|
|
Penetration Testing
htpasswd decrypt Jun 18 2010 05:08PM Miguel González Castaños (miguel_3_gonzalez yahoo es) (2 replies) Re: htpasswd decrypt Jun 19 2010 02:05PM Jacky Jack (jacksonsmth698 gmail com) (3 replies) |
|
Privacy Statement |
(void) srand((int) time((time_t *) NULL));
ap_to64(&salt[0], rand(), 8);
It seems that time based seed is used to generate MD5 hash. Also, according to source, "salt" is char array and is 8 bytes long (+1 null byte). If you want to bruteforce password, you will need to bruteforce these 8 bytes too
---
Gaurav Kumar, CISSP
Email:gk (at) pivotalsecurity (dot) com [email concealed]| Phone: +1 (425) 686-9695 |Web: www.pivotalsecurity.com
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Jacky Jack
Sent: Saturday, June 19, 2010 7:05 AM
To: Miguel González Castaños
Cc: pen-test (at) securityfocus (dot) com [email concealed]
Subject: Re: htpasswd decrypt
I haven't been aware of it, too.
If you know it, let me know.
It's not easy to write bruteforce decryptor as it generates new password each time upon generation.
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$O9B501zi$LIb3jgek2pqVEv29qfCqO0
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$Rekfkt5.$8NeNTA7C/Oy4jEuCgrnBE/
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$PEH.OBdt$wE/nHRG.FYo2bzmAfxfIn1
>./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$BtwEARib$2WWdK3nGlAWVutTRkFyV20
2010/6/18 Miguel González Castaños <miguel_3_gonzalez (at) yahoo (dot) es [email concealed]>:
> Hi all,
>
> For a hack lab in that I'm doing I reach a point where I get a
> htpasswd file in clear in an Apache server.
>
> Is there any tool that given the crypted password I can try to brute
> force (or use a dictionary attack) and get the original password?
> There are a lot of MD5 password crackers but they don't state if they
> work for htpasswd generated passwords.
>
> Thanks!
>
> Miguel
>
> ----------------------------------------------------------------------
> -- This list is sponsored by: Information Assurance Certification
> Review Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs
> require a full practical examination in order to become certified.
> http://www.iacertification.org
> ----------------------------------------------------------------------
> --
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]