Follow @sillychickennz

Silly Chicken
Home

How to brute force your router in windows

Posted by Sillychicken On October - 6 - 2011 5 Comments
This will give you a quick run down on how to brute force your router if it uses HTTP BASIC AUTH
using THC-HYDRA
If you receive a popup window when you try to access your router, then this method should work for you.

Read the article then watch the movie

THC-Hydra can be downloaded from their site here

Password list try openwalls free list
Find your router IP, you should already know this, mine is 192.168.1.2. It is a DSL-G604T and the default username for this router is
admin.
If for some reason you cant remember yours try a default password site such as CIRT.net
Make sure you have downloaded and extracted THC-Hydra. I have extracted mine to C:\CMD\Hydra in this example and I also have
my password list in the Hydra directory.

www.sillychicken.co.nz/2011/10/how-to-brute-force-your-router-in-windows/

1/3

Open a command prompt and navigate to the Hydra directory

to change directory in dos used the CD command followed by the path CD C:\CMD\Hydra
run the command below substituting in your values
(command flags are case sensitive).
hydra -l {username} -P {password list path} -s {port} {IP Address} http-get /
My command looks like:
hydra -l admin -P password.lst -s 80 192.168.1.2 http-get /
Command break down:
hydra > the hydra program
-l > (lower case L not to be confused with a upper case i) single username to target. Use uppercase -L to specify a username list
-P > provide path to password lis. -p to try a single password ie passw0rd
-s > port to target your router may run on a different port such as 8080
{IP Address} hopefully this is clear
http-get > service to brute force
/ > this specifies the page to target if this is left out the command will not run. / just indicates the root do not include the
you will get an output line with username and password if you are successful.
This attack is only as good as your dictionary.
Next how to brute force web forms, check it out!!
IMPORTANT:
This is for educational purposes only, dont go attacking devices which dont belong to you .

Categories: Security, Windows

5 Responses so far.
1.

Pratik Koirala says:

February 19, 2012 at 6:02 pm
thank you so much. I found the password.

Reply
2.

LPunker says:
May 7, 2012 at 9:02 pm
I want to test this, but im affraid my service provider wil see that i try to bruteforce my router. Is it possible that they can see that
im brute forcing it by the way?

www.sillychicken.co.nz/2011/10/how-to-brute-force-your-router-in-windows/

2/3

Reply
3.

Shashi says:
May 20, 2012 at 3:37 pm
I need password list to download. how can i get that file..
Reply

4.

snake says:
June 2, 2012 at 8:40 am
password list attack is called wordlist attack not brute force.
BF is when the hacking tool tries all the alphanumeric and special characters that the user selected.
Reply

5.

Silver says:
August 7, 2012 at 7:22 am
I have a dictionary of 1 GB and I can not use it, the thc-hydra gives me this error:
Error: Could not allocate enough memory for password file data
Reply

Name (required)

Mail (required)

Website

Submit

Search
Search

Twitter updates
RT @Drkevl: A #spooky signal from @SETIlive http://t.co/5xAi0CbR # 2012/03/01
RT @JTraden: Free Apple app store codes for mIP and NZ Quiz !! http://t.co/UY1iVOwo # 2012/02/18
Crack wifi Protect setup (WPS) to access wifi network http://t.co/q9NPV5Xh # 2012/01/01
Cracking WEP no clients from Virtual Machine http://t.co/Kviv0FuO # 2011/11/28
#Linux, the Microsoft work around # 2011/11/24
Copyright 2012 Silly Chicken - The boat engine makes noise...

www.sillychicken.co.nz/2011/10/how-to-brute-force-your-router-in-windows/

3/3