Results 1 to 8 of 8

Thread: Hydra password bruteforcer question

  1. #1
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    4

    Default Hydra password bruteforcer question

    Hello,

    I have been trying to bruteforce my router password (HTTP-AUTH). I also have the words generator from freshmeat. However, creating a words list with the entire alphabet in upper and lowercase AND numbers creates a file way to large to handle. Is there any way to feed the passwords it generates directly into Hydra, instead of specifiying a password file?

    Thanks!

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    I dont think so. What do you mean the file is to large to handle. I've used hydra with as big as a 10 gig file.

  3. #3
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    I think he means a 8 character password using 62 English characters (upper and lower alphabet and numbers) = 62^8 = 218,340,105,584,896 bytes or 218 TB.

    I think he wants to generate these words and feed them directly to Hydra instead of saving them to a hard drive. I don't know if that can be done with Hydra. I know it can be done with john and aircrack-ng with
    john --incremental=All --stdout | aircrack-ng -b 00:11:22:33:44:55 -w -test.cap

    You could try the following which is totally untested (I am in my windows partition at the moment):
    john --incremental=All --stdout | hydra -l "" -f -v -e ns 192.168.1.1 http-get /

    Good Luck
    I like the bleeding edge, but I don't like blood loss

  4. #4
    Junior Member
    Join Date
    Sep 2008
    Posts
    27

    Default

    Normal bruteforce? i'm not familiar with brutes, i'm studying WEP & WPA at the moment is there bruteforce tutorials anywhere btw??
    Finnish apprentice i am!

  5. #5
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by kolehti View Post
    Normal bruteforce? i'm not familiar with brutes, i'm studying WEP & WPA at the moment is there bruteforce tutorials anywhere btw??
    Bruteforce tutorials for what? There really is not much to bruteforcing, as it essentially is the process of trying every single possible combination of characters until the correct one is found. As you say that you are currently working on WEP and WPA I am sure that you understand that there is no reason to apply this method to WEP. WPA on the other hand could be bruteforced, but with a possible length of 63 case sensitive printable ACII characters it is easy to understand why wordlists are generally used instead.
    -Monkeys are like nature's humans.

  6. #6
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    4

    Default

    Quote Originally Posted by bofh28 View Post
    I think he means a 8 character password using 62 English characters (upper and lower alphabet and numbers) = 62^8 = 218,340,105,584,896 bytes or 218 TB.

    I think he wants to generate these words and feed them directly to Hydra instead of saving them to a hard drive. I don't know if that can be done with Hydra. I know it can be done with john and aircrack-ng with
    john --incremental=All --stdout | aircrack-ng -b 00:11:22:33:44:55 -w -test.cap

    You could try the following which is totally untested (I am in my windows partition at the moment):
    john --incremental=All --stdout | hydra -l "" -f -v -e ns 192.168.1.1 http-get /

    Good Luck
    That was what I was looking for, thanks! Will try it out as soon as I get back from work to try it out and let you know if it worked.

    Cheers!

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by pureh@te View Post
    I dont think so. What do you mean the file is to large to handle. I've used hydra with as big as a 10 gig file.
    He means that generating a list of 8 char passwords with just uppercase letters would be ~194GB. So doing 1-10 chars, upper & lower with numbers is just too much data to deal with.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Junior Member
    Join Date
    Sep 2008
    Posts
    27

    Default

    Quote Originally Posted by =Tron= View Post
    Bruteforce tutorials for what? There really is not much to bruteforcing, as it essentially is the process of trying every single possible combination of characters until the correct one is found. As you say that you are currently working on WEP and WPA I am sure that you understand that there is no reason to apply this method to WEP. WPA on the other hand could be bruteforced, but with a possible length of 63 case sensitive printable ACII characters it is easy to understand why wordlists are generally used instead.

    lol i was too sleepy when i posted that sorry
    i meant tutorials for FTP,HTTP,LAN, etc. when i asked if there were any

    using brute to WEP and WPA is just pointless, even i know that
    Finnish apprentice i am!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •