Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: Cracking Base64 Passwords Perl Script.
From: Javier Liendo <javier () liendo net>
Date: Tue, 12 Nov 2002 09:24:21 -0800 (PST)
hello

there is a website where you can do the same

http://www.securitystats.com/tools/base64.asp

regards

javier

--- Singapore Dragon <dragon () securityassoc com> wrote:

Tool to crack Base64 passwords - could not find
anything similar on the
Internet. 

Download Tool:
http://www.securityassoc.com/base64_crack.zip

MD5 Hash: D905C844168D4D2D1755C1393E18CC96

Below from Readme.txt file:

Base64 Encoding
---------------

While pen testing and looking around for something
to crack a Base64
encoded password I could not find much in the  way
of a simple script,
so I decided to right a Perl script myself...

Many weak security mechanisms rely on base64
encoding scheme. IIS server
is one such example, from  the below example we see
IIS Basic
authenication in action on a GET request:

GET / HTTP/1.1
Host: iis-server
Authorization: Basic dGVzdDpwYXNzd29yZA==

The authorization tag is encoded in Base64 and when
feed into the decode
script is cracked as shown  below:


perl decode_base64.pl dGVzdDpwYXNzd29yZA==

 Author: The Singapore Dragon -
dragon () securityassoc com
 Web: www.securityassoc.com

 Usage decode_base64.pl [encoded-text]

 The decoded data is: test:password


There is also another script provided to encode data
(encode_base64.pl).

Enjoy and please send comments...

The Singapore Dragon
dragon () securityassoc com





----------------------------------------------------------------------------

This list is provided by the SecurityFocus Security
Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA
service which
automatically alerts you to the latest security
vulnerabilities please see:
https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]