Results 1 to 3 of 3

Thread: Router Password

  1. #1
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    3

    Default Router Password

    Okay we all know that exploiting a host is not so easy if we cannot get past the router. And besides having a good exploit for the router itself, (other than hitting the reset button) we usually resort to bruting the router.

    Unlike common webservers, bruting the router can take forever since there exist only 1 pair of userpass. Good news is, usually for a certain brand of routers, there is a certain standard username, so that cuts the effort exponentially.

    Now, i would like to find out the average time it takes to brute a 5letter,6 letter....10letter password. But im not sure how hydra works. apparently, i need a pass list aka dictionary brute. however im uncertain that a dictionary brute would work since most of the time since the possibility of hitting a pass is very remote.

    I was wondering if Hydra allows for realtime generation of bruteforce, that is, starting from 000000 to 000001 to 00000A ect. and what is the feasibility of this. For example , if i attacked my own netgear router; standard user:admin but the password, was QWERTY.(6 letter) would the permutation and combination of brute a 6letter login take very long on hydra?

    Finally, is there anyone with experience in hydra and routers to tell us if theres any form of lockout or protection and also delay in bruting the router.
    Side effects ? jam? freeze? lockup?

  2. #2
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by Clicker View Post
    bruting the router can take forever

    Now, i would like to find out the average time it takes to brute a 5letter,6 letter....10letter password.

    I was wondering if Hydra allows for realtime generation of bruteforce, that is, starting from 000000 to 000001 to 00000A ect. and what is the feasibility of this. For example , if i attacked my own netgear router; standard user:admin but the password, was QWERTY.(6 letter) would the permutation and combination of brute a 6letter login take very long on hydra?

    Finally, is there anyone with experience in hydra and routers to tell us if theres any form of lockout or protection and also delay in bruting the router.
    Side effects ? jam? freeze? lockup?
    Yes bruteforcing a router can take forever. The average time depends on the fast the router is, how much ram it has, and how fast it can accept a connection. I once had to allow public access to some Cisco 2600 series routers, so I put them behind a iptables firewall. In the iptables firewall I added a rule that only 3 connections could be made in 5 minutes. Check out --limit in iptables for more information on that. So this would really slow down any bruteforce attack, but it also can cause a DOS to legit users. You have to balance security and inconvenience to users.

    Using hydra without understanding it and the equipment you are using it on can cause all sorts of problems for the equipment. I had routers lockup solid, drop packets, just act plain crazy.
    I like the bleeding edge, but I don't like blood loss

  3. #3
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    If you are talking about mid sized or enterprise level routers(not the SOHO)then there are a lot of countermeasures can be taken.e.g. cisco routers

    security authentication failure rate threshold 10 log #(10 is login rate before introducing delay)
    login block for 60 attempts 3 within 120
    login delay 5
    login on-failure log every 1
    login on-success log every 1

    configure enable secret pretty hard.
    configure proper access list for both console and telnet access
    and if you want to go one step ahead
    integrate routers with SNMP server like Cisco works and with syslog servers like kiwisyslog
    configure AAA(authentication,authorization,accounting)locall y or remotely with Cisco ACS
    configure IOS IPS/IOS Firewall
    this will properly protect router with unauthorized access.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •