Author Topic: HTTP 1.1 / Basic Authentication Bypass?? Possible??  (Read 3177 times)

0 Members and 1 Guest are viewing this topic.

Offline FurqanHanif

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -6
    • View Profile
HTTP 1.1 / Basic Authentication Bypass?? Possible??
« on: May 03, 2015, 05:48:39 pm »
i Have A router , Model i Think 2009 or 10 , using micro_httpd  so  is  it's authentication can be bypass , is it possible to retrieve the password in hash and then crack it or simply bypass it's authentication ??? 
i Know About Xhydra and i also used it , so please don't tell me about using such kind of password cracking software...
Thanks in advance ...

this is the full detail of my Router..

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #1 on: May 03, 2015, 06:05:10 pm »
Bruteforce
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Cicada 3301

  • Guest
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #2 on: May 03, 2015, 07:56:24 pm »
Try attacking the 8-digit pin in the router. You can do this by using Reaver, it takes about ~ 4 - 10 hours.


This only works if WPS is not locked. You can see if it is open or not using wash (wash -i <monitor interface>)
« Last Edit: May 03, 2015, 08:02:46 pm by Cicada 3301 »

Offline FurqanHanif

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -6
    • View Profile
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #3 on: May 03, 2015, 08:34:10 pm »
Bruteforce
Bruteforce Not Gonna work if password is #kjkjhuijko88287098JbJh#$%%# and you Know it ..
So ......

Offline FurqanHanif

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -6
    • View Profile
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #4 on: May 03, 2015, 08:35:19 pm »
Try attacking the 8-digit pin in the router. You can do this by using Reaver, it takes about ~ 4 - 10 hours.


This only works if WPS is not locked. You can see if it is open or not using wash (wash -i <monitor interface>)
I am Talking About Login , Not Wifi Hacking...  ???

Cicada 3301

  • Guest
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #5 on: May 03, 2015, 08:36:30 pm »
I am Talking About Login , Not Wifi Hacking...  ???


-.- You are trying to crack the password, then that would work.

Offline TheWormKill

  • EZ's Scripting Whore
  • Global Moderator
  • Knight
  • *
  • Posts: 257
  • Cookies: 66
  • The Grim Reaper of Worms
    • View Profile
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #6 on: May 03, 2015, 08:37:21 pm »
Bruteforce Not Gonna work if password is #kjkjhuijko88287098JbJh#$%%# and you Know it ..
So ......
Bruteforce always works. It's just not efficient and thus slow. And use the damn modify-button!
Stuff I did: How to think like a superuser, Iridium

He should make that "Haskell"
Quote
<m0rph-is-gay> fuck you thewormkill you python coding mother fucker

Cicada 3301

  • Guest
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #7 on: May 03, 2015, 08:40:19 pm »
Bruteforce always works. It's just not efficient and thus slow. And use the damn modify-button!


Some list of characters don't include what the password is. So brute force might not always work.


It all depends on the complexity.

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #8 on: May 03, 2015, 08:40:28 pm »
Then reset the router to go back to admin:password defaults. Brute force/word list is the solution. A good one? No, the only one that will work? Yes.

Another solution is routerpwn. You either need to find an exploit or develop your own for that router and firmware. Its not going to be in the http author unless you can get the pwd file from the server, however that's easier said than done depending on the system.


Some list of characters don't include what the password is. So brute force might not always work.

It all depends on the complexity.

You need to shut your mouth when you don't know something. Brute force will ALWAYS work. If your skidshit tool don't have the characters, obviously you need to have them inputted. The only time brute force will fail is if there's antihammar, which doesn't mean brute force doesn't always work, it means the system blocks it because it knows it WILL WORK which is why all secure systems will lock you out after so many failed attempts.


-.- You are trying to crack the password, then that would work.
The wireless encryption password does not give you access to the router password. He's already on the network dumbfuck

Learn something before you open your mouth and spread your ignorance please.
« Last Edit: May 03, 2015, 08:46:24 pm by DeepCopy »
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline HTTP

  • Serf
  • *
  • Posts: 28
  • Cookies: -19
    • View Profile
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #9 on: May 04, 2015, 02:21:22 am »
Fuck dude, your ignorant. First of all, I assume he misunderstood the question, dumbfuck. Why talk about the knowledge?Also, no shit you need them inputted, that's why brute force might not work if the characters arenot inputted, fucking tard.
« Last Edit: May 04, 2015, 02:21:44 am by HTTP »

Offline HTTP

  • Serf
  • *
  • Posts: 28
  • Cookies: -19
    • View Profile
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #10 on: May 04, 2015, 09:09:03 pm »
And who the hell would ever let reaver run its full course nowadays? Oh yeah, dumb fucks that don't have a clue what they are talking about.


Are you retarded? Is this comment for real? Oh yeah, I forgot, you work as a construction worker.
« Last Edit: May 04, 2015, 09:17:31 pm by HTTP »

Offline TheWormKill

  • EZ's Scripting Whore
  • Global Moderator
  • Knight
  • *
  • Posts: 257
  • Cookies: 66
  • The Grim Reaper of Worms
    • View Profile
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #11 on: May 04, 2015, 09:15:39 pm »

Are you retarded? Is this comment for real? Oh yeah, I forgot, you work as a construction worker.
It's interesting how you accuse others of being dumb (without a proper argument, and no yours isn't valid, read what DeepCopy 0pt1mu5pr1m3 etc. wrote), yet fail to follow the simple "No double-posting, faggot"-rule.

Apart from that: why the fuck does every second thread I see develop into a flamewar of the lowest, though entertaining kind?
Stuff I did: How to think like a superuser, Iridium

He should make that "Haskell"
Quote
<m0rph-is-gay> fuck you thewormkill you python coding mother fucker

Offline HTTP

  • Serf
  • *
  • Posts: 28
  • Cookies: -19
    • View Profile
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #12 on: May 04, 2015, 09:34:55 pm »
Optimus's response made sense to you? I've had plenty success by attacking the routers 8 digit pin if WPS is open.


Oh, it's that because evilzone is not what it was before. And fuck EZ, it's turned to shit, and I'm not going to be serious on this shit forum anymore. I'm just going to use 4chan logic from now on.
« Last Edit: May 04, 2015, 09:36:36 pm by HTTP »

Offline 0E 800

  • Not a VIP
  • VIP
  • Baron
  • *
  • Posts: 895
  • Cookies: 131
  • • тнε ιηтεяηεт ιs мү яεcүcℓε-вιη •
    • View Profile
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #13 on: May 04, 2015, 09:36:22 pm »
Optimus's response made sense to you? I've had plenty success by attacking the routers 8 digit pin if WPS is open.

The invariable mark of wisdom is to see the miraculous in the common.

Offline Axon

  • VIP
  • King
  • *
  • Posts: 2047
  • Cookies: 319
    • View Profile
Re: HTTP 1.1 / Basic Authentication Bypass?? Possible??
« Reply #14 on: May 04, 2015, 09:50:33 pm »
Calm down kids, discuss this issue as civilized individuals?