Professional Documents
Culture Documents
THC Hydra - Cracking Router's Admin Login Password Revision
THC Hydra - Cracking Router's Admin Login Password Revision
Home / 0P3N Blog / THC Hydra: Cracking Router's Admin Login Password Revision
By: bachan
July 27, 2021
THC Hydra is a password-cracking tool that supports a wide range of network protocols like FTP,
LDAP, most HTTP methods like GET and POST, databases like MySQL, and much more. These
functions make it a handy tool for network penetration testing. When it comes to credential brute-
force attacks, Hydra is one of the most widely used tools. This post will demonstrate the usage of
Hydra and which commands need to be used to do this.
Hydra can be used to brute-force the password of network routers and other services. With the help
of suitable wordlists, Hydra can crack the passwords of a wide range of network routers and devices.
https://www.cybrary.it/blog/0p3n/thc-hydra-cracking-routers-admin-login-password/ 1/7
9/3/2021 THC Hydra: Cracking Router's Admin Login Password Revision | Cybrary
Cracking passwords is made much easier with such a large number of network appliances on the
internet and across corporate networks being configured with default usernames and passwords or
with weak credentials just for the sake of convenience. This is a bad practice, making Hydra very
useful in finding such vulnerabilities during pentests. Hydra is used to crack FTP server passwords in
this tutorial, but one can crack passwords of network routers and various network appliances using a
similar process.
It’s worth noting here that having a good wordlist is a must for successfully brute-forcing the
password. Often, default passwords change, so it’s a good idea to keep them updated from
resources like the SecLists repository.
Tip: To get an overview of all the commands, options, and flags that can be used with this tool, use
the man hydra command to read the man page of Hydra.
1. First, scan the ports of the target network using a port scanner like Masscan, which has better
performance and is faster if the target infrastructure is large, or Nmap.
3. For this tutorial, let’s use Nmap. Use the Nmap command - Nmap 192.168.1.1, replacing the
given IP address with the target’s (FTP server) IP address.
4. After the Nmap scan is complete, note the open ports and services running on the host. In this
case, the FTP service (port) is open.
5. Run the Hydra command to brute force the credentials of this FTP server - Hydra -l admin -P
password.txt -v -f 192.168.1.1 FTP
The -l flag is used for specifying the login user name. In this case, the username admin is used,
one of the default usernames commonly used across servers and network appliances. However,
if that’s not the case, use the -L flag in the command instead, and specify a wordlist consisting
of commonly used usernames when the only option is to guess the username.
The -v flag is optional for verbose mode. This flag outputs the login attempts.
Specify the IP address of the target being attacked, which in this case is the IP address -
192.168.1.1
https://www.cybrary.it/blog/0p3n/thc-hydra-cracking-routers-admin-login-password/ 2/7
9/3/2021 THC Hydra: Cracking Router's Admin Login Password Revision | Cybrary
Finally, specify the service whose port is open. In this case, it’s the FTP service (other services are
HTTP-get and so on)
6. This process should take some time, as Hydra goes through the specified username and
password combinations from the specified wordlists and tries to log in. If Hydra detects a
successful login, it will output the discovered credentials to the terminal.
Note: Sometimes, there may be a rate limit on the target service to prevent brute-force attacks,
leading to account lockouts; thus, the attack fails.
As mentioned earlier, Hydra supports various network appliances, services, and protocols, and
hence, one can use it for cracking almost any type of password. This can be useful for both internal
and external network penetration tests.
To read more free articles, sign up to Cybrary by clicking on the Sign-Up button in the top right.
Sign up for the Network engineer course to learn more about network security in-depth and gain
more skills.
Reference: https://tools.kali.org/password-attacks/hydra
Previous Next
Schedule Demo
https://www.cybrary.it/blog/0p3n/thc-hydra-cracking-routers-admin-login-password/ 3/7
9/3/2021 THC Hydra: Cracking Router's Admin Login Password Revision | Cybrary
Related Blogs
GRUB stands for GRand Unified Bootloader and is a default bootloader used in Linux distributions. It is
responsible for packing itself at boot time from BIOS and loading the Linux kernel into the memory. It then
transfers the control to the operating system kernel.
Today we will share ...
B LO G
Being able to browse the internet privately is a valid concern in the 21st Century. Many countries, such as
China, have been very open about the fact that they monitor their citizens’ internet usage, going as far as
blocking access to specific websites depending on what those governments think their ...
B LO G
https://www.cybrary.it/blog/0p3n/thc-hydra-cracking-routers-admin-login-password/ 4/7
9/3/2021 THC Hydra: Cracking Router's Admin Login Password Revision | Cybrary
B LO G
Related Courses
How to Use
THC-Hydra
(BSWR)
CYBRARY CO U R S E I N T E R M E D I AT E 9 MINUTES C E RT I F I C AT E O F CO M P L E T I O N O F F E R E D
Managing
Passwords
Managing Passwords
This **“Managing Passwords”** IT Pro Challenge virtual lab will teach you skills important for Systems ...
How to Use
theHarvester
(BSWJ)
CYBRARY CO U R S E I N T E R M E D I AT E 6 MINUTES C E RT I F I C AT E O F CO M P L E T I O N O F F E R E D
https://www.cybrary.it/blog/0p3n/thc-hydra-cracking-routers-admin-login-password/ 5/7
9/3/2021 THC Hydra: Cracking Router's Admin Login Password Revision | Cybrary
Accelerate in your role, earn new certifications, and develop cutting-edge skills using
the fastest growing catalog in the industry
Start Trial
Solutions Platform
Government Alliances
Company Resources
About Blog
Exam Vouchers
Mobile App
https://www.cybrary.it/blog/0p3n/thc-hydra-cracking-routers-admin-login-password/ 6/7
9/3/2021 THC Hydra: Cracking Router's Admin Login Password Revision | Cybrary
Report a Vulnerability
© 2021 Cybrary
https://www.cybrary.it/blog/0p3n/thc-hydra-cracking-routers-admin-login-password/ 7/7