Re: THC Hydra and HTTP brute-force cracking

[Martin T <m4rtntns () gmail com>]

Jérôme,
thanks! "hydra -s 8080 -l admin -p pA55w0Rd -f -v -t 1 192.168.1.1
http-get /" did the thing! Example below:

<<<<<
[root@ ~]# cat /root/words.txt
password
pA55w0Rd
user
pA55w0Rd
Admin
Administrator
[root@ ~]# hydra -s 8080 -l admin -P /root/words.txt -t 1 -f -v
192.168.1.1 http-get /
Hydra v6.1 (c) 2011 by van Hauser / THC - use allowed only for legal purposes.
Hydra (http://www.thc.org) starting at 2011-04-01 15:08:44
[DATA] 1 tasks, 1 servers, 6 login tries (l:1/p:6), ~6 tries per task
[DATA] attacking service http-get on port 8080
[VERBOSE] Resolving addresses ... done
C1:GET / HTTP/1.0
Host: 192.168.1.1
Authorization: Basic YWRtaW46cGFzc3dvcmQ=
User-Agent: Mozilla/4.0 (Hydra)


S:HTTP/1.0 401 Unauthorized
Server: httpd
Date: Fri, 01 Apr 2011 15:11:11 GMT
WWW-Authenticate: Basic realm="WRT54G"
Content-Type: text/html
Connection: close

<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>
Authorization required.
</BODY></HTML>

C1:GET / HTTP/1.0
Host: 192.168.1.1
Authorization: Basic YWRtaW46azR0ZWtT
User-Agent: Mozilla/4.0 (Hydra)


S:HTTP/1.0 200 Ok
Server: httpd
Date: Fri, 01 Apr 2011 15:11:11 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: text/html
Connection: close


<!--
*********************************************************
*   Copyright 2003, Cy
[8080][www] host: 192.168.1.1   login: admin   password: pA55w0Rd
[STATUS] attack finished for 192.168.1.1 (valid pair found)
Hydra (http://www.thc.org) finished at 2011-04-01 15:08:45
[root@ ~]#
> > > > >


When should one use http-head? In addition, I have read many people
complaining(mainly in backtrack-linux.org/forums) about "-t" feature
in hydra as it runs by default 16 parallel tasks simultaneously and
may skip passwords in password file.. Jérôme mentiod this as well. Is
there a fix for this or is it a hydra bug at all?


