|
Title: John the ripper crack doesn't seem to work from htpasswd file... Post by: wlandymore on May 19, 2012, 09:25:12 PM I'm testing a box that someone else has setup and I managed to get into the FTP server on it and then download the .htpasswd file. When opened it had a user:hash in it and then I put that in a txt file and then ran John The Ripper on it.
It took about 23 minutes and it came up with the password. However, if I try to use that account on ftp or even RDP it won't work. Is there a chance that somehow it got it wrong with JTR? Also, this is a Windows box running this... Title: Re: John the ripper crack doesn't seem to work from htpasswd file... Post by: ajohnson on May 19, 2012, 09:51:14 PM That's used for password-protecting web access. Can you authenticate to the password protected area(s) of the website? There's always a chance credentials could be reused with other services, but they're not going to use that file as a credential store.
Title: Re: John the ripper crack doesn't seem to work from htpasswd file... Post by: wlandymore on May 20, 2012, 02:25:12 AM yeah, I see what you're saying but I tried connecting to it on 80 and 443 and nmap didn't come back with a web service running...Just FTP and RDP
Title: Re: John the ripper crack doesn't seem to work from htpasswd file... Post by: chrisj on May 20, 2012, 03:10:40 AM What options did you give NMAP when you ran it?
Could always be that file is just a red herring. Title: Re: John the ripper crack doesn't seem to work from htpasswd file... Post by: ajohnson on May 20, 2012, 08:15:13 AM The web server could also be running on a non-standard port.
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |