Monday, September 10, 2012

Using XHydra to hack router password

Here we are. Firstly i must advise you to only use these methods to test your own security. I will be hacking my own email address / router password as example. 
here are your tools - all can be found in backtrack 5 and some earlier versions.

*Update 4/27/2013*
i have written a part two Using Xhydra to hack aol instant messenger passwords (AIM) 
Given the popularity of this post.


 

Start X-Hydra
 Also Start Zenmap 

 Everything should start by looking like this:
We will start by hacking a local network router password. This can be very useful to a hacker in the scenario where one has cracked a wifi password and gained local access to the network. After gaining access to the router possibilities are endless. all router security can be disabled and then we can perform MitM attacks (i will write an article on this later). if you're experienced enough in networking then you get the picture.
Typically a router's IP address will start with 192.168.x.x. (which it may be in your case) to check this type ipconfig in windows and ifconfig in linux. the routers IP will be the Default Gateway). 
Now i'm sure you have seen this before:


What we are going to do is tell Xhydra to connect to the routers http server with a protected page, input the username and bruteforce the password. Note this method can be used against any similar password protected page not using forms (will make another post on how to use against forms later).

so your input should be like this:
Check off show attempts as it makes it easier. single target SHOULD BE YOUR DEFUALT GATEWAY. perhaps 192.168.0.1. do not use this against websites or hardware you do not own or have permission to test. Important - port should be 80 or in some cases 8080. EVEN MORE IMPORTANT under PROTOCOL find http-get and click it. to find open ports on a device just scan the target IP with zenmap.
Back to hydra


in most cases the username will be admin. also in most cases the password will be either "password" "admin" or BLANK.
however, in my situation the default password is far different from admin or blank. so what i have done was selected a wordlist. you can find many wordlists using google. typically the bigger the better especially on a local network. backtrack comes with a few. can be found in: /root/pentest/passwords/wordlists
 i have compiled my own and named it password.lst.
Click Here for a basic wordlist 
so:
click username enter admin
click Password list and select your list
also check off "try login as password" and "try empty password"
then move to the Specific tab.
change http / https url to just a slash    /
this tells hydra what directory the protected page is on the server.

goto the start tab and click start. results will follow.


this quick tutorial is mainly for people beginning. i do not claim to be an expert in the field, however i am qualified to talk about these things. hydra is a powerful tool. it can be used for much more than just bruteforcing protected page passwords. there are a numerous amount of protocols, ftp, pop3, smtp and ssh being my favorite. next tutorial i will get a little more in depth on the scanning part and i will show you how to do this with virtually any email address.
questions please email. davidjgeraway@gmail.com
  

15 comments:

  1. I love it! You should post more of these

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Your thread is great, keep up the good job.
    I love such nice topics, it gets your site rich of content.
    Find out how to download top eleven football manager hack and use top eleven hack.
    Visit top eleven hack to download unreal top eleven token hack.
    Also you can get many awesome top eleven cheats.
    Link
    Hi and have a nice day. :)

    ReplyDelete
  4. Hi! I had been searching the internet before I saw your website. And I've finally found the thing I had been searching for! I completely like your website! Pages with such a full of text are much better. I will suggest you to write more and more. It was my enjoyment to check your article! Check out my webpage and download definitely free of charge
    xbox live code generator and
    farmville 2 hack..
    Bye.. :)

    ReplyDelete
  5. Hi. The post is amazing and good to read!
    Very well articles grow the site in so reputable and very high authority site!
    Click and see free wifi hack
    Best regards! :)

    ReplyDelete
  6. I’m really like it! Very, very dgdeeac good!
    caspar lee age

    ReplyDelete
  7. nice share...keep it on fire

    ReplyDelete
  8. Hi there, awesome site. I thought the topics you posted on were very interesting. I tried to add your RSS to my feed reader and it a few. take a look at it, hopefully I can add you and follow.
    Linksys Router Technical Support

    ReplyDelete
  9. How did your program go from trying "mitch, mouse, nancy, nascar, nelson," and then suddenly jump to "pal32ver21z" ?? This is very hard to believe.

    ReplyDelete
  10. How did your program go from trying "mitch, mouse, nancy, nascar, nelson," and then suddenly jump to "pal32ver21z" ?? This is very hard to believe.

    ReplyDelete
    Replies
    1. It is real, I put pal32ver21z in the word list myself as I was hacking my own equipment and that was the password to my router login at the time.

      Delete
  11. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with extra information? It is extremely helpful for me. 192.168.49.1

    ReplyDelete
  12. I read this article. I think You put a great deal of exertion to make this article. I like your work. wireless router

    ReplyDelete