|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 72
Members: 0
Total: 72
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Cracked Des(Unix) pass doesn't work |
|
Posted: Sun Jul 12, 2009 2:27 pm |
|
|
_nix |
Beginner |
|
|
Joined: Jul 12, 2009 |
Posts: 2 |
|
|
|
|
|
|
|
Okay, so I thought I'd test out a friends net today and I'm fairly new to the pass cracking department so I thought it would be good practice. Anyway, I know about the htaccess and htpasswd files and all that, so after grabbing those easily I thought I'd run the Des encrypted password through a brute forcer, I tried two of them and they both brought up the same cracked password of "wipeout" (excluding the quotes).
First I ran a brute force using john the ripper, 4 hours later "wipeout" came up, I tested it on webmin, phpmyadmin, ssh, nothing at all. I then tried it with propass and as you can guess the same "wipeout" pass came up.
So I am wondering, is this just a guess or is it legit? I tried it on a few test passwords with a dictionary where I put in the plain text passes halfway down and both programs found them all without fail.
Am I doing something wrong? Is it possible for the htpasswd file to not contain the actual password? I'm really puzzled here.
The Des pass is yJx7FJB6RPlE2 so if anyone wants to see if it is actually "wipeout" or something else then by all means, hopefully someone can help me out here ;[ |
|
|
|
|
|
|
|
|
Posted: Sun Jul 12, 2009 4:47 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
This DES hash is indeed related to "wipeout" and is 100% OK. Question is, where it is used ...
If it's coming from .htpasswd, then you can use it for HTTP Basic Auth. Sometimes it is used for PhpMyAdmin too, but it depends. So it seems, that you have found password, but just don't know, where it's used
Of course, lazy admins/webmasters/programmers can use same password for many things, but not always ... |
|
|
|
|
Posted: Sun Jul 12, 2009 5:11 pm |
|
|
_nix |
Beginner |
|
|
Joined: Jul 12, 2009 |
Posts: 2 |
|
|
|
|
|
|
|
Thanks for confirming I had done it right, and got the correct password from it |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|