(Pen-test/Sectools, only bother sending this through if you allow
the original.)
> Tool to crack Base64 passwords - could not find anything similar on the
> Internet.
'Crack'? Base64 is an encoding algorithm, just like uuencode.
It's not encryption. It's supposed to be easily reversable.
I find it hard to believe this person "could not find anything similar
on the Internet". What he's using is MIME::Base64 from perl's CPAN.
This is command-line stuff.
$ perl -MMIME::Base64 -le 'print decode_base64("dGVzdDpwYXNzd29yZA==")'
test:password
For gods sake, I have this as an alias in my .bashrc.
Perhaps the reason there aren't any tools out there listed to
'crack' this is because it isn't a crack, and no one bothers
trying to market their genius in 'use module; call subroutine'
> While pen testing and looking around for something to crack a Base64
> encoded password I could not find much in the way of a simple script,
> so I decided to right a Perl script myself...
No, you took the work of Gisle Aas, MIME::Base64, and put it in a
perl script and slapped a few print statements on it.
> Many weak security mechanisms rely on base64 encoding scheme. IIS server
> is one such example, from the below example we see IIS Basic
> authenication in action on a GET request:
This is HTTP basic authorization, it's not IIS specific. It's not used
for security, it's used to make sure that the password, regardless of
ugly characters, is able to be represented in a portable form. (For a
very vague description, Base64 takes input and turns it into ASCII
printable output.) This is why you should only use it over HTTPS if
you don't want your password getting out.
> Enjoy and please send comments...
Hope you receive lots of fame and fortune.
--
Brian Hatch You have that vacant
Systems and look in your eyes that
Security Engineer says "Hold your ear up
http://www.ifokr.org/bri/ to my head and you
will hear the sea"
Every message PGP signed
This archive was generated by hypermail 2b30 : Wed Nov 13 2002 - 02:24:11 PST