.

John the ripper crack doesn't seem to work from htpasswd file...

<<

wlandymore

Newbie
Newbie

Posts: 34

Joined: Thu Mar 15, 2012 9:48 am

Post Sat May 19, 2012 9:25 pm

John the ripper crack doesn't seem to work from htpasswd file...

I'm testing a box that someone else has setup and I managed to get into the FTP server on it and then download the .htpasswd file. When opened it had a user:hash in it and then I put that in a txt file and then ran John The Ripper on it.

It took about 23 minutes and it came up with the password. However, if I try to use that account on ftp or even RDP it won't work. Is there a chance that somehow it got it wrong with JTR? Also, this is a Windows box running this...
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat May 19, 2012 9:51 pm

Re: John the ripper crack doesn't seem to work from htpasswd file...

That's used for password-protecting web access. Can you authenticate to the password protected area(s) of the website? There's always a chance credentials could be reused with other services, but they're not going to use that file as a credential store.
The day you stop learning is the day you start becoming obsolete.
<<

wlandymore

Newbie
Newbie

Posts: 34

Joined: Thu Mar 15, 2012 9:48 am

Post Sun May 20, 2012 2:25 am

Re: John the ripper crack doesn't seem to work from htpasswd file...

yeah, I see what you're saying but I tried connecting to it on 80 and 443 and nmap didn't come back with a web service running...Just FTP and RDP
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sun May 20, 2012 3:10 am

Re: John the ripper crack doesn't seem to work from htpasswd file...

What options did you give NMAP when you ran it?

Could always be that file is just a red herring.
OSWP, Sec+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun May 20, 2012 8:15 am

Re: John the ripper crack doesn't seem to work from htpasswd file...

The web server could also be running on a non-standard port.
The day you stop learning is the day you start becoming obsolete.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software