Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Cracking Base64 Passwords Perl Script.

Re: Cracking Base64 Passwords Perl Script.

From: Javier Liendo <javier_at_liendo.net>
Date: Tue, 12 Nov 2002 09:24:21 -0800 (PST)

hello

there is a website where you can do the same

http://www.securitystats.com/tools/base64.asp

regards

javier

--- Singapore Dragon <dragon_at_securityassoc.com> wrote:
> Tool to crack Base64 passwords - could not find
> anything similar on the
> Internet.
>
> Download Tool:
> http://www.securityassoc.com/base64_crack.zip
>
> MD5 Hash: D905C844168D4D2D1755C1393E18CC96
>
> Below from Readme.txt file:
>
> Base64 Encoding
> ---------------
>
> While pen testing and looking around for something
> to crack a Base64
> encoded password I could not find much in the way
> of a simple script,
> so I decided to right a Perl script myself...
>
> Many weak security mechanisms rely on base64
> encoding scheme. IIS server
> is one such example, from the below example we see
> IIS Basic
> authenication in action on a GET request:
>
> GET / HTTP/1.1
> Host: iis-server
> Authorization: Basic dGVzdDpwYXNzd29yZA==
>
> The authorization tag is encoded in Base64 and when
> feed into the decode
> script is cracked as shown below:
>
>
> perl decode_base64.pl dGVzdDpwYXNzd29yZA==
>
> Author: The Singapore Dragon -
> dragon_at_securityassoc.com
> Web: www.securityassoc.com
>
> Usage decode_base64.pl [encoded-text]
>
> The decoded data is: test:password
>
>
> There is also another script provided to encode data
> (encode_base64.pl).
>
> Enjoy and please send comments...
>
> The Singapore Dragon
> dragon_at_securityassoc.com
>
>
>
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA
> service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Nov 12 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]