Hi, I have received some e-mail from people (thanks to all of us) telling me to mangle the hashes in a correct password file format. It is not the problem for me. I will try to explain. If you take a MD5 hash from a Unix/Linux box, the hash is beginning whith $1$ (and I think by $2$ in some case) but if you are taking a MD5 hash from a .htacess (or .htpasswd) file using by Apache, it begins by $apr1$. In this case, John and MD5Crack doesn't work (I also tried to force the format with -format:MD5 with john). It tried them on W32 and Linux. The MD5 hashes are generating with htpasswd.exe (on W32) that is a tool provided with Apache. For the example, I have generating a MD5 hash : test:$apr1$K2......$0afaV4Pb0N8k1udUVBHo./ In this case the password is 'test' but I have no tool (MD5crack and John doesn't work) that allow me to crack this .htpasswd file. Any help is welcome. Thank for your help Dominique --- H D Moore <sflistat_private> a écrit : > MDCrack is one of the nicest MD5 brute forcers I > have come across. You may > need to mangle the hashes a little bit to get > mdcrack to accept them, but it > should do the trick. JTR is also very good at > cracking md5 hashes, they have > in the correct format for it to recognize them > though. > > MDCrack: > http://mdcrack.multimania.com/nsindex2.html ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Courrier : http://courrier.yahoo.fr ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 10:08:15 PST