Penetration Testing mailing list archives
Re: htpasswd decrypt
From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Sat, 19 Jun 2010 20:35:20 +0630
I haven't been aware of it, too. If you know it, let me know. It's not easy to write bruteforce decryptor as it generates new password each time upon generation.
./htpasswd -nb test test
Automatically using MD5 format. test:$apr1$O9B501zi$LIb3jgek2pqVEv29qfCqO0
./htpasswd -nb test test
Automatically using MD5 format. test:$apr1$Rekfkt5.$8NeNTA7C/Oy4jEuCgrnBE/
./htpasswd -nb test test
Automatically using MD5 format. test:$apr1$PEH.OBdt$wE/nHRG.FYo2bzmAfxfIn1
./htpasswd -nb test test
Automatically using MD5 format. test:$apr1$BtwEARib$2WWdK3nGlAWVutTRkFyV20 2010/6/18 Miguel González Castaños <miguel_3_gonzalez () yahoo es>:
Hi all, For a hack lab in that I'm doing I reach a point where I get a htpasswd file in clear in an Apache server. Is there any tool that given the crypted password I can try to brute force (or use a dictionary attack) and get the original password? There are a lot of MD5 password crackers but they don't state if they work for htpasswd generated passwords. Thanks! Miguel ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- htpasswd decrypt Miguel González Castaños (Jun 18)
- Re: htpasswd decrypt dishix (Jun 19)
- Re: htpasswd decrypt Jacky Jack (Jun 19)
- Re: htpasswd decrypt Christine Kronberg (Jun 20)
- Re: htpasswd decrypt Miguel Gonzalez (Jun 20)
- RE: htpasswd decrypt Gaurav Kumar (Jun 20)
- Re: htpasswd decrypt Miguel González Castaños (Jun 21)
- Re: htpasswd decrypt Paul Melson (Jun 21)
- Re: htpasswd decrypt Christine Kronberg (Jun 20)
- <Possible follow-ups>
- Re: htpasswd decrypt modversion (Jun 20)