Penetration Testing mailing list archives
Re: Brute force .htpasswd
From: H D Moore <sflist () digitaloffense net>
Date: Mon, 26 Nov 2001 17:49:48 -0600
MDCrack is one of the nicest MD5 brute forcers I have come across. You may need to mangle the hashes a little bit to get mdcrack to accept them, but it should do the trick. JTR is also very good at cracking md5 hashes, they have in the correct format for it to recognize them though. MDCrack: http://mdcrack.multimania.com/nsindex2.html On Monday 26 November 2001 07:35 am, D V wrote:
Hi, I am looking for a program to brute force .htpasswd using MD5 encryption using by Apache on W32 platform. I am not looking for a prg like Brutus because I want to do a brute force attack off-line. Password cracker like John doesn't work against this type of MD5, it is working against MD5 using by Linux for example.
-- H D Moore http://www.digitaldefense.net - work http://www.digitaloffense.net - play ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Brute force .htpasswd D V (Nov 26)
- Re: Brute force .htpasswd H D Moore (Nov 26)
- Re: Brute force .htpasswd D V (Nov 27)
- Re: Brute force .htpasswd Erik Parker (Nov 28)
- Re: Brute force .htpasswd D V (Nov 27)
- Re: Brute force .htpasswd Kostas Evangelinos (Nov 30)
- Re: Brute force .htpasswd H D Moore (Nov 26)