BLACK BURN HACKER. Powered by Blogger.

Real Money Instantly

 

Wednesday, June 27, 2012

Bypass .htaccess authentication.

6 comments
today i will show you, how to bypass a .htaccess authentication. First of all if you don't know what it is a .htaccess file, here the description from Wikipedia, the free encyclopedia : 

A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.

The original purpose of .htaccess - reflected in its name - was to allow per-directory access control, by for example requiring a password to access the content. Nowadays however, the .htaccess files can override many other configuration settings including content type and character set, CGI handlers, etc.
What does like a .htaccess file content ? 

Code:
AuthName "h4xx0r top security"
AuthType Basic
AuthUserFile "/home/site/www/r00t/.htpasswd"
Require valid-user
How to bypass it ? That is the question ! 

First of all where is the vulnerability ? 


The vuln is when a .htaccess file use <Limit></limit> in the code.
The <Limit> tag is used to restrict enclosed access controls to only certain HTTP methods

So a vulnerable file would look like this : 
Code:
AuthName "h4xx0r top security"
AuthType Basic
AuthUserFile "/home/site/www/r00t/.htpasswd"
<Limit GET POST>
 Require valid-user
</Limit>
______________________________

So now how to bypass it ?


When you want to access to a web page you have a request like this : 

Code:
GET http://127.0.0.1/index.php
Host: 127.0.0.1
So, simply use another http method that GET or POST : 

Code:
RW http://127.0.0.1/index.php
Host: 127.0.0.1
To do this, you can use for example the addon on firefox : Live HTTP Headers

1. Open Live HTTP Headers, make sure that Capture checkbox is checked.
2. Go to a website with a .htaccess authentication page.
3. When the pop up of login is prompted click cancel.
4. Now find the website in the history of Live HTTP Headers's window
5. Click on replay
6. Where is written GET change it by another http method
7. Click Replay of this window (6)
©2012, copyright BLACK BURN

6 comments:

  1. Not working always. Some web servers can filter http methods. Good article anyway

    ReplyDelete
  2. can;t find the replay button

    ReplyDelete
  3. Thank you, this helped me immensely.

    ReplyDelete
  4. You will see long term sustainable improvements to your website ranking.
    The right SEO firm will show you or indicate they have tools to
    find out online about your industry or business statures while measuring your SEO performance
    from your previous campaigns through tracking software, prior
    to accepting work from you. SEO is not the type of science that is completely logical; although it does follow consistent rules, these rules are too complicated
    to be practically figured out by you, if what you're interested in is teaching yourself how to optimize your own websites.


    My web site - 網站seo

    ReplyDelete
  5. http://baniphonecu.com/

    ReplyDelete
  6. Great Read! I am impressed on how you make your article easy to understand. I'll come back for more :D

    offshore magento development

    ReplyDelete

 

7 Years Earning Experience

The Earning Source You Can Trust

Follow by Email