Penetration Testing mailing list archives

RE: htpasswd decrypt

From: "Gaurav Kumar" <gk () pivotalsecurity com>
Date: Sun, 20 Jun 2010 07:48:32 -0700

Following lines from the source code confirm this (different password being generated each time)

      (void) srand((int) time((time_t *) NULL));
        ap_to64(&salt[0], rand(), 8);

It seems that time based seed is used to generate MD5 hash. Also, according to source, "salt" is char array  and is 8 
bytes long (+1 null byte). If you want to bruteforce password, you will need to bruteforce these 8 bytes too
---
Gaurav  Kumar, CISSP
Email:gk () pivotalsecurity com| Phone: +1 (425) 686-9695 |Web: www.pivotalsecurity.com 
 


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jacky Jack
Sent: Saturday, June 19, 2010 7:05 AM
To: Miguel González Castaños
Cc: pen-test () securityfocus com
Subject: Re: htpasswd decrypt

I haven't been aware of it, too.
If you know it, let me know.

It's not easy to write bruteforce decryptor as it generates new password each time upon generation.

./htpasswd -nb test test

Automatically using MD5 format.
test:$apr1$O9B501zi$LIb3jgek2pqVEv29qfCqO0

./htpasswd -nb test test

Automatically using MD5 format.
test:$apr1$Rekfkt5.$8NeNTA7C/Oy4jEuCgrnBE/

./htpasswd -nb test test

Automatically using MD5 format.
test:$apr1$PEH.OBdt$wE/nHRG.FYo2bzmAfxfIn1

./htpasswd -nb test test

Automatically using MD5 format.
test:$apr1$BtwEARib$2WWdK3nGlAWVutTRkFyV20




2010/6/18 Miguel González Castaños <miguel_3_gonzalez () yahoo es>:

Hi all,

 For a hack lab in that I'm doing  I reach a point where I get a 
htpasswd file in clear in an Apache server.

 Is there any tool that given the crypted password I can try to brute 
force (or use a dictionary attack) and get the original password? 
There are a lot of MD5 password crackers but they don't state if they 
work for htpasswd generated passwords.

 Thanks!

 Miguel

----------------------------------------------------------------------
-- This list is sponsored by: Information Assurance Certification 
Review Board

Prove to peers and potential employers without a doubt that you can 
actually do a proper penetration test. IACRB CPT and CEPT certs 
require a full practical examination in order to become certified.
http://www.iacertification.org
----------------------------------------------------------------------
--


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

htpasswd decrypt Miguel González Castaños (Jun 18)
- Re: htpasswd decrypt dishix (Jun 19)
- Re: htpasswd decrypt Jacky Jack (Jun 19)
  - Re: htpasswd decrypt Christine Kronberg (Jun 20)
    - Re: htpasswd decrypt Miguel Gonzalez (Jun 20)
  - RE: htpasswd decrypt Gaurav Kumar (Jun 20)
    - Re: htpasswd decrypt Miguel González Castaños (Jun 21)
  - Re: htpasswd decrypt Paul Melson (Jun 21)
- <Possible follow-ups>
- Re: htpasswd decrypt modversion (Jun 20)