Results 1 to 8 of 8

Thread: xHydra

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Location
    uk
    Posts
    89

    Default xHydra

    hi guys.
    ive been lookin at hydra and in particular router login cracking.
    i have two routers to practise on. one is a netgear the other is a bthomehub which is actually my main router
    with the bthomehub i dont have to enter my password till i want to change settings but with the netgear i have to enter my user/password before i can see the router page. my question is which options would i use for both of these types of login in hydra? ie httpget etc

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    The netgear one is http-get, and you should treat it as thus. I'd suggest you don't use xhydra to begin with, start with the command line version till you get to know how it all works. Read the manual etc. A good solid understanding of authentication mechanism's would be better than just wading in with the GUI.

    That said, I just a quick one across my development router to be sure I had the syntax correct, so here is a sample against a known username with a password file:

    hydra -l root -P pw.lst -t 36 -m / 192.168.1.100 http-get
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3

    Default

    On my linksys router (like your netgear), you have to enter a user/password before you see anything, and to crack that I use this:
    hydra -l admin -P /pentest/passwords/wordlists/g0tmi1k.lst -e ns -t 15 -f -s -vV 192.168.1.1 http-get /
    -l = username
    -P = password (Looks for a wordlist cos its a 'big' P)
    -e ns = checks for null password
    -t xx= How many task to run at once
    -f = exit once it found the first user/password
    -s = connect via SSL
    -vV = verbose mode - shows more info
    192.168.1.1 = IP address
    http-get = what to crack/method etc
    / = Page to crack - root (might want to change this for the BT HomeHub?)

    Most users don't change the username for the router, find the defaults here:
    http://www.phenoelit-us.org/dpl/dpl.html
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

  4. #4
    Just burned his ISO Michaetito's Avatar
    Join Date
    Oct 2008
    Posts
    24

    Default

    Quote Originally Posted by cain#1 View Post
    hi guys.
    ive been lookin at hydra and in particular router login cracking.
    i have two routers to practise on. one is a netgear the other is a bthomehub which is actually my main router
    with the bthomehub i dont have to enter my password till i want to change settings but with the netgear i have to enter my user/password before i can see the router page. my question is which options would i use for both of these types of login in hydra? ie httpget etc
    Hi, i sow a nice exploits for Netgear router (and many more) on millw0rm. Maybe its better way then brute-force with Xhydra. Anyway take a look at that.

  5. #5
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    6

    Default

    i suggest no more than 10 connections at a time

    -t 10

  6. #6
    Junior Member
    Join Date
    Jan 2009
    Location
    uk
    Posts
    89

    Default

    on the bthomehub i dont need to enter the user/password till i go into my advanced options. does this matter? what i mean is does it make a difference with having to tell hydra to attack http://192.168.1.1. that is the router page obviously. then i need to click advanced followed by a note saying something along the lines of if you proceed you will need to enter your username and password.

  7. #7
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by cain#1 View Post
    on the bthomehub i dont need to enter the user/password till i go into my advanced options. does this matter? what i mean is does it make a difference with having to tell hydra to attack http://192.168.1.1. that is the router page obviously. then i need to click advanced followed by a note saying something along the lines of if you proceed you will need to enter your username and password.
    You may need to have a script to everything to the right point, and then run hydra. Depending on how it fails, you may need to run that in a loop. Alternately, you may be able to directly call the the "Advanced/login" page. Watching the address line should give you and idea of how to proceed.
    Thorn
    Stop the TSA now! Boycott the airlines.

  8. #8
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by cain#1 View Post
    on the bthomehub i dont need to enter the user/password till i go into my advanced options. does this matter? what i mean is does it make a difference with having to tell hydra to attack http://192.168.1.1. that is the router page obviously. then i need to click advanced followed by a note saying something along the lines of if you proceed you will need to enter your username and password.
    It looks like you didn't understand what the people explained in a extensive way about hydra. g0tmi1k even took the time to explain the entire command. Use your brain to think how it works for the netgear and adapt it to the other router.
    Tiocfaidh ár lá

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •