Posted by Sillychicken On October - 6 - 2011 16 Comments

This will give you a quick run down on how to brute force your router if it uses HTTP BASIC AUTH

using THC-HYDRA

If you receive a popup window when you try to access your router, then this method should work for you.

Read the article then watch the movie

THC-Hydra – can be downloaded from their site here
Password list – try openwall’s free list

Find your router IP, you should already know this, mine is 192.168.1.2. It is a DSL-G604T and the default username for this router is “admin”.
If for some reason you can’t remember yours try a default password site such as CIRT.net

Make sure you have downloaded and extracted THC-Hydra. I have extracted mine to C:\CMD\Hydra in this example and I also have my password list in the Hydra directory.

Open a command prompt and navigate to the Hydra directory
to change directory in dos used the “CD” command followed by the path CD C:\CMD\Hydra

run the command below substituting in your values
(command flags are case sensitive).

hydra -l {username} -P {password list path} -s {port} {IP Address} http-get /
My command looks like:
hydra -l admin -P password.lst -s 80 192.168.1.2 http-get /

Command break down:
hydra –> the hydra program
-l –> (lower case “L” not to be confused with a upper case i) single username to target. Use uppercase -L to specify a username list
-P –> provide path to password lis. -p to try a single password ie “passw0rd”
-s –> port to target your router may run on a different port such as 8080
{IP Address} hopefully this is clear
http-get –> service to brute force
“/” –> this specifies the page to target if this is left out the command will not run. “/” just indicates the root do not include the ”
you will get an output line with username and password if you are successful.
This attack is only as good as your dictionary.

Next how to brute force web forms, check it out!!

IMPORTANT:
This is for educational purposes only, dont go attacking devices which don’t belong to you .

16 Responses so far.

  1. Pratik Koirala says:

    thank you so much. I found the password. :) )

  2. LPunker says:

    I want to test this, but i’m affraid my service provider wil see that i try to bruteforce my router. Is it possible that they can see that i’m brute forcing it by the way?

  3. Shashi says:

    I need password list to download. how can i get that file..

  4. snake says:

    password list attack is called wordlist attack not brute force.
    BF is when the hacking tool tries all the alphanumeric and special characters that the user selected.

  5. Silver says:

    I have a dictionary of 1 GB and I can not use it, the thc-hydra gives me this error:

    Error: Could not allocate enough memory for password file data

  6. sai says:

    Thanks you very much…. :D

  7. jerry says:

    hello!
    I’ m jerry and i use globesurfer3 as a router and i try to forward my ipcam f980a but i never succeed please can you help me to guide me!
    i check port with canyousee me but it repliesalways error on any port! i’ve already contacted my isp and they said that they didn’t block any port but it’s my router globesurfer3 witch blocks my ports!
    so please help me

  8. david says:

    Your video has the [80] [www] line in it with the deets, mine doesn’t, is this because the attack failed? It has all the other lines, just not that one :(

  9. meysam says:

    All this learning is true when you are connected to your router right now, what we i do when the pc not connected to target router?

  10. pifufo says:

    cmd\hydra>hydra 1- admin -P password.lst 80.192.168.1.2 http-get /

    Me sale acceso denegado ayuda por favor

  11. Cooltiger says:

    hey i was wondering how to get past if my router blocks you out after 10 trys for the password for a certain time?

  12. Cooltiger says:

    I also cant seem to find a way to download Hydra any longer

  13. seiji says:

    [Error]Unknown Service : http-get/
    says the result, can you help me please?