htdigest file format - apache

I'm trying to write some code to work with an htdigest password file. The documentation I can find seems to claim that the format of that file is:
user:realm:MD5(user:realm:pass)
If that is the case, then why doesn't this work for me? I created a file with the command line htdigest thus:
htdigest -c test b a
When prompted for a password I entered 'c'. This creates a file with the contents:
a:b:02cc8f08398a4f3113b554e8105ebe4c
However if I try to derive this hash I can't,
echo a:b:c | md5
gives me "49d6ea7ca1facf323ca1928995420354". Is there something obvious that I'm missing here?
Thanks

echo by default adds a trailing new line:
echo -n a:b:c | md5
Should work as you expect.

Hm, I seem to have answered my own question. My test case was flawed, 'echo' is adding extra characters (not sure which). For instance
echo a:b:c | wc
gives 6 characters instead of 5. Calculating the hash at http://md5-hash-online.waraxe.us/ gives the correct value. Sorry everyone!

Here is how you set the password for a given user.
sudo htdigest /etc/apache2/.htdigest yourrealm.com yourusername

Related

how to create a special pattern for password with crunch

im trying to create specific pattern for creating password via crunch but didnt found anywhere somthing like that and wanna now if it even possibale.
for example i want to make as pattern thw word "password" but i want that the letter p could be lowcase or highcase, and the letter a could be a or # and the s could be s/$.
so i try somthing like
crunch 10 10 pP+a#+s$word -t
but it not seems right.
try to lock allready in bunch of guide but didnt found way to make spesific char to been choseen from a spesicifc option.
any suggestion?
thank you
crunch 8 8 pP a# s$ s$ -t #,^^word
Gives the output:
password
pas$word
pa$sword
pa$$word
p#ssword
p#s$word
p#$sword
p#$$word
Password
Pas$word
Pa$sword
Pa$$word
P#ssword
P#s$word
P#$sword
P#$$word
If you want to write to a file, append this at the end: -o file.txt

How would you crack this (MD5 HashCat)?

I was given this file:
hashes.txt
experthead:e10adc3949ba59abbe56e057f20f883e
interestec:25f9e794323b453885f5181f1b624d0b
ortspoon:d8578edf8458ce06fbc5bb76a58c5ca4
reallychel:5f4dcc3b5aa765d61d8327deb882cf99
simmson56:96e79218965eb72c92a549dd5a330112
bookma:25d55ad283aa400af464c76d713c07ad
popularkiya7:e99a18c428cb38d5f260853678922e03
eatingcake1994:fcea920f7412b5da7be0cf42b8c93759
heroanhart:7c6a180b36896a0a8c02787eeafb0e4c
edi_tesla89:6c569aabbf7775ef8fc570e228c16b98
liveltekah:3f230640b78d7e71ac5514e57935eb69
blikimore:917eb5e9d6d6bca820922a0c6f7cc28b
johnwick007:f6a0cb102c62879d397b12b62c092c06
flamesbria2001:9b3b269ad0a208090309f091b3aba9db
oranolio:16ced47d3fc931483e24933665cded6d
spuffyffet:1f5c5683982d7c3814d4d9e6d749b21e
moodie:8d763385e0476ae208f21bc63956f748
nabox:defebde7b6ab6f24d5824682a16c3ae4
bandalls:bdda5f03128bcbdfa78d8934529048cf
I thought I had to separate them, for example I put the experthead, interestec, etc. in one file named wordtext.txt and e10adc3949ba59abbe56e057f20f883e, etc in another file called hash.txt.
I then ran this:
hashcat -m 0 -a 0 /Users/myname/Desktop/hash.txt /Users/myname/Desktop/wordtext.txt -O
but I couldn't get anything. And then I googled e10adc3949ba59abbe56e057f20f883e and the output was 123456 so now I don't know how to approach this problem.
Just leave the hashes (erase the plaintext) on the txt file, hashcat will sort them out by itself. What I do is: hashcat.exe -m 0 -a 0 hashFile.txt dict.txt --show
The file appears to be in username:hash format. By default, hashcat assumes that only hashes are in the target file.
You can change this behavior with hashcat's --username option.
You don't need to place the -O at the end. It should work perfectly without it, but you do need hashcat.exe in the beginning.

