Forum Thread: Hydra task authentication type

Hiya, need some advise on using hydra.

I'm trying to crack password on my latest virgin media router with the wordlist, but cannot complete hydra command, because none of the task authentication types seems to work.

BTW, the router web interface has only password to enter and it seems it is using HTML Form Based Authentication.

I grabbed few examples from OWASP site and here is one: hydra -L users.txt -P wordlist.txt site.com https-post-form "/index.cgi:login&name=^USER^&password=^PASS^&login=Login:Not allowed" &

How do I work out what goes after https-post-form for my router?

From the header request it looks like this: 192.168.0.1/login?arg=YWRtaW46MTIz&n=50339&=1506580344116

How to compile hydra command in order to start enumeration process?

1 Response

I've actually managed to crack router pass in BurpSuite using Intruder and Comparer Modes. But FREE version on BurpSuite is toooooo slow. I wouldn't have achieved it if I didn't know pass, enumerating through massive list is literally impossible. Unfortunately, I cannot use hydra, because it is fixed on using login name as static or wordlist modes, but authentication to my router uses only password.

Share Your Thoughts

  • Hot
  • Active