Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Password cracking a Belkin45G router

  1. #1
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    11

    Default Password cracking a Belkin45G router

    I want to crack the password on my router, for security testing purposes only, and I tried it with Hydra but failed. This is because Hydra works with a username and a password. The Belkin45G router uses only a password.

    So if I want to access it, I need to enter a password, quickly a .cgi page opens (which I found out using tcpTrace) where the password is given to. After which a "wrongpassword.html" page is opened.

    Is there a tool which I can use to crack the password?


    Thx

  2. #2
    Junior Member
    Join Date
    Jun 2006
    Posts
    28

    Default

    same problem

    The zyxel 600 prestige router uses only a password

    l tried crack but didnt succes

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by GrizlyJee View Post
    This is because Hydra works with a username and a password.
    Is there a tool which I can use to crack the password?
    Thx
    No you don't have to enter a password if using the GTK you can leave it blank
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    11

    Default

    Quote Originally Posted by archangel.amael View Post
    No you don't have to enter a password if using the GTK you can leave it blank
    I'm sorry, I'm a total noob at this.. What is GTK and why can I leave the password blank?

    The password is the only thing I need to fill in to access the router webpage. How can it be that I don't need to fill it in then?

  5. #5
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    8

    Default

    I think he means you can leave the username blank not the password...

  6. #6
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    He means Hydra GTK, its hydra with a fluffy gui!
    He means leave the username field blank in hydra if you only need a password

  7. #7
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    11

    Default

    Quote Originally Posted by SBerry View Post
    He means Hydra GTK, its hydra with a fluffy gui!
    He means leave the username field blank in hydra if you only need a password
    Oooh ok. I'll try that! thanks !

  8. #8
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    11

    Default

    D:\cracking\hydra-5.4-win>hydra.exe -l "" -P ../passwords/dutch/dutch.txt 192.16
    8.254.54 http-get "/login.cgi?page=login&logout=2&pws=^PASS^"
    Hydra v5.4 (c) 2006 by van Hauser / THC - use allowed only for legal purposes.
    Hydra starting at 2008-01-11 00:55:38
    [DATA] 16 tasks, 1 servers, 178425 login tries (l:1/p:178425), ~11151 tries per
    task
    [DATA] attacking service http-get on port 80
    [80][www] host: 192.168.254.54 login: password: aagten
    [STATUS] attack finished for 192.168.254.54 (waiting for childs to finish)
    [80][www] host: 192.168.254.54 login: password: aai
    [80][www] host: 192.168.254.54 login: password: aaide
    [80][www] host: 192.168.254.54 login: password: aaien
    [80][www] host: 192.168.254.54 login: password: aaiden
    [80][www] host: 192.168.254.54 login: password: aaiing
    [80][www] host: 192.168.254.54 login: password: aait
    [80][www] host: 192.168.254.54 login: password: aaiingen
    [80][www] host: 192.168.254.54 login: password: aaitje
    Hydra finished at 2008-01-11 00:55:39




    --> well this is what I get.. every single time... no loginname used now.. what am I doing wrong?

  9. #9
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    Here is a thread i came across. You should try searching about the forum for previous threads before posting.

    You might find what your looking for here
    hxxp://forums.remote-exploit.org/showthread.php?t=10000

    Try swapping which item you leave blank. ie -I /passwords/dutch/dutch.txt
    Ensure that its the right URL rewrite to the cgi process program

    If you get it working do post back your solution

  10. #10
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by SBerry View Post
    He means Hydra GTK, its hydra with a fluffy gui!
    He means leave the username field blank in hydra if you only need a password
    Correct SBerry , I would have thought that person using this program (hydra) would have known about the GTK "Gnome Tool Kit" This is nothing more than a gui frontend.

    and yes you can leave the password or username fields blank.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •