Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

39 lines (20 sloc) 1.107 kb
HTTP Digest access authentication
---------------------------------
- How to create the password string :
-------------------------------------
user:$MAGIC$response$user$realm$method$uri$nonce$nonceCount$ClientNonce$qop
'$' is use as separator, you can change it in HDAA_fmt.c
Example of password string :
user:$response$679066476e67b5c7c4e88f04be567f8b$user$myrealm$GET$/$8c12bd8f728afe56d45a0ce846b70e5a$00000001$4b61913cec32e2c9$auth
Here the magic is '$response$'
- Demonstration :
-----------------
Tested on a : AMD Athlon(tm) 64 Processor 3000+
$ cat ./htdigest
moi:$response$faa6cb7d676e5b7c17fcbf966436aa0c$moi$myrealm$GET$/$af32592775d27b1cd06356b3a0db9ddf$00000001$8e1d49754a25aea7$auth
user:$response$679066476e67b5c7c4e88f04be567f8b$user$myrealm$GET$/$8c12bd8f728afe56d45a0ce846b70e5a$00000001$4b61913cec32e2c9$auth
$ ./john ./htdigest
Loaded 2 password hashes with 2 different salts (HTTP Digest access authentication [HDAA-MD5])
kikou (moi)
nocode (user)
guesses: 2 time: 0:00:01:27 (3) c/s: 670223 trying: nocode
Jump to Line
Something went wrong with that request. Please try again.