- Posts: 4
- Thank you received: 0
Forum Login
Hydra syntax help
Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
9 years 3 months ago - 9 years 3 months ago #128 by Scar
And i thought port forwarding made me an ICT nerd
Hydra syntax help was created by Scar
Hey guys!
I'm Scar and I'm wanting to crack my own router password with Hydra-THC.
I'm using windows 7 and Cyswin. I have a laptop with windows 8.1 ready to go.
What i'm currently trying, with explanation and everything i'm not sure of underlined:
my router's IP is 192.168.5.1
with Tamperdata in firefox i figured out it's https-form-post based
the website is https://192.168.5.1/index.php so i figured i'll only need index.php
After that comes the commands for username / password. I tracked it from the POSTDATA of tamperdata, which says usernamefld and passwordfld so i think i need that.
the POSTDATA also adds login=login at the end, no idea what this is for
Then i added the exact message i get when i make a mistake, i am not sure if this is also what i need to use
this is followed by a random guess that i need to add cookie information at low security that i also got from tamperdata
and then just comes the normal stuff. I'm not sure if the -w 30 is needed or the -o attack.txt
I'd appreciate ANY help i could get on this because it's all pretty new to me. The picture is basically my login screen
I'm Scar and I'm wanting to crack my own router password with Hydra-THC.
I'm using windows 7 and Cyswin. I have a laptop with windows 8.1 ready to go.
What i'm currently trying, with explanation and everything i'm not sure of underlined:
hydra 192.168.5.1 https-form-post "index.php:usernamefld^C^USER^&passwordfld=^PASS^:Username or Password incorrect:H=Cookie:security;low;PHPSESSID=e39428acfd434a5add602282ed6928ff" -l admin -P test.txt -s 80 -w 30 -o attack.txtmy router's IP is 192.168.5.1
with Tamperdata in firefox i figured out it's https-form-post based
the website is https://192.168.5.1/index.php so i figured i'll only need index.php
After that comes the commands for username / password. I tracked it from the POSTDATA of tamperdata, which says usernamefld and passwordfld so i think i need that.
the POSTDATA also adds login=login at the end, no idea what this is for
Then i added the exact message i get when i make a mistake, i am not sure if this is also what i need to use
this is followed by a random guess that i need to add cookie information at low security that i also got from tamperdata
and then just comes the normal stuff. I'm not sure if the -w 30 is needed or the -o attack.txt
I'd appreciate ANY help i could get on this because it's all pretty new to me. The picture is basically my login screen
And i thought port forwarding made me an ICT nerd
9 years 3 months ago #135 by Scar
And i thought port forwarding made me an ICT nerd
Replied by Scar on topic Hydra syntax help
I am not 100% sure what you mean with 'where' it's posting. I've added a screencap just to be sure 
Do you mean the server? (lighttpd/1.4.35)
Also I have no idea if it's bruteforce proof tbh, I know it's possible to put some anti-bruteforce protection on it though.
Do you mean the server? (lighttpd/1.4.35)Also I have no idea if it's bruteforce proof tbh, I know it's possible to put some anti-bruteforce protection on it though.
And i thought port forwarding made me an ICT nerd