The Discordant Opposition Journal Issue 7 - File 6

eZine lover (@eZine)

Published in 

The Discordant Opposition Jour

 · 2 years ago

:Cracking Website Passwords:

RELM

Hi there. Every time it comes around that time where I need to start thinking about what Im going to write for the next DoJ I get this kind of funny feeling in my belly, It's a kind of butterfly feeling and Im thinking "What am I going to write that's original and people won't think that it's lame?". Usually I think up all the crazy ideas that are pretty lame but funny but I can never seem to think of a good, solid thing to write. Well here I am again taking another wing at this so lets start.

First off Im sure many people have came to a webpage and have seen the link "login" or "Members" to either a normal site or porn. Now personally I don't care what the site is I just like getting the password, once I crack a password I get a big rush from it and that's what I go for. Now many people will probably tell you to try to find an exploit for the server or something like that and that's all good if your serious, If your doing it just for fun while your bored you can do it this way. Now Im going to assume you all understand .pwd (Password) files and have a general knowledge of how they are used. Well the files I'll be talking about are .pwd and .htpasswd file formats. Now many sites have there .pwd open for access to the public, They don't really mean to do this but it happens. Now first off you will need to find a .pwd or .htpasswd file, To do this you would goto a search engine (I recommend go800.com) and search for "vti_pvt" . Once you search for this you should get a list of sites that look like this:

--------- 
1. Index of /_vti_pvt 
Index of /_vti_pvt. Name Last modified Size Description. Parent directory. _x_todo.htm 
29-Apr-99 11:40 1K Active To Do List. _x_todoh.htm 29-Apr-99 11:40.. 
URL: www-slac.slac.stanford.edu/_vti_pvt 
Last modified 28-May-98 - page size 589 bytes - in English [ Translate ] 
--------- 
2. Index of /_vti_pvt 
Index of /_vti_pvt. Name Last modified Size Description. Parent Directory 05-May-1999 13:08 - 
access.cnf 14-Aug-1998 17:13 1k. botinfs.cnf 09-May-1998... 
URL: web.escape.com/_vti_pvt/ 
Last modified 24-May-99 - page size 2K - in English [ Translate ] 
--------- 
3. Index of /_vti_pvt/ 
Index of /_vti_pvt/ mode links bytes last-changed name. dr-x 3 4096 Apr 27 1998 ./ dr-x 16 4096 
May 22 13:41 ../ -r-- 1 2446 Apr 27 1998 WS_FTP.LOG dr-x 2. 
URL: www.scaley.demon.co.uk/_vti_pvt/ 
Last modified 27-Apr-98 - page size 1K - in English [ Translate ] 
---------

Now once you goto these sites you should get a directory list of a bunch of .log .cnf, .htm and other types of files. Most of these are useless, you will just have to try a bunch of different sites until you find one that has .log or .htpasswd files in it. Ok I just took a break and browsed for vti_pvt and in a matter of about a minute I found a password file (.pwd), That just shows you how easy it is. Now I'll paste the directory at http://kiosco.net/_vti_pvt/ to just show you how it will look when your searching around here and what you should look for:

 Parent Directory       29-Jul-98 19:26      - 
 access.cnf             29-Jul-98 19:21     1k 
 botinfs.cnf            29-Jul-98 19:21     1k 
 bots.cnf               29-Jul-98 19:21     1k 
 deptodoc.btr           29-Jul-98 19:21     1k 
 doctodep.btr           29-Jul-98 19:21     1k 
 frontpg.lck            29-Jul-98 19:20     0k 
 linkinfo.cnf           29-Jul-98 19:21     1k 
 service.cnf            29-Jul-98 19:21     1k 
 service.grp            29-Jul-98 19:21     1k 
 service.pwd            29-Jul-98 19:21     1k 
 services.cnf           29-Jul-98 19:26     0k 
 services.org           29-Jul-98 19:26     1k 
 svcacl.cnf             29-Jul-98 19:21     1k 
 writeto.cnf            29-Jul-98 19:21     1k

Ok so you see a directory listing of the files, You can just skim threw these and scan for the files your looking for, As you can see in this directory there's a "service.pwd" file and this is what we are looking for. btw, If you find a .pwd file it might be shadowed, you will need to get a script to unshadow the file. Now if take a look at a .htpasswd file in your browser you'll get something like this (Actual example):

pascal:78s/colJUv1/U 
dwirsch:52xaB5hfXeazo 
joharya:58LOCHngt3lQ6 
foolish:85h73Fn7gCTv6 
cdbabes:9ulZb.G18y/bs 
content:8XgJ4PcplKiQA 
mkopmk:39f0GXrv.IyuM 
dougb1:68qaXU2Z2h/Pg 
apelser:540CBafYpq6Ac 
Hamlet:72GJ.i8Y3oLxw 
MATT01:60dAtuml43q7A 
coax11:46Rp6.4ar/bVc 
locust:77pENuDu8eIjQ 
lapist:9702IwhLkNDdg 
185761:14lmccYyDE.cE 
widu43:12leLXzFiovSQ 
bitch1:92RMO3Pa4SCtE 
enp24h:27Em32AcXbMnI 
matthew:48JIAK92ZkkQM 
bonnie:75jiEoL5Vvhio 
excel99:13aRedNJCpzpk 
JEMINI36:25IThfZiO3iHo 
Rjsmith:715iy7RW3kqVA 
camera:32HG/jXX7693. 
rupert:70xAnF13Pn7/k 
Maxwell:73GxAg06.4Q5Q 
charles7:19r7bNepcn9zo 
louise:99E7rgaYfWe8k 
roger17:17b1fJ2kxn.gM 
(There's more just did'nt want to take the space)

This file has a lot of user and passwords in it so you should be able to get something out of this. Now in the state it is it's not usable, Which you want to do it save the file to disk. Now here I'll talk about what tools you need to crack this file. Im directing this example at windows users by the way so I'll explain some good tools that you should use in windows. Now first you will need a cracker, I recommend the DOS version of John The Ripper, you can get the latest version at the official John The Ripper webpage ( http://www.false.com/security/john/ ) or you can grab it from my site at ( http://www.fallenangelz.net ). If you use *nix then I recommend http://www.undergroundnews.com/ for some crackers. You can use John The Ripper in console but all you lazy people who like GUI's might want to get VCU to run John The Ripper visually, You can download Velocity Cracking Utilities from http://www.wilter.com/wf/vcu/ or http://www.fallenangelz.net . VCU is a nice set of utilities and is very helpful in what you are doing. Now VCU is fairly self explanatory, If your using John version 1.0 then pick "Run John The Ripper 1.0 Visually" or if you have 1.6 choose the 1.6 in VCU, Once your in the run John Visually part of VCU you will have to set the path to the file you want to crack, the path to john.com and also the word list you will be using, You can grab a few word lists from http://www.theargon.com/ You'll want to get one that's all lower case and one that's Upper and Lower case, It's best to have one that's at least 20 or so megs. To crack the file it could take a few hours to a few days so it's really only something you do when your bored ;) . Well I hope that taught a few people out there, I know that this is pretty simple but I had no clue to what to write so I just did it. peace

        .  ______________________ 
 ___________        _______ 
__________       .__     ___________ 
 \______.  \ ____ |  |   _____. 
  |       _// __ \|  |  /     \ 
  |    |   \  ___/|  |_|  Y Y  \ 
 .|____|_  /\___  >____/__|_|  / 
         \/     \/           \/ 
      ________________  . 
 _________    .        _____ 
WWW.FALLENANGELZ.NET 
relm@beer.com