I haven't been aware of it, too.
If you know it, let me know.
It's not easy to write bruteforce decryptor as it generates new
password each time upon generation.
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$O9B501zi$LIb3jgek2pqVEv29qfCqO0
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$Rekfkt5.$8NeNTA7C/Oy4jEuCgrnBE/
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$PEH.OBdt$wE/nHRG.FYo2bzmAfxfIn1
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$BtwEARib$2WWdK3nGlAWVutTRkFyV20
2010/6/18 Miguel González Castaños <miguel_3_gonzalez (at) yahoo (dot) es [email concealed]>:
> Hi all,
>
>  For a hack lab in that I'm doing  I reach a point where I get a htpasswd
> file in clear in an Apache server.
>
> Â Is there any tool that given the crypted password I can try to brute force
> (or use a dictionary attack) and get the original password? There are a lot
> of MD5 password crackers but they don't state if they work for htpasswd
> generated passwords.
>
> Â Thanks!
>
> Â Miguel
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually
> do a proper penetration test. IACRB CPT and CEPT certs require a full
> practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
If you know it, let me know.
It's not easy to write bruteforce decryptor as it generates new
password each time upon generation.
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$O9B501zi$LIb3jgek2pqVEv29qfCqO0
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$Rekfkt5.$8NeNTA7C/Oy4jEuCgrnBE/
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$PEH.OBdt$wE/nHRG.FYo2bzmAfxfIn1
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$BtwEARib$2WWdK3nGlAWVutTRkFyV20
2010/6/18 Miguel González Castaños <miguel_3_gonzalez (at) yahoo (dot) es [email concealed]>:
> Hi all,
>
>  For a hack lab in that I'm doing  I reach a point where I get a htpasswd
> file in clear in an Apache server.
>
> Â Is there any tool that given the crypted password I can try to brute force
> (or use a dictionary attack) and get the original password? There are a lot
> of MD5 password crackers but they don't state if they work for htpasswd
> generated passwords.
>
> Â Thanks!
>
> Â Miguel
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually
> do a proper penetration test. IACRB CPT and CEPT certs require a full
> practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]