ANTICHAT

ANTICHAT (https://forum.antichat.io/index.php)
-   Песочница (https://forum.antichat.io/forumdisplay.php?f=189)
-   -   [ВОПРОС] Брут админки роутера Гидрой (Hydra) (https://forum.antichat.io/showthread.php?t=432146)

kpa6 28.10.2015 05:01

Здравствуйте.

Люди добрые, спасайте.

Уже какой час сижу и пытаюсь забрутить админку своего собственного роутера с помощью гидры.

Вечно какие-то косяки.

Помогите, пожалуйста, составить правильный запрос. Буду премного благодарен.

Вот заголовки, передаваемые браузером при входе в админку:

(Пароль 12344321 - неверный, если это важно)

Код:

http://192.168.1.1/index.cgi

POST /index.cgi HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.1/
Cookie: cookie_lang=eng; client_login=admin; client_password=12344321
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
v2=y&rs_type=html&A1=admin&A2=12344321&auth=auth
HTTP/1.0 200 OK
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Content-Type: text/html
Expires: Tue, 02 Jan 2000 01:00:00 GMT
Last-Modified: Thu, 01 Jan 1970 11:48:37 GMT
Set-Cookie: cookie_lang=eng

Составляю следующий запрос:

Код:

hydra -l admin -p crabping1 192.168.1.1 http-post-form "/index.cgi:v2=y&rs_type=html&A1=^USER^&A2=^PASS^&auth=auth:badAuthKey:H=Cookie:cookie_lang=eng; client_login=^USER^; client_password=^PASS^:C=cookie_lang=eng:H=Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5;en;q=0.3:H=Accept-Encoding: gzip, deflate:H=Referer: 192.168.1.1:H=DNT:1" -fd -o /root/Desktop/123.txt -t 1
Вот дебаг:

(http://pastebin.com/HdustMAR#)

Код:

  1. root@kali:~# clear

  2. [3;J


  3. root@kali:~# hydra -l admin -p crabping1 192.168.1.1 http-post-form"/index.cgi:v2=y&rs_type=html&A1=^USER^&A2=^PASS^&auth=auth:badAuthKey:H=Cookie: cookie_lang=eng; client_login=^USER^; client_password=^PASS^:C=cookie_lang=eng:H=Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5;en;q=0.3:H=Accept-Encoding: gzip, deflate:H=Referer: 192.168.1.1:H=DNT:1" -fd -o /root/Desktop/123.txt -t 1

  4. Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.


  5. [DEBUG] Output color flag is 1

  6. Hydra (http://www.thc.org/thc-hydra) starting at 2015-10-28 04:53:11

  7. [DEBUG] cmdline: hydra -l admin -p crabping1 -fd -o /root/Desktop/123.txt -t 1 192.168.1.1 http-post-form/index.cgi:v2=y&rs_type=html&A1=^USER^&A2=^PASS^&auth=auth:badAuthKey:H=Cookie: cookie_lang=eng; client_login=^USER^;client_password=^PASS^:C=cookie_lang=eng:H=Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5;en;q=0.3:H=Accept-Encoding: gzip, deflate:H=Referer: 192.168.1.1:H=DNT:1

  8. [DATA] max 1 task per 1 server, overall 64 tasks, 1 login try (l:1/p:1), ~0 tries per task

  9. [DATA] attacking service http-post-form on port 80

  10. [VERBOSE] Resolving addresses ...

  11. [DEBUG] resolving 192.168.1.1

  12. done

  13. [DEBUG] Code: attack  Time: 1446007991

  14. [DEBUG] Options: mode 0 ssl 0 restore 0 showAttempt 0 tasks 1 max_use 64 tnp 0 tpsal 0 tprl 0 exit_found 1 miscptr/index.cgi:v2=y&rs_type=html&A1=^USER^&A2=^PASS^&auth=auth:badAuthKey:H=Cookie: cookie_lang=eng; client_login=^USER^;client_password=^PASS^:C=cookie_lang=eng:H=Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5;en;q=0.3:H=Accept-Encoding: gzip, deflate:H=Referer: 192.168.1.1:H=DNT:1 service http-post-form

  15. [DEBUG] Brains: active 0 targets 1 finished 0 todo_all 1 todo 1 sent 0 found 0 countlogin 1 sizelogin 6 countpass 1 sizepass 11

  16. [DEBUG] Target 0 - target 192.168.1.1  ip 192.168.1.1  login_no 0 pass_no 0 sent 0 pass_state 0 use_count 0 failed 0 done 0 fail_count0 login_ptr admin  pass_ptr crabping1

  17. [DEBUG] Task 0 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  18. [DEBUG] Task 1 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  19. [DEBUG] Task 2 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  20. [DEBUG] Task 3 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  21. [DEBUG] Task 4 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  22. [DEBUG] Task 5 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  23. [DEBUG] Task 6 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  24. [DEBUG] Task 7 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  25. [DEBUG] Task 8 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  26. [DEBUG] Task 9 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  27. [DEBUG] Task 10 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  28. [DEBUG] Task 11 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  29. [DEBUG] Task 12 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  30. [DEBUG] Task 13 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  31. [DEBUG] Task 14 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  32. [DEBUG] Task 15 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  33. [DEBUG] Task 16 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  34. [DEBUG] Task 17 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  35. [DEBUG] Task 18 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  36. [DEBUG] Task 19 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  37. [DEBUG] Task 20 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  38. [DEBUG] Task 21 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  39. [DEBUG] Task 22 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  40. [DEBUG] Task 23 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  41. [DEBUG] Task 24 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  42. [DEBUG] Task 25 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  43. [DEBUG] Task 26 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  44. [DEBUG] Task 27 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  45. [DEBUG] Task 28 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  46. [DEBUG] Task 29 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  47. [DEBUG] Task 30 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  48. [DEBUG] Task 31 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  49. [DEBUG] Task 32 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  50. [DEBUG] Task 33 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  51. [DEBUG] Task 34 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  52. [DEBUG] Task 35 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  53. [DEBUG] Task 36 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  54. [DEBUG] Task 37 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  55. [DEBUG] Task 38 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  56. [DEBUG] Task 39 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  57. [DEBUG] Task 40 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  58. [DEBUG] Task 41 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  59. [DEBUG] Task 42 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  60. [DEBUG] Task 43 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  61. [DEBUG] Task 44 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  62. [DEBUG] Task 45 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  63. [DEBUG] Task 46 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  64. [DEBUG] Task 47 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  65. [DEBUG] Task 48 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  66. [DEBUG] Task 49 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  67. [DEBUG] Task 50 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  68. [DEBUG] Task 51 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  69. [DEBUG] Task 52 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  70. [DEBUG] Task 53 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  71. [DEBUG] Task 54 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  72. [DEBUG] Task 55 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  73. [DEBUG] Task 56 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  74. [DEBUG] Task 57 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  75. [DEBUG] Task 58 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  76. [DEBUG] Task 59 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  77. [DEBUG] Task 60 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  78. [DEBUG] Task 61 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  79. [DEBUG] Task 62 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  80. [DEBUG] Task 63 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)

