Re: Brute force .htpasswd

[Erik Parker <eparker () mindsec com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



If you see "$apr1$" this is because of the rework the MD5 authentication
scheme to use FreeBSD's algorithm. and use a private significator
('$apr1$') to mark passwords as being smashed with their own algorithm.

You'll need to find a cracker that supports it.. Might make your query on
a freebsd hackers list.


EP> D V (mysecurite () yahoo fr) DV wrote on Nov 27, 2001:

DV> If you take a MD5 hash from a Unix/Linux box, the hash
DV> is beginning whith $1$ (and I think by $2$ in some
DV> case) but if you are taking a MD5 hash from a .htacess
DV> (or .htpasswd) file using by Apache, it begins by
DV> $apr1$. In this case, John and MD5Crack doesn't work
DV> (I also tried to force the format with -format:MD5
DV> with john). It tried them on W32 and Linux.
DV> The MD5 hashes are generating with htpasswd.exe (on
DV> W32) that is a tool provided with Apache.
DV>
DV> For the example, I have generating a MD5 hash :
DV> test:$apr1$K2......$0afaV4Pb0N8k1udUVBHo./
DV> In this case the password is 'test' but I have no tool
DV> (MD5crack and John doesn't work) that allow me to
DV> crack this .htpasswd file.
DV>
DV> Any help is welcome. Thank for your help
DV>
DV> Dominique
DV>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjwFPJEACgkQr8DeRYtXr+I7tACgthDM11KxUEMAjB/0M1Mol/+F
EmIAnRrRI9OQAMsy5j3DiXD7y9IS19ya
=0ZqS
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/