Bruteforcing Http Auth on OSX


Suppose you forgot the password of your router. What can you do?…. should you just reset the device?.
Nahhhh…. that’s boring. That’s why we’re gonna try to bruteforce http basic authentication.

We’re assuming that you run some incarnation of OSX, and you have Mac Ports installed. Right?.
We’ll need to download hydra… a bruteforce tool… so… fire up a terminal, and type the following:

[cc lang=”bash”]sudo port install hydra[/cc]

So far so good. Now, we’re gonna need to create our own password list. In order to do so, we’ll rely on crunch. It’s a nice shell tool, that builds on OSX as well. Download it here first. If you get any troubles building it, try typing:

[cc lang=”bash”]gcc crunch.c -o crunch[/cc]

For some reason, the makefile isn’t working… so i just built it right away with gcc.

Allright! we’ve got all what we need. Now, let’s suppose we wanna generate passwords with 5 characters length, including lowercase, uppercase and numbers. So… we should fire up our terminal, and type this:

[code]./crunch 5 5 -f charset.lst mixalpha-numeric -o wordlist.txt[/code]

Beware. That will take about 5 GB of space of your storage. Okay, okay. We’re almost there. Now, it’s time to try hydra. Try the following syntax:

[cc lang=”bash”]hydra -l admin -P wordlist.txt -vV -s 80 HOSTNAME http-get /[/cc]

Of course. We need the username, in this example we assume it’s ‘admin’. And we also assume that we’re hitting port 80.
Good luck!