Using Hydra or Medusa to gain access to network router
After obtaining a connection to the network and having an IP address, besides trying to acccess the hosts on the network, the actual router can also be targetted.
This could be done by would be attackers to for instance attempt to delete any logs on the router which may have logged their intrusion to the network.
Or to simply reboot the router which mostly has the same effect.
On Windows based systems, this could be done using either Bruter or Brutus.
Using trusty ol' back|track, the preference goes to either medusa or hydra.
For the sake of this test, a simple test setup as follows ;
> Open network
> DHCP enabled
Basically the steps involved are as follows ;
airmon-ng
Check connection
Obtain IP address and check gateway
Open upthe default gateway in your browser
Of course, before starting cracking away, it is always worth while to check the standard login / passwords first !
http://www.phenoelit-us.org/dpl/dpl.html
If no luck, then you have to revert to using wordlists, I have made a couple of small ones to try this out.
Starting Hydra to crack the router login / password.
-L specifiying the path to login list
-P specifying the path to password list
-t limiting the number of connections
-e ns to check for no password and to check login as password
-f to stop when first login/password is found
-V to show each login/password attempt
http-get to specify the protocol to use
/index.asp to point to the webpage it is heading to
For Medusa, the syntax is slightly different and took me a while to figure out what was necessary to avoid getting false positives, however the below worked for me ;
-h to specify the host
-U to specify path to the login wordlist
-P to specify path to password wordlist
-t to limit the number of connections
-f to stop the test on finding a valid login/password
-v for a more verbose output
-M to specify the module to use
-m to specify the options for the module in use
Now when trying the found login / password, success !
Hydra homepage - http://www.thc.org
Medusa homepage - http://www.foofus.net
This could be done by would be attackers to for instance attempt to delete any logs on the router which may have logged their intrusion to the network.
Or to simply reboot the router which mostly has the same effect.
On Windows based systems, this could be done using either Bruter or Brutus.
Using trusty ol' back|track, the preference goes to either medusa or hydra.
For the sake of this test, a simple test setup as follows ;
> Open network
> DHCP enabled
Basically the steps involved are as follows ;
- Identify network
- Gain access to network
- Obtain IP address
- Check gateway IP
- Check path the router setup page is using
- Start Hydra / Medusa using wordlists for both login and password if login is not known.
airmon-ng
airmon-ng start wlan0
airodump-ng mon0 -t opn
ifconfig wlan0 down
iwconfig wlan0 essid default channel 1
iwconfig ap 00:13:D4:09:32:60
ifconfig wlan0 up
Check connection
iwconfig wlan0
Obtain IP address and check gateway
dhclient wlan0
Open upthe default gateway in your browser
Of course, before starting cracking away, it is always worth while to check the standard login / passwords first !
http://www.phenoelit-us.org/dpl/dpl.html
If no luck, then you have to revert to using wordlists, I have made a couple of small ones to try this out.
Starting Hydra to crack the router login / password.
-L specifiying the path to login list
-P specifying the path to password list
-t limiting the number of connections
-e ns to check for no password and to check login as password
-f to stop when first login/password is found
-V to show each login/password attempt
http-get to specify the protocol to use
/index.asp to point to the webpage it is heading to
hydra 192.168.1.1 -L /wordlists/login.txt -P /wordlists/ap_password.txt -t 1 -e ns -f -V http-get /index.asp
For Medusa, the syntax is slightly different and took me a while to figure out what was necessary to avoid getting false positives, however the below worked for me ;
-h to specify the host
-U to specify path to the login wordlist
-P to specify path to password wordlist
-t to limit the number of connections
-f to stop the test on finding a valid login/password
-v for a more verbose output
-M to specify the module to use
-m to specify the options for the module in use
medusa -h 192.168.1.1 -U /wordlists/login.txt -P /wordlists/ap_password.txt -t 1 -e ns -f -v 5 -M http -m DIR:GET/index.asp
Now when trying the found login / password, success !
Hydra homepage - http://www.thc.org
Medusa homepage - http://www.foofus.net
My husband was so smooth at hiding his infidelity so I had no proof for months, I was referred to some hacker and decided to give him a try.. the result was incredible because all my cheating husband's text messages, whatsapp, facebook and even phone conversations was wired directly to my cellphone. CYBERHACKPROS@GMAIL.COM helped me put a round-the-clock monitoring on him and I got concrete evidence and he showed me proof..if your spouse is an expert at hiding his cheating adventures contact him via email/phone CYBERHACKPROS@GMAIL.COM or +1 512 605 1256 Tell him i reffered you.He will help you INSTAGRAM:Cyberhackprofessionals
ReplyDeleteinvesting in oil and gas has and is still making a lot of people " very RICH". Investors in oil and gas are getting rich daily. All you need is a secured and certified strategy that will keep your invested capital safe by opting out with no withdrawer crunch. A considerable number of investors worldwide have seen gains of 75,063%, personally I have made over 600%. For example I started investing with $1,000 and I made $3,000, $3,500- $5,000 weekly. Last year at the start of the year, I increased my invested capital to $10,000 and I made approximately $105,000 before the end of year. I've never seen profit opportunities like this before in any market even when other traders complain of losses. Now for the doubters, not only is it possible, it's actually happening right now. All you need is a good and secured strategy, a good investment platform, Appetite and market conditions. Incase you are interested in venturing into investing or perhaps you are trading and has been losing, feel free to contact total companyat E-mail: total.company@aol.com I will
Deletebe sure to guide and assist you.
Hey Guys !
