Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Belkin routers and Hydra

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    10

    Default Belkin routers and Hydra

    I have been testing hydra on my Belkin router with the code: hydra -l admin -P /pentest/passwords/wordlists/g0tmi1k.lst -e ns -t 15 -f -s -vV 192.168.1.1 http-get /

    I am trying the username admin because none is used; but I have tried many with the same results.
    The results tell me a valid pair has been found and that the password is blank. This is the default for my router but I have changed the password and verified that it in fact works. Using the blank field as a password fails. Not sure what the issue is here with hydra or possibly my misuse of it.

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    76

    Default

    are you the owner of the router?

    are you already log in?

    if so "theres" a "hole" or what ever they call it that you can enter to the router's config page without hydra nor medusa...

    well It work for me; mine is Belkin_G+MIMO_Wireless
    it doesn't ask for a username only password

    I am trying the username admin because none is used
    use -L ""

  3. #3
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    10

    Default Medusa and hydra on BT3

    I have tried the -l "" for username on hydra and medusa. I am using BT3 and I know my router password is in the dictionary. The router is mine and I do not need to get into it; my concern is that hydra and medusa are giving me false positives. They both (almost instantly) cease their crack stating that they have cracked the pw. I have used different dicts to test and they "crack" the pw as different passwords with diff dicts. Not sure what the issues is here. My dicts are on a different partition but it is showing in verbose mode that it is reading them properly.

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Posts
    76

    Default

    well if you are already loged in you can try the router config page 192.168.2.1 with firefox and r>click in the password box go to >this frame>view frame source

    you can ctrl+f "password" or go to line 82 AND voila!!! your router password

    i hope it help

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by techemically View Post
    I have been testing hydra on my Belkin router with the code: hydra -l admin -P /pentest/passwords/wordlists/g0tmi1k.lst -e ns -t 15 -f -s -vV 192.168.1.1 http-get /
    So this command raises a lot of questions.

    1) Why are you passing admin if you know it's not valid?
    2) Why are you specifying -t 15 (when 16 is the default), is doing one less parallel task actually going to make a difference to your machine?
    3) -f tell it to quit after the first successful pair. (If you think it's wrong then why make it stop, why not continue and see what else it claims?)
    4) You specified -s with no value, how is that supposed to help you?
    5) Are you sure your router is using HTTP-GET? (Not basic auth or HTTP-POST)

    me@host:~$ hydra --help
    Hydra v5.3 [http://www.thc.org] (c) 2006 by van Hauser / THC <vh@thc.org>

    Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
    [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]
    server service [OPT]

    Options:
    -R restore a previous aborted/crashed session
    -S connect via SSL
    -s PORT if the service is on a different default port, define it here
    -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
    -p PASS or -P FILE try password PASS, or load several passwords from FILE
    -e ns additional checks, "n" for null password, "s" try login as pass
    -C FILE colon seperated "loginass" format, instead of -L/-P options
    -M FILE server list for parallel attacks, one entry per line
    -o FILE write found login/password pairs to FILE instead of stdout
    -f exit after the first found login/password pair (per host if -M)
    -t TASKS run TASKS number of connects in parallel (default: 16)
    -w TIME defines the max wait time in seconds for responses (default: 30)
    -v / -V verbose mode / show login+pass combination for each attempt
    server the target server (use either this OR the -M option)
    service the service to crack. Supported protocols: telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd
    OPT some service modules need special input (see README!)

    Use HYDRA_PROXY_HTTP/HYDRA_PROXY_CONNECT and HYDRA_PROXY_AUTH env for a proxy.
    Hydra is a tool to guess/crack valid login/password pairs - use allowed only
    for legal purposes! If used commercially, tool name, version and web address
    must be mentioned in the report. Find the newest version at #!/bin/the hacker's choice - THC
    (5.3 is slightly out of date, it seems 5.4 is out...but the info should still be applicable).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by thorin View Post
    So this command raises a lot of questions.
    Ohh snap. I think you just followed your forum signature on that one.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    10

    Default

    medusa and hydra give quick false positives when ran against a belkin on BT3 and ubuntu but works correctly against a linksys. possibly its the lack of a username in the login process...any ideas?

    @ thorin, that command was an error. that was from a video tutorial that i had jotted down. I pasted it in instead of what i am using by mistake.

  8. #8
    Junior Member
    Join Date
    Jan 2010
    Posts
    76

    Default

    Quote Originally Posted by techemically View Post
    medusa and hydra give quick false positives when ran against a belkin on BT3 and ubuntu but works correctly against a linksys. possibly its the lack of a username in the login process...any ideas?

    @ thorin, that command was an error. that was from a video tutorial that i had jotted down. I pasted it in instead of what i am using by mistake.
    does my recommendation work? did you at least try it? im about to test a NETGEAR to see if medusa or hydra work.

    happy tree king day

  9. #9
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    10

    Default

    yes i am aware of that vulnerability but am more concerned with the functionality hydra and medusa against the belkin router. I already know the password.

  10. #10
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    10

    Default partial sucess :)

    I have had success on the belkin with hydra by using -l "" and the https-get method instead so that seems to be resolved but when trying to use -M https with medusa I get the following: IMPORTANT: Couldn't load "https" [/usr/local/lib/medusa/modules/https.mod: cannot open shared object file: No such file or directory]. Place the module in the medusa directory, set the MEDUSA_MODULE_NAME environment variable or run the configure script again using --with-default-mod-path=[path].
    this was already setup in BT3 so i never ran ./configure (i assume thats what the error is referring to) as I did when i set it up in ubuntu. any idea how i may go about repairing this? Thank for all your help everyone

    there is no https module in /usr/local/lib/medusa/modules/
    does medusa even have a https module? any idea what other module would work in its place?

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •