Cracking Base64 Passwords Perl Script.

Tool to crack Base64 passwords - could not find anything similar on the Internet.

Download Tool: http://www.securityassoc.com/base64_crack.zip

MD5 Hash: D905C844168D4D2D1755C1393E18CC96

Below from Readme.txt file:

Base64 Encoding

While pen testing and looking around for something to crack a Base64 encoded password I could not find much in the way of a simple script, so I decided to right a Perl script myself...

Many weak security mechanisms rely on base64 encoding scheme. IIS server is one such example, from the below example we see IIS Basic authenication in action on a GET request:

GET / HTTP/1.1
Host: iis-server
Authorization: Basic dGVzdDpwYXNzd29yZA==

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The authorization tag is encoded in Base64 and when feed into the decode script is cracked as shown below:

perl decode_base64.pl dGVzdDpwYXNzd29yZA==

 Author: The Singapore Dragon - dragon@securityassoc.com  Web: www.securityassoc.com

 Usage decode_base64.pl [encoded-text]

 The decoded data is: test:password

There is also another script provided to encode data (encode_base64.pl).

Enjoy and please send comments...

The Singapore Dragon
dragon@securityassoc.com Received on Fri Nov 15 18:28:58 2002

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek