Brute Force Router Password??

[black_box]

What Im looking to do is to get the user name and password for my router. Not the wireless password, which seems to be the only reason people even have kali anymore. Im talking about the login username and password for the router admin page. I have two different routers that I setup to test with. One is a basic linksys router. The other is a buffalo router. Both of which I have set to have the user name and pasword changed from default. I have tried to use brute force from in armitage but the user name and password were not on the list it pulls from. Which I have other questions as to were it pulls its list from but I can make another post abour that later.

[rastamouse]

Hydra and Medusa are probably the de facto for bruteforcing credentials. In this case, you will want to bruteforce the HTTP(S) POST requests.

[thepoor]

Hydra and Medusa are probably the de facto for bruteforcing credentials. In this case, you will want to bruteforce the HTTP(S) POST requests.

I tried Medusa on my router, after it said successful and it display the password but it is not the password for my router. I questioned Medusa.

[repzeroworld]

I tried Medusa on my router, after it said successful and it display the password but it is not the password for my router. I questioned Medusa.

Very interesting....

[black_box]

Thanks for the feedback guys. Looks like I have my project for the week right there.

[clone]

Hydra and Medusa are probably the de facto for bruteforcing credentials. In this case, you will want to bruteforce the HTTP(S) POST requests.

Patator is a nice included multi-service bruteforce tool in Kali, and is often overlooked. Maybe it needs a nicer name?

Available modules:
+ ftp_login : Brute-force FTP
+ ssh_login : Brute-force SSH
+ telnet_login : Brute-force Telnet
+ smtp_login : Brute-force SMTP
+ smtp_vrfy : Enumerate valid users using SMTP VRFY
+ smtp_rcpt : Enumerate valid users using SMTP RCPT TO
+ finger_lookup : Enumerate valid users using Finger
+ http_fuzz : Brute-force HTTP
+ pop_login : Brute-force POP3
+ pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)
+ imap_login : Brute-force IMAP4
+ ldap_login : Brute-force LDAP
+ smb_login : Brute-force SMB
+ smb_lookupsid : Brute-force SMB SID-lookup
+ vmauthd_login : Brute-force VMware Authentication Daemon
+ mssql_login : Brute-force MSSQL
+ oracle_login : Brute-force Oracle
+ mysql_login : Brute-force MySQL
+ mysql_query : Brute-force MySQL queries
+ pgsql_login : Brute-force PostgreSQL
+ vnc_login : Brute-force VNC
+ dns_forward : Forward lookup names
+ dns_reverse : Reverse lookup subnets
+ snmp_login : Brute-force SNMP v1/2/3
+ unzip_pass : Brute-force the password of encrypted ZIP files
+ keystore_pass : Brute-force the password of Java keystore files
+ tcp_fuzz : Fuzz TCP services
+ dummy_test : Testing module

http://routerpwn.com/ should be at least mentioned in this sort of thread.

[mmusket33]

Why do you not just try pushing the reset button which should restore factory settings to include username and password

If you need to brute force the password AND you are getting too many false positives, which occurs many times with hydra, turn to burpsuite. Go on the net and find the pro version. The verson in kali is throttled back and too slow. You will need some help files - there are a series of instruction vidios available thru torrents try piratebay or kickass torrents

[black_box]

I will look into Patator thank you and your right i have not really heard anything about it. So thats two weeks now worth of play time with my router. I am aware that I can press the reset button and then have the user name and password back to default. Im not doing any of this as a way to get around anything I have all my user names and passwords documented and save and can log in at any time. Im trying to learn Penetesting so I understand it better.

[mlockette]

I had the same problem, so I decided to spend some time playing with python and came up with a tool that is currently working for two tested routers. The Linksys E1200 and ZyXel FR1000Z. I have my project posted on Git Hub https://github.com/mlockette/RouterBruteForce if you want to use it and possibly expand on it! Like Rastamouse said above these routers use a HTTP POST request for login. Hope this helps you or someone else.

[John_Doe]

Hello Clone,
Would you be so kind as to share an example of using Patator against my Ubee access point? My login page is at 192.168.0.1 and the default user name is "user", not "admin".

[g0tmi1k]

This is starting to be a non kali thread.
Locking.