39 lines
1.1 KiB
Plaintext
39 lines
1.1 KiB
Plaintext
|
HTTP Digest access authentication
|
||
|
---------------------------------
|
||
|
|
||
|
|
||
|
|
||
|
- How to create the password string :
|
||
|
-------------------------------------
|
||
|
|
||
|
|
||
|
user:$MAGIC$response$user$realm$method$uri$nonce$nonceCount$ClientNonce$qop
|
||
|
|
||
|
'$' is use as separator, you can change it in HDAA_fmt.c
|
||
|
|
||
|
|
||
|
Example of password string :
|
||
|
|
||
|
user:$response$679066476e67b5c7c4e88f04be567f8b$user$myrealm$GET$/$8c12bd8f728afe56d45a0ce846b70e5a$00000001$4b61913cec32e2c9$auth
|
||
|
|
||
|
Here the magic is '$response$'
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
- Demonstration :
|
||
|
-----------------
|
||
|
|
||
|
Tested on a : AMD Athlon(tm) 64 Processor 3000+
|
||
|
|
||
|
$ cat ./htdigest
|
||
|
moi:$response$faa6cb7d676e5b7c17fcbf966436aa0c$moi$myrealm$GET$/$af32592775d27b1cd06356b3a0db9ddf$00000001$8e1d49754a25aea7$auth
|
||
|
user:$response$679066476e67b5c7c4e88f04be567f8b$user$myrealm$GET$/$8c12bd8f728afe56d45a0ce846b70e5a$00000001$4b61913cec32e2c9$auth
|
||
|
|
||
|
$ ./john ./htdigest
|
||
|
Loaded 2 password hashes with 2 different salts (HTTP Digest access authentication [HDAA-MD5])
|
||
|
kikou (moi)
|
||
|
nocode (user)
|
||
|
guesses: 2 time: 0:00:01:27 (3) c/s: 670223 trying: nocode
|