DeleteUSA Fresh & Verified SSN Leads AVAILABLE with best connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank Name
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
✅MEET THE REAL HACKERS✅
ReplyDeleteI Always Feel Bad Whenever we receive complaints from Clients About The Hackers They Met Before They Heard about us.
These Days There Are alot of Hackers Online, You Just Have to Be Careful about who you meet for help, Because Some Of These People Are Scammers Pretending To be Hackers ❌❌❌
You Can Always Identify Them With Their False Write Ups and False Testimonies Trying To Lure you Into their Arms.❌❌❌
✅COMPOSITE HACKS is here to Connect you with The Best Hackers Online So you can get saved from The Arms of the Fake Hackers❌❌
✅We have Legit Hackers and Private investigators at your service. 💻 Every member of our team is well experienced in their various niches with Great Skills, Technical Hacking Strategies And Positive Online Reviews And Recommendations💻🛠
✅We have Digital Forensic Specialists, Certified Ethical Hackers, Computer Engineers, Cyber Security Experts, Private investigators and more on our team. Our Goal is to make your digital life secure, safe and hassle-free.
Some Of The Services we render includes:
* Website hacking 💻
* Facebook and social media hacking 📲
* Database hacking, & Blog Cleaning🛠
* Phone and Gadget Hacking 📲
• CREDIT CARD Loading ( Strictly USA & UK Credit Cards Only) 💳
* Clearing Of Criminal Records ❌
* Location Tracking 📲
and many More
✅We have a team of seasoned PROFESSIONALS under various skillsets when it comes to online hacking services. Our company in fact houses a separate group of specialists who are productively focussed and established authorities in different platforms. They hail from a proven track record Called “HackerOne” and have cracked even the toughest of barriers to intrude and capture or recapture all relevant data needed by our Clients. Some Of These Specialist Includes ⭐️ PETER YAWORSKI ⭐️FRANS ROSEN⭐️ JACK CABLE ⭐️JOBERT ABMA⭐️ ARNE SWINNEN ⭐️And More. All you Need To do is To Write us a Mail Then We’ll Assign any of These Hackers To You Instantly.
Feel Free To Mail Us Anytime 📩
📩 CONTACT:
E-mail: compositehacks@gmail.com
Hire a Hacker!
Want faster service?
Contact us!
HackerOne©️LLC 2018.
All Rights Reserved ®️
★We Treat Every Request With Utmost Confidentiality★
hello everyone. I want to recommend (WORLDCYBERHACK) on instagram or WhatsApp : +12678773020 for helping me getting access to my girlfriends mobile phone. He was reliable and trustworthy. you can contact him if you need help. He will surely help you. I am grateful I met him
ReplyDeleteAre you interested in any kinds of hacking services?
ReplyDeleteFeel free to contact TECHNECHHACKS@GMAIL.COM.
For years now we’ve helped so many organizations and companies in hacking services.
TECHNECHHACKS is a team of certified hackers that has their own specialty and they are five star rated hackers.
We give out jobs to hackers (gurus only) to those willing to work, with or without a degree, to speed up the availability of time given to jobs!!
Thus an online binary decoding exam will be set for those who needs employment under the teams establishment.
we deal with the total functioning of sites like,
+ SOCIAL MEDIA (Facebook, Twitter, Instagram, Snapchat, google hangout etc.)
+ CREDIT CARDS INSTALLATION
+ WESTERN UNION TRANSFER
+ MONEY FLIPPING
+ BANK ACCOUNTS
+ IOS/OS
+ CRIMINAL RECORDS
+ SCHOOL GRADES
+ CREDIT SCORES
+ SPOUSES PHONE
+ BTC RECOVERY
+ BTC MINING
Thus bewere of scammers because most persons are been scammed and they ended up getting all solutions to their cyber bullies and attacks by US.
I am Jason williams one of the leading hack agent.
PURPOSE IS TO GET YOUR JOBS DONE AT EXACTLY NEEDED TIME REQUESTED!!!
And our WORK SUCCESS IS 100%!!!
I’m always available for you when you need help.
Contact or write us on:
Technechhacks@gmail.com
SIGNED....!
Jason. W.
investing in oil and gas has and is still making a lot of people " very RICH". Investors in oil and gas are getting rich daily. All you need is a secured and certified strategy that will keep your invested capital safe by opting out with no withdrawer crunch. A considerable number of investors worldwide have seen gains of 75,063%, personally I have made over 600%. For example I started investing with $1,000 and I made $3,000, $3,500- $5,000 weekly. Last year at the start of the year, I increased my invested capital to $10,000 and I made approximately $105,000 before the end of year. I've never seen profit opportunities like this before in any market even when other traders complain of losses. Now for the doubters, not only is it possible, it's actually happening right now. All you need is a good and secured strategy, a good investment platform, Appetite and market conditions. Incase you are interested in venturing into investing or perhaps you are trading and has been losing, feel free to contact total companyat E-mail: total.company@aol.com I will
ReplyDeletebe sure to guide and assist you.
My boyfriend has been cheating on me for months and I had no idea, I searched all over to get help spying his phone but I didn't. I finally found a reliable hacker to help and I strongly recommend (worldcyberhackers) to anyone who needs help spying their partner. I was able to access his Iphone contents without touching and It literally worked without traces. Don't hesitate to message on Gmail(worldcyberhackers) or WhatsApp: +12678773020 if you need help with hacking and spying
ReplyDeleteHey Guys !
ReplyDeleteUSA Fresh & Verified SSN Leads AVAILABLE with best connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank Name
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040