Penetration Testing mailing list archives
Re: htpasswd decrypt
From: Paul Melson <pmelson () gmail com>
Date: Mon, 21 Jun 2010 06:47:41 -0400
2010/6/19 Jacky Jack <jacksonsmth698 () gmail com>:
It's not easy to write bruteforce decryptor as it generates new password each time upon generation.
The salted hashes are only a challenge if you don't have the salt, like in the case of generating rainbow tables.
2010/6/18 Miguel González Castaños <miguel_3_gonzalez () yahoo es>:Hi all, For a hack lab in that I'm doing I reach a point where I get a htpasswd file in clear in an Apache server.
However, the original poster has captured the file, and therefore has the full salt and hash. So a brute-force or dictionary attack against the captured hash using any number of the tools already mentioned in this thread will work just fine. PaulM ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- htpasswd decrypt Miguel González Castaños (Jun 18)
- Re: htpasswd decrypt dishix (Jun 19)
- Re: htpasswd decrypt Jacky Jack (Jun 19)
- Re: htpasswd decrypt Christine Kronberg (Jun 20)
- Re: htpasswd decrypt Miguel Gonzalez (Jun 20)
- RE: htpasswd decrypt Gaurav Kumar (Jun 20)
- Re: htpasswd decrypt Miguel González Castaños (Jun 21)
- Re: htpasswd decrypt Paul Melson (Jun 21)
- Re: htpasswd decrypt Christine Kronberg (Jun 20)
- <Possible follow-ups>
- Re: htpasswd decrypt modversion (Jun 20)