  81. [DEBUG] head_no[0] to target_no 0 active 0

  82. [DEBUG] child 0 got target 0 selected

  83. [DEBUG] child 0 spawned for target 0 with pid 3260

  84. [DEBUG] head_no[1] to target_no 0 active 0

  85. [DEBUG] child 1 got target -1 selected

  86. [DEBUG] hydra_select_target() reports no more targets left

  87. [DEBUG] head_no 1, kill 0, fail 3

  88. [DEBUG] head_no 0 has pid 3260

  89. [DEBUG] head_no[2] to target_no 0 active 0

  90. [DEBUG] child 2 got target -1 selected

  91. [DEBUG] hydra_select_target() reports no more targets left

  92. [DEBUG] head_no 2, kill 0, fail 3

  93. [DEBUG] head_no[3] to target_no 0 active 0

  94. [DEBUG] child 3 got target -1 selected

  95. [DEBUG] hydra_select_target() reports no more targets left

  96. [DEBUG] head_no 3, kill 0, fail 3

  97. [DEBUG] head_no[4] to target_no 0 active 0

  98. [DEBUG] child 4 got target -1 selected

  99. [DEBUG] hydra_select_target() reports no more targets left

  100. [DEBUG] head_no 4, kill 0, fail 3

  101. [DEBUG] head_no[5] to target_no 0 active 0

  102. [DEBUG] child 5 got target -1 selected

  103. [DEBUG] hydra_select_target() reports no more targets left

  104. [DEBUG] head_no 5, kill 0, fail 3

  105. [DEBUG] head_no[6] to target_no 0 active 0

  106. [DEBUG] child 6 got target -1 selected

  107. [DEBUG] hydra_select_target() reports no more targets left

  108. [DEBUG] head_no 6, kill 0, fail 3

  109. [DEBUG] head_no[7] to target_no 0 active 0

  110. [DEBUG] child 7 got target -1 selected

  111. [DEBUG] hydra_select_target() reports no more targets left

  112. [DEBUG] head_no 7, kill 0, fail 3

  113. [DEBUG] head_no[8] to target_no 0 active 0

  114. [DEBUG] child 8 got target -1 selected

  115. [DEBUG] hydra_select_target() reports no more targets left

  116. [DEBUG] head_no 8, kill 0, fail 3

  117. [DEBUG] head_no[9] to target_no 0 active 0

  118. [DEBUG] child 9 got target -1 selected

  119. [DEBUG] hydra_select_target() reports no more targets left

  120. [DEBUG] head_no 9, kill 0, fail 3

  121. [DEBUG] head_no[10] to target_no 0 active 0

  122. [DEBUG] child 10 got target -1 selected

  123. [DEBUG] hydra_select_target() reports no more targets left

  124. [DEBUG] head_no 10, kill 0, fail 3

  125. [DEBUG] head_no[11] to target_no 0 active 0

  126. [DEBUG] child 11 got target -1 selected

  127. [DEBUG] hydra_select_target() reports no more targets left

  128. [DEBUG] head_no 11, kill 0, fail 3

  129. [DEBUG] head_no[12] to target_no 0 active 0

  130. [DEBUG] child 12 got target -1 selected

  131. [DEBUG] hydra_select_target() reports no more targets left

  132. [DEBUG] head_no 12, kill 0, fail 3

  133. [DEBUG] head_no[13] to target_no 0 active 0

  134. [DEBUG] child 13 got target -1 selected

  135. [DEBUG] hydra_select_target() reports no more targets left

  136. [DEBUG] head_no 13, kill 0, fail 3

  137. [DEBUG] head_no[14] to target_no 0 active 0

  138. [DEBUG] child 14 got target -1 selected

  139. [DEBUG] hydra_select_target() reports no more targets left

  140. [DEBUG] head_no 14, kill 0, fail 3

  141. [DEBUG] head_no[15] to target_no 0 active 0

  142. [DEBUG] child 15 got target -1 selected

  143. [DEBUG] hydra_select_target() reports no more targets leftDEBUG_CONNECT_OK

  144. [DEBUG] head_no 15, kill 0, fail 3


  145. [DEBUG] head_no[16] to target_no 0 active 0

  146. [DEBUG] child 16 got target -1 selected

  147. [DEBUG] hydra_select_target() reports no more targets left

  148. [DEBUG] head_no 16, kill 0, fail 3

  149. [DEBUG] head_no[17] to target_no 0 active 0

  150. [DEBUG] child 17 got target -1 selected

  151. [DEBUG] hydra_select_target() reports no more targets left

  152. [DEBUG] head_no 17, kill 0, fail 3

  153. [DEBUG] head_no[18] to target_no 0 active 0

  154. [DEBUG] child 18 got target -1 selected

  155. [DEBUG] hydra_select_target() reports no more targets left

  156. [DEBUG] head_no 18, kill 0, fail 3

  157. [DEBUG] head_no[19] to target_no 0 active 0

  158. [DEBUG] child 19 got target -1 selected

  159. [DEBUG] hydra_select_target() reports no more targets left

  160. [DEBUG] head_no 19, kill 0, fail 3

  161. [DEBUG] head_no[20] to target_no 0 active 0

  162. [DEBUG] child 20 got target -1 selected

  163. [DEBUG] hydra_select_target() reports no more targets left

  164. [DEBUG] head_no 20, kill 0, fail 3

  165. [DEBUG] head_no[21] to target_no 0 active 0

  166. [DEBUG] child 21 got target -1 selected

  167. [DEBUG] hydra_select_target() reports no more targets left

  168. [DEBUG] head_no 21, kill 0, fail 3

  169. [DEBUG] head_no[22] to target_no 0 active 0

  170. [DEBUG] child 22 got target -1 selected

  171. [DEBUG] hydra_select_target() reports no more targets left

  172. [DEBUG] head_no 22, kill 0, fail 3

  173. [DEBUG] head_no[23] to target_no 0 active 0

  174. [DEBUG] child 23 got target -1 selected

  175. [DEBUG] hydra_select_target() reports no more targets left

  176. [DEBUG] head_no 23, kill 0, fail 3

  177. [DEBUG] head_no[24] to target_no 0 active 0

  178. [DEBUG] child 24 got target -1 selected

  179. [DEBUG] hydra_select_target() reports no more targets left

  180. [DEBUG] head_no 24, kill 0, fail 3

  181. [DEBUG] head_no[25] to target_no 0 active 0

  182. [DEBUG] child 25 got target -1 selected

  183. [DEBUG] hydra_select_target() reports no more targets left

  184. [DEBUG] head_no 25, kill 0, fail 3

  185. [DEBUG] head_no[26] to target_no 0 active 0

  186. [DEBUG] child 26 got target -1 selected

  187. [DEBUG] hydra_select_target() reports no more targets left

  188. [DEBUG] head_no 26, kill 0, fail 3

  189. [DEBUG] head_no[27] to target_no 0 active 0

  190. [DEBUG] child 27 got target -1 selected

  191. [DEBUG] hydra_select_target() reports no more targets left

  192. [DEBUG] head_no 27, kill 0, fail 3

  193. [DEBUG] head_no[28] to target_no 0 active 0

  194. [DEBUG] child 28 got target -1 selected

  195. [DEBUG] hydra_select_target() reports no more targets left

  196. [DEBUG] head_no 28, kill 0, fail 3

  197. [DEBUG] head_no[29] to target_no 0 active 0

  198. [DEBUG] child 29 got target -1 selected

  199. [DEBUG] hydra_select_target() reports no more targets left

  200. [DEBUG] head_no 29, kill 0, fail 3

  201. [DEBUG] head_no[30] to target_no 0 active 0

  202. [DEBUG] child 30 got target -1 selected

  203. [DEBUG] hydra_select_target() reports no more targets left

  204. [DEBUG] head_no 30, kill 0, fail 3

  205. [DEBUG] head_no[31] to target_no 0 active 0

  206. [DEBUG] child 31 got target -1 selected

  207. [DEBUG] hydra_select_target() reports no more targets left

  208. [DEBUG] head_no 31, kill 0, fail 3

  209. [DEBUG] head_no[32] to target_no 0 active 0

  210. [DEBUG] child 32 got target -1 selected

  211. [DEBUG] hydra_select_target() reports no more targets left

  212. [DEBUG] head_no 32, kill 0, fail 3

  213. [DEBUG] head_no[33] to target_no 0 active 0

  214. [DEBUG] child 33 got target -1 selected

  215. [DEBUG] hydra_select_target() reports no more targets left

  216. [DEBUG] head_no 33, kill 0, fail 3

  217. [DEBUG] head_no[34] to target_no 0 active 0

  218. [DEBUG] child 34 got target -1 selected

  219. [DEBUG] hydra_select_target() reports no more targets left

  220. [DEBUG] head_no 34, kill 0, fail 3

  221. [DEBUG] head_no[35] to target_no 0 active 0

  222. [DEBUG] child 35 got target -1 selected

  223. [DEBUG] hydra_select_target() reports no more targets left

  224. [DEBUG] head_no 35, kill 0, fail 3

  225. [DEBUG] head_no[36] to target_no 0 active 0

  226. [DEBUG] child 36 got target -1 selected

  227. [DEBUG] hydra_select_target() reports no more targets left

  228. [DEBUG] head_no 36, kill 0, fail 3

  229. [DEBUG] head_no[37] to target_no 0 active 0

  230. [DEBUG] child 37 got target -1 selected

  231. [DEBUG] hydra_select_target() reports no more targets left

  232. [DEBUG] head_no 37, kill 0, fail 3

  233. [DEBUG] head_no[38] to target_no 0 active 0

  234. [DEBUG] child 38 got target -1 selected

  235. [DEBUG] hydra_select_target() reports no more targets left

  236. [DEBUG] head_no 38, kill 0, fail 3

  237. [DEBUG] head_no[39] to target_no 0 active 0

  238. [DEBUG] child 39 got target -1 selected

  239. [DEBUG] hydra_select_target() reports no more targets left

  240. [DEBUG] head_no 39, kill 0, fail 3

  241. [DEBUG] head_no[40] to target_no 0 active 0

  242. [DEBUG] child 40 got target -1 selected

  243. [DEBUG] hydra_select_target() reports no more targets left

  244. [DEBUG] head_no 40, kill 0, fail 3

  245. [DEBUG] head_no[41] to target_no 0 active 0

  246. [DEBUG] child 41 got target -1 selected

  247. [DEBUG] hydra_select_target() reports no more targets left

  248. [DEBUG] head_no 41, kill 0, fail 3

  249. [DEBUG] head_no[42] to target_no 0 active 0

  250. [DEBUG] child 42 got target -1 selected

  251. [DEBUG] hydra_select_target() reports no more targets left

  252. [DEBUG] head_no 42, kill 0, fail 3

  253. [DEBUG] head_no[43] to target_no 0 active 0

  254. [DEBUG] child 43 got target -1 selected

  255. [DEBUG] hydra_select_target() reports no more targets left

  256. [DEBUG] head_no 43, kill 0, fail 3

  257. [DEBUG] head_no[44] to target_no 0 active 0

  258. [DEBUG] child 44 got target -1 selected

  259. [DEBUG] hydra_select_target() reports no more targets left

  260. [DEBUG] head_no 44, kill 0, fail 3

  261. [DEBUG] head_no[45] to target_no 0 active 0

  262. [DEBUG] child 45 got target -1 selected

  263. [DEBUG] hydra_select_target() reports no more targets left

  264. [DEBUG] head_no 45, kill 0, fail 3

  265. [DEBUG] head_no[46] to target_no 0 active 0

  266. [DEBUG] child 46 got target -1 selected

  267. [DEBUG] hydra_select_target() reports no more targets left

  268. [DEBUG] head_no 46, kill 0, fail 3

  269. [DEBUG] head_no[47] to target_no 0 active 0

  270. [DEBUG] child 47 got target -1 selected

  271. [DEBUG] hydra_select_target() reports no more targets left

  272. [DEBUG] head_no 47, kill 0, fail 3

  273. [DEBUG] head_no[48] to target_no 0 active 0

  274. [DEBUG] child 48 got target -1 selected

  275. [DEBUG] hydra_select_target() reports no more targets left

  276. [DEBUG] head_no 48, kill 0, fail 3

  277. [DEBUG] head_no[49] to target_no 0 active 0

  278. [DEBUG] child 49 got target -1 selected

  279. [DEBUG] hydra_select_target() reports no more targets left

  280. [DEBUG] head_no 49, kill 0, fail 3

  281. [DEBUG] head_no[50] to target_no 0 active 0

  282. [DEBUG] child 50 got target -1 selected

  283. [DEBUG] hydra_select_target() reports no more targets left

  284. [DEBUG] head_no 50, kill 0, fail 3

  285. [DEBUG] head_no[51] to target_no 0 active 0

  286. [DEBUG] child 51 got target -1 selected

  287. [DEBUG] hydra_select_target() reports no more targets left

  288. [DEBUG] head_no 51, kill 0, fail 3

  289. [DEBUG] head_no[52] to target_no 0 active 0

  290. [DEBUG] child 52 got target -1 selected

  291. [DEBUG] hydra_select_target() reports no more targets left

  292. [DEBUG] head_no 52, kill 0, fail 3

  293. [DEBUG] head_no[53] to target_no 0 active 0

  294. [DEBUG] child 53 got target -1 selected

  295. [DEBUG] hydra_select_target() reports no more targets left

  296. [DEBUG] head_no 53, kill 0, fail 3

  297. [DEBUG] head_no[54] to target_no 0 active 0

  298. [DEBUG] child 54 got target -1 selected

  299. [DEBUG] hydra_select_target() reports no more targets left

  300. [DEBUG] head_no 54, kill 0, fail 3

  301. [DEBUG] head_no[55] to target_no 0 active 0

  302. [DEBUG] child 55 got target -1 selected

  303. [DEBUG] hydra_select_target() reports no more targets left

  304. [DEBUG] head_no 55, kill 0, fail 3

  305. [DEBUG] head_no[56] to target_no 0 active 0

  306. [DEBUG] child 56 got target -1 selected

  307. [DEBUG] hydra_select_target() reports no more targets left

  308. [DEBUG] head_no 56, kill 0, fail 3

  309. [DEBUG] head_no[57] to target_no 0 active 0

  310. [DEBUG] child 57 got target -1 selected

  311. [DEBUG] hydra_select_target() reports no more targets left

  312. [DEBUG] head_no 57, kill 0, fail 3

  313. [DEBUG] head_no[58] to target_no 0 active 0

  314. [DEBUG] child 58 got target -1 selected

  315. [DEBUG] hydra_select_target() reports no more targets left

  316. [DEBUG] head_no 58, kill 0, fail 3

  317. [DEBUG] head_no[59] to target_no 0 active 0

  318. [DEBUG] child 59 got target -1 selected

  319. [DEBUG] hydra_select_target() reports no more targets left

  320. [DEBUG] head_no 59, kill 0, fail 3

  321. [DEBUG] head_no[60] to target_no 0 active 0

  322. [DEBUG] child 60 got target -1 selected

  323. [DEBUG] hydra_select_target() reports no more targets left

  324. [DEBUG] head_no 60, kill 0, fail 3

  325. [DEBUG] head_no[61] to target_no 0 active 0

  326. [DEBUG] child 61 got target -1 selected

  327. [DEBUG] hydra_select_target() reports no more targets left

  328. [DEBUG] head_no 61, kill 0, fail 3

  329. [DEBUG] head_no[62] to target_no 0 active 0

  330. [DEBUG] child 62 got target -1 selected

  331. [DEBUG] hydra_select_target() reports no more targets left

  332. [DEBUG] head_no 62, kill 0, fail 3

  333. [DEBUG] head_no[63] to target_no 0 active 0

  334. [DEBUG] child 63 got target -1 selected

  335. [DEBUG] hydra_select_target() reports no more targets left

  336. [DEBUG] head_no 63, kill 0, fail 3

  337. [DEBUG] head_no[0] to target_no 0 active 1

  338. [DEBUG] head_no[0] read n

  339. [DEBUG] send_next_pair_init target 0, head 0, redo 0, redo_state 0, pass_state 0. loop_mode 0, curlogin (null), curpass (null), tlogin admin, tpass crabping1, logincnt 0/1, passcnt 0/1, loop_cnt 1

  340. [DEBUG] send_next_pair_mid done 1, pass_state 0, clogin admin, cpass crabping1, tlogin -p, tpass crabping1, redo 0

  341. [ATTEMPT] target 192.168.1.1 - login "admin" - pass "crabping1" - 1 of 1 [child 0]

  342. [DEBUG] SEND [pid:3260] (269 bytes):

  343. 0000:  4745 5420 636f 6f6b 6965 5f6c 616e 673d    [ GET cookie_lang= ]

  344. 0010:  656e 6720 4854 5450 2f31 2e30 0d0a 436f    [ eng HTTP/1.0..Co ]

  345. 0020:  6f6b 6965 3a20 636f 6f6b 6965 5f6c 616e    [ okie: cookie_lan ]

  346. 0030:  673d 656e 673b 2063 6c69 656e 745f 6c6f    [ g=eng; client_lo ]

  347. 0040:  6769 6e3d 5e55 5345 525e 3b20 636c 6965  [ gin=^USER^; clie ]