regarding,
martin


2011/3/31 Jérôme Nokin <jerome () wallaby be>:
> Hi Martin,
>
> Why are you using http-head instead of http-get ?
>
> Your browser is actually doing "GET / HTTP/1.0",  not "HEAD / HTTP/1.0"
>
> Jérôme
>
> On 31/03/11 09:34, Martin T wrote:
> > Jérôme,
> >
> > I tried with "-t 1", but it did not help. Finally I tried with such command:
> >
> > [root@ ~]# hydra -s 8080 -l admin -p pA55w0Rd -f -v -t 1 192.168.1.1 http-head /
> > Hydra v6.1 (c) 2011 by van Hauser / THC - use allowed only for legal purposes.
> > Hydra (http://www.thc.org) starting at 2011-03-31 10:20:39
> > [DATA] 1 tasks, 1 servers, 1 login tries (l:1/p:1), ~1 tries per task
> > [DATA] attacking service http-head on port 8080
> > [VERBOSE] Resolving addresses ... done
> > [STATUS] attack finished for 192.168.1.1 (waiting for children to finish)
> > C1:HEAD / HTTP/1.0
> > Host: 192.168.1.1
> > Authorization: Basic YWRtaW46azR0ZWtT
> > User-Agent: Mozilla/4.0 (Hydra)
> >
> >
> > Hydra (http://www.thc.org) finished at 2011-03-31 10:20:39
> > [root@ ~]#
> >
> > ..and still no success. If I enter "admin" to the "User Name: " box
> > and "pA55w0Rd" to the "Password: " box in my web browser, I'm able to
> > log in. What might be wrong?
> >
> >
> > Thanks for all the suggestions, I'll check Mezcal and NiX. In
> > addition, any experience with ncrack(http://nmap.org/ncrack/man.html)
> > in case of HTTP(S) brute-force cracking?
> >
> > regards,
> > martin
> >
> >
> > 2011/3/30 Jérôme Nokin <jerome () wallaby be>:
> > > Hi Martin,
> > >
> > > Sometime I get this problem when I use multiple parallel tasks. (by
> > > default 16)
> > >
> > > Try with only one (-t 1) to see.
> > >
> > > Cheers,
> > > Jérôme
> > >
> > >
> > >
> > > On 29/03/11 12:47, Martin T wrote:
> > > > I set up an ASUS WL-500gP with original ASUS firmware to my LAN with
> > > > IP address 192.168.1.1. If I navigate to address
> > > > http://192.168.1.1:8080/ in my Firefox address bar, an "Authentication
> > > > required" window opens up asking for "User name: " and "Password: ".
> > > > Correct "User name: " is "admin" and correct "Password: " is
> > > > "pA55w0Rd". They work fine if I type them in manually to the
> > > > "Authentication required" window, but for some reason I can't get in
> > > > using the hydra with words.txt password file, which contains
> > > > "pA55w0Rd":
> > > >
> > > > [root@ ~]# cat words.txt
> > > > password
> > > > user
> > > > pA55w0Rd
> > > > Admin
> > > > Administrator
> > > > [root@ ~]# hydra -s 8080 -l admin -v -P words.txt -e ns -f 192.168.1.1
> > > > http-head /
> > > > [VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to 7.
> > > > Hydra v6.1 (c) 2011 by van Hauser / THC - use allowed only for legal purposes.
> > > > Hydra (http://www.thc.org) starting at 2011-03-29 13:12:11
> > > > [DATA] 7 tasks, 1 servers, 7 login tries (l:1/p:7), ~1 tries per task
> > > > [DATA] attacking service http-head on port 8080
> > > > [VERBOSE] Resolving addresses ... done
> > > > [STATUS] attack finished for 192.168.1.1 (waiting for children to finish)
> > > > C1:HEAD / HTTP/1.0
> > > > Host: 192.168.1.1
> > > > Authorization: Basic YWRtaW46
> > > > User-Agent: Mozilla/4.0 (Hydra)
> > > >
> > > >
> > > > C1:HEAD / HTTP/1.0
> > > > Host: 192.168.1.1
> > > > Authorization: Basic YWRtaW46YWRtaW4=
> > > > User-Agent: Mozilla/4.0 (Hydra)
> > > >
> > > >
> > > > C1:HEAD / HTTP/1.0
> > > > Host: 192.168.1.1
> > > > Authorization: Basic YWRtaW46cGFzc3dvcmQ=
> > > > User-Agent: Mozilla/4.0 (Hydra)
> > > >
> > > >
> > > > C1:HEAD / HTTP/1.0
> > > > Host: 192.168.1.1
> > > > Authorization: Basic YWRtaW46dXNlcg==
> > > > User-Agent: Mozilla/4.0 (Hydra)
> > > >
> > > >
> > > > C1:HEAD / HTTP/1.0
> > > > Host: 192.168.1.1
> > > > Authorization: Basic YWRtaW46cEE1NXcwUmQ=
> > > > User-Agent: Mozilla/4.0 (Hydra)
> > > >
> > > >
> > > > C1:HEAD / HTTP/1.0
> > > > Host: 192.168.1.1
> > > > Authorization: Basic YWRtaW46QWRtaW4=
> > > > User-Agent: Mozilla/4.0 (Hydra)
> > > >
> > > >
> > > > C1:HEAD / HTTP/1.0
> > > > Host: 192.168.1.1
> > > > Authorization: Basic YWRtaW46QWRtaW5pc3RyYXRvcg==
> > > > User-Agent: Mozilla/4.0 (Hydra)
> > > >
> > > >
> > > > Hydra (http://www.thc.org) finished at 2011-03-29 13:12:12
> > > > [root@ ~]#
> > > >
> > > >
> > > > What might cause this? If any additional information is needed, please ask!
> > > >
> > > >
> > > > regards,
> > > > Martin
> > > >
> > > > ------------------------------------------------------------------------
> > > > Securing Apache Web Server with thawte Digital Certificate
> > > > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > > > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > > > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > > > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > > > certificates.
> > > >
> > > > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > > > ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------