tag:blogger.com,1999:blog-8356530514965708840.post3716471643631067091..comments2024-02-13T05:30:28.218+01:00Comments on A day with Tape: Using Hydra or Medusa to gain access to network routerUnknownnoreply@blogger.comBlogger19125tag:blogger.com,1999:blog-8356530514965708840.post-44396126152270010892014-05-12T08:57:27.130+02:002014-05-12T08:57:27.130+02:00If I know lets say how many characters the passwor...If I know lets say how many characters the password is (in my case 10 digits) this would generate a huge file size very quickly. Is there a way to make hydra or medusa accept an input from another process? Such as the program in question? Instead of ofstream()ing it out to a file maybe let it generate and bash that way?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-1094945982186248292013-06-10T18:30:33.584+02:002013-06-10T18:30:33.584+02:00you can get a list login which you create,
the pas...you can get a list login which you create,<br />the password list which i use is /pentest/password/wordlist/darkcode.lst on bt5Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-15455495299088308202012-08-04T06:51:30.863+02:002012-08-04T06:51:30.863+02:00Yes, Where can we find logon.txt and password.txt?...Yes, Where can we find logon.txt and password.txt? however; i have try the commend already but it still not work.<br />do you have any idea on this?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-25823259393884782142012-03-28T23:42:51.248+02:002012-03-28T23:42:51.248+02:00When I get a failed authentication attempted login...When I get a failed authentication attempted login to my router it does not give me a filed. (The failed page is just 192.168.0.1)<br /><br />How do I apprach this? <br /><br />Thanks!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-57346445619535426242012-03-14T12:27:50.531+01:002012-03-14T12:27:50.531+01:00Hey there, looks like your wireless network card i...Hey there, looks like your wireless network card is not supported by backtrack. <br /><br />Do some googling on which cards are supported and see if you can get yourself a cheap one to test on.TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-66806798873435081892012-03-12T17:41:49.291+01:002012-03-12T17:41:49.291+01:00Hi tape,
I am new to this stuff and I am stuck at...Hi tape, <br />I am new to this stuff and I am stuck at the first step already! when i enter airmon-ng nothing shows up under the interface, chipset and driver. I am doing the same thing trying to get access to my router but it cant work. I appreciate your help!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-23607954495316652122012-01-25T16:43:25.444+01:002012-01-25T16:43:25.444+01:00Hey Sunny,
I would imagine that the admimstrator...Hey Sunny, <br /><br />I would imagine that the admimstrator password is the first in the list and that it is showing that as correct pass.. <br /><br />I also seem to remember getting quite a few false positives in some case, but cant seem to recall what the reason was.. <br /><br />Have you tried Hydra ?TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-35008250483365510202012-01-24T10:09:12.293+01:002012-01-24T10:09:12.293+01:00Hi TAPE,
Your tutorials are always easy to unders...Hi TAPE,<br /><br />Your tutorials are always easy to understand. Highly<br />appreciate your efforts :)<br /><br />When am trying to use Medusa am getting a false positive.<br /><br />medusa -h 192.168.1.1 -u admin -P /root/pass -t 1 -f -v 5 -M http -m DIR:GET/index.asp<br />Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <br /><br />ACCOUNT CHECK: [http] Host: 192.168.1.1 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: administrator (1 of 10 complete)<br />ACCOUNT FOUND: [http] Host: 192.168.1.1 User: admin Password: administrator [SUCCESS]<br /><br />Am trying to test medusa on my router with default credentials.<br />I've supplied 10 passwords in the "pass" file but the actual password<br />is "admin" and not "administrator" as shown in the output.<br /><br />Please helpSunnynoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-35430920180148940532011-04-09T18:32:15.446+02:002011-04-09T18:32:15.446+02:00@ Jason
You really shouldn't be posting yr ema...@ Jason<br />You really shouldn't be posting yr email for the interwebz to see..<br /><br />As for the "iwconfig ap xx:xx:xx:xx:xx:xx"<br />http://linux.die.net/man/8/iwconfigTAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-35716658220041368402011-04-09T13:33:24.658+02:002011-04-09T13:33:24.658+02:00After typing the code
root@bt:~# iwconfig ap 00:24...After typing the code<br />root@bt:~# iwconfig ap 00:24:82:25:92:89<br />iwconfig: unknown command "00:24:82:25:92:89<br /><br />what's the problem??? could you help me?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-71514369765088052742011-04-09T13:06:00.581+02:002011-04-09T13:06:00.581+02:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-6012537895140407862010-05-16T08:36:56.502+02:002010-05-16T08:36:56.502+02:00If dictionary attacks fail, then you probably woul...If dictionary attacks fail, then you probably would need to try;<br /><br />> Try creating a focussed password list based on personal information gathering and the like.<br /><br />> Finding out make / model of router, perhaps it has a documented security flaw.<br /><br />> Create a bruteforce wordlist with Crunch, and run that.TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-79075441131922715122010-05-15T16:54:34.429+02:002010-05-15T16:54:34.429+02:00Hi
Is it possible to bruteforce the router's ...Hi<br /><br />Is it possible to bruteforce the router's password and not using a dictionary? The password might be non standard or the wordlist file wouldn't contain the password. What is the approach in this situation?<br /><br />Thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-37658549955573065512010-04-28T07:49:53.585+02:002010-04-28T07:49:53.585+02:00Have you tried using -l "" ?
hydra -l &...Have you tried using -l "" ?<br /><br />hydra -l "" -P passlist.txt -t 1 -f -V 192.168.1.1 http-get /index.asp<br /><br />Of course your setup may not need point to index.asp, you'll have to test various methods to see which work best for you.<br />I have seen some videos which just have;<br />http-get /<br />Not pointing to any page..TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-24165650023613818502010-04-28T01:43:22.474+02:002010-04-28T01:43:22.474+02:00What would be the command adaption when activating...What would be the command adaption when activating hydra when the routers index.asp takes only a password and no username.<br /><br />I know this is rare but there has to be functionality for it right? And thanks for the blog very informative.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-6889124332137220252010-02-03T05:45:51.954+01:002010-02-03T05:45:51.954+01:00The exact syntax will vary per router being checke...The exact syntax will vary per router being checked. <br /><br />Thanks for your msg though !TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-33913017523144189842010-02-03T05:42:01.099+01:002010-02-03T05:42:01.099+01:00Hey BTW u have to enter the command in this way fo...Hey BTW u have to enter the command in this way for hydra<br />> hydra -L username.txt -P password.txt -e ns -V 192.168.x.x http-get /index.asp 2>succes.txtAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-84731266859527579962009-11-05T12:44:04.337+01:002009-11-05T12:44:04.337+01:00Basically what I did here was to simply create a l...Basically what I did here was to simply create a login.text file with standard logins and an ap_password.txt file with standard passwords taken from the above mentioned default password list website.<br /><br />Added a few which I felt necessary and hey presto..<br /><br />Obviously as this run on my network I knew the password and simply ensured it was included. You can do the same.TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-35295513622802175972009-11-05T00:32:38.609+01:002009-11-05T00:32:38.609+01:00Where to get login.txt and ap_password.txt wordlis...Where to get login.txt and ap_password.txt wordlist?Anonymousnoreply@blogger.com