John The Ripper 'No password hashes loaded'(see FAQ)

I am trying to learn John. I've been through the FAQ and this tutorial, but am stuck.
I have made a RAR4 password hash. It's super simple. The password is 'test'. I now want to use a tool to crack it.
I've saved it to a file "test.txt".It has:
Red dead redemption.rar:$RAR3$*1*de613099dc859cfd*00000000*16*0*1*b52125c28c4fc60a1c00f313d0fb68ca*33:1::Red dead redemption.torrent
When running the following command, I get 'No password hashes loaded'
What should I do to get this working please?
Command: john.exe test.txt
$$ in your hash specify that they are encrypted with yescrypt, Hence you need to specify format to the john
john.exe --format=crypt test.txt
This should work

Compare password to LDAP stored password

I am creating a "change password" form where the user is required to enter the previous password first, then a new password (twice).
I should compare the entered "previous password" to the one already stored.
My web application uses an LDAP server to store user credentials. Password is apparently stored using SHA.
So what I do is get the previous password entered by the user, digest it using SHA1, then compare it.
String oldPass = request.getParameter("oldpass");
String enteredOldPass= App.getInstance().getCipher().cipher(oldPass);
String ldapPassword= ctx.get("userpassword");
But this isn't working, because the passwords are different. When I store "test" in the LDAP I obtain {sha}qUqP5cyxm6YcTAhz05Hph5gvu9M= when calling .get("userPassword"), whilst I get a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 when hashing "test" by myself.
What am I doing wrong here? It seems that a step is missing since my result is purely hex, while the one I get from the LDAP is ASCII. But I tried converting the string to hex (using string to hex online converters) but the result is still differnet.
You don't do any of this.
You attempt to rebind as the user with that password. It either succeeds or fails. That tells you whether it was right or wrong. The API and protocol and server will take care of any hashing required.
Or, if you're using an LDAP server that supports the extended change-password operation, you provide the old and new passwords in the extended operation.
you must convert to binary, then convert to base64. Try this:
echo -n "test" | sha1sum | awk '{print $1}' <br>
The result will be a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
echo -n "test" | sha1sum | awk '{print $1}' | xxd -r -p | base64
The result will be qUqP5cyxm6YcTAhz05Hph5gvu9M=

LDIF file error?? Invalid Format?

I am currently working with LDAP which is on a UNIX server. The main purpose for me right now is to modify two entries in the directory by Ldapmodify through command line. The command is as follows:
ldapmodify -a -D 'cn=ldap,dc=cs,dc=ttu,dc=edu' \
-w *password* -H *server address* -f Documents/user.ldif
user.ldif file is as follows:
dn: cn=*username*,cn=Users,dc=ttu,dc=edu
changetype: modify
replace: displayName
displayName: abc
-
replace: loginShell
loginShell: /bin/tc
-
I get the following error when i try to run it:
ldapmodify: invalid format (line 5) entry: "cn=*username*,cn=Users,dc=ttu,dc=edu"
I checked the "dn" and it is correct. Why am I getting this error then?
I have a similar problem. In my case, my dn was correct, but it says "invalid format (line 16) ..." .
This is how I solved this:
The error msg can be misleading, because the dn is indeed correct. But line number "(line 5)" is an accurate pointer to the problem. In your case, I think the dash '-' is causing the problem. Try to remove the dashes and it may work!
is the cn RDN of the entry?
One can have an entry in directory sn=john, ou=Users .....
sn: john
cn: doe
displayName: johnny
the RDN is an attribute used as reference, in this case
dn: cn=doe,....
would be wrong, no matter that the entry has an attribute in specified value.
In the example you provided, DN is first line, and error says about 5th line.
Assuming you put it in some batch, maybe SOME entry has some special character in it's CN ?
And "Users" is usually an "ou" or "dc" or something, even if the container has "cn" attribute with "Users" as one of cn values. Are entries separated by empty newlines? Didn't you put minus sign after last modification of previous entry above, instead of one ( or more ) newline(s) ?
Oh, and when putting ldif with many entries ( changes ), it's wise to try it with "-n". And (actually for some reason I don't remember) I personally prefer to pipe ldif instead of "-f"
cat user.ldif | ldapmodify ...opts...
?
PS. haha :) try to remove "-a", it turns ldapmodify to ldapadd actually :) And add "-x" if you want to use "simple" auth ( with -w password ).
It must be the problem of character encoding of dash(-)
I met the same problem before because I edited file on windows and used it on centOS in Virtualbox
Then I made a new file in centos using touch and edited it using vi and it works.
I've ran into the same issue. In my case, I had an extra space after the dash (-) character separating the entries.
For example, note the space after the dash on line 5:
$cat -A sample.ldif
dn: uid=noelp,ou=People,dc=example,dc=co,dc=us$
changetype: modify$
replace: employeeType$
employeeType: fulltime$
- $
replace: title$
title: Sr IT Analyst$
-$
replace: employeeNumber$
employeeNumber: 1299$
Same issue can happen with a blank line with a space afer it.