Re: htpasswd decrypt

[Jacky Jack <jacksonsmth698 () gmail com>]

I haven't been aware of it, too.
If you know it, let me know.

It's not easy to write bruteforce decryptor as it generates new
password each time upon generation.

> ./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$O9B501zi$LIb3jgek2pqVEv29qfCqO0


> ./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$Rekfkt5.$8NeNTA7C/Oy4jEuCgrnBE/


> ./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$PEH.OBdt$wE/nHRG.FYo2bzmAfxfIn1


> ./htpasswd -nb test test
Automatically using MD5 format.
test:$apr1$BtwEARib$2WWdK3nGlAWVutTRkFyV20




2010/6/18 Miguel González Castaños <miguel_3_gonzalez () yahoo es>:
> Hi all,
>
>  For a hack lab in that I'm doing  I reach a point where I get a htpasswd
> file in clear in an Apache server.
>
>  Is there any tool that given the crypted password I can try to brute force
> (or use a dictionary attack) and get the original password? There are a lot
> of MD5 password crackers but they don't state if they work for htpasswd
> generated passwords.
>
>  Thanks!
>
>  Miguel
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually
> do a proper penetration test. IACRB CPT and CEPT certs require a full
> practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------