Hydra password bruteforcer question

[laurensb]

Hello,

I have been trying to bruteforce my router password (HTTP-AUTH). I also have the words generator from freshmeat. However, creating a words list with the entire alphabet in upper and lowercase AND numbers creates a file way to large to handle. Is there any way to feed the passwords it generates directly into Hydra, instead of specifiying a password file?

Thanks!

[purehate]

I dont think so. What do you mean the file is to large to handle. I've used hydra with as big as a 10 gig file.

[bofh28]

I think he means a 8 character password using 62 English characters (upper and lower alphabet and numbers) = 62^8 = 218,340,105,584,896 bytes or 218 TB.

I think he wants to generate these words and feed them directly to Hydra instead of saving them to a hard drive. I don't know if that can be done with Hydra. I know it can be done with john and aircrack-ng with
john --incremental=All --stdout | aircrack-ng -b 00:11:22:33:44:55 -w -test.cap

You could try the following which is totally untested (I am in my windows partition at the moment):
john --incremental=All --stdout | hydra -l "" -f -v -e ns 192.168.1.1 http-get /

Good Luck

[kolehti]

Normal bruteforce? i'm not familiar with brutes, i'm studying WEP & WPA at the moment is there bruteforce tutorials anywhere btw??

[imported_=Tron=]

Normal bruteforce? i'm not familiar with brutes, i'm studying WEP & WPA at the moment is there bruteforce tutorials anywhere btw??

Bruteforce tutorials for what? There really is not much to bruteforcing, as it essentially is the process of trying every single possible combination of characters until the correct one is found. As you say that you are currently working on WEP and WPA I am sure that you understand that there is no reason to apply this method to WEP. WPA on the other hand could be bruteforced, but with a possible length of 63 case sensitive printable ACII characters it is easy to understand why wordlists are generally used instead.

[laurensb]

I think he means a 8 character password using 62 English characters (upper and lower alphabet and numbers) = 62^8 = 218,340,105,584,896 bytes or 218 TB.

I think he wants to generate these words and feed them directly to Hydra instead of saving them to a hard drive. I don't know if that can be done with Hydra. I know it can be done with john and aircrack-ng with
john --incremental=All --stdout | aircrack-ng -b 00:11:22:33:44:55 -w -test.cap

You could try the following which is totally untested (I am in my windows partition at the moment):
john --incremental=All --stdout | hydra -l "" -f -v -e ns 192.168.1.1 http-get /

Good Luck

That was what I was looking for, thanks! Will try it out as soon as I get back from work to try it out and let you know if it worked.

Cheers!

[thorin]

I dont think so. What do you mean the file is to large to handle. I've used hydra with as big as a 10 gig file.

He means that generating a list of 8 char passwords with just uppercase letters would be ~194GB. So doing 1-10 chars, upper & lower with numbers is just too much data to deal with.

[kolehti]

Bruteforce tutorials for what? There really is not much to bruteforcing, as it essentially is the process of trying every single possible combination of characters until the correct one is found. As you say that you are currently working on WEP and WPA I am sure that you understand that there is no reason to apply this method to WEP. WPA on the other hand could be bruteforced, but with a possible length of 63 case sensitive printable ACII characters it is easy to understand why wordlists are generally used instead.

lol i was too sleepy when i posted that sorry
i meant tutorials for FTP,HTTP,LAN, etc. when i asked if there were any

using brute to WEP and WPA is just pointless, even i know that