brute force hydra?

[tangentcollision]

I keep reading these little things off google to see if I can find the correct way to do this, but I just can't find it...

I've set up a teamspeakRC2 server on my ubuntu box below me, the only user with server administrator auth is "tangent" however, my password is an amalgamation of numbers and letters
pass: t4m3110n (tame lion)
but I know I won't get that password out of a normal dictionary attack. I've brute forced before using brutus (blargh) for windows. and I think there SHOULD be a way to make hydra do the same.

also, something I've found, people that use wordlists call hydra a "brute forcer" ... I believe we have forgotten what brute force means...

[bofh28]

I keep reading these little things off google to see if I can find the correct way to do this, but I just can't find it...

I've set up a teamspeakRC2 server on my ubuntu box below me, the only user with server administrator auth is "tangent" however, my password is an amalgamation of numbers and letters
pass: t4m3110n (tame lion)
but I know I won't get that password out of a normal dictionary attack. I've brute forced before using brutus (blargh) for windows. and I think there SHOULD be a way to make hydra do the same.

also, something I've found, people that use wordlists call hydra a "brute forcer" ... I believe we have forgotten what brute force means...

I don't see a question, but I will take a shot at answering. How are you trying to remotely login to the server (ssh, ftp, telnet, web form, etc)? You can find information about how to use hydra at http://forums.remote-exploit.org/sho...62&postcount=1

I agree that dictionary, wordlist, and bruteforce attacks have lost some of their meaning. When I think of a dictionary attack I think that words are in the dictionary. A wordlist attack is a list of words that are not in the dictionary like the list of species found in star trek like Klingon or Lycocian. Then there is a list that contains all possible combinations of letters, number, and symbols. This one didn't have a name so I call it a combination file. The difference between a combination file and bruteforce attack is the combination file is already generated so the attack will be much faster. The downside to a combination file is its huge size as the size is the number of characters in the character set (26 for upper or lowercase, 36 for upper or lowercase and numbers, 95 for upper, lower, numbers, and symbols in english) ^ length of password. So 95^7 = 69,833,729,609,375 bytes or 70 TB so not really practical.

[tangentcollision]

okay, well, what I'm trying to get at is it would be nice to be able to pipe in a bruteforce wordlist generator (or combo list generator) to make a temp file, constantly deleting the unused words (or combos)
hmm
I guess what I'm asking is if I could make hydra test all possible combinations of letters and numbers as passwords.

I'm accessing the server via my own network, it's on a server box under my feet so I can keep files on it and such, with my eeepc running BT3 live from partition on an sdhc card

... also, can't get hatelist to work xD

[bofh28]

okay, well, what I'm trying to get at is it would be nice to be able to pipe in a bruteforce wordlist generator (or combo list generator) to make a temp file, constantly deleting the unused words (or combos)
hmm
I guess what I'm asking is if I could make hydra test all possible combinations of letters and numbers as passwords.

I'm accessing the server via my own network, it's on a server box under my feet so I can keep files on it and such, with my eeepc running BT3 live from partition on an sdhc card

... also, can't get hatelist to work xD

You can use crunch to generate the word and then feed the word to hydra.
Something like this:
crunch 1 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 | hydra -l "" -P "" -f -v -e ns 192.168.1.1 http-get /
would be a quick guess. The above IS TOTALLY UNTESTED AND WILL PROBABLY NOT WORK. But it does give you a starting point.

Good Luck

[manulu]

cd /pentest/passwords/crunch/

./crunch 1 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 -o crunch.txt | hydra -l "" -P /pentest/passwords/crunch/crunch.txt -f -v -e ns 192.168.1.1 http-get /

but I didn't leave it more than 3 minutes and it was creating an 800mb pwl to know if that will work? na!

also this is my router config page before i log in

BackTrack :: BelkinRouterSetup1.png picture by manuel_privado - Photobucket

after i log in

BackTrack :: Belkin Router Setup login before picture by manuel_privado - Photobucket

but thru out hydra i gave me error any help please

root@BT4:~# hydra 192.168.2.1 http-get -v -V -l -P thepwl1.txt -e ns -t 5 -w 30 -m / -f
Error: The web page you supplied must start with a "/", "http://" or "https://", e.g. "/protected/login"

[Gitsnik]

but thru out hydra i gave me error any help please

You have your -f at the end and you shouldn't (or it's easier if you don't). Go find gotmilks hydra notes, he splits them up very well.

Also you need to figure out how to use crunch properly, you're writing it out to a file.

[manulu]

thanks

from gotmilks i follow his tutorial well explained

about crunch; i know but after it "created" hydra shold read it but like bofh28 said "The above IS TOTALLY UNTESTED AND WILL PROBABLY NOT WORK" so i decide to write it an out put but it still fails is has to be with http-get?

thanks again

[Gitsnik]

is has to be with http-get?

No it has to do with you writing to a file when you shouldn't, and not reading from a pipe when you should.

[purehate]

I would check out medusa. Its a much more robust tool for this type of thing in my opinion.

Plus as is already mentioned your syntax is all messed up. you are doing this crunch --> write to a file --> pipe (wtf are you piping?) --> medusa --> read from a file

I'm not even certain whether hydra will take stdin.

[manulu]

ok i have never use crunch with hydra

i have tweak each option at hydra also xHydra no luck!

right now im movin to medusa i'll check later thanks!