How to brute force your router in windows

This will give you a quick run down on how to brute force your router if it uses HTTP BASIC AUTH


If you receive a popup window when you try to access your router, then this method should work for you.

Read the article then watch the movie

THC-Hydra – can be downloaded from their site here
Password list – try openwall’s free list

Find your router IP, you should already know this, mine is It is a DSL-G604T and the default username for this router is “admin”.
If for some reason you can’t remember yours try a default password site such as

Make sure you have downloaded and extracted THC-Hydra. I have extracted mine to C:\CMD\Hydra in this example and I also have my password list in the Hydra directory.

Open a command prompt and navigate to the Hydra directory
to change directory in dos used the “CD” command followed by the path CD C:\CMD\Hydra

run the command below substituting in your values
(command flags are case sensitive).

hydra -l {username} -P {password list path} -s {port} {IP Address} http-get /
My command looks like:
hydra -l admin -P password.lst -s 80 http-get /

Command break down:
hydra –> the hydra program
-l –> (lower case “L” not to be confused with a upper case i) single username to target. Use uppercase -L to specify a username list
-P –> provide path to password lis. -p to try a single password ie “passw0rd”
-s –> port to target your router may run on a different port such as 8080
{IP Address} hopefully this is clear
http-get –> service to brute force
“/” –> this specifies the page to target if this is left out the command will not run. “/” just indicates the root do not include the ”
you will get an output line with username and password if you are successful.
This attack is only as good as your dictionary.

Next how to brute force web forms, check it out!!

This is for educational purposes only, dont go attacking devices which don’t belong to you .

47 thoughts on “How to brute force your router in windows

  1. I want to test this, but i’m affraid my service provider wil see that i try to bruteforce my router. Is it possible that they can see that i’m brute forcing it by the way?

  2. password list attack is called wordlist attack not brute force.
    BF is when the hacking tool tries all the alphanumeric and special characters that the user selected.

  3. I have a dictionary of 1 GB and I can not use it, the thc-hydra gives me this error:

    Error: Could not allocate enough memory for password file data

  4. hello!
    I’ m jerry and i use globesurfer3 as a router and i try to forward my ipcam f980a but i never succeed please can you help me to guide me!
    i check port with canyousee me but it repliesalways error on any port! i’ve already contacted my isp and they said that they didn’t block any port but it’s my router globesurfer3 witch blocks my ports!
    so please help me

  5. Your video has the [80] [www] line in it with the deets, mine doesn’t, is this because the attack failed? It has all the other lines, just not that one :(

  6. All this learning is true when you are connected to your router right now, what we i do when the pc not connected to target router?

  7. Hello, i read your blog occasionally and i own a similar one and i was just curious if you get a lot of spam responses?
    If so how do you prevent it, any plugin or anything you can suggest?
    I get so much lately it’s driving me mad so any support is very much

  8. your router? my router is zyxel, and its www auth without login, how u make hydra work for telnet brute without login, only Password:

  9. Hey there just wanted to give you a quick heads up.

    The words in your content seem to be running off the screen in Opera.
    I’m not sure iif this is a format issue or something to do wiyh browser compatibility but I figured I’d poost to
    let you know. The style and design look great though!
    Hope you get the issue fixed soon. Cheers

  10. What is the website that means it is easy to understand podcasts and blog sites? I don’t get an iPod, does that make any difference? . ekdeeeffkedd

  11. Hi all,

    In cmd hydra -l {username} -P {password list path} -s {port} {IP Address} http-get / , how do i find the username, password list path and port?


  12. You have to cut the fruits that bounce off of the plenty of birds
    call of duty advanced warfare download become available to play, the magic
    skill. It will need to walk the little device. Even you can ask your mates to follow suit.
    Well, for iPad, iPhone 4S, iPod touch and go to your mobile phone prices have

  13. his i the vry st League of Legends Ashe build fr 2014. The Country Mouse And The City Mouse Adventures – Season 1 (1998)In this entertaining
    and educational animated series, country mouse Emily and her city mouse cousin, Alexander, travel to exotic
    locales around the world, learning all about different cultures and
    working together to solve problems. Can the intrepid and
    hardworking Bob fix all these problems.

  14. A few obvious methods too many infomercials all around to count that attempts to con the regular man into buying some magic product that promises 1-3 inches in the short time.
    Using this method of the double padded strap put to use in making the
    pro extender, you should expect to become more comfort once you put it on. I know because I used it and my manhood shot up by almost
    4 in!

  15. Création d’itinéraires personnalisés pour les circuits de voyage en Nouvelle-Zélande.
    Ce guide touristique est conçu comme une solution complète
    à l’organisation de vos voyages ou circuits en Nouvelle-Zélande selon vos propres conditions.

    bienvenue sur

  16. My ChCk5h router won’t work and i have contacted people before. Would you be able to tell me how to take it and smash it on the ground? Im black by the way so my dick is up for grabs. :D i want people to come to my house and grab me…sexually. Bye

  17. hydra.exe -L ..\user.txt -P ..\pass.txt localhost http-post-form “/security/3/php/index.php:login_filed=^USER^&password_filed=^PASS^&go_filed=1:Error”

    i use this to hack password on windows but it gives me
    [ERROR] Child with pid 3320 terminating, can not connect
    [ERROR] Child with pid 6620 terminating, can not connect
    [ERROR] Child with pid 8496 terminating, can not connect
    [ERROR] Child with pid 9260 terminating, can not connect
    [ERROR] Child with pid 7440 terminating, can not connect
    [ERROR] Child with pid 6012 terminating, can not connect
    [ERROR] Child with pid 5368 terminating, can not connect
    [ERROR] Child with pid 6228 terminating, can not connect
    [ERROR] Child with pid 8104 terminating, can not connect
    [ERROR] Child with pid 7644 terminating, can not connect
    [ERROR] Child with pid 10152 terminating, can not connect
    [ERROR] Child with pid 2484 terminating, can not connect
    [ERROR] Child with pid 4788 terminating, can not connect
    [ERROR] Child with pid 7948 terminating, can not connect
    [ERROR] Child with pid 9040 terminating, can not connect
    [ERROR] Child with pid 2648 terminating, can not connect
    [ERROR] Child with pid 6116 terminating, can not connect
    [ERROR] Child with pid 2684 terminating, can not connect

    can you help me

  18. ‘hydra’ is not recognized as an internal or external command,
    operable program or batch file. Can you please help me i just want my router password.

  19. it seems my port on my router has shutdown, and i don’t remember the console password can this method work on a console protocol? because otherwise i would have to hard reset my router and i will lose the ipsec configuration for my vpn.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>