Forum Thread: Router-Login Brute Force

Since I forgot my router password I decided that I wanted to try brute forcing first just for fun.
I tried:

  • Hydra: Giving multiple wrong passwords nearly instantly?!
  • Medusa: Giving one wrong password

Both tools are kinda similar so are the commands and mine looked something like:

Medusa -U admin -P '/Root/Desktop/rockyou.txt' -H 'MYIP' -M Http

and

Hydra -L Admin -P '/Root/Desktop/rockyou.txt' -E Ns -vV 'MYIP' Http-Get

EDIT:
According to this question:
http://security.stackexchange.com/questions/37020/why-does-hydra-return-16-valid-passwords-when-none-are-valid

Its not as simple as I thought. You need the cookie information of the login page but I checked mine but it has no cookie info.

Does anyone know how to to this or has experience with this?

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

6 Responses

r u on kali linux?

hacked by Mr_Nakup3nda

Ofcourse

lol it could be something else, but anyway make sure your rockyou.txt path is "Root" instead of "root"

Hacked by Mr_Nakup3nda

and for Admin as username you should not use the capital letter "-L"
instead use"l"
try this :
hydra -l Admin -P /root/Desktop/rockyou.txt http://your____rooter____ip
Hacked by Mr_Nakup3nda

That's the editor screwing with my post I used the correct syntax I just need to figure out with extra I need to tell Hydra.

For commands, don't use the "headline" option in the article editor; it'll capitalize all the first letters of words. Better to just bold or italicize the commands instead.

Share Your Thoughts

  • Hot
  • Active