How to Hack Wireless Router Passwords & Networks Using Hydra

Leaving your wireless router at its default settings is a bad idea. The sad thing is, most people still do it. Once they've penetrated your network, hackers will change your router settings so they'll have an easy way back in. This allows them to change your network into a shell or proxy so they can forward their traffic anonymously through you when committing other dirty deeds.

If you keep your wireless router at the defaults, then hackers can control your firewalls, what ports are forwarded, and more.

But never mind the hackers, what about your kids?

In this Null Byte, we're going to take a hack at our own wireless routers to see just how secure they really are. We'll be using Arch Linux and THC Hydra, a brute-forcing tool. Windows users, you can follow along if you use Cygwin.

Step 1 Download & Install Hydra

First we need to go to the Hydra website, download Hyrda, and get everything configured. In this article, a "cmd" refers to a command that has to be entered into a terminal emulator.

  1. Download Hydra from THC's website.
  2. Extract Hydra in a nice location.
    cmd: tar zxvf hydra-7.1-src.tar.gz
  3. Change to the newly made directory.
    cmd: cd <new directory>
  4. cmd: ./configure
  5. cmd: make
  6. cmd: sudo make install

Step 2 Use Hydra on Your Router

Now we're going to attack our routers. The default IP/URL to reach it at will be 192.168.1.1, so test that address in a browser to confirm it. If you get a dialog box, you've reached your router. This is running HTTP basic authentication. 

Follow along to my video tutorial below to crack your routers authentication page.

Commands & Configuration

  1. cmd: xhydra
  2. Enter 192.168.1.1 as your target.
  3. Use http-get as the method.
  4. Port 80.
  5. Pick a word list saved on your computer.
  6. Click start!

Congratulations! See how easy it can be? A router won't block out requests normally, either. So someone could brute-force you for days upon days. Change your password to something greater than 12 characters and maybe review this guide. Visit in IRC!

Image by Hydra

41 Comments

Just so that everyone has this as well, default router user names and passwords by manufacturer, nicely organised: http://pastebin.com/wjs5QV4C
As an incentive to CHANGE YOUR DEFAULT PASSWORDS. Just go do it.

Nice one. I guess there is a brute-force attack method-program for every "thing" that uses passwords :p

Yes, for every password hash/cipher/message w/e there is a brute-force approach. Whether or not it is feasible.. well..

You gotta see ryoh and I's multi-purpose web bruteforcer :D It's going to be faster than hydra or medusa after a few tweaks.

Some do take several trillion years though

can i do this on a mac osx lion?

Maybe, using Darwin, or a Linux emulator.

Is ryoh's going to be in python? Also, even though Hydra is a "brute-forcing" tool if you use a wordlist isn't it actually doing a dictionary attack?

Yes, but they call themselves a brute forcing tool, so, so do I x]].

Getting into someones router is the easy part of taking over someones connection though (unless they use WEP and hence deserve it).

Is it possible to bruteforce a wireless connections 'security key' in any reasonable timeframe? Assuming they have a weak password, like 6 or so characters. What programs would help me do this? Beause i forgot my router security key and the reset button on it is broken and i never stored it on my computer and the ethernet connection to it is broken :-D

Haha, pipe John the Ripper through aircrack.

Why don't router manufacturers do like phone or even ATM makers and after 3 or 5 failed attempts lock the machine either permanently or for 10 min etc? That way brute force would take a very very long time if you only get 3 goes every 10 min. Even some sort of PUK where you had to reset the router after so many failed attempts would help.

They do, and that is a common preventive measure for this attack.

can anyone explain me how to do it . i downloaded it extracted it now what?

Hey! Guys! There is problem in installing this soft on Windows 7 through cygwin
When i enter
"make"
command it says
-bash: make: command not found
any help! Thanx

Sounds like your shell doesn't have a link to make. Try running the following commands in a cygwin terminal:
$ /bin/ls -al /bin/make /bin/make.exe
$ cygcheck -c make

buddy i ever dont know how to download it please could any one give me some tips i will be very pleased
thank u

to run make command you must install cygwin with gcc package .
re install cygwin and add gcc package
but i need to know about the list , how can i get it ...??

For linux users!
Use this command line on terminal to install xhydra:
sudo apt-get install hydra-gtk
To start you have to type:
sudo xhydra start

for me hydra comes up in the command prompt i'm confused i don't get the interface?

Yeah same,

there is no interface ?

Hey!
I'm good until it says now type "make". Then nothing relevant happens.
-bash: make : command not found, it says.
I tried to enter the command lines listed by Bryan Crow above, nothing happened.
I even tried to reinstall cygwin with gcc package, but the make command still did nothing.
A little help would be appreciated :)

Check to see if you have the make.exe file in your bin folder. It might be somewhere else. If so, you could copy it over or just create a link.

Can I work on ubuntu ?

Yes, you can work in Ubuntu.

Hey guys, I've installed Cygwin64 and installed everything I can.
When I tried xhydra,
(xhydra:2040): Gtk-WARNING *: cannot open display: :0

What do?

Jacky:

I strongly recommend that you install BackTrack (with Hydra and many other tools) as a dual boot system or in a virtual machine such VM workstation or Virtual Box. Cygwin works well enough in a pinch, but I think you will have more success and be happier with a dual boot or VM.

OTW

Hey guys, unless I have remote controll activated on my router, the attacker would have to be within my network to make this work, wouldn't he?

So if I have a WiFi Router with WPA2 strong passphrase, WPS deactivated someone out there would have to bruteforce the Wifi, before this will work. Please correct me if I have made some wrong assumptions.

greetz A#E

How can i get "list" that you used for PASSWORD LIST. Can someone please send me link for that LIST. please .....

How does a hacker penetrate into the my network without a direct connection to my router? I have my remote management turned off.

where i can get password list?/

Foxit:

There are many wordlists built into Kali and thousands on the Internet. Google "wordlists" or "passwords".

OTW

bro i can work on computer right not in kali or bt5?
give me video to set up a hydra-gtk on computer

bro give me vedio to set up a hydra-gtk for pc not for kali or bt thnx

ummm. can u post a video of the step 1 ... i am really confuse on it

Hi i want hack a router 11n tenda its not have login from and its not like tp-link routers its only have password help me pelease

hi guys i want to know how i can hack a routers it's only haven password help me please in my area

Share Your Thoughts

  • Hot
  • Latest