thank you for the post.. nice ,,go for more
[Video] Cracking HTTP Passwords (Hydra)
Links
Watch video on-line: http://g0tmi1k.blip.tv/file/2318952
Download video: http://www.mediafire.com/?yhc1adzytiqibjc
What is this?
A basic guide on how to use hydra to crack a http password on a 'home' router.
How does this work?
> Uses a dictionary attack to test for weak or simple passwords on one or more remote clients
What do I need?
> Hydra
> (Big) dictionary
Software
Name: Hydra
Version: 5.4
Home Page: http://freeworld.thc.org/welcome/
Download Link: http://freeworld.thc.org/download.ph...5.4-src.tar.gz
Commands:
Notes:Code:hydra -l admin -P /pentest/passwords/wordlists/g0tmi1k.lst -e ns -t 15 -f -s -vV 192.168.1.1 http-get / -l = username -P = password (Looks for a wordlist) -e ns = checks for 'null' password -t xx= How many tasks to run at once -f = exit once it finds the first user/password -s = connect via SSL -vV = verbose mode (shows more info) 192.168.1.1 = IP address http-get = what to crack/method etc / = Page to crack - root
This is cut from my final video called "g0tmi1k's home network".
The password HAS to be in the dictionary - so if you use something like http://grc.com/pass, the chances of it being crack is next to nothing!
Song: Rage Against The Machine - Killing in the Name of (Mr. Oizo Remix)
Video length: 01:21
Capture length: 01:40
Blog Post:http://g0tmi1k.blogspot.com/2009/07/video-tutorial-how-to-crack-http-hydra.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/1657-%5Bvideo%5D-how-crack-http-passwords-hydra.html
Dictionaries: http://g0tmi1k.blogspot.com/2010/02/site-news-isos-and-dictionaries.html
Last edited by g0tmi1k; 03-05-2011 at 04:29 PM.
Have you...g0tmi1k?
Re: [Video] How to: Crack HTTP passwords (hydra)
thank you for the post
---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
Knowing how 2 use BT dsnt mean that u r hacker
Re: [Video] How to: Crack HTTP passwords (hydra)
Thanks for the thanks.
Have you...g0tmi1k?
Re: [Video] How to: Crack HTTP passwords (hydra)
I tried to crack my router with hydra, but I got an invalid pointer.
I have searched for a solution, some of the said that it is a bug in hydra.
So i googled it and found some patches but I was unable to succesfully use them.
Do someone here has a solution?
Re: [Video] How to: Crack HTTP passwords (hydra)
thanks man
This is the best
Re: [Video] How to: Crack HTTP passwords (hydra)
Could you give some more information?Originally Posted by errorman
What router are you using?
What interface?
Whats the error?
What command are you using?
Thanks for the thanks! (=
Have you...g0tmi1k?
Re: [Video] How to: Crack HTTP passwords (hydra)
thanks when I download bt4 I will have a try
thanks again
Re: [Video] How to: Crack HTTP passwords (hydra)
First of all, thanks for this how-to.
Anyway, I didn't manage to run hydra successfully.
I got TP-Link TL-WR543G router. User name is 'admin', and so is password.
Here's the result of my try:
Code:root@bt:~# hydra -l admin -P /root/dict -t 10 10.1.1.1 http-get / Hydra v5.4 (c) 2006 by van Hauser / THC - use allowed only for legal purposes. Hydra (http://www.thc.org) starting at 2010-08-14 15:45:12 [DATA] 5 tasks, 1 servers, 5 login tries (l:1/p:5), ~1 tries per task [DATA] attacking service http-get on port 80 [STATUS] attack finished for 10.1.1.1 (waiting for childs to finish) Unusual return code: for admin:pwd2 Unusual return code: for admin:pwd1 Unusual return code: for admin:admin Unusual return code: for admin:pwd4 Unusual return code: for admin:pwd3 Hydra (http://www.thc.org) finished at 2010-08-14 15:45:13 root@bt:~#
Re: [Video] How to: Crack HTTP passwords (hydra)
Not all routers are vulnerable to it.
I think its because how it handles the authentication (basic.auth?).
and as I haven't got a TP-Link at the mo, I can't try. Is the index page protected?
Have you...g0tmi1k?
Re: [Video] How to: Crack HTTP passwords (hydra)
What do you mean by 'basic.auth'? User is authenticated by a password.
Index page isn't protected in any way. Connection goes through http. SSL is not used.
Posting Permissions
