It got you nothing. Whether you were successful in using Hydra or not the answer is the same. Administrative access to the device should not be available via the internet (especially over a clear text protocol).
I'm confused by your repeated claims of "knowing hydra" when you opened up with questions about it. If you know everything about Hydra what was this bit about?
Although it was timing out at the time of posting you can get further details here:how about a more specific question. In Hydra, when I choose the "cisco" protocol ...what is that trying to guess? The cisco-enable I know and well.not getting anywhere as three attempts and disconnect.
(Available via google cache as well)
Sorry you feel that I insulted you but the FACT remains doing a test that proves nothing ... PROVES NOTHING. Supposedly your company has limited resources, so since you couldn't see that people where helping you even while calling BS you've managed to waste some of those limited resources.
One additional test you could perform which would mean something and not be a total waste of time would be to check for default accounts/passwords.
Obviously any default accounts/passwords which still exist on the device would represent a third strike so to speak.
I totally understand that, which is why I suggested you don't WASTE TIME. This is why I was completely straight to the point in my post.Yes, I was fully aware of what I was doing and I had used Hydra before and slowed it down. I also spoke with the network admin before hand. I may be a newbie, but I do have common sense. I was on a time contraint (1 day left) and didn't have time for a lot of research and asked for help. Some people like Thorin don't understand that.
It's true, I'm a VERY black and white with no gray kind of person. Hence the sig.Originally Posted by lupin