How to brute force your router in windows

This will give you a quick run down on how to brute force your router if it uses HTTP BASIC AUTH

usingĀ THC-HYDRA

If you receive a popup window when you try to access your router, then this method should work for you.

Read the article then watch the movie

THC-Hydra – can be downloaded from their site here
Password list – try openwall’s free list

Find your router IP, you should already know this, mine is 192.168.1.2. It is a DSL-G604T and the default username for this router is “admin”.
If for some reason you can’t remember yours try a default password site such as CIRT.net

Make sure you have downloaded and extracted THC-Hydra. I have extracted mine to C:\CMD\Hydra in this example and I also have my password list in the Hydra directory.

Open a command prompt and navigate to the Hydra directory
to change directory in dos used the “CD” command followed by the path CD C:\CMD\Hydra

run the command below substituting in your values
(command flags are case sensitive).

hydra -l {username} -P {password list path} -s {port} {IP Address} http-get /
My command looks like:
hydra -l admin -P password.lst -s 80 192.168.1.2 http-get /

Command break down:
hydra –> the hydra program
-l –> (lower case “L” not to be confused with a upper case i) single username to target. Use uppercase -L to specify a username list
-P –> provide path to password lis. -p to try a single password ie “passw0rd”
-s –> port to target your router may run on a different port such as 8080
{IP Address} hopefully this is clear
http-get –> service to brute force
“/” –> this specifies the page to target if this is left out the command will not run. “/” just indicates the root do not include the ”
you will get an output line with username and password if you are successful.
This attack is only as good as your dictionary.

Next how to brute force web forms, check it out!!

IMPORTANT:
This is for educational purposes only, dont go attacking devices which don’t belong to you .