Re: Cracking Base64 Passwords Perl Script.

From: Javier Liendo (javierat_private)
Date: Tue Nov 12 2002 - 09:24:21 PST

Next message: cc_mofoat_private: "Re: IIS 5.0 with Integrated Window Authentication"

Previous message: Zach Forsyth: "ethics of approaching vulnerable prospective clients"
In reply to: Singapore Dragon: "Cracking Base64 Passwords Perl Script."
Next in thread: Javier Fernández-Sanguino Peńa: "Re: Cracking Base64 Passwords Perl Script."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hello

there is a website where you can do the same

http://www.securitystats.com/tools/base64.asp

regards

javier

--- Singapore Dragon <dragonat_private> wrote:
> Tool to crack Base64 passwords - could not find
> anything similar on the
> Internet. 
> 
> Download Tool:
> http://www.securityassoc.com/base64_crack.zip
> 
> MD5 Hash: D905C844168D4D2D1755C1393E18CC96
> 
> Below from Readme.txt file:
> 
> Base64 Encoding
> ---------------
> 
> While pen testing and looking around for something
> to crack a Base64
> encoded password I could not find much in the  way
> of a simple script,
> so I decided to right a Perl script myself...
> 
> Many weak security mechanisms rely on base64
> encoding scheme. IIS server
> is one such example, from  the below example we see
> IIS Basic
> authenication in action on a GET request:
> 
> GET / HTTP/1.1
> Host: iis-server
> Authorization: Basic dGVzdDpwYXNzd29yZA==
> 
> The authorization tag is encoded in Base64 and when
> feed into the decode
> script is cracked as shown  below:
> 
> 
> perl decode_base64.pl dGVzdDpwYXNzd29yZA==
> 
>  Author: The Singapore Dragon -
> dragonat_private
>  Web: www.securityassoc.com
> 
>  Usage decode_base64.pl [encoded-text]
> 
>  The decoded data is: test:password
> 
> 
> There is also another script provided to encode data
> (encode_base64.pl).
> 
> Enjoy and please send comments...
> 
> The Singapore Dragon
> dragonat_private
> 
> 
> 
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA
> service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
> 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: cc_mofoat_private: "Re: IIS 5.0 with Integrated Window Authentication"
Previous message: Zach Forsyth: "ethics of approaching vulnerable prospective clients"
In reply to: Singapore Dragon: "Cracking Base64 Passwords Perl Script."
Next in thread: Javier Fernández-Sanguino Peńa: "Re: Cracking Base64 Passwords Perl Script."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 12 2002 - 14:58:23 PST