Penetration Testing mailing list archives
Re: htpasswd decrypt
From: Miguel González Castaños <miguel_3_gonzalez () yahoo es>
Date: Mon, 21 Jun 2010 01:49:32 +0200
On 20/06/2010 16:48, Gaurav Kumar wrote:
Following lines from the source code confirm this (different password being generated each time)
(void) srand((int) time((time_t *) NULL));
ap_to64(&salt[0], rand(), 8);
It seems that time based seed is used to generate MD5 hash. Also, according to source, "salt" is char array and is 8
bytes long (+1 null byte). If you want to bruteforce password, you will need to bruteforce these 8 bytes too
---
Gaurav Kumar, CISSP
Email:gk () pivotalsecurity com| Phone: +1 (425) 686-9695 |Web: www.pivotalsecurity.com
Thank you everybody :) John did the trick Thanks Miguel ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- htpasswd decrypt Miguel González Castaños (Jun 18)
- Re: htpasswd decrypt dishix (Jun 19)
- Re: htpasswd decrypt Jacky Jack (Jun 19)
- Re: htpasswd decrypt Christine Kronberg (Jun 20)
- Re: htpasswd decrypt Miguel Gonzalez (Jun 20)
- RE: htpasswd decrypt Gaurav Kumar (Jun 20)
- Re: htpasswd decrypt Miguel González Castaños (Jun 21)
- Re: htpasswd decrypt Paul Melson (Jun 21)
- Re: htpasswd decrypt Christine Kronberg (Jun 20)
- <Possible follow-ups>
- Re: htpasswd decrypt modversion (Jun 20)