I'm testing Hydra against a router I know the username and passwordfor, but I'm getting flaky results. I'm trying to brute force the enable password, but I don't think my command line is quite right. Can someone point me in the right direction please?

Here's what I'm using. Remember I already know the passwords for Telnet and enable. I'm just trying to see is the enable cracker in Hydra works (for me).

#hydra 192.168.1.1 cisco-enable -s 23 -P passlist.txt -t 4 -f -m ""

Here's a run down on what I THINK this is supposed to do:

1. hit host 192.168.1.1
2. try to brute force cisco enable password
3. -s 23 = the port the service is running on
4. -P passlist.txt = a list with a valid password that should create a poisitve match for enable
5. -t 4 = use timing 4 which was recommended by Hydra for enable passwords
6. -f = stop at first successful login
7. -m "" = login for Telnet, in this case the passwords is blank ("") for testing

When it runs, it successfully conects the router and logs into Telnet and attempt enable passwords. The problem is that the results never show the password that was used to login and many times it says "As this login was successful it will be skipped" BUT it doesn't show which login worked! In verbose mode the login/password output list stops at random passwords, never at the proper password.

Any ideas?