Jump to content
Guest Kronzy

Bypass .htaccess authentication.

By Guest Kronzy, in Securitate web

Recommended Posts

Guest Kronzy

Guest Kronzy

Posted
Posted

Hey RST, today i will show you, how to bypass a .htaccess authentication. First of all if you don't know what it is a .htaccess file, here the description from Wikipedia, the free encyclopedia :

A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.

The original purpose of .htaccess - reflected in its name - was to allow per-directory access control, by for example requiring a password to access the content. Nowadays however, the .htaccess files can override many other configuration settings including content type and character set, CGI handlers, etc.
What does like a .htaccess file content ? 

AuthName "h4xx0r top security"
AuthType Basic
AuthUserFile "/home/site/www/r00t/.htpasswd"
Require valid-user

How to bypass it ? That is the question !

First of all where is the vulnerability ?

The vuln is when a .htaccess file use <Limit></limit> in the code.

The <Limit> tag is used to restrict enclosed access controls to only certain HTTP methods

So a vulnerable file would look like this : 

AuthName "h4xx0r top security"
AuthType Basic
AuthUserFile "/home/site/www/r00t/.htpasswd"
<Limit GET POST>
 Require valid-user
</Limit>

So now how to bypass it ?

When you want to access to a web page you have a request like this : 


GET http://127.0.0.1/index.php
Host: 127.0.0.1

So, simply use another http method that GET or POST : 

Code:
RW http://127.0.0.1/index.php
Host: 127.0.0.1

To do this, you can use for example the addon on firefox : Live HTTP Headers

1. Open Live HTTP Headers, make sure that Capture checkbox is checked.

2. Go to a website with a .htaccess authentication page.

3. When the pop up of login is prompted click cancel.

4. Now find the website in the history of Live HTTP Headers's window

5. Click on replay

6. Where is written GET change it by another http method

7. Click Replay of this window (6)

aelius Grand Master

aelius

Posted
Posted (edited)

Ok. Fai aici un test. Daca treci de el, spune-ne ce scrie in site: http://geodns.ro/\


ip address - - [28/Sep/2014:19:13:22 +0100] "GET //WEB-INF%20(copy)/jboss-web.xml HTTP/1.0" 401 342 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
ip address - - [28/Sep/2014:19:13:22 +0100] "GET //WEB-INF%20-%20Copy/jboss-web.xml HTTP/1.0" 401 342 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
ip address - - [28/Sep/2014:19:13:22 +0100] "GET //Copy%20of%20WEB-INF/jboss-web.xml HTTP/1.0" 401 342 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
ip address - - [28/Sep/2014:19:13:23 +0100] "GET /index.html HTTP/1.0" 401 342 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
ip address - - [28/Sep/2014:19:13:24 +0100] "GET / HTTP/1.0" 401 342 "http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
ip address - - [28/Sep/2014:19:13:24 +0100] "GET / HTTP/1.0" 401 342 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
ip address - - [28/Sep/2014:19:13:25 +0100] "GET / HTTP/1.0" 401 342 "http://geodns.ro/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
ip address - - [28/Sep/2014:19:13:25 +0100] "GET / HTTP/1.0" 401 342 "................windowswin.ini" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"
ip address - - [28/Sep/2014:19:13:26 +0100] "GET / HTTP/1.0" 401 342 "http://geodns.ro/" "T6g6q6Dd'; waitfor delay '0:0:9' --"
ip address - - [28/Sep/2014:19:13:26 +0100] "GET / HTTP/1.0" 401 342 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"

Dude, mergi la doctor. Crezi ca saracia de acunetix trece de htpasswd ? Ahahaha "http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg" "

Edited by aelius

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...