-_^]b (= =D-->--<

Last edited by g0tmi1k; 07-05-2009 at 11:05 AM.
Reply With Quote
  #2 (permalink)  
Old 07-21-2009, 04:16 PM
Banned
 
Join Date: Jul 2009
Location: DOOMascus, MD
Posts: 15
Send a message via AIM to Dooms_day
Default

very cool, just in case i need to forward my ports from a starbucks right? lol

most people just use a default "password1" or no pass at all is what im finding though
Reply With Quote
  #3 (permalink)  
Old 08-18-2009, 02:39 AM
Junior Member
 
Join Date: Feb 2008
Location: AU
Posts: 18
Default

Nice easy howto for the newcomers. Win.
Also kudos for making the video in something other than Flash. I'm sure I'm not the only one who refuses to install Flash under Windows.

FYI for the win32 version there's a lazy man's GUI here (GeoGen Hydra GUI)
w w w.geogensoft.com/products/geogen-hydra-gui.html
Cheeky pricks want $15 for a frontend to an opensource tool though.

Last edited by thrasher12ga; 08-18-2009 at 02:42 AM. Reason: Flash is Fail
Reply With Quote
  #4 (permalink)  
Old 09-23-2009, 08:10 PM
Junior Member
 
Join Date: Feb 2009
Location: europe
Posts: 11
Default bruteforce http basic auth

if you don't need an graphical frontend you can also use "medusa" from _foofus.net_ (which is fine :-)
Reply With Quote
  #5 (permalink)  
Old 09-25-2009, 11:39 PM
Member
 
Join Date: Jun 2008
Posts: 42
Default

I would like to test our outlook web access (owa) but every time I run hydra I get "cannot resolve xx.xx.xx.xx"?

My command is (this is using the windows version... sorry)

hydra -L login.txt -P pass.txt -V service https xx.xxx.xxx.xxx https-get /exchange

Any ideas???
Reply With Quote
  #6 (permalink)  
Old 09-26-2009, 02:18 AM
Junior Member
 
Join Date: May 2006
Posts: 8
Default

Quote:
Originally Posted by letmein View Post
I would like to test our outlook web access (owa) but every time I run hydra I get "cannot resolve xx.xx.xx.xx"?

My command is (this is using the windows version... sorry)

hydra -L login.txt -P pass.txt -V service https xx.xxx.xxx.xxx https-get /exchange

Any ideas???
HTTPS isn't supported by hydra. That should be the reason you cannot connect.
Reply With Quote
  #7 (permalink)  
Old 10-23-2009, 10:09 PM
Member
 
Join Date: Jun 2008
Posts: 42
Default

Quote:
Originally Posted by Almighty View Post
HTTPS isn't supported by hydra. That should be the reason you cannot connect.
There are options in hydra for https-get and post, so I am guessing Hydra does support HTTPS..... anyone any experience of using hydra on https?

Thanks
Reply With Quote
Reply

Bookmarks

Tags
http hydra router g0tmi1k

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 08:45 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2