Password recovery tool over telnet or http basic auth

Question

In my feeble attempt to secure my router, I disabled the service login and either

1. changed the "admin" login and the password, or
2. changed only the password for the "admin" login

Normally, I would hard-reset the router, but this one is special and on loan with various settings for a limited trial (contains SIP settings, tweaked timeouts etc). The tech guy from ISP told me it'll cost a callout to reconfigure the trial router all over again, so I'm stuck with password recovery.

If I browse to the gateway address, it comes up with an auth request, not a webpage, but a "this server requires a username and password" type. I can telnet to the gateway, which ends up with 3 tries at login.

Computers on this network: OSX Lion and Windows (XP/8).

What tools can I use? I looked around and I could be wrong but JTR looked like it attacks a hash file rather than cracking over telnet.

Answer 1

As Jeff stated, THC-Hydra is a good application of choice. I'll try to cover the basic usage for your situation.

You will need a dictionary file unless you want to bruteforce every single character possible.

In the examples change the following fields:

• dictionary file: Your password file
• ip address: The router
• protocol: Either telnet or http-head. Incase of https just type https-head and add -S
• username file: A file with a list of usernames to bruteforce

Known username with dictionary attack:

hydra -l admin -P <dictionary file> -e nsr -f <ip address> <protocol>

Known username with bruteforce attack.

Generate 3-8 char long password with both cases and numbers:

hydra -l admin -x 3:8:aA1 -e nsr -f <ip address> <protocol>

Unknown username

hydra -L <username file> -P <dictionary file> -e nsr -f <ip address> <protocol>

Ofcourse reading the manual will tell you this aswell.

Answer 2

I would suggest using Hydra. It provides for trying passwords over a network.