Web server digest authentication.
#1
Hello, I'm trying to find a lost password for a piece of equipment. We were able to locate a file on the file system that contains the username, realm and password hash, it is in the following format:

admin:Acme Corp monitoring server:AAAAAAAAAABBBB12345
I believe this is called Digest authentication.

I also have access to a similar device in which I know the password. The relam and username are the same, if I MD5 the three together I come out with the correct hash for that piece of equipment. 

So what I would like to do is prepend "admin:Acme Corp monitoring server:" to a wordlist and then try brute force if that doesn't work.

First I thought a custom charset would be what I needed, I created a maskfile with the following contents:

Code:
admin:Acme Corp monitoring server:?a?a?a?a?a?a?a?a

This seems to work, at first it iterates through the username and realm then starts brute forcing, which is good, but I tried to use the "-i --increment-min=8" command because I know how long my test password it but it didn't seem to work.

Another problem I ran into was getting an output I tried changing the mask file to:

Code:
admin:Acme Corp monitoring server:P@ssw0r?a

Hashcat cracks it quickly but I can't see where in the output it gives the password it found, I checked the potfile but it gives me a hex output that doesn't convert into the password.

Any suggestions on where to go next would be helpful.

Running Windows 10 x64 hashcat 3.5.0


Messages In This Thread
Web server digest authentication. - by Zzzz - 07-31-2017, 12:51 PM
RE: Web server digest authentication. - by Zzzz - 07-31-2017, 02:43 PM