metasploit-framework/data/john/doc/HDAA_README

39 lines
1.1 KiB
Plaintext
Raw Normal View History

HTTP Digest access authentication
---------------------------------
- How to create the password string :
-------------------------------------
user:$MAGIC$response$user$realm$method$uri$nonce$nonceCount$ClientNonce$qop
'$' is use as separator, you can change it in HDAA_fmt.c
Example of password string :
user:$response$679066476e67b5c7c4e88f04be567f8b$user$myrealm$GET$/$8c12bd8f728afe56d45a0ce846b70e5a$00000001$4b61913cec32e2c9$auth
Here the magic is '$response$'
- Demonstration :
-----------------
Tested on a : AMD Athlon(tm) 64 Processor 3000+
$ cat ./htdigest
moi:$response$faa6cb7d676e5b7c17fcbf966436aa0c$moi$myrealm$GET$/$af32592775d27b1cd06356b3a0db9ddf$00000001$8e1d49754a25aea7$auth
user:$response$679066476e67b5c7c4e88f04be567f8b$user$myrealm$GET$/$8c12bd8f728afe56d45a0ce846b70e5a$00000001$4b61913cec32e2c9$auth
$ ./john ./htdigest
Loaded 2 password hashes with 2 different salts (HTTP Digest access authentication [HDAA-MD5])
kikou (moi)
nocode (user)
guesses: 2 time: 0:00:01:27 (3) c/s: 670223 trying: nocode