  348. 0050:  6e74 5f70 6173 7377 6f72 643d 5e50 4153  [ nt_password=^PAS ]

  349. 0060:  535e 0d0a 4163 6365 7074 2d4c 616e 6775  [ S^..Accept-Langu ]

  350. 0070:  6167 653a 2072 752d 5255 2c72 753b 713d    [ age: ru-RU,ru;q= ]

  351. 0080:  302e 382c 656e 2d55 533b 713d 302e 353b    [ 0.8,en-US;q=0.5; ]

  352. 0090:  656e 3b71 3d30 2e33 0d0a 4163 6365 7074  [ en;q=0.3..Accept ]

  353. 00a0:  2d45 6e63 6f64 696e 673a 2067 7a69 702c    [ -Encoding: gzip, ]

  354. 00b0:  2064 6566 6c61 7465 0d0a 5265 6665 7265  [ deflate..Refere ]

  355. 00c0:  723a 2031 3932 2e31 3638 2e31 2e31 0d0a    [ r: 192.168.1.1.. ]

  356. 00d0:  444e 543a 200d 0a48 6f73 743a 2031 3932  [ DNT: ..Host: 192 ]

  357. 00e0:  2e31 3638 2e31 2e31 0d0a 5573 6572 2d41    [ .168.1.1..User-A ]

  358. 00f0:  6765 6e74 3a20 4d6f 7a69 6c6c 612f 352e    [ gent: Mozilla/5. ]

  359. 0100:  3020 2848 7964 7261 290d 0a0d 0a          [ 0 (Hydra)....    ]

  360. [DEBUG] hydra_receive_line: waittime: 32, conwait: 0, socket: 7, pid: 3260

  361. [DEBUG] RECV [pid:3260] (211 bytes):

  362. 0000:  4854 5450 2f31 2e30 2034 3030 2042 6164  [ HTTP/1.0 400 Bad ]

  363. 0010:  2052 6571 7565 7374 0a43 6f6e 7465 6e74    [ Request.Content ]

  364. 0020:  2d74 7970 653a 2074 6578 742f 6874 6d6c    [ -type: text/html ]

  365. 0030:  0d0a 4461 7465 3a20 5468 752c 2030 3120  [ ..Date: Thu, 01  ]

  366. 0040:  4a61 6e20 3139 3730 2031 333a 3132 3a32    [ Jan 1970 13:12:2 ]

  367. 0050:  3020 474d 540d 0a43 6f6e 6e65 6374 696f    [ 0 GMT..Connectio ]

  368. 0060:  6e3a 2063 6c6f 7365 0d0a 0d0a 3c48 4541  [ n: close....400 Bad ]

  369. 0080:  2052 6571 7565 7374 3c2f 5449 544c 453e    [ Request ]

  370. 0090:  3c2f 4845 4144 3e0a 3c42 4f44 593e 3c48    [ .400 Bad Reques ]

  371. 00b0:  743c 2f48 313e 0a55 6e73 7570 706f 7274  [ t.Unsupport ]

  372. 00c0:  6564 206d 6574 686f 642e 0a3c 2f42 4f44    [ ed method...              ]

  373. [DEBUG] hydra_receive_line: waittime: 32, conwait: 0, socket: 7, pid: 3260

  374. [DEBUG] RECV [pid:3260] (0 bytes):

  375. DEBUG_DISCONNECT

  376. DEBUG_CONNECT_OK

  377. [DEBUG] SEND [pid:3260] (329 bytes):

  378. 0000:  504f 5354 202f 696e 6465 782e 6367 6920  [ POST /index.cgi  ]

  379. 0010:  4854 5450 2f31 2e30 0d0a 436f 6f6b 6965  [ HTTP/1.0..Cookie ]

  380. 0020:  3a20 6164 6d69 6e0d 0a41 6363 6570 742d    [ : admin..Accept- ]

  381. 0030:  4c61 6e67 7561 6765 3a20 7275 2d52 552c    [ Language: ru-RU, ]

  382. 0040:  7275 3b71 3d30 2e38 2c65 6e2d 5553 3b71    [ ru;q=0.8,en-US;q ]

  383. 0050:  3d30 2e35 3b65 6e3b 713d 302e 330d 0a41    [ =0.5;en;q=0.3..A ]

  384. 0060:  6363 6570 742d 456e 636f 6469 6e67 3a20    [ ccept-Encoding:  ]

  385. 0070:  677a 6970 2c20 6465 666c 6174 650d 0a52    [ gzip, deflate..R ]

  386. 0080:  6566 6572 6572 3a20 3139 322e 3136 382e    [ eferer: 192.168. ]

  387. 0090:  312e 310d 0a44 4e54 3a20 0d0a 486f 7374  [ 1.1..DNT: ..Host ]

  388. 00a0:  3a20 3139 322e 3136 382e 312e 310d 0a55    [ : 192.168.1.1..U ]

