Password cracking a Belkin45G router

[GrizlyJee]

I want to crack the password on my router, for security testing purposes only, and I tried it with Hydra but failed. This is because Hydra works with a username and a password. The Belkin45G router uses only a password.

So if I want to access it, I need to enter a password, quickly a .cgi page opens (which I found out using tcpTrace) where the password is given to. After which a "wrongpassword.html" page is opened.

Is there a tool which I can use to crack the password?


Thx

[feyt333]

same problem

The zyxel 600 prestige router uses only a password

l tried crack but didnt succes

[Archangel-Amael]

This is because Hydra works with a username and a password.
Is there a tool which I can use to crack the password?
Thx

No you don't have to enter a password if using the GTK you can leave it blank

[GrizlyJee]

No you don't have to enter a password if using the GTK you can leave it blank

I'm sorry, I'm a total noob at this.. What is GTK and why can I leave the password blank?

The password is the only thing I need to fill in to access the router webpage. How can it be that I don't need to fill it in then?

[Xmaster]

I think he means you can leave the username blank not the password...

[SBerry]

He means Hydra GTK, its hydra with a fluffy gui!
He means leave the username field blank in hydra if you only need a password

[GrizlyJee]

He means Hydra GTK, its hydra with a fluffy gui!
He means leave the username field blank in hydra if you only need a password

Oooh ok. I'll try that! thanks !

[GrizlyJee]

D:\cracking\hydra-5.4-win>hydra.exe -l "" -P ../passwords/dutch/dutch.txt 192.16
8.254.54 http-get "/login.cgi?page=login&logout=2&pws=^PASS^"
Hydra v5.4 (c) 2006 by van Hauser / THC - use allowed only for legal purposes.
Hydra starting at 2008-01-11 00:55:38
[DATA] 16 tasks, 1 servers, 178425 login tries (l:1/p:178425), ~11151 tries per
task
[DATA] attacking service http-get on port 80
[80][www] host: 192.168.254.54 login: password: aagten
[STATUS] attack finished for 192.168.254.54 (waiting for childs to finish)
[80][www] host: 192.168.254.54 login: password: aai
[80][www] host: 192.168.254.54 login: password: aaide
[80][www] host: 192.168.254.54 login: password: aaien
[80][www] host: 192.168.254.54 login: password: aaiden
[80][www] host: 192.168.254.54 login: password: aaiing
[80][www] host: 192.168.254.54 login: password: aait
[80][www] host: 192.168.254.54 login: password: aaiingen
[80][www] host: 192.168.254.54 login: password: aaitje
Hydra finished at 2008-01-11 00:55:39



--> well this is what I get.. every single time... no loginname used now.. what am I doing wrong?

[SBerry]

Here is a thread i came across. You should try searching about the forum for previous threads before posting.

You might find what your looking for here
hxxp://forums.remote-exploit.org/showthread.php?t=10000

Try swapping which item you leave blank. ie -I /passwords/dutch/dutch.txt
Ensure that its the right URL rewrite to the cgi process program

If you get it working do post back your solution

[Archangel-Amael]

He means Hydra GTK, its hydra with a fluffy gui!
He means leave the username field blank in hydra if you only need a password

Correct SBerry , I would have thought that person using this program (hydra) would have known about the GTK "Gnome Tool Kit" This is nothing more than a gui frontend.

and yes you can leave the password or username fields blank.