If you have ever taken a backup of the configuration of the router into a file,

then the free

RouterPassView can help :

The backup file of the router usually contains important data like

your ISP user name/password, the login password of the router, and

wireless network keys. If you lost one of these password/keys, but you

still have a backup file of your router configuration, RouterPassView

might help you to recover your lost password from your router file.

Otherwise, you are reduced to a brute-force attack, where the free

Router Password Kracker can help :

Router Password Kracker is a free software to recover the lost

password of your Router. It can also be used to recover password from

your internet Modem or Web sites which are protected by HTTP BASIC

Authentication.

Generally Routers or Modems control their access by using HTTP BASIC

authentication mechanism. In simple words, when you connect to your

Modem/Router from the browser typically you will

be asked to enter username password. If you ever forget this

password then you will not be able to access your Router/Modem

configuration.

In these cases Router Password Kracker can help you in quickly

recovering your lost password.

Router Password Kracker uses simple Dictionary based password

recovery technique. By default it comes with sample dictionary file

suitable for Routers. However you can find good collection of password

dictionaries also called wordlists here here.

For complex passwords, you can use tools like Crunch or Cupp

to generate brute-force based or any custom password list file and

then use it with Router Password Kracker.

Router Password Kracker is a free software to recover the lost password of your Router. It can also be used to recover password from your internet Modem or Web.

Put down your Club Mate, finish that slice of pizza and hand over control of your mining rig to your little brother because It s time to crack some login pages with THC-Hydra. It s easy, and I wont bore you with to many details.

What s Hydra.

THC-Hydra  is   A very fast network logon cracker which supports many different services.

Supported protocols at the time of this article.

Asterisk,AFP,Cisco AAA,Cisco auth,Cisco enable,CVS,Firebird,FTP,HTTP-FORM-GET,HTTP-FORM-POST,

HTTP-GET,HTTP-HEAD,HTTP-PROXY,HTTPS-FORM-GET,HTTPS-FORM-POST,HTTPS-GET,HTTPS-HEAD,

HTTP-Proxy,ICQ,IMAP,IRC,LDAP,MS-SQL,MYSQL,NCP,NNTP,Oracle Listener,Oracle SID,Oracle,

PC-Anywhere,PCNFS,POP3,POSTGRES,RDP,Rexec,Rlogin,Rsh,S7-300,SAP/R3,SIP,SMB,SMTP,SMTP Enum,

SNMP,SOCKS5,SSH v1 andv2, Subversion,Teamspeak TS2, Telnet,VMware-Auth,VNC andXMPP.

In this example i m going to start by demonstrating an HTTP login form with the router in my test lab  192.168.1.1. To attack a web login, you need a few things.

1. The URL of the web login. In my case its just 192.168.1.1 but this could be a direct URL to some website  somesite.com/login.php

2. Know the type of authentication. By this I mean, we know we are attacking an html web login form but what type of html authentication is being  used. To figure that out I would highly recommend you reference this OWASP page.

https://www.owasp.org/index.php/Testing_for_Brute_Force_ 28OWASP-AT-004 29 Brute_force_Attacks

3. A wordlist. A text file full of usernames / passwords or both.

I was able to use burp suite A web proxy / security application to see that my authentication method was basic by visiting the web login page and attempting to login with any username / password. I then used the linked owasp page to check my syntax for the hydra tool. If your not familiar with burp, just google around for a tutorial to set it up. It s extremely easy.

Wordlist

Accessing the hydra man page manual

As you can see from the above screenshot of the hydra man page we need to give Hydra a login and password file because no default wordlist is included with the tool. This will be two separate files, one containing usernames, and another containing passwords.  This is specified with -L and -P. You could also use one wordlist with -C and separate the details with a colon  login:pass.

If your using Kali Linux you already have access to a good set of wordlists that are provided in the distro in /usr/share/wordlist. This directory location may change as it has changed before in the past so if needed you can hunt it down by using the command find or locate

The RockYou wordlist which is in Kali Linux is very good, but it s huge and will take more time to run through. If you are testing hydra at home or in a test lab I would recommend creating a short custom wordlist that contains your correct username and password to save time. Whatever wordlist you use make sure your username and password are in it  depending on how you are using hydra, with one wordlist with -C or two separate with -L and -P.

Other places for wordlists

https://wiki.skullsecurity.org/Passwords

Scrape webpages to create a custom wordlist. Sure. You can use cewl.

cewl-ekcv-wscraped_output.txtwebsite.com

-w is the output file, v for verbose, -e includes email addresses. You could use this on someones Facebook profile for example.

Now that you have your wordlist, lets get to cracking. I m going to use -L and -P for the usernames and passwords.

hydra-Llogin.txt-Ppass.txt192.168.1.1http-head

Easy enough. The password was found  admin:Iaml33t

Now lets try SSH. On my test machine I setup a test user account newuser. Then, I ran hyrda against that user account.

hydra-lnewuser-Ppass.txt-V192.168.1.182ssh

-l  I specified a single specific username to use, but you could use a list

-P the wordlist for passwords to try

-V verbose

How do I confirm the IP address of the router.

The easiest way is to open up a terminal or CMD on windows and run ifconfig linux ip route windows and look for your default gateway

Practice Links

DVWA – Damn vulnerable web app has a brute force login page that you can practice on

Samsclass has a practice page for brute forcing also

Similar Tools

ncrack       Medusa

Comments and suggestions. Leave them below. Hope you enjoyed.

You may also like my reaver article on attacking WPS, some good router fun.

Lost your NetGear router s username and password. Couldn t remember where you store it. There are two ways to recover the password and gain access to the r.

This is a list of default usernames and passwords used in wireless routers. You will know it now.. so don t forget to change your default user/pass.

Jul 20, 2011  Want to watch this again later. Sign in to add this video to a playlist. router name,username and password link-.

There are several things you can do to recover and manage your LinkSys router passwords. Even if you think you have the password in hand, it pays to know the.

Have you somehow lost your D-Link router s password. Perhaps the easiest way to gain access to your router s admin interface is by restoring it to the defa.

How to Hack Wireless Router Passwords Networks Using Hydra Leaving your wireless router at its default settings is a bad idea. The sad thing is, most people still.

Oct 30, 2008  how to find the ports which are opened in a particullar router address u want to know. not only the port number even u can find the user name and password.