[WEB SECURITY] htpasswd decrypt

Santhosh Kumar K santoshkumar at temenos.com
Mon Jun 21 02:22:26 EDT 2010


One more to add is THC HYDRA..

Regards,
K. Santhosh Kumar
Application Security Testing Engineer 
Security Technology

Security is a state of mind!!!


-----Original Message-----
From: Bugtrace [mailto:bugtrace at gmail.com] 
Sent: Saturday, June 19, 2010 12:05 AM
To: Nahuel Grisolia
Cc: websecurity at webappsec.org
Subject: Re: [WEB SECURITY] htpasswd decrypt

John the ripper is good choice.
Another tool you can use is l0phtcrack.
On Sat, Jun 19, 2010 at 1:30 AM, Nahuel Grisolia <nahuel at bonsai-sec.com> wrote:
> On 06/18/2010 12:59 PM, Miguel González Castaños wrote:
>>   Is there any tool that given the crypted password I can try to brute
>> force (or use a dictionary attack) and get the original password? There
>> are a lot of MD5 password crackers but they don't state if they work for
>> htpasswd generated passwords.
>>
>
> John the Ripper is your friend!
>
> http://www.openwall.com/john/
>
> regards,
> --
> Nahuel Grisolia - C|EH
> Information Security Consultant
> Bonsai Information Security Project Leader
> http://www.bonsai-sec.com/
> (+54-11) 4777-3107
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> To unsubscribe email websecurity-unsubscribe at webappsec.org and reply to
> the confirmation email
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

To unsubscribe email websecurity-unsubscribe at webappsec.org and reply to 
the confirmation email

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

The information in this e-mail and any attachments is confidential and may be legally privileged. 
It is intended solely for the addressee or addressees. Any use or disclosure of the contents 
of this e-mail/attachments by a not intended recipient is unauthorized and may be unlawful. 
If you have received this e-mail in error please notify the sender. 
Please note that any views or opinions presented in this e-mail are solely those of the author and 
do not necessarily represent those of TEMENOS. 
We recommend that you check this e-mail and any attachments against viruses. 
TEMENOS accepts no liability for any damage caused by any malicious code or virus transmitted by this e-mail.


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

To unsubscribe email websecurity-unsubscribe at webappsec.org and reply to 
the confirmation email

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list