  389. 00b0:  7365 722d 4167 656e 743a 204d 6f7a 696c    [ ser-Agent: Mozil ]

  390. 00c0:  6c61 2f35 2e30 2028 4879 6472 6129 0d0a    [ la/5.0 (Hydra).. ]

  391. 00d0:  436f 6e74 656e 742d 4c65 6e67 7468 3a20    [ Content-Length:  ]

  392. 00e0:  3530 0d0a 436f 6e74 656e 742d 5479 7065  [ 50..Content-Type ]

  393. 00f0:  3a20 6170 706c 6963 6174 696f 6e2f 782d    [ : application/x- ]

  394. 0100:  7777 772d 666f 726d 2d75 726c 656e 636f    [ www-form-urlenco ]

  395. 0110:  6465 640d 0a0d 0a76 323d 7926 7273 5f74    [ ded....v2=y&rs_t ]

  396. 0120:  7970 653d 6874 6d6c 2641 313d 6164 6d69    [ ype=html&A1=admi ]

  397. 0130:  6e26 4132 3d31 3233 3434 3332 3145 6726  [ n&A2=crabping1& ]

  398. 0140:  6175 7468 3d61 7574 68                  [ auth=auth        ]

  399. HTTP request sent:[0A]POST /index.cgi HTTP/1.0[0D][0A]Cookie: admin[0D][0A]Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5;en;q=0.3[0D][0A]Accept-Encoding: gzip, deflate[0D][0A]Referer: 192.168.1.1[0D][0A]DNT: [0D][0A]Host: 192.168.1.1[0D][0A]User-Agent: Mozilla/5.0 (Hydra)[0D][0A]Content-Length: 50[0D][0A]Content-Type: application/x-www-form-urlencoded[0D][0A][0D][0A]v2=y&rs_type=html&A1=admin&A2=crabping1&auth=auth[0A]

  400. [DEBUG] hydra_receive_line: waittime: 32, conwait: 0, socket: 7, pid: 3260

  401. [DEBUG] RECV [pid:3260] (16 bytes):

  402. 0000:  4854 5450 2f31 2e30 2032 3030 204f 4b0a    [ HTTP/1.0 200 OK. ]

  403. [DEBUG] hydra_receive_line: waittime: 32, conwait: 0, socket: 7, pid: 3260

  404. [DEBUG] RECV [pid:3260] (1448 bytes):

  405. 0000:  5072 6167 6d61 3a20 6e6f 2d63 6163 6865  [ Pragma: no-cache ]

  406. 0010:  0d0a 4361 6368 652d 436f 6e74 726f 6c3a    [ ..Cache-Control: ]

  407. 0020:  206e 6f2d 6361 6368 652c 206d 7573 742d    [ no-cache, must- ]

  408. 0030:  7265 7661 6c69 6461 7465 0d0a 436f 6e74    [ revalidate..Cont ]

  409. 0040:  656e 742d 7479 7065 3a20 7465 7874 2f68    [ ent-type: text/h ]

  410. 0050:  746d 6c0d 0a45 7870 6972 6573 3a20 5475  [ tml..Expires: Tu ]

  411. 0060:  652c 2030 3220 4a61 6e20 3230 3030 2030  [ e, 02 Jan 2000 0 ]

  412. 0070:  313a 3030 3a30 3020 474d 540d 0a4c 6173  [ 1:00:00 GMT..Las ]

  413. 0080:  742d 4d6f 6469 6669 6564 3a20 5468 752c    [ t-Modified: Thu, ]

  414. 0090:  2030 3120 4a61 6e20 3139 3730 2031 333a    [ 01 Jan 1970 13: ]

  415. 00a0:  3132 3a32 3020 474d 540d 0a53 6574 2d43    [ 12:20 GMT..Set-C ]

  416. 00b0:  6f6f 6b69 653a 2063 6f6f 6b69 655f 6c61    [ ookie: cookie_la ]

  417. 00c0:  6e67 3d72 7573 0d0a 0d0a 3c3f 786d 6c20    [ ng=rus.... ]

  418. 00f0:  0a3c 2144 4f43 5459 5045 2068 746d 6c20    [ ....DSL ]

  419. 01c0:  5f32 3634 304e 5255 3c2f 7469 746c 653e    [ _2640NRU ]

  420. 01d0:  0a3c 6d65 7461 206e 616d 653d 2264 6174  [ . ]

  421. 01f0:  0a3c 6d65 7461 206e 616d 653d 2267 656e    [ ....... ]

  422. 0380:  0a3c 6d65 7461 2068 7474 702d 6571 7569  [ .. ]

  423. 0400:  0a3c 6c69 6e6b 2072 656c 3d22 7368 6f72    [ ...... ]

  424. 0580:  3c2f 7363 7269 7074 3e0a 3c73 6372 6970  [ ... ]

  425. 00a0:  3c2f 7363 7269 7074 3e0a 3c73 6372 6970  [ ....var badAuthKe ]

  426. 0160:  7920 3d20 2262 6164 5f61 7574 6822 3b0a    [ y = "bad_auth";. ]

  427. 0170:  2428 7374 6172 7429 0a3c 2f73 6372 6970  [ $(start).............. ]

  428. 02c0:  3c69 6e70 7574 2074 7970 653d 2268 6964  [ ..DSL_2640NRU.......
    ...
    ..............    ]

  429. [DEBUG] attempt result: found 1, redirect 0, location:

  430. [DEBUG] head_no[0] to target_no 0 active 1

  431. [DEBUG] head_no[0] read N

  432. [STATUS] attack finished for 192.168.1.1 (waiting for children to complete tests)

  433. [DEBUG] head_no 0, kill 1, fail 0

  434. DEBUG_DISCONNECT[DEBUG] all targets done and all heads finished

  435. [DEBUG] while loop left with 1

  436. [DEBUG] killing all remaining children now that might be stuck

  437. 1 of 1 target completed, 0 valid passwords found

  438. Hydra (http://www.thc.org/thc-hydra) finished at 2015-10-28 04:53:11

  439. root@kali:~#



kpa6 28.10.2015 14:39

Я нашёл проблему. Теперь новый вопрос.

Каким образом можно установить переменные ^USER^ и ^PASS^ в заголовки гидры? То есть в :H=client_login=^USER^; client_password=^PASS^?

При подстановке этих значений они не заменяются на логин и пароль

Мой запрос:

Код:

hydra -l admin -p crabping1 192.168.1.1 http-post-form "/index.cgi:v2=y&rs_type=html&A1=^USER^&A2=^PASS^&auth=auth:A2:H=Cookie: cookie_lang=eng; client_login=^USER^; client_password=^PASS^" -fVd
Если изменить в :H переменные ^USER^, ^PASS^ на нужные значения, то всё проходит успешно.

UPD

Даже в описании гидры написано, что ^USER^ и ^PASS^ в заголовках изменяются на значения логина и пароля. В чём проблема то?:!

UPD

Если в заголовке оставлять ^USER^ или ^PASS^, то "сжирается" всё за исключением

"Cookie: admin" На месте "admin" стояло ^USER^

Каким образом можно вставить данные в заголовок так же, как они вставляются в часть запроса?

.SpoilerTarget" type="button">Spoiler: Альтернативная формулировка мысли.
Всем доброго времени суток. Здравствуйте.

Сижу уже второй день, перечитал гору мусора и полезных статей касательно гидры.

Прошерстил каждую строку её хелпы, но всё равно не нашёл ответа.

Есть запрос следующего вида:

Код:

hydra -l admin -p crabping1 192.168.1.1 http-post-form "/index.cgi:v2=y&rs_type=html&A1=^USER^&A2=^PASS^&auth=auth:A2:H=Cookie: cookie_lang=eng; client_login=^USER^; client_password=^PASS^" -fVd
Проблема в том, что переменные ^USER^ и ^PASS^, идущие в заголовокH=) неадекватно воспринимаются гидрой.

Я рассчитывал на то, что эти переменные просто будут заменяться на нужные значения, однако всё пошло к х не так, как я планировал.

С помощью дебага я определил, что в данном случае хеадер получается такой:

Код:

Cookie: admin
То есть всё остальное отрезалось.

Как вы можете понять - значение admin образовалось из переменной ^USER^

Надеюсь на вашу помощь в решении данного вопроса. Свои силы на исходе.

Если же я ставлю заместо ^USER^ и ^PASS^ верные значения, то авторизация проходит успешно.

Так что запрос по своей сути верный.

P.S: роутер свой.

ZombieXLX 16.11.2015 01:59

Используй медузу

# medusa -h 192.168.0.1 -U us -P pw -M http

ACCOUNT FOUND: [http] Host: 192.168.0.1 User: admin Password: admin [SUCCESS]

Kevin Shindel 29.01.2016 12:20

client_login=^USER^&client_password=^PASS^

ты забыл поставить знак &

leksadin 06.02.2016 14:09

проблема решена?

kpa6 14.02.2016 14:33

Цитата:

Сообщение от leksadin

проблема решена?

Тогда я не смог решить эту проблему.

Как вариант - самопись. Делать его не долго.

leksadin 15.02.2016 00:53

Код:

hydra -l "" -P passwords/password-2011.lst http-post-form://ctf.infosecinstitute.com -m '/ctf2/exercises/ex12.php:username=admin&password=^PASS^&logIn=Login:Incorrect username or password combination' -F
можешь взять как пример

P.S. запрос рабочий

kpa6 16.02.2016 01:54

Цитата:

Сообщение от leksadin

Код:

hydra -l "" -P passwords/password-2011.lst http-post-form://ctf.infosecinstitute.com -m '/ctf2/exercises/ex12.php:username=admin&password=^PASS^&logIn=Login:Incorrect username or password combination' -F
можешь взять как пример
P.S. запрос рабочий

Может быть потом понадобится. Спасибо)


Время: 10:16