I've got zyxel presige 650r-e1 as my gate to the internets at home. There is one detail I must to admit - when you loggin into with telnet, it's doesn't ask you for login name, just a password. For this particular test I set its password for telnet configuration textual mode as default one - "1234". Then I tried to brute that password with hydra and medusa - unsuccessfully.
At first, I composed an dictionary file from huge table of default passwords with awk and sed. Tools accepted it, did a scan (i used verbose logging and saw all attempts for each of the login/password combination) - there was nothing in output, that could tell me I successed.
Then I just fed them correct password as an password and login command line options (neither hyndra, nor medusa allows to use just the password command line option alone; so, may be they both just weren't built with this cause (just only password in telnet session) in mind?) - for no avail. It just tried the correct passwords and exited, I weren't able to find in output any records stated that "bruting" what successful in that case either.
I haven't got any other routers currently, so can't just check it with another piece of equipment, one with traditional login procedure - that would ask both login name AND password.
So, did this was my fault due to lack of experience, or these tools really can't correctly confront such non-standard login prompt? And what would you suggest as a substitution to them? Any other bruteforce utility, more suited for that particular case?